shell tool: move shell usage instructions from prompt to tool description (#6473)

.github/workflows/rust-release.yml

@@ -295,15 +295,6 @@ jobs:
           # ${{ matrix.target }}
           dest="dist/${{ matrix.target }}"
 
-          # We want to ship the raw Windows executables in the GitHub Release
-          # in addition to the compressed archives. Keep the originals for
-          # Windows targets; remove them elsewhere to limit the number of
-          # artifacts that end up in the GitHub Release.
-          keep_originals=false
-          if [[ "${{ matrix.runner }}" == windows* ]]; then
-            keep_originals=true
-          fi
-
           # For compatibility with environments that lack the `zstd` tool we
           # additionally create a `.tar.gz` for all platforms and `.zip` for
           # Windows alongside every single binary that we publish. The end result is:
@@ -333,11 +324,7 @@ jobs:
 
             # Also create .zst (existing behaviour) *and* remove the original
             # uncompressed binary to keep the directory small.
-            zstd_args=(-T0 -19)
-            if [[ "${keep_originals}" == false ]]; then
-              zstd_args+=(--rm)
-            fi
-            zstd "${zstd_args[@]}" "$dest/$base"
+            zstd -T0 -19 --rm "$dest/$base"
           done
 
       - name: Remove signing keychain

codex-rs/Cargo.lock

@@ -211,7 +211,6 @@ dependencies = [
  "parking_lot",
  "percent-encoding",
  "windows-sys 0.59.0",
- "wl-clipboard-rs",
  "x11rb",
 ]
 
@@ -986,17 +985,14 @@ dependencies = [
  "codex-tui",
  "codex-windows-sandbox",
  "ctor 0.5.0",
- "libc",
  "owo-colors",
  "predicates",
  "pretty_assertions",
- "regex-lite",
  "serde_json",
  "supports-color",
  "tempfile",
  "tokio",
  "toml",
- "tracing",
 ]
 
 [[package]]
@@ -1067,7 +1063,6 @@ dependencies = [
  "chrono",
  "codex-app-server-protocol",
  "codex-apply-patch",
- "codex-arg0",
  "codex-async-utils",
  "codex-file-search",
  "codex-git",
@@ -1082,7 +1077,6 @@ dependencies = [
  "codex-windows-sandbox",
  "core-foundation 0.9.4",
  "core_test_support",
- "ctor 0.5.0",
  "dirs",
  "dunce",
  "env-flags",
@@ -4293,16 +4287,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "os_pipe"
-version = "1.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db335f4760b14ead6290116f2427bf33a14d4f0617d49f78a246de10c1831224"
-dependencies = [
- "libc",
- "windows-sys 0.59.0",
-]
-
 [[package]]
 name = "owo-colors"
 version = "4.2.2"
@@ -4450,7 +4434,7 @@ checksum = "3af6b589e163c5a788fab00ce0c0366f6efbb9959c2f9874b224936af7fce7e1"
 dependencies = [
  "base64",
  "indexmap 2.12.0",
- "quick-xml 0.38.0",
+ "quick-xml",
  "serde",
  "time",
 ]
@@ -4679,15 +4663,6 @@ version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a993555f31e5a609f617c12db6250dedcac1b0a85076912c436e6fc9b2c8e6a3"
 
-[[package]]
-name = "quick-xml"
-version = "0.37.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "331e97a1af0bf59823e6eadffe373d7b27f485be8748f71471c662c1f269b7fb"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "quick-xml"
 version = "0.38.0"
@@ -6725,18 +6700,6 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c4013970217383f67b18aef68f6fb2e8d409bc5755227092d32efb0422ba24b8"
 
-[[package]]
-name = "tree_magic_mini"
-version = "3.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f943391d896cdfe8eec03a04d7110332d445be7df856db382dd96a730667562c"
-dependencies = [
- "memchr",
- "nom",
- "once_cell",
- "petgraph",
-]
-
 [[package]]
 name = "try-lock"
 version = "0.2.5"
@@ -7074,76 +7037,6 @@ dependencies = [
  "web-sys",
 ]
 
-[[package]]
-name = "wayland-backend"
-version = "0.3.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "673a33c33048a5ade91a6b139580fa174e19fb0d23f396dca9fa15f2e1e49b35"
-dependencies = [
- "cc",
- "downcast-rs",
- "rustix 1.0.8",
- "smallvec",
- "wayland-sys",
-]
-
-[[package]]
-name = "wayland-client"
-version = "0.31.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c66a47e840dc20793f2264eb4b3e4ecb4b75d91c0dd4af04b456128e0bdd449d"
-dependencies = [
- "bitflags 2.10.0",
- "rustix 1.0.8",
- "wayland-backend",
- "wayland-scanner",
-]
-
-[[package]]
-name = "wayland-protocols"
-version = "0.32.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efa790ed75fbfd71283bd2521a1cfdc022aabcc28bdcff00851f9e4ae88d9901"
-dependencies = [
- "bitflags 2.10.0",
- "wayland-backend",
- "wayland-client",
- "wayland-scanner",
-]
-
-[[package]]
-name = "wayland-protocols-wlr"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efd94963ed43cf9938a090ca4f7da58eb55325ec8200c3848963e98dc25b78ec"
-dependencies = [
- "bitflags 2.10.0",
- "wayland-backend",
- "wayland-client",
- "wayland-protocols",
- "wayland-scanner",
-]
-
-[[package]]
-name = "wayland-scanner"
-version = "0.31.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "54cb1e9dc49da91950bdfd8b848c49330536d9d1fb03d4bfec8cae50caa50ae3"
-dependencies = [
- "proc-macro2",
- "quick-xml 0.37.5",
- "quote",
-]
-
-[[package]]
-name = "wayland-sys"
-version = "0.31.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "34949b42822155826b41db8e5d0c1be3a2bd296c747577a43a3e6daefc296142"
-dependencies = [
- "pkg-config",
-]
-
 [[package]]
 name = "web-sys"
 version = "0.3.77"
@@ -7715,25 +7608,6 @@ dependencies = [
  "bitflags 2.10.0",
 ]
 
-[[package]]
-name = "wl-clipboard-rs"
-version = "0.9.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e5ff8d0e60065f549fafd9d6cb626203ea64a798186c80d8e7df4f8af56baeb"
-dependencies = [
- "libc",
- "log",
- "os_pipe",
- "rustix 0.38.44",
- "tempfile",
- "thiserror 2.0.17",
- "tree_magic_mini",
- "wayland-backend",
- "wayland-client",
- "wayland-protocols",
- "wayland-protocols-wlr",
-]
-
 [[package]]
 name = "writeable"
 version = "0.6.2"

codex-rs/Cargo.toml

@@ -94,7 +94,7 @@ mcp_test_support = { path = "mcp-server/tests/common" }
 allocative = "0.3.3"
 ansi-to-tui = "7.0.0"
 anyhow = "1"
-arboard = { version = "3", features = ["wayland-data-control"] }
+arboard = "3"
 askama = "0.14"
 assert_cmd = "2"
 assert_matches = "1.5.0"

codex-rs/README.md

@@ -58,7 +58,7 @@ To test to see what happens when a command is run under the sandbox provided by
 
 ```
 # macOS
-codex sandbox macos [--full-auto] [--log-denials] [COMMAND]...
+codex sandbox macos [--full-auto] [COMMAND]...
 
 # Linux
 codex sandbox linux [--full-auto] [COMMAND]...
@@ -67,7 +67,7 @@ codex sandbox linux [--full-auto] [COMMAND]...
 codex sandbox windows [--full-auto] [COMMAND]...
 
 # Legacy aliases
-codex debug seatbelt [--full-auto] [--log-denials] [COMMAND]...
+codex debug seatbelt [--full-auto] [COMMAND]...
 codex debug landlock [--full-auto] [COMMAND]...
 ```
 

codex-rs/app-server-protocol/src/export.rs

@@ -92,8 +92,6 @@ pub fn generate_ts(out_dir: &Path, prettier: Option<&Path>) -> Result<()> {
     {
         let status = Command::new(prettier_bin)
             .arg("--write")
-            .arg("--log-level")
-            .arg("warn")
             .args(ts_files.iter().map(|p| p.as_os_str()))
             .status()
             .with_context(|| format!("Failed to invoke Prettier at {}", prettier_bin.display()))?;

codex-rs/app-server-protocol/src/protocol/common.rs

@@ -46,7 +46,7 @@ macro_rules! client_request_definitions {
     (
         $(
             $(#[$variant_meta:meta])*
-            $variant:ident $(=> $wire:literal)? {
+            $variant:ident {
                 params: $(#[$params_meta:meta])* $params:ty,
                 response: $response:ty,
             }
@@ -58,7 +58,6 @@ macro_rules! client_request_definitions {
         pub enum ClientRequest {
             $(
                 $(#[$variant_meta])*
-                $(#[serde(rename = $wire)] #[ts(rename = $wire)])?
                 $variant {
                     #[serde(rename = "id")]
                     request_id: RequestId,
@@ -102,78 +101,105 @@ macro_rules! client_request_definitions {
 }
 
 client_request_definitions! {
-    Initialize {
-        params: v1::InitializeParams,
-        response: v1::InitializeResponse,
-    },
-
     /// NEW APIs
     // Thread lifecycle
-    ThreadStart => "thread/start" {
+    #[serde(rename = "thread/start")]
+    #[ts(rename = "thread/start")]
+    ThreadStart {
         params: v2::ThreadStartParams,
         response: v2::ThreadStartResponse,
     },
-    ThreadResume => "thread/resume" {
+    #[serde(rename = "thread/resume")]
+    #[ts(rename = "thread/resume")]
+    ThreadResume {
         params: v2::ThreadResumeParams,
         response: v2::ThreadResumeResponse,
     },
-    ThreadArchive => "thread/archive" {
+    #[serde(rename = "thread/archive")]
+    #[ts(rename = "thread/archive")]
+    ThreadArchive {
         params: v2::ThreadArchiveParams,
         response: v2::ThreadArchiveResponse,
     },
-    ThreadList => "thread/list" {
+    #[serde(rename = "thread/list")]
+    #[ts(rename = "thread/list")]
+    ThreadList {
         params: v2::ThreadListParams,
         response: v2::ThreadListResponse,
     },
-    ThreadCompact => "thread/compact" {
+    #[serde(rename = "thread/compact")]
+    #[ts(rename = "thread/compact")]
+    ThreadCompact {
         params: v2::ThreadCompactParams,
         response: v2::ThreadCompactResponse,
     },
-    TurnStart => "turn/start" {
+    #[serde(rename = "turn/start")]
+    #[ts(rename = "turn/start")]
+    TurnStart {
         params: v2::TurnStartParams,
         response: v2::TurnStartResponse,
     },
-    TurnInterrupt => "turn/interrupt" {
+    #[serde(rename = "turn/interrupt")]
+    #[ts(rename = "turn/interrupt")]
+    TurnInterrupt {
         params: v2::TurnInterruptParams,
         response: v2::TurnInterruptResponse,
     },
 
-    ModelList => "model/list" {
+    #[serde(rename = "model/list")]
+    #[ts(rename = "model/list")]
+    ModelList {
         params: v2::ModelListParams,
         response: v2::ModelListResponse,
     },
 
-    LoginAccount => "account/login/start" {
+    #[serde(rename = "account/login/start")]
+    #[ts(rename = "account/login/start")]
+    LoginAccount {
         params: v2::LoginAccountParams,
         response: v2::LoginAccountResponse,
     },
 
-    CancelLoginAccount => "account/login/cancel" {
+    #[serde(rename = "account/login/cancel")]
+    #[ts(rename = "account/login/cancel")]
+    CancelLoginAccount {
         params: v2::CancelLoginAccountParams,
         response: v2::CancelLoginAccountResponse,
     },
 
-    LogoutAccount => "account/logout" {
+    #[serde(rename = "account/logout")]
+    #[ts(rename = "account/logout")]
+    LogoutAccount {
         params: #[ts(type = "undefined")] #[serde(skip_serializing_if = "Option::is_none")] Option<()>,
         response: v2::LogoutAccountResponse,
     },
 
-    GetAccountRateLimits => "account/rateLimits/read" {
+    #[serde(rename = "account/rateLimits/read")]
+    #[ts(rename = "account/rateLimits/read")]
+    GetAccountRateLimits {
         params: #[ts(type = "undefined")] #[serde(skip_serializing_if = "Option::is_none")] Option<()>,
         response: v2::GetAccountRateLimitsResponse,
     },
 
-    FeedbackUpload => "feedback/upload" {
+    #[serde(rename = "feedback/upload")]
+    #[ts(rename = "feedback/upload")]
+    FeedbackUpload {
         params: v2::FeedbackUploadParams,
         response: v2::FeedbackUploadResponse,
     },
 
-    GetAccount => "account/read" {
+    #[serde(rename = "account/read")]
+    #[ts(rename = "account/read")]
+    GetAccount {
         params: v2::GetAccountParams,
         response: v2::GetAccountResponse,
     },
 
     /// DEPRECATED APIs below
+    Initialize {
+        params: v1::InitializeParams,
+        response: v1::InitializeResponse,
+    },
     NewConversation {
         params: v1::NewConversationParams,
         response: v1::NewConversationResponse,

codex-rs/app-server-protocol/src/protocol/v2.rs

@@ -6,8 +6,6 @@ use codex_protocol::ConversationId;
 use codex_protocol::account::PlanType;
 use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
-use codex_protocol::items::AgentMessageContent as CoreAgentMessageContent;
-use codex_protocol::items::TurnItem as CoreTurnItem;
 use codex_protocol::protocol::RateLimitSnapshot as CoreRateLimitSnapshot;
 use codex_protocol::protocol::RateLimitWindow as CoreRateLimitWindow;
 use codex_protocol::user_input::UserInput as CoreUserInput;
@@ -459,17 +457,6 @@ impl UserInput {
     }
 }
 
-impl From<CoreUserInput> for UserInput {
-    fn from(value: CoreUserInput) -> Self {
-        match value {
-            CoreUserInput::Text { text } => UserInput::Text { text },
-            CoreUserInput::Image { image_url } => UserInput::Image { url: image_url },
-            CoreUserInput::LocalImage { path } => UserInput::LocalImage { path },
-            _ => unreachable!("unsupported user input variant"),
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(tag = "type", rename_all = "camelCase")]
 #[ts(tag = "type")]
@@ -527,42 +514,6 @@ pub enum ThreadItem {
     },
 }
 
-impl From<CoreTurnItem> for ThreadItem {
-    fn from(value: CoreTurnItem) -> Self {
-        match value {
-            CoreTurnItem::UserMessage(user) => ThreadItem::UserMessage {
-                id: user.id,
-                content: user.content.into_iter().map(UserInput::from).collect(),
-            },
-            CoreTurnItem::AgentMessage(agent) => {
-                let text = agent
-                    .content
-                    .into_iter()
-                    .map(|entry| match entry {
-                        CoreAgentMessageContent::Text { text } => text,
-                    })
-                    .collect::<String>();
-                ThreadItem::AgentMessage { id: agent.id, text }
-            }
-            CoreTurnItem::Reasoning(reasoning) => {
-                let text = if !reasoning.summary_text.is_empty() {
-                    reasoning.summary_text.join("\n")
-                } else {
-                    reasoning.raw_content.join("\n")
-                };
-                ThreadItem::Reasoning {
-                    id: reasoning.id,
-                    text,
-                }
-            }
-            CoreTurnItem::WebSearch(search) => ThreadItem::WebSearch {
-                id: search.id,
-                query: search.query,
-            },
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -757,100 +708,3 @@ pub struct AccountLoginCompletedNotification {
     pub success: bool,
     pub error: Option<String>,
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use codex_protocol::items::AgentMessageContent;
-    use codex_protocol::items::AgentMessageItem;
-    use codex_protocol::items::ReasoningItem;
-    use codex_protocol::items::TurnItem;
-    use codex_protocol::items::UserMessageItem;
-    use codex_protocol::items::WebSearchItem;
-    use codex_protocol::user_input::UserInput as CoreUserInput;
-    use pretty_assertions::assert_eq;
-    use std::path::PathBuf;
-
-    #[test]
-    fn core_turn_item_into_thread_item_converts_supported_variants() {
-        let user_item = TurnItem::UserMessage(UserMessageItem {
-            id: "user-1".to_string(),
-            content: vec![
-                CoreUserInput::Text {
-                    text: "hello".to_string(),
-                },
-                CoreUserInput::Image {
-                    image_url: "https://example.com/image.png".to_string(),
-                },
-                CoreUserInput::LocalImage {
-                    path: PathBuf::from("local/image.png"),
-                },
-            ],
-        });
-
-        assert_eq!(
-            ThreadItem::from(user_item),
-            ThreadItem::UserMessage {
-                id: "user-1".to_string(),
-                content: vec![
-                    UserInput::Text {
-                        text: "hello".to_string(),
-                    },
-                    UserInput::Image {
-                        url: "https://example.com/image.png".to_string(),
-                    },
-                    UserInput::LocalImage {
-                        path: PathBuf::from("local/image.png"),
-                    },
-                ],
-            }
-        );
-
-        let agent_item = TurnItem::AgentMessage(AgentMessageItem {
-            id: "agent-1".to_string(),
-            content: vec![
-                AgentMessageContent::Text {
-                    text: "Hello ".to_string(),
-                },
-                AgentMessageContent::Text {
-                    text: "world".to_string(),
-                },
-            ],
-        });
-
-        assert_eq!(
-            ThreadItem::from(agent_item),
-            ThreadItem::AgentMessage {
-                id: "agent-1".to_string(),
-                text: "Hello world".to_string(),
-            }
-        );
-
-        let reasoning_item = TurnItem::Reasoning(ReasoningItem {
-            id: "reasoning-1".to_string(),
-            summary_text: vec!["line one".to_string(), "line two".to_string()],
-            raw_content: vec![],
-        });
-
-        assert_eq!(
-            ThreadItem::from(reasoning_item),
-            ThreadItem::Reasoning {
-                id: "reasoning-1".to_string(),
-                text: "line one\nline two".to_string(),
-            }
-        );
-
-        let search_item = TurnItem::WebSearch(WebSearchItem {
-            id: "search-1".to_string(),
-            query: "docs".to_string(),
-        });
-
-        assert_eq!(
-            ThreadItem::from(search_item),
-            ThreadItem::WebSearch {
-                id: "search-1".to_string(),
-                query: "docs".to_string(),
-            }
-        );
-    }
-}

codex-rs/app-server/src/codex_message_processor.rs

@@ -46,8 +46,6 @@ use codex_app_server_protocol::GitDiffToRemoteResponse;
 use codex_app_server_protocol::InputItem as WireInputItem;
 use codex_app_server_protocol::InterruptConversationParams;
 use codex_app_server_protocol::InterruptConversationResponse;
-use codex_app_server_protocol::ItemCompletedNotification;
-use codex_app_server_protocol::ItemStartedNotification;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::ListConversationsParams;
 use codex_app_server_protocol::ListConversationsResponse;
@@ -200,30 +198,6 @@ enum ApiVersion {
 }
 
 impl CodexMessageProcessor {
-    async fn conversation_from_thread_id(
-        &self,
-        thread_id: &str,
-    ) -> Result<(ConversationId, Arc<CodexConversation>), JSONRPCErrorError> {
-        // Resolve conversation id from v2 thread id string.
-        let conversation_id =
-            ConversationId::from_string(thread_id).map_err(|err| JSONRPCErrorError {
-                code: INVALID_REQUEST_ERROR_CODE,
-                message: format!("invalid thread id: {err}"),
-                data: None,
-            })?;
-
-        let conversation = self
-            .conversation_manager
-            .get_conversation(conversation_id)
-            .await
-            .map_err(|_| JSONRPCErrorError {
-                code: INVALID_REQUEST_ERROR_CODE,
-                message: format!("conversation not found: {conversation_id}"),
-                data: None,
-            })?;
-
-        Ok((conversation_id, conversation))
-    }
     pub fn new(
         auth_manager: Arc<AuthManager>,
         conversation_manager: Arc<ConversationManager>,
@@ -2171,14 +2145,34 @@ impl CodexMessageProcessor {
     }
 
     async fn turn_start(&self, request_id: RequestId, params: TurnStartParams) {
-        let (_, conversation) = match self.conversation_from_thread_id(&params.thread_id).await {
-            Ok(v) => v,
-            Err(error) => {
+        // Resolve conversation id from v2 thread id string.
+        let conversation_id = match ConversationId::from_string(&params.thread_id) {
+            Ok(id) => id,
+            Err(err) => {
+                let error = JSONRPCErrorError {
+                    code: INVALID_REQUEST_ERROR_CODE,
+                    message: format!("invalid thread id: {err}"),
+                    data: None,
+                };
                 self.outgoing.send_error(request_id, error).await;
                 return;
             }
         };
 
+        let Ok(conversation) = self
+            .conversation_manager
+            .get_conversation(conversation_id)
+            .await
+        else {
+            let error = JSONRPCErrorError {
+                code: INVALID_REQUEST_ERROR_CODE,
+                message: format!("conversation not found: {conversation_id}"),
+                data: None,
+            };
+            self.outgoing.send_error(request_id, error).await;
+            return;
+        };
+
         // Keep a copy of v2 inputs for the notification payload.
         let v2_inputs_for_notif = params.input.clone();
 
@@ -2252,14 +2246,33 @@ impl CodexMessageProcessor {
     async fn turn_interrupt(&mut self, request_id: RequestId, params: TurnInterruptParams) {
         let TurnInterruptParams { thread_id, .. } = params;
 
-        let (conversation_id, conversation) =
-            match self.conversation_from_thread_id(&thread_id).await {
-                Ok(v) => v,
-                Err(error) => {
-                    self.outgoing.send_error(request_id, error).await;
-                    return;
-                }
+        // Resolve conversation id from v2 thread id string.
+        let conversation_id = match ConversationId::from_string(&thread_id) {
+            Ok(id) => id,
+            Err(err) => {
+                let error = JSONRPCErrorError {
+                    code: INVALID_REQUEST_ERROR_CODE,
+                    message: format!("invalid thread id: {err}"),
+                    data: None,
+                };
+                self.outgoing.send_error(request_id, error).await;
+                return;
+            }
+        };
+
+        let Ok(conversation) = self
+            .conversation_manager
+            .get_conversation(conversation_id)
+            .await
+        else {
+            let error = JSONRPCErrorError {
+                code: INVALID_REQUEST_ERROR_CODE,
+                message: format!("conversation not found: {conversation_id}"),
+                data: None,
             };
+            self.outgoing.send_error(request_id, error).await;
+            return;
+        };
 
         // Record the pending interrupt so we can reply when TurnAborted arrives.
         {
@@ -2611,20 +2624,6 @@ async fn apply_bespoke_event_handling(
                     .await;
             }
         }
-        EventMsg::ItemStarted(item_started_event) => {
-            let item: ThreadItem = item_started_event.item.clone().into();
-            let notification = ItemStartedNotification { item };
-            outgoing
-                .send_server_notification(ServerNotification::ItemStarted(notification))
-                .await;
-        }
-        EventMsg::ItemCompleted(item_completed_event) => {
-            let item: ThreadItem = item_completed_event.item.clone().into();
-            let notification = ItemCompletedNotification { item };
-            outgoing
-                .send_server_notification(ServerNotification::ItemCompleted(notification))
-                .await;
-        }
         // If this is a TurnAborted, reply to any pending interrupt requests.
         EventMsg::TurnAborted(turn_aborted_event) => {
             let pending = {

codex-rs/arg0/src/lib.rs

@@ -11,7 +11,32 @@ const LINUX_SANDBOX_ARG0: &str = "codex-linux-sandbox";
 const APPLY_PATCH_ARG0: &str = "apply_patch";
 const MISSPELLED_APPLY_PATCH_ARG0: &str = "applypatch";
 
-pub fn arg0_dispatch() -> Option<TempDir> {
+/// While we want to deploy the Codex CLI as a single executable for simplicity,
+/// we also want to expose some of its functionality as distinct CLIs, so we use
+/// the "arg0 trick" to determine which CLI to dispatch. This effectively allows
+/// us to simulate deploying multiple executables as a single binary on Mac and
+/// Linux (but not Windows).
+///
+/// When the current executable is invoked through the hard-link or alias named
+/// `codex-linux-sandbox` we *directly* execute
+/// [`codex_linux_sandbox::run_main`] (which never returns). Otherwise we:
+///
+/// 1.  Load `.env` values from `~/.codex/.env` before creating any threads.
+/// 2.  Construct a Tokio multi-thread runtime.
+/// 3.  Derive the path to the current executable (so children can re-invoke the
+///     sandbox) when running on Linux.
+/// 4.  Execute the provided async `main_fn` inside that runtime, forwarding any
+///     error. Note that `main_fn` receives `codex_linux_sandbox_exe:
+///     Option<PathBuf>`, as an argument, which is generally needed as part of
+///     constructing [`codex_core::config::Config`].
+///
+/// This function should be used to wrap any `main()` function in binary crates
+/// in this workspace that depends on these helper CLIs.
+pub fn arg0_dispatch_or_else<F, Fut>(main_fn: F) -> anyhow::Result<()>
+where
+    F: FnOnce(Option<PathBuf>) -> Fut,
+    Fut: Future<Output = anyhow::Result<()>>,
+{
     // Determine if we were invoked via the special alias.
     let mut args = std::env::args_os();
     let argv0 = args.next().unwrap_or_default();
@@ -51,7 +76,10 @@ pub fn arg0_dispatch() -> Option<TempDir> {
     // before creating any threads/the Tokio runtime.
     load_dotenv();
 
-    match prepend_path_entry_for_codex_aliases() {
+    // Retain the TempDir so it exists for the lifetime of the invocation of
+    // this executable. Admittedly, we could invoke `keep()` on it, but it
+    // would be nice to avoid leaving temporary directories behind, if possible.
+    let _path_entry = match prepend_path_entry_for_apply_patch() {
         Ok(path_entry) => Some(path_entry),
         Err(err) => {
             // It is possible that Codex will proceed successfully even if
@@ -59,39 +87,7 @@ pub fn arg0_dispatch() -> Option<TempDir> {
             eprintln!("WARNING: proceeding, even though we could not update PATH: {err}");
             None
         }
-    }
-}
-
-/// While we want to deploy the Codex CLI as a single executable for simplicity,
-/// we also want to expose some of its functionality as distinct CLIs, so we use
-/// the "arg0 trick" to determine which CLI to dispatch. This effectively allows
-/// us to simulate deploying multiple executables as a single binary on Mac and
-/// Linux (but not Windows).
-///
-/// When the current executable is invoked through the hard-link or alias named
-/// `codex-linux-sandbox` we *directly* execute
-/// [`codex_linux_sandbox::run_main`] (which never returns). Otherwise we:
-///
-/// 1.  Load `.env` values from `~/.codex/.env` before creating any threads.
-/// 2.  Construct a Tokio multi-thread runtime.
-/// 3.  Derive the path to the current executable (so children can re-invoke the
-///     sandbox) when running on Linux.
-/// 4.  Execute the provided async `main_fn` inside that runtime, forwarding any
-///     error. Note that `main_fn` receives `codex_linux_sandbox_exe:
-///     Option<PathBuf>`, as an argument, which is generally needed as part of
-///     constructing [`codex_core::config::Config`].
-///
-/// This function should be used to wrap any `main()` function in binary crates
-/// in this workspace that depends on these helper CLIs.
-pub fn arg0_dispatch_or_else<F, Fut>(main_fn: F) -> anyhow::Result<()>
-where
-    F: FnOnce(Option<PathBuf>) -> Fut,
-    Fut: Future<Output = anyhow::Result<()>>,
-{
-    // Retain the TempDir so it exists for the lifetime of the invocation of
-    // this executable. Admittedly, we could invoke `keep()` on it, but it
-    // would be nice to avoid leaving temporary directories behind, if possible.
-    let _path_entry = arg0_dispatch();
+    };
 
     // Regular invocation – create a Tokio runtime and execute the provided
     // async entry-point.
@@ -148,16 +144,11 @@ where
 ///
 /// IMPORTANT: This function modifies the PATH environment variable, so it MUST
 /// be called before multiple threads are spawned.
-pub fn prepend_path_entry_for_codex_aliases() -> std::io::Result<TempDir> {
+fn prepend_path_entry_for_apply_patch() -> std::io::Result<TempDir> {
     let temp_dir = TempDir::new()?;
     let path = temp_dir.path();
 
-    for filename in &[
-        APPLY_PATCH_ARG0,
-        MISSPELLED_APPLY_PATCH_ARG0,
-        #[cfg(target_os = "linux")]
-        LINUX_SANDBOX_ARG0,
-    ] {
+    for filename in &[APPLY_PATCH_ARG0, MISSPELLED_APPLY_PATCH_ARG0] {
         let exe = std::env::current_exe()?;
 
         #[cfg(unix)]

codex-rs/cli/Cargo.toml

@@ -35,9 +35,7 @@ codex-rmcp-client = { workspace = true }
 codex-stdio-to-uds = { workspace = true }
 codex-tui = { workspace = true }
 ctor = { workspace = true }
-libc = { workspace = true }
 owo-colors = { workspace = true }
-regex-lite = { workspace = true}
 serde_json = { workspace = true }
 supports-color = { workspace = true }
 toml = { workspace = true }
@@ -48,7 +46,6 @@ tokio = { workspace = true, features = [
     "rt-multi-thread",
     "signal",
 ] }
-tracing = { workspace = true }
 
 [target.'cfg(target_os = "windows")'.dependencies]
 codex_windows_sandbox = { package = "codex-windows-sandbox", path = "../windows-sandbox-rs" }

codex-rs/cli/src/debug_sandbox.rs

@@ -1,8 +1,3 @@
-#[cfg(target_os = "macos")]
-mod pid_tracker;
-#[cfg(target_os = "macos")]
-mod seatbelt;
-
 use std::path::PathBuf;
 
 use codex_common::CliConfigOverrides;
@@ -20,9 +15,6 @@ use crate::SeatbeltCommand;
 use crate::WindowsCommand;
 use crate::exit_status::handle_exit_status;
 
-#[cfg(target_os = "macos")]
-use seatbelt::DenialLogger;
-
 #[cfg(target_os = "macos")]
 pub async fn run_command_under_seatbelt(
     command: SeatbeltCommand,
@@ -30,7 +22,6 @@ pub async fn run_command_under_seatbelt(
 ) -> anyhow::Result<()> {
     let SeatbeltCommand {
         full_auto,
-        log_denials,
         config_overrides,
         command,
     } = command;
@@ -40,7 +31,6 @@ pub async fn run_command_under_seatbelt(
         config_overrides,
         codex_linux_sandbox_exe,
         SandboxType::Seatbelt,
-        log_denials,
     )
     .await
 }
@@ -68,7 +58,6 @@ pub async fn run_command_under_landlock(
         config_overrides,
         codex_linux_sandbox_exe,
         SandboxType::Landlock,
-        false,
     )
     .await
 }
@@ -88,7 +77,6 @@ pub async fn run_command_under_windows(
         config_overrides,
         codex_linux_sandbox_exe,
         SandboxType::Windows,
-        false,
     )
     .await
 }
@@ -106,7 +94,6 @@ async fn run_command_under_sandbox(
     config_overrides: CliConfigOverrides,
     codex_linux_sandbox_exe: Option<PathBuf>,
     sandbox_type: SandboxType,
-    log_denials: bool,
 ) -> anyhow::Result<()> {
     let sandbox_mode = create_sandbox_mode(full_auto);
     let config = Config::load_with_cli_overrides(
@@ -193,11 +180,6 @@ async fn run_command_under_sandbox(
         }
     }
 
-    #[cfg(target_os = "macos")]
-    let mut denial_logger = log_denials.then(DenialLogger::new).flatten();
-    #[cfg(not(target_os = "macos"))]
-    let _ = log_denials;
-
     let mut child = match sandbox_type {
         #[cfg(target_os = "macos")]
         SandboxType::Seatbelt => {
@@ -231,27 +213,8 @@ async fn run_command_under_sandbox(
             unreachable!("Windows sandbox should have been handled above");
         }
     };
-
-    #[cfg(target_os = "macos")]
-    if let Some(denial_logger) = &mut denial_logger {
-        denial_logger.on_child_spawn(&child);
-    }
-
     let status = child.wait().await?;
 
-    #[cfg(target_os = "macos")]
-    if let Some(denial_logger) = denial_logger {
-        let denials = denial_logger.finish().await;
-        eprintln!("\n=== Sandbox denials ===");
-        if denials.is_empty() {
-            eprintln!("None found.");
-        } else {
-            for seatbelt::SandboxDenial { name, capability } in denials {
-                eprintln!("({name}) {capability}");
-            }
-        }
-    }
-
     handle_exit_status(status);
 }
 

codex-rs/cli/src/debug_sandbox/pid_tracker.rs

@@ -1,372 +0,0 @@
-use std::collections::HashSet;
-use tokio::task::JoinHandle;
-use tracing::warn;
-
-/// Tracks the (recursive) descendants of a process by using `kqueue` to watch for fork events, and
-/// `proc_listchildpids` to list the children of a process.
-pub(crate) struct PidTracker {
-    kq: libc::c_int,
-    handle: JoinHandle<HashSet<i32>>,
-}
-
-impl PidTracker {
-    pub(crate) fn new(root_pid: i32) -> Option<Self> {
-        if root_pid <= 0 {
-            return None;
-        }
-
-        let kq = unsafe { libc::kqueue() };
-        let handle = tokio::task::spawn_blocking(move || track_descendants(kq, root_pid));
-
-        Some(Self { kq, handle })
-    }
-
-    pub(crate) async fn stop(self) -> HashSet<i32> {
-        trigger_stop_event(self.kq);
-        self.handle.await.unwrap_or_default()
-    }
-}
-
-unsafe extern "C" {
-    fn proc_listchildpids(
-        ppid: libc::c_int,
-        buffer: *mut libc::c_void,
-        buffersize: libc::c_int,
-    ) -> libc::c_int;
-}
-
-/// Wrap proc_listchildpids.
-fn list_child_pids(parent: i32) -> Vec<i32> {
-    unsafe {
-        let mut capacity: usize = 16;
-        loop {
-            let mut buf: Vec<i32> = vec![0; capacity];
-            let count = proc_listchildpids(
-                parent as libc::c_int,
-                buf.as_mut_ptr() as *mut libc::c_void,
-                (buf.len() * std::mem::size_of::<i32>()) as libc::c_int,
-            );
-            if count <= 0 {
-                return Vec::new();
-            }
-            let returned = count as usize;
-            if returned < capacity {
-                buf.truncate(returned);
-                return buf;
-            }
-            capacity = capacity.saturating_mul(2).max(returned + 16);
-        }
-    }
-}
-
-fn pid_is_alive(pid: i32) -> bool {
-    if pid <= 0 {
-        return false;
-    }
-    let res = unsafe { libc::kill(pid as libc::pid_t, 0) };
-    if res == 0 {
-        true
-    } else {
-        matches!(
-            std::io::Error::last_os_error().raw_os_error(),
-            Some(libc::EPERM)
-        )
-    }
-}
-
-enum WatchPidError {
-    ProcessGone,
-    Other(std::io::Error),
-}
-
-/// Add `pid` to the watch list in `kq`.
-fn watch_pid(kq: libc::c_int, pid: i32) -> Result<(), WatchPidError> {
-    if pid <= 0 {
-        return Err(WatchPidError::ProcessGone);
-    }
-
-    let kev = libc::kevent {
-        ident: pid as libc::uintptr_t,
-        filter: libc::EVFILT_PROC,
-        flags: libc::EV_ADD | libc::EV_CLEAR,
-        fflags: libc::NOTE_FORK | libc::NOTE_EXEC | libc::NOTE_EXIT,
-        data: 0,
-        udata: std::ptr::null_mut(),
-    };
-
-    let res = unsafe { libc::kevent(kq, &kev, 1, std::ptr::null_mut(), 0, std::ptr::null()) };
-    if res < 0 {
-        let err = std::io::Error::last_os_error();
-        if err.raw_os_error() == Some(libc::ESRCH) {
-            Err(WatchPidError::ProcessGone)
-        } else {
-            Err(WatchPidError::Other(err))
-        }
-    } else {
-        Ok(())
-    }
-}
-
-fn watch_children(
-    kq: libc::c_int,
-    parent: i32,
-    seen: &mut HashSet<i32>,
-    active: &mut HashSet<i32>,
-) {
-    for child_pid in list_child_pids(parent) {
-        add_pid_watch(kq, child_pid, seen, active);
-    }
-}
-
-/// Watch `pid` and its children, updating `seen` and `active` sets.
-fn add_pid_watch(kq: libc::c_int, pid: i32, seen: &mut HashSet<i32>, active: &mut HashSet<i32>) {
-    if pid <= 0 {
-        return;
-    }
-
-    let newly_seen = seen.insert(pid);
-    let mut should_recurse = newly_seen;
-
-    if active.insert(pid) {
-        match watch_pid(kq, pid) {
-            Ok(()) => {
-                should_recurse = true;
-            }
-            Err(WatchPidError::ProcessGone) => {
-                active.remove(&pid);
-                return;
-            }
-            Err(WatchPidError::Other(err)) => {
-                warn!("failed to watch pid {pid}: {err}");
-                active.remove(&pid);
-                return;
-            }
-        }
-    }
-
-    if should_recurse {
-        watch_children(kq, pid, seen, active);
-    }
-}
-const STOP_IDENT: libc::uintptr_t = 1;
-
-fn register_stop_event(kq: libc::c_int) -> bool {
-    let kev = libc::kevent {
-        ident: STOP_IDENT,
-        filter: libc::EVFILT_USER,
-        flags: libc::EV_ADD | libc::EV_CLEAR,
-        fflags: 0,
-        data: 0,
-        udata: std::ptr::null_mut(),
-    };
-
-    let res = unsafe { libc::kevent(kq, &kev, 1, std::ptr::null_mut(), 0, std::ptr::null()) };
-    res >= 0
-}
-
-fn trigger_stop_event(kq: libc::c_int) {
-    if kq < 0 {
-        return;
-    }
-
-    let kev = libc::kevent {
-        ident: STOP_IDENT,
-        filter: libc::EVFILT_USER,
-        flags: 0,
-        fflags: libc::NOTE_TRIGGER,
-        data: 0,
-        udata: std::ptr::null_mut(),
-    };
-
-    let _ = unsafe { libc::kevent(kq, &kev, 1, std::ptr::null_mut(), 0, std::ptr::null()) };
-}
-
-/// Put all of the above together to track all the descendants of `root_pid`.
-fn track_descendants(kq: libc::c_int, root_pid: i32) -> HashSet<i32> {
-    if kq < 0 {
-        let mut seen = HashSet::new();
-        seen.insert(root_pid);
-        return seen;
-    }
-
-    if !register_stop_event(kq) {
-        let mut seen = HashSet::new();
-        seen.insert(root_pid);
-        let _ = unsafe { libc::close(kq) };
-        return seen;
-    }
-
-    let mut seen: HashSet<i32> = HashSet::new();
-    let mut active: HashSet<i32> = HashSet::new();
-
-    add_pid_watch(kq, root_pid, &mut seen, &mut active);
-
-    const EVENTS_CAP: usize = 32;
-    let mut events: [libc::kevent; EVENTS_CAP] =
-        unsafe { std::mem::MaybeUninit::zeroed().assume_init() };
-
-    let mut stop_requested = false;
-    loop {
-        if active.is_empty() {
-            if !pid_is_alive(root_pid) {
-                break;
-            }
-            add_pid_watch(kq, root_pid, &mut seen, &mut active);
-            if active.is_empty() {
-                continue;
-            }
-        }
-
-        let nev = unsafe {
-            libc::kevent(
-                kq,
-                std::ptr::null::<libc::kevent>(),
-                0,
-                events.as_mut_ptr(),
-                EVENTS_CAP as libc::c_int,
-                std::ptr::null(),
-            )
-        };
-
-        if nev < 0 {
-            let err = std::io::Error::last_os_error();
-            if err.kind() == std::io::ErrorKind::Interrupted {
-                continue;
-            }
-            break;
-        }
-
-        if nev == 0 {
-            continue;
-        }
-
-        for ev in events.iter().take(nev as usize) {
-            let pid = ev.ident as i32;
-
-            if ev.filter == libc::EVFILT_USER && ev.ident == STOP_IDENT {
-                stop_requested = true;
-                break;
-            }
-
-            if (ev.flags & libc::EV_ERROR) != 0 {
-                if ev.data == libc::ESRCH as isize {
-                    active.remove(&pid);
-                }
-                continue;
-            }
-
-            if (ev.fflags & libc::NOTE_FORK) != 0 {
-                watch_children(kq, pid, &mut seen, &mut active);
-            }
-
-            if (ev.fflags & libc::NOTE_EXIT) != 0 {
-                active.remove(&pid);
-            }
-        }
-
-        if stop_requested {
-            break;
-        }
-    }
-
-    let _ = unsafe { libc::close(kq) };
-
-    seen
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use std::process::Command;
-    use std::process::Stdio;
-    use std::time::Duration;
-
-    #[test]
-    fn pid_is_alive_detects_current_process() {
-        let pid = std::process::id() as i32;
-        assert!(pid_is_alive(pid));
-    }
-
-    #[cfg(target_os = "macos")]
-    #[test]
-    fn list_child_pids_includes_spawned_child() {
-        let mut child = Command::new("/bin/sleep")
-            .arg("5")
-            .stdin(Stdio::null())
-            .spawn()
-            .expect("failed to spawn child process");
-
-        let child_pid = child.id() as i32;
-        let parent_pid = std::process::id() as i32;
-
-        let mut found = false;
-        for _ in 0..100 {
-            if list_child_pids(parent_pid).contains(&child_pid) {
-                found = true;
-                break;
-            }
-            std::thread::sleep(Duration::from_millis(10));
-        }
-
-        let _ = child.kill();
-        let _ = child.wait();
-
-        assert!(found, "expected to find child pid {child_pid} in list");
-    }
-
-    #[cfg(target_os = "macos")]
-    #[tokio::test]
-    async fn pid_tracker_collects_spawned_children() {
-        let tracker = PidTracker::new(std::process::id() as i32).expect("failed to create tracker");
-
-        let mut child = Command::new("/bin/sleep")
-            .arg("0.1")
-            .stdin(Stdio::null())
-            .spawn()
-            .expect("failed to spawn child process");
-
-        let child_pid = child.id() as i32;
-        let parent_pid = std::process::id() as i32;
-
-        let _ = child.wait();
-
-        let seen = tracker.stop().await;
-
-        assert!(
-            seen.contains(&parent_pid),
-            "expected tracker to include parent pid {parent_pid}"
-        );
-        assert!(
-            seen.contains(&child_pid),
-            "expected tracker to include child pid {child_pid}"
-        );
-    }
-
-    #[cfg(target_os = "macos")]
-    #[tokio::test]
-    async fn pid_tracker_collects_bash_subshell_descendants() {
-        let tracker = PidTracker::new(std::process::id() as i32).expect("failed to create tracker");
-
-        let child = Command::new("/bin/bash")
-            .arg("-c")
-            .arg("(sleep 0.1 & echo $!; wait)")
-            .stdin(Stdio::null())
-            .stdout(Stdio::piped())
-            .stderr(Stdio::null())
-            .spawn()
-            .expect("failed to spawn bash");
-
-        let output = child.wait_with_output().unwrap().stdout;
-        let subshell_pid = String::from_utf8_lossy(&output)
-            .trim()
-            .parse::<i32>()
-            .expect("failed to parse subshell pid");
-
-        let seen = tracker.stop().await;
-
-        assert!(
-            seen.contains(&subshell_pid),
-            "expected tracker to include subshell pid {subshell_pid}"
-        );
-    }
-}

codex-rs/cli/src/debug_sandbox/seatbelt.rs

@@ -1,114 +0,0 @@
-use std::collections::HashSet;
-use tokio::io::AsyncBufReadExt;
-use tokio::process::Child;
-use tokio::task::JoinHandle;
-
-use super::pid_tracker::PidTracker;
-
-pub struct SandboxDenial {
-    pub name: String,
-    pub capability: String,
-}
-
-pub struct DenialLogger {
-    log_stream: Child,
-    pid_tracker: Option<PidTracker>,
-    log_reader: Option<JoinHandle<Vec<u8>>>,
-}
-
-impl DenialLogger {
-    pub(crate) fn new() -> Option<Self> {
-        let mut log_stream = start_log_stream()?;
-        let stdout = log_stream.stdout.take()?;
-        let log_reader = tokio::spawn(async move {
-            let mut reader = tokio::io::BufReader::new(stdout);
-            let mut logs = Vec::new();
-            let mut chunk = Vec::new();
-            loop {
-                match reader.read_until(b'\n', &mut chunk).await {
-                    Ok(0) | Err(_) => break,
-                    Ok(_) => {
-                        logs.extend_from_slice(&chunk);
-                        chunk.clear();
-                    }
-                }
-            }
-            logs
-        });
-
-        Some(Self {
-            log_stream,
-            pid_tracker: None,
-            log_reader: Some(log_reader),
-        })
-    }
-
-    pub(crate) fn on_child_spawn(&mut self, child: &Child) {
-        if let Some(root_pid) = child.id() {
-            self.pid_tracker = PidTracker::new(root_pid as i32);
-        }
-    }
-
-    pub(crate) async fn finish(mut self) -> Vec<SandboxDenial> {
-        let pid_set = match self.pid_tracker {
-            Some(tracker) => tracker.stop().await,
-            None => Default::default(),
-        };
-
-        if pid_set.is_empty() {
-            return Vec::new();
-        }
-
-        let _ = self.log_stream.kill().await;
-        let _ = self.log_stream.wait().await;
-
-        let logs_bytes = match self.log_reader.take() {
-            Some(handle) => handle.await.unwrap_or_default(),
-            None => Vec::new(),
-        };
-        let logs = String::from_utf8_lossy(&logs_bytes);
-
-        let mut seen: HashSet<(String, String)> = HashSet::new();
-        let mut denials: Vec<SandboxDenial> = Vec::new();
-        for line in logs.lines() {
-            if let Ok(json) = serde_json::from_str::<serde_json::Value>(line)
-                && let Some(msg) = json.get("eventMessage").and_then(|v| v.as_str())
-                && let Some((pid, name, capability)) = parse_message(msg)
-                && pid_set.contains(&pid)
-                && seen.insert((name.clone(), capability.clone()))
-            {
-                denials.push(SandboxDenial { name, capability });
-            }
-        }
-        denials
-    }
-}
-
-fn start_log_stream() -> Option<Child> {
-    use std::process::Stdio;
-
-    const PREDICATE: &str = r#"(((processID == 0) AND (senderImagePath CONTAINS "/Sandbox")) OR (subsystem == "com.apple.sandbox.reporting"))"#;
-
-    tokio::process::Command::new("log")
-        .args(["stream", "--style", "ndjson", "--predicate", PREDICATE])
-        .stdin(Stdio::null())
-        .stdout(Stdio::piped())
-        .stderr(Stdio::null())
-        .kill_on_drop(true)
-        .spawn()
-        .ok()
-}
-
-fn parse_message(msg: &str) -> Option<(i32, String, String)> {
-    // Example message:
-    // Sandbox: processname(1234) deny(1) capability-name args...
-    static RE: std::sync::OnceLock<regex_lite::Regex> = std::sync::OnceLock::new();
-    let re = RE.get_or_init(|| {
-        #[expect(clippy::unwrap_used)]
-        regex_lite::Regex::new(r"^Sandbox:\s*(.+?)\((\d+)\)\s+deny\(.*?\)\s*(.+)$").unwrap()
-    });
-
-    let (_, [name, pid_str, capability]) = re.captures(msg)?.extract();
-    let pid = pid_str.trim().parse::<i32>().ok()?;
-    Some((pid, name.to_string(), capability.to_string()))
-}

codex-rs/cli/src/lib.rs

@@ -11,10 +11,6 @@ pub struct SeatbeltCommand {
     #[arg(long = "full-auto", default_value_t = false)]
     pub full_auto: bool,
 
-    /// While the command runs, capture macOS sandbox denials via `log stream` and print them after exit
-    #[arg(long = "log-denials", default_value_t = false)]
-    pub log_denials: bool,
-
     #[clap(skip)]
     pub config_overrides: CliConfigOverrides,
 

codex-rs/common/src/config_override.rs

@@ -151,15 +151,6 @@ mod tests {
         assert_eq!(v.as_integer(), Some(42));
     }
 
-    #[test]
-    fn parses_bool() {
-        let true_literal = parse_toml_value("true").expect("parse");
-        assert_eq!(true_literal.as_bool(), Some(true));
-
-        let false_literal = parse_toml_value("false").expect("parse");
-        assert_eq!(false_literal.as_bool(), Some(false));
-    }
-
     #[test]
     fn fails_on_unquoted_string() {
         assert!(parse_toml_value("hello").is_err());

codex-rs/core/Cargo.toml

@@ -32,7 +32,6 @@ codex-utils-pty = { workspace = true }
 codex-utils-readiness = { workspace = true }
 codex-utils-string = { workspace = true }
 codex-utils-tokenizer = { workspace = true }
-codex-windows-sandbox = { package = "codex-windows-sandbox", path = "../windows-sandbox-rs" }
 dirs = { workspace = true }
 dunce = { workspace = true }
 env-flags = { workspace = true }
@@ -84,6 +83,7 @@ tree-sitter-bash = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v4", "v5"] }
 which = { workspace = true }
 wildmatch = { workspace = true }
+codex_windows_sandbox = { package = "codex-windows-sandbox", path = "../windows-sandbox-rs" }
 
 
 [target.'cfg(target_os = "linux")'.dependencies]
@@ -104,9 +104,7 @@ openssl-sys = { workspace = true, features = ["vendored"] }
 [dev-dependencies]
 assert_cmd = { workspace = true }
 assert_matches = { workspace = true }
-codex-arg0 = { workspace = true }
 core_test_support = { workspace = true }
-ctor = { workspace = true }
 escargot = { workspace = true }
 image = { workspace = true, features = ["jpeg", "png"] }
 maplit = { workspace = true }

codex-rs/core/gpt_5_codex_prompt.md

@@ -2,8 +2,6 @@ You are Codex, based on GPT-5. You are running as a coding agent in the Codex CL
 
 ## General
 
-- The arguments to `shell` will be passed to execvp(). Most terminal commands should be prefixed with ["bash", "-lc"].
-- Always set the `workdir` param when using the shell function. Do not use `cd` unless absolutely necessary.
 - When searching for text or files, prefer using `rg` or `rg --files` respectively because `rg` is much faster than alternatives like `grep`. (If the `rg` command is not found, then use alternatives.)
 
 ## Editing constraints

codex-rs/core/src/bash.rs

@@ -88,33 +88,17 @@ pub fn try_parse_word_only_commands_sequence(tree: &Tree, src: &str) -> Option<V
     Some(commands)
 }
 
-pub fn is_well_known_sh_shell(shell: &str) -> bool {
-    if shell == "bash" || shell == "zsh" {
-        return true;
-    }
-
-    let shell_name = std::path::Path::new(shell)
-        .file_name()
-        .and_then(|s| s.to_str())
-        .unwrap_or(shell);
-    matches!(shell_name, "bash" | "zsh")
-}
-
-pub fn extract_bash_command(command: &[String]) -> Option<(&str, &str)> {
-    let [shell, flag, script] = command else {
-        return None;
-    };
-    if !matches!(flag.as_str(), "-lc" | "-c") || !is_well_known_sh_shell(shell) {
-        return None;
-    }
-    Some((shell, script))
-}
-
 /// Returns the sequence of plain commands within a `bash -lc "..."` or
 /// `zsh -lc "..."` invocation when the script only contains word-only commands
 /// joined by safe operators.
 pub fn parse_shell_lc_plain_commands(command: &[String]) -> Option<Vec<Vec<String>>> {
-    let (_, script) = extract_bash_command(command)?;
+    let [shell, flag, script] = command else {
+        return None;
+    };
+
+    if flag != "-lc" || !(shell == "bash" || shell == "zsh") {
+        return None;
+    }
 
     let tree = try_parse_shell(script)?;
     try_parse_word_only_commands_sequence(&tree, script)

codex-rs/core/src/codex.rs

@@ -97,7 +97,6 @@ use crate::protocol::Submission;
 use crate::protocol::TokenCountEvent;
 use crate::protocol::TokenUsage;
 use crate::protocol::TurnDiffEvent;
-use crate::protocol::WarningEvent;
 use crate::rollout::RolloutRecorder;
 use crate::rollout::RolloutRecorderParams;
 use crate::shell;
@@ -675,34 +674,6 @@ impl Session {
                 let rollout_items = conversation_history.get_rollout_items();
                 let persist = matches!(conversation_history, InitialHistory::Forked(_));
 
-                // If resuming, warn when the last recorded model differs from the current one.
-                if let InitialHistory::Resumed(_) = conversation_history
-                    && let Some(prev) = rollout_items.iter().rev().find_map(|it| {
-                        if let RolloutItem::TurnContext(ctx) = it {
-                            Some(ctx.model.as_str())
-                        } else {
-                            None
-                        }
-                    })
-                {
-                    let curr = turn_context.client.get_model();
-                    if prev != curr {
-                        warn!(
-                            "resuming session with different model: previous={prev}, current={curr}"
-                        );
-                        self.send_event(
-                                &turn_context,
-                                EventMsg::Warning(WarningEvent {
-                                    message: format!(
-                                        "This session was recorded with model `{prev}` but is resuming with `{curr}`. \
-                         Consider switching back to `{prev}` as it may affect Codex performance."
-                                    ),
-                                }),
-                            )
-                                .await;
-                    }
-                }
-
                 // Always add response items to conversation history
                 let reconstructed_history =
                     self.reconstruct_history_from_rollout(&turn_context, &rollout_items);
@@ -2352,7 +2323,6 @@ mod tests {
     use crate::tools::context::ToolOutput;
     use crate::tools::context::ToolPayload;
     use crate::tools::handlers::ShellHandler;
-    use crate::tools::handlers::UnifiedExecHandler;
     use crate::tools::registry::ToolHandler;
     use crate::turn_diff_tracker::TurnDiffTracker;
     use codex_app_server_protocol::AuthMode;
@@ -3092,48 +3062,6 @@ mod tests {
         assert!(exec_output.output.contains("hi"));
     }
 
-    #[tokio::test]
-    async fn unified_exec_rejects_escalated_permissions_when_policy_not_on_request() {
-        use crate::protocol::AskForApproval;
-        use crate::turn_diff_tracker::TurnDiffTracker;
-
-        let (session, mut turn_context_raw) = make_session_and_context();
-        turn_context_raw.approval_policy = AskForApproval::OnFailure;
-        let session = Arc::new(session);
-        let turn_context = Arc::new(turn_context_raw);
-        let tracker = Arc::new(tokio::sync::Mutex::new(TurnDiffTracker::new()));
-
-        let handler = UnifiedExecHandler;
-        let resp = handler
-            .handle(ToolInvocation {
-                session: Arc::clone(&session),
-                turn: Arc::clone(&turn_context),
-                tracker: Arc::clone(&tracker),
-                call_id: "exec-call".to_string(),
-                tool_name: "exec_command".to_string(),
-                payload: ToolPayload::Function {
-                    arguments: serde_json::json!({
-                        "cmd": "echo hi",
-                        "with_escalated_permissions": true,
-                        "justification": "need unsandboxed execution",
-                    })
-                    .to_string(),
-                },
-            })
-            .await;
-
-        let Err(FunctionCallError::RespondToModel(output)) = resp else {
-            panic!("expected error result");
-        };
-
-        let expected = format!(
-            "approval policy is {policy:?}; reject command — you cannot ask for escalated permissions if the approval policy is {policy:?}",
-            policy = turn_context.approval_policy
-        );
-
-        pretty_assertions::assert_eq!(output, expected);
-    }
-
     #[test]
     fn mcp_init_error_display_prompts_for_github_pat() {
         let server_name = "github";

codex-rs/core/src/features.rs

@@ -29,9 +29,6 @@ pub enum Stage {
 pub enum Feature {
     /// Use the single unified PTY-backed exec tool.
     UnifiedExec,
-    /// Use the shell command tool that takes `command` as a single string of
-    /// shell instead of an array of args passed to `execvp(3)`.
-    ShellCommandTool,
     /// Enable experimental RMCP features such as OAuth login.
     RmcpClient,
     /// Include the freeform apply_patch tool.
@@ -253,12 +250,6 @@ pub const FEATURES: &[FeatureSpec] = &[
         stage: Stage::Experimental,
         default_enabled: false,
     },
-    FeatureSpec {
-        id: Feature::ShellCommandTool,
-        key: "shell_command_tool",
-        stage: Stage::Experimental,
-        default_enabled: false,
-    },
     FeatureSpec {
         id: Feature::RmcpClient,
         key: "rmcp_client",
@@ -293,7 +284,7 @@ pub const FEATURES: &[FeatureSpec] = &[
         id: Feature::GhostCommit,
         key: "ghost_commit",
         stage: Stage::Experimental,
-        default_enabled: true,
+        default_enabled: false,
     },
     FeatureSpec {
         id: Feature::WindowsSandbox,

codex-rs/core/src/parse_command.rs

@@ -1,4 +1,3 @@
-use crate::bash::extract_bash_command;
 use crate::bash::try_parse_shell;
 use crate::bash::try_parse_word_only_commands_sequence;
 use codex_protocol::parse_command::ParsedCommand;
@@ -854,29 +853,6 @@ mod tests {
             }],
         );
     }
-
-    #[test]
-    fn bin_bash_lc_sed() {
-        assert_parsed(
-            &shlex_split_safe("/bin/bash -lc 'sed -n '1,10p' Cargo.toml'"),
-            vec![ParsedCommand::Read {
-                cmd: "sed -n '1,10p' Cargo.toml".to_string(),
-                name: "Cargo.toml".to_string(),
-                path: PathBuf::from("Cargo.toml"),
-            }],
-        );
-    }
-    #[test]
-    fn bin_zsh_lc_sed() {
-        assert_parsed(
-            &shlex_split_safe("/bin/zsh -lc 'sed -n '1,10p' Cargo.toml'"),
-            vec![ParsedCommand::Read {
-                cmd: "sed -n '1,10p' Cargo.toml".to_string(),
-                name: "Cargo.toml".to_string(),
-                path: PathBuf::from("Cargo.toml"),
-            }],
-        );
-    }
 }
 
 pub fn parse_command_impl(command: &[String]) -> Vec<ParsedCommand> {
@@ -1190,13 +1166,18 @@ fn parse_find_query_and_path(tail: &[String]) -> (Option<String>, Option<String>
 }
 
 fn parse_shell_lc_commands(original: &[String]) -> Option<Vec<ParsedCommand>> {
-    let (_, script) = extract_bash_command(original)?;
-
+    let [shell, flag, script] = original else {
+        return None;
+    };
+    if flag != "-lc" || !(shell == "bash" || shell == "zsh") {
+        return None;
+    }
     if let Some(tree) = try_parse_shell(script)
         && let Some(all_commands) = try_parse_word_only_commands_sequence(&tree, script)
         && !all_commands.is_empty()
     {
-        let script_tokens = shlex_split(script).unwrap_or_else(|| vec![script.to_string()]);
+        let script_tokens = shlex_split(script)
+            .unwrap_or_else(|| vec![shell.clone(), flag.clone(), script.clone()]);
         // Strip small formatting helpers (e.g., head/tail/awk/wc/etc) so we
         // bias toward the primary command when pipelines are present.
         // First, drop obvious small formatting helpers (e.g., wc/awk/etc).
@@ -1205,7 +1186,7 @@ fn parse_shell_lc_commands(original: &[String]) -> Option<Vec<ParsedCommand>> {
         let filtered_commands = drop_small_formatting_commands(all_commands);
         if filtered_commands.is_empty() {
             return Some(vec![ParsedCommand::Unknown {
-                cmd: script.to_string(),
+                cmd: script.clone(),
             }]);
         }
         // Build parsed commands, tracking `cd` segments to compute effective file paths.
@@ -1269,7 +1250,7 @@ fn parse_shell_lc_commands(original: &[String]) -> Option<Vec<ParsedCommand>> {
                             });
                             if has_pipe && has_sed_n {
                                 ParsedCommand::Read {
-                                    cmd: script.to_string(),
+                                    cmd: script.clone(),
                                     name,
                                     path,
                                 }
@@ -1314,7 +1295,7 @@ fn parse_shell_lc_commands(original: &[String]) -> Option<Vec<ParsedCommand>> {
         return Some(commands);
     }
     Some(vec![ParsedCommand::Unknown {
-        cmd: script.to_string(),
+        cmd: script.clone(),
     }])
 }
 

codex-rs/core/src/shell.rs

@@ -31,37 +31,16 @@ pub enum Shell {
 impl Shell {
     pub fn name(&self) -> Option<String> {
         match self {
-            Shell::Zsh(ZshShell { shell_path, .. }) | Shell::Bash(BashShell { shell_path, .. }) => {
-                std::path::Path::new(shell_path)
-                    .file_name()
-                    .map(|s| s.to_string_lossy().to_string())
-            }
+            Shell::Zsh(zsh) => std::path::Path::new(&zsh.shell_path)
+                .file_name()
+                .map(|s| s.to_string_lossy().to_string()),
+            Shell::Bash(bash) => std::path::Path::new(&bash.shell_path)
+                .file_name()
+                .map(|s| s.to_string_lossy().to_string()),
             Shell::PowerShell(ps) => Some(ps.exe.clone()),
             Shell::Unknown => None,
         }
     }
-
-    /// Takes a string of shell and returns the full list of command args to
-    /// use with `exec()` to run the shell command.
-    pub fn derive_exec_args(&self, command: &str, use_login_shell: bool) -> Vec<String> {
-        match self {
-            Shell::Zsh(ZshShell { shell_path, .. }) | Shell::Bash(BashShell { shell_path, .. }) => {
-                let arg = if use_login_shell { "-lc" } else { "-c" };
-                vec![shell_path.clone(), arg.to_string(), command.to_string()]
-            }
-            Shell::PowerShell(ps) => {
-                let mut args = vec![ps.exe.clone(), "-NoLogo".to_string()];
-                if !use_login_shell {
-                    args.push("-NoProfile".to_string());
-                }
-
-                args.push("-Command".to_string());
-                args.push(command.to_string());
-                args
-            }
-            Shell::Unknown => shlex::split(command).unwrap_or_else(|| vec![command.to_string()]),
-        }
-    }
 }
 
 #[cfg(unix)]

codex-rs/core/src/spawn.rs

@@ -73,44 +73,6 @@ pub(crate) async fn spawn_child_async(
                 return Err(std::io::Error::last_os_error());
             }
 
-            #[cfg(target_os = "macos")]
-            {
-                // macOS network stack (via reqwest/hyper) opens PF_SYSTEM control sockets
-                // such as com.apple.netsrc without setting FD_CLOEXEC. Those descriptors
-                // get inherited by shell tool children, which is surprising and lets the
-                // child talk to that kernel control socket. Close everything above stdio
-                // to keep those sockets (and any similar long-lived fds) out of subshells.
-                // We bound the sweep by min(RLIMIT_NOFILE, 128) because netsrc fds are
-                // low and this avoids a pathological case where another thread lowers
-                // the rlimit between opening the socket and spawning the child. If we ever
-                // move the reqwest traffic into a helper process, leaking these fds would
-                // be less concerning.
-                let mut max_fd = 128_i64;
-                let mut limit = libc::rlimit {
-                    rlim_cur: 0,
-                    rlim_max: 0,
-                };
-                if libc::getrlimit(libc::RLIMIT_NOFILE, &mut limit) == 0
-                    && limit.rlim_cur != libc::RLIM_INFINITY
-                {
-                    let soft_limit = limit.rlim_cur.min(i64::MAX as libc::rlim_t) as i64;
-                    max_fd = max_fd.min(soft_limit);
-                }
-
-                let bound = max_fd.max(3);
-                let mut fd = 3;
-                while (fd as i64) < bound {
-                    let flags = libc::fcntl(fd, libc::F_GETFD);
-                    // We leave CLOEXEC fds alone (for example, the stdlib
-                    // error-reporting pipe used when exec fails) and only close
-                    // descriptors that would have been inherited.
-                    if flags != -1 && (flags & libc::FD_CLOEXEC) == 0 {
-                        libc::close(fd);
-                    }
-                    fd += 1;
-                }
-            }
-
             // This relies on prctl(2), so it only works on Linux.
             #[cfg(target_os = "linux")]
             {

codex-rs/core/src/tasks/user_shell.rs

@@ -63,10 +63,27 @@ impl SessionTask for UserShellCommandTask {
         // Execute the user's script under their default shell when known; this
         // allows commands that use shell features (pipes, &&, redirects, etc.).
         // We do not source rc files or otherwise reformat the script.
-        let use_login_shell = true;
-        let shell_invocation = session
-            .user_shell()
-            .derive_exec_args(&self.command, use_login_shell);
+        let shell_invocation = match session.user_shell() {
+            crate::shell::Shell::Zsh(zsh) => vec![
+                zsh.shell_path.clone(),
+                "-lc".to_string(),
+                self.command.clone(),
+            ],
+            crate::shell::Shell::Bash(bash) => vec![
+                bash.shell_path.clone(),
+                "-lc".to_string(),
+                self.command.clone(),
+            ],
+            crate::shell::Shell::PowerShell(ps) => vec![
+                ps.exe.clone(),
+                "-NoProfile".to_string(),
+                "-Command".to_string(),
+                self.command.clone(),
+            ],
+            crate::shell::Shell::Unknown => {
+                shlex::split(&self.command).unwrap_or_else(|| vec![self.command.clone()])
+            }
+        };
 
         let call_id = Uuid::new_v4().to_string();
         let raw_command = self.command.clone();

codex-rs/core/src/tools/handlers/mod.rs

@@ -19,7 +19,6 @@ pub use mcp::McpHandler;
 pub use mcp_resource::McpResourceHandler;
 pub use plan::PlanHandler;
 pub use read_file::ReadFileHandler;
-pub use shell::ShellCommandHandler;
 pub use shell::ShellHandler;
 pub use test_sync::TestSyncHandler;
 pub use unified_exec::UnifiedExecHandler;

codex-rs/core/src/tools/handlers/shell.rs

@@ -1,5 +1,4 @@
 use async_trait::async_trait;
-use codex_protocol::models::ShellCommandToolCallParams;
 use codex_protocol::models::ShellToolCallParams;
 use std::sync::Arc;
 
@@ -26,8 +25,6 @@ use crate::tools::sandboxing::ToolCtx;
 
 pub struct ShellHandler;
 
-pub struct ShellCommandHandler;
-
 impl ShellHandler {
     fn to_exec_params(params: ShellToolCallParams, turn_context: &TurnContext) -> ExecParams {
         ExecParams {
@@ -42,28 +39,6 @@ impl ShellHandler {
     }
 }
 
-impl ShellCommandHandler {
-    fn to_exec_params(
-        params: ShellCommandToolCallParams,
-        session: &crate::codex::Session,
-        turn_context: &TurnContext,
-    ) -> ExecParams {
-        let shell = session.user_shell();
-        let use_login_shell = true;
-        let command = shell.derive_exec_args(&params.command, use_login_shell);
-
-        ExecParams {
-            command,
-            cwd: turn_context.resolve_path(params.workdir.clone()),
-            timeout_ms: params.timeout_ms,
-            env: create_env(&turn_context.shell_environment_policy),
-            with_escalated_permissions: params.with_escalated_permissions,
-            justification: params.justification,
-            arg0: None,
-        }
-    }
-}
-
 #[async_trait]
 impl ToolHandler for ShellHandler {
     fn kind(&self) -> ToolKind {
@@ -127,49 +102,6 @@ impl ToolHandler for ShellHandler {
     }
 }
 
-#[async_trait]
-impl ToolHandler for ShellCommandHandler {
-    fn kind(&self) -> ToolKind {
-        ToolKind::Function
-    }
-
-    fn matches_kind(&self, payload: &ToolPayload) -> bool {
-        matches!(payload, ToolPayload::Function { .. })
-    }
-
-    async fn handle(&self, invocation: ToolInvocation) -> Result<ToolOutput, FunctionCallError> {
-        let ToolInvocation {
-            session,
-            turn,
-            tracker,
-            call_id,
-            tool_name,
-            payload,
-        } = invocation;
-
-        let ToolPayload::Function { arguments } = payload else {
-            return Err(FunctionCallError::RespondToModel(format!(
-                "unsupported payload for shell_command handler: {tool_name}"
-            )));
-        };
-
-        let params: ShellCommandToolCallParams = serde_json::from_str(&arguments).map_err(|e| {
-            FunctionCallError::RespondToModel(format!("failed to parse function arguments: {e:?}"))
-        })?;
-        let exec_params = Self::to_exec_params(params, session.as_ref(), turn.as_ref());
-        ShellHandler::run_exec_like(
-            tool_name.as_str(),
-            exec_params,
-            session,
-            turn,
-            tracker,
-            call_id,
-            false,
-        )
-        .await
-    }
-}
-
 impl ShellHandler {
     async fn run_exec_like(
         tool_name: &str,
@@ -308,49 +240,3 @@ impl ShellHandler {
         })
     }
 }
-
-#[cfg(test)]
-mod tests {
-    use crate::is_safe_command::is_known_safe_command;
-    use crate::shell::BashShell;
-    use crate::shell::Shell;
-    use crate::shell::ZshShell;
-
-    /// The logic for is_known_safe_command() has heuristics for known shells,
-    /// so we must ensure the commands generated by [ShellCommandHandler] can be
-    /// recognized as safe if the `command` is safe.
-    #[test]
-    fn commands_generated_by_shell_command_handler_can_be_matched_by_is_known_safe_command() {
-        let bash_shell = Shell::Bash(BashShell {
-            shell_path: "/bin/bash".to_string(),
-            bashrc_path: "/home/user/.bashrc".to_string(),
-        });
-        assert_safe(&bash_shell, "ls -la");
-
-        let zsh_shell = Shell::Zsh(ZshShell {
-            shell_path: "/bin/zsh".to_string(),
-            zshrc_path: "/home/user/.zshrc".to_string(),
-        });
-        assert_safe(&zsh_shell, "ls -la");
-
-        #[cfg(target_os = "windows")]
-        {
-            use crate::shell::PowerShellConfig;
-
-            let powershell = Shell::PowerShell(PowerShellConfig {
-                exe: "pwsh.exe".to_string(),
-                bash_exe_fallback: None,
-            });
-            assert_safe(&powershell, "ls -Name");
-        }
-    }
-
-    fn assert_safe(shell: &Shell, command: &str) {
-        assert!(is_known_safe_command(
-            &shell.derive_exec_args(command, /* use_login_shell */ true)
-        ));
-        assert!(is_known_safe_command(
-            &shell.derive_exec_args(command, /* use_login_shell */ false)
-        ));
-    }
-}

codex-rs/core/src/tools/handlers/unified_exec.rs

@@ -36,10 +36,6 @@ struct ExecCommandArgs {
     yield_time_ms: Option<u64>,
     #[serde(default)]
     max_output_tokens: Option<usize>,
-    #[serde(default)]
-    with_escalated_permissions: Option<bool>,
-    #[serde(default)]
-    justification: Option<String>,
 }
 
 #[derive(Debug, Deserialize)]
@@ -104,30 +100,8 @@ impl ToolHandler for UnifiedExecHandler {
                         "failed to parse exec_command arguments: {err:?}"
                     ))
                 })?;
-                let ExecCommandArgs {
-                    cmd,
-                    workdir,
-                    shell,
-                    login,
-                    yield_time_ms,
-                    max_output_tokens,
-                    with_escalated_permissions,
-                    justification,
-                } = args;
-
-                if with_escalated_permissions.unwrap_or(false)
-                    && !matches!(
-                        context.turn.approval_policy,
-                        codex_protocol::protocol::AskForApproval::OnRequest
-                    )
-                {
-                    return Err(FunctionCallError::RespondToModel(format!(
-                        "approval policy is {policy:?}; reject command — you cannot ask for escalated permissions if the approval policy is {policy:?}",
-                        policy = context.turn.approval_policy
-                    )));
-                }
-
-                let workdir = workdir
+                let workdir = args
+                    .workdir
                     .as_deref()
                     .filter(|value| !value.is_empty())
                     .map(PathBuf::from);
@@ -139,20 +113,18 @@ impl ToolHandler for UnifiedExecHandler {
                     &context.call_id,
                     None,
                 );
-                let emitter = ToolEmitter::unified_exec(cmd.clone(), cwd.clone(), true);
+                let emitter = ToolEmitter::unified_exec(args.cmd.clone(), cwd.clone(), true);
                 emitter.emit(event_ctx, ToolEventStage::Begin).await;
 
                 manager
                     .exec_command(
                         ExecCommandRequest {
-                            command: &cmd,
-                            shell: &shell,
-                            login,
-                            yield_time_ms,
-                            max_output_tokens,
+                            command: &args.cmd,
+                            shell: &args.shell,
+                            login: args.login,
+                            yield_time_ms: args.yield_time_ms,
+                            max_output_tokens: args.max_output_tokens,
                             workdir,
-                            with_escalated_permissions,
-                            justification,
                         },
                         &context,
                     )

codex-rs/core/src/tools/parallel.rs

@@ -65,9 +65,9 @@ impl ToolCallRuntime {
                         Ok(Self::aborted_response(&call, secs))
                     },
                     res = async {
-                        tracing::trace!("waiting for tool gate");
+                        tracing::info!("waiting for tool gate");
                         readiness.wait_ready().await;
-                        tracing::trace!("tool gate released");
+                        tracing::info!("tool gate released");
                         let _guard = if supports_parallel {
                             Either::Left(lock.read().await)
                         } else {

codex-rs/core/src/tools/runtimes/unified_exec.rs

@@ -34,8 +34,6 @@ pub struct UnifiedExecRequest {
     pub command: Vec<String>,
     pub cwd: PathBuf,
     pub env: HashMap<String, String>,
-    pub with_escalated_permissions: Option<bool>,
-    pub justification: Option<String>,
 }
 
 impl ProvidesSandboxRetryData for UnifiedExecRequest {
@@ -51,7 +49,6 @@ impl ProvidesSandboxRetryData for UnifiedExecRequest {
 pub struct UnifiedExecApprovalKey {
     pub command: Vec<String>,
     pub cwd: PathBuf,
-    pub escalated: bool,
 }
 
 pub struct UnifiedExecRuntime<'a> {
@@ -59,20 +56,8 @@ pub struct UnifiedExecRuntime<'a> {
 }
 
 impl UnifiedExecRequest {
-    pub fn new(
-        command: Vec<String>,
-        cwd: PathBuf,
-        env: HashMap<String, String>,
-        with_escalated_permissions: Option<bool>,
-        justification: Option<String>,
-    ) -> Self {
-        Self {
-            command,
-            cwd,
-            env,
-            with_escalated_permissions,
-            justification,
-        }
+    pub fn new(command: Vec<String>, cwd: PathBuf, env: HashMap<String, String>) -> Self {
+        Self { command, cwd, env }
     }
 }
 
@@ -99,7 +84,6 @@ impl Approvable<UnifiedExecRequest> for UnifiedExecRuntime<'_> {
         UnifiedExecApprovalKey {
             command: req.command.clone(),
             cwd: req.cwd.clone(),
-            escalated: req.with_escalated_permissions.unwrap_or(false),
         }
     }
 
@@ -114,10 +98,7 @@ impl Approvable<UnifiedExecRequest> for UnifiedExecRuntime<'_> {
         let call_id = ctx.call_id.to_string();
         let command = req.command.clone();
         let cwd = req.cwd.clone();
-        let reason = ctx
-            .retry_reason
-            .clone()
-            .or_else(|| req.justification.clone());
+        let reason = ctx.retry_reason.clone();
         let risk = ctx.risk.clone();
         Box::pin(async move {
             with_cached_approval(&session.services, key, || async move {
@@ -135,16 +116,7 @@ impl Approvable<UnifiedExecRequest> for UnifiedExecRuntime<'_> {
         policy: AskForApproval,
         sandbox_policy: &SandboxPolicy,
     ) -> bool {
-        requires_initial_appoval(
-            policy,
-            sandbox_policy,
-            &req.command,
-            req.with_escalated_permissions.unwrap_or(false),
-        )
-    }
-
-    fn wants_escalated_first_attempt(&self, req: &UnifiedExecRequest) -> bool {
-        req.with_escalated_permissions.unwrap_or(false)
+        requires_initial_appoval(policy, sandbox_policy, &req.command, false)
     }
 }
 
@@ -155,15 +127,8 @@ impl<'a> ToolRuntime<UnifiedExecRequest, UnifiedExecSession> for UnifiedExecRunt
         attempt: &SandboxAttempt<'_>,
         _ctx: &ToolCtx<'_>,
     ) -> Result<UnifiedExecSession, ToolError> {
-        let spec = build_command_spec(
-            &req.command,
-            &req.cwd,
-            &req.env,
-            None,
-            req.with_escalated_permissions,
-            req.justification.clone(),
-        )
-        .map_err(|_| ToolError::Rejected("missing command line for PTY".to_string()))?;
+        let spec = build_command_spec(&req.command, &req.cwd, &req.env, None, None, None)
+            .map_err(|_| ToolError::Rejected("missing command line for PTY".to_string()))?;
         let exec_env = attempt
             .env_for(&spec)
             .map_err(|err| ToolError::Codex(err.into()))?;

codex-rs/core/src/tools/spec.rs

@@ -20,8 +20,6 @@ pub enum ConfigShellToolType {
     Default,
     Local,
     UnifiedExec,
-    /// Takes a command as a single string to be run in the user's default shell.
-    ShellCommand,
 }
 
 #[derive(Debug, Clone)]
@@ -50,8 +48,6 @@ impl ToolsConfig {
 
         let shell_type = if features.enabled(Feature::UnifiedExec) {
             ConfigShellToolType::UnifiedExec
-        } else if features.enabled(Feature::ShellCommandTool) {
-            ConfigShellToolType::ShellCommand
         } else {
             model_family.shell_type.clone()
         };
@@ -181,30 +177,15 @@ fn create_exec_command_tool() -> ToolSpec {
             ),
         },
     );
-    properties.insert(
-        "with_escalated_permissions".to_string(),
-        JsonSchema::Boolean {
-            description: Some(
-                "Whether to request escalated permissions. Set to true if command needs to be run without sandbox restrictions"
-                    .to_string(),
-            ),
-        },
-    );
-    properties.insert(
-        "justification".to_string(),
-        JsonSchema::String {
-            description: Some(
-                "Only set if with_escalated_permissions is true. 1-sentence explanation of why we want to run this command."
-                    .to_string(),
-            ),
-        },
-    );
 
     ToolSpec::Function(ResponsesApiTool {
         name: "exec_command".to_string(),
         description:
-            "Runs a command in a PTY, returning output or a session ID for ongoing interaction."
-                .to_string(),
+            concat!(
+              "Runs a command in a PTY, returning output or a session ID for ongoing interaction.\n",
+              "- Always set the `workdir` param when using the shell function. Do not use `cd` unless absolutely necessary."
+            )
+            .to_string(),
         strict: false,
         parameters: JsonSchema::Object {
             properties,
@@ -296,54 +277,12 @@ fn create_shell_tool() -> ToolSpec {
 
     ToolSpec::Function(ResponsesApiTool {
         name: "shell".to_string(),
-        description: "Runs a shell command and returns its output.".to_string(),
-        strict: false,
-        parameters: JsonSchema::Object {
-            properties,
-            required: Some(vec!["command".to_string()]),
-            additional_properties: Some(false.into()),
-        },
-    })
-}
-
-fn create_shell_command_tool() -> ToolSpec {
-    let mut properties = BTreeMap::new();
-    properties.insert(
-        "command".to_string(),
-        JsonSchema::String {
-            description: Some(
-                "The shell script to execute in the user's default shell".to_string(),
-            ),
-        },
-    );
-    properties.insert(
-        "workdir".to_string(),
-        JsonSchema::String {
-            description: Some("The working directory to execute the command in".to_string()),
-        },
-    );
-    properties.insert(
-        "timeout_ms".to_string(),
-        JsonSchema::Number {
-            description: Some("The timeout for the command in milliseconds".to_string()),
-        },
-    );
-    properties.insert(
-        "with_escalated_permissions".to_string(),
-        JsonSchema::Boolean {
-            description: Some("Whether to request escalated permissions. Set to true if command needs to be run without sandbox restrictions".to_string()),
-        },
-    );
-    properties.insert(
-        "justification".to_string(),
-        JsonSchema::String {
-            description: Some("Only set if with_escalated_permissions is true. 1-sentence explanation of why we want to run this command.".to_string()),
-        },
-    );
-
-    ToolSpec::Function(ResponsesApiTool {
-        name: "shell_command".to_string(),
-        description: "Runs a shell command string and returns its output.".to_string(),
+        description: concat!(
+            "Runs a shell command and returns its output.\n",
+            "- The value of `command` will be passed to execvp(). Most terminal commands should be prefixed with [`bash`, `-lc`].\n",
+            "- Always set the `workdir` param when using the shell function. Do not use `cd` unless absolutely necessary.",
+        )
+        .to_string(),
         strict: false,
         parameters: JsonSchema::Object {
             properties,
@@ -942,7 +881,6 @@ pub(crate) fn build_specs(
     use crate::tools::handlers::McpResourceHandler;
     use crate::tools::handlers::PlanHandler;
     use crate::tools::handlers::ReadFileHandler;
-    use crate::tools::handlers::ShellCommandHandler;
     use crate::tools::handlers::ShellHandler;
     use crate::tools::handlers::TestSyncHandler;
     use crate::tools::handlers::UnifiedExecHandler;
@@ -958,7 +896,6 @@ pub(crate) fn build_specs(
     let view_image_handler = Arc::new(ViewImageHandler);
     let mcp_handler = Arc::new(McpHandler);
     let mcp_resource_handler = Arc::new(McpResourceHandler);
-    let shell_command_handler = Arc::new(ShellCommandHandler);
 
     match &config.shell_type {
         ConfigShellToolType::Default => {
@@ -973,16 +910,12 @@ pub(crate) fn build_specs(
             builder.register_handler("exec_command", unified_exec_handler.clone());
             builder.register_handler("write_stdin", unified_exec_handler);
         }
-        ConfigShellToolType::ShellCommand => {
-            builder.push_spec(create_shell_command_tool());
-        }
     }
 
     // Always register shell aliases so older prompts remain compatible.
     builder.register_handler("shell", shell_handler.clone());
     builder.register_handler("container.exec", shell_handler.clone());
     builder.register_handler("local_shell", shell_handler);
-    builder.register_handler("shell_command", shell_command_handler);
 
     builder.push_spec_with_parallel_support(create_list_mcp_resources_tool(), true);
     builder.push_spec_with_parallel_support(create_list_mcp_resource_templates_tool(), true);
@@ -1118,7 +1051,6 @@ mod tests {
             ConfigShellToolType::Default => Some("shell"),
             ConfigShellToolType::Local => Some("local_shell"),
             ConfigShellToolType::UnifiedExec => None,
-            ConfigShellToolType::ShellCommand => Some("shell_command"),
         }
     }
 
@@ -1351,22 +1283,6 @@ mod tests {
         assert_contains_tool_names(&tools, &subset);
     }
 
-    #[test]
-    fn test_build_specs_shell_command_present() {
-        assert_model_tools(
-            "codex-mini-latest",
-            Features::with_defaults().enable(Feature::ShellCommandTool),
-            &[
-                "shell_command",
-                "list_mcp_resources",
-                "list_mcp_resource_templates",
-                "read_mcp_resource",
-                "update_plan",
-                "view_image",
-            ],
-        );
-    }
-
     #[test]
     #[ignore]
     fn test_parallel_support_flags() {
@@ -1818,22 +1734,7 @@ mod tests {
         };
         assert_eq!(name, "shell");
 
-        let expected = "Runs a shell command and returns its output.";
-        assert_eq!(description, expected);
-    }
-
-    #[test]
-    fn test_shell_command_tool() {
-        let tool = super::create_shell_command_tool();
-        let ToolSpec::Function(ResponsesApiTool {
-            description, name, ..
-        }) = &tool
-        else {
-            panic!("expected function tool");
-        };
-        assert_eq!(name, "shell_command");
-
-        let expected = "Runs a shell command string and returns its output.";
+        let expected = "Runs a shell command and returns its output.\n- The value of `command` will be passed to execvp(). Most terminal commands should be prefixed with [`bash`, `-lc`].\n- Always set the `workdir` param when using the shell function. Do not use `cd` unless absolutely necessary.";
         assert_eq!(description, expected);
     }
 

codex-rs/core/src/unified_exec/mod.rs

@@ -71,8 +71,6 @@ pub(crate) struct ExecCommandRequest<'a> {
     pub yield_time_ms: Option<u64>,
     pub max_output_tokens: Option<usize>,
     pub workdir: Option<PathBuf>,
-    pub with_escalated_permissions: Option<bool>,
-    pub justification: Option<String>,
 }
 
 #[derive(Debug)]
@@ -203,8 +201,6 @@ mod tests {
                     yield_time_ms,
                     max_output_tokens: None,
                     workdir: None,
-                    with_escalated_permissions: None,
-                    justification: None,
                 },
                 &context,
             )

codex-rs/core/src/unified_exec/session_manager.rs

@@ -51,13 +51,7 @@ impl UnifiedExecSessionManager {
         ];
 
         let session = self
-            .open_session_with_sandbox(
-                command,
-                cwd.clone(),
-                request.with_escalated_permissions,
-                request.justification,
-                context,
-            )
+            .open_session_with_sandbox(command, cwd.clone(), context)
             .await?;
 
         let max_tokens = resolve_max_tokens(request.max_output_tokens);
@@ -306,16 +300,10 @@ impl UnifiedExecSessionManager {
             .command
             .split_first()
             .ok_or(UnifiedExecError::MissingCommandLine)?;
-
-        let spawned = codex_utils_pty::spawn_pty_process(
-            program,
-            args,
-            env.cwd.as_path(),
-            &env.env,
-            &env.arg0,
-        )
-        .await
-        .map_err(|err| UnifiedExecError::create_session(err.to_string()))?;
+        let spawned =
+            codex_utils_pty::spawn_pty_process(program, args, env.cwd.as_path(), &env.env)
+                .await
+                .map_err(|err| UnifiedExecError::create_session(err.to_string()))?;
         UnifiedExecSession::from_spawned(spawned, env.sandbox).await
     }
 
@@ -323,8 +311,6 @@ impl UnifiedExecSessionManager {
         &self,
         command: Vec<String>,
         cwd: PathBuf,
-        with_escalated_permissions: Option<bool>,
-        justification: Option<String>,
         context: &UnifiedExecContext,
     ) -> Result<UnifiedExecSession, UnifiedExecError> {
         let mut orchestrator = ToolOrchestrator::new();
@@ -333,8 +319,6 @@ impl UnifiedExecSessionManager {
             command,
             cwd,
             create_env(&context.turn.shell_environment_policy),
-            with_escalated_permissions,
-            justification,
         );
         let tool_ctx = ToolCtx {
             session: context.session.as_ref(),

codex-rs/core/tests/suite/approvals.rs

@@ -75,7 +75,6 @@ enum ActionKind {
     },
     RunUnifiedExecCommand {
         command: &'static str,
-        justification: Option<&'static str>,
     },
     ApplyPatchFunction {
         target: TargetPath,
@@ -87,9 +86,6 @@ enum ActionKind {
     },
 }
 
-const DEFAULT_UNIFIED_EXEC_JUSTIFICATION: &str =
-    "Requires escalated permissions to bypass the sandbox in tests.";
-
 impl ActionKind {
     async fn prepare(
         &self,
@@ -143,17 +139,8 @@ impl ActionKind {
                 let event = shell_event(call_id, &command, 1_000, with_escalated_permissions)?;
                 Ok((event, Some(command)))
             }
-            ActionKind::RunUnifiedExecCommand {
-                command,
-                justification,
-            } => {
-                let event = exec_command_event(
-                    call_id,
-                    command,
-                    Some(1000),
-                    with_escalated_permissions,
-                    *justification,
-                )?;
+            ActionKind::RunUnifiedExecCommand { command } => {
+                let event = exec_command_event(call_id, command, Some(1000))?;
                 Ok((
                     event,
                     Some(vec![
@@ -212,24 +199,13 @@ fn shell_event(
     Ok(ev_function_call(call_id, "shell", &args_str))
 }
 
-fn exec_command_event(
-    call_id: &str,
-    cmd: &str,
-    yield_time_ms: Option<u64>,
-    with_escalated_permissions: bool,
-    justification: Option<&str>,
-) -> Result<Value> {
+fn exec_command_event(call_id: &str, cmd: &str, yield_time_ms: Option<u64>) -> Result<Value> {
     let mut args = json!({
         "cmd": cmd.to_string(),
     });
     if let Some(yield_time_ms) = yield_time_ms {
         args["yield_time_ms"] = json!(yield_time_ms);
     }
-    if with_escalated_permissions {
-        args["with_escalated_permissions"] = json!(true);
-        let reason = justification.unwrap_or(DEFAULT_UNIFIED_EXEC_JUSTIFICATION);
-        args["justification"] = json!(reason);
-    }
     let args_str = serde_json::to_string(&args)?;
     Ok(ev_function_call(call_id, "exec_command", &args_str))
 }
@@ -1133,7 +1109,6 @@ fn scenarios() -> Vec<ScenarioSpec> {
             sandbox_policy: SandboxPolicy::DangerFullAccess,
             action: ActionKind::RunUnifiedExecCommand {
                 command: "echo \"hello unified exec\"",
-                justification: None,
             },
             with_escalated_permissions: false,
             features: vec![Feature::UnifiedExec],
@@ -1143,34 +1118,12 @@ fn scenarios() -> Vec<ScenarioSpec> {
                 stdout_contains: "hello unified exec",
             },
         },
-        #[cfg(not(all(target_os = "linux", target_arch = "aarch64")))]
-        // Linux sandbox arg0 test workaround doesn't work on ARM
-        ScenarioSpec {
-            name: "unified exec on request escalated requires approval",
-            approval_policy: OnRequest,
-            sandbox_policy: SandboxPolicy::ReadOnly,
-            action: ActionKind::RunUnifiedExecCommand {
-                command: "python3 -c 'print('\"'\"'escalated unified exec'\"'\"')'",
-                justification: Some(DEFAULT_UNIFIED_EXEC_JUSTIFICATION),
-            },
-            with_escalated_permissions: true,
-            features: vec![Feature::UnifiedExec],
-            model_override: None,
-            outcome: Outcome::ExecApproval {
-                decision: ReviewDecision::Approved,
-                expected_reason: Some(DEFAULT_UNIFIED_EXEC_JUSTIFICATION),
-            },
-            expectation: Expectation::CommandSuccess {
-                stdout_contains: "escalated unified exec",
-            },
-        },
         ScenarioSpec {
             name: "unified exec on request requires approval unless trusted",
             approval_policy: AskForApproval::UnlessTrusted,
             sandbox_policy: SandboxPolicy::DangerFullAccess,
             action: ActionKind::RunUnifiedExecCommand {
                 command: "git reset --hard",
-                justification: None,
             },
             with_escalated_permissions: false,
             features: vec![Feature::UnifiedExec],

codex-rs/core/tests/suite/mod.rs

@@ -1,17 +1,4 @@
 // Aggregates all former standalone integration tests as modules.
-use codex_arg0::arg0_dispatch;
-use ctor::ctor;
-use tempfile::TempDir;
-
-// This code runs before any other tests are run.
-// It allows the test binary to behave like codex and dispatch to apply_patch and codex-linux-sandbox
-// based on the arg0.
-// NOTE: this doesn't work on ARM
-#[ctor]
-pub static CODEX_ALIASES_TEMP_DIR: TempDir = unsafe {
-    #[allow(clippy::unwrap_used)]
-    arg0_dispatch().unwrap()
-};
 
 #[cfg(not(target_os = "windows"))]
 mod abort_tasks;

codex-rs/core/tests/suite/otel.rs

@@ -1,4 +1,3 @@
-use codex_core::features::Feature;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::EventMsg;
 use codex_protocol::protocol::Op;
@@ -102,7 +101,6 @@ async fn process_sse_emits_failed_event_on_parse_error() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -143,7 +141,6 @@ async fn process_sse_records_failed_event_when_stream_closes_without_completed()
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -196,7 +193,6 @@ async fn process_sse_failed_event_records_response_error_message() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -247,7 +243,6 @@ async fn process_sse_failed_event_logs_parse_error() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -293,7 +288,6 @@ async fn process_sse_failed_event_logs_missing_error() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -339,7 +333,6 @@ async fn process_sse_failed_event_logs_response_completed_parse_error() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -445,7 +438,6 @@ async fn handle_response_item_records_tool_result_for_custom_tool_call() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -505,7 +497,6 @@ async fn handle_response_item_records_tool_result_for_function_call() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -575,7 +566,6 @@ async fn handle_response_item_records_tool_result_for_local_shell_missing_ids()
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })
@@ -629,7 +619,6 @@ async fn handle_response_item_records_tool_result_for_local_shell_call() {
 
     let TestCodex { codex, .. } = test_codex()
         .with_config(move |config| {
-            config.features.disable(Feature::GhostCommit);
             config.model_provider.request_max_retries = Some(0);
             config.model_provider.stream_max_retries = Some(0);
         })

codex-rs/core/tests/suite/resume_warning.rs

@@ -1,70 +0,0 @@
-#![allow(clippy::unwrap_used, clippy::expect_used)]
-
-use codex_core::AuthManager;
-use codex_core::CodexAuth;
-use codex_core::ConversationManager;
-use codex_core::NewConversation;
-use codex_core::protocol::EventMsg;
-use codex_core::protocol::InitialHistory;
-use codex_core::protocol::ResumedHistory;
-use codex_core::protocol::RolloutItem;
-use codex_core::protocol::TurnContextItem;
-use codex_core::protocol::WarningEvent;
-use codex_protocol::ConversationId;
-use core::time::Duration;
-use core_test_support::load_default_config_for_test;
-use core_test_support::wait_for_event;
-use tempfile::TempDir;
-
-fn resume_history(config: &codex_core::config::Config, previous_model: &str, rollout_path: &std::path::Path) -> InitialHistory {
-    let turn_ctx = TurnContextItem {
-        cwd: config.cwd.clone(),
-        approval_policy: config.approval_policy,
-        sandbox_policy: config.sandbox_policy.clone(),
-        model: previous_model.to_string(),
-        effort: config.model_reasoning_effort,
-        summary: config.model_reasoning_summary,
-    };
-
-    InitialHistory::Resumed(ResumedHistory {
-        conversation_id: ConversationId::default(),
-        history: vec![RolloutItem::TurnContext(turn_ctx)],
-        rollout_path: rollout_path.to_path_buf(),
-    })
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn emits_warning_when_resumed_model_differs() {
-    // Arrange a config with a current model and a prior rollout recorded under a different model.
-    let home = TempDir::new().expect("tempdir");
-    let mut config = load_default_config_for_test(&home);
-    config.model = "current-model".to_string();
-    // Ensure cwd is absolute (the helper sets it to the temp dir already).
-    assert!(config.cwd.is_absolute());
-
-    let rollout_path = home.path().join("rollout.jsonl");
-    std::fs::write(&rollout_path, "").expect("create rollout placeholder");
-
-    let initial_history = resume_history(&config, "previous-model", &rollout_path);
-
-    let conversation_manager = ConversationManager::with_auth(CodexAuth::from_api_key("test"));
-    let auth_manager = AuthManager::from_auth_for_testing(CodexAuth::from_api_key("test"));
-
-    // Act: resume the conversation.
-    let NewConversation { conversation, .. } = conversation_manager
-        .resume_conversation_with_history(config, initial_history, auth_manager)
-        .await
-        .expect("resume conversation");
-
-    // Assert: a Warning event is emitted describing the model mismatch.
-    let warning = wait_for_event(&conversation, |ev| matches!(ev, EventMsg::Warning(_))).await;
-    let EventMsg::Warning(WarningEvent { message }) = warning else {
-        panic!("expected warning event");
-    };
-    assert!(message.contains("previous-model"));
-    assert!(message.contains("current-model"));
-
-    // Drain the TaskComplete/Shutdown window to avoid leaking tasks between tests.
-    // The warning is emitted during initialization, so a short sleep is sufficient.
-    tokio::time::sleep(Duration::from_millis(50)).await;
-}

codex-rs/core/tests/suite/unified_exec.rs

@@ -66,7 +66,7 @@ fn parse_unified_exec_output(raw: &str) -> Result<ParsedUnifiedExecOutput> {
     let cleaned = raw.trim_matches('\r');
     let captures = regex
         .captures(cleaned)
-        .ok_or_else(|| anyhow::anyhow!("missing Output section in unified exec output {raw}"))?;
+        .ok_or_else(|| anyhow::anyhow!("missing Output section in unified exec output"))?;
 
     let chunk_id = captures
         .name("chunk_id")
@@ -1368,8 +1368,6 @@ async fn unified_exec_timeout_and_followup_poll() -> Result<()> {
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-// Skipped on arm because the ctor logic to handle arg0 doesn't work on ARM
-#[cfg(not(target_arch = "arm"))]
 async fn unified_exec_formats_large_output_summary() -> Result<()> {
     skip_if_no_network!(Ok(()));
     skip_if_sandbox!(Ok(()));
@@ -1453,75 +1451,3 @@ PY
 
     Ok(())
 }
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn unified_exec_runs_under_sandbox() -> Result<()> {
-    skip_if_no_network!(Ok(()));
-    skip_if_sandbox!(Ok(()));
-
-    let server = start_mock_server().await;
-
-    let mut builder = test_codex().with_config(|config| {
-        config.features.enable(Feature::UnifiedExec);
-    });
-    let TestCodex {
-        codex,
-        cwd,
-        session_configured,
-        ..
-    } = builder.build(&server).await?;
-
-    let call_id = "uexec";
-    let args = serde_json::json!({
-        "cmd": "echo 'hello'",
-        "yield_time_ms": 500,
-    });
-
-    let responses = vec![
-        sse(vec![
-            ev_response_created("resp-1"),
-            ev_function_call(call_id, "exec_command", &serde_json::to_string(&args)?),
-            ev_completed("resp-1"),
-        ]),
-        sse(vec![
-            ev_assistant_message("msg-1", "done"),
-            ev_completed("resp-2"),
-        ]),
-    ];
-    mount_sse_sequence(&server, responses).await;
-
-    let session_model = session_configured.model.clone();
-
-    codex
-        .submit(Op::UserTurn {
-            items: vec![UserInput::Text {
-                text: "summarize large output".into(),
-            }],
-            final_output_json_schema: None,
-            cwd: cwd.path().to_path_buf(),
-            approval_policy: AskForApproval::Never,
-            // Important!
-            sandbox_policy: SandboxPolicy::ReadOnly,
-            model: session_model,
-            effort: None,
-            summary: ReasoningSummary::Auto,
-        })
-        .await?;
-
-    wait_for_event(&codex, |event| matches!(event, EventMsg::TaskComplete(_))).await;
-
-    let requests = server.received_requests().await.expect("recorded requests");
-    assert!(!requests.is_empty(), "expected at least one POST request");
-
-    let bodies = requests
-        .iter()
-        .map(|req| req.body_json::<Value>().expect("request json"))
-        .collect::<Vec<_>>();
-
-    let outputs = collect_tool_outputs(&bodies)?;
-    let output = outputs.get(call_id).expect("missing output");
-
-    assert_regex_match("hello[\r\n]+", &output.output);
-
-    Ok(())
-}

codex-rs/exec/src/cli.rs

@@ -30,7 +30,7 @@ pub struct Cli {
     #[arg(long = "profile", short = 'p')]
     pub config_profile: Option<String>,
 
-    /// Convenience alias for low-friction sandboxed automatic execution (-a on-request, --sandbox workspace-write).
+    /// Convenience alias for low-friction sandboxed automatic execution (-a on-failure, --sandbox workspace-write).
     #[arg(long = "full-auto", default_value_t = false)]
     pub full_auto: bool,
 

codex-rs/protocol/src/models.rs

@@ -292,7 +292,7 @@ impl From<Vec<UserInput>> for ResponseInputItem {
 }
 
 /// If the `name` of a `ResponseItem::FunctionCall` is either `container.exec`
-/// or `shell`, the `arguments` field should deserialize to this struct.
+/// or shell`, the `arguments` field should deserialize to this struct.
 #[derive(Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 pub struct ShellToolCallParams {
     pub command: Vec<String>,
@@ -307,22 +307,6 @@ pub struct ShellToolCallParams {
     pub justification: Option<String>,
 }
 
-/// If the `name` of a `ResponseItem::FunctionCall` is `shell_command`, the
-/// `arguments` field should deserialize to this struct.
-#[derive(Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-pub struct ShellCommandToolCallParams {
-    pub command: String,
-    pub workdir: Option<String>,
-
-    /// This is the maximum time in milliseconds that the command is allowed to run.
-    #[serde(alias = "timeout")]
-    pub timeout_ms: Option<u64>,
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub with_escalated_permissions: Option<bool>,
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub justification: Option<String>,
-}
-
 /// Responses API compatible content items that can be returned by a tool call.
 /// This is a subset of ContentItem with the types we support as function call outputs.
 #[derive(Debug, Clone, Serialize, Deserialize, PartialEq, JsonSchema, TS)]

codex-rs/tui/src/chatwidget.rs

@@ -1143,21 +1143,8 @@ impl ChatWidget {
                 kind: KeyEventKind::Press,
                 ..
             } if modifiers.contains(KeyModifiers::CONTROL) && c.eq_ignore_ascii_case(&'v') => {
-                match paste_image_to_temp_png() {
-                    Ok((path, info)) => {
-                        self.attach_image(
-                            path,
-                            info.width,
-                            info.height,
-                            info.encoded_format.label(),
-                        );
-                    }
-                    Err(err) => {
-                        tracing::warn!("failed to paste image: {err}");
-                        self.add_to_history(history_cell::new_error_event(format!(
-                            "Failed to paste image: {err}",
-                        )));
-                    }
+                if let Ok((path, info)) = paste_image_to_temp_png() {
+                    self.attach_image(path, info.width, info.height, info.encoded_format.label());
                 }
                 return;
             }

codex-rs/tui/src/cli.rs

@@ -51,7 +51,7 @@ pub struct Cli {
     #[arg(long = "ask-for-approval", short = 'a')]
     pub approval_policy: Option<ApprovalModeCliArg>,
 
-    /// Convenience alias for low-friction sandboxed automatic execution (-a on-request, --sandbox workspace-write).
+    /// Convenience alias for low-friction sandboxed automatic execution (-a on-failure, --sandbox workspace-write).
     #[arg(long = "full-auto", default_value_t = false)]
     pub full_auto: bool,
 

codex-rs/tui/src/exec_command.rs

@@ -1,7 +1,6 @@
 use std::path::Path;
 use std::path::PathBuf;
 
-use codex_core::bash::extract_bash_command;
 use dirs::home_dir;
 use shlex::try_join;
 
@@ -9,11 +8,19 @@ pub(crate) fn escape_command(command: &[String]) -> String {
     try_join(command.iter().map(String::as_str)).unwrap_or_else(|_| command.join(" "))
 }
 
+fn is_login_shell_with_lc(shell: &str) -> bool {
+    let shell_name = std::path::Path::new(shell)
+        .file_name()
+        .and_then(|s| s.to_str())
+        .unwrap_or(shell);
+    matches!(shell_name, "bash" | "zsh")
+}
+
 pub(crate) fn strip_bash_lc_and_escape(command: &[String]) -> String {
-    if let Some((_, script)) = extract_bash_command(command) {
-        return script.to_string();
+    match command {
+        [first, second, third] if is_login_shell_with_lc(first) && second == "-lc" => third.clone(),
+        _ => escape_command(command),
     }
-    escape_command(command)
 }
 
 /// If `path` is absolute and inside $HOME, return the part *after* the home

codex-rs/tui/src/status/card.rs

@@ -211,11 +211,10 @@ impl StatusHistoryCell {
         let mut lines = Vec::with_capacity(rows.len().saturating_mul(2));
 
         for row in rows {
-            let percent_remaining = (100.0 - row.percent_used).clamp(0.0, 100.0);
             let value_spans = vec![
-                Span::from(render_status_limit_progress_bar(percent_remaining)),
+                Span::from(render_status_limit_progress_bar(row.percent_used)),
                 Span::from(" "),
-                Span::from(format_status_limit_summary(percent_remaining)),
+                Span::from(format_status_limit_summary(row.percent_used)),
             ];
             let base_spans = formatter.full_spans(row.label.as_str(), value_spans);
             let base_line = Line::from(base_spans.clone());

codex-rs/tui/src/status/rate_limits.rs

@@ -124,8 +124,8 @@ pub(crate) fn compose_rate_limit_data(
     }
 }
 
-pub(crate) fn render_status_limit_progress_bar(percent_remaining: f64) -> String {
-    let ratio = (percent_remaining / 100.0).clamp(0.0, 1.0);
+pub(crate) fn render_status_limit_progress_bar(percent_used: f64) -> String {
+    let ratio = (percent_used / 100.0).clamp(0.0, 1.0);
     let filled = (ratio * STATUS_LIMIT_BAR_SEGMENTS as f64).round() as usize;
     let filled = filled.min(STATUS_LIMIT_BAR_SEGMENTS);
     let empty = STATUS_LIMIT_BAR_SEGMENTS.saturating_sub(filled);
@@ -136,8 +136,8 @@ pub(crate) fn render_status_limit_progress_bar(percent_remaining: f64) -> String
     )
 }
 
-pub(crate) fn format_status_limit_summary(percent_remaining: f64) -> String {
-    format!("{percent_remaining:.0}% left")
+pub(crate) fn format_status_limit_summary(percent_used: f64) -> String {
+    format!("{percent_used:.0}% used")
 }
 
 fn capitalize_first(label: &str) -> String {

codex-rs/tui/src/status/snapshots/codex_tui__status__tests__status_snapshot_includes_monthly_limit.snap

@@ -18,5 +18,5 @@ expression: sanitized
 │                                                                            │
 │  Token usage:      1.2K total  (800 input + 400 output)                    │
 │  Context window:   100% left (1.2K used / 272K)                            │
-│  Monthly limit:    [██████████████████░░] 88% left (resets 07:08 on 7 May) │
+│  Monthly limit:    [██░░░░░░░░░░░░░░░░░░] 12% used (resets 07:08 on 7 May) │
 ╰────────────────────────────────────────────────────────────────────────────╯

codex-rs/tui/src/status/snapshots/codex_tui__status__tests__status_snapshot_includes_reasoning_details.snap

@@ -18,6 +18,6 @@ expression: sanitized
 │                                                                     │
 │  Token usage:      1.9K total  (1K input + 900 output)              │
 │  Context window:   100% left (2.25K used / 272K)                    │
-│  5h limit:         [██████░░░░░░░░░░░░░░] 28% left (resets 03:14)   │
-│  Weekly limit:     [███████████░░░░░░░░░] 55% left (resets 03:24)   │
+│  5h limit:         [███████████████░░░░░] 72% used (resets 03:14)   │
+│  Weekly limit:     [█████████░░░░░░░░░░░] 45% used (resets 03:24)   │
 ╰─────────────────────────────────────────────────────────────────────╯

codex-rs/tui/src/status/snapshots/codex_tui__status__tests__status_snapshot_shows_stale_limits_message.snap

@@ -18,7 +18,7 @@ expression: sanitized
 │                                                                     │
 │  Token usage:      1.9K total  (1K input + 900 output)              │
 │  Context window:   100% left (2.25K used / 272K)                    │
-│  5h limit:         [██████░░░░░░░░░░░░░░] 28% left (resets 03:14)   │
-│  Weekly limit:     [████████████░░░░░░░░] 60% left (resets 03:34)   │
+│  5h limit:         [███████████████░░░░░] 72% used (resets 03:14)   │
+│  Weekly limit:     [████████░░░░░░░░░░░░] 40% used (resets 03:34)   │
 │  Warning:          limits may be stale - start new turn to refresh. │
 ╰─────────────────────────────────────────────────────────────────────╯

codex-rs/tui/src/status/snapshots/codex_tui__status__tests__status_snapshot_truncates_in_narrow_terminal.snap

@@ -1,5 +1,6 @@
 ---
 source: tui/src/status/tests.rs
+assertion_line: 257
 expression: sanitized
 ---
 /status
@@ -19,6 +20,6 @@ expression: sanitized
 │                                            │
 │  Token usage:      1.9K total  (1K input + │
 │  Context window:   100% left (2.25K used / │
-│  5h limit:         [██████░░░░░░░░░░░░░░]  │
+│  5h limit:         [███████████████░░░░░]  │
 │                    (resets 03:14)          │
 ╰────────────────────────────────────────────╯

codex-rs/tui/src/tui.rs

@@ -1,23 +1,29 @@
-use std::fmt;
 use std::io::IsTerminal;
 use std::io::Result;
 use std::io::Stdout;
 use std::io::stdout;
-use std::panic;
 use std::pin::Pin;
 use std::sync::Arc;
 use std::sync::atomic::AtomicBool;
+#[cfg(unix)]
+use std::sync::atomic::AtomicU8;
+#[cfg(unix)]
+use std::sync::atomic::AtomicU16;
 use std::sync::atomic::Ordering;
 use std::time::Duration;
 use std::time::Instant;
 
 use crossterm::Command;
 use crossterm::SynchronizedUpdate;
+#[cfg(unix)]
+use crossterm::cursor::MoveTo;
 use crossterm::event::DisableBracketedPaste;
 use crossterm::event::DisableFocusChange;
 use crossterm::event::EnableBracketedPaste;
 use crossterm::event::EnableFocusChange;
 use crossterm::event::Event;
+#[cfg(unix)]
+use crossterm::event::KeyCode;
 use crossterm::event::KeyEvent;
 use crossterm::event::KeyboardEnhancementFlags;
 use crossterm::event::PopKeyboardEnhancementFlags;
@@ -32,22 +38,20 @@ use ratatui::crossterm::terminal::disable_raw_mode;
 use ratatui::crossterm::terminal::enable_raw_mode;
 use ratatui::layout::Offset;
 use ratatui::text::Line;
-use tokio::select;
-use tokio_stream::Stream;
 
 use crate::custom_terminal;
 use crate::custom_terminal::Terminal as CustomTerminal;
 #[cfg(unix)]
-use crate::tui::job_control::SUSPEND_KEY;
-#[cfg(unix)]
-use crate::tui::job_control::SuspendContext;
-
-#[cfg(unix)]
-mod job_control;
+use crate::key_hint;
+use tokio::select;
+use tokio_stream::Stream;
 
 /// A type alias for the terminal type used in this application
 pub type Terminal = CustomTerminal<CrosstermBackend<Stdout>>;
 
+#[cfg(unix)]
+const SUSPEND_KEY: key_hint::KeyBinding = key_hint::ctrl(KeyCode::Char('z'));
+
 pub fn set_modes() -> Result<()> {
     execute!(stdout(), EnableBracketedPaste)?;
 
@@ -75,12 +79,12 @@ pub fn set_modes() -> Result<()> {
 struct EnableAlternateScroll;
 
 impl Command for EnableAlternateScroll {
-    fn write_ansi(&self, f: &mut impl fmt::Write) -> fmt::Result {
+    fn write_ansi(&self, f: &mut impl std::fmt::Write) -> std::fmt::Result {
         write!(f, "\x1b[?1007h")
     }
 
     #[cfg(windows)]
-    fn execute_winapi(&self) -> Result<()> {
+    fn execute_winapi(&self) -> std::io::Result<()> {
         Err(std::io::Error::other(
             "tried to execute EnableAlternateScroll using WinAPI; use ANSI instead",
         ))
@@ -96,12 +100,12 @@ impl Command for EnableAlternateScroll {
 struct DisableAlternateScroll;
 
 impl Command for DisableAlternateScroll {
-    fn write_ansi(&self, f: &mut impl fmt::Write) -> fmt::Result {
+    fn write_ansi(&self, f: &mut impl std::fmt::Write) -> std::fmt::Result {
         write!(f, "\x1b[?1007l")
     }
 
     #[cfg(windows)]
-    fn execute_winapi(&self) -> Result<()> {
+    fn execute_winapi(&self) -> std::io::Result<()> {
         Err(std::io::Error::other(
             "tried to execute DisableAlternateScroll using WinAPI; use ANSI instead",
         ))
@@ -140,8 +144,8 @@ pub fn init() -> Result<Terminal> {
 }
 
 fn set_panic_hook() {
-    let hook = panic::take_hook();
-    panic::set_hook(Box::new(move |panic_info| {
+    let hook = std::panic::take_hook();
+    std::panic::set_hook(Box::new(move |panic_info| {
         let _ = restore(); // ignore any errors as we are already failing
         hook(panic_info);
     }));
@@ -161,7 +165,9 @@ pub struct Tui {
     pending_history_lines: Vec<Line<'static>>,
     alt_saved_viewport: Option<ratatui::layout::Rect>,
     #[cfg(unix)]
-    suspend_context: SuspendContext,
+    resume_pending: Arc<AtomicU8>, // Stores a ResumeAction
+    #[cfg(unix)]
+    suspend_cursor_y: Arc<AtomicU16>, // Bottom line of inline viewport
     // True when overlay alt-screen UI is active
     alt_screen_active: Arc<AtomicBool>,
     // True when terminal/tab is focused; updated internally from crossterm events
@@ -169,6 +175,30 @@ pub struct Tui {
     enhanced_keys_supported: bool,
 }
 
+#[cfg(unix)]
+#[derive(Copy, Clone, Debug, Eq, PartialEq)]
+#[repr(u8)]
+enum ResumeAction {
+    None = 0,
+    RealignInline = 1,
+    RestoreAlt = 2,
+}
+
+#[cfg(unix)]
+enum PreparedResumeAction {
+    RestoreAltScreen,
+    RealignViewport(ratatui::layout::Rect),
+}
+
+#[cfg(unix)]
+fn take_resume_action(pending: &AtomicU8) -> ResumeAction {
+    match pending.swap(ResumeAction::None as u8, Ordering::Relaxed) {
+        1 => ResumeAction::RealignInline,
+        2 => ResumeAction::RestoreAlt,
+        _ => ResumeAction::None,
+    }
+}
+
 #[derive(Clone, Debug)]
 pub struct FrameRequester {
     frame_schedule_tx: tokio::sync::mpsc::UnboundedSender<Instant>,
@@ -214,7 +244,9 @@ impl Tui {
             pending_history_lines: vec![],
             alt_saved_viewport: None,
             #[cfg(unix)]
-            suspend_context: SuspendContext::new(),
+            resume_pending: Arc::new(AtomicU8::new(0)),
+            #[cfg(unix)]
+            suspend_cursor_y: Arc::new(AtomicU16::new(0)),
             alt_screen_active: Arc::new(AtomicBool::new(false)),
             terminal_focused: Arc::new(AtomicBool::new(true)),
             enhanced_keys_supported,
@@ -250,9 +282,26 @@ impl Tui {
 
         // State for tracking how we should resume from ^Z suspend.
         #[cfg(unix)]
-        let suspend_context = self.suspend_context.clone();
+        let resume_pending = self.resume_pending.clone();
         #[cfg(unix)]
         let alt_screen_active = self.alt_screen_active.clone();
+        #[cfg(unix)]
+        let suspend_cursor_y = self.suspend_cursor_y.clone();
+
+        #[cfg(unix)]
+        let suspend = move || {
+            if alt_screen_active.load(Ordering::Relaxed) {
+                // Disable alternate scroll when suspending from alt-screen
+                let _ = execute!(stdout(), DisableAlternateScroll);
+                let _ = execute!(stdout(), LeaveAlternateScreen);
+                resume_pending.store(ResumeAction::RestoreAlt as u8, Ordering::Relaxed);
+            } else {
+                resume_pending.store(ResumeAction::RealignInline as u8, Ordering::Relaxed);
+            }
+            let y = suspend_cursor_y.load(Ordering::Relaxed);
+            let _ = execute!(stdout(), MoveTo(0, y), crossterm::cursor::Show);
+            let _ = Tui::suspend();
+        };
 
         let terminal_focused = self.terminal_focused.clone();
         let event_stream = async_stream::stream! {
@@ -260,10 +309,10 @@ impl Tui {
                 select! {
                     Some(Ok(event)) = crossterm_events.next() => {
                         match event {
-                            Event::Key(key_event) => {
+                            crossterm::event::Event::Key(key_event) => {
                                 #[cfg(unix)]
                                 if SUSPEND_KEY.is_press(key_event) {
-                                    let _ = suspend_context.suspend(&alt_screen_active);
+                                    suspend();
                                     // We continue here after resume.
                                     yield TuiEvent::Draw;
                                     continue;
@@ -307,6 +356,67 @@ impl Tui {
         Box::pin(event_stream)
     }
 
+    #[cfg(unix)]
+    fn suspend() -> Result<()> {
+        restore()?;
+        unsafe { libc::kill(0, libc::SIGTSTP) };
+        set_modes()?;
+        Ok(())
+    }
+
+    /// When resuming from ^Z suspend, we want to put things back the way they were before suspend.
+    /// We capture the action in an object so we can pass it into the event stream, since the relevant
+    #[cfg(unix)]
+    fn prepare_resume_action(
+        &mut self,
+        action: ResumeAction,
+    ) -> Result<Option<PreparedResumeAction>> {
+        match action {
+            ResumeAction::RealignInline => {
+                let cursor_pos = self
+                    .terminal
+                    .get_cursor_position()
+                    .unwrap_or(self.terminal.last_known_cursor_pos);
+                Ok(Some(PreparedResumeAction::RealignViewport(
+                    ratatui::layout::Rect::new(0, cursor_pos.y, 0, 0),
+                )))
+            }
+            ResumeAction::RestoreAlt => {
+                if let Ok(ratatui::layout::Position { y, .. }) = self.terminal.get_cursor_position()
+                    && let Some(saved) = self.alt_saved_viewport.as_mut()
+                {
+                    saved.y = y;
+                }
+                Ok(Some(PreparedResumeAction::RestoreAltScreen))
+            }
+            ResumeAction::None => Ok(None),
+        }
+    }
+
+    #[cfg(unix)]
+    fn apply_prepared_resume_action(&mut self, prepared: PreparedResumeAction) -> Result<()> {
+        match prepared {
+            PreparedResumeAction::RealignViewport(area) => {
+                self.terminal.set_viewport_area(area);
+            }
+            PreparedResumeAction::RestoreAltScreen => {
+                execute!(self.terminal.backend_mut(), EnterAlternateScreen)?;
+                // Enable "alternate scroll" so terminals may translate wheel to arrows
+                execute!(self.terminal.backend_mut(), EnableAlternateScroll)?;
+                if let Ok(size) = self.terminal.size() {
+                    self.terminal.set_viewport_area(ratatui::layout::Rect::new(
+                        0,
+                        0,
+                        size.width,
+                        size.height,
+                    ));
+                    self.terminal.clear()?;
+                }
+            }
+        }
+        Ok(())
+    }
+
     /// Enter alternate screen and expand the viewport to full terminal size, saving the current
     /// inline viewport for restoration when leaving.
     pub fn enter_alt_screen(&mut self) -> Result<()> {
@@ -352,9 +462,8 @@ impl Tui {
         // If we are resuming from ^Z, we need to prepare the resume action now so we can apply it
         // in the synchronized update.
         #[cfg(unix)]
-        let mut prepared_resume = self
-            .suspend_context
-            .prepare_resume_action(&mut self.terminal, &mut self.alt_saved_viewport);
+        let mut prepared_resume =
+            self.prepare_resume_action(take_resume_action(&self.resume_pending))?;
 
         // Precompute any viewport updates that need a cursor-position query before entering
         // the synchronized update, to avoid racing with the event reader.
@@ -381,10 +490,12 @@ impl Tui {
             }
         }
 
-        stdout().sync_update(|_| {
+        std::io::stdout().sync_update(|_| {
             #[cfg(unix)]
-            if let Some(prepared) = prepared_resume.take() {
-                prepared.apply(&mut self.terminal)?;
+            {
+                if let Some(prepared) = prepared_resume.take() {
+                    self.apply_prepared_resume_action(prepared)?;
+                }
             }
             let terminal = &mut self.terminal;
             if let Some(new_area) = pending_viewport_area.take() {
@@ -428,7 +539,8 @@ impl Tui {
                 } else {
                     area.bottom().saturating_sub(1)
                 };
-                self.suspend_context.set_cursor_y(inline_area_bottom);
+                self.suspend_cursor_y
+                    .store(inline_area_bottom, Ordering::Relaxed);
             }
 
             terminal.draw(|frame| {
@@ -488,12 +600,12 @@ fn spawn_frame_scheduler(
 pub struct PostNotification(pub String);
 
 impl Command for PostNotification {
-    fn write_ansi(&self, f: &mut impl fmt::Write) -> fmt::Result {
+    fn write_ansi(&self, f: &mut impl std::fmt::Write) -> std::fmt::Result {
         write!(f, "\x1b]9;{}\x07", self.0)
     }
 
     #[cfg(windows)]
-    fn execute_winapi(&self) -> Result<()> {
+    fn execute_winapi(&self) -> std::io::Result<()> {
         Err(std::io::Error::other(
             "tried to execute PostNotification using WinAPI; use ANSI instead",
         ))

codex-rs/tui/src/tui/job_control.rs

@@ -1,182 +0,0 @@
-use std::io::Result;
-use std::io::stdout;
-use std::sync::Arc;
-use std::sync::Mutex;
-use std::sync::PoisonError;
-use std::sync::atomic::AtomicBool;
-use std::sync::atomic::AtomicU16;
-use std::sync::atomic::Ordering;
-
-use crossterm::cursor::MoveTo;
-use crossterm::cursor::Show;
-use crossterm::event::KeyCode;
-use crossterm::terminal::EnterAlternateScreen;
-use crossterm::terminal::LeaveAlternateScreen;
-use ratatui::crossterm::execute;
-use ratatui::layout::Position;
-use ratatui::layout::Rect;
-
-use crate::key_hint;
-
-use super::DisableAlternateScroll;
-use super::EnableAlternateScroll;
-use super::Terminal;
-
-pub const SUSPEND_KEY: key_hint::KeyBinding = key_hint::ctrl(KeyCode::Char('z'));
-
-/// Coordinates suspend/resume handling so the TUI can restore terminal context after SIGTSTP.
-///
-/// On suspend, it records which resume path to take (realign inline viewport vs. restore alt
-/// screen) and caches the inline cursor row so the cursor can be placed meaningfully before
-/// yielding.
-///
-/// After resume, `prepare_resume_action` consumes the pending intent and returns a
-/// `PreparedResumeAction` describing any viewport adjustments to apply inside the synchronized
-/// draw.
-///
-/// Callers keep `suspend_cursor_y` up to date during normal drawing so the suspend step always
-/// has the latest cursor position.
-///
-/// The type is `Clone`, using Arc/atomic internals so bookkeeping can be shared across tasks
-/// and moved into the boxed `'static` event stream without borrowing `self`.
-#[derive(Clone)]
-pub struct SuspendContext {
-    /// Resume intent captured at suspend time; cleared once applied after resume.
-    resume_pending: Arc<Mutex<Option<ResumeAction>>>,
-    /// Inline viewport cursor row used to place the cursor before yielding during suspend.
-    suspend_cursor_y: Arc<AtomicU16>,
-}
-
-impl SuspendContext {
-    pub(crate) fn new() -> Self {
-        Self {
-            resume_pending: Arc::new(Mutex::new(None)),
-            suspend_cursor_y: Arc::new(AtomicU16::new(0)),
-        }
-    }
-
-    /// Capture how to resume, stash cursor position, and temporarily yield during SIGTSTP.
-    ///
-    /// - If the alt screen is active, exit alt-scroll/alt-screen and record `RestoreAlt`;
-    ///   otherwise record `RealignInline`.
-    /// - Update the cached inline cursor row so suspend can place the cursor meaningfully.
-    /// - Trigger SIGTSTP so the process can be resumed and continue drawing with the saved state.
-    pub(crate) fn suspend(&self, alt_screen_active: &Arc<AtomicBool>) -> Result<()> {
-        if alt_screen_active.load(Ordering::Relaxed) {
-            // Leave alt-screen so the terminal returns to the normal buffer while suspended; also turn off alt-scroll.
-            let _ = execute!(stdout(), DisableAlternateScroll);
-            let _ = execute!(stdout(), LeaveAlternateScreen);
-            self.set_resume_action(ResumeAction::RestoreAlt);
-        } else {
-            self.set_resume_action(ResumeAction::RealignInline);
-        }
-        let y = self.suspend_cursor_y.load(Ordering::Relaxed);
-        let _ = execute!(stdout(), MoveTo(0, y), Show);
-        suspend_process()
-    }
-
-    /// Consume the pending resume intent and precompute any viewport changes needed post-resume.
-    ///
-    /// Returns a `PreparedResumeAction` describing how to realign the viewport once drawing
-    /// resumes; returns `None` when there was no pending suspend intent.
-    pub(crate) fn prepare_resume_action(
-        &self,
-        terminal: &mut Terminal,
-        alt_saved_viewport: &mut Option<Rect>,
-    ) -> Option<PreparedResumeAction> {
-        let action = self.take_resume_action()?;
-        match action {
-            ResumeAction::RealignInline => {
-                let cursor_pos = terminal
-                    .get_cursor_position()
-                    .unwrap_or(terminal.last_known_cursor_pos);
-                let viewport = Rect::new(0, cursor_pos.y, 0, 0);
-                Some(PreparedResumeAction::RealignViewport(viewport))
-            }
-            ResumeAction::RestoreAlt => {
-                if let Ok(Position { y, .. }) = terminal.get_cursor_position()
-                    && let Some(saved) = alt_saved_viewport.as_mut()
-                {
-                    saved.y = y;
-                }
-                Some(PreparedResumeAction::RestoreAltScreen)
-            }
-        }
-    }
-
-    /// Set the cached inline cursor row so suspend can place the cursor meaningfully.
-    ///
-    /// Call during normal drawing when the inline viewport moves so suspend has a fresh cursor
-    /// position to restore before yielding.
-    pub(crate) fn set_cursor_y(&self, value: u16) {
-        self.suspend_cursor_y.store(value, Ordering::Relaxed);
-    }
-
-    /// Record a pending resume action to apply after SIGTSTP returns control.
-    fn set_resume_action(&self, value: ResumeAction) {
-        *self
-            .resume_pending
-            .lock()
-            .unwrap_or_else(PoisonError::into_inner) = Some(value);
-    }
-
-    /// Take and clear any pending resume action captured at suspend time.
-    fn take_resume_action(&self) -> Option<ResumeAction> {
-        self.resume_pending
-            .lock()
-            .unwrap_or_else(PoisonError::into_inner)
-            .take()
-    }
-}
-
-/// Captures what should happen when returning from suspend.
-///
-/// Either realign the inline viewport to keep the cursor position, or re-enter the alt screen
-/// to restore the overlay UI.
-#[derive(Copy, Clone, Debug, Eq, PartialEq)]
-pub(crate) enum ResumeAction {
-    /// Shift the inline viewport to keep the cursor anchored after resume.
-    RealignInline,
-    /// Re-enter the alt screen and restore the overlay UI.
-    RestoreAlt,
-}
-
-/// Describes the viewport change to apply when resuming from suspend during the synchronized draw.
-///
-/// Either restore the alt screen (with viewport reset) or realign the inline viewport.
-#[derive(Clone, Debug)]
-pub(crate) enum PreparedResumeAction {
-    /// Re-enter the alt screen and reset the viewport to the terminal dimensions.
-    RestoreAltScreen,
-    /// Apply a viewport shift to keep the inline cursor position stable.
-    RealignViewport(Rect),
-}
-
-impl PreparedResumeAction {
-    pub(crate) fn apply(self, terminal: &mut Terminal) -> Result<()> {
-        match self {
-            PreparedResumeAction::RealignViewport(area) => {
-                terminal.set_viewport_area(area);
-            }
-            PreparedResumeAction::RestoreAltScreen => {
-                execute!(terminal.backend_mut(), EnterAlternateScreen)?;
-                // Enable "alternate scroll" so terminals may translate wheel to arrows
-                execute!(terminal.backend_mut(), EnableAlternateScroll)?;
-                if let Ok(size) = terminal.size() {
-                    terminal.set_viewport_area(Rect::new(0, 0, size.width, size.height));
-                    terminal.clear()?;
-                }
-            }
-        }
-        Ok(())
-    }
-}
-
-/// Deliver SIGTSTP after restoring terminal state, then re-applies terminal modes once resumed.
-fn suspend_process() -> Result<()> {
-    super::restore()?;
-    unsafe { libc::kill(0, libc::SIGTSTP) };
-    // After the process resumes, reapply terminal modes so drawing can continue.
-    super::set_modes()?;
-    Ok(())
-}

codex-rs/utils/pty/src/lib.rs

@@ -111,7 +111,6 @@ pub async fn spawn_pty_process(
     args: &[String],
     cwd: &Path,
     env: &HashMap<String, String>,
-    arg0: &Option<String>,
 ) -> Result<SpawnedPty> {
     if program.is_empty() {
         anyhow::bail!("missing program for PTY spawn");
@@ -125,7 +124,7 @@ pub async fn spawn_pty_process(
         pixel_height: 0,
     })?;
 
-    let mut command_builder = CommandBuilder::new(arg0.as_ref().unwrap_or(&program.to_string()));
+    let mut command_builder = CommandBuilder::new(program);
     command_builder.cwd(cwd);
     command_builder.env_clear();
     for arg in args {