merge

This PR:
- fixes for internal employee because we currently want to prefer SIWC
for them.
- fixes retrying forever on unauthorized access. we need to break
eventually on max retries.

.github/actions/codex/bun.lock

@@ -9,7 +9,7 @@
       },
       "devDependencies": {
         "@types/bun": "^1.2.20",
-        "@types/node": "^24.2.1",
+        "@types/node": "^24.3.0",
         "prettier": "^3.6.2",
         "typescript": "^5.9.2",
       },
@@ -50,7 +50,7 @@
 
     "@types/bun": ["@types/bun@1.2.20", "", { "dependencies": { "bun-types": "1.2.20" } }, "sha512-dX3RGzQ8+KgmMw7CsW4xT5ITBSCrSbfHc36SNT31EOUg/LA9JWq0VDdEXDRSe1InVWpd2yLUM1FUF/kEOyTzYA=="],
 
-    "@types/node": ["@types/node@24.2.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-DRh5K+ka5eJic8CjH7td8QpYEV6Zo10gfRkjHCO3weqZHWDtAaSTFtl4+VMqOJ4N5jcuhZ9/l+yy8rVgw7BQeQ=="],
+    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
 
     "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
 
@@ -82,6 +82,8 @@
 
     "@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@12.6.0", "", { "dependencies": { "@octokit/openapi-types": "^20.0.0" } }, "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw=="],
 
+    "bun-types/@types/node": ["@types/node@24.2.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-DRh5K+ka5eJic8CjH7td8QpYEV6Zo10gfRkjHCO3weqZHWDtAaSTFtl4+VMqOJ4N5jcuhZ9/l+yy8rVgw7BQeQ=="],
+
     "@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],
 
     "@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],

.github/actions/codex/package.json

@@ -14,7 +14,7 @@
     },
     "devDependencies": {
         "@types/bun": "^1.2.20",
-        "@types/node": "^24.2.1",
+        "@types/node": "^24.3.0",
         "prettier": "^3.6.2",
         "typescript": "^5.9.2"
     }

.github/dependabot.yaml

@@ -24,3 +24,7 @@ updates:
     directory: /
     schedule:
       interval: weekly
+  - package-ecosystem: rust-toolchain
+    directory: codex-rs
+    schedule:
+      interval: weekly

.github/dotslash-config.json

@@ -17,6 +17,10 @@
         "linux-aarch64": {
           "regex": "^codex-aarch64-unknown-linux-musl\\.zst$",
           "path": "codex"
+        },
+        "windows-x86_64": {
+          "regex": "^codex-x86_64-pc-windows-msvc\\.exe\\.zst$",
+          "path": "codex.exe"
         }
       }
     }

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
       NODE_OPTIONS: --max-old-space-size=4096
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
         uses: actions/setup-node@v4

.github/workflows/codespell.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Annotate locations with typos
         uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1
       - name: Codespell

.github/workflows/codex.yml

@@ -37,9 +37,9 @@ jobs:
       #    Codex is not going to run.
 
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
-      - uses: dtolnay/rust-toolchain@1.88
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           targets: x86_64-unknown-linux-gnu
           components: clippy

.github/workflows/rust-ci.yml

@@ -17,7 +17,7 @@ jobs:
       codex: ${{ steps.detect.outputs.codex }}
       workflows: ${{ steps.detect.outputs.workflows }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
       - name: Detect changed paths (no external action)
@@ -56,8 +56,8 @@ jobs:
       run:
         working-directory: codex-rs
     steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.88
+      - uses: actions/checkout@v5
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           components: rustfmt
       - name: cargo fmt
@@ -111,8 +111,8 @@ jobs:
             profile: release
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.88
+      - uses: actions/checkout@v5
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           targets: ${{ matrix.target }}
           components: clippy
@@ -130,7 +130,7 @@ jobs:
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
         run: |
-          sudo apt install -y musl-tools pkg-config
+          sudo apt install -y musl-tools pkg-config && sudo rm -rf /var/lib/apt/lists/*
 
       - name: cargo clippy
         id: clippy
@@ -139,15 +139,15 @@ jobs:
       # Running `cargo build` from the workspace root builds the workspace using
       # the union of all features from third-party crates. This can mask errors
       # where individual crates have underspecified features. To avoid this, we
-      # run `cargo build` for each crate individually, though because this is
+      # run `cargo check` for each crate individually, though because this is
       # slower, we only do this for the x86_64-unknown-linux-gnu target.
-      - name: cargo build individual crates
-        id: build
+      - name: cargo check individual crates
+        id: cargo_check_all_crates
         if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' && matrix.profile != 'release' }}
         continue-on-error: true
         run: |
           find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
-            | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo build --profile ${{ matrix.profile }}'
+            | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo check --profile ${{ matrix.profile }}'
 
       - name: cargo test
         id: test
@@ -162,10 +162,10 @@ jobs:
       - name: verify all steps passed
         if: |
           steps.clippy.outcome == 'failure' ||
-          steps.build.outcome == 'failure' ||
+          steps.cargo_check_all_crates.outcome == 'failure' ||
           steps.test.outcome == 'failure'
         run: |
-          echo "One or more checks failed (clippy, build, or test). See logs for details."
+          echo "One or more checks failed (clippy, cargo_check_all_crates, or test). See logs for details."
           exit 1
 
   # --- Gatherer job that you mark as the ONLY required status -----------------

.github/workflows/rust-release.yml

@@ -19,7 +19,7 @@ jobs:
   tag-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Validate tag matches Cargo.toml version
         shell: bash
@@ -74,8 +74,8 @@ jobs:
             target: x86_64-pc-windows-msvc
 
     steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@1.88
+      - uses: actions/checkout@v5
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           targets: ${{ matrix.target }}
 
@@ -117,10 +117,11 @@ jobs:
           dest="dist/${{ matrix.target }}"
 
           # For compatibility with environments that lack the `zstd` tool we
-          # additionally create a `.tar.gz` alongside every single binary that
-          # we publish. The end result is:
+          # additionally create a `.tar.gz` for all platforms and `.zip` for
+          # Windows alongside every single binary that we publish. The end result is:
           #   codex-<target>.zst          (existing)
           #   codex-<target>.tar.gz       (new)
+          #   codex-<target>.zip          (only for Windows)
 
           # 1. Produce a .tar.gz for every file in the directory *before* we
           #    run `zstd --rm`, because that flag deletes the original files.
@@ -128,13 +129,20 @@ jobs:
             base="$(basename "$f")"
             # Skip files that are already archives (shouldn't happen, but be
             # safe).
-            if [[ "$base" == *.tar.gz ]]; then
+            if [[ "$base" == *.tar.gz || "$base" == *.zip ]]; then
               continue
             fi
 
             # Create per-binary tar.gz
             tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
 
+            # Create zip archive for Windows binaries
+            # Must run from inside the dest dir so 7z won't
+            # embed the directory path inside the zip.
+            if [[ "${{ matrix.runner }}" == windows* ]]; then
+              (cd "$dest" && 7z a "${base}.zip" "$base")
+            fi
+
             # Also create .zst (existing behaviour) *and* remove the original
             # uncompressed binary to keep the directory small.
             zstd -T0 -19 --rm "$dest/$base"
@@ -155,7 +163,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - uses: actions/download-artifact@v4
         with:

.vscode/launch.json

@@ -1,18 +1,22 @@
 {
-    "version": "0.2.0",
-    "configurations": [
-        {
-            "type": "lldb",
-            "request": "launch",
-            "name": "Cargo launch",
-            "cargo": {
-                "cwd": "${workspaceFolder}/codex-rs",
-                "args": [
-                    "build",
-                    "--bin=codex-tui"
-                ]
-            },
-            "args": []
-        }
-    ]
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "lldb",
+      "request": "launch",
+      "name": "Cargo launch",
+      "cargo": {
+        "cwd": "${workspaceFolder}/codex-rs",
+        "args": ["build", "--bin=codex-tui"]
+      },
+      "args": []
+    },
+    {
+      "type": "lldb",
+      "request": "attach",
+      "name": "Attach to running codex CLI",
+      "pid": "${command:pickProcess}",
+      "sourceLanguages": ["rust"]
+    }
+  ]
 }

AGENTS.md

@@ -8,6 +8,35 @@ In the codex-rs folder where the rust code lives:
   - You operate in a sandbox where `CODEX_SANDBOX_NETWORK_DISABLED=1` will be set whenever you use the `shell` tool. Any existing code that uses `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` was authored with this fact in mind. It is often used to early exit out of tests that the author knew you would not be able to run given your sandbox limitations.
   - Similarly, when you spawn a process using Seatbelt (`/usr/bin/sandbox-exec`), `CODEX_SANDBOX=seatbelt` will be set on the child process. Integration tests that want to run Seatbelt themselves cannot be run under Seatbelt, so checks for `CODEX_SANDBOX=seatbelt` are also often used to early exit out of tests, as appropriate.
 
-Before finalizing a change to `codex-rs`, run `just fmt` (in `codex-rs` directory) to format the code and `just fix` (in `codex-rs` directory) to fix any linter issues in the code. Additionally, run the tests:
+Before finalizing a change to `codex-rs`, run `just fmt` (in `codex-rs` directory) to format the code and `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Additionally, run the tests:
 1. Run the test for the specific project that was changed. For example, if changes were made in `codex-rs/tui`, run `cargo test -p codex-tui`.
 2. Once those pass, if any changes were made in common, core, or protocol, run the complete test suite with `cargo test --all-features`.
+
+## TUI style conventions
+
+See `codex-rs/tui/styles.md`.
+
+## TUI code conventions
+
+- Use concise styling helpers from ratatui’s Stylize trait.
+  - Basic spans: use "text".into()
+  - Styled spans: use "text".red(), "text".green(), "text".magenta(), "text".dim(), etc.
+  - Prefer these over constructing styles with `Span::styled` and `Style` directly.
+  - Example: patch summary file lines
+    - Desired: vec!["  └ ".into(), "M".red(), " ".dim(), "tui/src/app.rs".dim()]
+
+## Snapshot tests
+
+This repo uses snapshot tests (via `insta`), especially in `codex-rs/tui`, to validate rendered output. When UI or text output changes intentionally, update the snapshots as follows:
+
+- Run tests to generate any updated snapshots:
+  - `cargo test -p codex-tui`
+- Check what’s pending:
+  - `cargo insta pending-snapshots -p codex-tui`
+- Review changes by reading the generated `*.snap.new` files directly in the repo, or preview a specific file:
+  - `cargo insta show -p codex-tui path/to/file.snap.new`
+- Only if you intend to accept all new snapshots in this crate, run:
+  - `cargo insta accept -p codex-tui`
+
+If you don’t have the tool:
+- `cargo install cargo-insta`

README.md

@@ -22,6 +22,7 @@
     - [Authenticate locally and copy your credentials to the "headless" machine](#authenticate-locally-and-copy-your-credentials-to-the-headless-machine)
     - [Connecting through VPS or remote](#connecting-through-vps-or-remote)
   - [Usage-based billing alternative: Use an OpenAI API key](#usage-based-billing-alternative-use-an-openai-api-key)
+    - [Forcing a specific auth method (advanced)](#forcing-a-specific-auth-method-advanced)
   - [Choosing Codex's level of autonomy](#choosing-codexs-level-of-autonomy)
     - [**1. Read/write**](#1-readwrite)
     - [**2. Read-only**](#2-read-only)
@@ -165,6 +166,35 @@ Notes:
 - This command only sets the key for your current terminal session, which we recommend. To set it for all future sessions, you can also add the `export` line to your shell's configuration file (e.g., `~/.zshrc`).
 - If you have signed in with ChatGPT, Codex will default to using your ChatGPT credits. If you wish to use your API key, use the `/logout` command to clear your ChatGPT authentication.
 
+#### Forcing a specific auth method (advanced)
+
+You can explicitly choose which authentication Codex should prefer when both are available.
+
+- To always use your API key (even when ChatGPT auth exists), set:
+
+```toml
+# ~/.codex/config.toml
+preferred_auth_method = "apikey"
+```
+
+Or override ad-hoc via CLI:
+
+```bash
+codex --config preferred_auth_method="apikey"
+```
+
+- To prefer ChatGPT auth (default), set:
+
+```toml
+# ~/.codex/config.toml
+preferred_auth_method = "chatgpt"
+```
+
+Notes:
+
+- When `preferred_auth_method = "apikey"` and an API key is available, the login screen is skipped.
+- When `preferred_auth_method = "chatgpt"` (default), Codex prefers ChatGPT auth if present; if only an API key is present, it will use the API key. Certain account types may also require API-key mode.
+
 ### Choosing Codex's level of autonomy
 
 We always recommend running Codex in its default sandbox that gives you strong guardrails around what the agent can do. The default sandbox prevents it from editing files outside its workspace, or from accessing the network.

codex-rs/Cargo.lock

@@ -176,9 +176,9 @@ dependencies = [
 
 [[package]]
 name = "anyhow"
-version = "1.0.98"
+version = "1.0.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e16d2d3311acee920a9eb8d33b8cbc1787ce4a264e85f964c2404b969bdcd487"
+checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100"
 
 [[package]]
 name = "arbitrary"
@@ -538,9 +538,9 @@ checksum = "6e4de3bc4ea267985becf712dc6d9eed8b04c953b3fcfb339ebc87acd9804901"
 
 [[package]]
 name = "clap"
-version = "4.5.43"
+version = "4.5.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50fd97c9dc2399518aa331917ac6f274280ec5eb34e555dd291899745c48ec6f"
+checksum = "1fc0e74a703892159f5ae7d3aac52c8e6c392f5ae5f359c70b5881d60aaac318"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -548,9 +548,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.43"
+version = "4.5.44"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c35b5830294e1fa0462034af85cc95225a4cb07092c088c55bda3147cfcd8f65"
+checksum = "b3e7f4214277f3c7aa526a59dd3fbe306a370daee1f8b7b8c987069cd8e888a8"
 dependencies = [
  "anstream",
  "anstyle",
@@ -561,18 +561,18 @@ dependencies = [
 
 [[package]]
 name = "clap_complete"
-version = "4.5.56"
+version = "4.5.57"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67e4efcbb5da11a92e8a609233aa1e8a7d91e38de0be865f016d14700d45a7fd"
+checksum = "4d9501bd3f5f09f7bbee01da9a511073ed30a80cd7a509f1214bb74eadea71ad"
 dependencies = [
  "clap",
 ]
 
 [[package]]
 name = "clap_derive"
-version = "4.5.41"
+version = "4.5.45"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ef4f52386a59ca4c860f7393bcf8abd8dfd91ecccc0f774635ff68e92eeef491"
+checksum = "14cb31bb0a7d536caef2639baa7fad459e15c3144efefa6dbd1c84562c4739f6"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -665,6 +665,8 @@ dependencies = [
  "codex-exec",
  "codex-login",
  "codex-mcp-server",
+ "codex-protocol",
+ "codex-protocol-ts",
  "codex-tui",
  "serde_json",
  "tokio",
@@ -678,6 +680,7 @@ version = "0.0.0"
 dependencies = [
  "clap",
  "codex-core",
+ "codex-protocol",
  "serde",
  "toml 0.9.5",
 ]
@@ -695,11 +698,11 @@ dependencies = [
  "codex-apply-patch",
  "codex-login",
  "codex-mcp-client",
+ "codex-protocol",
  "core_test_support",
  "dirs",
  "env-flags",
  "eventsource-stream",
- "fs2",
  "futures",
  "landlock",
  "libc",
@@ -751,6 +754,8 @@ dependencies = [
  "codex-common",
  "codex-core",
  "codex-ollama",
+ "codex-protocol",
+ "core_test_support",
  "libc",
  "owo-colors",
  "predicates",
@@ -760,6 +765,7 @@ dependencies = [
  "tokio",
  "tracing",
  "tracing-subscriber",
+ "wiremock",
 ]
 
 [[package]]
@@ -851,7 +857,10 @@ dependencies = [
  "anyhow",
  "assert_cmd",
  "codex-arg0",
+ "codex-common",
  "codex-core",
+ "codex-login",
+ "codex-protocol",
  "mcp-types",
  "mcp_test_support",
  "pretty_assertions",
@@ -887,11 +896,37 @@ dependencies = [
  "wiremock",
 ]
 
+[[package]]
+name = "codex-protocol"
+version = "0.0.0"
+dependencies = [
+ "mcp-types",
+ "pretty_assertions",
+ "serde",
+ "serde_bytes",
+ "serde_json",
+ "strum 0.27.2",
+ "strum_macros 0.27.2",
+ "ts-rs",
+ "uuid",
+]
+
+[[package]]
+name = "codex-protocol-ts"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "clap",
+ "codex-protocol",
+ "ts-rs",
+]
+
 [[package]]
 name = "codex-tui"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "async-stream",
  "base64 0.22.1",
  "chrono",
  "clap",
@@ -902,6 +937,7 @@ dependencies = [
  "codex-file-search",
  "codex-login",
  "codex-ollama",
+ "codex-protocol",
  "color-eyre",
  "crossterm",
  "diffy",
@@ -913,7 +949,7 @@ dependencies = [
  "once_cell",
  "path-clean",
  "pretty_assertions",
- "rand 0.8.5",
+ "rand 0.9.2",
  "ratatui",
  "ratatui-image",
  "regex-lite",
@@ -926,6 +962,7 @@ dependencies = [
  "supports-color",
  "textwrap 0.16.2",
  "tokio",
+ "tokio-stream",
  "tracing",
  "tracing-appender",
  "tracing-subscriber",
@@ -1126,6 +1163,7 @@ checksum = "829d955a0bb380ef178a640b91779e3987da38c9aea133b20614cfed8cdea9c6"
 dependencies = [
  "bitflags 2.9.1",
  "crossterm_winapi",
+ "futures-core",
  "mio",
  "parking_lot",
  "rustix 0.38.44",
@@ -1709,16 +1747,6 @@ dependencies = [
  "percent-encoding",
 ]
 
-[[package]]
-name = "fs2"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9564fc758e15025b46aa6643b1b77d047d1a56a1aea6e01002ac0c7026876213"
-dependencies = [
- "libc",
- "winapi",
-]
-
 [[package]]
 name = "futures"
 version = "0.3.31"
@@ -2604,9 +2632,9 @@ checksum = "03087c2bad5e1034e8cace5926dec053fb3790248370865f5117a7d0213354c8"
 
 [[package]]
 name = "libc"
-version = "0.2.174"
+version = "0.2.175"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1171693293099992e19cddea4e8b849964e9846f4acee11b3948bcc337be8776"
+checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543"
 
 [[package]]
 name = "libfuzzer-sys"
@@ -2753,6 +2781,7 @@ version = "0.0.0"
 dependencies = [
  "serde",
  "serde_json",
+ "ts-rs",
 ]
 
 [[package]]
@@ -2763,8 +2792,10 @@ dependencies = [
  "assert_cmd",
  "codex-core",
  "codex-mcp-server",
+ "codex-protocol",
  "mcp-types",
  "pretty_assertions",
+ "serde",
  "serde_json",
  "shlex",
  "tempfile",
@@ -4682,6 +4713,15 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "termcolor"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755"
+dependencies = [
+ "winapi-util",
+]
+
 [[package]]
 name = "terminal_size"
 version = "0.4.2"
@@ -5181,6 +5221,30 @@ version = "0.2.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
+[[package]]
+name = "ts-rs"
+version = "11.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ef1b7a6d914a34127ed8e1fa927eb7088903787bcded4fa3eef8f85ee1568be"
+dependencies = [
+ "serde_json",
+ "thiserror 2.0.12",
+ "ts-rs-macros",
+ "uuid",
+]
+
+[[package]]
+name = "ts-rs-macros"
+version = "11.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e9d4ed7b4c18cc150a6a0a1e9ea1ecfa688791220781af6e119f9599a8502a0a"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+ "termcolor",
+]
+
 [[package]]
 name = "tui-input"
 version = "0.14.0"

codex-rs/Cargo.toml

@@ -15,6 +15,8 @@ members = [
     "mcp-server",
     "mcp-types",
     "ollama",
+    "protocol",
+    "protocol-ts",
     "tui",
 ]
 resolver = "2"

codex-rs/apply-patch/src/lib.rs

@@ -22,6 +22,8 @@ use tree_sitter_bash::LANGUAGE as BASH;
 /// Detailed instructions for gpt-4.1 on how to use the `apply_patch` tool.
 pub const APPLY_PATCH_TOOL_INSTRUCTIONS: &str = include_str!("../apply_patch_tool_instructions.md");
 
+const APPLY_PATCH_COMMANDS: [&str; 2] = ["apply_patch", "applypatch"];
+
 #[derive(Debug, Error, PartialEq)]
 pub enum ApplyPatchError {
     #[error(transparent)]
@@ -82,7 +84,6 @@ pub struct ApplyPatchArgs {
 }
 
 pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
-    const APPLY_PATCH_COMMANDS: [&str; 2] = ["apply_patch", "applypatch"];
     match argv {
         [cmd, body] if APPLY_PATCH_COMMANDS.contains(&cmd.as_str()) => match parse_patch(body) {
             Ok(source) => MaybeApplyPatch::Body(source),
@@ -91,7 +92,9 @@ pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
         [bash, flag, script]
             if bash == "bash"
                 && flag == "-lc"
-                && script.trim_start().starts_with("apply_patch") =>
+                && APPLY_PATCH_COMMANDS
+                    .iter()
+                    .any(|cmd| script.trim_start().starts_with(cmd)) =>
         {
             match extract_heredoc_body_from_apply_patch_command(script) {
                 Ok(body) => match parse_patch(&body) {
@@ -262,7 +265,10 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
 fn extract_heredoc_body_from_apply_patch_command(
     src: &str,
 ) -> std::result::Result<String, ExtractHeredocError> {
-    if !src.trim_start().starts_with("apply_patch") {
+    if !APPLY_PATCH_COMMANDS
+        .iter()
+        .any(|cmd| src.trim_start().starts_with(cmd))
+    {
         return Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch);
     }
 
@@ -415,12 +421,12 @@ fn apply_hunks_to_files(hunks: &[Hunk]) -> anyhow::Result<AffectedPaths> {
     for hunk in hunks {
         match hunk {
             Hunk::AddFile { path, contents } => {
-                if let Some(parent) = path.parent() {
-                    if !parent.as_os_str().is_empty() {
-                        std::fs::create_dir_all(parent).with_context(|| {
-                            format!("Failed to create parent directories for {}", path.display())
-                        })?;
-                    }
+                if let Some(parent) = path.parent()
+                    && !parent.as_os_str().is_empty()
+                {
+                    std::fs::create_dir_all(parent).with_context(|| {
+                        format!("Failed to create parent directories for {}", path.display())
+                    })?;
                 }
                 std::fs::write(path, contents)
                     .with_context(|| format!("Failed to write file {}", path.display()))?;
@@ -439,15 +445,12 @@ fn apply_hunks_to_files(hunks: &[Hunk]) -> anyhow::Result<AffectedPaths> {
                 let AppliedPatch { new_contents, .. } =
                     derive_new_contents_from_chunks(path, chunks)?;
                 if let Some(dest) = move_path {
-                    if let Some(parent) = dest.parent() {
-                        if !parent.as_os_str().is_empty() {
-                            std::fs::create_dir_all(parent).with_context(|| {
-                                format!(
-                                    "Failed to create parent directories for {}",
-                                    dest.display()
-                                )
-                            })?;
-                        }
+                    if let Some(parent) = dest.parent()
+                        && !parent.as_os_str().is_empty()
+                    {
+                        std::fs::create_dir_all(parent).with_context(|| {
+                            format!("Failed to create parent directories for {}", dest.display())
+                        })?;
                     }
                     std::fs::write(dest, new_contents)
                         .with_context(|| format!("Failed to write file {}", dest.display()))?;
@@ -529,9 +532,12 @@ fn compute_replacements(
         // If a chunk has a `change_context`, we use seek_sequence to find it, then
         // adjust our `line_index` to continue from there.
         if let Some(ctx_line) = &chunk.change_context {
-            if let Some(idx) =
-                seek_sequence::seek_sequence(original_lines, &[ctx_line.clone()], line_index, false)
-            {
+            if let Some(idx) = seek_sequence::seek_sequence(
+                original_lines,
+                std::slice::from_ref(ctx_line),
+                line_index,
+                false,
+            ) {
                 line_index = idx + 1;
             } else {
                 return Err(ApplyPatchError::ComputeReplacements(format!(
@@ -773,6 +779,33 @@ PATCH"#,
         }
     }
 
+    #[test]
+    fn test_heredoc_applypatch() {
+        let args = strs_to_strings(&[
+            "bash",
+            "-lc",
+            r#"applypatch <<'PATCH'
+*** Begin Patch
+*** Add File: foo
++hi
+*** End Patch
+PATCH"#,
+        ]);
+
+        match maybe_parse_apply_patch(&args) {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
+                assert_eq!(
+                    hunks,
+                    vec![Hunk::AddFile {
+                        path: PathBuf::from("foo"),
+                        contents: "hi\n".to_string()
+                    }]
+                );
+            }
+            result => panic!("expected MaybeApplyPatch::Body got {result:?}"),
+        }
+    }
+
     #[test]
     fn test_add_file_hunk_creates_file_with_contents() {
         let dir = tempdir().unwrap();

codex-rs/arg0/src/lib.rs

@@ -89,10 +89,10 @@ const ILLEGAL_ENV_VAR_PREFIX: &str = "CODEX_";
 /// Security: Do not allow `.env` files to create or modify any variables
 /// with names starting with `CODEX_`.
 fn load_dotenv() {
-    if let Ok(codex_home) = codex_core::config::find_codex_home() {
-        if let Ok(iter) = dotenvy::from_path_iter(codex_home.join(".env")) {
-            set_filtered(iter);
-        }
+    if let Ok(codex_home) = codex_core::config::find_codex_home()
+        && let Ok(iter) = dotenvy::from_path_iter(codex_home.join(".env"))
+    {
+        set_filtered(iter);
     }
 
     if let Ok(iter) = dotenvy::dotenv_iter() {

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -1,3 +1,4 @@
+use codex_login::AuthMode;
 use codex_login::CodexAuth;
 use std::path::Path;
 use std::sync::LazyLock;
@@ -19,7 +20,7 @@ pub fn set_chatgpt_token_data(value: TokenData) {
 
 /// Initialize the ChatGPT token from auth.json file
 pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
-    let auth = CodexAuth::from_codex_home(codex_home)?;
+    let auth = CodexAuth::from_codex_home(codex_home, AuthMode::ChatGPT)?;
     if let Some(auth) = auth {
         let token_data = auth.get_token_data().await?;
         set_chatgpt_token_data(token_data);

codex-rs/cli/Cargo.toml

@@ -25,6 +25,7 @@ codex-core = { path = "../core" }
 codex-exec = { path = "../exec" }
 codex-login = { path = "../login" }
 codex-mcp-server = { path = "../mcp-server" }
+codex-protocol = { path = "../protocol" }
 codex-tui = { path = "../tui" }
 serde_json = "1"
 tokio = { version = "1", features = [
@@ -36,3 +37,4 @@ tokio = { version = "1", features = [
 ] }
 tracing = "0.1.41"
 tracing-subscriber = "0.3.19"
+codex-protocol-ts = { path = "../protocol-ts" }

codex-rs/cli/src/debug_sandbox.rs

@@ -3,11 +3,11 @@ use std::path::PathBuf;
 use codex_common::CliConfigOverrides;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
-use codex_core::config_types::SandboxMode;
 use codex_core::exec_env::create_env;
 use codex_core::landlock::spawn_command_under_linux_sandbox;
 use codex_core::seatbelt::spawn_command_under_seatbelt;
 use codex_core::spawn::StdioPolicy;
+use codex_protocol::config_types::SandboxMode;
 
 use crate::LandlockCommand;
 use crate::SeatbeltCommand;

codex-rs/cli/src/login.rs

@@ -4,51 +4,30 @@ use codex_core::config::ConfigOverrides;
 use codex_login::AuthMode;
 use codex_login::CLIENT_ID;
 use codex_login::CodexAuth;
-use codex_login::LoginServerInfo;
 use codex_login::OPENAI_API_KEY_ENV_VAR;
 use codex_login::ServerOptions;
 use codex_login::login_with_api_key;
 use codex_login::logout;
-use codex_login::run_server_blocking_with_notify;
+use codex_login::run_login_server;
 use std::env;
-use std::path::Path;
-use std::sync::mpsc;
+use std::path::PathBuf;
 
-pub async fn login_with_chatgpt(codex_home: &Path) -> std::io::Result<()> {
-    let (tx, rx) = mpsc::channel::<LoginServerInfo>();
-    let client_id = CLIENT_ID;
-    let codex_home = codex_home.to_path_buf();
-    tokio::spawn(async move {
-        match rx.recv() {
-            Ok(LoginServerInfo {
-                auth_url,
-                actual_port,
-            }) => {
-                eprintln!(
-                    "Starting local login server on http://localhost:{actual_port}.\nIf your browser did not open, navigate to this URL to authenticate:\n\n{auth_url}",
-                );
-            }
-            _ => {
-                tracing::error!("Failed to receive login server info");
-            }
-        }
-    });
+pub async fn login_with_chatgpt(codex_home: PathBuf) -> std::io::Result<()> {
+    let opts = ServerOptions::new(codex_home, CLIENT_ID.to_string());
+    let server = run_login_server(opts)?;
 
-    tokio::task::spawn_blocking(move || {
-        let opts = ServerOptions::new(&codex_home, client_id);
-        run_server_blocking_with_notify(opts, Some(tx), None)
-    })
-    .await
-    .map_err(std::io::Error::other)??;
+    eprintln!(
+        "Starting local login server on http://localhost:{}.\nIf your browser did not open, navigate to this URL to authenticate:\n\n{}",
+        server.actual_port, server.auth_url,
+    );
 
-    eprintln!("Successfully logged in");
-    Ok(())
+    server.block_until_done().await
 }
 
 pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides);
 
-    match login_with_chatgpt(&config.codex_home).await {
+    match login_with_chatgpt(config.codex_home).await {
         Ok(_) => {
             eprintln!("Successfully logged in");
             std::process::exit(0);
@@ -81,18 +60,18 @@ pub async fn run_login_with_api_key(
 pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides);
 
-    match CodexAuth::from_codex_home(&config.codex_home) {
+    match CodexAuth::from_codex_home(&config.codex_home, config.preferred_auth_method) {
         Ok(Some(auth)) => match auth.mode {
             AuthMode::ApiKey => match auth.get_token().await {
                 Ok(api_key) => {
                     eprintln!("Logged in using an API key - {}", safe_format_key(&api_key));
 
-                    if let Ok(env_api_key) = env::var(OPENAI_API_KEY_ENV_VAR) {
-                        if env_api_key == api_key {
-                            eprintln!(
-                                "   API loaded from OPENAI_API_KEY environment variable or .env file"
-                            );
-                        }
+                    if let Ok(env_api_key) = env::var(OPENAI_API_KEY_ENV_VAR)
+                        && env_api_key == api_key
+                    {
+                        eprintln!(
+                            "   API loaded from OPENAI_API_KEY environment variable or .env file"
+                        );
                     }
                     std::process::exit(0);
                 }

codex-rs/cli/src/main.rs

@@ -72,6 +72,10 @@ enum Subcommand {
     /// Apply the latest diff produced by Codex agent as a `git apply` to your local working tree.
     #[clap(visible_alias = "a")]
     Apply(ApplyCommand),
+
+    /// Internal: generate TypeScript protocol bindings.
+    #[clap(hide = true)]
+    GenerateTs(GenerateTsCommand),
 }
 
 #[derive(Debug, Parser)]
@@ -120,6 +124,17 @@ struct LogoutCommand {
     config_overrides: CliConfigOverrides,
 }
 
+#[derive(Debug, Parser)]
+struct GenerateTsCommand {
+    /// Output directory where .ts files will be written
+    #[arg(short = 'o', long = "out", value_name = "DIR")]
+    out_dir: PathBuf,
+
+    /// Optional path to the Prettier executable to format generated files
+    #[arg(short = 'p', long = "prettier", value_name = "PRETTIER_BIN")]
+    prettier: Option<PathBuf>,
+}
+
 fn main() -> anyhow::Result<()> {
     arg0_dispatch_or_else(|codex_linux_sandbox_exe| async move {
         cli_main(codex_linux_sandbox_exe).await?;
@@ -194,6 +209,9 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
             prepend_config_flags(&mut apply_cli.config_overrides, cli.config_overrides);
             run_apply_command(apply_cli, None).await?;
         }
+        Some(Subcommand::GenerateTs(gen_cli)) => {
+            codex_protocol_ts::generate_ts(&gen_cli.out_dir, gen_cli.prettier.as_deref())?;
+        }
     }
 
     Ok(())

codex-rs/clippy.toml

@@ -1,2 +1,9 @@
 allow-expect-in-tests = true
-allow-unwrap-in-tests = true
+allow-unwrap-in-tests = true
+disallowed-methods = [
+    { path = "ratatui::style::Color::Rgb", reason = "Use ANSI colors, which work better in various terminal themes." },
+    { path = "ratatui::style::Color::Indexed", reason = "Use ANSI colors, which work better in various terminal themes." },
+    { path = "ratatui::style::Stylize::white", reason = "Avoid hardcoding white; prefer default fg or dim/bold. Exception: Disable this rule if rendering over a hardcoded ANSI background." },
+    { path = "ratatui::style::Stylize::black", reason = "Avoid hardcoding black; prefer default fg or dim/bold. Exception: Disable this rule if rendering over a hardcoded ANSI background." },
+    { path = "ratatui::style::Stylize::yellow", reason = "Avoid yellow; prefer other colors in `tui/styles.md`." },
+]

codex-rs/common/Cargo.toml

@@ -9,6 +9,7 @@ workspace = true
 [dependencies]
 clap = { version = "4", features = ["derive", "wrap_help"], optional = true }
 codex-core = { path = "../core" }
+codex-protocol = { path = "../protocol" }
 serde = { version = "1", optional = true }
 toml = { version = "0.9", optional = true }
 

codex-rs/common/src/approval_presets.rs

@@ -0,0 +1,46 @@
+use codex_core::protocol::AskForApproval;
+use codex_core::protocol::SandboxPolicy;
+
+/// A simple preset pairing an approval policy with a sandbox policy.
+#[derive(Debug, Clone)]
+pub struct ApprovalPreset {
+    /// Stable identifier for the preset.
+    pub id: &'static str,
+    /// Display label shown in UIs.
+    pub label: &'static str,
+    /// Short human description shown next to the label in UIs.
+    pub description: &'static str,
+    /// Approval policy to apply.
+    pub approval: AskForApproval,
+    /// Sandbox policy to apply.
+    pub sandbox: SandboxPolicy,
+}
+
+/// Built-in list of approval presets that pair approval and sandbox policy.
+///
+/// Keep this UI-agnostic so it can be reused by both TUI and MCP server.
+pub fn builtin_approval_presets() -> Vec<ApprovalPreset> {
+    vec![
+        ApprovalPreset {
+            id: "read-only",
+            label: "Read Only",
+            description: "Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network",
+            approval: AskForApproval::OnRequest,
+            sandbox: SandboxPolicy::ReadOnly,
+        },
+        ApprovalPreset {
+            id: "auto",
+            label: "Auto",
+            description: "Codex can read files, make edits, and run commands in the workspace. Codex requires approval to work outside the workspace or access network",
+            approval: AskForApproval::OnRequest,
+            sandbox: SandboxPolicy::new_workspace_write_policy(),
+        },
+        ApprovalPreset {
+            id: "full-access",
+            label: "Full Access",
+            description: "Codex can read files, make edits, and run commands with network access, without approval. Exercise caution",
+            approval: AskForApproval::Never,
+            sandbox: SandboxPolicy::DangerFullAccess,
+        },
+    ]
+}

codex-rs/common/src/lib.rs

@@ -29,3 +29,8 @@ mod config_summary;
 pub use config_summary::create_config_summary_entries;
 // Shared fuzzy matcher (used by TUI selection popups and other UI filtering)
 pub mod fuzzy_match;
+// Shared model presets used by TUI and MCP server
+pub mod model_presets;
+// Shared approval presets (AskForApproval + Sandbox) used by TUI and MCP server
+// Not to be confused with AskForApproval, which we should probably rename to EscalationPolicy.
+pub mod approval_presets;

codex-rs/common/src/model_presets.rs

@@ -0,0 +1,54 @@
+use codex_core::protocol_config_types::ReasoningEffort;
+
+/// A simple preset pairing a model slug with a reasoning effort.
+#[derive(Debug, Clone, Copy)]
+pub struct ModelPreset {
+    /// Stable identifier for the preset.
+    pub id: &'static str,
+    /// Display label shown in UIs.
+    pub label: &'static str,
+    /// Short human description shown next to the label in UIs.
+    pub description: &'static str,
+    /// Model slug (e.g., "gpt-5").
+    pub model: &'static str,
+    /// Reasoning effort to apply for this preset.
+    pub effort: ReasoningEffort,
+}
+
+/// Built-in list of model presets that pair a model with a reasoning effort.
+///
+/// Keep this UI-agnostic so it can be reused by both TUI and MCP server.
+pub fn builtin_model_presets() -> &'static [ModelPreset] {
+    // Order reflects effort from minimal to high.
+    const PRESETS: &[ModelPreset] = &[
+        ModelPreset {
+            id: "gpt-5-minimal",
+            label: "gpt-5 minimal",
+            description: "— fastest responses with limited reasoning; ideal for coding, instructions, or lightweight tasks",
+            model: "gpt-5",
+            effort: ReasoningEffort::Minimal,
+        },
+        ModelPreset {
+            id: "gpt-5-low",
+            label: "gpt-5 low",
+            description: "— balances speed with some reasoning; useful for straightforward queries and short explanations",
+            model: "gpt-5",
+            effort: ReasoningEffort::Low,
+        },
+        ModelPreset {
+            id: "gpt-5-medium",
+            label: "gpt-5 medium",
+            description: "— default setting; provides a solid balance of reasoning depth and latency for general-purpose tasks",
+            model: "gpt-5",
+            effort: ReasoningEffort::Medium,
+        },
+        ModelPreset {
+            id: "gpt-5-high",
+            label: "gpt-5 high",
+            description: "— maximizes reasoning depth for complex or ambiguous problems",
+            model: "gpt-5",
+            effort: ReasoningEffort::High,
+        },
+    ];
+    PRESETS
+}

codex-rs/common/src/sandbox_mode_cli_arg.rs

@@ -7,7 +7,7 @@
 //! `config.toml`.
 
 use clap::ValueEnum;
-use codex_core::config_types::SandboxMode;
+use codex_protocol::config_types::SandboxMode;
 
 #[derive(Clone, Copy, Debug, ValueEnum)]
 #[value(rename_all = "kebab-case")]

codex-rs/config.md

@@ -149,6 +149,7 @@ approval_policy = "untrusted"
 ```
 
 If you want to be notified whenever a command fails, use "on-failure":
+
 ```toml
 # If the command fails when run in the sandbox, Codex asks for permission to
 # retry the command outside the sandbox.
@@ -156,12 +157,14 @@ approval_policy = "on-failure"
 ```
 
 If you want the model to run until it decides that it needs to ask you for escalated permissions, use "on-request":
+
 ```toml
 # The model decides when to escalate
 approval_policy = "on-request"
 ```
 
 Alternatively, you can have the model run until it is done, and never ask to run a command with escalated permissions:
+
 ```toml
 # User is never prompted: if the command fails, Codex will automatically try
 # something out. Note the `exec` subcommand always uses this mode.
@@ -217,17 +220,14 @@ Users can specify config values at multiple levels. Order of precedence is as fo
 
 ## model_reasoning_effort
 
-If the model name starts with `"o"` (as in `"o3"` or `"o4-mini"`) or `"codex"`, reasoning is enabled by default when using the Responses API. As explained in the [OpenAI Platform documentation](https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning), this can be set to:
+If the selected model is known to support reasoning (for example: `o3`, `o4-mini`, `codex-*`, `gpt-5`), reasoning is enabled by default when using the Responses API. As explained in the [OpenAI Platform documentation](https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning), this can be set to:
 
+- `"minimal"`
 - `"low"`
 - `"medium"` (default)
 - `"high"`
 
-To disable reasoning, set `model_reasoning_effort` to `"none"` in your config:
-
-```toml
-model_reasoning_effort = "none"  # disable reasoning
-```
+Note: to minimize reasoning, choose `"minimal"`.
 
 ## model_reasoning_summary
 
@@ -281,6 +281,9 @@ sandbox_mode = "workspace-write"
 exclude_tmpdir_env_var = false
 exclude_slash_tmp = false
 
+# Optional list of _additional_ writable roots beyond $TMPDIR and /tmp.
+writable_roots = ["/Users/YOU/.pyenv/shims"]
+
 # Allow the command being run inside the sandbox to make outbound network
 # requests. Disabled by default.
 network_access = false
@@ -297,6 +300,16 @@ This is reasonable to use if Codex is running in an environment that provides it
 
 Though using this option may also be necessary if you try to use Codex in environments where its native sandboxing mechanisms are unsupported, such as older Linux kernels or on Windows.
 
+## Approval presets
+
+Codex provides three main Approval Presets:
+
+- Read Only: Codex can read files and answer questions; edits, running commands, and network access require approval.
+- Auto: Codex can read files, make edits, and run commands in the workspace without approval; asks for approval outside the workspace or for network access.
+- Full Access: Full disk and network access without prompts; extremely risky.
+
+You can further customize how Codex runs at the command line using the `--ask-for-approval` and `--sandbox` options.
+
 ## mcp_servers
 
 Defines the list of MCP servers that Codex can consult for tool use. Currently, only servers that are launched by executing a program that communicate over stdio are supported. For servers that use the SSE transport, consider an adapter like [mcp-proxy](https://github.com/sparfenyuk/mcp-proxy).
@@ -498,10 +511,12 @@ hide_agent_reasoning = true   # defaults to false
 Surfaces the model’s raw chain-of-thought ("raw reasoning content") when available.
 
 Notes:
+
 - Only takes effect if the selected model/provider actually emits raw reasoning content. Many models do not. When unsupported, this option has no visible effect.
 - Raw reasoning may include intermediate thoughts or sensitive context. Enable only if acceptable for your workflow.
 
 Example:
+
 ```toml
 show_raw_agent_reasoning = true  # defaults to false
 ```

codex-rs/core/Cargo.toml

@@ -19,12 +19,12 @@ chrono = { version = "0.4", features = ["serde"] }
 codex-apply-patch = { path = "../apply-patch" }
 codex-login = { path = "../login" }
 codex-mcp-client = { path = "../mcp-client" }
+codex-protocol = { path = "../protocol" }
 dirs = "6"
 env-flags = "0.1.1"
 eventsource-stream = "0.2.3"
-fs2 = "0.4.3"
 futures = "0.3"
-libc = "0.2.174"
+libc = "0.2.175"
 mcp-types = { path = "../mcp-types" }
 mime_guess = "2.0"
 os_info = "3.12.0"

codex-rs/core/src/apply_patch.rs

@@ -1,4 +1,5 @@
 use crate::codex::Session;
+use crate::codex::TurnContext;
 use crate::models::FunctionCallOutputPayload;
 use crate::models::ResponseInputItem;
 use crate::protocol::FileChange;
@@ -8,7 +9,6 @@ use crate::safety::assess_patch_safety;
 use codex_apply_patch::ApplyPatchAction;
 use codex_apply_patch::ApplyPatchFileChange;
 use std::collections::HashMap;
-use std::path::Path;
 use std::path::PathBuf;
 
 pub const CODEX_APPLY_PATCH_ARG1: &str = "--codex-run-as-apply-patch";
@@ -41,17 +41,16 @@ impl From<ResponseInputItem> for InternalApplyPatchInvocation {
 
 pub(crate) async fn apply_patch(
     sess: &Session,
+    turn_context: &TurnContext,
     sub_id: &str,
     call_id: &str,
     action: ApplyPatchAction,
 ) -> InternalApplyPatchInvocation {
-    let writable_roots_snapshot = sess.get_writable_roots().to_vec();
-
     match assess_patch_safety(
         &action,
-        sess.get_approval_policy(),
-        &writable_roots_snapshot,
-        sess.get_cwd(),
+        turn_context.approval_policy,
+        &turn_context.sandbox_policy,
+        &turn_context.cwd,
     ) {
         SafetyCheck::AutoApprove { .. } => {
             InternalApplyPatchInvocation::DelegateToExec(ApplyPatchExec {
@@ -124,30 +123,3 @@ pub(crate) fn convert_apply_patch_to_protocol(
     }
     result
 }
-
-pub(crate) fn get_writable_roots(cwd: &Path) -> Vec<PathBuf> {
-    let mut writable_roots = Vec::new();
-    if cfg!(target_os = "macos") {
-        // On macOS, $TMPDIR is private to the user.
-        writable_roots.push(std::env::temp_dir());
-
-        // Allow pyenv to update its shims directory. Without this, any tool
-        // that happens to be managed by `pyenv` will fail with an error like:
-        //
-        //   pyenv: cannot rehash: $HOME/.pyenv/shims isn't writable
-        //
-        // which is emitted every time `pyenv` tries to run `rehash` (for
-        // example, after installing a new Python package that drops an entry
-        // point). Although the sandbox is intentionally read‑only by default,
-        // writing to the user's local `pyenv` directory is safe because it
-        // is already user‑writable and scoped to the current user account.
-        if let Ok(home_dir) = std::env::var("HOME") {
-            let pyenv_dir = PathBuf::from(home_dir).join(".pyenv");
-            writable_roots.push(pyenv_dir);
-        }
-    }
-
-    writable_roots.push(cwd.to_path_buf());
-
-    writable_roots
-}

codex-rs/core/src/chat_completions.rs

@@ -290,13 +290,12 @@ async fn process_chat_sse<S>(
                 .get("delta")
                 .and_then(|d| d.get("content"))
                 .and_then(|c| c.as_str())
+                && !content.is_empty()
             {
-                if !content.is_empty() {
-                    assistant_text.push_str(content);
-                    let _ = tx_event
-                        .send(Ok(ResponseEvent::OutputTextDelta(content.to_string())))
-                        .await;
-                }
+                assistant_text.push_str(content);
+                let _ = tx_event
+                    .send(Ok(ResponseEvent::OutputTextDelta(content.to_string())))
+                    .await;
             }
 
             // Forward any reasoning/thinking deltas if present.
@@ -333,27 +332,25 @@ async fn process_chat_sse<S>(
                 .get("delta")
                 .and_then(|d| d.get("tool_calls"))
                 .and_then(|tc| tc.as_array())
+                && let Some(tool_call) = tool_calls.first()
             {
-                if let Some(tool_call) = tool_calls.first() {
-                    // Mark that we have an active function call in progress.
-                    fn_call_state.active = true;
+                // Mark that we have an active function call in progress.
+                fn_call_state.active = true;
 
-                    // Extract call_id if present.
-                    if let Some(id) = tool_call.get("id").and_then(|v| v.as_str()) {
-                        fn_call_state.call_id.get_or_insert_with(|| id.to_string());
+                // Extract call_id if present.
+                if let Some(id) = tool_call.get("id").and_then(|v| v.as_str()) {
+                    fn_call_state.call_id.get_or_insert_with(|| id.to_string());
+                }
+
+                // Extract function details if present.
+                if let Some(function) = tool_call.get("function") {
+                    if let Some(name) = function.get("name").and_then(|n| n.as_str()) {
+                        fn_call_state.name.get_or_insert_with(|| name.to_string());
                     }
 
-                    // Extract function details if present.
-                    if let Some(function) = tool_call.get("function") {
-                        if let Some(name) = function.get("name").and_then(|n| n.as_str()) {
-                            fn_call_state.name.get_or_insert_with(|| name.to_string());
-                        }
-
-                        if let Some(args_fragment) =
-                            function.get("arguments").and_then(|a| a.as_str())
-                        {
-                            fn_call_state.arguments.push_str(args_fragment);
-                        }
+                    if let Some(args_fragment) = function.get("arguments").and_then(|a| a.as_str())
+                    {
+                        fn_call_state.arguments.push_str(args_fragment);
                     }
                 }
             }
@@ -491,15 +488,14 @@ where
                         // Only use the final assistant message if we have not
                         // seen any deltas; otherwise, deltas already built the
                         // cumulative text and this would duplicate it.
-                        if this.cumulative.is_empty() {
-                            if let crate::models::ResponseItem::Message { content, .. } = &item {
-                                if let Some(text) = content.iter().find_map(|c| match c {
-                                    crate::models::ContentItem::OutputText { text } => Some(text),
-                                    _ => None,
-                                }) {
-                                    this.cumulative.push_str(text);
-                                }
-                            }
+                        if this.cumulative.is_empty()
+                            && let crate::models::ResponseItem::Message { content, .. } = &item
+                            && let Some(text) = content.iter().find_map(|c| match c {
+                                crate::models::ContentItem::OutputText { text } => Some(text),
+                                _ => None,
+                            })
+                        {
+                            this.cumulative.push_str(text);
                         }
 
                         // Swallow assistant message here; emit on Completed.

codex-rs/core/src/client.rs

@@ -29,12 +29,11 @@ use crate::client_common::ResponseStream;
 use crate::client_common::ResponsesApiRequest;
 use crate::client_common::create_reasoning_param_for_request;
 use crate::config::Config;
-use crate::config_types::ReasoningEffort as ReasoningEffortConfig;
-use crate::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use crate::error::CodexErr;
 use crate::error::Result;
 use crate::error::UsageLimitReachedError;
 use crate::flags::CODEX_RS_SSE_FIXTURE;
+use crate::model_family::ModelFamily;
 use crate::model_provider_info::ModelProviderInfo;
 use crate::model_provider_info::WireApi;
 use crate::models::ResponseItem;
@@ -42,6 +41,8 @@ use crate::openai_tools::create_tools_json_for_responses_api;
 use crate::protocol::TokenUsage;
 use crate::user_agent::get_codex_user_agent;
 use crate::util::backoff;
+use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
+use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use std::sync::Arc;
 
 #[derive(Debug, Deserialize)]
@@ -56,7 +57,7 @@ struct Error {
     message: Option<String>,
 }
 
-#[derive(Clone)]
+#[derive(Debug, Clone)]
 pub struct ModelClient {
     config: Arc<Config>,
     auth: Option<CodexAuth>,
@@ -207,11 +208,7 @@ impl ModelClient {
                 req_builder = req_builder.header("chatgpt-account-id", account_id);
             }
 
-            let originator = self
-                .config
-                .internal_originator
-                .as_deref()
-                .unwrap_or("codex_cli_rs");
+            let originator = &self.config.responses_originator_header;
             req_builder = req_builder.header("originator", originator);
             req_builder = req_builder.header("User-Agent", get_codex_user_agent(Some(originator)));
 
@@ -251,6 +248,12 @@ impl ModelClient {
                         .and_then(|v| v.to_str().ok())
                         .and_then(|s| s.parse::<u64>().ok());
 
+                    if status == StatusCode::UNAUTHORIZED
+                        && let Some(a) = auth.as_ref()
+                    {
+                        let _ = a.refresh_token().await;
+                    }
+
                     // The OpenAI Responses endpoint returns structured JSON bodies even for 4xx/5xx
                     // errors. When we bubble early with only the HTTP status the caller sees an opaque
                     // "unexpected status 400 Bad Request" which makes debugging nearly impossible.
@@ -258,7 +261,10 @@ impl ModelClient {
                     // exact error message (e.g. "Unknown parameter: 'input[0].metadata'"). The body is
                     // small and this branch only runs on error paths so the extra allocation is
                     // negligible.
-                    if !(status == StatusCode::TOO_MANY_REQUESTS || status.is_server_error()) {
+                    if !(status == StatusCode::TOO_MANY_REQUESTS
+                        || status == StatusCode::UNAUTHORIZED
+                        || status.is_server_error())
+                    {
                         // Surface the error body to callers. Use `unwrap_or_default` per Clippy.
                         let body = res.text().await.unwrap_or_default();
                         return Err(CodexErr::UnexpectedStatus(status, body));
@@ -311,6 +317,30 @@ impl ModelClient {
     pub fn get_provider(&self) -> ModelProviderInfo {
         self.provider.clone()
     }
+
+    /// Returns the currently configured model slug.
+    pub fn get_model(&self) -> String {
+        self.config.model.clone()
+    }
+
+    /// Returns the currently configured model family.
+    pub fn get_model_family(&self) -> ModelFamily {
+        self.config.model_family.clone()
+    }
+
+    /// Returns the current reasoning effort setting.
+    pub fn get_reasoning_effort(&self) -> ReasoningEffortConfig {
+        self.effort
+    }
+
+    /// Returns the current reasoning summary setting.
+    pub fn get_reasoning_summary(&self) -> ReasoningSummaryConfig {
+        self.summary
+    }
+
+    pub fn get_auth(&self) -> Option<CodexAuth> {
+        self.auth.clone()
+    }
 }
 
 #[derive(Debug, Deserialize, Serialize)]

codex-rs/core/src/client_common.rs

@@ -1,5 +1,3 @@
-use crate::config_types::ReasoningEffort as ReasoningEffortConfig;
-use crate::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use crate::error::Result;
 use crate::model_family::ModelFamily;
 use crate::models::ContentItem;
@@ -7,6 +5,8 @@ use crate::models::ResponseItem;
 use crate::openai_tools::OpenAiTool;
 use crate::protocol::TokenUsage;
 use codex_apply_patch::APPLY_PATCH_TOOL_INSTRUCTIONS;
+use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
+use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
 use futures::Stream;
 use serde::Serialize;
 use std::borrow::Cow;
@@ -85,53 +85,8 @@ pub enum ResponseEvent {
 
 #[derive(Debug, Serialize)]
 pub(crate) struct Reasoning {
-    pub(crate) effort: OpenAiReasoningEffort,
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub(crate) summary: Option<OpenAiReasoningSummary>,
-}
-
-/// See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning
-#[derive(Debug, Serialize, Default, Clone, Copy)]
-#[serde(rename_all = "lowercase")]
-pub(crate) enum OpenAiReasoningEffort {
-    Low,
-    #[default]
-    Medium,
-    High,
-}
-
-impl From<ReasoningEffortConfig> for Option<OpenAiReasoningEffort> {
-    fn from(effort: ReasoningEffortConfig) -> Self {
-        match effort {
-            ReasoningEffortConfig::Low => Some(OpenAiReasoningEffort::Low),
-            ReasoningEffortConfig::Medium => Some(OpenAiReasoningEffort::Medium),
-            ReasoningEffortConfig::High => Some(OpenAiReasoningEffort::High),
-            ReasoningEffortConfig::None => None,
-        }
-    }
-}
-
-/// A summary of the reasoning performed by the model. This can be useful for
-/// debugging and understanding the model's reasoning process.
-/// See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#reasoning-summaries
-#[derive(Debug, Serialize, Default, Clone, Copy)]
-#[serde(rename_all = "lowercase")]
-pub(crate) enum OpenAiReasoningSummary {
-    #[default]
-    Auto,
-    Concise,
-    Detailed,
-}
-
-impl From<ReasoningSummaryConfig> for Option<OpenAiReasoningSummary> {
-    fn from(summary: ReasoningSummaryConfig) -> Self {
-        match summary {
-            ReasoningSummaryConfig::Auto => Some(OpenAiReasoningSummary::Auto),
-            ReasoningSummaryConfig::Concise => Some(OpenAiReasoningSummary::Concise),
-            ReasoningSummaryConfig::Detailed => Some(OpenAiReasoningSummary::Detailed),
-            ReasoningSummaryConfig::None => None,
-        }
-    }
+    pub(crate) effort: ReasoningEffortConfig,
+    pub(crate) summary: ReasoningSummaryConfig,
 }
 
 /// Request object that is serialized as JSON and POST'ed when using the
@@ -162,12 +117,7 @@ pub(crate) fn create_reasoning_param_for_request(
     summary: ReasoningSummaryConfig,
 ) -> Option<Reasoning> {
     if model_family.supports_reasoning_summaries {
-        let effort: Option<OpenAiReasoningEffort> = effort.into();
-        let effort = effort?;
-        Some(Reasoning {
-            effort,
-            summary: summary.into(),
-        })
+        Some(Reasoning { effort, summary })
     } else {
         None
     }

codex-rs/core/src/config.rs

@@ -1,9 +1,6 @@
 use crate::config_profile::ConfigProfile;
 use crate::config_types::History;
 use crate::config_types::McpServerConfig;
-use crate::config_types::ReasoningEffort;
-use crate::config_types::ReasoningSummary;
-use crate::config_types::SandboxMode;
 use crate::config_types::SandboxWorkspaceWrite;
 use crate::config_types::ShellEnvironmentPolicy;
 use crate::config_types::ShellEnvironmentPolicyToml;
@@ -16,6 +13,10 @@ use crate::model_provider_info::built_in_model_providers;
 use crate::openai_model_info::get_model_info;
 use crate::protocol::AskForApproval;
 use crate::protocol::SandboxPolicy;
+use codex_login::AuthMode;
+use codex_protocol::config_types::ReasoningEffort;
+use codex_protocol::config_types::ReasoningSummary;
+use codex_protocol::config_types::SandboxMode;
 use dirs::home_dir;
 use serde::Deserialize;
 use std::collections::HashMap;
@@ -34,6 +35,8 @@ pub(crate) const PROJECT_DOC_MAX_BYTES: usize = 32 * 1024; // 32 KiB
 
 const CONFIG_TOML_FILE: &str = "config.toml";
 
+const DEFAULT_RESPONSES_ORIGINATOR_HEADER: &str = "codex_cli_rs";
+
 /// Application configuration loaded from disk and merged with overrides.
 #[derive(Debug, Clone, PartialEq)]
 pub struct Config {
@@ -139,8 +142,8 @@ pub struct Config {
     /// When this program is invoked, arg0 will be set to `codex-linux-sandbox`.
     pub codex_linux_sandbox_exe: Option<PathBuf>,
 
-    /// If not "none", the value to use for `reasoning.effort` when making a
-    /// request using the Responses API.
+    /// Value to use for `reasoning.effort` when making a request using the
+    /// Responses API.
     pub model_reasoning_effort: ReasoningEffort,
 
     /// If not "none", the value to use for `reasoning.summary` when making a
@@ -156,8 +159,16 @@ pub struct Config {
     /// Include an experimental plan tool that the model can use to update its current plan and status of each step.
     pub include_plan_tool: bool,
 
+    /// Include the `apply_patch` tool for models that benefit from invoking
+    /// file edits as a structured tool call. When unset, this falls back to the
+    /// model family's default preference.
+    pub include_apply_patch_tool: bool,
+
     /// The value for the `originator` header included with Responses API requests.
-    pub internal_originator: Option<String>,
+    pub responses_originator_header: String,
+
+    /// If set to `true`, the API key will be signed with the `originator` header.
+    pub preferred_auth_method: AuthMode,
 }
 
 impl Config {
@@ -401,9 +412,12 @@ pub struct ConfigToml {
     pub experimental_instructions_file: Option<PathBuf>,
 
     /// The value for the `originator` header included with Responses API requests.
-    pub internal_originator: Option<String>,
+    pub responses_originator_header_internal_override: Option<String>,
 
     pub projects: Option<HashMap<String, ProjectConfig>>,
+
+    /// If set to `true`, the API key will be signed with the `originator` header.
+    pub preferred_auth_method: Option<AuthMode>,
 }
 
 #[derive(Deserialize, Debug, Clone, PartialEq, Eq)]
@@ -480,6 +494,7 @@ pub struct ConfigOverrides {
     pub codex_linux_sandbox_exe: Option<PathBuf>,
     pub base_instructions: Option<String>,
     pub include_plan_tool: Option<bool>,
+    pub include_apply_patch_tool: Option<bool>,
     pub disable_response_storage: Option<bool>,
     pub show_raw_agent_reasoning: Option<bool>,
 }
@@ -505,6 +520,7 @@ impl Config {
             codex_linux_sandbox_exe,
             base_instructions,
             include_plan_tool,
+            include_apply_patch_tool,
             disable_response_storage,
             show_raw_agent_reasoning,
         } = overrides;
@@ -581,6 +597,7 @@ impl Config {
                 needs_special_apply_patch_instructions: false,
                 supports_reasoning_summaries,
                 uses_local_shell_tool: false,
+                uses_apply_patch_tool: false,
             }
         });
 
@@ -607,6 +624,13 @@ impl Config {
             Self::get_base_instructions(experimental_instructions_path, &resolved_cwd)?;
         let base_instructions = base_instructions.or(file_base_instructions);
 
+        let include_apply_patch_tool_val =
+            include_apply_patch_tool.unwrap_or(model_family.uses_apply_patch_tool);
+
+        let responses_originator_header: String = cfg
+            .responses_originator_header_internal_override
+            .unwrap_or(DEFAULT_RESPONSES_ORIGINATOR_HEADER.to_owned());
+
         let config = Self {
             model,
             model_family,
@@ -659,7 +683,9 @@ impl Config {
 
             experimental_resume,
             include_plan_tool: include_plan_tool.unwrap_or(false),
-            internal_originator: cfg.internal_originator,
+            include_apply_patch_tool: include_apply_patch_tool_val,
+            responses_originator_header,
+            preferred_auth_method: cfg.preferred_auth_method.unwrap_or(AuthMode::ChatGPT),
         };
         Ok(config)
     }
@@ -739,10 +765,10 @@ fn default_model() -> String {
 pub fn find_codex_home() -> std::io::Result<PathBuf> {
     // Honor the `CODEX_HOME` environment variable when it is set to allow users
     // (and tests) to override the default location.
-    if let Ok(val) = std::env::var("CODEX_HOME") {
-        if !val.is_empty() {
-            return PathBuf::from(val).canonicalize();
-        }
+    if let Ok(val) = std::env::var("CODEX_HOME")
+        && !val.is_empty()
+    {
+        return PathBuf::from(val).canonicalize();
     }
 
     let mut p = home_dir().ok_or_else(|| {
@@ -1022,7 +1048,9 @@ disable_response_storage = true
                 experimental_resume: None,
                 base_instructions: None,
                 include_plan_tool: false,
-                internal_originator: None,
+                include_apply_patch_tool: false,
+                responses_originator_header: "codex_cli_rs".to_string(),
+                preferred_auth_method: AuthMode::ChatGPT,
             },
             o3_profile_config
         );
@@ -1073,7 +1101,9 @@ disable_response_storage = true
             experimental_resume: None,
             base_instructions: None,
             include_plan_tool: false,
-            internal_originator: None,
+            include_apply_patch_tool: false,
+            responses_originator_header: "codex_cli_rs".to_string(),
+            preferred_auth_method: AuthMode::ChatGPT,
         };
 
         assert_eq!(expected_gpt3_profile_config, gpt3_profile_config);
@@ -1139,7 +1169,9 @@ disable_response_storage = true
             experimental_resume: None,
             base_instructions: None,
             include_plan_tool: false,
-            internal_originator: None,
+            include_apply_patch_tool: false,
+            responses_originator_header: "codex_cli_rs".to_string(),
+            preferred_auth_method: AuthMode::ChatGPT,
         };
 
         assert_eq!(expected_zdr_profile_config, zdr_profile_config);

codex-rs/core/src/config_profile.rs

@@ -1,9 +1,9 @@
 use serde::Deserialize;
 use std::path::PathBuf;
 
-use crate::config_types::ReasoningEffort;
-use crate::config_types::ReasoningSummary;
 use crate::protocol::AskForApproval;
+use codex_protocol::config_types::ReasoningEffort;
+use codex_protocol::config_types::ReasoningSummary;
 
 /// Collection of common configuration options that a user can define as a unit
 /// in `config.toml`.

codex-rs/core/src/config_types.rs

@@ -5,11 +5,9 @@
 
 use std::collections::HashMap;
 use std::path::PathBuf;
-use strum_macros::Display;
 use wildmatch::WildMatchPattern;
 
 use serde::Deserialize;
-use serde::Serialize;
 
 #[derive(Deserialize, Debug, Clone, PartialEq)]
 pub struct McpServerConfig {
@@ -78,21 +76,6 @@ pub enum HistoryPersistence {
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 pub struct Tui {}
 
-#[derive(Deserialize, Debug, Clone, Copy, PartialEq, Default, Serialize, Display)]
-#[serde(rename_all = "kebab-case")]
-#[strum(serialize_all = "kebab-case")]
-pub enum SandboxMode {
-    #[serde(rename = "read-only")]
-    #[default]
-    ReadOnly,
-
-    #[serde(rename = "workspace-write")]
-    WorkspaceWrite,
-
-    #[serde(rename = "danger-full-access")]
-    DangerFullAccess,
-}
-
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 pub struct SandboxWorkspaceWrite {
     #[serde(default)]
@@ -200,31 +183,3 @@ impl From<ShellEnvironmentPolicyToml> for ShellEnvironmentPolicy {
         }
     }
 }
-
-/// See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#get-started-with-reasoning
-#[derive(Debug, Serialize, Deserialize, Default, Clone, Copy, PartialEq, Eq, Display)]
-#[serde(rename_all = "lowercase")]
-#[strum(serialize_all = "lowercase")]
-pub enum ReasoningEffort {
-    Low,
-    #[default]
-    Medium,
-    High,
-    /// Option to disable reasoning.
-    None,
-}
-
-/// A summary of the reasoning performed by the model. This can be useful for
-/// debugging and understanding the model's reasoning process.
-/// See https://platform.openai.com/docs/guides/reasoning?api-mode=responses#reasoning-summaries
-#[derive(Debug, Serialize, Deserialize, Default, Clone, Copy, PartialEq, Eq, Display)]
-#[serde(rename_all = "lowercase")]
-#[strum(serialize_all = "lowercase")]
-pub enum ReasoningSummary {
-    #[default]
-    Auto,
-    Concise,
-    Detailed,
-    /// Option to disable reasoning summaries.
-    None,
-}

codex-rs/core/src/conversation_manager.rs

@@ -40,7 +40,7 @@ impl Default for ConversationManager {
 
 impl ConversationManager {
     pub async fn new_conversation(&self, config: Config) -> CodexResult<NewConversation> {
-        let auth = CodexAuth::from_codex_home(&config.codex_home)?;
+        let auth = CodexAuth::from_codex_home(&config.codex_home, config.preferred_auth_method)?;
         self.new_conversation_with_auth(config, auth).await
     }
 

codex-rs/core/src/environment_context.rs

@@ -2,11 +2,11 @@ use serde::Deserialize;
 use serde::Serialize;
 use strum_macros::Display as DeriveDisplay;
 
-use crate::config_types::SandboxMode;
 use crate::models::ContentItem;
 use crate::models::ResponseItem;
 use crate::protocol::AskForApproval;
 use crate::protocol::SandboxPolicy;
+use codex_protocol::config_types::SandboxMode;
 use std::fmt::Display;
 use std::path::PathBuf;
 

codex-rs/core/src/git_info.rs

@@ -1,11 +1,16 @@
+use std::collections::HashSet;
 use std::path::Path;
 
+use codex_protocol::mcp_protocol::GitSha;
+use futures::future::join_all;
 use serde::Deserialize;
 use serde::Serialize;
 use tokio::process::Command;
 use tokio::time::Duration as TokioDuration;
 use tokio::time::timeout;
 
+use crate::util::is_inside_git_repo;
+
 /// Timeout for git commands to prevent freezing on large repositories
 const GIT_COMMAND_TIMEOUT: TokioDuration = TokioDuration::from_secs(5);
 
@@ -22,6 +27,12 @@ pub struct GitInfo {
     pub repository_url: Option<String>,
 }
 
+#[derive(Serialize, Deserialize, Clone, Debug)]
+pub struct GitDiffToRemote {
+    pub sha: GitSha,
+    pub diff: String,
+}
+
 /// Collect git repository information from the given working directory using command-line git.
 /// Returns None if no git repository is found or if git operations fail.
 /// Uses timeouts to prevent freezing on large repositories.
@@ -51,38 +62,52 @@ pub async fn collect_git_info(cwd: &Path) -> Option<GitInfo> {
     };
 
     // Process commit hash
-    if let Some(output) = commit_result {
-        if output.status.success() {
-            if let Ok(hash) = String::from_utf8(output.stdout) {
-                git_info.commit_hash = Some(hash.trim().to_string());
-            }
-        }
+    if let Some(output) = commit_result
+        && output.status.success()
+        && let Ok(hash) = String::from_utf8(output.stdout)
+    {
+        git_info.commit_hash = Some(hash.trim().to_string());
     }
 
     // Process branch name
-    if let Some(output) = branch_result {
-        if output.status.success() {
-            if let Ok(branch) = String::from_utf8(output.stdout) {
-                let branch = branch.trim();
-                if branch != "HEAD" {
-                    git_info.branch = Some(branch.to_string());
-                }
-            }
+    if let Some(output) = branch_result
+        && output.status.success()
+        && let Ok(branch) = String::from_utf8(output.stdout)
+    {
+        let branch = branch.trim();
+        if branch != "HEAD" {
+            git_info.branch = Some(branch.to_string());
         }
     }
 
     // Process repository URL
-    if let Some(output) = url_result {
-        if output.status.success() {
-            if let Ok(url) = String::from_utf8(output.stdout) {
-                git_info.repository_url = Some(url.trim().to_string());
-            }
-        }
+    if let Some(output) = url_result
+        && output.status.success()
+        && let Ok(url) = String::from_utf8(output.stdout)
+    {
+        git_info.repository_url = Some(url.trim().to_string());
     }
 
     Some(git_info)
 }
 
+/// Returns the closest git sha to HEAD that is on a remote as well as the diff to that sha.
+pub async fn git_diff_to_remote(cwd: &Path) -> Option<GitDiffToRemote> {
+    if !is_inside_git_repo(cwd) {
+        return None;
+    }
+
+    let remotes = get_git_remotes(cwd).await?;
+    let branches = branch_ancestry(cwd).await?;
+    let base_sha = find_closest_sha(cwd, &branches, &remotes).await?;
+    let diff = diff_against_sha(cwd, &base_sha).await?;
+
+    Some(GitDiffToRemote {
+        sha: base_sha,
+        diff,
+    })
+}
+
 /// Run a git command with a timeout to prevent blocking on large repositories
 async fn run_git_command_with_timeout(args: &[&str], cwd: &Path) -> Option<std::process::Output> {
     let result = timeout(
@@ -97,6 +122,309 @@ async fn run_git_command_with_timeout(args: &[&str], cwd: &Path) -> Option<std::
     }
 }
 
+async fn get_git_remotes(cwd: &Path) -> Option<Vec<String>> {
+    let output = run_git_command_with_timeout(&["remote"], cwd).await?;
+    if !output.status.success() {
+        return None;
+    }
+    let mut remotes: Vec<String> = String::from_utf8(output.stdout)
+        .ok()?
+        .lines()
+        .map(|s| s.to_string())
+        .collect();
+    if let Some(pos) = remotes.iter().position(|r| r == "origin") {
+        let origin = remotes.remove(pos);
+        remotes.insert(0, origin);
+    }
+    Some(remotes)
+}
+
+/// Attempt to determine the repository's default branch name.
+///
+/// Preference order:
+/// 1) The symbolic ref at `refs/remotes/<remote>/HEAD` for the first remote (origin prioritized)
+/// 2) `git remote show <remote>` parsed for "HEAD branch: <name>"
+/// 3) Local fallback to existing `main` or `master` if present
+async fn get_default_branch(cwd: &Path) -> Option<String> {
+    // Prefer the first remote (with origin prioritized)
+    let remotes = get_git_remotes(cwd).await.unwrap_or_default();
+    for remote in remotes {
+        // Try symbolic-ref, which returns something like: refs/remotes/origin/main
+        if let Some(symref_output) = run_git_command_with_timeout(
+            &[
+                "symbolic-ref",
+                "--quiet",
+                &format!("refs/remotes/{remote}/HEAD"),
+            ],
+            cwd,
+        )
+        .await
+            && symref_output.status.success()
+            && let Ok(sym) = String::from_utf8(symref_output.stdout)
+        {
+            let trimmed = sym.trim();
+            if let Some((_, name)) = trimmed.rsplit_once('/') {
+                return Some(name.to_string());
+            }
+        }
+
+        // Fall back to parsing `git remote show <remote>` output
+        if let Some(show_output) =
+            run_git_command_with_timeout(&["remote", "show", &remote], cwd).await
+            && show_output.status.success()
+            && let Ok(text) = String::from_utf8(show_output.stdout)
+        {
+            for line in text.lines() {
+                let line = line.trim();
+                if let Some(rest) = line.strip_prefix("HEAD branch:") {
+                    let name = rest.trim();
+                    if !name.is_empty() {
+                        return Some(name.to_string());
+                    }
+                }
+            }
+        }
+    }
+
+    // No remote-derived default; try common local defaults if they exist
+    for candidate in ["main", "master"] {
+        if let Some(verify) = run_git_command_with_timeout(
+            &[
+                "rev-parse",
+                "--verify",
+                "--quiet",
+                &format!("refs/heads/{candidate}"),
+            ],
+            cwd,
+        )
+        .await
+            && verify.status.success()
+        {
+            return Some(candidate.to_string());
+        }
+    }
+
+    None
+}
+
+/// Build an ancestry of branches starting at the current branch and ending at the
+/// repository's default branch (if determinable)..
+async fn branch_ancestry(cwd: &Path) -> Option<Vec<String>> {
+    // Discover current branch (ignore detached HEAD by treating it as None)
+    let current_branch = run_git_command_with_timeout(&["rev-parse", "--abbrev-ref", "HEAD"], cwd)
+        .await
+        .and_then(|o| {
+            if o.status.success() {
+                String::from_utf8(o.stdout).ok()
+            } else {
+                None
+            }
+        })
+        .map(|s| s.trim().to_string())
+        .filter(|s| s != "HEAD");
+
+    // Discover default branch
+    let default_branch = get_default_branch(cwd).await;
+
+    let mut ancestry: Vec<String> = Vec::new();
+    let mut seen: HashSet<String> = HashSet::new();
+    if let Some(cb) = current_branch.clone() {
+        seen.insert(cb.clone());
+        ancestry.push(cb);
+    }
+    if let Some(db) = default_branch
+        && !seen.contains(&db)
+    {
+        seen.insert(db.clone());
+        ancestry.push(db);
+    }
+
+    // Expand candidates: include any remote branches that already contain HEAD.
+    // This addresses cases where we're on a new local-only branch forked from a
+    // remote branch that isn't the repository default. We prioritize remotes in
+    // the order returned by get_git_remotes (origin first).
+    let remotes = get_git_remotes(cwd).await.unwrap_or_default();
+    for remote in remotes {
+        if let Some(output) = run_git_command_with_timeout(
+            &[
+                "for-each-ref",
+                "--format=%(refname:short)",
+                "--contains=HEAD",
+                &format!("refs/remotes/{remote}"),
+            ],
+            cwd,
+        )
+        .await
+            && output.status.success()
+            && let Ok(text) = String::from_utf8(output.stdout)
+        {
+            for line in text.lines() {
+                let short = line.trim();
+                // Expect format like: "origin/feature"; extract the branch path after "remote/"
+                if let Some(stripped) = short.strip_prefix(&format!("{remote}/"))
+                    && !stripped.is_empty()
+                    && !seen.contains(stripped)
+                {
+                    seen.insert(stripped.to_string());
+                    ancestry.push(stripped.to_string());
+                }
+            }
+        }
+    }
+
+    // Ensure we return Some vector, even if empty, to allow caller logic to proceed
+    Some(ancestry)
+}
+
+// Helper for a single branch: return the remote SHA if present on any remote
+// and the distance (commits ahead of HEAD) for that branch. The first item is
+// None if the branch is not present on any remote. Returns None if distance
+// could not be computed due to git errors/timeouts.
+async fn branch_remote_and_distance(
+    cwd: &Path,
+    branch: &str,
+    remotes: &[String],
+) -> Option<(Option<GitSha>, usize)> {
+    // Try to find the first remote ref that exists for this branch (origin prioritized by caller).
+    let mut found_remote_sha: Option<GitSha> = None;
+    let mut found_remote_ref: Option<String> = None;
+    for remote in remotes {
+        let remote_ref = format!("refs/remotes/{remote}/{branch}");
+        let Some(verify_output) =
+            run_git_command_with_timeout(&["rev-parse", "--verify", "--quiet", &remote_ref], cwd)
+                .await
+        else {
+            // Mirror previous behavior: if the verify call times out/fails at the process level,
+            // treat the entire branch as unusable.
+            return None;
+        };
+        if !verify_output.status.success() {
+            continue;
+        }
+        let Ok(sha) = String::from_utf8(verify_output.stdout) else {
+            // Mirror previous behavior and skip the entire branch on parse failure.
+            return None;
+        };
+        found_remote_sha = Some(GitSha::new(sha.trim()));
+        found_remote_ref = Some(remote_ref);
+        break;
+    }
+
+    // Compute distance as the number of commits HEAD is ahead of the branch.
+    // Prefer local branch name if it exists; otherwise fall back to the remote ref (if any).
+    let count_output = if let Some(local_count) =
+        run_git_command_with_timeout(&["rev-list", "--count", &format!("{branch}..HEAD")], cwd)
+            .await
+    {
+        if local_count.status.success() {
+            local_count
+        } else if let Some(remote_ref) = &found_remote_ref {
+            match run_git_command_with_timeout(
+                &["rev-list", "--count", &format!("{remote_ref}..HEAD")],
+                cwd,
+            )
+            .await
+            {
+                Some(remote_count) => remote_count,
+                None => return None,
+            }
+        } else {
+            return None;
+        }
+    } else if let Some(remote_ref) = &found_remote_ref {
+        match run_git_command_with_timeout(
+            &["rev-list", "--count", &format!("{remote_ref}..HEAD")],
+            cwd,
+        )
+        .await
+        {
+            Some(remote_count) => remote_count,
+            None => return None,
+        }
+    } else {
+        return None;
+    };
+
+    if !count_output.status.success() {
+        return None;
+    }
+    let Ok(distance_str) = String::from_utf8(count_output.stdout) else {
+        return None;
+    };
+    let Ok(distance) = distance_str.trim().parse::<usize>() else {
+        return None;
+    };
+
+    Some((found_remote_sha, distance))
+}
+
+// Finds the closest sha that exist on any of branches and also exists on any of the remotes.
+async fn find_closest_sha(cwd: &Path, branches: &[String], remotes: &[String]) -> Option<GitSha> {
+    // A sha and how many commits away from HEAD it is.
+    let mut closest_sha: Option<(GitSha, usize)> = None;
+    for branch in branches {
+        let Some((maybe_remote_sha, distance)) =
+            branch_remote_and_distance(cwd, branch, remotes).await
+        else {
+            continue;
+        };
+        let Some(remote_sha) = maybe_remote_sha else {
+            // Preserve existing behavior: skip branches that are not present on a remote.
+            continue;
+        };
+        match &closest_sha {
+            None => closest_sha = Some((remote_sha, distance)),
+            Some((_, best_distance)) if distance < *best_distance => {
+                closest_sha = Some((remote_sha, distance));
+            }
+            _ => {}
+        }
+    }
+    closest_sha.map(|(sha, _)| sha)
+}
+
+async fn diff_against_sha(cwd: &Path, sha: &GitSha) -> Option<String> {
+    let output = run_git_command_with_timeout(&["diff", &sha.0], cwd).await?;
+    // 0 is success and no diff.
+    // 1 is success but there is a diff.
+    let exit_ok = output.status.code().is_some_and(|c| c == 0 || c == 1);
+    if !exit_ok {
+        return None;
+    }
+    let mut diff = String::from_utf8(output.stdout).ok()?;
+
+    if let Some(untracked_output) =
+        run_git_command_with_timeout(&["ls-files", "--others", "--exclude-standard"], cwd).await
+        && untracked_output.status.success()
+    {
+        let untracked: Vec<String> = String::from_utf8(untracked_output.stdout)
+            .ok()?
+            .lines()
+            .map(|s| s.to_string())
+            .filter(|s| !s.is_empty())
+            .collect();
+
+        if !untracked.is_empty() {
+            let futures_iter = untracked.into_iter().map(|file| async move {
+                let file_owned = file;
+                let args_vec: Vec<&str> =
+                    vec!["diff", "--binary", "--no-index", "/dev/null", &file_owned];
+                run_git_command_with_timeout(&args_vec, cwd).await
+            });
+            let results = join_all(futures_iter).await;
+            for extra in results.into_iter().flatten() {
+                if extra.status.code().is_some_and(|c| c == 0 || c == 1)
+                    && let Ok(s) = String::from_utf8(extra.stdout)
+                {
+                    diff.push_str(&s);
+                }
+            }
+        }
+    }
+
+    Some(diff)
+}
+
 #[cfg(test)]
 mod tests {
     use super::*;
@@ -107,7 +435,8 @@ mod tests {
 
     // Helper function to create a test git repository
     async fn create_test_git_repo(temp_dir: &TempDir) -> PathBuf {
-        let repo_path = temp_dir.path().to_path_buf();
+        let repo_path = temp_dir.path().join("repo");
+        fs::create_dir(&repo_path).expect("Failed to create repo dir");
         let envs = vec![
             ("GIT_CONFIG_GLOBAL", "/dev/null"),
             ("GIT_CONFIG_NOSYSTEM", "1"),
@@ -162,6 +491,41 @@ mod tests {
         repo_path
     }
 
+    async fn create_test_git_repo_with_remote(temp_dir: &TempDir) -> (PathBuf, String) {
+        let repo_path = create_test_git_repo(temp_dir).await;
+        let remote_path = temp_dir.path().join("remote.git");
+
+        Command::new("git")
+            .args(["init", "--bare", remote_path.to_str().unwrap()])
+            .output()
+            .await
+            .expect("Failed to init bare remote");
+
+        Command::new("git")
+            .args(["remote", "add", "origin", remote_path.to_str().unwrap()])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to add remote");
+
+        let output = Command::new("git")
+            .args(["rev-parse", "--abbrev-ref", "HEAD"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to get branch");
+        let branch = String::from_utf8(output.stdout).unwrap().trim().to_string();
+
+        Command::new("git")
+            .args(["push", "-u", "origin", &branch])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to push initial commit");
+
+        (repo_path, branch)
+    }
+
     #[tokio::test]
     async fn test_collect_git_info_non_git_directory() {
         let temp_dir = TempDir::new().expect("Failed to create temp dir");
@@ -275,6 +639,136 @@ mod tests {
         assert_eq!(git_info.branch, Some("feature-branch".to_string()));
     }
 
+    #[tokio::test]
+    async fn test_get_git_working_tree_state_clean_repo() {
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let (repo_path, branch) = create_test_git_repo_with_remote(&temp_dir).await;
+
+        let remote_sha = Command::new("git")
+            .args(["rev-parse", &format!("origin/{branch}")])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to rev-parse remote");
+        let remote_sha = String::from_utf8(remote_sha.stdout)
+            .unwrap()
+            .trim()
+            .to_string();
+
+        let state = git_diff_to_remote(&repo_path)
+            .await
+            .expect("Should collect working tree state");
+        assert_eq!(state.sha, GitSha::new(&remote_sha));
+        assert!(state.diff.is_empty());
+    }
+
+    #[tokio::test]
+    async fn test_get_git_working_tree_state_with_changes() {
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let (repo_path, branch) = create_test_git_repo_with_remote(&temp_dir).await;
+
+        let tracked = repo_path.join("test.txt");
+        fs::write(&tracked, "modified").unwrap();
+        fs::write(repo_path.join("untracked.txt"), "new").unwrap();
+
+        let remote_sha = Command::new("git")
+            .args(["rev-parse", &format!("origin/{branch}")])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to rev-parse remote");
+        let remote_sha = String::from_utf8(remote_sha.stdout)
+            .unwrap()
+            .trim()
+            .to_string();
+
+        let state = git_diff_to_remote(&repo_path)
+            .await
+            .expect("Should collect working tree state");
+        assert_eq!(state.sha, GitSha::new(&remote_sha));
+        assert!(state.diff.contains("test.txt"));
+        assert!(state.diff.contains("untracked.txt"));
+    }
+
+    #[tokio::test]
+    async fn test_get_git_working_tree_state_branch_fallback() {
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let (repo_path, _branch) = create_test_git_repo_with_remote(&temp_dir).await;
+
+        Command::new("git")
+            .args(["checkout", "-b", "feature"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to create feature branch");
+        Command::new("git")
+            .args(["push", "-u", "origin", "feature"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to push feature branch");
+
+        Command::new("git")
+            .args(["checkout", "-b", "local-branch"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to create local branch");
+
+        let remote_sha = Command::new("git")
+            .args(["rev-parse", "origin/feature"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to rev-parse remote");
+        let remote_sha = String::from_utf8(remote_sha.stdout)
+            .unwrap()
+            .trim()
+            .to_string();
+
+        let state = git_diff_to_remote(&repo_path)
+            .await
+            .expect("Should collect working tree state");
+        assert_eq!(state.sha, GitSha::new(&remote_sha));
+    }
+
+    #[tokio::test]
+    async fn test_get_git_working_tree_state_unpushed_commit() {
+        let temp_dir = TempDir::new().expect("Failed to create temp dir");
+        let (repo_path, branch) = create_test_git_repo_with_remote(&temp_dir).await;
+
+        let remote_sha = Command::new("git")
+            .args(["rev-parse", &format!("origin/{branch}")])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to rev-parse remote");
+        let remote_sha = String::from_utf8(remote_sha.stdout)
+            .unwrap()
+            .trim()
+            .to_string();
+
+        fs::write(repo_path.join("test.txt"), "updated").unwrap();
+        Command::new("git")
+            .args(["add", "test.txt"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to add file");
+        Command::new("git")
+            .args(["commit", "-m", "local change"])
+            .current_dir(&repo_path)
+            .output()
+            .await
+            .expect("Failed to commit");
+
+        let state = git_diff_to_remote(&repo_path)
+            .await
+            .expect("Should collect working tree state");
+        assert_eq!(state.sha, GitSha::new(&remote_sha));
+        assert!(state.diff.contains("updated"));
+    }
+
     #[test]
     fn test_git_info_serialization() {
         let git_info = GitInfo {

codex-rs/core/src/is_safe_command.rs

@@ -12,20 +12,17 @@ pub fn is_known_safe_command(command: &[String]) -> bool {
     // introduce side effects ( "&&", "||", ";", and "|" ). If every
     // individual command in the script is itself a known‑safe command, then
     // the composite expression is considered safe.
-    if let [bash, flag, script] = command {
-        if bash == "bash" && flag == "-lc" {
-            if let Some(tree) = try_parse_bash(script) {
-                if let Some(all_commands) = try_parse_word_only_commands_sequence(&tree, script) {
-                    if !all_commands.is_empty()
-                        && all_commands
-                            .iter()
-                            .all(|cmd| is_safe_to_call_with_exec(cmd))
-                    {
-                        return true;
-                    }
-                }
-            }
-        }
+    if let [bash, flag, script] = command
+        && bash == "bash"
+        && flag == "-lc"
+        && let Some(tree) = try_parse_bash(script)
+        && let Some(all_commands) = try_parse_word_only_commands_sequence(&tree, script)
+        && !all_commands.is_empty()
+        && all_commands
+            .iter()
+            .all(|cmd| is_safe_to_call_with_exec(cmd))
+    {
+        return true;
     }
 
     false

codex-rs/core/src/lib.rs

@@ -44,15 +44,21 @@ mod openai_model_info;
 mod openai_tools;
 pub mod plan_tool;
 mod project_doc;
-pub mod protocol;
 mod rollout;
 pub(crate) mod safety;
 pub mod seatbelt;
 pub mod shell;
 pub mod spawn;
+pub mod terminal;
 pub mod turn_diff_tracker;
 pub mod user_agent;
 mod user_notification;
 pub mod util;
 pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
 pub use safety::get_platform_sandbox;
+// Re-export the protocol types from the standalone `codex-protocol` crate so existing
+// `codex_core::protocol::...` references continue to work across the workspace.
+pub use codex_protocol::protocol;
+// Re-export protocol config enums to ensure call sites can use the same types
+// as those in the protocol crate when constructing protocol messages.
+pub use codex_protocol::config_types as protocol_config_types;

codex-rs/core/src/message_history.rs

@@ -34,6 +34,8 @@ use crate::config_types::HistoryPersistence;
 use std::os::unix::fs::OpenOptionsExt;
 #[cfg(unix)]
 use std::os::unix::fs::PermissionsExt;
+#[cfg(unix)]
+use std::os::unix::io::AsRawFd;
 
 /// Filename that stores the message history inside `~/.codex`.
 const HISTORY_FILENAME: &str = "history.jsonl";
@@ -125,11 +127,12 @@ pub(crate) async fn append_entry(text: &str, session_id: &Uuid, config: &Config)
 /// times if the lock is currently held by another process. This prevents a
 /// potential indefinite wait while still giving other writers some time to
 /// finish their operation.
-async fn acquire_exclusive_lock_with_retry(file: &std::fs::File) -> Result<()> {
+#[cfg(unix)]
+async fn acquire_exclusive_lock_with_retry(file: &File) -> Result<()> {
     use tokio::time::sleep;
 
     for _ in 0..MAX_RETRIES {
-        match fs2::FileExt::try_lock_exclusive(file) {
+        match try_flock_exclusive(file) {
             Ok(()) => return Ok(()),
             Err(e) if e.kind() == std::io::ErrorKind::WouldBlock => {
                 sleep(RETRY_SLEEP).await;
@@ -144,6 +147,12 @@ async fn acquire_exclusive_lock_with_retry(file: &std::fs::File) -> Result<()> {
     ))
 }
 
+#[cfg(not(unix))]
+async fn acquire_exclusive_lock_with_retry(_file: &File) -> Result<()> {
+    // On non-Unix, skip locking; appends are still atomic with O_APPEND.
+    Ok(())
+}
+
 /// Asynchronously fetch the history file's *identifier* (inode on Unix) and
 /// the current number of entries by counting newline characters.
 pub(crate) async fn history_metadata(config: &Config) -> (u64, usize) {
@@ -259,7 +268,7 @@ pub(crate) fn lookup(log_id: u64, offset: usize, config: &Config) -> Option<Hist
 #[cfg(unix)]
 fn acquire_shared_lock_with_retry(file: &File) -> Result<()> {
     for _ in 0..MAX_RETRIES {
-        match fs2::FileExt::try_lock_shared(file) {
+        match try_flock_shared(file) {
             Ok(()) => return Ok(()),
             Err(e) if e.kind() == std::io::ErrorKind::WouldBlock => {
                 std::thread::sleep(RETRY_SLEEP);
@@ -274,6 +283,45 @@ fn acquire_shared_lock_with_retry(file: &File) -> Result<()> {
     ))
 }
 
+#[cfg(not(unix))]
+fn acquire_shared_lock_with_retry(_file: &File) -> Result<()> {
+    Ok(())
+}
+
+#[cfg(unix)]
+fn try_flock_exclusive(file: &File) -> Result<()> {
+    let fd = file.as_raw_fd();
+    let rc = unsafe { libc::flock(fd, libc::LOCK_EX | libc::LOCK_NB) };
+    if rc == 0 {
+        Ok(())
+    } else {
+        let err = std::io::Error::last_os_error();
+        match err.raw_os_error() {
+            Some(code) if code == libc::EWOULDBLOCK || code == libc::EAGAIN => Err(
+                std::io::Error::new(std::io::ErrorKind::WouldBlock, "lock would block"),
+            ),
+            _ => Err(err),
+        }
+    }
+}
+
+#[cfg(unix)]
+fn try_flock_shared(file: &File) -> Result<()> {
+    let fd = file.as_raw_fd();
+    let rc = unsafe { libc::flock(fd, libc::LOCK_SH | libc::LOCK_NB) };
+    if rc == 0 {
+        Ok(())
+    } else {
+        let err = std::io::Error::last_os_error();
+        match err.raw_os_error() {
+            Some(code) if code == libc::EWOULDBLOCK || code == libc::EAGAIN => Err(
+                std::io::Error::new(std::io::ErrorKind::WouldBlock, "lock would block"),
+            ),
+            _ => Err(err),
+        }
+    }
+}
+
 /// On Unix systems ensure the file permissions are `0o600` (rw-------). If the
 /// permissions cannot be changed the error is propagated to the caller.
 #[cfg(unix)]

codex-rs/core/src/model_family.rs

@@ -23,6 +23,10 @@ pub struct ModelFamily {
     // the model such that its description can be omitted.
     // See https://platform.openai.com/docs/guides/tools-local-shell
     pub uses_local_shell_tool: bool,
+
+    /// True if the model performs better when `apply_patch` is provided as
+    /// a tool call instead of just a bash command.
+    pub uses_apply_patch_tool: bool,
 }
 
 macro_rules! model_family {
@@ -36,6 +40,7 @@ macro_rules! model_family {
             needs_special_apply_patch_instructions: false,
             supports_reasoning_summaries: false,
             uses_local_shell_tool: false,
+            uses_apply_patch_tool: false,
         };
         // apply overrides
         $(
@@ -55,6 +60,7 @@ macro_rules! simple_model_family {
             needs_special_apply_patch_instructions: false,
             supports_reasoning_summaries: false,
             uses_local_shell_tool: false,
+            uses_apply_patch_tool: false,
         })
     }};
 }
@@ -88,10 +94,10 @@ pub fn find_family_for_model(slug: &str) -> Option<ModelFamily> {
             slug, "gpt-4.1",
             needs_special_apply_patch_instructions: true,
         )
+    } else if slug.starts_with("gpt-oss") {
+        model_family!(slug, "gpt-oss", uses_apply_patch_tool: true)
     } else if slug.starts_with("gpt-4o") {
         simple_model_family!(slug, "gpt-4o")
-    } else if slug.starts_with("gpt-oss") {
-        simple_model_family!(slug, "gpt-oss")
     } else if slug.starts_with("gpt-3.5") {
         simple_model_family!(slug, "gpt-3.5")
     } else if slug.starts_with("gpt-5") {

codex-rs/core/src/model_provider_info.rs

@@ -167,10 +167,10 @@ impl ModelProviderInfo {
 
         if let Some(env_headers) = &self.env_http_headers {
             for (header, env_var) in env_headers {
-                if let Ok(val) = std::env::var(env_var) {
-                    if !val.trim().is_empty() {
-                        builder = builder.header(header, val);
-                    }
+                if let Ok(val) = std::env::var(env_var)
+                    && !val.trim().is_empty()
+                {
+                    builder = builder.header(header, val);
                 }
             }
         }

codex-rs/core/src/models.rs

@@ -183,6 +183,7 @@ impl From<Vec<InputItem>> for ResponseInputItem {
                             None
                         }
                     },
+                    _ => None,
                 })
                 .collect::<Vec<ContentItem>>(),
         }

codex-rs/core/src/openai_tools.rs

@@ -43,6 +43,7 @@ pub enum ConfigShellToolType {
 pub struct ToolsConfig {
     pub shell_type: ConfigShellToolType,
     pub plan_tool: bool,
+    pub apply_patch_tool: bool,
 }
 
 impl ToolsConfig {
@@ -51,6 +52,7 @@ impl ToolsConfig {
         approval_policy: AskForApproval,
         sandbox_policy: SandboxPolicy,
         include_plan_tool: bool,
+        include_apply_patch_tool: bool,
     ) -> Self {
         let mut shell_type = if model_family.uses_local_shell_tool {
             ConfigShellToolType::LocalShell
@@ -66,6 +68,7 @@ impl ToolsConfig {
         Self {
             shell_type,
             plan_tool: include_plan_tool,
+            apply_patch_tool: include_apply_patch_tool || model_family.uses_apply_patch_tool,
         }
     }
 }
@@ -235,6 +238,87 @@ The shell tool is used to execute shell commands.
     })
 }
 
+#[derive(Serialize, Deserialize)]
+pub(crate) struct ApplyPatchToolArgs {
+    pub(crate) input: String,
+}
+
+fn create_apply_patch_tool() -> OpenAiTool {
+    // Minimal schema: one required string argument containing the patch body
+    let mut properties = BTreeMap::new();
+    properties.insert(
+        "input".to_string(),
+        JsonSchema::String {
+            description: Some(r#"The entire contents of the apply_patch command"#.to_string()),
+        },
+    );
+
+    OpenAiTool::Function(ResponsesApiTool {
+        name: "apply_patch".to_string(),
+        description: r#"Use this tool to edit files.
+Your patch language is a stripped‑down, file‑oriented diff format designed to be easy to parse and safe to apply. You can think of it as a high‑level envelope:
+
+**_ Begin Patch
+[ one or more file sections ]
+_** End Patch
+
+Within that envelope, you get a sequence of file operations.
+You MUST include a header to specify the action you are taking.
+Each operation starts with one of three headers:
+
+**_ Add File: <path> - create a new file. Every following line is a + line (the initial contents).
+_** Delete File: <path> - remove an existing file. Nothing follows.
+\*\*\* Update File: <path> - patch an existing file in place (optionally with a rename).
+
+May be immediately followed by \*\*\* Move to: <new path> if you want to rename the file.
+Then one or more “hunks”, each introduced by @@ (optionally followed by a hunk header).
+Within a hunk each line starts with:
+
+- for inserted text,
+
+* for removed text, or
+  space ( ) for context.
+  At the end of a truncated hunk you can emit \*\*\* End of File.
+
+Patch := Begin { FileOp } End
+Begin := "**_ Begin Patch" NEWLINE
+End := "_** End Patch" NEWLINE
+FileOp := AddFile | DeleteFile | UpdateFile
+AddFile := "**_ Add File: " path NEWLINE { "+" line NEWLINE }
+DeleteFile := "_** Delete File: " path NEWLINE
+UpdateFile := "**_ Update File: " path NEWLINE [ MoveTo ] { Hunk }
+MoveTo := "_** Move to: " newPath NEWLINE
+Hunk := "@@" [ header ] NEWLINE { HunkLine } [ "*** End of File" NEWLINE ]
+HunkLine := (" " | "-" | "+") text NEWLINE
+
+A full patch can combine several operations:
+
+**_ Begin Patch
+_** Add File: hello.txt
++Hello world
+**_ Update File: src/app.py
+_** Move to: src/main.py
+@@ def greet():
+-print("Hi")
++print("Hello, world!")
+**_ Delete File: obsolete.txt
+_** End Patch
+
+It is important to remember:
+
+- You must include a header with your intended action (Add/Delete/Update)
+- You must prefix new lines with `+` even when creating a new file
+"#
+        .to_string(),
+        strict: false,
+        parameters: JsonSchema::Object {
+            properties,
+            required: Some(vec!["input".to_string()]),
+            additional_properties: Some(false),
+        },
+    })
+}
+
 /// Returns JSON values that are compatible with Function Calling in the
 /// Responses API:
 /// https://platform.openai.com/docs/guides/function-calling?api-mode=responses
@@ -336,11 +420,11 @@ fn sanitize_json_schema(value: &mut JsonValue) {
         }
         JsonValue::Object(map) => {
             // First, recursively sanitize known nested schema holders
-            if let Some(props) = map.get_mut("properties") {
-                if let Some(props_map) = props.as_object_mut() {
-                    for (_k, v) in props_map.iter_mut() {
-                        sanitize_json_schema(v);
-                    }
+            if let Some(props) = map.get_mut("properties")
+                && let Some(props_map) = props.as_object_mut()
+            {
+                for (_k, v) in props_map.iter_mut() {
+                    sanitize_json_schema(v);
                 }
             }
             if let Some(items) = map.get_mut("items") {
@@ -360,18 +444,18 @@ fn sanitize_json_schema(value: &mut JsonValue) {
                 .map(|s| s.to_string());
 
             // If type is an array (union), pick first supported; else leave to inference
-            if ty.is_none() {
-                if let Some(JsonValue::Array(types)) = map.get("type") {
-                    for t in types {
-                        if let Some(tt) = t.as_str() {
-                            if matches!(
-                                tt,
-                                "object" | "array" | "string" | "number" | "integer" | "boolean"
-                            ) {
-                                ty = Some(tt.to_string());
-                                break;
-                            }
-                        }
+            if ty.is_none()
+                && let Some(JsonValue::Array(types)) = map.get("type")
+            {
+                for t in types {
+                    if let Some(tt) = t.as_str()
+                        && matches!(
+                            tt,
+                            "object" | "array" | "string" | "number" | "integer" | "boolean"
+                        )
+                    {
+                        ty = Some(tt.to_string());
+                        break;
                     }
                 }
             }
@@ -455,6 +539,10 @@ pub(crate) fn get_openai_tools(
         tools.push(PLAN_TOOL.clone());
     }
 
+    if config.apply_patch_tool {
+        tools.push(create_apply_patch_tool());
+    }
+
     if let Some(mcp_tools) = mcp_tools {
         for (name, tool) in mcp_tools {
             match mcp_tool_to_openai_tool(name.clone(), tool.clone()) {
@@ -508,6 +596,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             true,
+            model_family.uses_apply_patch_tool,
         );
         let tools = get_openai_tools(&config, Some(HashMap::new()));
 
@@ -522,6 +611,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             true,
+            model_family.uses_apply_patch_tool,
         );
         let tools = get_openai_tools(&config, Some(HashMap::new()));
 
@@ -536,6 +626,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             false,
+            model_family.uses_apply_patch_tool,
         );
         let tools = get_openai_tools(
             &config,
@@ -629,6 +720,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             false,
+            model_family.uses_apply_patch_tool,
         );
 
         let tools = get_openai_tools(
@@ -684,6 +776,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             false,
+            model_family.uses_apply_patch_tool,
         );
 
         let tools = get_openai_tools(
@@ -734,6 +827,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             false,
+            model_family.uses_apply_patch_tool,
         );
 
         let tools = get_openai_tools(
@@ -787,6 +881,7 @@ mod tests {
             AskForApproval::Never,
             SandboxPolicy::ReadOnly,
             false,
+            model_family.uses_apply_patch_tool,
         );
 
         let tools = get_openai_tools(

codex-rs/core/src/parse_command.rs

@@ -41,6 +41,24 @@ pub enum ParsedCommand {
     },
 }
 
+// Convert core's parsed command enum into the protocol's simplified type so
+// events can carry the canonical representation across process boundaries.
+impl From<ParsedCommand> for codex_protocol::parse_command::ParsedCommand {
+    fn from(v: ParsedCommand) -> Self {
+        use codex_protocol::parse_command::ParsedCommand as P;
+        match v {
+            ParsedCommand::Read { cmd, name } => P::Read { cmd, name },
+            ParsedCommand::ListFiles { cmd, path } => P::ListFiles { cmd, path },
+            ParsedCommand::Search { cmd, query, path } => P::Search { cmd, query, path },
+            ParsedCommand::Format { cmd, tool, targets } => P::Format { cmd, tool, targets },
+            ParsedCommand::Test { cmd } => P::Test { cmd },
+            ParsedCommand::Lint { cmd, tool, targets } => P::Lint { cmd, tool, targets },
+            ParsedCommand::Noop { cmd } => P::Noop { cmd },
+            ParsedCommand::Unknown { cmd } => P::Unknown { cmd },
+        }
+    }
+}
+
 fn shlex_join(tokens: &[String]) -> String {
     shlex_try_join(tokens.iter().map(|s| s.as_str()))
         .unwrap_or_else(|_| "<command included NUL byte>".to_string())
@@ -1178,10 +1196,10 @@ fn simplify_once(commands: &[ParsedCommand]) -> Option<Vec<ParsedCommand>> {
     }
 
     // echo ... && ...rest => ...rest
-    if let ParsedCommand::Unknown { cmd } = &commands[0] {
-        if shlex_split(cmd).is_some_and(|t| t.first().map(|s| s.as_str()) == Some("echo")) {
-            return Some(commands[1..].to_vec());
-        }
+    if let ParsedCommand::Unknown { cmd } = &commands[0]
+        && shlex_split(cmd).is_some_and(|t| t.first().map(|s| s.as_str()) == Some("echo"))
+    {
+        return Some(commands[1..].to_vec());
     }
 
     // cd foo && [any Test command] => [any Test command]
@@ -1190,17 +1208,15 @@ fn simplify_once(commands: &[ParsedCommand]) -> Option<Vec<ParsedCommand>> {
             shlex_split(cmd).is_some_and(|t| t.first().map(|s| s.as_str()) == Some("cd"))
         }
         _ => false,
-    }) {
-        if commands
-            .iter()
-            .skip(idx + 1)
-            .any(|pc| matches!(pc, ParsedCommand::Test { .. }))
-        {
-            let mut out = Vec::with_capacity(commands.len() - 1);
-            out.extend_from_slice(&commands[..idx]);
-            out.extend_from_slice(&commands[idx + 1..]);
-            return Some(out);
-        }
+    }) && commands
+        .iter()
+        .skip(idx + 1)
+        .any(|pc| matches!(pc, ParsedCommand::Test { .. }))
+    {
+        let mut out = Vec::with_capacity(commands.len() - 1);
+        out.extend_from_slice(&commands[..idx]);
+        out.extend_from_slice(&commands[idx + 1..]);
+        return Some(out);
     }
 
     // cmd || true => cmd
@@ -1546,127 +1562,124 @@ fn parse_bash_lc_commands(original: &[String]) -> Option<Vec<ParsedCommand>> {
     if bash != "bash" || flag != "-lc" {
         return None;
     }
-    if let Some(tree) = try_parse_bash(script) {
-        if let Some(all_commands) = try_parse_word_only_commands_sequence(&tree, script) {
-            if !all_commands.is_empty() {
-                let script_tokens = shlex_split(script)
-                    .unwrap_or_else(|| vec!["bash".to_string(), flag.clone(), script.clone()]);
-                // Strip small formatting helpers (e.g., head/tail/awk/wc/etc) so we
-                // bias toward the primary command when pipelines are present.
-                // First, drop obvious small formatting helpers (e.g., wc/awk/etc).
-                let had_multiple_commands = all_commands.len() > 1;
-                // The bash AST walker yields commands in right-to-left order for
-                // connector/pipeline sequences. Reverse to reflect actual execution order.
-                let mut filtered_commands = drop_small_formatting_commands(all_commands);
-                filtered_commands.reverse();
-                if filtered_commands.is_empty() {
-                    return Some(vec![ParsedCommand::Unknown {
-                        cmd: script.clone(),
-                    }]);
-                }
-                let mut commands: Vec<ParsedCommand> = filtered_commands
-                    .into_iter()
-                    .map(|tokens| summarize_main_tokens(&tokens))
-                    .collect();
-                if commands.len() > 1 {
-                    commands.retain(|pc| !matches!(pc, ParsedCommand::Noop { .. }));
-                }
-                if commands.len() == 1 {
-                    // If we reduced to a single command, attribute the full original script
-                    // for clearer UX in file-reading and listing scenarios, or when there were
-                    // no connectors in the original script. For search commands that came from
-                    // a pipeline (e.g. `rg --files | sed -n`), keep only the primary command.
-                    let had_connectors = had_multiple_commands
-                        || script_tokens
-                            .iter()
-                            .any(|t| t == "|" || t == "&&" || t == "||" || t == ";");
-                    commands = commands
-                        .into_iter()
-                        .map(|pc| match pc {
-                            ParsedCommand::Read { name, cmd, .. } => {
-                                if had_connectors {
-                                    let has_pipe = script_tokens.iter().any(|t| t == "|");
-                                    let has_sed_n = script_tokens.windows(2).any(|w| {
-                                        w.first().map(|s| s.as_str()) == Some("sed")
-                                            && w.get(1).map(|s| s.as_str()) == Some("-n")
-                                    });
-                                    if has_pipe && has_sed_n {
-                                        ParsedCommand::Read {
-                                            cmd: script.clone(),
-                                            name,
-                                        }
-                                    } else {
-                                        ParsedCommand::Read {
-                                            cmd: cmd.clone(),
-                                            name,
-                                        }
-                                    }
-                                } else {
-                                    ParsedCommand::Read {
-                                        cmd: shlex_join(&script_tokens),
-                                        name,
-                                    }
-                                }
-                            }
-                            ParsedCommand::ListFiles { path, cmd, .. } => {
-                                if had_connectors {
-                                    ParsedCommand::ListFiles {
-                                        cmd: cmd.clone(),
-                                        path,
-                                    }
-                                } else {
-                                    ParsedCommand::ListFiles {
-                                        cmd: shlex_join(&script_tokens),
-                                        path,
-                                    }
-                                }
-                            }
-                            ParsedCommand::Search {
-                                query, path, cmd, ..
-                            } => {
-                                if had_connectors {
-                                    ParsedCommand::Search {
-                                        cmd: cmd.clone(),
-                                        query,
-                                        path,
-                                    }
-                                } else {
-                                    ParsedCommand::Search {
-                                        cmd: shlex_join(&script_tokens),
-                                        query,
-                                        path,
-                                    }
-                                }
-                            }
-                            ParsedCommand::Format {
-                                tool, targets, cmd, ..
-                            } => ParsedCommand::Format {
-                                cmd: cmd.clone(),
-                                tool,
-                                targets,
-                            },
-                            ParsedCommand::Test { cmd, .. } => {
-                                ParsedCommand::Test { cmd: cmd.clone() }
-                            }
-                            ParsedCommand::Lint {
-                                tool, targets, cmd, ..
-                            } => ParsedCommand::Lint {
-                                cmd: cmd.clone(),
-                                tool,
-                                targets,
-                            },
-                            ParsedCommand::Unknown { .. } => ParsedCommand::Unknown {
-                                cmd: script.clone(),
-                            },
-                            ParsedCommand::Noop { .. } => ParsedCommand::Noop {
-                                cmd: script.clone(),
-                            },
-                        })
-                        .collect();
-                }
-                return Some(commands);
-            }
+    if let Some(tree) = try_parse_bash(script)
+        && let Some(all_commands) = try_parse_word_only_commands_sequence(&tree, script)
+        && !all_commands.is_empty()
+    {
+        let script_tokens = shlex_split(script)
+            .unwrap_or_else(|| vec!["bash".to_string(), flag.clone(), script.clone()]);
+        // Strip small formatting helpers (e.g., head/tail/awk/wc/etc) so we
+        // bias toward the primary command when pipelines are present.
+        // First, drop obvious small formatting helpers (e.g., wc/awk/etc).
+        let had_multiple_commands = all_commands.len() > 1;
+        // The bash AST walker yields commands in right-to-left order for
+        // connector/pipeline sequences. Reverse to reflect actual execution order.
+        let mut filtered_commands = drop_small_formatting_commands(all_commands);
+        filtered_commands.reverse();
+        if filtered_commands.is_empty() {
+            return Some(vec![ParsedCommand::Unknown {
+                cmd: script.clone(),
+            }]);
         }
+        let mut commands: Vec<ParsedCommand> = filtered_commands
+            .into_iter()
+            .map(|tokens| summarize_main_tokens(&tokens))
+            .collect();
+        if commands.len() > 1 {
+            commands.retain(|pc| !matches!(pc, ParsedCommand::Noop { .. }));
+        }
+        if commands.len() == 1 {
+            // If we reduced to a single command, attribute the full original script
+            // for clearer UX in file-reading and listing scenarios, or when there were
+            // no connectors in the original script. For search commands that came from
+            // a pipeline (e.g. `rg --files | sed -n`), keep only the primary command.
+            let had_connectors = had_multiple_commands
+                || script_tokens
+                    .iter()
+                    .any(|t| t == "|" || t == "&&" || t == "||" || t == ";");
+            commands = commands
+                .into_iter()
+                .map(|pc| match pc {
+                    ParsedCommand::Read { name, cmd, .. } => {
+                        if had_connectors {
+                            let has_pipe = script_tokens.iter().any(|t| t == "|");
+                            let has_sed_n = script_tokens.windows(2).any(|w| {
+                                w.first().map(|s| s.as_str()) == Some("sed")
+                                    && w.get(1).map(|s| s.as_str()) == Some("-n")
+                            });
+                            if has_pipe && has_sed_n {
+                                ParsedCommand::Read {
+                                    cmd: script.clone(),
+                                    name,
+                                }
+                            } else {
+                                ParsedCommand::Read {
+                                    cmd: cmd.clone(),
+                                    name,
+                                }
+                            }
+                        } else {
+                            ParsedCommand::Read {
+                                cmd: shlex_join(&script_tokens),
+                                name,
+                            }
+                        }
+                    }
+                    ParsedCommand::ListFiles { path, cmd, .. } => {
+                        if had_connectors {
+                            ParsedCommand::ListFiles {
+                                cmd: cmd.clone(),
+                                path,
+                            }
+                        } else {
+                            ParsedCommand::ListFiles {
+                                cmd: shlex_join(&script_tokens),
+                                path,
+                            }
+                        }
+                    }
+                    ParsedCommand::Search {
+                        query, path, cmd, ..
+                    } => {
+                        if had_connectors {
+                            ParsedCommand::Search {
+                                cmd: cmd.clone(),
+                                query,
+                                path,
+                            }
+                        } else {
+                            ParsedCommand::Search {
+                                cmd: shlex_join(&script_tokens),
+                                query,
+                                path,
+                            }
+                        }
+                    }
+                    ParsedCommand::Format {
+                        tool, targets, cmd, ..
+                    } => ParsedCommand::Format {
+                        cmd: cmd.clone(),
+                        tool,
+                        targets,
+                    },
+                    ParsedCommand::Test { cmd, .. } => ParsedCommand::Test { cmd: cmd.clone() },
+                    ParsedCommand::Lint {
+                        tool, targets, cmd, ..
+                    } => ParsedCommand::Lint {
+                        cmd: cmd.clone(),
+                        tool,
+                        targets,
+                    },
+                    ParsedCommand::Unknown { .. } => ParsedCommand::Unknown {
+                        cmd: script.clone(),
+                    },
+                    ParsedCommand::Noop { .. } => ParsedCommand::Noop {
+                        cmd: script.clone(),
+                    },
+                })
+                .collect();
+        }
+        return Some(commands);
     }
     Some(vec![ParsedCommand::Unknown {
         cmd: script.clone(),

codex-rs/core/src/plan_tool.rs

@@ -1,9 +1,6 @@
 use std::collections::BTreeMap;
 use std::sync::LazyLock;
 
-use serde::Deserialize;
-use serde::Serialize;
-
 use crate::codex::Session;
 use crate::models::FunctionCallOutputPayload;
 use crate::models::ResponseInputItem;
@@ -13,29 +10,13 @@ use crate::openai_tools::ResponsesApiTool;
 use crate::protocol::Event;
 use crate::protocol::EventMsg;
 
+// Use the canonical plan tool types from the protocol crate to ensure
+// type-identity matches events transported via `codex_protocol`.
+pub use codex_protocol::plan_tool::PlanItemArg;
+pub use codex_protocol::plan_tool::StepStatus;
+pub use codex_protocol::plan_tool::UpdatePlanArgs;
+
 // Types for the TODO tool arguments matching codex-vscode/todo-mcp/src/main.rs
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(rename_all = "snake_case")]
-pub enum StepStatus {
-    Pending,
-    InProgress,
-    Completed,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(deny_unknown_fields)]
-pub struct PlanItemArg {
-    pub step: String,
-    pub status: StepStatus,
-}
-
-#[derive(Debug, Clone, Serialize, Deserialize)]
-#[serde(deny_unknown_fields)]
-pub struct UpdatePlanArgs {
-    #[serde(default)]
-    pub explanation: Option<String>,
-    pub plan: Vec<PlanItemArg>,
-}
 
 pub(crate) static PLAN_TOOL: LazyLock<OpenAiTool> = LazyLock::new(|| {
     let mut plan_item_props = BTreeMap::new();

codex-rs/core/src/safety.rs

@@ -21,7 +21,7 @@ pub enum SafetyCheck {
 pub fn assess_patch_safety(
     action: &ApplyPatchAction,
     policy: AskForApproval,
-    writable_roots: &[PathBuf],
+    sandbox_policy: &SandboxPolicy,
     cwd: &Path,
 ) -> SafetyCheck {
     if action.is_empty() {
@@ -45,7 +45,7 @@ pub fn assess_patch_safety(
     // is possible that paths in the patch are hard links to files outside the
     // writable roots, so we should still run `apply_patch` in a sandbox in that
     // case.
-    if is_write_patch_constrained_to_writable_paths(action, writable_roots, cwd)
+    if is_write_patch_constrained_to_writable_paths(action, sandbox_policy, cwd)
         || policy == AskForApproval::OnFailure
     {
         // Only auto‑approve when we can actually enforce a sandbox. Otherwise
@@ -171,13 +171,19 @@ pub fn get_platform_sandbox() -> Option<SandboxType> {
 
 fn is_write_patch_constrained_to_writable_paths(
     action: &ApplyPatchAction,
-    writable_roots: &[PathBuf],
+    sandbox_policy: &SandboxPolicy,
     cwd: &Path,
 ) -> bool {
     // Early‑exit if there are no declared writable roots.
-    if writable_roots.is_empty() {
-        return false;
-    }
+    let writable_roots = match sandbox_policy {
+        SandboxPolicy::ReadOnly => {
+            return false;
+        }
+        SandboxPolicy::DangerFullAccess => {
+            return true;
+        }
+        SandboxPolicy::WorkspaceWrite { .. } => sandbox_policy.get_writable_roots_with_cwd(cwd),
+    };
 
     // Normalize a path by removing `.` and resolving `..` without touching the
     // filesystem (works even if the file does not exist).
@@ -209,15 +215,9 @@ fn is_write_patch_constrained_to_writable_paths(
             None => return false,
         };
 
-        writable_roots.iter().any(|root| {
-            let root_abs = if root.is_absolute() {
-                root.clone()
-            } else {
-                normalize(&cwd.join(root)).unwrap_or_else(|| cwd.join(root))
-            };
-
-            abs.starts_with(&root_abs)
-        })
+        writable_roots
+            .iter()
+            .any(|writable_root| writable_root.is_path_writable(&abs))
     };
 
     for (path, change) in action.changes() {
@@ -231,10 +231,10 @@ fn is_write_patch_constrained_to_writable_paths(
                 if !is_path_writable(path) {
                     return false;
                 }
-                if let Some(dest) = move_path {
-                    if !is_path_writable(dest) {
-                        return false;
-                    }
+                if let Some(dest) = move_path
+                    && !is_path_writable(dest)
+                {
+                    return false;
                 }
             }
         }
@@ -246,38 +246,56 @@ fn is_write_patch_constrained_to_writable_paths(
 #[cfg(test)]
 mod tests {
     use super::*;
+    use tempfile::TempDir;
 
     #[test]
     fn test_writable_roots_constraint() {
-        let cwd = std::env::current_dir().unwrap();
+        // Use a temporary directory as our workspace to avoid touching
+        // the real current working directory.
+        let tmp = TempDir::new().unwrap();
+        let cwd = tmp.path().to_path_buf();
         let parent = cwd.parent().unwrap().to_path_buf();
 
-        // Helper to build a single‑entry map representing a patch that adds a
-        // file at `p`.
+        // Helper to build a single‑entry patch that adds a file at `p`.
         let make_add_change = |p: PathBuf| ApplyPatchAction::new_add_for_test(&p, "".to_string());
 
         let add_inside = make_add_change(cwd.join("inner.txt"));
         let add_outside = make_add_change(parent.join("outside.txt"));
 
+        // Policy limited to the workspace only; exclude system temp roots so
+        // only `cwd` is writable by default.
+        let policy_workspace_only = SandboxPolicy::WorkspaceWrite {
+            writable_roots: vec![],
+            network_access: false,
+            exclude_tmpdir_env_var: true,
+            exclude_slash_tmp: true,
+        };
+
         assert!(is_write_patch_constrained_to_writable_paths(
             &add_inside,
-            &[PathBuf::from(".")],
+            &policy_workspace_only,
             &cwd,
         ));
 
-        let add_outside_2 = make_add_change(parent.join("outside.txt"));
         assert!(!is_write_patch_constrained_to_writable_paths(
-            &add_outside_2,
-            &[PathBuf::from(".")],
+            &add_outside,
+            &policy_workspace_only,
             &cwd,
         ));
 
-        // With parent dir added as writable root, it should pass.
+        // With the parent dir explicitly added as a writable root, the
+        // outside write should be permitted.
+        let policy_with_parent = SandboxPolicy::WorkspaceWrite {
+            writable_roots: vec![parent.clone()],
+            network_access: false,
+            exclude_tmpdir_env_var: true,
+            exclude_slash_tmp: true,
+        };
         assert!(is_write_patch_constrained_to_writable_paths(
             &add_outside,
-            &[PathBuf::from("..")],
+            &policy_with_parent,
             &cwd,
-        ))
+        ));
     }
 
     #[test]

codex-rs/core/src/shell.rs

@@ -70,13 +70,13 @@ pub async fn default_user_shell() -> Shell {
             }
             let stdout = String::from_utf8_lossy(&o.stdout);
             for line in stdout.lines() {
-                if let Some(shell_path) = line.strip_prefix("UserShell: ") {
-                    if shell_path.ends_with("/zsh") {
-                        return Shell::Zsh(ZshShell {
-                            shell_path: shell_path.to_string(),
-                            zshrc_path: format!("{home}/.zshrc"),
-                        });
-                    }
+                if let Some(shell_path) = line.strip_prefix("UserShell: ")
+                    && shell_path.ends_with("/zsh")
+                {
+                    return Shell::Zsh(ZshShell {
+                        shell_path: shell_path.to_string(),
+                        zshrc_path: format!("{home}/.zshrc"),
+                    });
                 }
             }
 

codex-rs/core/src/terminal.rs

@@ -0,0 +1,72 @@
+use std::sync::OnceLock;
+
+static TERMINAL: OnceLock<String> = OnceLock::new();
+
+pub fn user_agent() -> String {
+    TERMINAL.get_or_init(detect_terminal).to_string()
+}
+
+/// Sanitize a header value to be used in a User-Agent string.
+///
+/// This function replaces any characters that are not allowed in a User-Agent string with an underscore.
+///
+/// # Arguments
+///
+/// * `value` - The value to sanitize.
+fn is_valid_header_value_char(c: char) -> bool {
+    c.is_ascii_alphanumeric() || c == '-' || c == '_' || c == '.' || c == '/'
+}
+
+fn sanitize_header_value(value: String) -> String {
+    value.replace(|c| !is_valid_header_value_char(c), "_")
+}
+
+fn detect_terminal() -> String {
+    sanitize_header_value(
+        if let Ok(tp) = std::env::var("TERM_PROGRAM")
+            && !tp.trim().is_empty()
+        {
+            let ver = std::env::var("TERM_PROGRAM_VERSION").ok();
+            match ver {
+                Some(v) if !v.trim().is_empty() => format!("{tp}/{v}"),
+                _ => tp,
+            }
+        } else if let Ok(v) = std::env::var("WEZTERM_VERSION") {
+            if !v.trim().is_empty() {
+                format!("WezTerm/{v}")
+            } else {
+                "WezTerm".to_string()
+            }
+        } else if std::env::var("KITTY_WINDOW_ID").is_ok()
+            || std::env::var("TERM")
+                .map(|t| t.contains("kitty"))
+                .unwrap_or(false)
+        {
+            "kitty".to_string()
+        } else if std::env::var("ALACRITTY_SOCKET").is_ok()
+            || std::env::var("TERM")
+                .map(|t| t == "alacritty")
+                .unwrap_or(false)
+        {
+            "Alacritty".to_string()
+        } else if let Ok(v) = std::env::var("KONSOLE_VERSION") {
+            if !v.trim().is_empty() {
+                format!("Konsole/{v}")
+            } else {
+                "Konsole".to_string()
+            }
+        } else if std::env::var("GNOME_TERMINAL_SCREEN").is_ok() {
+            return "gnome-terminal".to_string();
+        } else if let Ok(v) = std::env::var("VTE_VERSION") {
+            if !v.trim().is_empty() {
+                format!("VTE/{v}")
+            } else {
+                "VTE".to_string()
+            }
+        } else if std::env::var("WT_SESSION").is_ok() {
+            return "WindowsTerminal".to_string();
+        } else {
+            std::env::var("TERM").unwrap_or_else(|_| "unknown".to_string())
+        },
+    )
+}

codex-rs/core/src/user_agent.rs

@@ -4,11 +4,12 @@ pub fn get_codex_user_agent(originator: Option<&str>) -> String {
     let build_version = env!("CARGO_PKG_VERSION");
     let os_info = os_info::get();
     format!(
-        "{}/{build_version} ({} {}; {})",
+        "{}/{build_version} ({} {}; {}) {}",
         originator.unwrap_or(DEFAULT_ORIGINATOR),
         os_info.os_type(),
         os_info.version(),
         os_info.architecture().unwrap_or("unknown"),
+        crate::terminal::user_agent()
     )
 }
 
@@ -27,9 +28,10 @@ mod tests {
     fn test_macos() {
         use regex_lite::Regex;
         let user_agent = get_codex_user_agent(None);
-        let re =
-            Regex::new(r"^codex_cli_rs/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\)$")
-                .unwrap();
+        let re = Regex::new(
+            r"^codex_cli_rs/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\) (\S+)$",
+        )
+        .unwrap();
         assert!(re.is_match(&user_agent));
     }
 }

codex-rs/core/tests/cli_stream.rs

@@ -297,13 +297,12 @@ async fn integration_creates_and_checks_session_file() {
                     Ok(v) => v,
                     Err(_) => continue,
                 };
-                if item.get("type").and_then(|t| t.as_str()) == Some("message") {
-                    if let Some(c) = item.get("content") {
-                        if c.to_string().contains(&marker) {
-                            matching_path = Some(path.to_path_buf());
-                            break;
-                        }
-                    }
+                if item.get("type").and_then(|t| t.as_str()) == Some("message")
+                    && let Some(c) = item.get("content")
+                    && c.to_string().contains(&marker)
+                {
+                    matching_path = Some(path.to_path_buf());
+                    break;
                 }
             }
         }
@@ -376,13 +375,12 @@ async fn integration_creates_and_checks_session_file() {
         let Ok(item) = serde_json::from_str::<serde_json::Value>(line) else {
             continue;
         };
-        if item.get("type").and_then(|t| t.as_str()) == Some("message") {
-            if let Some(c) = item.get("content") {
-                if c.to_string().contains(&marker) {
-                    found_message = true;
-                    break;
-                }
-            }
+        if item.get("type").and_then(|t| t.as_str()) == Some("message")
+            && let Some(c) = item.get("content")
+            && c.to_string().contains(&marker)
+        {
+            found_message = true;
+            break;
         }
     }
     assert!(

codex-rs/core/tests/client.rs

@@ -7,6 +7,7 @@ use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use codex_login::AuthMode;
 use codex_login::CodexAuth;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture_with_id;
@@ -54,6 +55,59 @@ fn assert_message_ends_with(request_body: &serde_json::Value, text: &str) {
     );
 }
 
+/// Writes an `auth.json` into the provided `codex_home` with the specified parameters.
+/// Returns the fake JWT string written to `tokens.id_token`.
+#[expect(clippy::unwrap_used)]
+fn write_auth_json(
+    codex_home: &TempDir,
+    openai_api_key: Option<&str>,
+    chatgpt_plan_type: &str,
+    access_token: &str,
+    account_id: Option<&str>,
+) -> String {
+    use base64::Engine as _;
+    use serde_json::json;
+
+    let header = json!({ "alg": "none", "typ": "JWT" });
+    let payload = json!({
+        "email": "user@example.com",
+        "https://api.openai.com/auth": {
+            "chatgpt_plan_type": chatgpt_plan_type,
+            "chatgpt_account_id": account_id.unwrap_or("acc-123")
+        }
+    });
+
+    let b64 = |b: &[u8]| base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(b);
+    let header_b64 = b64(&serde_json::to_vec(&header).unwrap());
+    let payload_b64 = b64(&serde_json::to_vec(&payload).unwrap());
+    let signature_b64 = b64(b"sig");
+    let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
+
+    let mut tokens = json!({
+        "id_token": fake_jwt,
+        "access_token": access_token,
+        "refresh_token": "refresh-test",
+    });
+    if let Some(acc) = account_id {
+        tokens["account_id"] = json!(acc);
+    }
+
+    let auth_json = json!({
+        "OPENAI_API_KEY": openai_api_key,
+        "tokens": tokens,
+        // RFC3339 datetime; value doesn't matter for these tests
+        "last_refresh": "2025-08-06T20:41:36.232376Z",
+    });
+
+    std::fs::write(
+        codex_home.path().join("auth.json"),
+        serde_json::to_string_pretty(&auth_json).unwrap(),
+    )
+    .unwrap();
+
+    fake_jwt
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn includes_session_id_and_model_headers_in_request() {
     if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
@@ -206,7 +260,7 @@ async fn originator_config_override_is_used() {
     let codex_home = TempDir::new().unwrap();
     let mut config = load_default_config_for_test(&codex_home);
     config.model_provider = model_provider;
-    config.internal_originator = Some("my_override".to_string());
+    config.responses_originator_header = "my_override".to_owned();
 
     let conversation_manager = ConversationManager::default();
     let codex = conversation_manager
@@ -311,6 +365,156 @@ async fn chatgpt_auth_sends_correct_request() {
     );
 }
 
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn prefers_chatgpt_token_when_config_prefers_chatgpt() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    // Mock server
+    let server = MockServer::start().await;
+
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse_completed("resp1"), "text/event-stream");
+
+    // Expect ChatGPT base path and correct headers
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .and(header_regex("Authorization", r"Bearer Access-123"))
+        .and(header_regex("chatgpt-account-id", r"acc-123"))
+        .respond_with(first)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    // Init session
+    let codex_home = TempDir::new().unwrap();
+    // Write auth.json that contains both API key and ChatGPT tokens for a plan that should prefer ChatGPT.
+    let _jwt = write_auth_json(
+        &codex_home,
+        Some("sk-test-key"),
+        "pro",
+        "Access-123",
+        Some("acc-123"),
+    );
+
+    let mut config = load_default_config_for_test(&codex_home);
+    config.model_provider = model_provider;
+    config.preferred_auth_method = AuthMode::ChatGPT;
+
+    let conversation_manager = ConversationManager::default();
+    let NewConversation {
+        conversation: codex,
+        ..
+    } = conversation_manager
+        .new_conversation(config)
+        .await
+        .expect("create new conversation");
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // verify request body flags
+    let request = &server.received_requests().await.unwrap()[0];
+    let request_body = request.body_json::<serde_json::Value>().unwrap();
+    assert!(
+        !request_body["store"].as_bool().unwrap(),
+        "store should be false for ChatGPT auth"
+    );
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn prefers_apikey_when_config_prefers_apikey_even_with_chatgpt_tokens() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    // Mock server
+    let server = MockServer::start().await;
+
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse_completed("resp1"), "text/event-stream");
+
+    // Expect API key header, no ChatGPT account header required.
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .and(header_regex("Authorization", r"Bearer sk-test-key"))
+        .respond_with(first)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    // Init session
+    let codex_home = TempDir::new().unwrap();
+    // Write auth.json that contains both API key and ChatGPT tokens for a plan that should prefer ChatGPT,
+    // but config will force API key preference.
+    let _jwt = write_auth_json(
+        &codex_home,
+        Some("sk-test-key"),
+        "pro",
+        "Access-123",
+        Some("acc-123"),
+    );
+
+    let mut config = load_default_config_for_test(&codex_home);
+    config.model_provider = model_provider;
+    config.preferred_auth_method = AuthMode::ApiKey;
+
+    let conversation_manager = ConversationManager::default();
+    let NewConversation {
+        conversation: codex,
+        ..
+    } = conversation_manager
+        .new_conversation(config)
+        .await
+        .expect("create new conversation");
+
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello".into(),
+            }],
+        })
+        .await
+        .unwrap();
+
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // verify request body flags
+    let request = &server.received_requests().await.unwrap()[0];
+    let request_body = request.body_json::<serde_json::Value>().unwrap();
+    assert!(
+        request_body["store"].as_bool().unwrap(),
+        "store should be true for API key auth"
+    );
+}
+
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn includes_user_instructions_message_in_request() {
     let server = MockServer::start().await;

codex-rs/core/tests/common/lib.rs

@@ -47,6 +47,26 @@ pub fn load_sse_fixture(path: impl AsRef<std::path::Path>) -> String {
         .collect()
 }
 
+pub fn load_sse_fixture_with_id_from_str(raw: &str, id: &str) -> String {
+    let replaced = raw.replace("__ID__", id);
+    let events: Vec<serde_json::Value> =
+        serde_json::from_str(&replaced).expect("parse JSON fixture");
+    events
+        .into_iter()
+        .map(|e| {
+            let kind = e
+                .get("type")
+                .and_then(|v| v.as_str())
+                .expect("fixture event missing type");
+            if e.as_object().map(|o| o.len() == 1).unwrap_or(false) {
+                format!("event: {kind}\n\n")
+            } else {
+                format!("event: {kind}\ndata: {e}\n\n")
+            }
+        })
+        .collect()
+}
+
 /// Same as [`load_sse_fixture`], but replaces the placeholder `__ID__` in the
 /// fixture template with the supplied identifier before parsing. This lets a
 /// single JSON template be reused by multiple tests that each need a unique

codex-rs/core/tests/prompt_caching.rs

@@ -1,9 +1,13 @@
 use codex_core::ConversationManager;
 use codex_core::ModelProviderInfo;
 use codex_core::built_in_model_providers;
+use codex_core::protocol::AskForApproval;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
+use codex_core::protocol::SandboxPolicy;
+use codex_core::protocol_config_types::ReasoningEffort;
+use codex_core::protocol_config_types::ReasoningSummary;
 use codex_login::CodexAuth;
 use core_test_support::load_default_config_for_test;
 use core_test_support::load_sse_fixture_with_id;
@@ -129,3 +133,230 @@ async fn prefixes_context_and_instructions_once_and_consistently_across_requests
     );
     assert_eq!(body2["input"], expected_body2);
 }
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn overrides_turn_context_but_keeps_cached_prefix_and_key_constant() {
+    use pretty_assertions::assert_eq;
+
+    let server = MockServer::start().await;
+
+    let sse = sse_completed("resp");
+    let template = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse, "text/event-stream");
+
+    // Expect two POSTs to /v1/responses
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .respond_with(template)
+        .expect(2)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    let cwd = TempDir::new().unwrap();
+    let codex_home = TempDir::new().unwrap();
+    let mut config = load_default_config_for_test(&codex_home);
+    config.cwd = cwd.path().to_path_buf();
+    config.model_provider = model_provider;
+    config.user_instructions = Some("be consistent and helpful".to_string());
+
+    let conversation_manager = ConversationManager::default();
+    let codex = conversation_manager
+        .new_conversation_with_auth(config, Some(CodexAuth::from_api_key("Test API Key")))
+        .await
+        .expect("create new conversation")
+        .conversation;
+
+    // First turn
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello 1".into(),
+            }],
+        })
+        .await
+        .unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // Change everything about the turn context.
+    let new_cwd = TempDir::new().unwrap();
+    let writable = TempDir::new().unwrap();
+    codex
+        .submit(Op::OverrideTurnContext {
+            cwd: Some(new_cwd.path().to_path_buf()),
+            approval_policy: Some(AskForApproval::Never),
+            sandbox_policy: Some(SandboxPolicy::WorkspaceWrite {
+                writable_roots: vec![writable.path().to_path_buf()],
+                network_access: true,
+                exclude_tmpdir_env_var: true,
+                exclude_slash_tmp: true,
+            }),
+            model: Some("o3".to_string()),
+            effort: Some(ReasoningEffort::High),
+            summary: Some(ReasoningSummary::Detailed),
+        })
+        .await
+        .unwrap();
+
+    // Second turn after overrides
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello 2".into(),
+            }],
+        })
+        .await
+        .unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // Verify we issued exactly two requests, and the cached prefix stayed identical.
+    let requests = server.received_requests().await.unwrap();
+    assert_eq!(requests.len(), 2, "expected two POST requests");
+
+    let body1 = requests[0].body_json::<serde_json::Value>().unwrap();
+    let body2 = requests[1].body_json::<serde_json::Value>().unwrap();
+
+    // prompt_cache_key should remain constant across overrides
+    assert_eq!(
+        body1["prompt_cache_key"], body2["prompt_cache_key"],
+        "prompt_cache_key should not change across overrides"
+    );
+
+    // The entire prefix from the first request should be identical and reused
+    // as the prefix of the second request, ensuring cache hit potential.
+    let expected_user_message_2 = serde_json::json!({
+        "type": "message",
+        "id": serde_json::Value::Null,
+        "role": "user",
+        "content": [ { "type": "input_text", "text": "hello 2" } ]
+    });
+    // After overriding the turn context, the environment context should be emitted again
+    // reflecting the new cwd, approval policy and sandbox settings.
+    let expected_env_text_2 = format!(
+        "<environment_context>\nCurrent working directory: {}\nApproval policy: never\nSandbox mode: workspace-write\nNetwork access: enabled\n</environment_context>",
+        new_cwd.path().to_string_lossy()
+    );
+    let expected_env_msg_2 = serde_json::json!({
+        "type": "message",
+        "id": serde_json::Value::Null,
+        "role": "user",
+        "content": [ { "type": "input_text", "text": expected_env_text_2 } ]
+    });
+    let expected_body2 = serde_json::json!(
+        [
+            body1["input"].as_array().unwrap().as_slice(),
+            [expected_env_msg_2, expected_user_message_2].as_slice(),
+        ]
+        .concat()
+    );
+    assert_eq!(body2["input"], expected_body2);
+}
+
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn per_turn_overrides_keep_cached_prefix_and_key_constant() {
+    use pretty_assertions::assert_eq;
+
+    let server = MockServer::start().await;
+
+    let sse = sse_completed("resp");
+    let template = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(sse, "text/event-stream");
+
+    // Expect two POSTs to /v1/responses
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .respond_with(template)
+        .expect(2)
+        .mount(&server)
+        .await;
+
+    let model_provider = ModelProviderInfo {
+        base_url: Some(format!("{}/v1", server.uri())),
+        ..built_in_model_providers()["openai"].clone()
+    };
+
+    let cwd = TempDir::new().unwrap();
+    let codex_home = TempDir::new().unwrap();
+    let mut config = load_default_config_for_test(&codex_home);
+    config.cwd = cwd.path().to_path_buf();
+    config.model_provider = model_provider;
+    config.user_instructions = Some("be consistent and helpful".to_string());
+
+    let conversation_manager = ConversationManager::default();
+    let codex = conversation_manager
+        .new_conversation_with_auth(config, Some(CodexAuth::from_api_key("Test API Key")))
+        .await
+        .expect("create new conversation")
+        .conversation;
+
+    // First turn
+    codex
+        .submit(Op::UserInput {
+            items: vec![InputItem::Text {
+                text: "hello 1".into(),
+            }],
+        })
+        .await
+        .unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // Second turn using per-turn overrides via UserTurn
+    let new_cwd = TempDir::new().unwrap();
+    let writable = TempDir::new().unwrap();
+    codex
+        .submit(Op::UserTurn {
+            items: vec![InputItem::Text {
+                text: "hello 2".into(),
+            }],
+            cwd: new_cwd.path().to_path_buf(),
+            approval_policy: AskForApproval::Never,
+            sandbox_policy: SandboxPolicy::WorkspaceWrite {
+                writable_roots: vec![writable.path().to_path_buf()],
+                network_access: true,
+                exclude_tmpdir_env_var: true,
+                exclude_slash_tmp: true,
+            },
+            model: "o3".to_string(),
+            effort: ReasoningEffort::High,
+            summary: ReasoningSummary::Detailed,
+        })
+        .await
+        .unwrap();
+    wait_for_event(&codex, |ev| matches!(ev, EventMsg::TaskComplete(_))).await;
+
+    // Verify we issued exactly two requests, and the cached prefix stayed identical.
+    let requests = server.received_requests().await.unwrap();
+    assert_eq!(requests.len(), 2, "expected two POST requests");
+
+    let body1 = requests[0].body_json::<serde_json::Value>().unwrap();
+    let body2 = requests[1].body_json::<serde_json::Value>().unwrap();
+
+    // prompt_cache_key should remain constant across per-turn overrides
+    assert_eq!(
+        body1["prompt_cache_key"], body2["prompt_cache_key"],
+        "prompt_cache_key should not change across per-turn overrides"
+    );
+
+    // The entire prefix from the first request should be identical and reused
+    // as the prefix of the second request.
+    let expected_user_message_2 = serde_json::json!({
+        "type": "message",
+        "id": serde_json::Value::Null,
+        "role": "user",
+        "content": [ { "type": "input_text", "text": "hello 2" } ]
+    });
+    let expected_body2 = serde_json::json!(
+        [
+            body1["input"].as_array().unwrap().as_slice(),
+            [expected_user_message_2].as_slice(),
+        ]
+        .concat()
+    );
+    assert_eq!(body2["input"], expected_body2);
+}

codex-rs/exec/Cargo.toml

@@ -26,6 +26,7 @@ codex-common = { path = "../common", features = [
 ] }
 codex-core = { path = "../core" }
 codex-ollama = { path = "../ollama" }
+codex-protocol = { path = "../protocol" }
 owo-colors = "4.2.0"
 serde_json = "1"
 shlex = "1.3.0"
@@ -41,6 +42,8 @@ tracing-subscriber = { version = "0.3.19", features = ["env-filter"] }
 
 [dev-dependencies]
 assert_cmd = "2"
+core_test_support = { path = "../core/tests/common" }
 libc = "0.2"
 predicates = "3"
 tempfile = "3.13.0"
+wiremock = "0.6"

codex-rs/exec/src/event_processor.rs

@@ -29,9 +29,9 @@ pub(crate) fn handle_last_message(last_agent_message: Option<&str>, output_file:
 }
 
 fn write_last_message_file(contents: &str, last_message_path: Option<&Path>) {
-    if let Some(path) = last_message_path {
-        if let Err(e) = std::fs::write(path, contents) {
-            eprintln!("Failed to write last message file {path:?}: {e}");
-        }
+    if let Some(path) = last_message_path
+        && let Err(e) = std::fs::write(path, contents)
+    {
+        eprintln!("Failed to write last message file {path:?}: {e}");
     }
 }

codex-rs/exec/src/event_processor_with_human_output.rs

@@ -21,6 +21,7 @@ use codex_core::protocol::PatchApplyBeginEvent;
 use codex_core::protocol::PatchApplyEndEvent;
 use codex_core::protocol::SessionConfiguredEvent;
 use codex_core::protocol::TaskCompleteEvent;
+use codex_core::protocol::TurnAbortReason;
 use codex_core::protocol::TurnDiffEvent;
 use owo_colors::OwoColorize;
 use owo_colors::Style;
@@ -522,6 +523,17 @@ impl EventProcessor for EventProcessorWithHumanOutput {
             EventMsg::GetHistoryEntryResponse(_) => {
                 // Currently ignored in exec output.
             }
+            EventMsg::McpListToolsResponse(_) => {
+                // Currently ignored in exec output.
+            }
+            EventMsg::TurnAborted(abort_reason) => match abort_reason.reason {
+                TurnAbortReason::Interrupted => {
+                    ts_println!(self, "task interrupted");
+                }
+                TurnAbortReason::Replaced => {
+                    ts_println!(self, "task aborted: replaced by a new task");
+                }
+            },
             EventMsg::ShutdownComplete => return CodexStatus::Shutdown,
         }
         CodexStatus::Running

codex-rs/exec/src/lib.rs

@@ -13,7 +13,6 @@ use codex_core::ConversationManager;
 use codex_core::NewConversation;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
-use codex_core::config_types::SandboxMode;
 use codex_core::protocol::AskForApproval;
 use codex_core::protocol::Event;
 use codex_core::protocol::EventMsg;
@@ -22,6 +21,7 @@ use codex_core::protocol::Op;
 use codex_core::protocol::TaskCompleteEvent;
 use codex_core::util::is_inside_git_repo;
 use codex_ollama::DEFAULT_OSS_MODEL;
+use codex_protocol::config_types::SandboxMode;
 use event_processor_with_human_output::EventProcessorWithHumanOutput;
 use event_processor_with_json_output::EventProcessorWithJsonOutput;
 use tracing::debug;
@@ -146,6 +146,7 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
         codex_linux_sandbox_exe,
         base_instructions: None,
         include_plan_tool: None,
+        include_apply_patch_tool: None,
         disable_response_storage: oss.then_some(true),
         show_raw_agent_reasoning: oss.then_some(true),
     };

codex-rs/exec/tests/apply_patch.rs

@@ -1,3 +1,5 @@
+#![allow(clippy::expect_used, clippy::unwrap_used)]
+
 use anyhow::Context;
 use assert_cmd::prelude::*;
 use codex_core::CODEX_APPLY_PATCH_ARG1;
@@ -37,3 +39,152 @@ fn test_standalone_exec_cli_can_use_apply_patch() -> anyhow::Result<()> {
     );
     Ok(())
 }
+
+#[cfg(not(target_os = "windows"))]
+#[tokio::test]
+async fn test_apply_patch_tool() -> anyhow::Result<()> {
+    use core_test_support::load_sse_fixture_with_id_from_str;
+    use tempfile::TempDir;
+    use wiremock::Mock;
+    use wiremock::MockServer;
+    use wiremock::ResponseTemplate;
+    use wiremock::matchers::method;
+    use wiremock::matchers::path;
+
+    const SSE_TOOL_CALL_ADD: &str = r#"[
+  {
+    "type": "response.output_item.done",
+    "item": {
+      "type": "function_call",
+      "name": "apply_patch",
+      "arguments": "{\n  \"input\": \"*** Begin Patch\\n*** Add File: test.md\\n+Hello world\\n*** End Patch\"\n}",
+      "call_id": "__ID__"
+    }
+  },
+  {
+    "type": "response.completed",
+    "response": {
+      "id": "__ID__",
+      "usage": {
+        "input_tokens": 0,
+        "input_tokens_details": null,
+        "output_tokens": 0,
+        "output_tokens_details": null,
+        "total_tokens": 0
+      },
+      "output": []
+    }
+  }
+]"#;
+
+    const SSE_TOOL_CALL_UPDATE: &str = r#"[
+  {
+    "type": "response.output_item.done",
+    "item": {
+      "type": "function_call",
+      "name": "apply_patch",
+      "arguments": "{\n  \"input\": \"*** Begin Patch\\n*** Update File: test.md\\n@@\\n-Hello world\\n+Final text\\n*** End Patch\"\n}",
+      "call_id": "__ID__"
+    }
+  },
+  {
+    "type": "response.completed",
+    "response": {
+      "id": "__ID__",
+      "usage": {
+        "input_tokens": 0,
+        "input_tokens_details": null,
+        "output_tokens": 0,
+        "output_tokens_details": null,
+        "total_tokens": 0
+      },
+      "output": []
+    }
+  }
+]"#;
+
+    const SSE_TOOL_CALL_COMPLETED: &str = r#"[
+  {
+    "type": "response.completed",
+    "response": {
+      "id": "__ID__",
+      "usage": {
+        "input_tokens": 0,
+        "input_tokens_details": null,
+        "output_tokens": 0,
+        "output_tokens_details": null,
+        "total_tokens": 0
+      },
+      "output": []
+    }
+  }
+]"#;
+
+    // Start a mock model server
+    let server = MockServer::start().await;
+
+    // First response: model calls apply_patch to create test.md
+    let first = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(
+            load_sse_fixture_with_id_from_str(SSE_TOOL_CALL_ADD, "call1"),
+            "text/event-stream",
+        );
+
+    Mock::given(method("POST"))
+        // .and(path("/v1/responses"))
+        .respond_with(first)
+        .up_to_n_times(1)
+        .mount(&server)
+        .await;
+
+    // Second response: model calls apply_patch to update test.md
+    let second = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(
+            load_sse_fixture_with_id_from_str(SSE_TOOL_CALL_UPDATE, "call2"),
+            "text/event-stream",
+        );
+
+    Mock::given(method("POST"))
+        .and(path("/v1/responses"))
+        .respond_with(second)
+        .up_to_n_times(1)
+        .mount(&server)
+        .await;
+
+    let final_completed = ResponseTemplate::new(200)
+        .insert_header("content-type", "text/event-stream")
+        .set_body_raw(
+            load_sse_fixture_with_id_from_str(SSE_TOOL_CALL_COMPLETED, "resp3"),
+            "text/event-stream",
+        );
+
+    Mock::given(method("POST"))
+        // .and(path("/v1/responses"))
+        .respond_with(final_completed)
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let tmp_cwd = TempDir::new().unwrap();
+    Command::cargo_bin("codex-exec")
+        .context("should find binary for codex-exec")?
+        .current_dir(tmp_cwd.path())
+        .env("CODEX_HOME", tmp_cwd.path())
+        .env("OPENAI_API_KEY", "dummy")
+        .env("OPENAI_BASE_URL", format!("{}/v1", server.uri()))
+        .arg("--skip-git-repo-check")
+        .arg("-s")
+        .arg("workspace-write")
+        .arg("foo")
+        .assert()
+        .success();
+
+    // Verify final file contents
+    let final_path = tmp_cwd.path().join("test.md");
+    let contents = std::fs::read_to_string(&final_path)
+        .unwrap_or_else(|e| panic!("failed reading {}: {e}", final_path.display()));
+    assert_eq!(contents, "Final text\n");
+    Ok(())
+}

codex-rs/execpolicy/src/execv_checker.rs

@@ -214,7 +214,12 @@ system_path=[{fake_cp:?}]
 
         // Only readable folders specified.
         assert_eq!(
-            checker.check(valid_exec.clone(), &cwd, &[root_path.clone()], &[]),
+            checker.check(
+                valid_exec.clone(),
+                &cwd,
+                std::slice::from_ref(&root_path),
+                &[]
+            ),
             Err(WriteablePathNotInWriteableFolders {
                 file: dest_path.clone(),
                 folders: vec![]
@@ -226,8 +231,8 @@ system_path=[{fake_cp:?}]
             checker.check(
                 valid_exec.clone(),
                 &cwd,
-                &[root_path.clone()],
-                &[root_path.clone()]
+                std::slice::from_ref(&root_path),
+                std::slice::from_ref(&root_path)
             ),
             Ok(cp.clone()),
         );
@@ -246,8 +251,8 @@ system_path=[{fake_cp:?}]
             checker.check(
                 valid_exec_call_folders_as_args,
                 &cwd,
-                &[root_path.clone()],
-                &[root_path.clone()]
+                std::slice::from_ref(&root_path),
+                std::slice::from_ref(&root_path)
             ),
             Ok(cp.clone()),
         );
@@ -269,8 +274,8 @@ system_path=[{fake_cp:?}]
             checker.check(
                 exec_with_parent_of_readable_folder,
                 &cwd,
-                &[root_path.clone()],
-                &[dest_path.clone()]
+                std::slice::from_ref(&root_path),
+                std::slice::from_ref(&dest_path)
             ),
             Err(ReadablePathNotInReadableFolders {
                 file: root_path.parent().unwrap().to_path_buf(),

codex-rs/execpolicy/src/policy.rs

@@ -56,16 +56,16 @@ impl Policy {
         }
 
         for arg in args {
-            if let Some(regex) = &self.forbidden_substrings_pattern {
-                if regex.is_match(arg) {
-                    return Ok(MatchedExec::Forbidden {
-                        cause: Forbidden::Arg {
-                            arg: arg.clone(),
-                            exec_call: exec_call.clone(),
-                        },
-                        reason: format!("arg `{arg}` contains forbidden substring"),
-                    });
-                }
+            if let Some(regex) = &self.forbidden_substrings_pattern
+                && regex.is_match(arg)
+            {
+                return Ok(MatchedExec::Forbidden {
+                    cause: Forbidden::Arg {
+                        arg: arg.clone(),
+                        exec_call: exec_call.clone(),
+                    },
+                    reason: format!("arg `{arg}` contains forbidden substring"),
+                });
             }
         }
 

codex-rs/execpolicy/src/sed_command.rs

@@ -3,12 +3,12 @@ use crate::error::Result;
 
 pub fn parse_sed_command(sed_command: &str) -> Result<()> {
     // For now, we parse only commands like `122,202p`.
-    if let Some(stripped) = sed_command.strip_suffix("p") {
-        if let Some((first, rest)) = stripped.split_once(",") {
-            if first.parse::<u64>().is_ok() && rest.parse::<u64>().is_ok() {
-                return Ok(());
-            }
-        }
+    if let Some(stripped) = sed_command.strip_suffix("p")
+        && let Some((first, rest)) = stripped.split_once(",")
+        && first.parse::<u64>().is_ok()
+        && rest.parse::<u64>().is_ok()
+    {
+        return Ok(());
     }
 
     Err(Error::SedCommandNotProvablySafe {

codex-rs/file-search/src/lib.rs

@@ -228,11 +228,11 @@ pub fn run(
         for &Reverse((score, ref line)) in best_list.binary_heap.iter() {
             if global_heap.len() < limit.get() {
                 global_heap.push(Reverse((score, line.clone())));
-            } else if let Some(min_element) = global_heap.peek() {
-                if score > min_element.0.0 {
-                    global_heap.pop();
-                    global_heap.push(Reverse((score, line.clone())));
-                }
+            } else if let Some(min_element) = global_heap.peek()
+                && score > min_element.0.0
+            {
+                global_heap.pop();
+                global_heap.push(Reverse((score, line.clone())));
             }
         }
     }
@@ -320,11 +320,11 @@ impl BestMatchesList {
 
             if self.binary_heap.len() < self.max_count {
                 self.binary_heap.push(Reverse((score, line.to_string())));
-            } else if let Some(min_element) = self.binary_heap.peek() {
-                if score > min_element.0.0 {
-                    self.binary_heap.pop();
-                    self.binary_heap.push(Reverse((score, line.to_string())));
-                }
+            } else if let Some(min_element) = self.binary_heap.peek()
+                && score > min_element.0.0
+            {
+                self.binary_heap.pop();
+                self.binary_heap.push(Reverse((score, line.to_string())));
             }
         }
     }

codex-rs/justfile

@@ -24,8 +24,8 @@ file-search *args:
 fmt:
     cargo fmt -- --config imports_granularity=Item
 
-fix:
-    cargo clippy --fix --all-features --tests --allow-dirty
+fix *args:
+    cargo clippy --fix --all-features --tests --allow-dirty "$@"
 
 install:
     rustup show active-toolchain

codex-rs/linux-sandbox/Cargo.toml

@@ -20,7 +20,7 @@ clap = { version = "4", features = ["derive"] }
 codex-common = { path = "../common", features = ["cli"] }
 codex-core = { path = "../core" }
 landlock = "0.4.1"
-libc = "0.2.172"
+libc = "0.2.175"
 seccompiler = "0.5.0"
 
 [target.'cfg(target_os = "linux")'.dev-dependencies]

codex-rs/login/src/lib.rs

@@ -16,10 +16,10 @@ use std::sync::Arc;
 use std::sync::Mutex;
 use std::time::Duration;
 
-pub use crate::server::LoginServerInfo;
+pub use crate::server::LoginServer;
 pub use crate::server::ServerOptions;
-pub use crate::server::run_server_blocking;
-pub use crate::server::run_server_blocking_with_notify;
+pub use crate::server::ShutdownHandle;
+pub use crate::server::run_login_server;
 pub use crate::token_data::TokenData;
 use crate::token_data::parse_id_token;
 
@@ -30,7 +30,8 @@ mod token_data;
 pub const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";
 pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
 
-#[derive(Clone, Debug, PartialEq, Copy)]
+#[derive(Clone, Debug, PartialEq, Copy, Eq, Serialize, Deserialize)]
+#[serde(rename_all = "lowercase")]
 pub enum AuthMode {
     ApiKey,
     ChatGPT,
@@ -61,10 +62,46 @@ impl CodexAuth {
         }
     }
 
+    pub async fn refresh_token(&self) -> Result<String, std::io::Error> {
+        let token_data = self
+            .get_current_token_data()
+            .ok_or(std::io::Error::other("Token data is not available."))?;
+        let token = token_data.refresh_token;
+
+        let refresh_response = try_refresh_token(token)
+            .await
+            .map_err(std::io::Error::other)?;
+
+        let updated = update_tokens(
+            &self.auth_file,
+            refresh_response.id_token,
+            refresh_response.access_token,
+            refresh_response.refresh_token,
+        )
+        .await?;
+
+        if let Ok(mut auth_lock) = self.auth_dot_json.lock() {
+            *auth_lock = Some(updated.clone());
+        }
+
+        let access = match updated.tokens {
+            Some(t) => t.access_token,
+            None => {
+                return Err(std::io::Error::other(
+                    "Token data is not available after refresh.",
+                ));
+            }
+        };
+        Ok(access)
+    }
+
     /// Loads the available auth information from the auth.json or
     /// OPENAI_API_KEY environment variable.
-    pub fn from_codex_home(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
-        load_auth(codex_home, true)
+    pub fn from_codex_home(
+        codex_home: &Path,
+        preferred_auth_method: AuthMode,
+    ) -> std::io::Result<Option<CodexAuth>> {
+        load_auth(codex_home, true, preferred_auth_method)
     }
 
     pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
@@ -165,7 +202,11 @@ impl CodexAuth {
     }
 }
 
-fn load_auth(codex_home: &Path, include_env_var: bool) -> std::io::Result<Option<CodexAuth>> {
+fn load_auth(
+    codex_home: &Path,
+    include_env_var: bool,
+    preferred_auth_method: AuthMode,
+) -> std::io::Result<Option<CodexAuth>> {
     // First, check to see if there is a valid auth.json file. If not, we fall
     // back to AuthMode::ApiKey using the OPENAI_API_KEY environment variable
     // (if it is set).
@@ -201,7 +242,7 @@ fn load_auth(codex_home: &Path, include_env_var: bool) -> std::io::Result<Option
         // "refreshable" even if we are using the API key for auth?
         match &tokens {
             Some(tokens) => {
-                if tokens.is_plan_that_should_use_api_key() {
+                if tokens.should_use_api_key(preferred_auth_method, tokens.is_openai_email()) {
                     return Ok(Some(CodexAuth::from_api_key(api_key)));
                 } else {
                     // Ignore the API key and fall through to ChatGPT auth.
@@ -252,65 +293,6 @@ pub fn logout(codex_home: &Path) -> std::io::Result<bool> {
     }
 }
 
-/// Represents a running login server. The server can be stopped by calling `cancel()` on SpawnedLogin.
-#[derive(Debug, Clone)]
-pub struct SpawnedLogin {
-    url: Arc<Mutex<Option<String>>>,
-    done: Arc<Mutex<Option<bool>>>,
-    shutdown: Arc<std::sync::atomic::AtomicBool>,
-}
-
-impl SpawnedLogin {
-    pub fn get_login_url(&self) -> Option<String> {
-        self.url.lock().ok().and_then(|u| u.clone())
-    }
-
-    pub fn get_auth_result(&self) -> Option<bool> {
-        self.done.lock().ok().and_then(|d| *d)
-    }
-
-    pub fn cancel(&self) {
-        self.shutdown
-            .store(true, std::sync::atomic::Ordering::SeqCst);
-    }
-}
-
-pub fn spawn_login_with_chatgpt(codex_home: &Path) -> std::io::Result<SpawnedLogin> {
-    let (tx, rx) = std::sync::mpsc::channel::<LoginServerInfo>();
-    let shutdown = Arc::new(std::sync::atomic::AtomicBool::new(false));
-    let done = Arc::new(Mutex::new(None::<bool>));
-    let url = Arc::new(Mutex::new(None::<String>));
-
-    let codex_home_buf = codex_home.to_path_buf();
-    let client_id = CLIENT_ID.to_string();
-
-    let shutdown_clone = shutdown.clone();
-    let done_clone = done.clone();
-    std::thread::spawn(move || {
-        let opts = ServerOptions::new(&codex_home_buf, &client_id);
-        let res = run_server_blocking_with_notify(opts, Some(tx), Some(shutdown_clone));
-        let success = res.is_ok();
-        if let Ok(mut lock) = done_clone.lock() {
-            *lock = Some(success);
-        }
-    });
-
-    let url_clone = url.clone();
-    std::thread::spawn(move || {
-        if let Ok(u) = rx.recv() {
-            if let Ok(mut lock) = url_clone.lock() {
-                *lock = Some(u.auth_url);
-            }
-        }
-    });
-
-    Ok(SpawnedLogin {
-        url,
-        done,
-        shutdown,
-    })
-}
-
 pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<()> {
     let auth_dot_json = AuthDotJson {
         openai_api_key: Some(api_key.to_string()),
@@ -442,7 +424,9 @@ mod tests {
     fn writes_api_key_and_loads_auth() {
         let dir = tempdir().unwrap();
         login_with_api_key(dir.path(), "sk-test-key").unwrap();
-        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        let auth = load_auth(dir.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
         assert_eq!(auth.mode, AuthMode::ApiKey);
         assert_eq!(auth.api_key.as_deref(), Some("sk-test-key"));
     }
@@ -454,7 +438,9 @@ mod tests {
         let env_var = std::env::var(OPENAI_API_KEY_ENV_VAR);
 
         if let Ok(env_var) = env_var {
-            let auth = load_auth(dir.path(), true).unwrap().unwrap();
+            let auth = load_auth(dir.path(), true, AuthMode::ChatGPT)
+                .unwrap()
+                .unwrap();
             assert_eq!(auth.mode, AuthMode::ApiKey);
             assert_eq!(auth.api_key, Some(env_var));
         }
@@ -497,7 +483,9 @@ mod tests {
             mode,
             auth_dot_json,
             auth_file: _,
-        } = load_auth(codex_home.path(), false).unwrap().unwrap();
+        } = load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
         assert_eq!(None, api_key);
         assert_eq!(AuthMode::ChatGPT, mode);
 
@@ -546,7 +534,9 @@ mod tests {
             mode,
             auth_dot_json,
             auth_file: _,
-        } = load_auth(codex_home.path(), false).unwrap().unwrap();
+        } = load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
         assert_eq!(None, api_key);
         assert_eq!(AuthMode::ChatGPT, mode);
 
@@ -594,7 +584,9 @@ mod tests {
             mode,
             auth_dot_json,
             auth_file: _,
-        } = load_auth(codex_home.path(), false).unwrap().unwrap();
+        } = load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
         assert_eq!(Some("sk-test-key".to_string()), api_key);
         assert_eq!(AuthMode::ApiKey, mode);
 
@@ -683,7 +675,9 @@ mod tests {
         )
         .unwrap();
 
-        let auth = load_auth(dir.path(), false).unwrap().unwrap();
+        let auth = load_auth(dir.path(), false, AuthMode::ChatGPT)
+            .unwrap()
+            .unwrap();
         assert_eq!(auth.mode, AuthMode::ApiKey);
         assert_eq!(auth.api_key, Some("sk-test-key".to_string()));
 

codex-rs/login/src/server.rs

@@ -1,39 +1,41 @@
+use std::io::Cursor;
 use std::io::{self};
 use std::path::Path;
+use std::path::PathBuf;
 use std::sync::Arc;
-use std::sync::atomic::AtomicBool;
-use std::sync::atomic::Ordering;
-
-use base64::Engine;
-use chrono::Utc;
-use rand::RngCore;
-use tiny_http::Response;
-use tiny_http::Server;
+use std::thread;
 
 use crate::AuthDotJson;
 use crate::get_auth_file;
 use crate::pkce::PkceCodes;
 use crate::pkce::generate_pkce;
+use base64::Engine;
+use chrono::Utc;
+use rand::RngCore;
+use tiny_http::Header;
+use tiny_http::Request;
+use tiny_http::Response;
+use tiny_http::Server;
 
 const DEFAULT_ISSUER: &str = "https://auth.openai.com";
 const DEFAULT_PORT: u16 = 1455;
 
 #[derive(Debug, Clone)]
-pub struct ServerOptions<'a> {
-    pub codex_home: &'a Path,
-    pub client_id: &'a str,
-    pub issuer: &'a str,
+pub struct ServerOptions {
+    pub codex_home: PathBuf,
+    pub client_id: String,
+    pub issuer: String,
     pub port: u16,
     pub open_browser: bool,
     pub force_state: Option<String>,
 }
 
-impl<'a> ServerOptions<'a> {
-    pub fn new(codex_home: &'a Path, client_id: &'a str) -> Self {
+impl ServerOptions {
+    pub fn new(codex_home: PathBuf, client_id: String) -> Self {
         Self {
             codex_home,
-            client_id,
-            issuer: DEFAULT_ISSUER,
+            client_id: client_id.to_string(),
+            issuer: DEFAULT_ISSUER.to_string(),
             port: DEFAULT_PORT,
             open_browser: true,
             force_state: None,
@@ -41,21 +43,41 @@ impl<'a> ServerOptions<'a> {
     }
 }
 
-#[allow(dead_code)]
-pub fn run_server_blocking(opts: ServerOptions) -> io::Result<()> {
-    run_server_blocking_with_notify(opts, None, None)
-}
-
-pub struct LoginServerInfo {
+pub struct LoginServer {
     pub auth_url: String,
     pub actual_port: u16,
+    server_handle: tokio::task::JoinHandle<io::Result<()>>,
+    shutdown_handle: ShutdownHandle,
 }
 
-pub fn run_server_blocking_with_notify(
-    opts: ServerOptions,
-    notify_started: Option<std::sync::mpsc::Sender<LoginServerInfo>>,
-    shutdown_flag: Option<Arc<AtomicBool>>,
-) -> io::Result<()> {
+impl LoginServer {
+    pub async fn block_until_done(self) -> io::Result<()> {
+        self.server_handle
+            .await
+            .map_err(|err| io::Error::other(format!("login server thread panicked: {err:?}")))?
+    }
+
+    pub fn cancel(&self) {
+        self.shutdown_handle.shutdown();
+    }
+
+    pub fn cancel_handle(&self) -> ShutdownHandle {
+        self.shutdown_handle.clone()
+    }
+}
+
+#[derive(Clone, Debug)]
+pub struct ShutdownHandle {
+    shutdown_notify: Arc<tokio::sync::Notify>,
+}
+
+impl ShutdownHandle {
+    pub fn shutdown(&self) {
+        self.shutdown_notify.notify_waiters();
+    }
+}
+
+pub fn run_login_server(opts: ServerOptions) -> io::Result<LoginServer> {
     let pkce = generate_pkce();
     let state = opts.force_state.clone().unwrap_or_else(generate_state);
 
@@ -69,137 +91,184 @@ pub fn run_server_blocking_with_notify(
             ));
         }
     };
+    let server = Arc::new(server);
 
     let redirect_uri = format!("http://localhost:{actual_port}/auth/callback");
-    let auth_url = build_authorize_url(opts.issuer, opts.client_id, &redirect_uri, &pkce, &state);
-
-    if let Some(tx) = &notify_started {
-        let _ = tx.send(LoginServerInfo {
-            auth_url: auth_url.clone(),
-            actual_port,
-        });
-    }
+    let auth_url = build_authorize_url(&opts.issuer, &opts.client_id, &redirect_uri, &pkce, &state);
 
     if opts.open_browser {
         let _ = webbrowser::open(&auth_url);
     }
 
-    let shutdown_flag = shutdown_flag.unwrap_or_else(|| Arc::new(AtomicBool::new(false)));
-    while !shutdown_flag.load(Ordering::SeqCst) {
-        let req = match server.recv() {
-            Ok(r) => r,
-            Err(e) => return Err(io::Error::other(e)),
-        };
-
-        let url_raw = req.url().to_string();
-        let parsed_url = match url::Url::parse(&format!("http://localhost{url_raw}")) {
-            Ok(u) => u,
-            Err(e) => {
-                eprintln!("URL parse error: {e}");
-                let _ = req.respond(Response::from_string("Bad Request").with_status_code(400));
-                continue;
+    // Map blocking reads from server.recv() to an async channel.
+    let (tx, mut rx) = tokio::sync::mpsc::channel::<Request>(16);
+    let _server_handle = {
+        let server = server.clone();
+        thread::spawn(move || -> io::Result<()> {
+            while let Ok(request) = server.recv() {
+                tx.blocking_send(request).map_err(|e| {
+                    eprintln!("Failed to send request to channel: {e}");
+                    io::Error::other("Failed to send request to channel")
+                })?;
             }
-        };
-        let path = parsed_url.path().to_string();
+            Ok(())
+        })
+    };
 
-        match path.as_str() {
-            "/auth/callback" => {
-                let params: std::collections::HashMap<String, String> =
-                    parsed_url.query_pairs().into_owned().collect();
-                if params.get("state").map(String::as_str) != Some(state.as_str()) {
-                    let _ =
-                        req.respond(Response::from_string("State mismatch").with_status_code(400));
-                    continue;
+    let shutdown_notify = Arc::new(tokio::sync::Notify::new());
+    let server_handle = {
+        let shutdown_notify = shutdown_notify.clone();
+        let server = server.clone();
+        tokio::spawn(async move {
+            let result = loop {
+                tokio::select! {
+                    _ = shutdown_notify.notified() => {
+                        break Err(io::Error::other("Login was not completed"));
+                    }
+                    maybe_req = rx.recv() => {
+                        let Some(req) = maybe_req else {
+                            break Err(io::Error::other("Login was not completed"));
+                        };
+
+                        let url_raw = req.url().to_string();
+                        let response =
+                            process_request(&url_raw, &opts, &redirect_uri, &pkce, actual_port, &state).await;
+
+                        let is_login_complete = matches!(response, HandledRequest::ResponseAndExit(_));
+                        match response {
+                            HandledRequest::Response(r) | HandledRequest::ResponseAndExit(r) => {
+                                let _ = tokio::task::spawn_blocking(move || req.respond(r)).await;
+                            }
+                            HandledRequest::RedirectWithHeader(header) => {
+                                let redirect = Response::empty(302).with_header(header);
+                                let _ = tokio::task::spawn_blocking(move || req.respond(redirect)).await;
+                            }
+                        }
+
+                        if is_login_complete {
+                            break Ok(());
+                        }
+                    }
                 }
-                let code = match params.get("code") {
-                    Some(c) if !c.is_empty() => c.clone(),
-                    _ => {
-                        let _ = req.respond(
-                            Response::from_string("Missing authorization code")
-                                .with_status_code(400),
-                        );
-                        continue;
-                    }
-                };
+            };
 
-                match exchange_code_for_tokens(
-                    opts.issuer,
-                    opts.client_id,
-                    &redirect_uri,
-                    &pkce,
-                    &code,
-                ) {
-                    Ok(tokens) => {
-                        // Obtain API key via token-exchange and persist
-                        let api_key =
-                            obtain_api_key(opts.issuer, opts.client_id, &tokens.id_token).ok();
-                        if let Err(err) = persist_tokens(
-                            opts.codex_home,
-                            api_key.clone(),
-                            tokens.id_token.clone(),
-                            Some(tokens.access_token.clone()),
-                            Some(tokens.refresh_token.clone()),
-                        ) {
-                            eprintln!("Persist error: {err}");
-                            let _ = req.respond(
-                                Response::from_string(format!(
-                                    "Unable to persist auth file: {err}"
-                                ))
-                                .with_status_code(500),
-                            );
-                            continue;
-                        }
+            // Ensure that the server is unblocked so the thread dedicated to
+            // running `server.recv()` in a loop exits cleanly.
+            server.unblock();
+            result
+        })
+    };
 
-                        let success_url = compose_success_url(
-                            actual_port,
-                            opts.issuer,
-                            &tokens.id_token,
-                            &tokens.access_token,
-                        );
-                        match tiny_http::Header::from_bytes(
-                            &b"Location"[..],
-                            success_url.as_bytes(),
-                        ) {
-                            Ok(h) => {
-                                let response = tiny_http::Response::empty(302).with_header(h);
-                                let _ = req.respond(response);
-                            }
-                            Err(_) => {
-                                let _ = req.respond(
-                                    Response::from_string("Internal Server Error")
-                                        .with_status_code(500),
-                                );
-                            }
-                        }
-                    }
-                    Err(err) => {
-                        eprintln!("Token exchange error: {err}");
-                        let _ = req.respond(
-                            Response::from_string(format!("Token exchange failed: {err}"))
+    Ok(LoginServer {
+        auth_url,
+        actual_port,
+        server_handle,
+        shutdown_handle: ShutdownHandle { shutdown_notify },
+    })
+}
+
+enum HandledRequest {
+    Response(Response<Cursor<Vec<u8>>>),
+    RedirectWithHeader(Header),
+    ResponseAndExit(Response<Cursor<Vec<u8>>>),
+}
+
+async fn process_request(
+    url_raw: &str,
+    opts: &ServerOptions,
+    redirect_uri: &str,
+    pkce: &PkceCodes,
+    actual_port: u16,
+    state: &str,
+) -> HandledRequest {
+    let parsed_url = match url::Url::parse(&format!("http://localhost{url_raw}")) {
+        Ok(u) => u,
+        Err(e) => {
+            eprintln!("URL parse error: {e}");
+            return HandledRequest::Response(
+                Response::from_string("Bad Request").with_status_code(400),
+            );
+        }
+    };
+    let path = parsed_url.path().to_string();
+
+    match path.as_str() {
+        "/auth/callback" => {
+            let params: std::collections::HashMap<String, String> =
+                parsed_url.query_pairs().into_owned().collect();
+            if params.get("state").map(String::as_str) != Some(state) {
+                return HandledRequest::Response(
+                    Response::from_string("State mismatch").with_status_code(400),
+                );
+            }
+            let code = match params.get("code") {
+                Some(c) if !c.is_empty() => c.clone(),
+                _ => {
+                    return HandledRequest::Response(
+                        Response::from_string("Missing authorization code").with_status_code(400),
+                    );
+                }
+            };
+
+            match exchange_code_for_tokens(&opts.issuer, &opts.client_id, redirect_uri, pkce, &code)
+                .await
+            {
+                Ok(tokens) => {
+                    // Obtain API key via token-exchange and persist
+                    let api_key = obtain_api_key(&opts.issuer, &opts.client_id, &tokens.id_token)
+                        .await
+                        .ok();
+                    if let Err(err) = persist_tokens_async(
+                        &opts.codex_home,
+                        api_key.clone(),
+                        tokens.id_token.clone(),
+                        Some(tokens.access_token.clone()),
+                        Some(tokens.refresh_token.clone()),
+                    )
+                    .await
+                    {
+                        eprintln!("Persist error: {err}");
+                        return HandledRequest::Response(
+                            Response::from_string(format!("Unable to persist auth file: {err}"))
                                 .with_status_code(500),
                         );
                     }
+
+                    let success_url = compose_success_url(
+                        actual_port,
+                        &opts.issuer,
+                        &tokens.id_token,
+                        &tokens.access_token,
+                    );
+                    match tiny_http::Header::from_bytes(&b"Location"[..], success_url.as_bytes()) {
+                        Ok(header) => HandledRequest::RedirectWithHeader(header),
+                        Err(_) => HandledRequest::Response(
+                            Response::from_string("Internal Server Error").with_status_code(500),
+                        ),
+                    }
                 }
-            }
-            "/success" => {
-                let body = include_str!("assets/success.html");
-                let mut resp = Response::from_data(body.as_bytes());
-                if let Ok(h) = tiny_http::Header::from_bytes(
-                    &b"Content-Type"[..],
-                    &b"text/html; charset=utf-8"[..],
-                ) {
-                    resp.add_header(h);
+                Err(err) => {
+                    eprintln!("Token exchange error: {err}");
+                    HandledRequest::Response(
+                        Response::from_string(format!("Token exchange failed: {err}"))
+                            .with_status_code(500),
+                    )
                 }
-                let _ = req.respond(resp);
-                shutdown_flag.store(true, Ordering::SeqCst);
-            }
-            _ => {
-                let _ = req.respond(Response::from_string("Not Found").with_status_code(404));
             }
         }
+        "/success" => {
+            let body = include_str!("assets/success.html");
+            let mut resp = Response::from_data(body.as_bytes());
+            if let Ok(h) = tiny_http::Header::from_bytes(
+                &b"Content-Type"[..],
+                &b"text/html; charset=utf-8"[..],
+            ) {
+                resp.add_header(h);
+            }
+            HandledRequest::ResponseAndExit(resp)
+        }
+        _ => HandledRequest::Response(Response::from_string("Not Found").with_status_code(404)),
     }
-
-    Ok(())
 }
 
 fn build_authorize_url(
@@ -240,7 +309,7 @@ struct ExchangedTokens {
     refresh_token: String,
 }
 
-fn exchange_code_for_tokens(
+async fn exchange_code_for_tokens(
     issuer: &str,
     client_id: &str,
     redirect_uri: &str,
@@ -254,7 +323,7 @@ fn exchange_code_for_tokens(
         refresh_token: String,
     }
 
-    let client = reqwest::blocking::Client::new();
+    let client = reqwest::Client::new();
     let resp = client
         .post(format!("{issuer}/oauth/token"))
         .header("Content-Type", "application/x-www-form-urlencoded")
@@ -266,6 +335,7 @@ fn exchange_code_for_tokens(
             urlencoding::encode(&pkce.code_verifier)
         ))
         .send()
+        .await
         .map_err(io::Error::other)?;
 
     if !resp.status().is_success() {
@@ -275,7 +345,7 @@ fn exchange_code_for_tokens(
         )));
     }
 
-    let tokens: TokenResponse = resp.json().map_err(io::Error::other)?;
+    let tokens: TokenResponse = resp.json().await.map_err(io::Error::other)?;
     Ok(ExchangedTokens {
         id_token: tokens.id_token,
         access_token: tokens.access_token,
@@ -283,43 +353,49 @@ fn exchange_code_for_tokens(
     })
 }
 
-fn persist_tokens(
+async fn persist_tokens_async(
     codex_home: &Path,
     api_key: Option<String>,
     id_token: String,
     access_token: Option<String>,
     refresh_token: Option<String>,
 ) -> io::Result<()> {
-    let auth_file = get_auth_file(codex_home);
-    if let Some(parent) = auth_file.parent() {
-        if !parent.exists() {
+    // Reuse existing synchronous logic but run it off the async runtime.
+    let codex_home = codex_home.to_path_buf();
+    tokio::task::spawn_blocking(move || {
+        let auth_file = get_auth_file(&codex_home);
+        if let Some(parent) = auth_file.parent()
+            && !parent.exists()
+        {
             std::fs::create_dir_all(parent).map_err(io::Error::other)?;
         }
-    }
 
-    let mut auth = read_or_default(&auth_file);
-    if let Some(key) = api_key {
-        auth.openai_api_key = Some(key);
-    }
-    let tokens = auth
-        .tokens
-        .get_or_insert_with(crate::token_data::TokenData::default);
-    tokens.id_token = crate::token_data::parse_id_token(&id_token).map_err(io::Error::other)?;
-    // Persist chatgpt_account_id if present in claims
-    if let Some(acc) = jwt_auth_claims(&id_token)
-        .get("chatgpt_account_id")
-        .and_then(|v| v.as_str())
-    {
-        tokens.account_id = Some(acc.to_string());
-    }
-    if let Some(at) = access_token {
-        tokens.access_token = at;
-    }
-    if let Some(rt) = refresh_token {
-        tokens.refresh_token = rt;
-    }
-    auth.last_refresh = Some(Utc::now());
-    super::write_auth_json(&auth_file, &auth)
+        let mut auth = read_or_default(&auth_file);
+        if let Some(key) = api_key {
+            auth.openai_api_key = Some(key);
+        }
+        let tokens = auth
+            .tokens
+            .get_or_insert_with(crate::token_data::TokenData::default);
+        tokens.id_token = crate::token_data::parse_id_token(&id_token).map_err(io::Error::other)?;
+        // Persist chatgpt_account_id if present in claims
+        if let Some(acc) = jwt_auth_claims(&id_token)
+            .get("chatgpt_account_id")
+            .and_then(|v| v.as_str())
+        {
+            tokens.account_id = Some(acc.to_string());
+        }
+        if let Some(at) = access_token {
+            tokens.access_token = at;
+        }
+        if let Some(rt) = refresh_token {
+            tokens.refresh_token = rt;
+        }
+        auth.last_refresh = Some(Utc::now());
+        super::write_auth_json(&auth_file, &auth)
+    })
+    .await
+    .map_err(|e| io::Error::other(format!("persist task failed: {e}")))?
 }
 
 fn read_or_default(path: &Path) -> AuthDotJson {
@@ -412,13 +488,13 @@ fn jwt_auth_claims(jwt: &str) -> serde_json::Map<String, serde_json::Value> {
     serde_json::Map::new()
 }
 
-fn obtain_api_key(issuer: &str, client_id: &str, id_token: &str) -> io::Result<String> {
+async fn obtain_api_key(issuer: &str, client_id: &str, id_token: &str) -> io::Result<String> {
     // Token exchange for an API key access token
     #[derive(serde::Deserialize)]
     struct ExchangeResp {
         access_token: String,
     }
-    let client = reqwest::blocking::Client::new();
+    let client = reqwest::Client::new();
     let resp = client
         .post(format!("{issuer}/oauth/token"))
         .header("Content-Type", "application/x-www-form-urlencoded")
@@ -431,6 +507,7 @@ fn obtain_api_key(issuer: &str, client_id: &str, id_token: &str) -> io::Result<S
             urlencoding::encode("urn:ietf:params:oauth:token-type:id_token")
         ))
         .send()
+        .await
         .map_err(io::Error::other)?;
     if !resp.status().is_success() {
         return Err(io::Error::other(format!(
@@ -438,6 +515,6 @@ fn obtain_api_key(issuer: &str, client_id: &str, id_token: &str) -> io::Result<S
             resp.status()
         )));
     }
-    let body: ExchangeResp = resp.json().map_err(io::Error::other)?;
+    let body: ExchangeResp = resp.json().await.map_err(io::Error::other)?;
     Ok(body.access_token)
 }

codex-rs/login/src/token_data.rs

@@ -3,6 +3,8 @@ use serde::Deserialize;
 use serde::Serialize;
 use thiserror::Error;
 
+use crate::AuthMode;
+
 #[derive(Deserialize, Serialize, Clone, Debug, PartialEq, Default)]
 pub struct TokenData {
     /// Flat info parsed from the JWT in auth.json.
@@ -23,12 +25,31 @@ pub struct TokenData {
 impl TokenData {
     /// Returns true if this is a plan that should use the traditional
     /// "metered" billing via an API key.
-    pub(crate) fn is_plan_that_should_use_api_key(&self) -> bool {
+    pub(crate) fn should_use_api_key(
+        &self,
+        preferred_auth_method: AuthMode,
+        is_openai_email: bool,
+    ) -> bool {
+        if preferred_auth_method == AuthMode::ApiKey {
+            return true;
+        }
+        // If the email is an OpenAI email, use AuthMode::ChatGPT unless preferred_auth_method is AuthMode::ApiKey.
+        if is_openai_email {
+            return false;
+        }
+
         self.id_token
             .chatgpt_plan_type
             .as_ref()
             .is_none_or(|plan| plan.is_plan_that_should_use_api_key())
     }
+
+    pub fn is_openai_email(&self) -> bool {
+        self.id_token
+            .email
+            .as_deref()
+            .is_some_and(|email| email.trim().to_ascii_lowercase().ends_with("@openai.com"))
+    }
 }
 
 /// Flat subset of useful claims in id_token from auth.json.

codex-rs/login/tests/login_server_e2e.rs

@@ -1,12 +1,11 @@
-#![expect(clippy::unwrap_used)]
+#![allow(clippy::unwrap_used)]
 use std::net::SocketAddr;
 use std::net::TcpListener;
 use std::thread;
 
 use base64::Engine;
-use codex_login::LoginServerInfo;
 use codex_login::ServerOptions;
-use codex_login::run_server_blocking_with_notify;
+use codex_login::run_login_server;
 use tempfile::tempdir;
 
 // See spawn.rs for details
@@ -74,8 +73,8 @@ fn start_mock_issuer() -> (SocketAddr, thread::JoinHandle<()>) {
     (addr, handle)
 }
 
-#[test]
-fn end_to_end_login_flow_persists_auth_json() {
+#[tokio::test]
+async fn end_to_end_login_flow_persists_auth_json() {
     if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
         println!(
             "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
@@ -94,35 +93,28 @@ fn end_to_end_login_flow_persists_auth_json() {
     // Run server in background
     let server_home = codex_home.clone();
 
-    let (tx, rx) = std::sync::mpsc::channel::<LoginServerInfo>();
-    let server_thread = thread::spawn(move || {
-        let opts = ServerOptions {
-            codex_home: &server_home,
-            client_id: codex_login::CLIENT_ID,
-            issuer: &issuer,
-            port: 0,
-            open_browser: false,
-            force_state: Some(state),
-        };
-        run_server_blocking_with_notify(opts, Some(tx), None).unwrap();
-    });
-
-    let server_info = rx.recv().unwrap();
-    let login_port = server_info.actual_port;
+    let opts = ServerOptions {
+        codex_home: server_home,
+        client_id: codex_login::CLIENT_ID.to_string(),
+        issuer,
+        port: 0,
+        open_browser: false,
+        force_state: Some(state),
+    };
+    let server = run_login_server(opts).unwrap();
+    let login_port = server.actual_port;
 
     // Simulate browser callback, and follow redirect to /success
-    let client = reqwest::blocking::Client::builder()
+    let client = reqwest::Client::builder()
         .redirect(reqwest::redirect::Policy::limited(5))
         .build()
         .unwrap();
     let url = format!("http://127.0.0.1:{login_port}/auth/callback?code=abc&state=test_state_123");
-    let resp = client.get(&url).send().unwrap();
+    let resp = client.get(&url).send().await.unwrap();
     assert!(resp.status().is_success());
 
     // Wait for server shutdown
-    server_thread
-        .join()
-        .unwrap_or_else(|_| panic!("server thread panicked"));
+    server.block_until_done().await.unwrap();
 
     // Validate auth.json
     let auth_path = codex_home.join("auth.json");
@@ -140,8 +132,8 @@ fn end_to_end_login_flow_persists_auth_json() {
     drop(issuer_handle);
 }
 
-#[test]
-fn creates_missing_codex_home_dir() {
+#[tokio::test]
+async fn creates_missing_codex_home_dir() {
     if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
         println!(
             "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
@@ -159,30 +151,23 @@ fn creates_missing_codex_home_dir() {
 
     // Run server in background
     let server_home = codex_home.clone();
-    let (tx, rx) = std::sync::mpsc::channel::<LoginServerInfo>();
-    let server_thread = thread::spawn(move || {
-        let opts = ServerOptions {
-            codex_home: &server_home,
-            client_id: codex_login::CLIENT_ID,
-            issuer: &issuer,
-            port: 0,
-            open_browser: false,
-            force_state: Some(state),
-        };
-        run_server_blocking_with_notify(opts, Some(tx), None).unwrap()
-    });
+    let opts = ServerOptions {
+        codex_home: server_home,
+        client_id: codex_login::CLIENT_ID.to_string(),
+        issuer,
+        port: 0,
+        open_browser: false,
+        force_state: Some(state),
+    };
+    let server = run_login_server(opts).unwrap();
+    let login_port = server.actual_port;
 
-    let server_info = rx.recv().unwrap();
-    let login_port = server_info.actual_port;
-
-    let client = reqwest::blocking::Client::new();
+    let client = reqwest::Client::new();
     let url = format!("http://127.0.0.1:{login_port}/auth/callback?code=abc&state=state2");
-    let resp = client.get(&url).send().unwrap();
+    let resp = client.get(&url).send().await.unwrap();
     assert!(resp.status().is_success());
 
-    server_thread
-        .join()
-        .unwrap_or_else(|_| panic!("server thread panicked"));
+    server.block_until_done().await.unwrap();
 
     let auth_path = codex_home.join("auth.json");
     assert!(

codex-rs/mcp-server/Cargo.toml

@@ -17,7 +17,10 @@ workspace = true
 [dependencies]
 anyhow = "1"
 codex-arg0 = { path = "../arg0" }
+codex-common = { path = "../common" }
 codex-core = { path = "../core" }
+codex-login = { path = "../login" }
+codex-protocol = { path = "../protocol" }
 mcp-types = { path = "../mcp-types" }
 schemars = "0.8.22"
 serde = { version = "1", features = ["derive"] }

codex-rs/mcp-server/src/codex_message_processor.rs

@@ -1,19 +1,23 @@
 use std::collections::HashMap;
 use std::path::PathBuf;
 use std::sync::Arc;
+use std::time::Duration;
 
 use codex_core::CodexConversation;
 use codex_core::ConversationManager;
 use codex_core::NewConversation;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
+use codex_core::git_info::git_diff_to_remote;
 use codex_core::protocol::ApplyPatchApprovalRequestEvent;
 use codex_core::protocol::Event;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::ExecApprovalRequestEvent;
 use codex_core::protocol::ReviewDecision;
+use codex_protocol::mcp_protocol::GitDiffToRemoteResponse;
 use mcp_types::JSONRPCErrorError;
 use mcp_types::RequestId;
+use tokio::sync::Mutex;
 use tokio::sync::oneshot;
 use tracing::error;
 use uuid::Uuid;
@@ -23,27 +27,50 @@ use crate::error_code::INVALID_REQUEST_ERROR_CODE;
 use crate::json_to_toml::json_to_toml;
 use crate::outgoing_message::OutgoingMessageSender;
 use crate::outgoing_message::OutgoingNotification;
-use crate::wire_format::APPLY_PATCH_APPROVAL_METHOD;
-use crate::wire_format::AddConversationListenerParams;
-use crate::wire_format::AddConversationSubscriptionResponse;
-use crate::wire_format::ApplyPatchApprovalParams;
-use crate::wire_format::ApplyPatchApprovalResponse;
-use crate::wire_format::ClientRequest;
-use crate::wire_format::ConversationId;
-use crate::wire_format::EXEC_COMMAND_APPROVAL_METHOD;
-use crate::wire_format::ExecCommandApprovalParams;
-use crate::wire_format::ExecCommandApprovalResponse;
-use crate::wire_format::InputItem as WireInputItem;
-use crate::wire_format::InterruptConversationParams;
-use crate::wire_format::InterruptConversationResponse;
-use crate::wire_format::NewConversationParams;
-use crate::wire_format::NewConversationResponse;
-use crate::wire_format::RemoveConversationListenerParams;
-use crate::wire_format::RemoveConversationSubscriptionResponse;
-use crate::wire_format::SendUserMessageParams;
-use crate::wire_format::SendUserMessageResponse;
 use codex_core::protocol::InputItem as CoreInputItem;
 use codex_core::protocol::Op;
+use codex_login::CLIENT_ID;
+use codex_login::ServerOptions as LoginServerOptions;
+use codex_login::ShutdownHandle;
+use codex_login::run_login_server;
+use codex_protocol::mcp_protocol::APPLY_PATCH_APPROVAL_METHOD;
+use codex_protocol::mcp_protocol::AddConversationListenerParams;
+use codex_protocol::mcp_protocol::AddConversationSubscriptionResponse;
+use codex_protocol::mcp_protocol::ApplyPatchApprovalParams;
+use codex_protocol::mcp_protocol::ApplyPatchApprovalResponse;
+use codex_protocol::mcp_protocol::ClientRequest;
+use codex_protocol::mcp_protocol::ConversationId;
+use codex_protocol::mcp_protocol::EXEC_COMMAND_APPROVAL_METHOD;
+use codex_protocol::mcp_protocol::ExecCommandApprovalParams;
+use codex_protocol::mcp_protocol::ExecCommandApprovalResponse;
+use codex_protocol::mcp_protocol::InputItem as WireInputItem;
+use codex_protocol::mcp_protocol::InterruptConversationParams;
+use codex_protocol::mcp_protocol::InterruptConversationResponse;
+use codex_protocol::mcp_protocol::LOGIN_CHATGPT_COMPLETE_EVENT;
+use codex_protocol::mcp_protocol::LoginChatGptCompleteNotification;
+use codex_protocol::mcp_protocol::LoginChatGptResponse;
+use codex_protocol::mcp_protocol::NewConversationParams;
+use codex_protocol::mcp_protocol::NewConversationResponse;
+use codex_protocol::mcp_protocol::RemoveConversationListenerParams;
+use codex_protocol::mcp_protocol::RemoveConversationSubscriptionResponse;
+use codex_protocol::mcp_protocol::SendUserMessageParams;
+use codex_protocol::mcp_protocol::SendUserMessageResponse;
+use codex_protocol::mcp_protocol::SendUserTurnParams;
+use codex_protocol::mcp_protocol::SendUserTurnResponse;
+
+// Duration before a ChatGPT login attempt is abandoned.
+const LOGIN_CHATGPT_TIMEOUT: Duration = Duration::from_secs(10 * 60);
+
+struct ActiveLogin {
+    shutdown_handle: ShutdownHandle,
+    login_id: Uuid,
+}
+
+impl ActiveLogin {
+    fn drop(&self) {
+        self.shutdown_handle.shutdown();
+    }
+}
 
 /// Handles JSON-RPC messages for Codex conversations.
 pub(crate) struct CodexMessageProcessor {
@@ -51,6 +78,9 @@ pub(crate) struct CodexMessageProcessor {
     outgoing: Arc<OutgoingMessageSender>,
     codex_linux_sandbox_exe: Option<PathBuf>,
     conversation_listeners: HashMap<Uuid, oneshot::Sender<()>>,
+    active_login: Arc<Mutex<Option<ActiveLogin>>>,
+    // Queue of pending interrupt requests per conversation. We reply when TurnAborted arrives.
+    pending_interrupts: Arc<Mutex<HashMap<Uuid, Vec<RequestId>>>>,
 }
 
 impl CodexMessageProcessor {
@@ -64,6 +94,8 @@ impl CodexMessageProcessor {
             outgoing,
             codex_linux_sandbox_exe,
             conversation_listeners: HashMap::new(),
+            active_login: Arc::new(Mutex::new(None)),
+            pending_interrupts: Arc::new(Mutex::new(HashMap::new())),
         }
     }
 
@@ -78,6 +110,9 @@ impl CodexMessageProcessor {
             ClientRequest::SendUserMessage { request_id, params } => {
                 self.send_user_message(request_id, params).await;
             }
+            ClientRequest::SendUserTurn { request_id, params } => {
+                self.send_user_turn(request_id, params).await;
+            }
             ClientRequest::InterruptConversation { request_id, params } => {
                 self.interrupt_conversation(request_id, params).await;
             }
@@ -87,6 +122,141 @@ impl CodexMessageProcessor {
             ClientRequest::RemoveConversationListener { request_id, params } => {
                 self.remove_conversation_listener(request_id, params).await;
             }
+            ClientRequest::LoginChatGpt { request_id } => {
+                self.login_chatgpt(request_id).await;
+            }
+            ClientRequest::CancelLoginChatGpt { request_id, params } => {
+                self.cancel_login_chatgpt(request_id, params.login_id).await;
+            }
+            ClientRequest::GitDiffToRemote { request_id, params } => {
+                self.git_diff_to_origin(request_id, params.cwd).await;
+            }
+        }
+    }
+
+    async fn login_chatgpt(&mut self, request_id: RequestId) {
+        let config =
+            match Config::load_with_cli_overrides(Default::default(), ConfigOverrides::default()) {
+                Ok(cfg) => cfg,
+                Err(err) => {
+                    let error = JSONRPCErrorError {
+                        code: INTERNAL_ERROR_CODE,
+                        message: format!("error loading config for login: {err}"),
+                        data: None,
+                    };
+                    self.outgoing.send_error(request_id, error).await;
+                    return;
+                }
+            };
+
+        let opts = LoginServerOptions {
+            open_browser: false,
+            ..LoginServerOptions::new(config.codex_home.clone(), CLIENT_ID.to_string())
+        };
+
+        enum LoginChatGptReply {
+            Response(LoginChatGptResponse),
+            Error(JSONRPCErrorError),
+        }
+
+        let reply = match run_login_server(opts) {
+            Ok(server) => {
+                let login_id = Uuid::new_v4();
+                let shutdown_handle = server.cancel_handle();
+
+                // Replace active login if present.
+                {
+                    let mut guard = self.active_login.lock().await;
+                    if let Some(existing) = guard.take() {
+                        existing.drop();
+                    }
+                    *guard = Some(ActiveLogin {
+                        shutdown_handle: shutdown_handle.clone(),
+                        login_id,
+                    });
+                }
+
+                let response = LoginChatGptResponse {
+                    login_id,
+                    auth_url: server.auth_url.clone(),
+                };
+
+                // Spawn background task to monitor completion.
+                let outgoing_clone = self.outgoing.clone();
+                let active_login = self.active_login.clone();
+                tokio::spawn(async move {
+                    let (success, error_msg) = match tokio::time::timeout(
+                        LOGIN_CHATGPT_TIMEOUT,
+                        server.block_until_done(),
+                    )
+                    .await
+                    {
+                        Ok(Ok(())) => (true, None),
+                        Ok(Err(err)) => (false, Some(format!("Login server error: {err}"))),
+                        Err(_elapsed) => {
+                            // Timeout: cancel server and report
+                            shutdown_handle.shutdown();
+                            (false, Some("Login timed out".to_string()))
+                        }
+                    };
+                    let notification = LoginChatGptCompleteNotification {
+                        login_id,
+                        success,
+                        error: error_msg,
+                    };
+                    let params = serde_json::to_value(&notification).ok();
+                    outgoing_clone
+                        .send_notification(OutgoingNotification {
+                            method: LOGIN_CHATGPT_COMPLETE_EVENT.to_string(),
+                            params,
+                        })
+                        .await;
+
+                    // Clear the active login if it matches this attempt. It may have been replaced or cancelled.
+                    let mut guard = active_login.lock().await;
+                    if guard.as_ref().map(|l| l.login_id) == Some(login_id) {
+                        *guard = None;
+                    }
+                });
+
+                LoginChatGptReply::Response(response)
+            }
+            Err(err) => LoginChatGptReply::Error(JSONRPCErrorError {
+                code: INTERNAL_ERROR_CODE,
+                message: format!("failed to start login server: {err}"),
+                data: None,
+            }),
+        };
+
+        match reply {
+            LoginChatGptReply::Response(resp) => {
+                self.outgoing.send_response(request_id, resp).await
+            }
+            LoginChatGptReply::Error(err) => self.outgoing.send_error(request_id, err).await,
+        }
+    }
+
+    async fn cancel_login_chatgpt(&mut self, request_id: RequestId, login_id: Uuid) {
+        let mut guard = self.active_login.lock().await;
+        if guard.as_ref().map(|l| l.login_id) == Some(login_id) {
+            if let Some(active) = guard.take() {
+                active.drop();
+            }
+            drop(guard);
+            self.outgoing
+                .send_response(
+                    request_id,
+                    codex_protocol::mcp_protocol::CancelLoginChatGptResponse {},
+                )
+                .await;
+        } else {
+            drop(guard);
+            let error = JSONRPCErrorError {
+                code: INVALID_REQUEST_ERROR_CODE,
+                message: format!("login id not found: {login_id}"),
+                data: None,
+            };
+            self.outgoing.send_error(request_id, error).await;
         }
     }
 
@@ -169,6 +339,58 @@ impl CodexMessageProcessor {
             .await;
     }
 
+    async fn send_user_turn(&self, request_id: RequestId, params: SendUserTurnParams) {
+        let SendUserTurnParams {
+            conversation_id,
+            items,
+            cwd,
+            approval_policy,
+            sandbox_policy,
+            model,
+            effort,
+            summary,
+        } = params;
+
+        let Ok(conversation) = self
+            .conversation_manager
+            .get_conversation(conversation_id.0)
+            .await
+        else {
+            let error = JSONRPCErrorError {
+                code: INVALID_REQUEST_ERROR_CODE,
+                message: format!("conversation not found: {conversation_id}"),
+                data: None,
+            };
+            self.outgoing.send_error(request_id, error).await;
+            return;
+        };
+
+        let mapped_items: Vec<CoreInputItem> = items
+            .into_iter()
+            .map(|item| match item {
+                WireInputItem::Text { text } => CoreInputItem::Text { text },
+                WireInputItem::Image { image_url } => CoreInputItem::Image { image_url },
+                WireInputItem::LocalImage { path } => CoreInputItem::LocalImage { path },
+            })
+            .collect();
+
+        let _ = conversation
+            .submit(Op::UserTurn {
+                items: mapped_items,
+                cwd,
+                approval_policy,
+                sandbox_policy,
+                model,
+                effort,
+                summary,
+            })
+            .await;
+
+        self.outgoing
+            .send_response(request_id, SendUserTurnResponse {})
+            .await;
+    }
+
     async fn interrupt_conversation(
         &mut self,
         request_id: RequestId,
@@ -189,13 +411,14 @@ impl CodexMessageProcessor {
             return;
         };
 
-        let _ = conversation.submit(Op::Interrupt).await;
+        // Record the pending interrupt so we can reply when TurnAborted arrives.
+        {
+            let mut map = self.pending_interrupts.lock().await;
+            map.entry(conversation_id.0).or_default().push(request_id);
+        }
 
-        // Apparently CodexConversation does not send an ack for Op::Interrupt,
-        // so we can reply to the request right away.
-        self.outgoing
-            .send_response(request_id, InterruptConversationResponse {})
-            .await;
+        // Submit the interrupt; we'll respond upon TurnAborted.
+        let _ = conversation.submit(Op::Interrupt).await;
     }
 
     async fn add_conversation_listener(
@@ -223,6 +446,7 @@ impl CodexMessageProcessor {
         self.conversation_listeners
             .insert(subscription_id, cancel_tx);
         let outgoing_for_task = self.outgoing.clone();
+        let pending_interrupts = self.pending_interrupts.clone();
         tokio::spawn(async move {
             loop {
                 tokio::select! {
@@ -263,7 +487,7 @@ impl CodexMessageProcessor {
                         })
                         .await;
 
-                        apply_bespoke_event_handling(event, conversation_id, conversation.clone(), outgoing_for_task.clone()).await;
+                        apply_bespoke_event_handling(event.clone(), conversation_id, conversation.clone(), outgoing_for_task.clone(), pending_interrupts.clone()).await;
                     }
                 }
             }
@@ -295,6 +519,27 @@ impl CodexMessageProcessor {
             }
         }
     }
+
+    async fn git_diff_to_origin(&self, request_id: RequestId, cwd: PathBuf) {
+        let diff = git_diff_to_remote(&cwd).await;
+        match diff {
+            Some(value) => {
+                let response = GitDiffToRemoteResponse {
+                    sha: value.sha,
+                    diff: value.diff,
+                };
+                self.outgoing.send_response(request_id, response).await;
+            }
+            None => {
+                let error = JSONRPCErrorError {
+                    code: INVALID_REQUEST_ERROR_CODE,
+                    message: format!("failed to compute git diff to remote for cwd: {cwd:?}"),
+                    data: None,
+                };
+                self.outgoing.send_error(request_id, error).await;
+            }
+        }
+    }
 }
 
 async fn apply_bespoke_event_handling(
@@ -302,6 +547,7 @@ async fn apply_bespoke_event_handling(
     conversation_id: ConversationId,
     conversation: Arc<CodexConversation>,
     outgoing: Arc<OutgoingMessageSender>,
+    pending_interrupts: Arc<Mutex<HashMap<Uuid, Vec<RequestId>>>>,
 ) {
     let Event { id: event_id, msg } = event;
     match msg {
@@ -350,6 +596,22 @@ async fn apply_bespoke_event_handling(
                 on_exec_approval_response(event_id, rx, conversation).await;
             });
         }
+        // If this is a TurnAborted, reply to any pending interrupt requests.
+        EventMsg::TurnAborted(turn_aborted_event) => {
+            let pending = {
+                let mut map = pending_interrupts.lock().await;
+                map.remove(&conversation_id.0).unwrap_or_default()
+            };
+            if !pending.is_empty() {
+                let response = InterruptConversationResponse {
+                    abort_reason: turn_aborted_event.reason,
+                };
+                for rid in pending {
+                    outgoing.send_response(rid, response.clone()).await;
+                }
+            }
+        }
+
         _ => {}
     }
 }
@@ -363,21 +625,23 @@ fn derive_config_from_params(
         profile,
         cwd,
         approval_policy,
-        sandbox,
+        sandbox: sandbox_mode,
         config: cli_overrides,
         base_instructions,
         include_plan_tool,
+        include_apply_patch_tool,
     } = params;
     let overrides = ConfigOverrides {
         model,
         config_profile: profile,
         cwd: cwd.map(PathBuf::from),
-        approval_policy: approval_policy.map(Into::into),
-        sandbox_mode: sandbox.map(Into::into),
+        approval_policy,
+        sandbox_mode,
         model_provider: None,
         codex_linux_sandbox_exe,
         base_instructions,
         include_plan_tool,
+        include_apply_patch_tool,
         disable_response_storage: None,
         show_raw_agent_reasoning: None,
     };

codex-rs/mcp-server/src/codex_tool_config.rs

@@ -1,7 +1,7 @@
 //! Configuration object accepted by the `codex` MCP tool-call.
 
-use codex_core::config_types::SandboxMode;
 use codex_core::protocol::AskForApproval;
+use codex_protocol::config_types::SandboxMode;
 use mcp_types::Tool;
 use mcp_types::ToolInputSchema;
 use schemars::JsonSchema;
@@ -160,6 +160,7 @@ impl CodexToolCallParam {
             codex_linux_sandbox_exe,
             base_instructions,
             include_plan_tool,
+            include_apply_patch_tool: None,
             disable_response_storage: None,
             show_raw_agent_reasoning: None,
         };

codex-rs/mcp-server/src/codex_tool_runner.rs

@@ -263,6 +263,7 @@ async fn run_codex_tool_session_inner(
                     | EventMsg::AgentReasoningSectionBreak(_)
                     | EventMsg::McpToolCallBegin(_)
                     | EventMsg::McpToolCallEnd(_)
+                    | EventMsg::McpListToolsResponse(_)
                     | EventMsg::ExecCommandBegin(_)
                     | EventMsg::ExecCommandOutputDelta(_)
                     | EventMsg::ExecCommandEnd(_)
@@ -272,6 +273,7 @@ async fn run_codex_tool_session_inner(
                     | EventMsg::TurnDiff(_)
                     | EventMsg::GetHistoryEntryResponse(_)
                     | EventMsg::PlanUpdate(_)
+                    | EventMsg::TurnAborted(_)
                     | EventMsg::ShutdownComplete => {
                         // For now, we do not do anything extra for these
                         // events. Note that

codex-rs/mcp-server/src/conversation_loop.rs

@@ -1,125 +0,0 @@
-use std::sync::Arc;
-
-use crate::exec_approval::handle_exec_approval_request;
-use crate::outgoing_message::OutgoingMessageSender;
-use crate::outgoing_message::OutgoingNotificationMeta;
-use crate::patch_approval::handle_patch_approval_request;
-use codex_core::CodexConversation;
-use codex_core::protocol::AgentMessageEvent;
-use codex_core::protocol::ApplyPatchApprovalRequestEvent;
-use codex_core::protocol::EventMsg;
-use codex_core::protocol::ExecApprovalRequestEvent;
-use mcp_types::RequestId;
-use tracing::error;
-
-pub async fn run_conversation_loop(
-    codex: Arc<CodexConversation>,
-    outgoing: Arc<OutgoingMessageSender>,
-    request_id: RequestId,
-) {
-    let request_id_str = match &request_id {
-        RequestId::String(s) => s.clone(),
-        RequestId::Integer(n) => n.to_string(),
-    };
-
-    // Stream events until the task needs to pause for user interaction or
-    // completes.
-    loop {
-        match codex.next_event().await {
-            Ok(event) => {
-                outgoing
-                    .send_event_as_notification(
-                        &event,
-                        Some(OutgoingNotificationMeta::new(Some(request_id.clone()))),
-                    )
-                    .await;
-
-                match event.msg {
-                    EventMsg::ExecApprovalRequest(ExecApprovalRequestEvent {
-                        command,
-                        cwd,
-                        call_id,
-                        reason: _,
-                    }) => {
-                        handle_exec_approval_request(
-                            command,
-                            cwd,
-                            outgoing.clone(),
-                            codex.clone(),
-                            request_id.clone(),
-                            request_id_str.clone(),
-                            event.id.clone(),
-                            call_id,
-                        )
-                        .await;
-                        continue;
-                    }
-                    EventMsg::Error(_) => {
-                        error!("Codex runtime error");
-                    }
-                    EventMsg::ApplyPatchApprovalRequest(ApplyPatchApprovalRequestEvent {
-                        call_id,
-                        reason,
-                        grant_root,
-                        changes,
-                    }) => {
-                        handle_patch_approval_request(
-                            call_id,
-                            reason,
-                            grant_root,
-                            changes,
-                            outgoing.clone(),
-                            codex.clone(),
-                            request_id.clone(),
-                            request_id_str.clone(),
-                            event.id.clone(),
-                        )
-                        .await;
-                        continue;
-                    }
-                    EventMsg::TaskComplete(_) => {}
-                    EventMsg::SessionConfigured(_) => {
-                        tracing::error!("unexpected SessionConfigured event");
-                    }
-                    EventMsg::AgentMessageDelta(_) => {
-                        // TODO: think how we want to support this in the MCP
-                    }
-                    EventMsg::AgentReasoningDelta(_) => {
-                        // TODO: think how we want to support this in the MCP
-                    }
-                    EventMsg::AgentMessage(AgentMessageEvent { .. }) => {
-                        // TODO: think how we want to support this in the MCP
-                    }
-                    EventMsg::AgentReasoningRawContent(_)
-                    | EventMsg::AgentReasoningRawContentDelta(_)
-                    | EventMsg::TaskStarted
-                    | EventMsg::TokenCount(_)
-                    | EventMsg::AgentReasoning(_)
-                    | EventMsg::AgentReasoningSectionBreak(_)
-                    | EventMsg::McpToolCallBegin(_)
-                    | EventMsg::McpToolCallEnd(_)
-                    | EventMsg::ExecCommandBegin(_)
-                    | EventMsg::ExecCommandEnd(_)
-                    | EventMsg::TurnDiff(_)
-                    | EventMsg::BackgroundEvent(_)
-                    | EventMsg::ExecCommandOutputDelta(_)
-                    | EventMsg::PatchApplyBegin(_)
-                    | EventMsg::PatchApplyEnd(_)
-                    | EventMsg::GetHistoryEntryResponse(_)
-                    | EventMsg::PlanUpdate(_)
-                    | EventMsg::ShutdownComplete => {
-                        // For now, we do not do anything extra for these
-                        // events. Note that
-                        // send(codex_event_to_notification(&event)) above has
-                        // already dispatched these events as notifications,
-                        // though we may want to do give different treatment to
-                        // individual events in the future.
-                    }
-                }
-            }
-            Err(e) => {
-                error!("Codex runtime error: {e}");
-            }
-        }
-    }
-}

codex-rs/mcp-server/src/lib.rs

@@ -18,16 +18,12 @@ use tracing_subscriber::EnvFilter;
 mod codex_message_processor;
 mod codex_tool_config;
 mod codex_tool_runner;
-mod conversation_loop;
 mod error_code;
 mod exec_approval;
 mod json_to_toml;
-pub mod mcp_protocol;
 pub(crate) mod message_processor;
 mod outgoing_message;
 mod patch_approval;
-pub(crate) mod tool_handlers;
-pub mod wire_format;
 
 use crate::message_processor::MessageProcessor;
 use crate::outgoing_message::OutgoingMessage;

codex-rs/mcp-server/src/message_processor.rs

@@ -1,5 +1,4 @@
 use std::collections::HashMap;
-use std::collections::HashSet;
 use std::path::PathBuf;
 use std::sync::Arc;
 
@@ -9,18 +8,12 @@ use crate::codex_tool_config::CodexToolCallReplyParam;
 use crate::codex_tool_config::create_tool_for_codex_tool_call_param;
 use crate::codex_tool_config::create_tool_for_codex_tool_call_reply_param;
 use crate::error_code::INVALID_REQUEST_ERROR_CODE;
-use crate::mcp_protocol::ToolCallRequestParams;
-use crate::mcp_protocol::ToolCallResponse;
-use crate::mcp_protocol::ToolCallResponseResult;
 use crate::outgoing_message::OutgoingMessageSender;
-use crate::tool_handlers::create_conversation::handle_create_conversation;
-use crate::tool_handlers::send_message::handle_send_message;
-use crate::wire_format::ClientRequest;
+use codex_protocol::mcp_protocol::ClientRequest;
 
 use codex_core::ConversationManager;
 use codex_core::config::Config as CodexConfig;
 use codex_core::protocol::Submission;
-use mcp_types::CallToolRequest;
 use mcp_types::CallToolRequestParams;
 use mcp_types::CallToolResult;
 use mcp_types::ClientRequest as McpClientRequest;
@@ -48,7 +41,6 @@ pub(crate) struct MessageProcessor {
     codex_linux_sandbox_exe: Option<PathBuf>,
     conversation_manager: Arc<ConversationManager>,
     running_requests_id_to_codex_uuid: Arc<Mutex<HashMap<RequestId, Uuid>>>,
-    running_session_ids: Arc<Mutex<HashSet<Uuid>>>,
 }
 
 impl MessageProcessor {
@@ -72,22 +64,9 @@ impl MessageProcessor {
             codex_linux_sandbox_exe,
             conversation_manager,
             running_requests_id_to_codex_uuid: Arc::new(Mutex::new(HashMap::new())),
-            running_session_ids: Arc::new(Mutex::new(HashSet::new())),
         }
     }
 
-    pub(crate) fn get_conversation_manager(&self) -> &ConversationManager {
-        &self.conversation_manager
-    }
-
-    pub(crate) fn outgoing(&self) -> Arc<OutgoingMessageSender> {
-        self.outgoing.clone()
-    }
-
-    pub(crate) fn running_session_ids(&self) -> Arc<Mutex<HashSet<Uuid>>> {
-        self.running_session_ids.clone()
-    }
-
     pub(crate) async fn process_request(&mut self, request: JSONRPCRequest) {
         if let Ok(request_json) = serde_json::to_value(request.clone())
             && let Ok(codex_request) = serde_json::from_value::<ClientRequest>(request_json)
@@ -341,14 +320,6 @@ impl MessageProcessor {
         params: <mcp_types::CallToolRequest as mcp_types::ModelContextProtocolRequest>::Params,
     ) {
         tracing::info!("tools/call -> params: {:?}", params);
-        // Serialize params into JSON and try to parse as new type
-        if let Ok(new_params) =
-            serde_json::to_value(&params).and_then(serde_json::from_value::<ToolCallRequestParams>)
-        {
-            // New tool call matched → forward
-            self.handle_new_tool_calls(id, new_params).await;
-            return;
-        }
         let CallToolRequestParams { name, arguments } = params;
 
         match name.as_str() {
@@ -372,30 +343,6 @@ impl MessageProcessor {
             }
         }
     }
-    async fn handle_new_tool_calls(&self, request_id: RequestId, params: ToolCallRequestParams) {
-        match params {
-            ToolCallRequestParams::ConversationCreate(args) => {
-                handle_create_conversation(self, request_id, args).await;
-            }
-            ToolCallRequestParams::ConversationSendMessage(args) => {
-                handle_send_message(self, request_id, args).await;
-            }
-            _ => {
-                let result = CallToolResult {
-                    content: vec![ContentBlock::TextContent(TextContent {
-                        r#type: "text".to_string(),
-                        text: "Unknown tool".to_string(),
-                        annotations: None,
-                    })],
-                    is_error: Some(true),
-                    structured_content: None,
-                };
-                self.send_response::<CallToolRequest>(request_id, result)
-                    .await;
-            }
-        }
-    }
-
     async fn handle_tool_call_codex(&self, id: RequestId, arguments: Option<serde_json::Value>) {
         let (initial_prompt, config): (String, CodexConfig) = match arguments {
             Some(json_val) => match serde_json::from_value::<CodexToolCallParam>(json_val) {
@@ -692,20 +639,4 @@ impl MessageProcessor {
     ) {
         tracing::info!("notifications/message -> params: {:?}", params);
     }
-
-    pub(crate) async fn send_response_with_optional_error(
-        &self,
-        id: RequestId,
-        message: Option<ToolCallResponseResult>,
-        error: Option<bool>,
-    ) {
-        let response = ToolCallResponse {
-            request_id: id.clone(),
-            is_error: error,
-            result: message,
-        };
-        let result: CallToolResult = response.into();
-        self.send_response::<mcp_types::CallToolRequest>(id.clone(), result)
-            .await;
-    }
 }

codex-rs/mcp-server/src/outgoing_message.rs

@@ -119,9 +119,6 @@ impl OutgoingMessageSender {
             params: Some(params.clone()),
         })
         .await;
-
-        self.send_event_as_notification_new_schema(event, Some(params.clone()))
-            .await;
     }
 
     pub(crate) async fn send_notification(&self, notification: OutgoingNotification) {
@@ -129,19 +126,6 @@ impl OutgoingMessageSender {
         let _ = self.sender.send(outgoing_message).await;
     }
 
-    // should be backwards compatible.
-    // it will replace send_event_as_notification eventually.
-    async fn send_event_as_notification_new_schema(
-        &self,
-        event: &Event,
-        params: Option<serde_json::Value>,
-    ) {
-        let outgoing_message = OutgoingMessage::Notification(OutgoingNotification {
-            method: event.msg.to_string(),
-            params,
-        });
-        let _ = self.sender.send(outgoing_message).await;
-    }
     pub(crate) async fn send_error(&self, id: RequestId, error: JSONRPCErrorError) {
         let outgoing_message = OutgoingMessage::Error(OutgoingError { id, error });
         let _ = self.sender.send(outgoing_message).await;
@@ -281,17 +265,6 @@ mod tests {
             panic!("Event must serialize");
         };
         assert_eq!(params, Some(expected_params.clone()));
-
-        let result2 = outgoing_rx.recv().await.unwrap();
-        let OutgoingMessage::Notification(OutgoingNotification {
-            method: method2,
-            params: params2,
-        }) = result2
-        else {
-            panic!("expected Notification for second message");
-        };
-        assert_eq!(method2, event.msg.to_string());
-        assert_eq!(params2, Some(expected_params));
     }
 
     #[tokio::test]
@@ -336,16 +309,5 @@ mod tests {
             }
         });
         assert_eq!(params.unwrap(), expected_params);
-
-        let result2 = outgoing_rx.recv().await.unwrap();
-        let OutgoingMessage::Notification(OutgoingNotification {
-            method: method2,
-            params: params2,
-        }) = result2
-        else {
-            panic!("expected Notification for second message");
-        };
-        assert_eq!(method2, event.msg.to_string());
-        assert_eq!(params2.unwrap(), expected_params);
     }
 }

codex-rs/mcp-server/src/tool_handlers/create_conversation.rs

@@ -1,126 +0,0 @@
-use std::path::PathBuf;
-
-use codex_core::NewConversation;
-use codex_core::config::Config as CodexConfig;
-use codex_core::config::ConfigOverrides;
-use mcp_types::RequestId;
-
-use crate::conversation_loop::run_conversation_loop;
-use crate::json_to_toml::json_to_toml;
-use crate::mcp_protocol::ConversationCreateArgs;
-use crate::mcp_protocol::ConversationCreateResult;
-use crate::mcp_protocol::ConversationId;
-use crate::mcp_protocol::ToolCallResponseResult;
-use crate::message_processor::MessageProcessor;
-
-pub(crate) async fn handle_create_conversation(
-    message_processor: &MessageProcessor,
-    id: RequestId,
-    args: ConversationCreateArgs,
-) {
-    // Build ConfigOverrides from args
-    let ConversationCreateArgs {
-        prompt: _, // not used here; creation only establishes the session
-        model,
-        cwd,
-        approval_policy,
-        sandbox,
-        config,
-        profile,
-        base_instructions,
-    } = args;
-
-    // Convert config overrides JSON into CLI-style TOML overrides
-    let cli_overrides: Vec<(String, toml::Value)> = match config {
-        Some(v) => match v.as_object() {
-            Some(map) => map
-                .into_iter()
-                .map(|(k, v)| (k.clone(), json_to_toml(v.clone())))
-                .collect(),
-            None => Vec::new(),
-        },
-        None => Vec::new(),
-    };
-
-    let overrides = ConfigOverrides {
-        model: Some(model.clone()),
-        cwd: Some(PathBuf::from(cwd)),
-        approval_policy,
-        sandbox_mode: sandbox,
-        model_provider: None,
-        config_profile: profile,
-        codex_linux_sandbox_exe: None,
-        base_instructions,
-        include_plan_tool: None,
-        disable_response_storage: None,
-        show_raw_agent_reasoning: None,
-    };
-
-    let cfg: CodexConfig = match CodexConfig::load_with_cli_overrides(cli_overrides, overrides) {
-        Ok(cfg) => cfg,
-        Err(e) => {
-            message_processor
-                .send_response_with_optional_error(
-                    id,
-                    Some(ToolCallResponseResult::ConversationCreate(
-                        ConversationCreateResult::Error {
-                            message: format!("Failed to load config: {e}"),
-                        },
-                    )),
-                    Some(true),
-                )
-                .await;
-            return;
-        }
-    };
-
-    // Initialize Codex session via server API
-    let NewConversation {
-        conversation_id: session_id,
-        conversation,
-        session_configured,
-    } = match message_processor
-        .get_conversation_manager()
-        .new_conversation(cfg)
-        .await
-    {
-        Ok(conv) => conv,
-        Err(e) => {
-            message_processor
-                .send_response_with_optional_error(
-                    id,
-                    Some(ToolCallResponseResult::ConversationCreate(
-                        ConversationCreateResult::Error {
-                            message: format!("Failed to initialize session: {e}"),
-                        },
-                    )),
-                    Some(true),
-                )
-                .await;
-            return;
-        }
-    };
-
-    let effective_model = session_configured.model.clone();
-
-    // Run the conversation loop in the background so this request can return immediately.
-    let outgoing = message_processor.outgoing();
-    let spawn_id = id.clone();
-    tokio::spawn(async move {
-        run_conversation_loop(conversation.clone(), outgoing, spawn_id).await;
-    });
-
-    // Reply with the new conversation id and effective model
-    message_processor
-        .send_response_with_optional_error(
-            id,
-            Some(ToolCallResponseResult::ConversationCreate(
-                ConversationCreateResult::Ok {
-                    conversation_id: ConversationId(session_id),
-                    model: effective_model,
-                },
-            )),
-            Some(false),
-        )
-        .await;
-}

codex-rs/mcp-server/src/tool_handlers/send_message.rs

@@ -1,114 +0,0 @@
-use codex_core::protocol::Op;
-use codex_core::protocol::Submission;
-use mcp_types::RequestId;
-
-use crate::mcp_protocol::ConversationSendMessageArgs;
-use crate::mcp_protocol::ConversationSendMessageResult;
-use crate::mcp_protocol::ToolCallResponseResult;
-use crate::message_processor::MessageProcessor;
-
-pub(crate) async fn handle_send_message(
-    message_processor: &MessageProcessor,
-    id: RequestId,
-    arguments: ConversationSendMessageArgs,
-) {
-    let ConversationSendMessageArgs {
-        conversation_id,
-        content: items,
-        parent_message_id: _,
-        conversation_overrides: _,
-    } = arguments;
-
-    if items.is_empty() {
-        message_processor
-            .send_response_with_optional_error(
-                id,
-                Some(ToolCallResponseResult::ConversationSendMessage(
-                    ConversationSendMessageResult::Error {
-                        message: "No content items provided".to_string(),
-                    },
-                )),
-                Some(true),
-            )
-            .await;
-        return;
-    }
-
-    let session_id = conversation_id.0;
-    let Ok(codex) = message_processor
-        .get_conversation_manager()
-        .get_conversation(session_id)
-        .await
-    else {
-        message_processor
-            .send_response_with_optional_error(
-                id,
-                Some(ToolCallResponseResult::ConversationSendMessage(
-                    ConversationSendMessageResult::Error {
-                        message: "Session does not exist".to_string(),
-                    },
-                )),
-                Some(true),
-            )
-            .await;
-        return;
-    };
-
-    let running = {
-        let running_sessions = message_processor.running_session_ids();
-        let mut running_sessions = running_sessions.lock().await;
-        !running_sessions.insert(session_id)
-    };
-
-    if running {
-        message_processor
-            .send_response_with_optional_error(
-                id,
-                Some(ToolCallResponseResult::ConversationSendMessage(
-                    ConversationSendMessageResult::Error {
-                        message: "Session is already running".to_string(),
-                    },
-                )),
-                Some(true),
-            )
-            .await;
-        return;
-    }
-
-    let request_id_string = match &id {
-        RequestId::String(s) => s.clone(),
-        RequestId::Integer(i) => i.to_string(),
-    };
-
-    let submit_res = codex
-        .submit_with_id(Submission {
-            id: request_id_string,
-            op: Op::UserInput { items },
-        })
-        .await;
-
-    if let Err(e) = submit_res {
-        message_processor
-            .send_response_with_optional_error(
-                id,
-                Some(ToolCallResponseResult::ConversationSendMessage(
-                    ConversationSendMessageResult::Error {
-                        message: format!("Failed to submit user input: {e}"),
-                    },
-                )),
-                Some(true),
-            )
-            .await;
-        return;
-    }
-
-    message_processor
-        .send_response_with_optional_error(
-            id,
-            Some(ToolCallResponseResult::ConversationSendMessage(
-                ConversationSendMessageResult::Ok,
-            )),
-            Some(false),
-        )
-        .await;
-}

codex-rs/mcp-server/tests/codex_message_processor_flow.rs

@@ -1,23 +1,30 @@
 use std::path::Path;
 
+use codex_core::protocol::AskForApproval;
+use codex_core::protocol::SandboxPolicy;
+use codex_core::protocol_config_types::ReasoningEffort;
+use codex_core::protocol_config_types::ReasoningSummary;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
-use codex_mcp_server::wire_format::AddConversationListenerParams;
-use codex_mcp_server::wire_format::AddConversationSubscriptionResponse;
-use codex_mcp_server::wire_format::NewConversationParams;
-use codex_mcp_server::wire_format::NewConversationResponse;
-use codex_mcp_server::wire_format::RemoveConversationListenerParams;
-use codex_mcp_server::wire_format::RemoveConversationSubscriptionResponse;
-use codex_mcp_server::wire_format::SendUserMessageParams;
-use codex_mcp_server::wire_format::SendUserMessageResponse;
+use codex_protocol::mcp_protocol::AddConversationListenerParams;
+use codex_protocol::mcp_protocol::AddConversationSubscriptionResponse;
+use codex_protocol::mcp_protocol::EXEC_COMMAND_APPROVAL_METHOD;
+use codex_protocol::mcp_protocol::NewConversationParams;
+use codex_protocol::mcp_protocol::NewConversationResponse;
+use codex_protocol::mcp_protocol::RemoveConversationListenerParams;
+use codex_protocol::mcp_protocol::RemoveConversationSubscriptionResponse;
+use codex_protocol::mcp_protocol::SendUserMessageParams;
+use codex_protocol::mcp_protocol::SendUserMessageResponse;
+use codex_protocol::mcp_protocol::SendUserTurnParams;
+use codex_protocol::mcp_protocol::SendUserTurnResponse;
 use mcp_test_support::McpProcess;
 use mcp_test_support::create_final_assistant_message_sse_response;
 use mcp_test_support::create_mock_chat_completions_server;
 use mcp_test_support::create_shell_sse_response;
+use mcp_test_support::to_response;
 use mcp_types::JSONRPCNotification;
 use mcp_types::JSONRPCResponse;
 use mcp_types::RequestId;
 use pretty_assertions::assert_eq;
-use serde::de::DeserializeOwned;
 use std::env;
 use tempfile::TempDir;
 use tokio::time::timeout;
@@ -106,7 +113,7 @@ async fn test_codex_jsonrpc_conversation_flow() {
     let send_user_id = mcp
         .send_send_user_message_request(SendUserMessageParams {
             conversation_id,
-            items: vec![codex_mcp_server::wire_format::InputItem::Text {
+            items: vec![codex_protocol::mcp_protocol::InputItem::Text {
                 text: "text".to_string(),
             }],
         })
@@ -161,10 +168,182 @@ async fn test_codex_jsonrpc_conversation_flow() {
         to_response(remove_listener_resp).expect("deserialize removeConversationListener response");
 }
 
-fn to_response<T: DeserializeOwned>(response: JSONRPCResponse) -> anyhow::Result<T> {
-    let value = serde_json::to_value(response.result)?;
-    let codex_response = serde_json::from_value(value)?;
-    Ok(codex_response)
+#[tokio::test(flavor = "multi_thread", worker_threads = 4)]
+async fn test_send_user_turn_changes_approval_policy_behavior() {
+    if env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    let tmp = TempDir::new().expect("tmp dir");
+    let codex_home = tmp.path().join("codex_home");
+    std::fs::create_dir(&codex_home).expect("create codex home dir");
+    let working_directory = tmp.path().join("workdir");
+    std::fs::create_dir(&working_directory).expect("create working directory");
+
+    // Mock server will request a python shell call for the first and second turn, then finish.
+    let responses = vec![
+        create_shell_sse_response(
+            vec![
+                "python3".to_string(),
+                "-c".to_string(),
+                "print(42)".to_string(),
+            ],
+            Some(&working_directory),
+            Some(5000),
+            "call1",
+        )
+        .expect("create first shell sse response"),
+        create_final_assistant_message_sse_response("done 1")
+            .expect("create final assistant message 1"),
+        create_shell_sse_response(
+            vec![
+                "python3".to_string(),
+                "-c".to_string(),
+                "print(42)".to_string(),
+            ],
+            Some(&working_directory),
+            Some(5000),
+            "call2",
+        )
+        .expect("create second shell sse response"),
+        create_final_assistant_message_sse_response("done 2")
+            .expect("create final assistant message 2"),
+    ];
+    let server = create_mock_chat_completions_server(responses).await;
+    create_config_toml(&codex_home, &server.uri()).expect("write config");
+
+    // Start MCP server and initialize.
+    let mut mcp = McpProcess::new(&codex_home).await.expect("spawn mcp");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init error");
+
+    // 1) Start conversation with approval_policy=untrusted
+    let new_conv_id = mcp
+        .send_new_conversation_request(NewConversationParams {
+            cwd: Some(working_directory.to_string_lossy().into_owned()),
+            ..Default::default()
+        })
+        .await
+        .expect("send newConversation");
+    let new_conv_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
+    )
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
+    let NewConversationResponse {
+        conversation_id, ..
+    } = to_response::<NewConversationResponse>(new_conv_resp)
+        .expect("deserialize newConversation response");
+
+    // 2) addConversationListener
+    let add_listener_id = mcp
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
+        .await
+        .expect("send addConversationListener");
+    let _: AddConversationSubscriptionResponse =
+        to_response::<AddConversationSubscriptionResponse>(
+            timeout(
+                DEFAULT_READ_TIMEOUT,
+                mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
+            )
+            .await
+            .expect("addConversationListener timeout")
+            .expect("addConversationListener resp"),
+        )
+        .expect("deserialize addConversationListener response");
+
+    // 3) sendUserMessage triggers a shell call; approval policy is Untrusted so we should get an elicitation
+    let send_user_id = mcp
+        .send_send_user_message_request(SendUserMessageParams {
+            conversation_id,
+            items: vec![codex_protocol::mcp_protocol::InputItem::Text {
+                text: "run python".to_string(),
+            }],
+        })
+        .await
+        .expect("send sendUserMessage");
+    let _send_user_resp: SendUserMessageResponse = to_response::<SendUserMessageResponse>(
+        timeout(
+            DEFAULT_READ_TIMEOUT,
+            mcp.read_stream_until_response_message(RequestId::Integer(send_user_id)),
+        )
+        .await
+        .expect("sendUserMessage timeout")
+        .expect("sendUserMessage resp"),
+    )
+    .expect("deserialize sendUserMessage response");
+
+    // Expect an ExecCommandApproval request (elicitation)
+    let request = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_request_message(),
+    )
+    .await
+    .expect("waiting for exec approval request timeout")
+    .expect("exec approval request");
+    assert_eq!(request.method, EXEC_COMMAND_APPROVAL_METHOD);
+
+    // Approve so the first turn can complete
+    mcp.send_response(
+        request.id,
+        serde_json::json!({ "decision": codex_core::protocol::ReviewDecision::Approved }),
+    )
+    .await
+    .expect("send approval response");
+
+    // Wait for first TaskComplete
+    let _ = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("codex/event/task_complete"),
+    )
+    .await
+    .expect("task_complete 1 timeout")
+    .expect("task_complete 1 notification");
+
+    // 4) sendUserTurn with approval_policy=never should run without elicitation
+    let send_turn_id = mcp
+        .send_send_user_turn_request(SendUserTurnParams {
+            conversation_id,
+            items: vec![codex_protocol::mcp_protocol::InputItem::Text {
+                text: "run python again".to_string(),
+            }],
+            cwd: working_directory.clone(),
+            approval_policy: AskForApproval::Never,
+            sandbox_policy: SandboxPolicy::new_read_only_policy(),
+            model: "mock-model".to_string(),
+            effort: ReasoningEffort::Medium,
+            summary: ReasoningSummary::Auto,
+        })
+        .await
+        .expect("send sendUserTurn");
+    // Acknowledge sendUserTurn
+    let _send_turn_resp: SendUserTurnResponse = to_response::<SendUserTurnResponse>(
+        timeout(
+            DEFAULT_READ_TIMEOUT,
+            mcp.read_stream_until_response_message(RequestId::Integer(send_turn_id)),
+        )
+        .await
+        .expect("sendUserTurn timeout")
+        .expect("sendUserTurn resp"),
+    )
+    .expect("deserialize sendUserTurn response");
+
+    // Ensure we do NOT receive an ExecCommandApproval request before the task completes.
+    // If any Request is seen while waiting for task_complete, the helper will error and the test fails.
+    let _ = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("codex/event/task_complete"),
+    )
+    .await
+    .expect("task_complete 2 timeout")
+    .expect("task_complete 2 notification");
 }
 
 // Helper: minimal config.toml pointing at mock provider.
@@ -175,7 +354,7 @@ fn create_config_toml(codex_home: &Path, server_uri: &str) -> std::io::Result<()
         format!(
             r#"
 model = "mock-model"
-approval_policy = "never"
+approval_policy = "untrusted"
 
 model_provider = "mock_provider"
 

codex-rs/mcp-server/tests/codex_tool.rs

@@ -35,7 +35,7 @@ const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs
 /// Test that a shell command that is not on the "trusted" list triggers an
 /// elicitation request to the MCP and that sending the approval runs the
 /// command, as expected.
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+#[tokio::test(flavor = "multi_thread", worker_threads = 4)]
 async fn test_shell_command_approval_triggers_elicitation() {
     if env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
         println!(
@@ -114,6 +114,16 @@ async fn shell_command_approval_triggers_elicitation() -> anyhow::Result<()> {
         )
         .await?;
 
+    // Verify task_complete notification arrives before the tool call completes.
+    #[expect(clippy::expect_used)]
+    let _task_complete = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp_process.read_stream_until_legacy_task_complete_notification(),
+    )
+    .await
+    .expect("task_complete_notification timeout")
+    .expect("task_complete_notification resp");
+
     // Verify the original `codex` tool call completes and that `git init` ran
     // successfully.
     let codex_response = timeout(

codex-rs/mcp-server/tests/common/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2024"
 name = "mcp_test_support"
 version = { workspace = true }
-edition = "2024"
 
 [lib]
 path = "lib.rs"
@@ -9,10 +9,12 @@ path = "lib.rs"
 [dependencies]
 anyhow = "1"
 assert_cmd = "2"
-codex-mcp-server = { path = "../.." }
 codex-core = { path = "../../../core" }
+codex-mcp-server = { path = "../.." }
+codex-protocol = { path = "../../../protocol" }
 mcp-types = { path = "../../../mcp-types" }
 pretty_assertions = "1.4.1"
+serde = { version = "1" }
 serde_json = "1"
 shlex = "1.3.0"
 tempfile = "3"
@@ -22,5 +24,5 @@ tokio = { version = "1", features = [
     "process",
     "rt-multi-thread",
 ] }
+uuid = { version = "1", features = ["serde", "v4"] }
 wiremock = "0.6"
-uuid = { version = "1", features = ["serde", "v4"] }

codex-rs/mcp-server/tests/common/lib.rs

@@ -3,7 +3,15 @@ mod mock_model_server;
 mod responses;
 
 pub use mcp_process::McpProcess;
+use mcp_types::JSONRPCResponse;
 pub use mock_model_server::create_mock_chat_completions_server;
 pub use responses::create_apply_patch_sse_response;
 pub use responses::create_final_assistant_message_sse_response;
 pub use responses::create_shell_sse_response;
+use serde::de::DeserializeOwned;
+
+pub fn to_response<T: DeserializeOwned>(response: JSONRPCResponse) -> anyhow::Result<T> {
+    let value = serde_json::to_value(response.result)?;
+    let codex_response = serde_json::from_value(value)?;
+    Ok(codex_response)
+}

codex-rs/mcp-server/tests/common/mcp_process.rs

@@ -11,17 +11,13 @@ use tokio::process::ChildStdout;
 
 use anyhow::Context;
 use assert_cmd::prelude::*;
-use codex_core::protocol::InputItem;
 use codex_mcp_server::CodexToolCallParam;
-use codex_mcp_server::CodexToolCallReplyParam;
-use codex_mcp_server::mcp_protocol::ConversationCreateArgs;
-use codex_mcp_server::mcp_protocol::ConversationId;
-use codex_mcp_server::mcp_protocol::ConversationSendMessageArgs;
-use codex_mcp_server::mcp_protocol::ToolCallRequestParams;
-use codex_mcp_server::wire_format::AddConversationListenerParams;
-use codex_mcp_server::wire_format::NewConversationParams;
-use codex_mcp_server::wire_format::RemoveConversationListenerParams;
-use codex_mcp_server::wire_format::SendUserMessageParams;
+use codex_protocol::mcp_protocol::AddConversationListenerParams;
+use codex_protocol::mcp_protocol::InterruptConversationParams;
+use codex_protocol::mcp_protocol::NewConversationParams;
+use codex_protocol::mcp_protocol::RemoveConversationListenerParams;
+use codex_protocol::mcp_protocol::SendUserMessageParams;
+use codex_protocol::mcp_protocol::SendUserTurnParams;
 
 use mcp_types::CallToolRequestParams;
 use mcp_types::ClientCapabilities;
@@ -39,7 +35,6 @@ use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::process::Command as StdCommand;
 use tokio::process::Command;
-use uuid::Uuid;
 
 pub struct McpProcess {
     next_request_id: AtomicI64,
@@ -166,83 +161,6 @@ impl McpProcess {
         .await
     }
 
-    pub async fn send_codex_reply_tool_call(
-        &mut self,
-        session_id: &str,
-        prompt: &str,
-    ) -> anyhow::Result<i64> {
-        let codex_tool_call_params = CallToolRequestParams {
-            name: "codex-reply".to_string(),
-            arguments: Some(serde_json::to_value(CodexToolCallReplyParam {
-                prompt: prompt.to_string(),
-                session_id: session_id.to_string(),
-            })?),
-        };
-        self.send_request(
-            mcp_types::CallToolRequest::METHOD,
-            Some(serde_json::to_value(codex_tool_call_params)?),
-        )
-        .await
-    }
-
-    pub async fn send_user_message_tool_call(
-        &mut self,
-        message: &str,
-        session_id: &str,
-    ) -> anyhow::Result<i64> {
-        let params = ToolCallRequestParams::ConversationSendMessage(ConversationSendMessageArgs {
-            conversation_id: ConversationId(Uuid::parse_str(session_id)?),
-            content: vec![InputItem::Text {
-                text: message.to_string(),
-            }],
-            parent_message_id: None,
-            conversation_overrides: None,
-        });
-        self.send_request(
-            mcp_types::CallToolRequest::METHOD,
-            Some(serde_json::to_value(params)?),
-        )
-        .await
-    }
-
-    pub async fn send_conversation_create_tool_call(
-        &mut self,
-        prompt: &str,
-        model: &str,
-        cwd: &str,
-    ) -> anyhow::Result<i64> {
-        let params = ToolCallRequestParams::ConversationCreate(ConversationCreateArgs {
-            prompt: prompt.to_string(),
-            model: model.to_string(),
-            cwd: cwd.to_string(),
-            approval_policy: None,
-            sandbox: None,
-            config: None,
-            profile: None,
-            base_instructions: None,
-        });
-        self.send_request(
-            mcp_types::CallToolRequest::METHOD,
-            Some(serde_json::to_value(params)?),
-        )
-        .await
-    }
-
-    pub async fn send_conversation_create_with_args(
-        &mut self,
-        args: ConversationCreateArgs,
-    ) -> anyhow::Result<i64> {
-        let params = ToolCallRequestParams::ConversationCreate(args);
-        self.send_request(
-            mcp_types::CallToolRequest::METHOD,
-            Some(serde_json::to_value(params)?),
-        )
-        .await
-    }
-
-    // ---------------------------------------------------------------------
-    // Codex JSON-RPC (non-tool) helpers
-    // ---------------------------------------------------------------------
     /// Send a `newConversation` JSON-RPC request.
     pub async fn send_new_conversation_request(
         &mut self,
@@ -281,6 +199,24 @@ impl McpProcess {
             .await
     }
 
+    /// Send a `sendUserTurn` JSON-RPC request.
+    pub async fn send_send_user_turn_request(
+        &mut self,
+        params: SendUserTurnParams,
+    ) -> anyhow::Result<i64> {
+        let params = Some(serde_json::to_value(params)?);
+        self.send_request("sendUserTurn", params).await
+    }
+
+    /// Send a `interruptConversation` JSON-RPC request.
+    pub async fn send_interrupt_conversation_request(
+        &mut self,
+        params: InterruptConversationParams,
+    ) -> anyhow::Result<i64> {
+        let params = Some(serde_json::to_value(params)?);
+        self.send_request("interruptConversation", params).await
+    }
+
     async fn send_request(
         &mut self,
         method: &str,
@@ -325,6 +261,7 @@ impl McpProcess {
         let message = serde_json::from_str::<JSONRPCMessage>(&line)?;
         Ok(message)
     }
+
     pub async fn read_stream_until_request_message(&mut self) -> anyhow::Result<JSONRPCRequest> {
         loop {
             let message = self.read_jsonrpc_message().await?;
@@ -374,6 +311,33 @@ impl McpProcess {
         }
     }
 
+    pub async fn read_stream_until_error_message(
+        &mut self,
+        request_id: RequestId,
+    ) -> anyhow::Result<mcp_types::JSONRPCError> {
+        loop {
+            let message = self.read_jsonrpc_message().await?;
+            eprint!("message: {message:?}");
+
+            match message {
+                JSONRPCMessage::Notification(_) => {
+                    eprintln!("notification: {message:?}");
+                }
+                JSONRPCMessage::Request(_) => {
+                    anyhow::bail!("unexpected JSONRPCMessage::Request: {message:?}");
+                }
+                JSONRPCMessage::Response(_) => {
+                    // Keep scanning; we're waiting for an error with matching id.
+                }
+                JSONRPCMessage::Error(err) => {
+                    if err.id == request_id {
+                        return Ok(err);
+                    }
+                }
+            }
+        }
+    }
+
     pub async fn read_stream_until_notification_message(
         &mut self,
         method: &str,
@@ -401,52 +365,33 @@ impl McpProcess {
         }
     }
 
-    pub async fn read_stream_until_configured_response_message(
+    /// Reads notifications until a legacy TaskComplete event is observed:
+    /// Method "codex/event" with params.msg.type == "task_complete".
+    pub async fn read_stream_until_legacy_task_complete_notification(
         &mut self,
-    ) -> anyhow::Result<String> {
-        let mut sid_old: Option<String> = None;
-        let mut sid_new: Option<String> = None;
+    ) -> anyhow::Result<JSONRPCNotification> {
         loop {
             let message = self.read_jsonrpc_message().await?;
             eprint!("message: {message:?}");
 
             match message {
                 JSONRPCMessage::Notification(notification) => {
-                    if let Some(params) = notification.params {
-                        // Back-compat schema: method == "codex/event" and msg.type == "session_configured"
-                        if notification.method == "codex/event" {
-                            if let Some(msg) = params.get("msg") {
-                                if msg.get("type").and_then(|v| v.as_str())
-                                    == Some("session_configured")
-                                {
-                                    if let Some(session_id) =
-                                        msg.get("session_id").and_then(|v| v.as_str())
-                                    {
-                                        sid_old = Some(session_id.to_string());
-                                    }
-                                }
-                            }
+                    let is_match = if notification.method == "codex/event" {
+                        if let Some(params) = &notification.params {
+                            params
+                                .get("msg")
+                                .and_then(|m| m.get("type"))
+                                .and_then(|t| t.as_str())
+                                == Some("task_complete")
+                        } else {
+                            false
                         }
-                        // New schema: method is the Display of EventMsg::SessionConfigured => "SessionConfigured"
-                        if notification.method == "session_configured" {
-                            if let Some(msg) = params.get("msg") {
-                                if let Some(session_id) =
-                                    msg.get("session_id").and_then(|v| v.as_str())
-                                {
-                                    sid_new = Some(session_id.to_string());
-                                }
-                            }
-                        }
-                    }
+                    } else {
+                        false
+                    };
 
-                    if sid_old.is_some() && sid_new.is_some() {
-                        // Both seen, they must match
-                        assert_eq!(
-                            sid_old.as_ref().unwrap(),
-                            sid_new.as_ref().unwrap(),
-                            "session_id mismatch between old and new schema"
-                        );
-                        return Ok(sid_old.unwrap());
+                    if is_match {
+                        return Ok(notification);
                     }
                 }
                 JSONRPCMessage::Request(_) => {
@@ -461,17 +406,4 @@ impl McpProcess {
             }
         }
     }
-
-    pub async fn send_notification(
-        &mut self,
-        method: &str,
-        params: Option<serde_json::Value>,
-    ) -> anyhow::Result<()> {
-        self.send_jsonrpc_message(JSONRPCMessage::Notification(JSONRPCNotification {
-            jsonrpc: JSONRPC_VERSION.into(),
-            method: method.to_string(),
-            params,
-        }))
-        .await
-    }
 }

codex-rs/mcp-server/tests/create_conversation.rs

@@ -1,8 +1,16 @@
 use std::path::Path;
 
+use codex_protocol::mcp_protocol::AddConversationListenerParams;
+use codex_protocol::mcp_protocol::AddConversationSubscriptionResponse;
+use codex_protocol::mcp_protocol::InputItem;
+use codex_protocol::mcp_protocol::NewConversationParams;
+use codex_protocol::mcp_protocol::NewConversationResponse;
+use codex_protocol::mcp_protocol::SendUserMessageParams;
+use codex_protocol::mcp_protocol::SendUserMessageResponse;
 use mcp_test_support::McpProcess;
 use mcp_test_support::create_final_assistant_message_sse_response;
 use mcp_test_support::create_mock_chat_completions_server;
+use mcp_test_support::to_response;
 use mcp_types::JSONRPCResponse;
 use mcp_types::RequestId;
 use pretty_assertions::assert_eq;
@@ -33,43 +41,64 @@ async fn test_conversation_create_and_send_message_ok() {
         .expect("init timeout")
         .expect("init failed");
 
-    // Create a conversation via the new tool.
-    let req_id = mcp
-        .send_conversation_create_tool_call("", "o3", "/repo")
+    // Create a conversation via the new JSON-RPC API.
+    let new_conv_id = mcp
+        .send_new_conversation_request(NewConversationParams {
+            model: Some("o3".to_string()),
+            ..Default::default()
+        })
         .await
-        .expect("send conversationCreate");
-
-    let resp: JSONRPCResponse = timeout(
+        .expect("send newConversation");
+    let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(req_id)),
+        mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
     .await
-    .expect("create response timeout")
-    .expect("create response error");
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
+    let NewConversationResponse {
+        conversation_id,
+        model,
+    } = to_response::<NewConversationResponse>(new_conv_resp)
+        .expect("deserialize newConversation response");
+    assert_eq!(model, "o3");
 
-    // Structured content must include status=ok, a UUID conversation_id and the model we passed.
-    let sc = &resp.result["structuredContent"];
-    let conv_id = sc["conversation_id"].as_str().expect("uuid string");
-    assert!(!conv_id.is_empty());
-    assert_eq!(sc["model"], json!("o3"));
-
-    // Now send a message to the created conversation and expect an OK result.
-    let send_id = mcp
-        .send_user_message_tool_call("Hello", conv_id)
+    // Add a listener so we receive notifications for this conversation (not strictly required for this test).
+    let add_listener_id = mcp
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
         .await
-        .expect("send message");
+        .expect("send addConversationListener");
+    let _sub: AddConversationSubscriptionResponse =
+        to_response::<AddConversationSubscriptionResponse>(
+            timeout(
+                DEFAULT_READ_TIMEOUT,
+                mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
+            )
+            .await
+            .expect("addConversationListener timeout")
+            .expect("addConversationListener resp"),
+        )
+        .expect("deserialize addConversationListener response");
 
+    // Now send a user message via the wire API and expect an OK (empty object) result.
+    let send_id = mcp
+        .send_send_user_message_request(SendUserMessageParams {
+            conversation_id,
+            items: vec![InputItem::Text {
+                text: "Hello".to_string(),
+            }],
+        })
+        .await
+        .expect("send sendUserMessage");
     let send_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(send_id)),
     )
     .await
-    .expect("send response timeout")
-    .expect("send response error");
-    assert_eq!(
-        send_resp.result["structuredContent"],
-        json!({ "status": "ok" })
-    );
+    .expect("sendUserMessage timeout")
+    .expect("sendUserMessage resp");
+    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(send_resp)
+        .expect("deserialize sendUserMessage response");
 
     // avoid race condition by waiting for the mock server to receive the chat.completions request
     let deadline = std::time::Instant::now() + DEFAULT_READ_TIMEOUT;

codex-rs/mcp-server/tests/interrupt.rs

@@ -3,17 +3,24 @@
 
 use std::path::Path;
 
+use codex_core::protocol::TurnAbortReason;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
-use codex_mcp_server::CodexToolCallParam;
+use codex_protocol::mcp_protocol::AddConversationListenerParams;
+use codex_protocol::mcp_protocol::InterruptConversationParams;
+use codex_protocol::mcp_protocol::InterruptConversationResponse;
+use codex_protocol::mcp_protocol::NewConversationParams;
+use codex_protocol::mcp_protocol::NewConversationResponse;
+use codex_protocol::mcp_protocol::SendUserMessageParams;
+use codex_protocol::mcp_protocol::SendUserMessageResponse;
 use mcp_types::JSONRPCResponse;
 use mcp_types::RequestId;
-use serde_json::json;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 use mcp_test_support::McpProcess;
 use mcp_test_support::create_mock_chat_completions_server;
 use mcp_test_support::create_shell_sse_response;
+use mcp_test_support::to_response;
 
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
@@ -41,111 +48,91 @@ async fn shell_command_interruption() -> anyhow::Result<()> {
     let shell_command = vec![
         "powershell".to_string(),
         "-Command".to_string(),
-        "Start-Sleep -Seconds 60".to_string(),
+        "Start-Sleep -Seconds 10".to_string(),
     ];
     #[cfg(not(target_os = "windows"))]
-    let shell_command = vec!["sleep".to_string(), "60".to_string()];
-    let workdir_for_shell_function_call = TempDir::new()?;
+    let shell_command = vec!["sleep".to_string(), "10".to_string()];
+
+    let tmp = TempDir::new()?;
+    // Temporary Codex home with config pointing at the mock server.
+    let codex_home = tmp.path().join("codex_home");
+    std::fs::create_dir(&codex_home)?;
+    let working_directory = tmp.path().join("workdir");
+    std::fs::create_dir(&working_directory)?;
 
     // Create mock server with a single SSE response: the long sleep command
-    let server = create_mock_chat_completions_server(vec![
-        create_shell_sse_response(
-            shell_command.clone(),
-            Some(workdir_for_shell_function_call.path()),
-            Some(60_000), // 60 seconds timeout in ms
-            "call_sleep",
-        )?,
-        create_shell_sse_response(
-            shell_command.clone(),
-            Some(workdir_for_shell_function_call.path()),
-            Some(60_000), // 60 seconds timeout in ms
-            "call_sleep",
-        )?,
-    ])
+    let server = create_mock_chat_completions_server(vec![create_shell_sse_response(
+        shell_command.clone(),
+        Some(&working_directory),
+        Some(10_000), // 10 seconds timeout in ms
+        "call_sleep",
+    )?])
     .await;
+    create_config_toml(&codex_home, server.uri())?;
 
-    // Create Codex configuration
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), server.uri())?;
-    let mut mcp_process = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp_process.initialize()).await??;
+    // Start MCP server and initialize.
+    let mut mcp = McpProcess::new(&codex_home).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
 
-    // Send codex tool call that triggers "sleep 60"
-    let codex_request_id = mcp_process
-        .send_codex_tool_call(CodexToolCallParam {
-            cwd: None,
-            prompt: "First Run: run `sleep 60`".to_string(),
-            model: None,
-            profile: None,
-            approval_policy: None,
-            sandbox: None,
-            config: None,
-            base_instructions: None,
-            include_plan_tool: None,
+    // 1) newConversation
+    let new_conv_id = mcp
+        .send_new_conversation_request(NewConversationParams {
+            cwd: Some(working_directory.to_string_lossy().into_owned()),
+            ..Default::default()
         })
         .await?;
+    let new_conv_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
+    )
+    .await??;
+    let new_conv_resp = to_response::<NewConversationResponse>(new_conv_resp)?;
+    let NewConversationResponse {
+        conversation_id, ..
+    } = new_conv_resp;
 
-    let session_id = mcp_process
-        .read_stream_until_configured_response_message()
+    // 2) addConversationListener
+    let add_listener_id = mcp
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
         .await?;
+    let _add_listener_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
+    )
+    .await??;
+
+    // 3) sendUserMessage (should trigger notifications; we only validate an OK response)
+    let send_user_id = mcp
+        .send_send_user_message_request(SendUserMessageParams {
+            conversation_id,
+            items: vec![codex_protocol::mcp_protocol::InputItem::Text {
+                text: "run first sleep command".to_string(),
+            }],
+        })
+        .await?;
+    let send_user_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(send_user_id)),
+    )
+    .await??;
+    let SendUserMessageResponse {} = to_response::<SendUserMessageResponse>(send_user_resp)?;
 
     // Give the command a moment to start
     tokio::time::sleep(std::time::Duration::from_secs(1)).await;
 
-    // Send interrupt notification
-    mcp_process
-        .send_notification(
-            "notifications/cancelled",
-            Some(json!({ "requestId": codex_request_id })),
-        )
+    // 4) send interrupt request
+    let interrupt_id = mcp
+        .send_interrupt_conversation_request(InterruptConversationParams { conversation_id })
         .await?;
-
-    // Expect Codex to return an error or interruption response
-    let codex_response: JSONRPCResponse = timeout(
+    let interrupt_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
-        mcp_process.read_stream_until_response_message(RequestId::Integer(codex_request_id)),
+        mcp.read_stream_until_response_message(RequestId::Integer(interrupt_id)),
     )
     .await??;
+    let InterruptConversationResponse { abort_reason } =
+        to_response::<InterruptConversationResponse>(interrupt_resp)?;
+    assert_eq!(TurnAbortReason::Interrupted, abort_reason);
 
-    assert!(
-        codex_response
-            .result
-            .as_object()
-            .map(|o| o.contains_key("error"))
-            .unwrap_or(false),
-        "Expected an interruption or error result, got: {codex_response:?}"
-    );
-
-    let codex_reply_request_id = mcp_process
-        .send_codex_reply_tool_call(&session_id, "Second Run: run `sleep 60`")
-        .await?;
-
-    // Give the command a moment to start
-    tokio::time::sleep(std::time::Duration::from_secs(1)).await;
-
-    // Send interrupt notification
-    mcp_process
-        .send_notification(
-            "notifications/cancelled",
-            Some(json!({ "requestId": codex_reply_request_id })),
-        )
-        .await?;
-
-    // Expect Codex to return an error or interruption response
-    let codex_response: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp_process.read_stream_until_response_message(RequestId::Integer(codex_reply_request_id)),
-    )
-    .await??;
-
-    assert!(
-        codex_response
-            .result
-            .as_object()
-            .map(|o| o.contains_key("error"))
-            .unwrap_or(false),
-        "Expected an interruption or error result, got: {codex_response:?}"
-    );
     Ok(())
 }
 

codex-rs/mcp-server/tests/send_message.rs

@@ -1,16 +1,21 @@
 use std::path::Path;
-use std::thread::sleep;
-use std::time::Duration;
 
-use codex_mcp_server::CodexToolCallParam;
+use codex_protocol::mcp_protocol::AddConversationListenerParams;
+use codex_protocol::mcp_protocol::AddConversationSubscriptionResponse;
+use codex_protocol::mcp_protocol::ConversationId;
+use codex_protocol::mcp_protocol::InputItem;
+use codex_protocol::mcp_protocol::NewConversationParams;
+use codex_protocol::mcp_protocol::NewConversationResponse;
+use codex_protocol::mcp_protocol::SendUserMessageParams;
+use codex_protocol::mcp_protocol::SendUserMessageResponse;
 use mcp_test_support::McpProcess;
 use mcp_test_support::create_final_assistant_message_sse_response;
 use mcp_test_support::create_mock_chat_completions_server;
-use mcp_types::JSONRPC_VERSION;
+use mcp_test_support::to_response;
+use mcp_types::JSONRPCNotification;
 use mcp_types::JSONRPCResponse;
 use mcp_types::RequestId;
 use pretty_assertions::assert_eq;
-use serde_json::json;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
@@ -31,76 +36,94 @@ async fn test_send_message_success() {
     create_config_toml(codex_home.path(), &server.uri()).expect("write config.toml");
 
     // Start MCP server process and initialize.
-    let mut mcp_process = McpProcess::new(codex_home.path())
+    let mut mcp = McpProcess::new(codex_home.path())
         .await
         .expect("spawn mcp process");
-    timeout(DEFAULT_READ_TIMEOUT, mcp_process.initialize())
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
         .await
         .expect("init timed out")
         .expect("init failed");
 
-    // Kick off a Codex session so we have a valid session_id.
-    let codex_request_id = mcp_process
-        .send_codex_tool_call(CodexToolCallParam {
-            prompt: "Start a session".to_string(),
-            ..Default::default()
-        })
+    // Start a conversation using the new wire API.
+    let new_conv_id = mcp
+        .send_new_conversation_request(NewConversationParams::default())
         .await
-        .expect("send codex tool call");
-
-    // Wait for the session_configured event to get the session_id.
-    let session_id = mcp_process
-        .read_stream_until_configured_response_message()
-        .await
-        .expect("read session_configured");
-
-    // The original codex call will finish quickly given our mock; consume its response.
-    timeout(
+        .expect("send newConversation");
+    let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
-        mcp_process.read_stream_until_response_message(RequestId::Integer(codex_request_id)),
+        mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
     .await
-    .expect("codex response timeout")
-    .expect("codex response error");
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
+    let NewConversationResponse {
+        conversation_id, ..
+    } = to_response::<_>(new_conv_resp).expect("deserialize newConversation response");
 
-    // Now exercise the send-user-message tool.
-    let send_msg_request_id = mcp_process
-        .send_user_message_tool_call("Hello again", &session_id)
+    // 2) addConversationListener
+    let add_listener_id = mcp
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
         .await
-        .expect("send send-message tool call");
+        .expect("send addConversationListener");
+    let add_listener_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
+    )
+    .await
+    .expect("addConversationListener timeout")
+    .expect("addConversationListener resp");
+    let AddConversationSubscriptionResponse { subscription_id: _ } =
+        to_response::<_>(add_listener_resp).expect("deserialize addConversationListener response");
+
+    // Now exercise sendUserMessage twice.
+    send_message("Hello", conversation_id, &mut mcp).await;
+    send_message("Hello again", conversation_id, &mut mcp).await;
+}
+
+#[expect(clippy::expect_used)]
+async fn send_message(message: &str, conversation_id: ConversationId, mcp: &mut McpProcess) {
+    // Now exercise sendUserMessage.
+    let send_id = mcp
+        .send_send_user_message_request(SendUserMessageParams {
+            conversation_id,
+            items: vec![InputItem::Text {
+                text: message.to_string(),
+            }],
+        })
+        .await
+        .expect("send sendUserMessage");
 
     let response: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
-        mcp_process.read_stream_until_response_message(RequestId::Integer(send_msg_request_id)),
+        mcp.read_stream_until_response_message(RequestId::Integer(send_id)),
     )
     .await
-    .expect("send-user-message response timeout")
-    .expect("send-user-message response error");
+    .expect("sendUserMessage response timeout")
+    .expect("sendUserMessage response error");
 
+    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(response)
+        .expect("deserialize sendUserMessage response");
+
+    // Verify the task_finished notification is received.
+    // Note this also ensures that the final request to the server was made.
+    let task_finished_notification: JSONRPCNotification = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("codex/event/task_complete"),
+    )
+    .await
+    .expect("task_finished_notification timeout")
+    .expect("task_finished_notification resp");
+    let serde_json::Value::Object(map) = task_finished_notification
+        .params
+        .expect("notification should have params")
+    else {
+        panic!("task_finished_notification should have params");
+    };
     assert_eq!(
-        JSONRPCResponse {
-            jsonrpc: JSONRPC_VERSION.into(),
-            id: RequestId::Integer(send_msg_request_id),
-            result: json!({
-                "content": [
-                    {
-                        "text": "{\"status\":\"ok\"}",
-                        "type": "text",
-                    }
-                ],
-                "isError": false,
-                "structuredContent": {
-                    "status": "ok"
-                }
-            }),
-        },
-        response
+        map.get("conversationId")
+            .expect("should have conversationId"),
+        &serde_json::Value::String(conversation_id.to_string())
     );
-    // wait for the server to hear the user message
-    sleep(Duration::from_secs(5));
-
-    // Ensure the server and tempdir live until end of test
-    drop(server);
 }
 
 #[tokio::test]
@@ -113,24 +136,26 @@ async fn test_send_message_session_not_found() {
         .expect("timeout")
         .expect("init");
 
-    let unknown = uuid::Uuid::new_v4().to_string();
+    let unknown = ConversationId(uuid::Uuid::new_v4());
     let req_id = mcp
-        .send_user_message_tool_call("ping", &unknown)
+        .send_send_user_message_request(SendUserMessageParams {
+            conversation_id: unknown,
+            items: vec![InputItem::Text {
+                text: "ping".to_string(),
+            }],
+        })
         .await
-        .expect("send tool");
+        .expect("send sendUserMessage");
 
-    let resp: JSONRPCResponse = timeout(
+    // Expect an error response for unknown conversation.
+    let err = timeout(
         DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(req_id)),
+        mcp.read_stream_until_error_message(RequestId::Integer(req_id)),
     )
     .await
     .expect("timeout")
-    .expect("resp");
-
-    let result = resp.result.clone();
-    let content = result["content"][0]["text"].as_str().unwrap_or("");
-    assert!(content.contains("Session does not exist"));
-    assert_eq!(result["isError"], json!(true));
+    .expect("error");
+    assert_eq!(err.id, RequestId::Integer(req_id));
 }
 
 // ---------------------------------------------------------------------------

codex-rs/mcp-types/Cargo.toml

@@ -9,3 +9,4 @@ workspace = true
 [dependencies]
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
+ts-rs = { version = "11", features = ["serde-json-impl"] }

codex-rs/mcp-types/generate_mcp_types.py

@@ -17,9 +17,9 @@ from typing import Any, Literal
 SCHEMA_VERSION = "2025-06-18"
 JSONRPC_VERSION = "2.0"
 
-STANDARD_DERIVE = "#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]\n"
+STANDARD_DERIVE = "#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]\n"
 STANDARD_HASHABLE_DERIVE = (
-    "#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq)]\n"
+    "#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq, TS)]\n"
 )
 
 # Will be populated with the schema's `definitions` map in `main()` so that
@@ -75,6 +75,8 @@ use serde::Serialize;
 use serde::de::DeserializeOwned;
 use std::convert::TryFrom;
 
+use ts_rs::TS;
+
 pub const MCP_SCHEMA_VERSION: &str = "{SCHEMA_VERSION}";
 pub const JSONRPC_VERSION: &str = "{JSONRPC_VERSION}";
 

codex-rs/mcp-types/src/lib.rs

@@ -10,6 +10,8 @@ use serde::Serialize;
 use serde::de::DeserializeOwned;
 use std::convert::TryFrom;
 
+use ts_rs::TS;
+
 pub const MCP_SCHEMA_VERSION: &str = "2025-06-18";
 pub const JSONRPC_VERSION: &str = "2.0";
 
@@ -31,7 +33,7 @@ fn default_jsonrpc() -> String {
 }
 
 /// Optional annotations for the client. The client can use annotations to inform how objects are used or displayed
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Annotations {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub audience: Option<Vec<Role>>,
@@ -46,7 +48,7 @@ pub struct Annotations {
 }
 
 /// Audio provided to or from an LLM.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct AudioContent {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -57,14 +59,14 @@ pub struct AudioContent {
 }
 
 /// Base interface for metadata with name (identifier) and title (display name) properties.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct BaseMetadata {
     pub name: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub title: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct BlobResourceContents {
     pub blob: String,
     #[serde(rename = "mimeType", default, skip_serializing_if = "Option::is_none")]
@@ -72,7 +74,7 @@ pub struct BlobResourceContents {
     pub uri: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct BooleanSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub default: Option<bool>,
@@ -83,7 +85,7 @@ pub struct BooleanSchema {
     pub r#type: String, // &'static str = "boolean"
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum CallToolRequest {}
 
 impl ModelContextProtocolRequest for CallToolRequest {
@@ -92,7 +94,7 @@ impl ModelContextProtocolRequest for CallToolRequest {
     type Result = CallToolResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CallToolRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub arguments: Option<serde_json::Value>,
@@ -100,7 +102,7 @@ pub struct CallToolRequestParams {
 }
 
 /// The server's response to a tool call.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CallToolResult {
     pub content: Vec<ContentBlock>,
     #[serde(rename = "isError", default, skip_serializing_if = "Option::is_none")]
@@ -121,7 +123,7 @@ impl From<CallToolResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum CancelledNotification {}
 
 impl ModelContextProtocolNotification for CancelledNotification {
@@ -129,7 +131,7 @@ impl ModelContextProtocolNotification for CancelledNotification {
     type Params = CancelledNotificationParams;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CancelledNotificationParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub reason: Option<String>,
@@ -138,7 +140,7 @@ pub struct CancelledNotificationParams {
 }
 
 /// Capabilities a client may support. Known capabilities are defined here, in this schema, but this is not a closed set: any client can define its own, additional capabilities.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ClientCapabilities {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub elicitation: Option<serde_json::Value>,
@@ -151,7 +153,7 @@ pub struct ClientCapabilities {
 }
 
 /// Present if the client supports listing roots.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ClientCapabilitiesRoots {
     #[serde(
         rename = "listChanged",
@@ -161,7 +163,7 @@ pub struct ClientCapabilitiesRoots {
     pub list_changed: Option<bool>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum ClientNotification {
     CancelledNotification(CancelledNotification),
@@ -170,7 +172,7 @@ pub enum ClientNotification {
     RootsListChangedNotification(RootsListChangedNotification),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(tag = "method", content = "params")]
 pub enum ClientRequest {
     #[serde(rename = "initialize")]
@@ -203,7 +205,7 @@ pub enum ClientRequest {
     CompleteRequest(<CompleteRequest as ModelContextProtocolRequest>::Params),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum ClientResult {
     Result(Result),
@@ -212,7 +214,7 @@ pub enum ClientResult {
     ElicitResult(ElicitResult),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum CompleteRequest {}
 
 impl ModelContextProtocolRequest for CompleteRequest {
@@ -221,7 +223,7 @@ impl ModelContextProtocolRequest for CompleteRequest {
     type Result = CompleteResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CompleteRequestParams {
     pub argument: CompleteRequestParamsArgument,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -230,20 +232,20 @@ pub struct CompleteRequestParams {
 }
 
 /// Additional, optional context for completions
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CompleteRequestParamsContext {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub arguments: Option<serde_json::Value>,
 }
 
 /// The argument's information
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CompleteRequestParamsArgument {
     pub name: String,
     pub value: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum CompleteRequestParamsRef {
     PromptReference(PromptReference),
@@ -251,12 +253,12 @@ pub enum CompleteRequestParamsRef {
 }
 
 /// The server's response to a completion/complete request
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CompleteResult {
     pub completion: CompleteResultCompletion,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CompleteResultCompletion {
     #[serde(rename = "hasMore", default, skip_serializing_if = "Option::is_none")]
     pub has_more: Option<bool>,
@@ -273,7 +275,7 @@ impl From<CompleteResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum ContentBlock {
     TextContent(TextContent),
@@ -283,7 +285,7 @@ pub enum ContentBlock {
     EmbeddedResource(EmbeddedResource),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum CreateMessageRequest {}
 
 impl ModelContextProtocolRequest for CreateMessageRequest {
@@ -292,7 +294,7 @@ impl ModelContextProtocolRequest for CreateMessageRequest {
     type Result = CreateMessageResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CreateMessageRequestParams {
     #[serde(
         rename = "includeContext",
@@ -328,7 +330,7 @@ pub struct CreateMessageRequestParams {
 }
 
 /// The client's response to a sampling/create_message request from the server. The client should inform the user before returning the sampled message, to allow them to inspect the response (human in the loop) and decide whether to allow the server to see it.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct CreateMessageResult {
     pub content: CreateMessageResultContent,
     pub model: String,
@@ -341,7 +343,7 @@ pub struct CreateMessageResult {
     pub stop_reason: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum CreateMessageResultContent {
     TextContent(TextContent),
@@ -357,10 +359,10 @@ impl From<CreateMessageResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Cursor(String);
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ElicitRequest {}
 
 impl ModelContextProtocolRequest for ElicitRequest {
@@ -369,7 +371,7 @@ impl ModelContextProtocolRequest for ElicitRequest {
     type Result = ElicitResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ElicitRequestParams {
     pub message: String,
     #[serde(rename = "requestedSchema")]
@@ -378,7 +380,7 @@ pub struct ElicitRequestParams {
 
 /// A restricted subset of JSON Schema.
 /// Only top-level properties are allowed, without nesting.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ElicitRequestParamsRequestedSchema {
     pub properties: serde_json::Value,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -387,7 +389,7 @@ pub struct ElicitRequestParamsRequestedSchema {
 }
 
 /// The client's response to an elicitation request.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ElicitResult {
     pub action: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -406,7 +408,7 @@ impl From<ElicitResult> for serde_json::Value {
 ///
 /// It is up to the client how best to render embedded resources for the benefit
 /// of the LLM and/or the user.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct EmbeddedResource {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -414,7 +416,7 @@ pub struct EmbeddedResource {
     pub r#type: String, // &'static str = "resource"
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum EmbeddedResourceResource {
     TextResourceContents(TextResourceContents),
@@ -423,7 +425,7 @@ pub enum EmbeddedResourceResource {
 
 pub type EmptyResult = Result;
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct EnumSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub description: Option<String>,
@@ -435,7 +437,7 @@ pub struct EnumSchema {
     pub r#type: String, // &'static str = "string"
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum GetPromptRequest {}
 
 impl ModelContextProtocolRequest for GetPromptRequest {
@@ -444,7 +446,7 @@ impl ModelContextProtocolRequest for GetPromptRequest {
     type Result = GetPromptResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct GetPromptRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub arguments: Option<serde_json::Value>,
@@ -452,7 +454,7 @@ pub struct GetPromptRequestParams {
 }
 
 /// The server's response to a prompts/get request from the client.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct GetPromptResult {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub description: Option<String>,
@@ -468,7 +470,7 @@ impl From<GetPromptResult> for serde_json::Value {
 }
 
 /// An image provided to or from an LLM.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ImageContent {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -479,7 +481,7 @@ pub struct ImageContent {
 }
 
 /// Describes the name and version of an MCP implementation, with an optional title for UI representation.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Implementation {
     pub name: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -487,7 +489,7 @@ pub struct Implementation {
     pub version: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum InitializeRequest {}
 
 impl ModelContextProtocolRequest for InitializeRequest {
@@ -496,7 +498,7 @@ impl ModelContextProtocolRequest for InitializeRequest {
     type Result = InitializeResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct InitializeRequestParams {
     pub capabilities: ClientCapabilities,
     #[serde(rename = "clientInfo")]
@@ -506,7 +508,7 @@ pub struct InitializeRequestParams {
 }
 
 /// After receiving an initialize request from the client, the server sends this response.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct InitializeResult {
     pub capabilities: ServerCapabilities,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -525,7 +527,7 @@ impl From<InitializeResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum InitializedNotification {}
 
 impl ModelContextProtocolNotification for InitializedNotification {
@@ -534,7 +536,7 @@ impl ModelContextProtocolNotification for InitializedNotification {
 }
 
 /// A response to a request that indicates an error occurred.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCError {
     pub error: JSONRPCErrorError,
     pub id: RequestId,
@@ -542,7 +544,7 @@ pub struct JSONRPCError {
     pub jsonrpc: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCErrorError {
     pub code: i64,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -551,7 +553,7 @@ pub struct JSONRPCErrorError {
 }
 
 /// Refers to any valid JSON-RPC object that can be decoded off the wire, or encoded to be sent.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum JSONRPCMessage {
     Request(JSONRPCRequest),
@@ -561,7 +563,7 @@ pub enum JSONRPCMessage {
 }
 
 /// A notification which does not expect a response.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCNotification {
     #[serde(rename = "jsonrpc", default = "default_jsonrpc")]
     pub jsonrpc: String,
@@ -571,7 +573,7 @@ pub struct JSONRPCNotification {
 }
 
 /// A request that expects a response.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCRequest {
     pub id: RequestId,
     #[serde(rename = "jsonrpc", default = "default_jsonrpc")]
@@ -582,7 +584,7 @@ pub struct JSONRPCRequest {
 }
 
 /// A successful (non-error) response to a request.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCResponse {
     pub id: RequestId,
     #[serde(rename = "jsonrpc", default = "default_jsonrpc")]
@@ -590,7 +592,7 @@ pub struct JSONRPCResponse {
     pub result: Result,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ListPromptsRequest {}
 
 impl ModelContextProtocolRequest for ListPromptsRequest {
@@ -599,14 +601,14 @@ impl ModelContextProtocolRequest for ListPromptsRequest {
     type Result = ListPromptsResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListPromptsRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub cursor: Option<String>,
 }
 
 /// The server's response to a prompts/list request from the client.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListPromptsResult {
     #[serde(
         rename = "nextCursor",
@@ -625,7 +627,7 @@ impl From<ListPromptsResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ListResourceTemplatesRequest {}
 
 impl ModelContextProtocolRequest for ListResourceTemplatesRequest {
@@ -634,14 +636,14 @@ impl ModelContextProtocolRequest for ListResourceTemplatesRequest {
     type Result = ListResourceTemplatesResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListResourceTemplatesRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub cursor: Option<String>,
 }
 
 /// The server's response to a resources/templates/list request from the client.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListResourceTemplatesResult {
     #[serde(
         rename = "nextCursor",
@@ -661,7 +663,7 @@ impl From<ListResourceTemplatesResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ListResourcesRequest {}
 
 impl ModelContextProtocolRequest for ListResourcesRequest {
@@ -670,14 +672,14 @@ impl ModelContextProtocolRequest for ListResourcesRequest {
     type Result = ListResourcesResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListResourcesRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub cursor: Option<String>,
 }
 
 /// The server's response to a resources/list request from the client.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListResourcesResult {
     #[serde(
         rename = "nextCursor",
@@ -696,7 +698,7 @@ impl From<ListResourcesResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ListRootsRequest {}
 
 impl ModelContextProtocolRequest for ListRootsRequest {
@@ -708,7 +710,7 @@ impl ModelContextProtocolRequest for ListRootsRequest {
 /// The client's response to a roots/list request from the server.
 /// This result contains an array of Root objects, each representing a root directory
 /// or file that the server can operate on.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListRootsResult {
     pub roots: Vec<Root>,
 }
@@ -721,7 +723,7 @@ impl From<ListRootsResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ListToolsRequest {}
 
 impl ModelContextProtocolRequest for ListToolsRequest {
@@ -730,14 +732,14 @@ impl ModelContextProtocolRequest for ListToolsRequest {
     type Result = ListToolsResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListToolsRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub cursor: Option<String>,
 }
 
 /// The server's response to a tools/list request from the client.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ListToolsResult {
     #[serde(
         rename = "nextCursor",
@@ -760,7 +762,7 @@ impl From<ListToolsResult> for serde_json::Value {
 ///
 /// These map to syslog message severities, as specified in RFC-5424:
 /// https://datatracker.ietf.org/doc/html/rfc5424#section-6.2.1
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum LoggingLevel {
     #[serde(rename = "alert")]
     Alert,
@@ -780,7 +782,7 @@ pub enum LoggingLevel {
     Warning,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum LoggingMessageNotification {}
 
 impl ModelContextProtocolNotification for LoggingMessageNotification {
@@ -788,7 +790,7 @@ impl ModelContextProtocolNotification for LoggingMessageNotification {
     type Params = LoggingMessageNotificationParams;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct LoggingMessageNotificationParams {
     pub data: serde_json::Value,
     pub level: LoggingLevel,
@@ -800,7 +802,7 @@ pub struct LoggingMessageNotificationParams {
 ///
 /// Keys not declared here are currently left unspecified by the spec and are up
 /// to the client to interpret.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ModelHint {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub name: Option<String>,
@@ -817,7 +819,7 @@ pub struct ModelHint {
 /// These preferences are always advisory. The client MAY ignore them. It is also
 /// up to the client to decide how to interpret these preferences and how to
 /// balance them against other considerations.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ModelPreferences {
     #[serde(
         rename = "costPriority",
@@ -841,14 +843,14 @@ pub struct ModelPreferences {
     pub speed_priority: Option<f64>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Notification {
     pub method: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub params: Option<serde_json::Value>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct NumberSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub description: Option<String>,
@@ -861,20 +863,20 @@ pub struct NumberSchema {
     pub r#type: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct PaginatedRequest {
     pub method: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub params: Option<PaginatedRequestParams>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct PaginatedRequestParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub cursor: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct PaginatedResult {
     #[serde(
         rename = "nextCursor",
@@ -892,7 +894,7 @@ impl From<PaginatedResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum PingRequest {}
 
 impl ModelContextProtocolRequest for PingRequest {
@@ -903,7 +905,7 @@ impl ModelContextProtocolRequest for PingRequest {
 
 /// Restricted schema definitions that only allow primitive types
 /// without nested objects or arrays.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum PrimitiveSchemaDefinition {
     StringSchema(StringSchema),
@@ -912,7 +914,7 @@ pub enum PrimitiveSchemaDefinition {
     EnumSchema(EnumSchema),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ProgressNotification {}
 
 impl ModelContextProtocolNotification for ProgressNotification {
@@ -920,7 +922,7 @@ impl ModelContextProtocolNotification for ProgressNotification {
     type Params = ProgressNotificationParams;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ProgressNotificationParams {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub message: Option<String>,
@@ -931,7 +933,7 @@ pub struct ProgressNotificationParams {
     pub total: Option<f64>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq, TS)]
 #[serde(untagged)]
 pub enum ProgressToken {
     String(String),
@@ -939,7 +941,7 @@ pub enum ProgressToken {
 }
 
 /// A prompt or prompt template that the server offers.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Prompt {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub arguments: Option<Vec<PromptArgument>>,
@@ -951,7 +953,7 @@ pub struct Prompt {
 }
 
 /// Describes an argument that a prompt can accept.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct PromptArgument {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub description: Option<String>,
@@ -962,7 +964,7 @@ pub struct PromptArgument {
     pub title: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum PromptListChangedNotification {}
 
 impl ModelContextProtocolNotification for PromptListChangedNotification {
@@ -974,14 +976,14 @@ impl ModelContextProtocolNotification for PromptListChangedNotification {
 ///
 /// This is similar to `SamplingMessage`, but also supports the embedding of
 /// resources from the MCP server.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct PromptMessage {
     pub content: ContentBlock,
     pub role: Role,
 }
 
 /// Identifies a prompt.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct PromptReference {
     pub name: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
@@ -989,7 +991,7 @@ pub struct PromptReference {
     pub r#type: String, // &'static str = "ref/prompt"
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ReadResourceRequest {}
 
 impl ModelContextProtocolRequest for ReadResourceRequest {
@@ -998,18 +1000,18 @@ impl ModelContextProtocolRequest for ReadResourceRequest {
     type Result = ReadResourceResult;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ReadResourceRequestParams {
     pub uri: String,
 }
 
 /// The server's response to a resources/read request from the client.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ReadResourceResult {
     pub contents: Vec<ReadResourceResultContents>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum ReadResourceResultContents {
     TextResourceContents(TextResourceContents),
@@ -1024,14 +1026,14 @@ impl From<ReadResourceResult> for serde_json::Value {
     }
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Request {
     pub method: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub params: Option<serde_json::Value>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq, TS)]
 #[serde(untagged)]
 pub enum RequestId {
     String(String),
@@ -1039,7 +1041,7 @@ pub enum RequestId {
 }
 
 /// A known resource that the server is capable of reading.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Resource {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -1056,7 +1058,7 @@ pub struct Resource {
 }
 
 /// The contents of a specific resource or sub-resource.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ResourceContents {
     #[serde(rename = "mimeType", default, skip_serializing_if = "Option::is_none")]
     pub mime_type: Option<String>,
@@ -1066,7 +1068,7 @@ pub struct ResourceContents {
 /// A resource that the server is capable of reading, included in a prompt or tool call result.
 ///
 /// Note: resource links returned by tools are not guaranteed to appear in the results of `resources/list` requests.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ResourceLink {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -1083,7 +1085,7 @@ pub struct ResourceLink {
     pub uri: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ResourceListChangedNotification {}
 
 impl ModelContextProtocolNotification for ResourceListChangedNotification {
@@ -1092,7 +1094,7 @@ impl ModelContextProtocolNotification for ResourceListChangedNotification {
 }
 
 /// A template description for resources available on the server.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ResourceTemplate {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -1108,13 +1110,13 @@ pub struct ResourceTemplate {
 }
 
 /// A reference to a resource or resource template definition.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ResourceTemplateReference {
     pub r#type: String, // &'static str = "ref/resource"
     pub uri: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ResourceUpdatedNotification {}
 
 impl ModelContextProtocolNotification for ResourceUpdatedNotification {
@@ -1122,7 +1124,7 @@ impl ModelContextProtocolNotification for ResourceUpdatedNotification {
     type Params = ResourceUpdatedNotificationParams;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ResourceUpdatedNotificationParams {
     pub uri: String,
 }
@@ -1130,7 +1132,7 @@ pub struct ResourceUpdatedNotificationParams {
 pub type Result = serde_json::Value;
 
 /// The sender or recipient of messages and data in a conversation.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum Role {
     #[serde(rename = "assistant")]
     Assistant,
@@ -1139,14 +1141,14 @@ pub enum Role {
 }
 
 /// Represents a root directory or file that the server can operate on.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Root {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub name: Option<String>,
     pub uri: String,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum RootsListChangedNotification {}
 
 impl ModelContextProtocolNotification for RootsListChangedNotification {
@@ -1155,13 +1157,13 @@ impl ModelContextProtocolNotification for RootsListChangedNotification {
 }
 
 /// Describes a message issued to or received from an LLM API.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct SamplingMessage {
     pub content: SamplingMessageContent,
     pub role: Role,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum SamplingMessageContent {
     TextContent(TextContent),
@@ -1170,7 +1172,7 @@ pub enum SamplingMessageContent {
 }
 
 /// Capabilities that a server may support. Known capabilities are defined here, in this schema, but this is not a closed set: any server can define its own, additional capabilities.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ServerCapabilities {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub completions: Option<serde_json::Value>,
@@ -1187,7 +1189,7 @@ pub struct ServerCapabilities {
 }
 
 /// Present if the server offers any tools to call.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ServerCapabilitiesTools {
     #[serde(
         rename = "listChanged",
@@ -1198,7 +1200,7 @@ pub struct ServerCapabilitiesTools {
 }
 
 /// Present if the server offers any resources to read.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ServerCapabilitiesResources {
     #[serde(
         rename = "listChanged",
@@ -1211,7 +1213,7 @@ pub struct ServerCapabilitiesResources {
 }
 
 /// Present if the server offers any prompt templates.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ServerCapabilitiesPrompts {
     #[serde(
         rename = "listChanged",
@@ -1221,7 +1223,7 @@ pub struct ServerCapabilitiesPrompts {
     pub list_changed: Option<bool>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(tag = "method", content = "params")]
 pub enum ServerNotification {
     #[serde(rename = "notifications/cancelled")]
@@ -1250,7 +1252,7 @@ pub enum ServerNotification {
     ),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum ServerRequest {
     PingRequest(PingRequest),
@@ -1259,7 +1261,7 @@ pub enum ServerRequest {
     ElicitRequest(ElicitRequest),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 #[allow(clippy::large_enum_variant)]
 pub enum ServerResult {
@@ -1275,7 +1277,7 @@ pub enum ServerResult {
     CompleteResult(CompleteResult),
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum SetLevelRequest {}
 
 impl ModelContextProtocolRequest for SetLevelRequest {
@@ -1284,12 +1286,12 @@ impl ModelContextProtocolRequest for SetLevelRequest {
     type Result = Result;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct SetLevelRequestParams {
     pub level: LoggingLevel,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct StringSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub description: Option<String>,
@@ -1304,7 +1306,7 @@ pub struct StringSchema {
     pub r#type: String, // &'static str = "string"
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum SubscribeRequest {}
 
 impl ModelContextProtocolRequest for SubscribeRequest {
@@ -1313,13 +1315,13 @@ impl ModelContextProtocolRequest for SubscribeRequest {
     type Result = Result;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct SubscribeRequestParams {
     pub uri: String,
 }
 
 /// Text provided to or from an LLM.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct TextContent {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<Annotations>,
@@ -1327,7 +1329,7 @@ pub struct TextContent {
     pub r#type: String, // &'static str = "text"
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct TextResourceContents {
     #[serde(rename = "mimeType", default, skip_serializing_if = "Option::is_none")]
     pub mime_type: Option<String>,
@@ -1336,7 +1338,7 @@ pub struct TextResourceContents {
 }
 
 /// Definition for a tool the client can call.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct Tool {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub annotations: Option<ToolAnnotations>,
@@ -1357,7 +1359,7 @@ pub struct Tool {
 
 /// An optional JSON Schema object defining the structure of the tool's output returned in
 /// the structuredContent field of a CallToolResult.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ToolOutputSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub properties: Option<serde_json::Value>,
@@ -1367,7 +1369,7 @@ pub struct ToolOutputSchema {
 }
 
 /// A JSON Schema object defining the expected parameters for the tool.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ToolInputSchema {
     #[serde(default, skip_serializing_if = "Option::is_none")]
     pub properties: Option<serde_json::Value>,
@@ -1384,7 +1386,7 @@ pub struct ToolInputSchema {
 ///
 /// Clients should never make tool use decisions based on ToolAnnotations
 /// received from untrusted servers.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct ToolAnnotations {
     #[serde(
         rename = "destructiveHint",
@@ -1414,7 +1416,7 @@ pub struct ToolAnnotations {
     pub title: Option<String>,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum ToolListChangedNotification {}
 
 impl ModelContextProtocolNotification for ToolListChangedNotification {
@@ -1422,7 +1424,7 @@ impl ModelContextProtocolNotification for ToolListChangedNotification {
     type Params = Option<serde_json::Value>;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub enum UnsubscribeRequest {}
 
 impl ModelContextProtocolRequest for UnsubscribeRequest {
@@ -1431,7 +1433,7 @@ impl ModelContextProtocolRequest for UnsubscribeRequest {
     type Result = Result;
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct UnsubscribeRequestParams {
     pub uri: String,
 }

codex-rs/ollama/src/client.rs

@@ -166,9 +166,8 @@ impl OllamaClient {
                                         yield PullEvent::Error(err_msg.to_string());
                                         return;
                                     }
-                                    if let Some(status) = value.get("status").and_then(|s| s.as_str()) {
-                                        if status == "success" { yield PullEvent::Success; return; }
-                                    }
+                                    if let Some(status) = value.get("status").and_then(|s| s.as_str())
+                                        && status == "success" { yield PullEvent::Success; return; }
                                 }
                             }
                         }

codex-rs/protocol-ts/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+edition = "2024"
+name = "codex-protocol-ts"
+version = { workspace = true }
+
+[lints]
+workspace = true
+
+[lib]
+name = "codex_protocol_ts"
+path = "src/lib.rs"
+
+[[bin]]
+name = "codex-protocol-ts"
+path = "src/main.rs"
+
+[dependencies]
+anyhow = "1"
+codex-protocol = { path = "../protocol" }
+ts-rs = "11"
+clap = { version = "4", features = ["derive"] }

codex-rs/protocol-ts/generate-ts

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+set -euo pipefail
+
+cd "$(dirname "$0")"/..
+
+tmpdir=$(mktemp -d)
+just codex generate-ts --prettier ../node_modules/.bin/prettier --out "$tmpdir"
+
+echo "wrote output to $tmpdir"

codex-rs/protocol-ts/src/lib.rs

@@ -0,0 +1,107 @@
+use anyhow::Context;
+use anyhow::Result;
+use anyhow::anyhow;
+use std::ffi::OsStr;
+use std::fs;
+use std::io::Read;
+use std::io::Write;
+use std::path::Path;
+use std::path::PathBuf;
+use std::process::Command;
+use ts_rs::TS;
+
+const HEADER: &str = "// GENERATED CODE! DO NOT MODIFY BY HAND!\n\n";
+
+pub fn generate_ts(out_dir: &Path, prettier: Option<&Path>) -> Result<()> {
+    ensure_dir(out_dir)?;
+
+    // Generate TS bindings
+    codex_protocol::mcp_protocol::ConversationId::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::InputItem::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::ClientRequest::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::ServerRequest::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::NewConversationParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::NewConversationResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::AddConversationListenerParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::AddConversationSubscriptionResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::RemoveConversationListenerParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::RemoveConversationSubscriptionResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::SendUserMessageParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::SendUserMessageResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::SendUserTurnParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::SendUserTurnResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::InterruptConversationParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::InterruptConversationResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::LoginChatGptResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::LoginChatGptCompleteNotification::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::CancelLoginChatGptParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::CancelLoginChatGptResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::GitDiffToRemoteParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::ApplyPatchApprovalParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::ApplyPatchApprovalResponse::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::ExecCommandApprovalParams::export_all_to(out_dir)?;
+    codex_protocol::mcp_protocol::ExecCommandApprovalResponse::export_all_to(out_dir)?;
+
+    // Prepend header to each generated .ts file
+    let ts_files = ts_files_in(out_dir)?;
+    for file in &ts_files {
+        prepend_header_if_missing(file)?;
+    }
+
+    // Format with Prettier by passing individual files (no shell globbing)
+    if let Some(prettier_bin) = prettier
+        && !ts_files.is_empty()
+    {
+        let status = Command::new(prettier_bin)
+            .arg("--write")
+            .args(ts_files.iter().map(|p| p.as_os_str()))
+            .status()
+            .with_context(|| format!("Failed to invoke Prettier at {}", prettier_bin.display()))?;
+        if !status.success() {
+            return Err(anyhow!("Prettier failed with status {}", status));
+        }
+    }
+
+    Ok(())
+}
+
+fn ensure_dir(dir: &Path) -> Result<()> {
+    fs::create_dir_all(dir)
+        .with_context(|| format!("Failed to create output directory {}", dir.display()))
+}
+
+fn prepend_header_if_missing(path: &Path) -> Result<()> {
+    let mut content = String::new();
+    {
+        let mut f = fs::File::open(path)
+            .with_context(|| format!("Failed to open {} for reading", path.display()))?;
+        f.read_to_string(&mut content)
+            .with_context(|| format!("Failed to read {}", path.display()))?;
+    }
+
+    if content.starts_with(HEADER) {
+        return Ok(());
+    }
+
+    let mut f = fs::File::create(path)
+        .with_context(|| format!("Failed to open {} for writing", path.display()))?;
+    f.write_all(HEADER.as_bytes())
+        .with_context(|| format!("Failed to write header to {}", path.display()))?;
+    f.write_all(content.as_bytes())
+        .with_context(|| format!("Failed to write content to {}", path.display()))?;
+    Ok(())
+}
+
+fn ts_files_in(dir: &Path) -> Result<Vec<PathBuf>> {
+    let mut files = Vec::new();
+    for entry in
+        fs::read_dir(dir).with_context(|| format!("Failed to read dir {}", dir.display()))?
+    {
+        let entry = entry?;
+        let path = entry.path();
+        if path.is_file() && path.extension() == Some(OsStr::new("ts")) {
+            files.push(path);
+        }
+    }
+    Ok(files)
+}

codex-rs/protocol-ts/src/main.rs

@@ -0,0 +1,20 @@
+use anyhow::Result;
+use clap::Parser;
+use std::path::PathBuf;
+
+#[derive(Parser, Debug)]
+#[command(about = "Generate TypeScript bindings for the Codex protocol")]
+struct Args {
+    /// Output directory where .ts files will be written
+    #[arg(short = 'o', long = "out", value_name = "DIR")]
+    out_dir: PathBuf,
+
+    /// Optional path to the Prettier executable to format generated files
+    #[arg(short = 'p', long = "prettier", value_name = "PRETTIER_BIN")]
+    prettier: Option<PathBuf>,
+}
+
+fn main() -> Result<()> {
+    let args = Args::parse();
+    codex_protocol_ts::generate_ts(&args.out_dir, args.prettier.as_deref())
+}

codex-rs/protocol/Cargo.toml

@@ -0,0 +1,24 @@
+[package]
+edition = "2024"
+name = "codex-protocol"
+version = { workspace = true }
+
+[lib]
+name = "codex_protocol"
+path = "src/lib.rs"
+
+[lints]
+workspace = true
+
+[dependencies]
+mcp-types = { path = "../mcp-types" }
+serde = { version = "1", features = ["derive"] }
+serde_bytes = "0.11"
+serde_json = "1"
+strum = "0.27.2"
+strum_macros = "0.27.2"
+ts-rs = { version = "11", features = ["uuid-impl", "serde-json-impl"] }
+uuid = { version = "1", features = ["serde", "v4"] }
+
+[dev-dependencies]
+pretty_assertions = "1.4.1"