Clarify subagent flag docs

Update subagent docs and defaults
docs: refine subagent behavior docs
2026-05-11 14:52:36 +00:00 · 2025-11-23 11:49:47 -08:00 · 2025-11-22 19:42:48 -08:00 · 2025-11-22 09:34:49 -08:00 · 2025-11-22 00:16:43 -08:00
1277 changed files with 20937 additions and 91773 deletions
--- a/.codespellignore
+++ b/.codespellignore
@@ -1,2 +1 @@
 iTerm
-psuedo
--- a/.github/actions/linux-code-sign/action.yml
+++ b/.github/actions/linux-code-sign/action.yml
@@ -1,44 +0,0 @@
-name: linux-code-sign
-description: Sign Linux artifacts with cosign.
-inputs:
-  target:
-    description: Target triple for the artifacts to sign.
-    required: true
-  artifacts-dir:
-    description: Absolute path to the directory containing built binaries to sign.
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Install cosign
-      uses: sigstore/cosign-installer@v3.7.0
-
-    - name: Cosign Linux artifacts
-      shell: bash
-      env:
-        COSIGN_EXPERIMENTAL: "1"
-        COSIGN_YES: "true"
-        COSIGN_OIDC_CLIENT_ID: "sigstore"
-        COSIGN_OIDC_ISSUER: "https://oauth2.sigstore.dev/auth"
-      run: |
-        set -euo pipefail
-
-        dest="${{ inputs.artifacts-dir }}"
-        if [[ ! -d "$dest" ]]; then
-          echo "Destination $dest does not exist"
-          exit 1
-        fi
-
-        for binary in codex codex-responses-api-proxy; do
-          artifact="${dest}/${binary}"
-          if [[ ! -f "$artifact" ]]; then
-            echo "Binary $artifact not found"
-            exit 1
-          fi
-
-          cosign sign-blob \
-            --yes \
-            --bundle "${artifact}.sigstore" \
-            "$artifact"
-        done
--- a/.github/actions/windows-code-sign/action.yml
+++ b/.github/actions/windows-code-sign/action.yml
@@ -1,57 +0,0 @@
-name: windows-code-sign
-description: Sign Windows binaries with Azure Trusted Signing.
-inputs:
-  target:
-    description: Target triple for the artifacts to sign.
-    required: true
-  client-id:
-    description: Azure Trusted Signing client ID.
-    required: true
-  tenant-id:
-    description: Azure tenant ID for Trusted Signing.
-    required: true
-  subscription-id:
-    description: Azure subscription ID for Trusted Signing.
-    required: true
-  endpoint:
-    description: Azure Trusted Signing endpoint.
-    required: true
-  account-name:
-    description: Azure Trusted Signing account name.
-    required: true
-  certificate-profile-name:
-    description: Certificate profile name for signing.
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Azure login for Trusted Signing (OIDC)
-      uses: azure/login@v2
-      with:
-        client-id: ${{ inputs.client-id }}
-        tenant-id: ${{ inputs.tenant-id }}
-        subscription-id: ${{ inputs.subscription-id }}
-
-    - name: Sign Windows binaries with Azure Trusted Signing
-      uses: azure/trusted-signing-action@v0
-      with:
-        endpoint: ${{ inputs.endpoint }}
-        trusted-signing-account-name: ${{ inputs.account-name }}
-        certificate-profile-name: ${{ inputs.certificate-profile-name }}
-        exclude-environment-credential: true
-        exclude-workload-identity-credential: true
-        exclude-managed-identity-credential: true
-        exclude-shared-token-cache-credential: true
-        exclude-visual-studio-credential: true
-        exclude-visual-studio-code-credential: true
-        exclude-azure-cli-credential: false
-        exclude-azure-powershell-credential: true
-        exclude-azure-developer-cli-credential: true
-        exclude-interactive-browser-credential: true
-        cache-dependencies: false
-        files: |
-          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex.exe
-          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-responses-api-proxy.exe
-          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-windows-sandbox-setup.exe
-          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-command-runner.exe
--- a/.github/workflows/cargo-deny.yml
+++ b/.github/workflows/cargo-deny.yml
@@ -1,26 +0,0 @@
-name: cargo-deny
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  cargo-deny:
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: ./codex-rs
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v6
-
-      - name: Install Rust toolchain
-        uses: dtolnay/rust-toolchain@stable
-
-      - name: Run cargo-deny
-        uses: EmbarkStudios/cargo-deny-action@v1
-        with:
-          rust-version: stable
-          manifest-path: ./codex-rs/Cargo.toml
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
      NODE_OPTIONS: --max-old-space-size=4096
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -46,4 +46,6 @@ jobs:
          path-to-document: https://github.com/openai/codex/blob/main/docs/CLA.md
          path-to-signatures: signatures/cla.json
          branch: cla-signatures
-          allowlist: codex,dependabot,dependabot[bot],github-actions[bot]
+          allowlist: |
+            codex
+            dependabot[bot]
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -18,7 +18,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
      - name: Annotate locations with typos
        uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1
      - name: Codespell
--- a/.github/workflows/issue-deduplicator.yml
+++ b/.github/workflows/issue-deduplicator.yml
@@ -16,7 +16,7 @@ jobs:
    outputs:
      codex_output: ${{ steps.codex.outputs.final-message }}
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Prepare Codex inputs
        env:
--- a/.github/workflows/issue-labeler.yml
+++ b/.github/workflows/issue-labeler.yml
@@ -16,7 +16,7 @@ jobs:
    outputs:
      codex_output: ${{ steps.codex.outputs.final-message }}
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - id: codex
        uses: openai/codex-action@main
--- a/.github/workflows/rust-ci.yml
+++ b/.github/workflows/rust-ci.yml
@@ -17,7 +17,7 @@ jobs:
      codex: ${{ steps.detect.outputs.codex }}
      workflows: ${{ steps.detect.outputs.workflows }}
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
        with:
          fetch-depth: 0
      - name: Detect changed paths (no external action)
@@ -56,7 +56,7 @@ jobs:
      run:
        working-directory: codex-rs
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - uses: dtolnay/rust-toolchain@1.90
        with:
          components: rustfmt
@@ -74,7 +74,7 @@ jobs:
      run:
        working-directory: codex-rs
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - uses: dtolnay/rust-toolchain@1.90
      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
        with:
@@ -147,21 +147,12 @@ jobs:
            profile: release

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - uses: dtolnay/rust-toolchain@1.90
        with:
          targets: ${{ matrix.target }}
          components: clippy

-      - name: Compute lockfile hash
-        id: lockhash
-        working-directory: codex-rs
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "hash=$(sha256sum Cargo.lock | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
-          echo "toolchain_hash=$(sha256sum rust-toolchain.toml | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
-
      # Explicit cache restore: split cargo home vs target, so we can
      # avoid caching the large target dir on the gnu-dev job.
      - name: Restore cargo home cache
@@ -173,7 +164,7 @@ jobs:
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ steps.lockhash.outputs.toolchain_hash }}
+          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}
          restore-keys: |
            cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-

@@ -210,9 +201,9 @@ jobs:
        uses: actions/cache/restore@v4
        with:
          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
+          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}
          restore-keys: |
-            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-
+            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-
            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-

      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
@@ -287,7 +278,7 @@ jobs:
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ steps.lockhash.outputs.toolchain_hash }}
+          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}

      - name: Save sccache cache (fallback)
        if: always() && !cancelled() && env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true'
@@ -295,7 +286,7 @@ jobs:
        uses: actions/cache/save@v4
        with:
          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
+          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}

      - name: sccache stats
        if: always() && env.USE_SCCACHE == 'true'
@@ -368,63 +359,11 @@ jobs:
            profile: dev

    steps:
-      - uses: actions/checkout@v6
-
-      # We have been running out of space when running this job on Linux for
-      # x86_64-unknown-linux-gnu, so remove some unnecessary dependencies.
-      - name: Remove unnecessary dependencies to save space
-        if: ${{ startsWith(matrix.runner, 'ubuntu') }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          sudo rm -rf \
-            /usr/local/lib/android \
-            /usr/share/dotnet \
-            /usr/local/share/boost \
-            /usr/local/lib/node_modules \
-            /opt/ghc
-          sudo apt-get remove -y docker.io docker-compose podman buildah
-
-      # Ensure brew includes this fix so that brew's shellenv.sh loads
-      # cleanly in the Codex sandbox (it is frequently eval'd via .zprofile
-      # for Brew users, including the macOS runners on GitHub):
-      #
-      # https://github.com/Homebrew/brew/pull/21157
-      #
-      # Once brew 5.0.5 is released and is the default on macOS runners, this
-      # step can be removed.
-      - name: Upgrade brew
-        if: ${{ startsWith(matrix.runner, 'macos') }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          brew --version
-          git -C "$(brew --repo)" fetch origin
-          git -C "$(brew --repo)" checkout main
-          git -C "$(brew --repo)" reset --hard origin/main
-          export HOMEBREW_UPDATE_TO_TAG=0
-          brew update
-          brew upgrade
-          brew --version
-
-      # Some integration tests rely on DotSlash being installed.
-      # See https://github.com/openai/codex/pull/7617.
-      - name: Install DotSlash
-        uses: facebook/install-dotslash@v2
-
+      - uses: actions/checkout@v5
      - uses: dtolnay/rust-toolchain@1.90
        with:
          targets: ${{ matrix.target }}

-      - name: Compute lockfile hash
-        id: lockhash
-        working-directory: codex-rs
-        shell: bash
-        run: |
-          set -euo pipefail
-          echo "hash=$(sha256sum Cargo.lock | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
-          echo "toolchain_hash=$(sha256sum rust-toolchain.toml | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
-
      - name: Restore cargo home cache
        id: cache_cargo_home_restore
        uses: actions/cache/restore@v4
@@ -434,7 +373,7 @@ jobs:
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ steps.lockhash.outputs.toolchain_hash }}
+          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}
          restore-keys: |
            cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-

@@ -470,9 +409,9 @@ jobs:
        uses: actions/cache/restore@v4
        with:
          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
+          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}
          restore-keys: |
-            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-
+            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-
            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-

      - uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2
@@ -497,7 +436,7 @@ jobs:
            ~/.cargo/registry/index/
            ~/.cargo/registry/cache/
            ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ steps.lockhash.outputs.toolchain_hash }}
+          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}

      - name: Save sccache cache (fallback)
        if: always() && !cancelled() && env.USE_SCCACHE == 'true' && env.SCCACHE_GHA_ENABLED != 'true'
@@ -505,7 +444,7 @@ jobs:
        uses: actions/cache/save@v4
        with:
          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ steps.lockhash.outputs.hash }}-${{ github.run_id }}
+          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}

      - name: sccache stats
        if: always() && env.USE_SCCACHE == 'true'
--- a/.github/workflows/rust-release.yml
+++ b/.github/workflows/rust-release.yml
@@ -19,7 +19,7 @@ jobs:
  tag-check:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5

      - name: Validate tag matches Cargo.toml version
        shell: bash
@@ -50,9 +50,6 @@ jobs:
    name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
    runs-on: ${{ matrix.runner }}
    timeout-minutes: 30
-    permissions:
-      contents: read
-      id-token: write
    defaults:
      run:
        working-directory: codex-rs
@@ -79,7 +76,7 @@ jobs:
            target: aarch64-pc-windows-msvc

    steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
      - uses: dtolnay/rust-toolchain@1.90
        with:
          targets: ${{ matrix.target }}
@@ -101,32 +98,7 @@ jobs:
          sudo apt-get install -y musl-tools pkg-config

      - name: Cargo build
-        shell: bash
-        run: |
-          if [[ "${{ contains(matrix.target, 'windows') }}" == 'true' ]]; then
-            cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy --bin codex-windows-sandbox-setup --bin codex-command-runner
-          else
-            cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy
-          fi
-
-      - if: ${{ contains(matrix.target, 'linux') }}
-        name: Cosign Linux artifacts
-        uses: ./.github/actions/linux-code-sign
-        with:
-          target: ${{ matrix.target }}
-          artifacts-dir: ${{ github.workspace }}/codex-rs/target/${{ matrix.target }}/release
-
-      - if: ${{ contains(matrix.target, 'windows') }}
-        name: Sign Windows binaries with Azure Trusted Signing
-        uses: ./.github/actions/windows-code-sign
-        with:
-          target: ${{ matrix.target }}
-          client-id: ${{ secrets.AZURE_TRUSTED_SIGNING_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TRUSTED_SIGNING_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID }}
-          endpoint: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
-          account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-          certificate-profile-name: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME }}
+        run: cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy

      - if: ${{ matrix.runner == 'macos-15-xlarge' }}
        name: Configure Apple code signing
@@ -311,11 +283,6 @@ jobs:
            cp target/${{ matrix.target }}/release/codex-responses-api-proxy "$dest/codex-responses-api-proxy-${{ matrix.target }}"
          fi

-          if [[ "${{ matrix.target }}" == *linux* ]]; then
-            cp target/${{ matrix.target }}/release/codex.sigstore "$dest/codex-${{ matrix.target }}.sigstore"
-            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.sigstore "$dest/codex-responses-api-proxy-${{ matrix.target }}.sigstore"
-          fi
-
      - if: ${{ matrix.runner == 'windows-11-arm' }}
        name: Install zstd
        shell: powershell
@@ -354,11 +321,6 @@ jobs:
              continue
            fi

-            # Don't try to compress signature bundles.
-            if [[ "$base" == *.sigstore ]]; then
-              continue
-            fi
-
            # Create per-binary tar.gz
            tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"

@@ -415,7 +377,8 @@ jobs:
    uses: ./.github/workflows/shell-tool-mcp.yml
    with:
      release-tag: ${{ github.ref_name }}
-      publish: true
+      # We are not ready to publish yet.
+      publish: false
    secrets: inherit

  release:
@@ -435,7 +398,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - uses: actions/download-artifact@v4
        with:
--- a/.github/workflows/sdk.yml
+++ b/.github/workflows/sdk.yml
@@ -11,7 +11,7 @@ jobs:
    timeout-minutes: 10
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
--- a/.github/workflows/shell-tool-mcp-ci.yml
+++ b/.github/workflows/shell-tool-mcp-ci.yml
@@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
--- a/.github/workflows/shell-tool-mcp.yml
+++ b/.github/workflows/shell-tool-mcp.yml
@@ -91,7 +91,7 @@ jobs:
            install_musl: true
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - uses: dtolnay/rust-toolchain@1.90
        with:
@@ -113,7 +113,7 @@ jobs:
          cp "target/${{ matrix.target }}/release/codex-exec-mcp-server" "$dest/"
          cp "target/${{ matrix.target }}/release/codex-execve-wrapper" "$dest/"

-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v4
        with:
          name: shell-tool-mcp-rust-${{ matrix.target }}
          path: artifacts/**
@@ -138,6 +138,10 @@ jobs:
            target: x86_64-unknown-linux-musl
            variant: ubuntu-22.04
            image: ubuntu:22.04
+          - runner: ubuntu-24.04
+            target: x86_64-unknown-linux-musl
+            variant: ubuntu-20.04
+            image: ubuntu:20.04
          - runner: ubuntu-24.04
            target: x86_64-unknown-linux-musl
            variant: debian-12
@@ -192,7 +196,7 @@ jobs:
          fi

      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Build patched Bash
        shell: bash
@@ -211,7 +215,7 @@ jobs:
          mkdir -p "$dest"
          cp bash "$dest/bash"

-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v4
        with:
          name: shell-tool-mcp-bash-${{ matrix.target }}-${{ matrix.variant }}
          path: artifacts/**
@@ -232,9 +236,12 @@ jobs:
          - runner: macos-14
            target: aarch64-apple-darwin
            variant: macos-14
+          - runner: macos-13
+            target: x86_64-apple-darwin
+            variant: macos-13
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Build patched Bash
        shell: bash
@@ -253,7 +260,7 @@ jobs:
          mkdir -p "$dest"
          cp bash "$dest/bash"

-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v4
        with:
          name: shell-tool-mcp-bash-${{ matrix.target }}-${{ matrix.variant }}
          path: artifacts/**
@@ -271,7 +278,7 @@ jobs:
      PACKAGE_VERSION: ${{ needs.metadata.outputs.version }}
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5

      - name: Setup pnpm
        uses: pnpm/action-setup@v4
@@ -352,7 +359,7 @@ jobs:
          filename=$(PACK_INFO="$pack_info" node -e 'const data = JSON.parse(process.env.PACK_INFO); console.log(data[0].filename);')
          mv "dist/npm/${filename}" "dist/npm/codex-shell-tool-mcp-npm-${PACKAGE_VERSION}.tgz"

-      - uses: actions/upload-artifact@v5
+      - uses: actions/upload-artifact@v4
        with:
          name: codex-shell-tool-mcp-npm
          path: dist/npm/codex-shell-tool-mcp-npm-${{ env.PACKAGE_VERSION }}.tgz
--- a/.gitignore
+++ b/.gitignore
@@ -85,3 +85,5 @@ CHANGELOG.ignore.md
 # nix related
 .direnv
 .envrc
+
+plans/
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -75,7 +75,6 @@ If you don’t have the tool:
 ### Test assertions

 - Tests should use pretty_assertions::assert_eq for clearer diffs. Import this at the top of the test module if it isn't already.
- Prefer deep equals comparisons whenever possible. Perform `assert_eq!()` on entire objects, rather than individual fields.

 ### Integration tests (core)

--- a/README.md
+++ b/README.md
@@ -69,9 +69,38 @@ Codex can access MCP servers. To configure them, refer to the [config docs](./do

 Codex CLI supports a rich set of configuration options, with preferences stored in `~/.codex/config.toml`. For full configuration options, see [Configuration](./docs/config.md).

-### Execpolicy
+### Execpolicy Quickstart

-See the [Execpolicy quickstart](./docs/execpolicy.md) to set up rules that govern what commands Codex can execute.
+Codex can enforce your own rules-based execution policy before it runs shell commands.
+
+1. Create a policy directory: `mkdir -p ~/.codex/policy`.
+2. Create one or more `.codexpolicy` files in that folder. Codex automatically loads every `.codexpolicy` file in there on startup.
+3. Write `prefix_rule` entries to describe the commands you want to allow, prompt, or block:
+
+```starlark
+prefix_rule(
+    pattern = ["git", ["push", "fetch"]],
+    decision = "prompt",  # allow | prompt | forbidden
+    match = [["git", "push", "origin", "main"]],  # examples that must match
+    not_match = [["git", "status"]],              # examples that must not match
+)
+```
+
+- `pattern` is a list of shell tokens, evaluated from left to right; wrap tokens in a nested list to express alternatives (e.g., match both `push` and `fetch`).
+- `decision` sets the severity; Codex picks the strictest decision when multiple rules match (forbidden > prompt > allow).
+- `match` and `not_match` act as (optional) unit tests. Codex validates them when it loads your policy, so you get feedback if an example has unexpected behavior.
+
+In this example rule, if Codex wants to run commands with the prefix `git push` or `git fetch`, it will first ask for user approval.
+
+Use the `codex execpolicy check` subcommand to preview decisions before you save a rule (see the [`codex-execpolicy` README](./codex-rs/execpolicy/README.md) for syntax details):
+
+```shell
+codex execpolicy check --policy ~/.codex/policy/default.codexpolicy git push origin main
+```
+
+Pass multiple `--policy` flags to test how several files combine, and use `--pretty` for formatted JSON output. See the [`codex-rs/execpolicy` README](./codex-rs/execpolicy/README.md) for a more detailed walkthrough of the available syntax.
+
+## Note: `execpolicy` commands are still in preview. The API may have breaking changes in the future.

 ### Docs & FAQ

@@ -85,7 +114,6 @@ See the [Execpolicy quickstart](./docs/execpolicy.md) to set up rules that gover
 - [**Configuration**](./docs/config.md)
  - [Example config](./docs/example-config.md)
 - [**Sandbox & approvals**](./docs/sandbox.md)
- [**Execpolicy quickstart**](./docs/execpolicy.md)
 - [**Authentication**](./docs/authentication.md)
  - [Auth methods](./docs/authentication.md#forcing-a-specific-auth-method-advanced)
  - [Login on a "Headless" machine](./docs/authentication.md#connecting-on-a-headless-machine)
--- a/codex-cli/bin/codex.js
+++ b/codex-cli/bin/codex.js
@@ -95,6 +95,14 @@ function detectPackageManager() {
    return "bun";
  }

+  if (
+    process.env.BUN_INSTALL ||
+    process.env.BUN_INSTALL_GLOBAL_DIR ||
+    process.env.BUN_INSTALL_BIN_DIR
+  ) {
+    return "bun";
+  }
+
  return userAgent ? "npm" : null;
 }

--- a/codex-rs/.cargo/audit.toml
+++ b/codex-rs/.cargo/audit.toml
@@ -1,6 +0,0 @@
-[advisories]
-ignore = [
-    "RUSTSEC-2024-0388", # derivative 2.2.0 via starlark; upstream crate is unmaintained
-    "RUSTSEC-2025-0057", # fxhash 0.2.1 via starlark_map; upstream crate is unmaintained
-    "RUSTSEC-2024-0436", # paste 1.0.15 via starlark/ratatui; upstream crate is unmaintained
-]
--- a/codex-rs/.github/workflows/cargo-audit.yml
+++ b/codex-rs/.github/workflows/cargo-audit.yml
@@ -1,26 +0,0 @@
-name: Cargo audit
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: read
-
-jobs:
-  audit:
-    runs-on: ubuntu-latest
-    defaults:
-      run:
-        working-directory: codex-rs
-    steps:
-      - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
-      - name: Install cargo-audit
-        uses: taiki-e/install-action@v2
-        with:
-          tool: cargo-audit
-      - name: Run cargo audit
-        run: cargo audit --deny warnings
--- a/codex-rs/Cargo.lock
+++ b/codex-rs/Cargo.lock
--- a/codex-rs/Cargo.toml
+++ b/codex-rs/Cargo.toml
@@ -34,8 +34,6 @@ members = [
    "stdio-to-uds",
    "otel",
    "tui",
-    "tui2",
-    "utils/absolute-path",
    "utils/git",
    "utils/cache",
    "utils/image",
@@ -43,8 +41,6 @@ members = [
    "utils/pty",
    "utils/readiness",
    "utils/string",
-    "codex-client",
-    "codex-api",
 ]
 resolver = "2"

@@ -55,13 +51,11 @@ version = "0.0.0"
 # crates created with `cargo new -w ...` automatically inherit the 2024
 # edition.
 edition = "2024"
-license = "Apache-2.0"

 [workspace.dependencies]
 # Internal
 app_test_support = { path = "app-server/tests/common" }
 codex-ansi-escape = { path = "ansi-escape" }
-codex-api = { path = "codex-api" }
 codex-app-server = { path = "app-server" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-apply-patch = { path = "apply-patch" }
@@ -69,7 +63,6 @@ codex-arg0 = { path = "arg0" }
 codex-async-utils = { path = "async-utils" }
 codex-backend-client = { path = "backend-client" }
 codex-chatgpt = { path = "chatgpt" }
-codex-client = { path = "codex-client" }
 codex-common = { path = "common" }
 codex-core = { path = "core" }
 codex-exec = { path = "exec" }
@@ -90,8 +83,6 @@ codex-responses-api-proxy = { path = "responses-api-proxy" }
 codex-rmcp-client = { path = "rmcp-client" }
 codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-tui = { path = "tui" }
-codex-tui2 = { path = "tui2" }
-codex-utils-absolute-path = { path = "utils/absolute-path" }
 codex-utils-cache = { path = "utils/cache" }
 codex-utils-image = { path = "utils/image" }
 codex-utils-json-to-toml = { path = "utils/json-to-toml" }
@@ -100,7 +91,6 @@ codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
 core_test_support = { path = "core/tests/common" }
-exec_server_test_support = { path = "exec-server/tests/common" }
 mcp-types = { path = "mcp-types" }
 mcp_test_support = { path = "mcp-server/tests/common" }

@@ -109,6 +99,7 @@ allocative = "0.3.3"
 ansi-to-tui = "7.0.0"
 anyhow = "1"
 arboard = { version = "3", features = ["wayland-data-control"] }
+askama = "0.14"
 assert_cmd = "2"
 assert_matches = "1.5.0"
 async-channel = "2.3.1"
@@ -117,8 +108,8 @@ async-trait = "0.1.89"
 axum = { version = "0.8", default-features = false }
 base64 = "0.22.1"
 bytes = "1.10.1"
-chardetng = "0.1.17"
 chrono = "0.4.42"
+chardetng = "0.1.17"
 clap = "4"
 clap_complete = "4"
 color-eyre = "0.6.3"
@@ -129,9 +120,9 @@ diffy = "0.4.2"
 dirs = "6"
 dotenvy = "0.15.7"
 dunce = "1.0.4"
-encoding_rs = "0.8.35"
 env-flags = "0.1.1"
 env_logger = "0.11.5"
+encoding_rs = "0.8.35"
 escargot = "0.5"
 eventsource-stream = "0.2.3"
 futures = { version = "0.3", default-features = false }
@@ -140,14 +131,14 @@ icu_decimal = "2.1"
 icu_locale_core = "2.1"
 icu_provider = { version = "2.1", features = ["sync"] }
 ignore = "0.4.23"
-image = { version = "^0.25.9", default-features = false }
+image = { version = "^0.25.8", default-features = false }
 indexmap = "2.12.0"
-insta = "1.44.3"
+insta = "1.43.2"
 itertools = "0.14.0"
 keyring = { version = "3.6", default-features = false }
 landlock = "0.4.1"
 lazy_static = "1"
-libc = "0.2.177"
+libc = "0.2.175"
 log = "0.4"
 lru = "0.12.5"
 maplit = "1.0.2"
@@ -173,17 +164,15 @@ pulldown-cmark = "0.10"
 rand = "0.9"
 ratatui = "0.29.0"
 ratatui-macros = "0.6.0"
-regex = "1.12.2"
 regex-lite = "0.1.7"
+regex = "1.11.1"
 reqwest = "0.12"
-rmcp = { version = "0.10.0", default-features = false }
+rmcp = { version = "0.8.5", default-features = false }
 schemars = "0.8.22"
 seccompiler = "0.5.0"
-sentry = "0.34.0"
 serde = "1"
 serde_json = "1"
-serde_with = "3.16"
-serde_yaml = "0.9"
+serde_with = "3.14"
 serial_test = "3.2.0"
 sha1 = "0.10.6"
 sha2 = "0.10"
@@ -206,9 +195,9 @@ tokio-stream = "0.1.17"
 tokio-test = "0.4"
 tokio-util = "0.7.16"
 toml = "0.9.5"
-toml_edit = "0.23.5"
+toml_edit = "0.23.4"
 tonic = "0.13.1"
-tracing = "0.1.43"
+tracing = "0.1.41"
 tracing-appender = "0.2.3"
 tracing-subscriber = "0.3.20"
 tracing-test = "0.2.5"
@@ -226,7 +215,7 @@ vt100 = "0.16.2"
 walkdir = "2.5.0"
 webbrowser = "1.0"
 which = "6"
-wildmatch = "2.6.1"
+wildmatch = "2.5.0"

 wiremock = "0.6"
 zeroize = "1.8.2"
@@ -272,10 +261,15 @@ unwrap_used = "deny"
 # cargo-shear cannot see the platform-specific openssl-sys usage, so we
 # silence the false positive here instead of deleting a real dependency.
 [workspace.metadata.cargo-shear]
-ignored = ["icu_provider", "openssl-sys", "codex-utils-readiness"]
+ignored = [
+    "icu_provider",
+    "openssl-sys",
+    "codex-utils-readiness",
+]

 [profile.release]
-lto = "fat"
+opt-level = "z"        # or "s" (z is smaller)
+lto = "thin"           # "fat" can be smaller sometimes; test both
 # Because we bundle some of these executables with the TypeScript CLI, we
 # remove everything to make the binary as small as possible.
 strip = "symbols"
--- a/codex-rs/README.md
+++ b/codex-rs/README.md
@@ -46,7 +46,7 @@ Use `codex mcp` to add/list/get/remove MCP server launchers defined in `config.t

 ### Notifications

-You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The [notify documentation](../docs/config.md#notify) includes a detailed example that explains how to get desktop notifications via [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS. When Codex detects that it is running under WSL 2 inside Windows Terminal (`WT_SESSION` is set), the TUI automatically falls back to native Windows toast notifications so approval prompts and completed turns surface even though Windows Terminal does not implement OSC 9.
+You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The [notify documentation](../docs/config.md#notify) includes a detailed example that explains how to get desktop notifications via [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS.

 ### `codex exec` to run Codex programmatically/non-interactively

--- a/codex-rs/ansi-escape/Cargo.toml
+++ b/codex-rs/ansi-escape/Cargo.toml
@@ -1,8 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-ansi-escape"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
+version = { workspace = true }

 [lib]
 name = "codex_ansi_escape"
--- a/codex-rs/app-server-protocol/Cargo.toml
+++ b/codex-rs/app-server-protocol/Cargo.toml
@@ -1,8 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-app-server-protocol"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
+version = { workspace = true }

 [lib]
 name = "codex_app_server_protocol"
@@ -15,7 +14,6 @@ workspace = true
 anyhow = { workspace = true }
 clap = { workspace = true, features = ["derive"] }
 codex-protocol = { workspace = true }
-codex-utils-absolute-path = { workspace = true }
 mcp-types = { workspace = true }
 schemars = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
--- a/codex-rs/app-server-protocol/src/protocol/common.rs
+++ b/codex-rs/app-server-protocol/src/protocol/common.rs
@@ -131,7 +131,7 @@ client_request_definitions! {
    },
    ReviewStart => "review/start" {
        params: v2::ReviewStartParams,
-        response: v2::ReviewStartResponse,
+        response: v2::TurnStartResponse,
    },

    ModelList => "model/list" {
@@ -139,16 +139,6 @@ client_request_definitions! {
        response: v2::ModelListResponse,
    },

-    McpServerOauthLogin => "mcpServer/oauth/login" {
-        params: v2::McpServerOauthLoginParams,
-        response: v2::McpServerOauthLoginResponse,
-    },
-
-    McpServersList => "mcpServers/list" {
-        params: v2::ListMcpServersParams,
-        response: v2::ListMcpServersResponse,
-    },
-
    LoginAccount => "account/login/start" {
        params: v2::LoginAccountParams,
        response: v2::LoginAccountResponse,
@@ -174,25 +164,6 @@ client_request_definitions! {
        response: v2::FeedbackUploadResponse,
    },

-    /// Execute a command (argv vector) under the server's sandbox.
-    OneOffCommandExec => "command/exec" {
-        params: v2::CommandExecParams,
-        response: v2::CommandExecResponse,
-    },
-
-    ConfigRead => "config/read" {
-        params: v2::ConfigReadParams,
-        response: v2::ConfigReadResponse,
-    },
-    ConfigValueWrite => "config/value/write" {
-        params: v2::ConfigValueWriteParams,
-        response: v2::ConfigWriteResponse,
-    },
-    ConfigBatchWrite => "config/batchWrite" {
-        params: v2::ConfigBatchWriteParams,
-        response: v2::ConfigWriteResponse,
-    },
-
    GetAccount => "account/read" {
        params: v2::GetAccountParams,
        response: v2::GetAccountResponse,
@@ -518,25 +489,18 @@ server_notification_definitions! {
    /// NEW NOTIFICATIONS
    Error => "error" (v2::ErrorNotification),
    ThreadStarted => "thread/started" (v2::ThreadStartedNotification),
-    ThreadTokenUsageUpdated => "thread/tokenUsage/updated" (v2::ThreadTokenUsageUpdatedNotification),
    TurnStarted => "turn/started" (v2::TurnStartedNotification),
    TurnCompleted => "turn/completed" (v2::TurnCompletedNotification),
-    TurnDiffUpdated => "turn/diff/updated" (v2::TurnDiffUpdatedNotification),
-    TurnPlanUpdated => "turn/plan/updated" (v2::TurnPlanUpdatedNotification),
    ItemStarted => "item/started" (v2::ItemStartedNotification),
    ItemCompleted => "item/completed" (v2::ItemCompletedNotification),
    AgentMessageDelta => "item/agentMessage/delta" (v2::AgentMessageDeltaNotification),
    CommandExecutionOutputDelta => "item/commandExecution/outputDelta" (v2::CommandExecutionOutputDeltaNotification),
-    TerminalInteraction => "item/commandExecution/terminalInteraction" (v2::TerminalInteractionNotification),
-    FileChangeOutputDelta => "item/fileChange/outputDelta" (v2::FileChangeOutputDeltaNotification),
    McpToolCallProgress => "item/mcpToolCall/progress" (v2::McpToolCallProgressNotification),
-    McpServerOauthLoginCompleted => "mcpServer/oauthLogin/completed" (v2::McpServerOauthLoginCompletedNotification),
    AccountUpdated => "account/updated" (v2::AccountUpdatedNotification),
    AccountRateLimitsUpdated => "account/rateLimits/updated" (v2::AccountRateLimitsUpdatedNotification),
    ReasoningSummaryTextDelta => "item/reasoning/summaryTextDelta" (v2::ReasoningSummaryTextDeltaNotification),
    ReasoningSummaryPartAdded => "item/reasoning/summaryPartAdded" (v2::ReasoningSummaryPartAddedNotification),
    ReasoningTextDelta => "item/reasoning/textDelta" (v2::ReasoningTextDeltaNotification),
-    ContextCompacted => "thread/compacted" (v2::ContextCompactedNotification),

    /// Notifies the user of world-writable directories on Windows, which cannot be protected by the sandbox.
    WindowsWorldWritableWarning => "windows/worldWritableWarning" (v2::WindowsWorldWritableWarningNotification),
@@ -654,6 +618,7 @@ mod tests {
            command: vec!["echo".to_string(), "hello".to_string()],
            cwd: PathBuf::from("/tmp"),
            reason: Some("because tests".to_string()),
+            risk: None,
            parsed_cmd: vec![ParsedCommand::Unknown {
                cmd: "echo hello".to_string(),
            }],
@@ -673,6 +638,7 @@ mod tests {
                    "command": ["echo", "hello"],
                    "cwd": "/tmp",
                    "reason": "because tests",
+                    "risk": null,
                    "parsedCmd": [
                        {
                            "type": "unknown",
--- a/codex-rs/app-server-protocol/src/protocol/mappers.rs
+++ b/codex-rs/app-server-protocol/src/protocol/mappers.rs
@@ -1,15 +0,0 @@
-use crate::protocol::v1;
-use crate::protocol::v2;
-
-impl From<v1::ExecOneOffCommandParams> for v2::CommandExecParams {
-    fn from(value: v1::ExecOneOffCommandParams) -> Self {
-        Self {
-            command: value.command,
-            timeout_ms: value
-                .timeout_ms
-                .map(|timeout| i64::try_from(timeout).unwrap_or(60_000)),
-            cwd: value.cwd,
-            sandbox_policy: value.sandbox_policy.map(std::convert::Into::into),
-        }
-    }
-}
--- a/codex-rs/app-server-protocol/src/protocol/mod.rs
+++ b/codex-rs/app-server-protocol/src/protocol/mod.rs
@@ -2,7 +2,6 @@
 // Exposes protocol pieces used by `lib.rs` via `pub use protocol::common::*;`.

 pub mod common;
-mod mappers;
 pub mod thread_history;
 pub mod v1;
 pub mod v2;
--- a/codex-rs/app-server-protocol/src/protocol/thread_history.rs
+++ b/codex-rs/app-server-protocol/src/protocol/thread_history.rs
@@ -1,6 +1,5 @@
 use crate::protocol::v2::ThreadItem;
 use crate::protocol::v2::Turn;
-use crate::protocol::v2::TurnError;
 use crate::protocol::v2::TurnStatus;
 use crate::protocol::v2::UserInput;
 use codex_protocol::protocol::AgentReasoningEvent;
@@ -143,7 +142,6 @@ impl ThreadHistoryBuilder {
        PendingTurn {
            id: self.next_turn_id(),
            items: Vec::new(),
-            error: None,
            status: TurnStatus::Completed,
        }
    }
@@ -192,7 +190,6 @@ impl ThreadHistoryBuilder {
 struct PendingTurn {
    id: String,
    items: Vec<ThreadItem>,
-    error: Option<TurnError>,
    status: TurnStatus,
 }

@@ -201,7 +198,6 @@ impl From<PendingTurn> for Turn {
        Self {
            id: value.id,
            items: value.items,
-            error: value.error,
            status: value.status,
        }
    }
--- a/codex-rs/app-server-protocol/src/protocol/v1.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v1.rs
@@ -3,20 +3,20 @@ use std::path::PathBuf;

 use codex_protocol::ConversationId;
 use codex_protocol::config_types::ForcedLoginMethod;
+use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
 use codex_protocol::models::ResponseItem;
-use codex_protocol::openai_models::ReasoningEffort;
 use codex_protocol::parse_command::ParsedCommand;
 use codex_protocol::protocol::AskForApproval;
 use codex_protocol::protocol::EventMsg;
 use codex_protocol::protocol::FileChange;
 use codex_protocol::protocol::ReviewDecision;
+use codex_protocol::protocol::SandboxCommandAssessment;
 use codex_protocol::protocol::SandboxPolicy;
 use codex_protocol::protocol::SessionSource;
 use codex_protocol::protocol::TurnAbortReason;
-use codex_utils_absolute_path::AbsolutePathBuf;
 use schemars::JsonSchema;
 use serde::Deserialize;
 use serde::Serialize;
@@ -226,6 +226,7 @@ pub struct ExecCommandApprovalParams {
    pub command: Vec<String>,
    pub cwd: PathBuf,
    pub reason: Option<String>,
+    pub risk: Option<SandboxCommandAssessment>,
    pub parsed_cmd: Vec<ParsedCommand>,
 }

@@ -360,7 +361,7 @@ pub struct Tools {
 #[serde(rename_all = "camelCase")]
 pub struct SandboxSettings {
    #[serde(default)]
-    pub writable_roots: Vec<AbsolutePathBuf>,
+    pub writable_roots: Vec<PathBuf>,
    pub network_access: Option<bool>,
    pub exclude_tmpdir_env_var: Option<bool>,
    pub exclude_slash_tmp: Option<bool>,
--- a/codex-rs/app-server-protocol/src/protocol/v2.rs
+++ b/codex-rs/app-server-protocol/src/protocol/v2.rs
@@ -2,33 +2,22 @@ use std::collections::HashMap;
 use std::path::PathBuf;

 use crate::protocol::common::AuthMode;
+use codex_protocol::ConversationId;
 use codex_protocol::account::PlanType;
-use codex_protocol::approvals::ExecPolicyAmendment as CoreExecPolicyAmendment;
-use codex_protocol::config_types::ForcedLoginMethod;
+use codex_protocol::approvals::SandboxCommandAssessment as CoreSandboxCommandAssessment;
+use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
-use codex_protocol::config_types::SandboxMode as CoreSandboxMode;
-use codex_protocol::config_types::Verbosity;
 use codex_protocol::items::AgentMessageContent as CoreAgentMessageContent;
 use codex_protocol::items::TurnItem as CoreTurnItem;
 use codex_protocol::models::ResponseItem;
-use codex_protocol::openai_models::ReasoningEffort;
 use codex_protocol::parse_command::ParsedCommand as CoreParsedCommand;
-use codex_protocol::plan_tool::PlanItemArg as CorePlanItemArg;
-use codex_protocol::plan_tool::StepStatus as CorePlanStepStatus;
-use codex_protocol::protocol::AskForApproval as CoreAskForApproval;
 use codex_protocol::protocol::CodexErrorInfo as CoreCodexErrorInfo;
 use codex_protocol::protocol::CreditsSnapshot as CoreCreditsSnapshot;
 use codex_protocol::protocol::RateLimitSnapshot as CoreRateLimitSnapshot;
 use codex_protocol::protocol::RateLimitWindow as CoreRateLimitWindow;
 use codex_protocol::protocol::SessionSource as CoreSessionSource;
-use codex_protocol::protocol::TokenUsage as CoreTokenUsage;
-use codex_protocol::protocol::TokenUsageInfo as CoreTokenUsageInfo;
 use codex_protocol::user_input::UserInput as CoreUserInput;
-use codex_utils_absolute_path::AbsolutePathBuf;
 use mcp_types::ContentBlock as McpContentBlock;
-use mcp_types::Resource as McpResource;
-use mcp_types::ResourceTemplate as McpResourceTemplate;
-use mcp_types::Tool as McpTool;
 use schemars::JsonSchema;
 use serde::Deserialize;
 use serde::Serialize;
@@ -127,285 +116,31 @@ impl From<CoreCodexErrorInfo> for CodexErrorInfo {
    }
 }

-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "kebab-case")]
-#[ts(rename_all = "kebab-case", export_to = "v2/")]
-pub enum AskForApproval {
-    #[serde(rename = "untrusted")]
-    #[ts(rename = "untrusted")]
-    UnlessTrusted,
-    OnFailure,
-    OnRequest,
-    Never,
-}
-
-impl AskForApproval {
-    pub fn to_core(self) -> CoreAskForApproval {
-        match self {
-            AskForApproval::UnlessTrusted => CoreAskForApproval::UnlessTrusted,
-            AskForApproval::OnFailure => CoreAskForApproval::OnFailure,
-            AskForApproval::OnRequest => CoreAskForApproval::OnRequest,
-            AskForApproval::Never => CoreAskForApproval::Never,
-        }
-    }
-}
-
-impl From<CoreAskForApproval> for AskForApproval {
-    fn from(value: CoreAskForApproval) -> Self {
-        match value {
-            CoreAskForApproval::UnlessTrusted => AskForApproval::UnlessTrusted,
-            CoreAskForApproval::OnFailure => AskForApproval::OnFailure,
-            CoreAskForApproval::OnRequest => AskForApproval::OnRequest,
-            CoreAskForApproval::Never => AskForApproval::Never,
-        }
-    }
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "kebab-case")]
-#[ts(rename_all = "kebab-case", export_to = "v2/")]
-pub enum SandboxMode {
-    ReadOnly,
-    WorkspaceWrite,
-    DangerFullAccess,
-}
-
-impl SandboxMode {
-    pub fn to_core(self) -> CoreSandboxMode {
-        match self {
-            SandboxMode::ReadOnly => CoreSandboxMode::ReadOnly,
-            SandboxMode::WorkspaceWrite => CoreSandboxMode::WorkspaceWrite,
-            SandboxMode::DangerFullAccess => CoreSandboxMode::DangerFullAccess,
-        }
-    }
-}
-
-impl From<CoreSandboxMode> for SandboxMode {
-    fn from(value: CoreSandboxMode) -> Self {
-        match value {
-            CoreSandboxMode::ReadOnly => SandboxMode::ReadOnly,
-            CoreSandboxMode::WorkspaceWrite => SandboxMode::WorkspaceWrite,
-            CoreSandboxMode::DangerFullAccess => SandboxMode::DangerFullAccess,
-        }
-    }
-}
-
 v2_enum_from_core!(
-    pub enum ReviewDelivery from codex_protocol::protocol::ReviewDelivery {
-        Inline, Detached
+    pub enum AskForApproval from codex_protocol::protocol::AskForApproval {
+        UnlessTrusted, OnFailure, OnRequest, Never
    }
 );

 v2_enum_from_core!(
-    pub enum McpAuthStatus from codex_protocol::protocol::McpAuthStatus {
-        Unsupported,
-        NotLoggedIn,
-        BearerToken,
-        OAuth
+    pub enum SandboxMode from codex_protocol::config_types::SandboxMode {
+        ReadOnly, WorkspaceWrite, DangerFullAccess
    }
 );

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum ConfigLayerName {
-    Mdm,
-    System,
-    SessionFlags,
-    User,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(export_to = "v2/")]
-pub struct SandboxWorkspaceWrite {
-    #[serde(default)]
-    pub writable_roots: Vec<PathBuf>,
-    #[serde(default)]
-    pub network_access: bool,
-    #[serde(default)]
-    pub exclude_tmpdir_env_var: bool,
-    #[serde(default)]
-    pub exclude_slash_tmp: bool,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(export_to = "v2/")]
-pub struct ToolsV2 {
-    #[serde(alias = "web_search_request")]
-    pub web_search: Option<bool>,
-    pub view_image: Option<bool>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(export_to = "v2/")]
-pub struct ProfileV2 {
-    pub model: Option<String>,
-    pub model_provider: Option<String>,
-    pub approval_policy: Option<AskForApproval>,
-    pub model_reasoning_effort: Option<ReasoningEffort>,
-    pub model_reasoning_summary: Option<ReasoningSummary>,
-    pub model_verbosity: Option<Verbosity>,
-    pub chatgpt_base_url: Option<String>,
-    #[serde(default, flatten)]
-    pub additional: HashMap<String, JsonValue>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "snake_case")]
-#[ts(export_to = "v2/")]
-pub struct Config {
-    pub model: Option<String>,
-    pub review_model: Option<String>,
-    pub model_context_window: Option<i64>,
-    pub model_auto_compact_token_limit: Option<i64>,
-    pub model_provider: Option<String>,
-    pub approval_policy: Option<AskForApproval>,
-    pub sandbox_mode: Option<SandboxMode>,
-    pub sandbox_workspace_write: Option<SandboxWorkspaceWrite>,
-    pub forced_chatgpt_workspace_id: Option<String>,
-    pub forced_login_method: Option<ForcedLoginMethod>,
-    pub tools: Option<ToolsV2>,
-    pub profile: Option<String>,
-    #[serde(default)]
-    pub profiles: HashMap<String, ProfileV2>,
-    pub instructions: Option<String>,
-    pub developer_instructions: Option<String>,
-    pub compact_prompt: Option<String>,
-    pub model_reasoning_effort: Option<ReasoningEffort>,
-    pub model_reasoning_summary: Option<ReasoningSummary>,
-    pub model_verbosity: Option<Verbosity>,
-    #[serde(default, flatten)]
-    pub additional: HashMap<String, JsonValue>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigLayerMetadata {
-    pub name: ConfigLayerName,
-    pub source: String,
-    pub version: String,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigLayer {
-    pub name: ConfigLayerName,
-    pub source: String,
-    pub version: String,
-    pub config: JsonValue,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum MergeStrategy {
-    Replace,
-    Upsert,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum WriteStatus {
-    Ok,
-    OkOverridden,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct OverriddenMetadata {
-    pub message: String,
-    pub overriding_layer: ConfigLayerMetadata,
-    pub effective_value: JsonValue,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigWriteResponse {
-    pub status: WriteStatus,
-    pub version: String,
-    /// Canonical path to the config file that was written.
-    pub file_path: String,
-    pub overridden_metadata: Option<OverriddenMetadata>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum ConfigWriteErrorCode {
-    ConfigLayerReadonly,
-    ConfigVersionConflict,
-    ConfigValidationError,
-    ConfigPathNotFound,
-    ConfigSchemaUnknownKey,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigReadParams {
-    #[serde(default)]
-    pub include_layers: bool,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigReadResponse {
-    pub config: Config,
-    pub origins: HashMap<String, ConfigLayerMetadata>,
-    #[serde(skip_serializing_if = "Option::is_none")]
-    pub layers: Option<Vec<ConfigLayer>>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigValueWriteParams {
-    pub key_path: String,
-    pub value: JsonValue,
-    pub merge_strategy: MergeStrategy,
-    /// Path to the config file to write; defaults to the user's `config.toml` when omitted.
-    pub file_path: Option<String>,
-    pub expected_version: Option<String>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigBatchWriteParams {
-    pub edits: Vec<ConfigEdit>,
-    /// Path to the config file to write; defaults to the user's `config.toml` when omitted.
-    pub file_path: Option<String>,
-    pub expected_version: Option<String>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ConfigEdit {
-    pub key_path: String,
-    pub value: JsonValue,
-    pub merge_strategy: MergeStrategy,
-}
+v2_enum_from_core!(
+    pub enum CommandRiskLevel from codex_protocol::approvals::SandboxRiskLevel {
+        Low,
+        Medium,
+        High
+    }
+);

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub enum ApprovalDecision {
    Accept,
-    /// Approve and remember the approval for the session.
-    AcceptForSession,
-    AcceptWithExecpolicyAmendment {
-        execpolicy_amendment: ExecPolicyAmendment,
-    },
    Decline,
    Cancel,
 }
@@ -421,7 +156,7 @@ pub enum SandboxPolicy {
    #[ts(rename_all = "camelCase")]
    WorkspaceWrite {
        #[serde(default)]
-        writable_roots: Vec<AbsolutePathBuf>,
+        writable_roots: Vec<PathBuf>,
        #[serde(default)]
        network_access: bool,
        #[serde(default)]
@@ -475,23 +210,28 @@ impl From<codex_protocol::protocol::SandboxPolicy> for SandboxPolicy {
    }
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(transparent)]
-#[ts(type = "Array<string>", export_to = "v2/")]
-pub struct ExecPolicyAmendment {
-    pub command: Vec<String>,
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct SandboxCommandAssessment {
+    pub description: String,
+    pub risk_level: CommandRiskLevel,
 }

-impl ExecPolicyAmendment {
-    pub fn into_core(self) -> CoreExecPolicyAmendment {
-        CoreExecPolicyAmendment::new(self.command)
+impl SandboxCommandAssessment {
+    pub fn into_core(self) -> CoreSandboxCommandAssessment {
+        CoreSandboxCommandAssessment {
+            description: self.description,
+            risk_level: self.risk_level.to_core(),
+        }
    }
 }

-impl From<CoreExecPolicyAmendment> for ExecPolicyAmendment {
-    fn from(value: CoreExecPolicyAmendment) -> Self {
+impl From<CoreSandboxCommandAssessment> for SandboxCommandAssessment {
+    fn from(value: CoreSandboxCommandAssessment) -> Self {
        Self {
-            command: value.command().to_vec(),
+            description: value.description,
+            risk_level: CommandRiskLevel::from(value.risk_level),
        }
    }
 }
@@ -669,21 +409,10 @@ pub struct CancelLoginAccountParams {
    pub login_id: String,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum CancelLoginAccountStatus {
-    Canceled,
-    NotFound,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
-pub struct CancelLoginAccountResponse {
-    pub status: CancelLoginAccountStatus,
-}
+pub struct CancelLoginAccountResponse {}

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
@@ -755,64 +484,13 @@ pub struct ModelListResponse {
    pub next_cursor: Option<String>,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ListMcpServersParams {
-    /// Opaque pagination cursor returned by a previous call.
-    pub cursor: Option<String>,
-    /// Optional page size; defaults to a server-defined value.
-    pub limit: Option<u32>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServer {
-    pub name: String,
-    pub tools: std::collections::HashMap<String, McpTool>,
-    pub resources: Vec<McpResource>,
-    pub resource_templates: Vec<McpResourceTemplate>,
-    pub auth_status: McpAuthStatus,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ListMcpServersResponse {
-    pub data: Vec<McpServer>,
-    /// Opaque cursor to pass to the next call to continue after the last item.
-    /// If None, there are no more items to return.
-    pub next_cursor: Option<String>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServerOauthLoginParams {
-    pub name: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub scopes: Option<Vec<String>>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub timeout_secs: Option<i64>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServerOauthLoginResponse {
-    pub authorization_url: String,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct FeedbackUploadParams {
    pub classification: String,
    pub reason: Option<String>,
-    pub thread_id: Option<String>,
+    pub conversation_id: Option<ConversationId>,
    pub include_logs: bool,
 }

@@ -823,26 +501,6 @@ pub struct FeedbackUploadResponse {
    pub thread_id: String,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct CommandExecParams {
-    pub command: Vec<String>,
-    #[ts(type = "number | null")]
-    pub timeout_ms: Option<i64>,
-    pub cwd: Option<PathBuf>,
-    pub sandbox_policy: Option<SandboxPolicy>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct CommandExecResponse {
-    pub exit_code: i32,
-    pub stdout: String,
-    pub stderr: String,
-}
-
 // === Threads, Turns, and Items ===
 // Thread APIs
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, JsonSchema, TS)]
@@ -977,7 +635,6 @@ pub struct Thread {
    /// Model provider used for this thread (for example, 'openai').
    pub model_provider: String,
    /// Unix timestamp (in seconds) when the thread was created.
-    #[ts(type = "number")]
    pub created_at: i64,
    /// [UNSTABLE] Path to the thread on disk.
    pub path: PathBuf,
@@ -1002,63 +659,6 @@ pub struct AccountUpdatedNotification {
    pub auth_mode: Option<AuthMode>,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ThreadTokenUsageUpdatedNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub token_usage: ThreadTokenUsage,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ThreadTokenUsage {
-    pub total: TokenUsageBreakdown,
-    pub last: TokenUsageBreakdown,
-    #[ts(type = "number | null")]
-    pub model_context_window: Option<i64>,
-}
-
-impl From<CoreTokenUsageInfo> for ThreadTokenUsage {
-    fn from(value: CoreTokenUsageInfo) -> Self {
-        Self {
-            total: value.total_token_usage.into(),
-            last: value.last_token_usage.into(),
-            model_context_window: value.model_context_window,
-        }
-    }
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TokenUsageBreakdown {
-    #[ts(type = "number")]
-    pub total_tokens: i64,
-    #[ts(type = "number")]
-    pub input_tokens: i64,
-    #[ts(type = "number")]
-    pub cached_input_tokens: i64,
-    #[ts(type = "number")]
-    pub output_tokens: i64,
-    #[ts(type = "number")]
-    pub reasoning_output_tokens: i64,
-}
-
-impl From<CoreTokenUsage> for TokenUsageBreakdown {
-    fn from(value: CoreTokenUsage) -> Self {
-        Self {
-            total_tokens: value.total_tokens,
-            input_tokens: value.input_tokens,
-            cached_input_tokens: value.cached_input_tokens,
-            output_tokens: value.output_tokens,
-            reasoning_output_tokens: value.reasoning_output_tokens,
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1068,9 +668,8 @@ pub struct Turn {
    /// For all other responses and notifications returning a Turn,
    /// the items field will be an empty list.
    pub items: Vec<ThreadItem>,
+    #[serde(flatten)]
    pub status: TurnStatus,
-    /// Only populated when the Turn's status is failed.
-    pub error: Option<TurnError>,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS, Error)]
@@ -1087,20 +686,15 @@ pub struct TurnError {
 #[ts(export_to = "v2/")]
 pub struct ErrorNotification {
    pub error: TurnError,
-    // Set to true if the error is transient and the app-server process will automatically retry.
-    // If true, this will not interrupt a turn.
-    pub will_retry: bool,
-    pub thread_id: String,
-    pub turn_id: String,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
+#[serde(tag = "status", rename_all = "camelCase")]
+#[ts(tag = "status", export_to = "v2/")]
 pub enum TurnStatus {
    Completed,
    Interrupted,
-    Failed,
+    Failed { error: TurnError },
    InProgress,
 }

@@ -1132,22 +726,9 @@ pub struct ReviewStartParams {
    pub thread_id: String,
    pub target: ReviewTarget,

-    /// Where to run the review: inline (default) on the current thread or
-    /// detached on a new thread (returned in `reviewThreadId`).
+    /// When true, also append the final review message to the original thread.
    #[serde(default)]
-    pub delivery: Option<ReviewDelivery>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ReviewStartResponse {
-    pub turn: Turn,
-    /// Identifies the thread where the review runs.
-    ///
-    /// For inline reviews, this is the original thread id.
-    /// For detached reviews, this is the id of the new review thread.
-    pub review_thread_id: String,
+    pub append_to_original_thread: bool,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1257,8 +838,6 @@ pub enum ThreadItem {
        command: String,
        /// The command's working directory.
        cwd: PathBuf,
-        /// Identifier for the underlying PTY process (when available).
-        process_id: Option<String>,
        status: CommandExecutionStatus,
        /// A best-effort parsing of the command to understand the action(s) it will perform.
        /// This returns a list of CommandAction objects because a single shell command may
@@ -1269,7 +848,6 @@ pub enum ThreadItem {
        /// The command's exit code.
        exit_code: Option<i32>,
        /// The duration of the command execution in milliseconds.
-        #[ts(type = "number | null")]
        duration_ms: Option<i64>,
    },
    #[serde(rename_all = "camelCase")]
@@ -1289,22 +867,19 @@ pub enum ThreadItem {
        arguments: JsonValue,
        result: Option<McpToolCallResult>,
        error: Option<McpToolCallError>,
-        /// The duration of the MCP tool call in milliseconds.
-        #[ts(type = "number | null")]
-        duration_ms: Option<i64>,
    },
    #[serde(rename_all = "camelCase")]
    #[ts(rename_all = "camelCase")]
    WebSearch { id: String, query: String },
    #[serde(rename_all = "camelCase")]
    #[ts(rename_all = "camelCase")]
+    TodoList { id: String, items: Vec<TodoItem> },
+    #[serde(rename_all = "camelCase")]
+    #[ts(rename_all = "camelCase")]
    ImageView { id: String, path: String },
    #[serde(rename_all = "camelCase")]
    #[ts(rename_all = "camelCase")]
-    EnteredReviewMode { id: String, review: String },
-    #[serde(rename_all = "camelCase")]
-    #[ts(rename_all = "camelCase")]
-    ExitedReviewMode { id: String, review: String },
+    CodeReview { id: String, review: String },
 }

 impl From<CoreTurnItem> for ThreadItem {
@@ -1400,6 +975,15 @@ pub struct McpToolCallError {
    pub message: String,
 }

+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct TodoItem {
+    pub id: String,
+    pub text: String,
+    pub completed: bool,
+}
+
 // === Server Notifications ===
 // Thread/Turn lifecycle notifications and item progress events
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1413,7 +997,6 @@ pub struct ThreadStartedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct TurnStartedNotification {
-    pub thread_id: String,
    pub turn: Turn,
 }

@@ -1430,74 +1013,14 @@ pub struct Usage {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct TurnCompletedNotification {
-    pub thread_id: String,
    pub turn: Turn,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-/// Notification that the turn-level unified diff has changed.
-/// Contains the latest aggregated diff across all file changes in the turn.
-pub struct TurnDiffUpdatedNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub diff: String,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TurnPlanUpdatedNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub explanation: Option<String>,
-    pub plan: Vec<TurnPlanStep>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TurnPlanStep {
-    pub step: String,
-    pub status: TurnPlanStepStatus,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, Copy, PartialEq, Eq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub enum TurnPlanStepStatus {
-    Pending,
-    InProgress,
-    Completed,
-}
-
-impl From<CorePlanItemArg> for TurnPlanStep {
-    fn from(value: CorePlanItemArg) -> Self {
-        Self {
-            step: value.step,
-            status: value.status.into(),
-        }
-    }
-}
-
-impl From<CorePlanStepStatus> for TurnPlanStepStatus {
-    fn from(value: CorePlanStepStatus) -> Self {
-        match value {
-            CorePlanStepStatus::Pending => Self::Pending,
-            CorePlanStepStatus::InProgress => Self::InProgress,
-            CorePlanStepStatus::Completed => Self::Completed,
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ItemStartedNotification {
    pub item: ThreadItem,
-    pub thread_id: String,
-    pub turn_id: String,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1505,8 +1028,6 @@ pub struct ItemStartedNotification {
 #[ts(export_to = "v2/")]
 pub struct ItemCompletedNotification {
    pub item: ThreadItem,
-    pub thread_id: String,
-    pub turn_id: String,
 }

 // Item-specific progress notifications
@@ -1514,8 +1035,6 @@ pub struct ItemCompletedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct AgentMessageDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
    pub item_id: String,
    pub delta: String,
 }
@@ -1524,11 +1043,8 @@ pub struct AgentMessageDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningSummaryTextDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
    pub item_id: String,
    pub delta: String,
-    #[ts(type = "number")]
    pub summary_index: i64,
 }

@@ -1536,10 +1052,7 @@ pub struct ReasoningSummaryTextDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningSummaryPartAddedNotification {
-    pub thread_id: String,
-    pub turn_id: String,
    pub item_id: String,
-    #[ts(type = "number")]
    pub summary_index: i64,
 }

@@ -1547,41 +1060,15 @@ pub struct ReasoningSummaryPartAddedNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct ReasoningTextDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
    pub item_id: String,
    pub delta: String,
-    #[ts(type = "number")]
    pub content_index: i64,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct TerminalInteractionNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub item_id: String,
-    pub process_id: String,
-    pub stdin: String,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct CommandExecutionOutputDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-    pub item_id: String,
-    pub delta: String,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct FileChangeOutputDeltaNotification {
-    pub thread_id: String,
-    pub turn_id: String,
    pub item_id: String,
    pub delta: String,
 }
@@ -1590,23 +1077,10 @@ pub struct FileChangeOutputDeltaNotification {
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
 pub struct McpToolCallProgressNotification {
-    pub thread_id: String,
-    pub turn_id: String,
    pub item_id: String,
    pub message: String,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServerOauthLoginCompletedNotification {
-    pub name: String,
-    pub success: bool,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub error: Option<String>,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1616,14 +1090,6 @@ pub struct WindowsWorldWritableWarningNotification {
    pub failed_scan: bool,
 }

-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct ContextCompactedNotification {
-    pub thread_id: String,
-    pub turn_id: String,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1633,8 +1099,17 @@ pub struct CommandExecutionRequestApprovalParams {
    pub item_id: String,
    /// Optional explanatory reason (e.g. request for network access).
    pub reason: Option<String>,
-    /// Optional proposed execpolicy amendment to allow similar commands without prompting.
-    pub proposed_execpolicy_amendment: Option<ExecPolicyAmendment>,
+    /// Optional model-provided risk assessment describing the blocked command.
+    pub risk: Option<SandboxCommandAssessment>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct CommandExecutionRequestAcceptSettings {
+    /// If true, automatically approve this command for the duration of the session.
+    #[serde(default)]
+    pub for_session: bool,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1642,6 +1117,10 @@ pub struct CommandExecutionRequestApprovalParams {
 #[ts(export_to = "v2/")]
 pub struct CommandExecutionRequestApprovalResponse {
    pub decision: ApprovalDecision,
+    /// Optional approval settings for when the decision is `accept`.
+    /// Ignored if the decision is `decline` or `cancel`.
+    #[serde(default)]
+    pub accept_settings: Option<CommandExecutionRequestAcceptSettings>,
 }

 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1678,7 +1157,6 @@ pub struct RateLimitSnapshot {
    pub primary: Option<RateLimitWindow>,
    pub secondary: Option<RateLimitWindow>,
    pub credits: Option<CreditsSnapshot>,
-    pub plan_type: Option<PlanType>,
 }

 impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
@@ -1687,7 +1165,6 @@ impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
            primary: value.primary.map(RateLimitWindow::from),
            secondary: value.secondary.map(RateLimitWindow::from),
            credits: value.credits.map(CreditsSnapshot::from),
-            plan_type: value.plan_type,
        }
    }
 }
@@ -1697,9 +1174,7 @@ impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
 #[ts(export_to = "v2/")]
 pub struct RateLimitWindow {
    pub used_percent: i32,
-    #[ts(type = "number | null")]
    pub window_duration_mins: Option<i64>,
-    #[ts(type = "number | null")]
    pub resets_at: Option<i64>,
 }

--- a/codex-rs/app-server-test-client/Cargo.toml
+++ b/codex-rs/app-server-test-client/Cargo.toml
@@ -1,8 +1,7 @@
 [package]
 name = "codex-app-server-test-client"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
+version = { workspace = true }
+edition = "2024"

 [lints]
 workspace = true
--- a/codex-rs/app-server-test-client/src/main.rs
+++ b/codex-rs/app-server-test-client/src/main.rs
@@ -21,6 +21,7 @@ use codex_app_server_protocol::ApprovalDecision;
 use codex_app_server_protocol::AskForApproval;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientRequest;
+use codex_app_server_protocol::CommandExecutionRequestAcceptSettings;
 use codex_app_server_protocol::CommandExecutionRequestApprovalParams;
 use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::FileChangeRequestApprovalParams;
@@ -100,15 +101,6 @@ enum CliCommand {
    /// Start a V2 turn that should not elicit an ExecCommand approval.
    #[command(name = "no-trigger-cmd-approval")]
    NoTriggerCmdApproval,
-    /// Send two sequential V2 turns in the same thread to test follow-up behavior.
-    SendFollowUpV2 {
-        /// Initial user message for the first turn.
-        #[arg()]
-        first_message: String,
-        /// Follow-up user message for the second turn.
-        #[arg()]
-        follow_up_message: String,
-    },
    /// Trigger the ChatGPT login flow and wait for completion.
    TestLogin,
    /// Fetch the current account rate limits from the Codex app-server.
@@ -128,10 +120,6 @@ fn main() -> Result<()> {
            trigger_patch_approval(codex_bin, user_message)
        }
        CliCommand::NoTriggerCmdApproval => no_trigger_cmd_approval(codex_bin),
-        CliCommand::SendFollowUpV2 {
-            first_message,
-            follow_up_message,
-        } => send_follow_up_v2(codex_bin, first_message, follow_up_message),
        CliCommand::TestLogin => test_login(codex_bin),
        CliCommand::GetAccountRateLimits => get_account_rate_limits(codex_bin),
    }
@@ -221,44 +209,6 @@ fn send_message_v2_with_policies(
    Ok(())
 }

-fn send_follow_up_v2(
-    codex_bin: String,
-    first_message: String,
-    follow_up_message: String,
-) -> Result<()> {
-    let mut client = CodexClient::spawn(codex_bin)?;
-
-    let initialize = client.initialize()?;
-    println!("< initialize response: {initialize:?}");
-
-    let thread_response = client.thread_start(ThreadStartParams::default())?;
-    println!("< thread/start response: {thread_response:?}");
-
-    let first_turn_params = TurnStartParams {
-        thread_id: thread_response.thread.id.clone(),
-        input: vec![V2UserInput::Text {
-            text: first_message,
-        }],
-        ..Default::default()
-    };
-    let first_turn_response = client.turn_start(first_turn_params)?;
-    println!("< turn/start response (initial): {first_turn_response:?}");
-    client.stream_turn(&thread_response.thread.id, &first_turn_response.turn.id)?;
-
-    let follow_up_params = TurnStartParams {
-        thread_id: thread_response.thread.id.clone(),
-        input: vec![V2UserInput::Text {
-            text: follow_up_message,
-        }],
-        ..Default::default()
-    };
-    let follow_up_response = client.turn_start(follow_up_params)?;
-    println!("< turn/start response (follow-up): {follow_up_response:?}");
-    client.stream_turn(&thread_response.thread.id, &follow_up_response.turn.id)?;
-
-    Ok(())
-}
-
 fn test_login(codex_bin: String) -> Result<()> {
    let mut client = CodexClient::spawn(codex_bin)?;

@@ -553,10 +503,6 @@ impl CodexClient {
                    print!("{}", delta.delta);
                    std::io::stdout().flush().ok();
                }
-                ServerNotification::TerminalInteraction(delta) => {
-                    println!("[stdin sent: {}]", delta.stdin);
-                    std::io::stdout().flush().ok();
-                }
                ServerNotification::ItemStarted(payload) => {
                    println!("\n< item started: {:?}", payload.item);
                }
@@ -566,9 +512,7 @@ impl CodexClient {
                ServerNotification::TurnCompleted(payload) => {
                    if payload.turn.id == turn_id {
                        println!("\n< turn/completed notification: {:?}", payload.turn.status);
-                        if payload.turn.status == TurnStatus::Failed
-                            && let Some(error) = payload.turn.error
-                        {
+                        if let TurnStatus::Failed { error } = &payload.turn.status {
                            println!("[turn error] {}", error.message);
                        }
                        break;
@@ -756,7 +700,7 @@ impl CodexClient {
            turn_id,
            item_id,
            reason,
-            proposed_execpolicy_amendment,
+            risk,
        } = params;

        println!(
@@ -765,12 +709,13 @@ impl CodexClient {
        if let Some(reason) = reason.as_deref() {
            println!("< reason: {reason}");
        }
-        if let Some(execpolicy_amendment) = proposed_execpolicy_amendment.as_ref() {
-            println!("< proposed execpolicy amendment: {execpolicy_amendment:?}");
+        if let Some(risk) = risk.as_ref() {
+            println!("< risk assessment: {risk:?}");
        }

        let response = CommandExecutionRequestApprovalResponse {
            decision: ApprovalDecision::Accept,
+            accept_settings: Some(CommandExecutionRequestAcceptSettings { for_session: false }),
        };
        self.send_server_request_response(request_id, &response)?;
        println!("< approved commandExecution request for item {item_id}");
--- a/codex-rs/app-server/Cargo.toml
+++ b/codex-rs/app-server/Cargo.toml
@@ -1,8 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-app-server"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
+version = { workspace = true }

 [[bin]]
 name = "codex-app-server"
@@ -26,14 +25,10 @@ codex-login = { workspace = true }
 codex-protocol = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-feedback = { workspace = true }
-codex-rmcp-client = { workspace = true }
 codex-utils-json-to-toml = { workspace = true }
 chrono = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
-mcp-types = { workspace = true }
-tempfile = { workspace = true }
-toml = { workspace = true }
 tokio = { workspace = true, features = [
    "io-std",
    "macros",
@@ -55,5 +50,7 @@ mcp-types = { workspace = true }
 os_info = { workspace = true }
 pretty_assertions = { workspace = true }
 serial_test = { workspace = true }
+tempfile = { workspace = true }
+toml = { workspace = true }
 wiremock = { workspace = true }
 shlex = { workspace = true }
--- a/codex-rs/app-server/README.md
+++ b/codex-rs/app-server/README.md
@@ -1,15 +1,15 @@
 # codex-app-server

-`codex app-server` is the interface Codex uses to power rich interfaces such as the [Codex VS Code extension](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt).
+`codex app-server` is the interface Codex uses to power rich interfaces such as the [Codex VS Code extension](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt). The message schema is currently unstable, but those who wish to build experimental UIs on top of Codex may find it valuable.

 ## Table of Contents
 - [Protocol](#protocol)
 - [Message Schema](#message-schema)
- [Core Primitives](#core-primitives)
 - [Lifecycle Overview](#lifecycle-overview)
 - [Initialization](#initialization)
- [API Overview](#api-overview)
- [Events](#events)
+- [Core primitives](#core-primitives)
+- [Thread & turn endpoints](#thread--turn-endpoints)
+- [Events (work-in-progress)](#events-work-in-progress)
 - [Auth endpoints](#auth-endpoints)

 ## Protocol
@@ -25,15 +25,6 @@ codex app-server generate-ts --out DIR
 codex app-server generate-json-schema --out DIR
 ```

-## Core Primitives
-
-The API exposes three top level primitives representing an interaction between a user and Codex:
- **Thread**: A conversation between a user and the Codex agent. Each thread contains multiple turns.
- **Turn**: One turn of the conversation, typically starting with a user message and finishing with an agent message. Each turn contains multiple items.
- **Item**: Represents user inputs and agent outputs as part of the turn, persisted and used as the context for future conversations. Example items include user message, agent reasoning, agent message, shell command, file edit, etc.
-
-Use the thread APIs to create, list, or archive conversations. Drive a conversation with turn APIs and stream progress via turn notifications.
-
 ## Lifecycle Overview

 - Initialize once: Immediately after launching the codex app-server process, send an `initialize` request with your client metadata, then emit an `initialized` notification. Any other request before this handshake gets rejected.
@@ -46,34 +37,37 @@ Use the thread APIs to create, list, or archive conversations. Drive a conversat

 Clients must send a single `initialize` request before invoking any other method, then acknowledge with an `initialized` notification. The server returns the user agent string it will present to upstream services; subsequent requests issued before initialization receive a `"Not initialized"` error, and repeated `initialize` calls receive an `"Already initialized"` error.

-Applications building on top of `codex app-server` should identify themselves via the `clientInfo` parameter.
+Example:

-Example (from OpenAI's official VSCode extension):
 ```json
 { "method": "initialize", "id": 0, "params": {
    "clientInfo": { "name": "codex-vscode", "title": "Codex VS Code Extension", "version": "0.1.0" }
 } }
+{ "id": 0, "result": { "userAgent": "codex-app-server/0.1.0 codex-vscode/0.1.0" } }
+{ "method": "initialized" }
 ```

-## API Overview
+## Core primitives
+
+We have 3 top level primitives:
+- Thread - a conversation between the Codex agent and a user. Each thread contains multiple turns.
+- Turn - one turn of the conversation, typically starting with a user message and finishing with an agent message. Each turn contains multiple items.
+- Item - represents user inputs and agent outputs as part of the turn, persisted and used as the context for future conversations.
+
+## Thread & turn endpoints
+
+The JSON-RPC API exposes dedicated methods for managing Codex conversations. Threads store long-lived conversation metadata, and turns store the per-message exchange (input → Codex output, including streamed items). Use the thread APIs to create, list, or archive sessions, then drive the conversation with turn APIs and notifications.
+
+### Quick reference
 - `thread/start` — create a new thread; emits `thread/started` and auto-subscribes you to turn/item events for that thread.
 - `thread/resume` — reopen an existing thread by id so subsequent `turn/start` calls append to it.
 - `thread/list` — page through stored rollouts; supports cursor-based pagination and optional `modelProviders` filtering.
 - `thread/archive` — move a thread’s rollout file into the archived directory; returns `{}` on success.
 - `turn/start` — add user input to a thread and begin Codex generation; responds with the initial `turn` object and streams `turn/started`, `item/*`, and `turn/completed` notifications.
 - `turn/interrupt` — request cancellation of an in-flight turn by `(thread_id, turn_id)`; success is an empty `{}` response and the turn finishes with `status: "interrupted"`.
- `review/start` — kick off Codex’s automated reviewer for a thread; responds like `turn/start` and emits `item/started`/`item/completed` notifications with `enteredReviewMode` and `exitedReviewMode` items, plus a final assistant `agentMessage` containing the review.
- `command/exec` — run a single command under the server sandbox without starting a thread/turn (handy for utilities and validation).
- `model/list` — list available models (with reasoning effort options).
- `mcpServer/oauth/login` — start an OAuth login for a configured MCP server; returns an `authorization_url` and later emits `mcpServer/oauthLogin/completed` once the browser flow finishes.
- `mcpServers/list` — enumerate configured MCP servers with their tools, resources, resource templates, and auth status; supports cursor+limit pagination.
- `feedback/upload` — submit a feedback report (classification + optional reason/logs and conversation_id); returns the tracking thread id.
- `command/exec` — run a single command under the server sandbox without starting a thread/turn (handy for utilities and validation).
- `config/read` — fetch the effective config on disk after resolving config layering.
- `config/value/write` — write a single config key/value to the user's config.toml on disk.
- `config/batchWrite` — apply multiple config edits atomically to the user's config.toml on disk.
+- `review/start` — kick off Codex’s automated reviewer for a thread; responds like `turn/start` and emits a `item/completed` notification with a `codeReview` item when results are ready.

-### Example: Start or resume a thread
+### 1) Start or resume a thread

 Start a fresh thread when you need a new Codex conversation.

@@ -104,7 +98,7 @@ To continue a stored session, call `thread/resume` with the `thread.id` you prev
 { "id": 11, "result": { "thread": { "id": "thr_123", … } } }
 ```

-### Example: List threads (with pagination & filters)
+### 2) List threads (pagination & filters)

 `thread/list` lets you render a history UI. Pass any combination of:
 - `cursor` — opaque string from a prior response; omit for the first page.
@@ -129,7 +123,7 @@ Example:

 When `nextCursor` is `null`, you’ve reached the final page.

-### Example: Archive a thread
+### 3) Archive a thread

 Use `thread/archive` to move the persisted rollout (stored as a JSONL file on disk) into the archived sessions directory.

@@ -140,7 +134,7 @@ Use `thread/archive` to move the persisted rollout (stored as a JSONL file on di

 An archived thread will not appear in future calls to `thread/list`.

-### Example: Start a turn (send user input)
+### 4) Start a turn (send user input)

 Turns attach user input (text or images) to a thread and trigger Codex generation. The `input` field is a list of discriminated unions:

@@ -174,7 +168,7 @@ You can optionally specify config overrides on the new turn. If specified, these
 } } }
 ```

-### Example: Interrupt an active turn
+### 5) Interrupt an active turn

 You can cancel a running Turn with `turn/interrupt`.

@@ -188,7 +182,7 @@ You can cancel a running Turn with `turn/interrupt`.

 The server requests cancellations for running subprocesses, then emits a `turn/completed` event with `status: "interrupted"`. Rely on the `turn/completed` to know when Codex-side cleanup is done.

-### Example: Request a code review
+### 6) Request a code review

 Use `review/start` to run Codex’s reviewer on the currently checked-out project. The request takes the thread id plus a `target` describing what should be reviewed:

@@ -196,92 +190,64 @@ Use `review/start` to run Codex’s reviewer on the currently checked-out projec
 - `{"type":"baseBranch","branch":"main"}` — diff against the provided branch’s upstream (see prompt for the exact `git merge-base`/`git diff` instructions Codex will run).
 - `{"type":"commit","sha":"abc1234","title":"Optional subject"}` — review a specific commit.
 - `{"type":"custom","instructions":"Free-form reviewer instructions"}` — fallback prompt equivalent to the legacy manual review request.
- `delivery` (`"inline"` or `"detached"`, default `"inline"`) — where the review runs:
-  - `"inline"`: run the review as a new turn on the existing thread. The response’s `reviewThreadId` equals the original `threadId`, and no new `thread/started` notification is emitted.
-  - `"detached"`: fork a new review thread from the parent conversation and run the review there. The response’s `reviewThreadId` is the id of this new review thread, and the server emits a `thread/started` notification for it before streaming review items.
+- `appendToOriginalThread` (bool, default `false`) — when `true`, Codex also records a final assistant-style message with the review summary in the original thread. When `false`, only the `codeReview` item is emitted for the review run and no extra message is added to the original thread.

 Example request/response:

 ```json
 { "method": "review/start", "id": 40, "params": {
    "threadId": "thr_123",
-    "delivery": "inline",
+    "appendToOriginalThread": true,
    "target": { "type": "commit", "sha": "1234567deadbeef", "title": "Polish tui colors" }
 } }
-{ "id": 40, "result": {
-    "turn": {
-        "id": "turn_900",
-        "status": "inProgress",
-        "items": [
-            { "type": "userMessage", "id": "turn_900", "content": [ { "type": "text", "text": "Review commit 1234567: Polish tui colors" } ] }
-        ],
-        "error": null
-    },
-    "reviewThreadId": "thr_123"
-} }
+{ "id": 40, "result": { "turn": {
+    "id": "turn_900",
+    "status": "inProgress",
+    "items": [
+        { "type": "userMessage", "id": "turn_900", "content": [ { "type": "text", "text": "Review commit 1234567: Polish tui colors" } ] }
+    ],
+    "error": null
+} } }
 ```

-For a detached review, use `"delivery": "detached"`. The response is the same shape, but `reviewThreadId` will be the id of the new review thread (different from the original `threadId`). The server also emits a `thread/started` notification for that new thread before streaming the review turn.
-
 Codex streams the usual `turn/started` notification followed by an `item/started`
-with an `enteredReviewMode` item so clients can show progress:
+with the same `codeReview` item id so clients can show progress:

 ```json
 { "method": "item/started", "params": { "item": {
-    "type": "enteredReviewMode",
+    "type": "codeReview",
    "id": "turn_900",
    "review": "current changes"
 } } }
 ```

-When the reviewer finishes, the server emits `item/started` and `item/completed`
-containing an `exitedReviewMode` item with the final review text:
+When the reviewer finishes, the server emits `item/completed` containing the same
+`codeReview` item with the final review text:

 ```json
 { "method": "item/completed", "params": { "item": {
-    "type": "exitedReviewMode",
+    "type": "codeReview",
    "id": "turn_900",
    "review": "Looks solid overall...\n\n- Prefer Stylize helpers — app.rs:10-20\n  ..."
 } } }
 ```

-The `review` string is plain text that already bundles the overall explanation plus a bullet list for each structured finding (matching `ThreadItem::ExitedReviewMode` in the generated schema). Use this notification to render the reviewer output in your client.
+The `review` string is plain text that already bundles the overall explanation plus a bullet list for each structured finding (matching `ThreadItem::CodeReview` in the generated schema). Use this notification to render the reviewer output in your client.

-### Example: One-off command execution
-
-Run a standalone command (argv vector) in the server’s sandbox without creating a thread or turn:
-
-```json
-{ "method": "command/exec", "id": 32, "params": {
-    "command": ["ls", "-la"],
-    "cwd": "/Users/me/project",                    // optional; defaults to server cwd
-    "sandboxPolicy": { "type": "workspaceWrite" }, // optional; defaults to user config
-    "timeoutMs": 10000                             // optional; ms timeout; defaults to server timeout
-} }
-{ "id": 32, "result": { "exitCode": 0, "stdout": "...", "stderr": "" } }
-```
-
-Notes:
- Empty `command` arrays are rejected.
- `sandboxPolicy` accepts the same shape used by `turn/start` (e.g., `dangerFullAccess`, `readOnly`, `workspaceWrite` with flags).
- When omitted, `timeoutMs` falls back to the server default.
-
-## Events
+## Events (work-in-progress)

 Event notifications are the server-initiated event stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading stdout for `thread/started`, `turn/*`, and `item/*` notifications.

 ### Turn events

-The app-server streams JSON-RPC notifications while a turn is running. Each turn starts with `turn/started` (initial `turn`) and ends with `turn/completed` (final `turn` status). Token usage events stream separately via `thread/tokenUsage/updated`. Clients subscribe to the events they care about, rendering each item incrementally as updates arrive. The per-item lifecycle is always: `item/started` → zero or more item-specific deltas → `item/completed`.
+The app-server streams JSON-RPC notifications while a turn is running. Each turn starts with `turn/started` (initial `turn`) and ends with `turn/completed` (final `turn` plus token `usage`), and clients subscribe to the events they care about, rendering each item incrementally as updates arrive. The per-item lifecycle is always: `item/started` → zero or more item-specific deltas → `item/completed`.

 - `turn/started` — `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.
 - `turn/completed` — `{ turn }` where `turn.status` is `completed`, `interrupted`, or `failed`; failures carry `{ error: { message, codexErrorInfo? } }`.
- `turn/diff/updated` — `{ threadId, turnId, diff }` represents the up-to-date snapshot of the turn-level unified diff, emitted after every FileChange item. `diff` is the latest aggregated unified diff across every file change in the turn. UIs can render this to show the full "what changed" view without stitching individual `fileChange` items.
- `turn/plan/updated` — `{ turnId, explanation?, plan }` whenever the agent shares or changes its plan; each `plan` entry is `{ step, status }` with `status` in `pending`, `inProgress`, or `completed`.

 Today both notifications carry an empty `items` array even when item events were streamed; rely on `item/*` notifications for the canonical item list until this is fixed.

-#### Items
+#### Thread items

 `ThreadItem` is the tagged union carried in turn responses and `item/*` notifications. Currently we support events for the following items:
 - `userMessage` — `{id, content}` where `content` is a list of user inputs (`text`, `image`, or `localImage`).
@@ -291,10 +257,6 @@ Today both notifications carry an empty `items` array even when item events were
 - `fileChange` — `{id, changes, status}` describing proposed edits; `changes` list `{path, kind, diff}` and `status` is `inProgress`, `completed`, `failed`, or `declined`.
 - `mcpToolCall` — `{id, server, tool, status, arguments, result?, error?}` describing MCP calls; `status` is `inProgress`, `completed`, or `failed`.
 - `webSearch` — `{id, query}` for a web search request issued by the agent.
- `imageView` — `{id, path}` emitted when the agent invokes the image viewer tool.
- `enteredReviewMode` — `{id, review}` sent when the reviewer starts; `review` is a short user-facing label such as `"current changes"` or the requested target description.
- `exitedReviewMode` — `{id, review}` emitted when the reviewer finishes; `review` is the full plain-text review (usually, overall notes plus bullet point findings).
- `compacted` - `{threadId, turnId}` when codex compacts the conversation history. This can happen automatically.

 All items emit two shared lifecycle events:
 - `item/started` — emits the full `item` when a new unit of work begins so the UI can render it immediately; the `item.id` in this payload matches the `itemId` used by deltas.
@@ -311,7 +273,7 @@ There are additional item-specific events:
 - `item/commandExecution/outputDelta` — streams stdout/stderr for the command; append deltas in order to render live output alongside `aggregatedOutput` in the final item.
 Final `commandExecution` items include parsed `commandActions`, `status`, `exitCode`, and `durationMs` so the UI can summarize what ran and whether it succeeded.
 #### fileChange
- `item/fileChange/outputDelta` - contains the tool call response of the underlying `apply_patch` tool call.
+`fileChange` items contain a `changes` list with `{path, kind, diff}` entries (`kind` is `add`, `delete`, or `update` with an optional `movePath`). The `status` tracks whether apply succeeded (`completed`), failed, or was `declined`.

 ### Errors
 `error` event is emitted whenever the server hits an error mid-turn (for example, upstream model errors or quota limits). Carries the same `{ error: { message, codexErrorInfo? } }` payload as `turn.status: "failed"` and may precede that terminal notification.
@@ -360,7 +322,7 @@ UI guidance for IDEs: surface an approval dialog as soon as the request arrives.

 The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.

-### API Overview
+### Quick reference
 - `account/read` — fetch current account info; optionally refresh tokens.
 - `account/login/start` — begin login (`apiKey` or `chatgpt`).
 - `account/login/completed` (notify) — emitted when a login attempt finishes (success or error).
@@ -368,8 +330,6 @@ The JSON-RPC auth/account surface exposes request/response methods plus server-i
 - `account/logout` — sign out; triggers `account/updated`.
 - `account/updated` (notify) — emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, or `null`).
 - `account/rateLimits/read` — fetch ChatGPT rate limits; updates arrive via `account/rateLimits/updated` (notify).
- `account/rateLimits/updated` (notify) — emitted whenever a user's ChatGPT rate limits change.
- `mcpServer/oauthLogin/completed` (notify) — emitted after a `mcpServer/oauth/login` flow finishes for a server; payload includes `{ name, success, error? }`.

 ### 1) Check auth state

@@ -447,3 +407,9 @@ Field notes:
 - `usedPercent` is current usage within the OpenAI quota window.
 - `windowDurationMins` is the quota window length.
 - `resetsAt` is a Unix timestamp (seconds) for the next reset.
+
+### Dev notes
+
+- `codex app-server generate-ts --out <dir>` emits v2 types under `v2/`.
+- `codex app-server generate-json-schema --out <dir>` outputs `codex_app_server_protocol.schemas.json`.
+- See [“Authentication and authorization” in the config docs](../../docs/config.md#authentication-and-authorization) for configuration knobs.
--- a/codex-rs/app-server/src/bespoke_event_handling.rs
+++ b/codex-rs/app-server/src/bespoke_event_handling.rs
--- a/codex-rs/app-server/src/codex_message_processor.rs
+++ b/codex-rs/app-server/src/codex_message_processor.rs
--- a/codex-rs/app-server/src/config_api.rs
+++ b/codex-rs/app-server/src/config_api.rs
@@ -1,70 +0,0 @@
-use crate::error_code::INTERNAL_ERROR_CODE;
-use crate::error_code::INVALID_REQUEST_ERROR_CODE;
-use codex_app_server_protocol::ConfigBatchWriteParams;
-use codex_app_server_protocol::ConfigReadParams;
-use codex_app_server_protocol::ConfigReadResponse;
-use codex_app_server_protocol::ConfigValueWriteParams;
-use codex_app_server_protocol::ConfigWriteErrorCode;
-use codex_app_server_protocol::ConfigWriteResponse;
-use codex_app_server_protocol::JSONRPCErrorError;
-use codex_core::config::ConfigService;
-use codex_core::config::ConfigServiceError;
-use serde_json::json;
-use std::path::PathBuf;
-use toml::Value as TomlValue;
-
-#[derive(Clone)]
-pub(crate) struct ConfigApi {
-    service: ConfigService,
-}
-
-impl ConfigApi {
-    pub(crate) fn new(codex_home: PathBuf, cli_overrides: Vec<(String, TomlValue)>) -> Self {
-        Self {
-            service: ConfigService::new(codex_home, cli_overrides),
-        }
-    }
-
-    pub(crate) async fn read(
-        &self,
-        params: ConfigReadParams,
-    ) -> Result<ConfigReadResponse, JSONRPCErrorError> {
-        self.service.read(params).await.map_err(map_error)
-    }
-
-    pub(crate) async fn write_value(
-        &self,
-        params: ConfigValueWriteParams,
-    ) -> Result<ConfigWriteResponse, JSONRPCErrorError> {
-        self.service.write_value(params).await.map_err(map_error)
-    }
-
-    pub(crate) async fn batch_write(
-        &self,
-        params: ConfigBatchWriteParams,
-    ) -> Result<ConfigWriteResponse, JSONRPCErrorError> {
-        self.service.batch_write(params).await.map_err(map_error)
-    }
-}
-
-fn map_error(err: ConfigServiceError) -> JSONRPCErrorError {
-    if let Some(code) = err.write_error_code() {
-        return config_write_error(code, err.to_string());
-    }
-
-    JSONRPCErrorError {
-        code: INTERNAL_ERROR_CODE,
-        message: err.to_string(),
-        data: None,
-    }
-}
-
-fn config_write_error(code: ConfigWriteErrorCode, message: impl Into<String>) -> JSONRPCErrorError {
-    JSONRPCErrorError {
-        code: INVALID_REQUEST_ERROR_CODE,
-        message: message.into(),
-        data: Some(json!({
-            "config_write_error_code": code,
-        })),
-    }
-}
--- a/codex-rs/app-server/src/lib.rs
+++ b/codex-rs/app-server/src/lib.rs
@@ -18,7 +18,6 @@ use tokio::io::AsyncWriteExt;
 use tokio::io::BufReader;
 use tokio::io::{self};
 use tokio::sync::mpsc;
-use toml::Value as TomlValue;
 use tracing::Level;
 use tracing::debug;
 use tracing::error;
@@ -31,7 +30,6 @@ use tracing_subscriber::util::SubscriberInitExt;

 mod bespoke_event_handling;
 mod codex_message_processor;
-mod config_api;
 mod error_code;
 mod fuzzy_file_search;
 mod message_processor;
@@ -82,12 +80,11 @@ pub async fn run_main(
            format!("error parsing -c overrides: {e}"),
        )
    })?;
-    let config =
-        Config::load_with_cli_overrides(cli_kv_overrides.clone(), ConfigOverrides::default())
-            .await
-            .map_err(|e| {
-                std::io::Error::new(ErrorKind::InvalidData, format!("error loading config: {e}"))
-            })?;
+    let config = Config::load_with_cli_overrides(cli_kv_overrides, ConfigOverrides::default())
+        .await
+        .map_err(|e| {
+            std::io::Error::new(ErrorKind::InvalidData, format!("error loading config: {e}"))
+        })?;

    let feedback = CodexFeedback::new();

@@ -124,12 +121,10 @@ pub async fn run_main(
    // Task: process incoming messages.
    let processor_handle = tokio::spawn({
        let outgoing_message_sender = OutgoingMessageSender::new(outgoing_tx);
-        let cli_overrides: Vec<(String, TomlValue)> = cli_kv_overrides.clone();
        let mut processor = MessageProcessor::new(
            outgoing_message_sender,
            codex_linux_sandbox_exe,
            std::sync::Arc::new(config),
-            cli_overrides,
            feedback.clone(),
        );
        async move {
--- a/codex-rs/app-server/src/message_processor.rs
+++ b/codex-rs/app-server/src/message_processor.rs
@@ -1,22 +1,16 @@
 use std::path::PathBuf;
-use std::sync::Arc;

 use crate::codex_message_processor::CodexMessageProcessor;
-use crate::config_api::ConfigApi;
 use crate::error_code::INVALID_REQUEST_ERROR_CODE;
 use crate::outgoing_message::OutgoingMessageSender;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientRequest;
-use codex_app_server_protocol::ConfigBatchWriteParams;
-use codex_app_server_protocol::ConfigReadParams;
-use codex_app_server_protocol::ConfigValueWriteParams;
 use codex_app_server_protocol::InitializeResponse;
 use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCErrorError;
 use codex_app_server_protocol::JSONRPCNotification;
 use codex_app_server_protocol::JSONRPCRequest;
 use codex_app_server_protocol::JSONRPCResponse;
-use codex_app_server_protocol::RequestId;
 use codex_core::AuthManager;
 use codex_core::ConversationManager;
 use codex_core::config::Config;
@@ -24,12 +18,11 @@ use codex_core::default_client::USER_AGENT_SUFFIX;
 use codex_core::default_client::get_codex_user_agent;
 use codex_feedback::CodexFeedback;
 use codex_protocol::protocol::SessionSource;
-use toml::Value as TomlValue;
+use std::sync::Arc;

 pub(crate) struct MessageProcessor {
    outgoing: Arc<OutgoingMessageSender>,
    codex_message_processor: CodexMessageProcessor,
-    config_api: ConfigApi,
    initialized: bool,
 }

@@ -40,7 +33,6 @@ impl MessageProcessor {
        outgoing: OutgoingMessageSender,
        codex_linux_sandbox_exe: Option<PathBuf>,
        config: Arc<Config>,
-        cli_overrides: Vec<(String, TomlValue)>,
        feedback: CodexFeedback,
    ) -> Self {
        let outgoing = Arc::new(outgoing);
@@ -58,16 +50,13 @@ impl MessageProcessor {
            conversation_manager,
            outgoing.clone(),
            codex_linux_sandbox_exe,
-            Arc::clone(&config),
-            cli_overrides.clone(),
+            config,
            feedback,
        );
-        let config_api = ConfigApi::new(config.codex_home.clone(), cli_overrides);

        Self {
            outgoing,
            codex_message_processor,
-            config_api,
            initialized: false,
        }
    }
@@ -145,20 +134,9 @@ impl MessageProcessor {
            }
        }

-        match codex_request {
-            ClientRequest::ConfigRead { request_id, params } => {
-                self.handle_config_read(request_id, params).await;
-            }
-            ClientRequest::ConfigValueWrite { request_id, params } => {
-                self.handle_config_value_write(request_id, params).await;
-            }
-            ClientRequest::ConfigBatchWrite { request_id, params } => {
-                self.handle_config_batch_write(request_id, params).await;
-            }
-            other => {
-                self.codex_message_processor.process_request(other).await;
-            }
-        }
+        self.codex_message_processor
+            .process_request(codex_request)
+            .await;
    }

    pub(crate) async fn process_notification(&self, notification: JSONRPCNotification) {
@@ -178,33 +156,4 @@ impl MessageProcessor {
    pub(crate) fn process_error(&mut self, err: JSONRPCError) {
        tracing::error!("<- error: {:?}", err);
    }
-
-    async fn handle_config_read(&self, request_id: RequestId, params: ConfigReadParams) {
-        match self.config_api.read(params).await {
-            Ok(response) => self.outgoing.send_response(request_id, response).await,
-            Err(error) => self.outgoing.send_error(request_id, error).await,
-        }
-    }
-
-    async fn handle_config_value_write(
-        &self,
-        request_id: RequestId,
-        params: ConfigValueWriteParams,
-    ) {
-        match self.config_api.write_value(params).await {
-            Ok(response) => self.outgoing.send_response(request_id, response).await,
-            Err(error) => self.outgoing.send_error(request_id, error).await,
-        }
-    }
-
-    async fn handle_config_batch_write(
-        &self,
-        request_id: RequestId,
-        params: ConfigBatchWriteParams,
-    ) {
-        match self.config_api.batch_write(params).await {
-            Ok(response) => self.outgoing.send_response(request_id, response).await,
-            Err(error) => self.outgoing.send_error(request_id, error).await,
-        }
-    }
 }
--- a/codex-rs/app-server/src/models.rs
+++ b/codex-rs/app-server/src/models.rs
@@ -1,19 +1,12 @@
-use std::sync::Arc;
-
+use codex_app_server_protocol::AuthMode;
 use codex_app_server_protocol::Model;
 use codex_app_server_protocol::ReasoningEffortOption;
-use codex_core::ConversationManager;
-use codex_core::config::Config;
-use codex_protocol::openai_models::ModelPreset;
-use codex_protocol::openai_models::ReasoningEffortPreset;
+use codex_common::model_presets::ModelPreset;
+use codex_common::model_presets::ReasoningEffortPreset;
+use codex_common::model_presets::builtin_model_presets;

-pub async fn supported_models(
-    conversation_manager: Arc<ConversationManager>,
-    config: &Config,
-) -> Vec<Model> {
-    conversation_manager
-        .list_models(config)
-        .await
+pub fn supported_models(auth_mode: Option<AuthMode>) -> Vec<Model> {
+    builtin_model_presets(auth_mode)
        .into_iter()
        .map(model_from_preset)
        .collect()
@@ -34,7 +27,7 @@ fn model_from_preset(preset: ModelPreset) -> Model {
 }

 fn reasoning_efforts_from_preset(
-    efforts: Vec<ReasoningEffortPreset>,
+    efforts: &'static [ReasoningEffortPreset],
 ) -> Vec<ReasoningEffortOption> {
    efforts
        .iter()
--- a/codex-rs/app-server/src/outgoing_message.rs
+++ b/codex-rs/app-server/src/outgoing_message.rs
@@ -16,9 +16,6 @@ use tracing::warn;

 use crate::error_code::INTERNAL_ERROR_CODE;

-#[cfg(test)]
-use codex_protocol::account::PlanType;
-
 /// Sends messages to the client and manages request callbacks.
 pub(crate) struct OutgoingMessageSender {
    next_request_id: AtomicI64,
@@ -233,7 +230,6 @@ mod tests {
                    }),
                    secondary: None,
                    credits: None,
-                    plan_type: Some(PlanType::Plus),
                },
            });

@@ -249,8 +245,7 @@ mod tests {
                            "resetsAt": 123
                        },
                        "secondary": null,
-                        "credits": null,
-                        "planType": "plus"
+                        "credits": null
                    }
                },
            }),
--- a/codex-rs/app-server/tests/common/Cargo.toml
+++ b/codex-rs/app-server/tests/common/Cargo.toml
@@ -1,8 +1,7 @@
 [package]
+edition = "2024"
 name = "app_test_support"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
+version = { workspace = true }

 [lib]
 path = "lib.rs"
@@ -13,7 +12,7 @@ assert_cmd = { workspace = true }
 base64 = { workspace = true }
 chrono = { workspace = true }
 codex-app-server-protocol = { workspace = true }
-codex-core = { workspace = true, features = ["test-support"] }
+codex-core = { workspace = true }
 codex-protocol = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
--- a/codex-rs/app-server/tests/common/lib.rs
+++ b/codex-rs/app-server/tests/common/lib.rs
@@ -1,7 +1,6 @@
 mod auth_fixtures;
 mod mcp_process;
 mod mock_model_server;
-mod models_cache;
 mod responses;
 mod rollout;

@@ -12,18 +11,10 @@ pub use auth_fixtures::write_chatgpt_auth;
 use codex_app_server_protocol::JSONRPCResponse;
 pub use core_test_support::format_with_current_shell;
 pub use core_test_support::format_with_current_shell_display;
-pub use core_test_support::format_with_current_shell_display_non_login;
-pub use core_test_support::format_with_current_shell_non_login;
-pub use core_test_support::test_path_buf_with_windows;
-pub use core_test_support::test_tmp_path;
-pub use core_test_support::test_tmp_path_buf;
 pub use mcp_process::McpProcess;
 pub use mock_model_server::create_mock_chat_completions_server;
 pub use mock_model_server::create_mock_chat_completions_server_unchecked;
-pub use models_cache::write_models_cache;
-pub use models_cache::write_models_cache_with_models;
 pub use responses::create_apply_patch_sse_response;
-pub use responses::create_exec_command_sse_response;
 pub use responses::create_final_assistant_message_sse_response;
 pub use responses::create_shell_command_sse_response;
 pub use rollout::create_fake_rollout;
--- a/codex-rs/app-server/tests/common/mcp_process.rs
+++ b/codex-rs/app-server/tests/common/mcp_process.rs
@@ -18,9 +18,6 @@ use codex_app_server_protocol::CancelLoginAccountParams;
 use codex_app_server_protocol::CancelLoginChatGptParams;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientNotification;
-use codex_app_server_protocol::ConfigBatchWriteParams;
-use codex_app_server_protocol::ConfigReadParams;
-use codex_app_server_protocol::ConfigValueWriteParams;
 use codex_app_server_protocol::FeedbackUploadParams;
 use codex_app_server_protocol::GetAccountParams;
 use codex_app_server_protocol::GetAuthStatusParams;
@@ -404,30 +401,6 @@ impl McpProcess {
        self.send_request("logoutChatGpt", None).await
    }

-    pub async fn send_config_read_request(
-        &mut self,
-        params: ConfigReadParams,
-    ) -> anyhow::Result<i64> {
-        let params = Some(serde_json::to_value(params)?);
-        self.send_request("config/read", params).await
-    }
-
-    pub async fn send_config_value_write_request(
-        &mut self,
-        params: ConfigValueWriteParams,
-    ) -> anyhow::Result<i64> {
-        let params = Some(serde_json::to_value(params)?);
-        self.send_request("config/value/write", params).await
-    }
-
-    pub async fn send_config_batch_write_request(
-        &mut self,
-        params: ConfigBatchWriteParams,
-    ) -> anyhow::Result<i64> {
-        let params = Some(serde_json::to_value(params)?);
-        self.send_request("config/batchWrite", params).await
-    }
-
    /// Send an `account/logout` JSON-RPC request.
    pub async fn send_logout_account_request(&mut self) -> anyhow::Result<i64> {
        self.send_request("account/logout", None).await
--- a/codex-rs/app-server/tests/common/models_cache.rs
+++ b/codex-rs/app-server/tests/common/models_cache.rs
@@ -1,85 +0,0 @@
-use chrono::DateTime;
-use chrono::Utc;
-use codex_core::openai_models::model_presets::all_model_presets;
-use codex_protocol::openai_models::ClientVersion;
-use codex_protocol::openai_models::ConfigShellToolType;
-use codex_protocol::openai_models::ModelInfo;
-use codex_protocol::openai_models::ModelPreset;
-use codex_protocol::openai_models::ModelVisibility;
-use codex_protocol::openai_models::ReasoningSummaryFormat;
-use codex_protocol::openai_models::TruncationPolicyConfig;
-use serde_json::json;
-use std::path::Path;
-
-/// Convert a ModelPreset to ModelInfo for cache storage.
-fn preset_to_info(preset: &ModelPreset, priority: i32) -> ModelInfo {
-    ModelInfo {
-        slug: preset.id.clone(),
-        display_name: preset.display_name.clone(),
-        description: Some(preset.description.clone()),
-        default_reasoning_level: preset.default_reasoning_effort,
-        supported_reasoning_levels: preset.supported_reasoning_efforts.clone(),
-        shell_type: ConfigShellToolType::ShellCommand,
-        visibility: if preset.show_in_picker {
-            ModelVisibility::List
-        } else {
-            ModelVisibility::Hide
-        },
-        minimal_client_version: ClientVersion(0, 1, 0),
-        supported_in_api: true,
-        priority,
-        upgrade: preset.upgrade.as_ref().map(|u| u.id.clone()),
-        base_instructions: None,
-        supports_reasoning_summaries: false,
-        support_verbosity: false,
-        default_verbosity: None,
-        apply_patch_tool_type: None,
-        truncation_policy: TruncationPolicyConfig::bytes(10_000),
-        supports_parallel_tool_calls: false,
-        context_window: None,
-        reasoning_summary_format: ReasoningSummaryFormat::None,
-        experimental_supported_tools: Vec::new(),
-    }
-}
-
-/// Write a models_cache.json file to the codex home directory.
-/// This prevents ModelsManager from making network requests to refresh models.
-/// The cache will be treated as fresh (within TTL) and used instead of fetching from the network.
-/// Uses the built-in model presets from ModelsManager, converted to ModelInfo format.
-pub fn write_models_cache(codex_home: &Path) -> std::io::Result<()> {
-    // Get all presets and filter for show_in_picker (same as builtin_model_presets does)
-    let presets: Vec<&ModelPreset> = all_model_presets()
-        .iter()
-        .filter(|preset| preset.show_in_picker)
-        .collect();
-    // Convert presets to ModelInfo, assigning priorities (higher = earlier in list)
-    // Priority is used for sorting, so first model gets highest priority
-    let models: Vec<ModelInfo> = presets
-        .iter()
-        .enumerate()
-        .map(|(idx, preset)| {
-            // Higher priority = earlier in list, so reverse the index
-            let priority = (presets.len() - idx) as i32;
-            preset_to_info(preset, priority)
-        })
-        .collect();
-
-    write_models_cache_with_models(codex_home, models)
-}
-
-/// Write a models_cache.json file with specific models.
-/// Useful when tests need specific models to be available.
-pub fn write_models_cache_with_models(
-    codex_home: &Path,
-    models: Vec<ModelInfo>,
-) -> std::io::Result<()> {
-    let cache_path = codex_home.join("models_cache.json");
-    // DateTime<Utc> serializes to RFC3339 format by default with serde
-    let fetched_at: DateTime<Utc> = Utc::now();
-    let cache = json!({
-        "fetched_at": fetched_at,
-        "etag": null,
-        "models": models
-    });
-    std::fs::write(cache_path, serde_json::to_string_pretty(&cache)?)
-}
--- a/codex-rs/app-server/tests/common/responses.rs
+++ b/codex-rs/app-server/tests/common/responses.rs
@@ -94,42 +94,3 @@ pub fn create_apply_patch_sse_response(
    );
    Ok(sse)
 }
-
-pub fn create_exec_command_sse_response(call_id: &str) -> anyhow::Result<String> {
-    let (cmd, args) = if cfg!(windows) {
-        ("cmd.exe", vec!["/d", "/c", "echo hi"])
-    } else {
-        ("/bin/sh", vec!["-c", "echo hi"])
-    };
-    let command = std::iter::once(cmd.to_string())
-        .chain(args.into_iter().map(str::to_string))
-        .collect::<Vec<_>>();
-    let tool_call_arguments = serde_json::to_string(&json!({
-        "cmd": command.join(" "),
-        "yield_time_ms": 500
-    }))?;
-    let tool_call = json!({
-        "choices": [
-            {
-                "delta": {
-                    "tool_calls": [
-                        {
-                            "id": call_id,
-                            "function": {
-                                "name": "exec_command",
-                                "arguments": tool_call_arguments
-                            }
-                        }
-                    ]
-                },
-                "finish_reason": "tool_calls"
-            }
-        ]
-    });
-
-    let sse = format!(
-        "data: {}\n\ndata: DONE\n\n",
-        serde_json::to_string(&tool_call)?
-    );
-    Ok(sse)
-}
--- a/codex-rs/app-server/tests/suite/codex_message_processor_flow.rs
+++ b/codex-rs/app-server/tests/suite/codex_message_processor_flow.rs
@@ -23,10 +23,10 @@ use codex_app_server_protocol::SendUserTurnResponse;
 use codex_app_server_protocol::ServerRequest;
 use codex_core::protocol::AskForApproval;
 use codex_core::protocol::SandboxPolicy;
+use codex_core::protocol_config_types::ReasoningEffort;
 use codex_core::protocol_config_types::ReasoningSummary;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_protocol::config_types::SandboxMode;
-use codex_protocol::openai_models::ReasoningEffort;
 use codex_protocol::parse_command::ParsedCommand;
 use codex_protocol::protocol::Event;
 use codex_protocol::protocol::EventMsg;
@@ -271,6 +271,7 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
            command: format_with_current_shell("python3 -c 'print(42)'"),
            cwd: working_directory.clone(),
            reason: None,
+            risk: None,
            parsed_cmd: vec![ParsedCommand::Unknown {
                cmd: "python3 -c 'print(42)'".to_string()
            }],
@@ -410,7 +411,7 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
            cwd: first_cwd.clone(),
            approval_policy: AskForApproval::Never,
            sandbox_policy: SandboxPolicy::WorkspaceWrite {
-                writable_roots: vec![first_cwd.try_into()?],
+                writable_roots: vec![first_cwd.clone()],
                network_access: false,
                exclude_tmpdir_env_var: false,
                exclude_slash_tmp: false,
--- a/codex-rs/app-server/tests/suite/config.rs
+++ b/codex-rs/app-server/tests/suite/config.rs
@@ -1,6 +1,5 @@
 use anyhow::Result;
 use app_test_support::McpProcess;
-use app_test_support::test_tmp_path;
 use app_test_support::to_response;
 use codex_app_server_protocol::GetUserSavedConfigResponse;
 use codex_app_server_protocol::JSONRPCResponse;
@@ -11,10 +10,10 @@ use codex_app_server_protocol::Tools;
 use codex_app_server_protocol::UserSavedConfig;
 use codex_core::protocol::AskForApproval;
 use codex_protocol::config_types::ForcedLoginMethod;
+use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
-use codex_protocol::openai_models::ReasoningEffort;
 use pretty_assertions::assert_eq;
 use std::collections::HashMap;
 use std::path::Path;
@@ -24,12 +23,10 @@ use tokio::time::timeout;
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);

 fn create_config_toml(codex_home: &Path) -> std::io::Result<()> {
-    let writable_root = test_tmp_path();
    let config_toml = codex_home.join("config.toml");
    std::fs::write(
        config_toml,
-        format!(
-            r#"
+        r#"
 model = "gpt-5.1-codex-max"
 approval_policy = "on-request"
 sandbox_mode = "workspace-write"
@@ -41,7 +38,7 @@ forced_chatgpt_workspace_id = "12345678-0000-0000-0000-000000000000"
 forced_login_method = "chatgpt"

 [sandbox_workspace_write]
-writable_roots = [{}]
+writable_roots = ["/tmp"]
 network_access = true
 exclude_tmpdir_env_var = true
 exclude_slash_tmp = true
@@ -59,8 +56,6 @@ model_verbosity = "medium"
 model_provider = "openai"
 chatgpt_base_url = "https://api.chatgpt.com"
 "#,
-            serde_json::json!(writable_root)
-        ),
    )
 }

@@ -80,13 +75,12 @@ async fn get_config_toml_parses_all_fields() -> Result<()> {
    .await??;

    let config: GetUserSavedConfigResponse = to_response(resp)?;
-    let writable_root = test_tmp_path();
    let expected = GetUserSavedConfigResponse {
        config: UserSavedConfig {
            approval_policy: Some(AskForApproval::OnRequest),
            sandbox_mode: Some(SandboxMode::WorkspaceWrite),
            sandbox_settings: Some(SandboxSettings {
-                writable_roots: vec![writable_root],
+                writable_roots: vec!["/tmp".into()],
                network_access: Some(true),
                exclude_tmpdir_env_var: Some(true),
                exclude_slash_tmp: Some(true),
--- a/codex-rs/app-server/tests/suite/list_resume.rs
+++ b/codex-rs/app-server/tests/suite/list_resume.rs
@@ -358,81 +358,3 @@ async fn test_list_and_resume_conversations() -> Result<()> {

    Ok(())
 }
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn list_conversations_fetches_through_filtered_pages() -> Result<()> {
-    let codex_home = TempDir::new()?;
-
-    // Only the last 3 conversations match the provider filter; request 3 and
-    // ensure pagination keeps fetching past non-matching pages.
-    let cases = [
-        (
-            "2025-03-04T12-00-00",
-            "2025-03-04T12:00:00Z",
-            "skip_provider",
-        ),
-        (
-            "2025-03-03T12-00-00",
-            "2025-03-03T12:00:00Z",
-            "skip_provider",
-        ),
-        (
-            "2025-03-02T12-00-00",
-            "2025-03-02T12:00:00Z",
-            "target_provider",
-        ),
-        (
-            "2025-03-01T12-00-00",
-            "2025-03-01T12:00:00Z",
-            "target_provider",
-        ),
-        (
-            "2025-02-28T12-00-00",
-            "2025-02-28T12:00:00Z",
-            "target_provider",
-        ),
-    ];
-
-    for (ts_file, ts_rfc, provider) in cases {
-        create_fake_rollout(
-            codex_home.path(),
-            ts_file,
-            ts_rfc,
-            "Hello",
-            Some(provider),
-            None,
-        )?;
-    }
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let req_id = mcp
-        .send_list_conversations_request(ListConversationsParams {
-            page_size: Some(3),
-            cursor: None,
-            model_providers: Some(vec!["target_provider".to_string()]),
-        })
-        .await?;
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(req_id)),
-    )
-    .await??;
-    let ListConversationsResponse { items, next_cursor } =
-        to_response::<ListConversationsResponse>(resp)?;
-
-    assert_eq!(
-        items.len(),
-        3,
-        "should fetch across pages to satisfy the limit"
-    );
-    assert!(
-        items
-            .iter()
-            .all(|item| item.model_provider == "target_provider")
-    );
-    assert_eq!(next_cursor, None);
-
-    Ok(())
-}
--- a/codex-rs/app-server/tests/suite/login.rs
+++ b/codex-rs/app-server/tests/suite/login.rs
@@ -1,6 +1,8 @@
 use anyhow::Result;
 use app_test_support::McpProcess;
 use app_test_support::to_response;
+use codex_app_server_protocol::CancelLoginChatGptParams;
+use codex_app_server_protocol::CancelLoginChatGptResponse;
 use codex_app_server_protocol::GetAuthStatusParams;
 use codex_app_server_protocol::GetAuthStatusResponse;
 use codex_app_server_protocol::JSONRPCError;
@@ -12,6 +14,7 @@ use codex_core::auth::AuthCredentialsStoreMode;
 use codex_login::login_with_api_key;
 use serial_test::serial;
 use std::path::Path;
+use std::time::Duration;
 use tempfile::TempDir;
 use tokio::time::timeout;

@@ -84,6 +87,48 @@ async fn logout_chatgpt_removes_auth() -> Result<()> {
    Ok(())
 }

+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+// Serialize tests that launch the login server since it binds to a fixed port.
+#[serial(login_port)]
+async fn login_and_cancel_chatgpt() -> Result<()> {
+    let codex_home = TempDir::new()?;
+    create_config_toml(codex_home.path())?;
+
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+
+    let login_id = mcp.send_login_chat_gpt_request().await?;
+    let login_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(login_id)),
+    )
+    .await??;
+    let login: LoginChatGptResponse = to_response(login_resp)?;
+
+    let cancel_id = mcp
+        .send_cancel_login_chat_gpt_request(CancelLoginChatGptParams {
+            login_id: login.login_id,
+        })
+        .await?;
+    let cancel_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(cancel_id)),
+    )
+    .await??;
+    let _ok: CancelLoginChatGptResponse = to_response(cancel_resp)?;
+
+    // Optionally observe the completion notification; do not fail if it races.
+    let maybe_note = timeout(
+        Duration::from_secs(2),
+        mcp.read_stream_until_notification_message("codex/event/login_chat_gpt_complete"),
+    )
+    .await;
+    if maybe_note.is_err() {
+        eprintln!("warning: did not observe login_chat_gpt_complete notification after cancel");
+    }
+    Ok(())
+}
+
 fn create_config_toml_forced_login(codex_home: &Path, forced_method: &str) -> std::io::Result<()> {
    let config_toml = codex_home.join("config.toml");
    let contents = format!(
--- a/codex-rs/app-server/tests/suite/send_message.rs
+++ b/codex-rs/app-server/tests/suite/send_message.rs
@@ -272,45 +272,40 @@ async fn read_raw_response_item(
    mcp: &mut McpProcess,
    conversation_id: ConversationId,
 ) -> ResponseItem {
-    loop {
-        let raw_notification: JSONRPCNotification = timeout(
-            DEFAULT_READ_TIMEOUT,
-            mcp.read_stream_until_notification_message("codex/event/raw_response_item"),
-        )
-        .await
-        .expect("codex/event/raw_response_item notification timeout")
-        .expect("codex/event/raw_response_item notification resp");
+    let raw_notification: JSONRPCNotification = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("codex/event/raw_response_item"),
+    )
+    .await
+    .expect("codex/event/raw_response_item notification timeout")
+    .expect("codex/event/raw_response_item notification resp");

-        let serde_json::Value::Object(params) = raw_notification
-            .params
-            .expect("codex/event/raw_response_item should have params")
-        else {
-            panic!("codex/event/raw_response_item should have params");
-        };
+    let serde_json::Value::Object(params) = raw_notification
+        .params
+        .expect("codex/event/raw_response_item should have params")
+    else {
+        panic!("codex/event/raw_response_item should have params");
+    };

-        let conversation_id_value = params
-            .get("conversationId")
-            .and_then(|value| value.as_str())
-            .expect("raw response item should include conversationId");
+    let conversation_id_value = params
+        .get("conversationId")
+        .and_then(|value| value.as_str())
+        .expect("raw response item should include conversationId");

-        assert_eq!(
-            conversation_id_value,
-            conversation_id.to_string(),
-            "raw response item conversation mismatch"
-        );
+    assert_eq!(
+        conversation_id_value,
+        conversation_id.to_string(),
+        "raw response item conversation mismatch"
+    );

-        let msg_value = params
-            .get("msg")
-            .cloned()
-            .expect("raw response item should include msg payload");
+    let msg_value = params
+        .get("msg")
+        .cloned()
+        .expect("raw response item should include msg payload");

-        // Ghost snapshots are produced concurrently and may arrive before the model reply.
-        let event: RawResponseItemEvent =
-            serde_json::from_value(msg_value).expect("deserialize raw response item");
-        if !matches!(event.item, ResponseItem::GhostSnapshot { .. }) {
-            return event.item;
-        }
-    }
+    let event: RawResponseItemEvent =
+        serde_json::from_value(msg_value).expect("deserialize raw response item");
+    event.item
 }

 fn assert_instructions_message(item: &ResponseItem) {
--- a/codex-rs/app-server/tests/suite/v2/account.rs
+++ b/codex-rs/app-server/tests/suite/v2/account.rs
@@ -241,7 +241,7 @@ async fn login_account_chatgpt_rejected_when_forced_api() -> Result<()> {
 #[tokio::test]
 // Serialize tests that launch the login server since it binds to a fixed port.
 #[serial(login_port)]
-async fn login_account_chatgpt_start_can_be_cancelled() -> Result<()> {
+async fn login_account_chatgpt_start() -> Result<()> {
    let codex_home = TempDir::new()?;
    create_config_toml(codex_home.path(), CreateConfigTomlParams::default())?;

--- a/codex-rs/app-server/tests/suite/v2/config_rpc.rs
+++ b/codex-rs/app-server/tests/suite/v2/config_rpc.rs
@@ -1,421 +0,0 @@
-use anyhow::Result;
-use app_test_support::McpProcess;
-use app_test_support::test_path_buf_with_windows;
-use app_test_support::test_tmp_path_buf;
-use app_test_support::to_response;
-use codex_app_server_protocol::AskForApproval;
-use codex_app_server_protocol::ConfigBatchWriteParams;
-use codex_app_server_protocol::ConfigEdit;
-use codex_app_server_protocol::ConfigLayerName;
-use codex_app_server_protocol::ConfigReadParams;
-use codex_app_server_protocol::ConfigReadResponse;
-use codex_app_server_protocol::ConfigValueWriteParams;
-use codex_app_server_protocol::ConfigWriteResponse;
-use codex_app_server_protocol::JSONRPCError;
-use codex_app_server_protocol::JSONRPCResponse;
-use codex_app_server_protocol::MergeStrategy;
-use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::SandboxMode;
-use codex_app_server_protocol::ToolsV2;
-use codex_app_server_protocol::WriteStatus;
-use pretty_assertions::assert_eq;
-use serde_json::json;
-use tempfile::TempDir;
-use tokio::time::timeout;
-
-const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
-
-fn write_config(codex_home: &TempDir, contents: &str) -> Result<()> {
-    Ok(std::fs::write(
-        codex_home.path().join("config.toml"),
-        contents,
-    )?)
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn config_read_returns_effective_and_layers() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    write_config(
-        &codex_home,
-        r#"
-model = "gpt-user"
-sandbox_mode = "workspace-write"
-"#,
-    )?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp
-        .send_config_read_request(ConfigReadParams {
-            include_layers: true,
-        })
-        .await?;
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-    let ConfigReadResponse {
-        config,
-        origins,
-        layers,
-    } = to_response(resp)?;
-
-    assert_eq!(config.model.as_deref(), Some("gpt-user"));
-    assert_eq!(
-        origins.get("model").expect("origin").name,
-        ConfigLayerName::User
-    );
-    let layers = layers.expect("layers present");
-    assert_eq!(layers.len(), 2);
-    assert_eq!(layers[0].name, ConfigLayerName::SessionFlags);
-    assert_eq!(layers[1].name, ConfigLayerName::User);
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn config_read_includes_tools() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    write_config(
-        &codex_home,
-        r#"
-model = "gpt-user"
-
-[tools]
-web_search = true
-view_image = false
-"#,
-    )?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp
-        .send_config_read_request(ConfigReadParams {
-            include_layers: true,
-        })
-        .await?;
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-    let ConfigReadResponse {
-        config,
-        origins,
-        layers,
-    } = to_response(resp)?;
-
-    let tools = config.tools.expect("tools present");
-    assert_eq!(
-        tools,
-        ToolsV2 {
-            web_search: Some(true),
-            view_image: Some(false),
-        }
-    );
-    assert_eq!(
-        origins.get("tools.web_search").expect("origin").name,
-        ConfigLayerName::User
-    );
-    assert_eq!(
-        origins.get("tools.view_image").expect("origin").name,
-        ConfigLayerName::User
-    );
-
-    let layers = layers.expect("layers present");
-    assert_eq!(layers.len(), 2);
-    assert_eq!(layers[0].name, ConfigLayerName::SessionFlags);
-    assert_eq!(layers[1].name, ConfigLayerName::User);
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn config_read_includes_system_layer_and_overrides() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    let user_dir = test_path_buf_with_windows("/user", Some(r"C:\Users\user"));
-    let system_dir = test_path_buf_with_windows("/system", Some(r"C:\System"));
-    write_config(
-        &codex_home,
-        &format!(
-            r#"
-model = "gpt-user"
-approval_policy = "on-request"
-sandbox_mode = "workspace-write"
-
-[sandbox_workspace_write]
-writable_roots = [{}]
-network_access = true
-"#,
-            serde_json::json!(user_dir)
-        ),
-    )?;
-
-    let managed_path = codex_home.path().join("managed_config.toml");
-    std::fs::write(
-        &managed_path,
-        format!(
-            r#"
-model = "gpt-system"
-approval_policy = "never"
-
-[sandbox_workspace_write]
-writable_roots = [{}]
-"#,
-            serde_json::json!(system_dir.clone())
-        ),
-    )?;
-
-    let managed_path_str = managed_path.display().to_string();
-
-    let mut mcp = McpProcess::new_with_env(
-        codex_home.path(),
-        &[("CODEX_MANAGED_CONFIG_PATH", Some(&managed_path_str))],
-    )
-    .await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp
-        .send_config_read_request(ConfigReadParams {
-            include_layers: true,
-        })
-        .await?;
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-    let ConfigReadResponse {
-        config,
-        origins,
-        layers,
-    } = to_response(resp)?;
-
-    assert_eq!(config.model.as_deref(), Some("gpt-system"));
-    assert_eq!(
-        origins.get("model").expect("origin").name,
-        ConfigLayerName::System
-    );
-
-    assert_eq!(config.approval_policy, Some(AskForApproval::Never));
-    assert_eq!(
-        origins.get("approval_policy").expect("origin").name,
-        ConfigLayerName::System
-    );
-
-    assert_eq!(config.sandbox_mode, Some(SandboxMode::WorkspaceWrite));
-    assert_eq!(
-        origins.get("sandbox_mode").expect("origin").name,
-        ConfigLayerName::User
-    );
-
-    let sandbox = config
-        .sandbox_workspace_write
-        .as_ref()
-        .expect("sandbox workspace write");
-    assert_eq!(sandbox.writable_roots, vec![system_dir]);
-    assert_eq!(
-        origins
-            .get("sandbox_workspace_write.writable_roots.0")
-            .expect("origin")
-            .name,
-        ConfigLayerName::System
-    );
-
-    assert!(sandbox.network_access);
-    assert_eq!(
-        origins
-            .get("sandbox_workspace_write.network_access")
-            .expect("origin")
-            .name,
-        ConfigLayerName::User
-    );
-
-    let layers = layers.expect("layers present");
-    assert_eq!(layers.len(), 3);
-    assert_eq!(layers[0].name, ConfigLayerName::System);
-    assert_eq!(layers[1].name, ConfigLayerName::SessionFlags);
-    assert_eq!(layers[2].name, ConfigLayerName::User);
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn config_value_write_replaces_value() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    write_config(
-        &codex_home,
-        r#"
-model = "gpt-old"
-"#,
-    )?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let read_id = mcp
-        .send_config_read_request(ConfigReadParams {
-            include_layers: false,
-        })
-        .await?;
-    let read_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(read_id)),
-    )
-    .await??;
-    let read: ConfigReadResponse = to_response(read_resp)?;
-    let expected_version = read.origins.get("model").map(|m| m.version.clone());
-
-    let write_id = mcp
-        .send_config_value_write_request(ConfigValueWriteParams {
-            file_path: None,
-            key_path: "model".to_string(),
-            value: json!("gpt-new"),
-            merge_strategy: MergeStrategy::Replace,
-            expected_version,
-        })
-        .await?;
-    let write_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(write_id)),
-    )
-    .await??;
-    let write: ConfigWriteResponse = to_response(write_resp)?;
-    let expected_file_path = codex_home
-        .path()
-        .join("config.toml")
-        .canonicalize()
-        .unwrap()
-        .display()
-        .to_string();
-
-    assert_eq!(write.status, WriteStatus::Ok);
-    assert_eq!(write.file_path, expected_file_path);
-    assert!(write.overridden_metadata.is_none());
-
-    let verify_id = mcp
-        .send_config_read_request(ConfigReadParams {
-            include_layers: false,
-        })
-        .await?;
-    let verify_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(verify_id)),
-    )
-    .await??;
-    let verify: ConfigReadResponse = to_response(verify_resp)?;
-    assert_eq!(verify.config.model.as_deref(), Some("gpt-new"));
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn config_value_write_rejects_version_conflict() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    write_config(
-        &codex_home,
-        r#"
-model = "gpt-old"
-"#,
-    )?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let write_id = mcp
-        .send_config_value_write_request(ConfigValueWriteParams {
-            file_path: Some(codex_home.path().join("config.toml").display().to_string()),
-            key_path: "model".to_string(),
-            value: json!("gpt-new"),
-            merge_strategy: MergeStrategy::Replace,
-            expected_version: Some("sha256:stale".to_string()),
-        })
-        .await?;
-
-    let err: JSONRPCError = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_error_message(RequestId::Integer(write_id)),
-    )
-    .await??;
-    let code = err
-        .error
-        .data
-        .as_ref()
-        .and_then(|d| d.get("config_write_error_code"))
-        .and_then(|v| v.as_str());
-    assert_eq!(code, Some("configVersionConflict"));
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn config_batch_write_applies_multiple_edits() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    write_config(&codex_home, "")?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let writable_root = test_tmp_path_buf();
-    let batch_id = mcp
-        .send_config_batch_write_request(ConfigBatchWriteParams {
-            file_path: Some(codex_home.path().join("config.toml").display().to_string()),
-            edits: vec![
-                ConfigEdit {
-                    key_path: "sandbox_mode".to_string(),
-                    value: json!("workspace-write"),
-                    merge_strategy: MergeStrategy::Replace,
-                },
-                ConfigEdit {
-                    key_path: "sandbox_workspace_write".to_string(),
-                    value: json!({
-                        "writable_roots": [writable_root.clone()],
-                        "network_access": false
-                    }),
-                    merge_strategy: MergeStrategy::Replace,
-                },
-            ],
-            expected_version: None,
-        })
-        .await?;
-    let batch_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(batch_id)),
-    )
-    .await??;
-    let batch_write: ConfigWriteResponse = to_response(batch_resp)?;
-    assert_eq!(batch_write.status, WriteStatus::Ok);
-    let expected_file_path = codex_home
-        .path()
-        .join("config.toml")
-        .canonicalize()
-        .unwrap()
-        .display()
-        .to_string();
-    assert_eq!(batch_write.file_path, expected_file_path);
-
-    let read_id = mcp
-        .send_config_read_request(ConfigReadParams {
-            include_layers: false,
-        })
-        .await?;
-    let read_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(read_id)),
-    )
-    .await??;
-    let read: ConfigReadResponse = to_response(read_resp)?;
-    assert_eq!(read.config.sandbox_mode, Some(SandboxMode::WorkspaceWrite));
-    let sandbox = read
-        .config
-        .sandbox_workspace_write
-        .as_ref()
-        .expect("sandbox workspace write");
-    assert_eq!(sandbox.writable_roots, vec![writable_root]);
-    assert!(!sandbox.network_access);
-
-    Ok(())
-}
--- a/codex-rs/app-server/tests/suite/v2/mod.rs
+++ b/codex-rs/app-server/tests/suite/v2/mod.rs
@@ -1,5 +1,4 @@
 mod account;
-mod config_rpc;
 mod model_list;
 mod rate_limits;
 mod review;
--- a/codex-rs/app-server/tests/suite/v2/model_list.rs
+++ b/codex-rs/app-server/tests/suite/v2/model_list.rs
@@ -4,7 +4,6 @@ use anyhow::Result;
 use anyhow::anyhow;
 use app_test_support::McpProcess;
 use app_test_support::to_response;
-use app_test_support::write_models_cache;
 use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::Model;
@@ -12,7 +11,7 @@ use codex_app_server_protocol::ModelListParams;
 use codex_app_server_protocol::ModelListResponse;
 use codex_app_server_protocol::ReasoningEffortOption;
 use codex_app_server_protocol::RequestId;
-use codex_protocol::openai_models::ReasoningEffort;
+use codex_protocol::config_types::ReasoningEffort;
 use pretty_assertions::assert_eq;
 use tempfile::TempDir;
 use tokio::time::timeout;
@@ -23,7 +22,6 @@ const INVALID_REQUEST_ERROR_CODE: i64 = -32600;
 #[tokio::test]
 async fn list_models_returns_all_models_with_large_limit() -> Result<()> {
    let codex_home = TempDir::new()?;
-    write_models_cache(codex_home.path())?;
    let mut mcp = McpProcess::new(codex_home.path()).await?;

    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
@@ -64,7 +62,7 @@ async fn list_models_returns_all_models_with_large_limit() -> Result<()> {
                },
                ReasoningEffortOption {
                    reasoning_effort: ReasoningEffort::High,
-                    description: "Greater reasoning depth for complex problems".to_string(),
+                    description: "Maximizes reasoning depth for complex problems".to_string(),
                },
                ReasoningEffortOption {
                    reasoning_effort: ReasoningEffort::XHigh,
@@ -116,39 +114,6 @@ async fn list_models_returns_all_models_with_large_limit() -> Result<()> {
            default_reasoning_effort: ReasoningEffort::Medium,
            is_default: false,
        },
-        Model {
-            id: "gpt-5.2".to_string(),
-            model: "gpt-5.2".to_string(),
-            display_name: "gpt-5.2".to_string(),
-            description:
-                "Latest frontier model with improvements across knowledge, reasoning and coding"
-                    .to_string(),
-            supported_reasoning_efforts: vec![
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Low,
-                    description: "Balances speed with some reasoning; useful for straightforward \
-                                   queries and short explanations"
-                        .to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Medium,
-                    description: "Provides a solid balance of reasoning depth and latency for \
-                         general-purpose tasks"
-                        .to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::High,
-                    description: "Greater reasoning depth for complex or ambiguous problems"
-                        .to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::XHigh,
-                    description: "Extra high reasoning for complex problems".to_string(),
-                },
-            ],
-            default_reasoning_effort: ReasoningEffort::Medium,
-            is_default: false,
-        },
        Model {
            id: "gpt-5.1".to_string(),
            model: "gpt-5.1".to_string(),
@@ -186,7 +151,6 @@ async fn list_models_returns_all_models_with_large_limit() -> Result<()> {
 #[tokio::test]
 async fn list_models_pagination_works() -> Result<()> {
    let codex_home = TempDir::new()?;
-    write_models_cache(codex_home.path())?;
    let mut mcp = McpProcess::new(codex_home.path()).await?;

    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
@@ -276,37 +240,14 @@ async fn list_models_pagination_works() -> Result<()> {
    } = to_response::<ModelListResponse>(fourth_response)?;

    assert_eq!(fourth_items.len(), 1);
-    assert_eq!(fourth_items[0].id, "gpt-5.2");
-    let fifth_cursor = fourth_cursor.ok_or_else(|| anyhow!("cursor for fifth page"))?;
-
-    let fifth_request = mcp
-        .send_list_models_request(ModelListParams {
-            limit: Some(1),
-            cursor: Some(fifth_cursor.clone()),
-        })
-        .await?;
-
-    let fifth_response: JSONRPCResponse = timeout(
-        DEFAULT_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(fifth_request)),
-    )
-    .await??;
-
-    let ModelListResponse {
-        data: fifth_items,
-        next_cursor: fifth_cursor,
-    } = to_response::<ModelListResponse>(fifth_response)?;
-
-    assert_eq!(fifth_items.len(), 1);
-    assert_eq!(fifth_items[0].id, "gpt-5.1");
-    assert!(fifth_cursor.is_none());
+    assert_eq!(fourth_items[0].id, "gpt-5.1");
+    assert!(fourth_cursor.is_none());
    Ok(())
 }

 #[tokio::test]
 async fn list_models_rejects_invalid_cursor() -> Result<()> {
    let codex_home = TempDir::new()?;
-    write_models_cache(codex_home.path())?;
    let mut mcp = McpProcess::new(codex_home.path()).await?;

    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
--- a/codex-rs/app-server/tests/suite/v2/rate_limits.rs
+++ b/codex-rs/app-server/tests/suite/v2/rate_limits.rs
@@ -11,7 +11,6 @@ use codex_app_server_protocol::RateLimitSnapshot;
 use codex_app_server_protocol::RateLimitWindow;
 use codex_app_server_protocol::RequestId;
 use codex_core::auth::AuthCredentialsStoreMode;
-use codex_protocol::account::PlanType as AccountPlanType;
 use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::path::Path;
@@ -154,7 +153,6 @@ async fn get_account_rate_limits_returns_snapshot() -> Result<()> {
                resets_at: Some(secondary_reset_timestamp),
            }),
            credits: None,
-            plan_type: Some(AccountPlanType::Pro),
        },
    };
    assert_eq!(received, expected);
--- a/codex-rs/app-server/tests/suite/v2/review.rs
+++ b/codex-rs/app-server/tests/suite/v2/review.rs
@@ -9,13 +9,12 @@ use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCNotification;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::RequestId;
-use codex_app_server_protocol::ReviewDelivery;
 use codex_app_server_protocol::ReviewStartParams;
-use codex_app_server_protocol::ReviewStartResponse;
 use codex_app_server_protocol::ReviewTarget;
 use codex_app_server_protocol::ThreadItem;
 use codex_app_server_protocol::ThreadStartParams;
 use codex_app_server_protocol::ThreadStartResponse;
+use codex_app_server_protocol::TurnStartResponse;
 use codex_app_server_protocol::TurnStatus;
 use serde_json::json;
 use tempfile::TempDir;
@@ -60,7 +59,7 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
    let review_req = mcp
        .send_review_start_request(ReviewStartParams {
            thread_id: thread_id.clone(),
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
            target: ReviewTarget::Commit {
                sha: "1234567deadbeef".to_string(),
                title: Some("Tidy UI colors".to_string()),
@@ -72,43 +71,43 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
        mcp.read_stream_until_response_message(RequestId::Integer(review_req)),
    )
    .await??;
-    let ReviewStartResponse {
-        turn,
-        review_thread_id,
-    } = to_response::<ReviewStartResponse>(review_resp)?;
-    assert_eq!(review_thread_id, thread_id.clone());
+    let TurnStartResponse { turn } = to_response::<TurnStartResponse>(review_resp)?;
    let turn_id = turn.id.clone();
    assert_eq!(turn.status, TurnStatus::InProgress);
-
-    // Confirm we see the EnteredReviewMode marker on the main thread.
-    let mut saw_entered_review_mode = false;
-    for _ in 0..10 {
-        let item_started: JSONRPCNotification = timeout(
-            DEFAULT_READ_TIMEOUT,
-            mcp.read_stream_until_notification_message("item/started"),
-        )
-        .await??;
-        let started: ItemStartedNotification =
-            serde_json::from_value(item_started.params.expect("params must be present"))?;
-        match started.item {
-            ThreadItem::EnteredReviewMode { id, review } => {
-                assert_eq!(id, turn_id);
-                assert_eq!(review, "commit 1234567: Tidy UI colors");
-                saw_entered_review_mode = true;
-                break;
-            }
-            _ => continue,
+    assert_eq!(turn.items.len(), 1);
+    match &turn.items[0] {
+        ThreadItem::UserMessage { content, .. } => {
+            assert_eq!(content.len(), 1);
+            assert!(matches!(
+                &content[0],
+                codex_app_server_protocol::UserInput::Text { .. }
+            ));
        }
+        other => panic!("expected user message, got {other:?}"),
+    }
+
+    let _started: JSONRPCNotification = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("turn/started"),
+    )
+    .await??;
+    let item_started: JSONRPCNotification = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_notification_message("item/started"),
+    )
+    .await??;
+    let started: ItemStartedNotification =
+        serde_json::from_value(item_started.params.expect("params must be present"))?;
+    match started.item {
+        ThreadItem::CodeReview { id, review } => {
+            assert_eq!(id, turn_id);
+            assert_eq!(review, "commit 1234567");
+        }
+        other => panic!("expected code review item, got {other:?}"),
    }
-    assert!(
-        saw_entered_review_mode,
-        "did not observe enteredReviewMode item"
-    );

-    // Confirm we see the ExitedReviewMode marker (with review text)
-    // on the same turn. Ignore any other items the stream surfaces.
    let mut review_body: Option<String> = None;
-    for _ in 0..10 {
+    for _ in 0..5 {
        let review_notif: JSONRPCNotification = timeout(
            DEFAULT_READ_TIMEOUT,
            mcp.read_stream_until_notification_message("item/completed"),
@@ -117,12 +116,13 @@ async fn review_start_runs_review_turn_and_emits_code_review_item() -> Result<()
        let completed: ItemCompletedNotification =
            serde_json::from_value(review_notif.params.expect("params must be present"))?;
        match completed.item {
-            ThreadItem::ExitedReviewMode { id, review } => {
+            ThreadItem::CodeReview { id, review } => {
                assert_eq!(id, turn_id);
                review_body = Some(review);
                break;
            }
-            _ => continue,
+            ThreadItem::UserMessage { .. } => continue,
+            other => panic!("unexpected item/completed payload: {other:?}"),
        }
    }

@@ -146,7 +146,7 @@ async fn review_start_rejects_empty_base_branch() -> Result<()> {
    let request_id = mcp
        .send_review_start_request(ReviewStartParams {
            thread_id,
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
            target: ReviewTarget::BaseBranch {
                branch: "   ".to_string(),
            },
@@ -167,56 +167,6 @@ async fn review_start_rejects_empty_base_branch() -> Result<()> {
    Ok(())
 }

-#[tokio::test]
-async fn review_start_with_detached_delivery_returns_new_thread_id() -> Result<()> {
-    let review_payload = json!({
-        "findings": [],
-        "overall_correctness": "ok",
-        "overall_explanation": "detached review",
-        "overall_confidence_score": 0.5
-    })
-    .to_string();
-    let responses = vec![create_final_assistant_message_sse_response(
-        &review_payload,
-    )?];
-    let server = create_mock_chat_completions_server_unchecked(responses).await;
-
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), &server.uri())?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let thread_id = start_default_thread(&mut mcp).await?;
-
-    let review_req = mcp
-        .send_review_start_request(ReviewStartParams {
-            thread_id: thread_id.clone(),
-            delivery: Some(ReviewDelivery::Detached),
-            target: ReviewTarget::Custom {
-                instructions: "detached review".to_string(),
-            },
-        })
-        .await?;
-    let review_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(review_req)),
-    )
-    .await??;
-    let ReviewStartResponse {
-        turn,
-        review_thread_id,
-    } = to_response::<ReviewStartResponse>(review_resp)?;
-
-    assert_eq!(turn.status, TurnStatus::InProgress);
-    assert_ne!(
-        review_thread_id, thread_id,
-        "detached review should run on a different thread"
-    );
-
-    Ok(())
-}
-
 #[tokio::test]
 async fn review_start_rejects_empty_commit_sha() -> Result<()> {
    let server = create_mock_chat_completions_server_unchecked(vec![]).await;
@@ -230,7 +180,7 @@ async fn review_start_rejects_empty_commit_sha() -> Result<()> {
    let request_id = mcp
        .send_review_start_request(ReviewStartParams {
            thread_id,
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
            target: ReviewTarget::Commit {
                sha: "\t".to_string(),
                title: None,
@@ -265,7 +215,7 @@ async fn review_start_rejects_empty_custom_instructions() -> Result<()> {
    let request_id = mcp
        .send_review_start_request(ReviewStartParams {
            thread_id,
-            delivery: Some(ReviewDelivery::Inline),
+            append_to_original_thread: true,
            target: ReviewTarget::Custom {
                instructions: "\n\n".to_string(),
            },
--- a/codex-rs/app-server/tests/suite/v2/thread_list.rs
+++ b/codex-rs/app-server/tests/suite/v2/thread_list.rs
@@ -6,96 +6,37 @@ use codex_app_server_protocol::GitInfo as ApiGitInfo;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::SessionSource;
+use codex_app_server_protocol::ThreadListParams;
 use codex_app_server_protocol::ThreadListResponse;
 use codex_protocol::protocol::GitInfo as CoreGitInfo;
-use std::path::Path;
 use std::path::PathBuf;
 use tempfile::TempDir;
 use tokio::time::timeout;

 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);

-async fn init_mcp(codex_home: &Path) -> Result<McpProcess> {
-    let mut mcp = McpProcess::new(codex_home).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-    Ok(mcp)
-}
-
-async fn list_threads(
-    mcp: &mut McpProcess,
-    cursor: Option<String>,
-    limit: Option<u32>,
-    providers: Option<Vec<String>>,
-) -> Result<ThreadListResponse> {
-    let request_id = mcp
-        .send_thread_list_request(codex_app_server_protocol::ThreadListParams {
-            cursor,
-            limit,
-            model_providers: providers,
-        })
-        .await?;
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-    to_response::<ThreadListResponse>(resp)
-}
-
-fn create_fake_rollouts<F, G>(
-    codex_home: &Path,
-    count: usize,
-    provider_for_index: F,
-    timestamp_for_index: G,
-    preview: &str,
-) -> Result<Vec<String>>
-where
-    F: Fn(usize) -> &'static str,
-    G: Fn(usize) -> (String, String),
-{
-    let mut ids = Vec::with_capacity(count);
-    for i in 0..count {
-        let (ts_file, ts_rfc) = timestamp_for_index(i);
-        ids.push(create_fake_rollout(
-            codex_home,
-            &ts_file,
-            &ts_rfc,
-            preview,
-            Some(provider_for_index(i)),
-            None,
-        )?);
-    }
-    Ok(ids)
-}
-
-fn timestamp_at(
-    year: i32,
-    month: u32,
-    day: u32,
-    hour: u32,
-    minute: u32,
-    second: u32,
-) -> (String, String) {
-    (
-        format!("{year:04}-{month:02}-{day:02}T{hour:02}-{minute:02}-{second:02}"),
-        format!("{year:04}-{month:02}-{day:02}T{hour:02}:{minute:02}:{second:02}Z"),
-    )
-}
-
 #[tokio::test]
 async fn thread_list_basic_empty() -> Result<()> {
    let codex_home = TempDir::new()?;
    create_minimal_config(codex_home.path())?;

-    let mut mcp = init_mcp(codex_home.path()).await?;
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;

-    let ThreadListResponse { data, next_cursor } = list_threads(
-        &mut mcp,
-        None,
-        Some(10),
-        Some(vec!["mock_provider".to_string()]),
+    // List threads in an empty CODEX_HOME; should return an empty page with nextCursor: null.
+    let list_id = mcp
+        .send_thread_list_request(ThreadListParams {
+            cursor: None,
+            limit: Some(10),
+            model_providers: Some(vec!["mock_provider".to_string()]),
+        })
+        .await?;
+    let list_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(list_id)),
    )
-    .await?;
+    .await??;
+    let ThreadListResponse { data, next_cursor } = to_response::<ThreadListResponse>(list_resp)?;
    assert!(data.is_empty());
    assert_eq!(next_cursor, None);

@@ -145,19 +86,26 @@ async fn thread_list_pagination_next_cursor_none_on_last_page() -> Result<()> {
        None,
    )?;

-    let mut mcp = init_mcp(codex_home.path()).await?;
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;

    // Page 1: limit 2 → expect next_cursor Some.
+    let page1_id = mcp
+        .send_thread_list_request(ThreadListParams {
+            cursor: None,
+            limit: Some(2),
+            model_providers: Some(vec!["mock_provider".to_string()]),
+        })
+        .await?;
+    let page1_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(page1_id)),
+    )
+    .await??;
    let ThreadListResponse {
        data: data1,
        next_cursor: cursor1,
-    } = list_threads(
-        &mut mcp,
-        None,
-        Some(2),
-        Some(vec!["mock_provider".to_string()]),
-    )
-    .await?;
+    } = to_response::<ThreadListResponse>(page1_resp)?;
    assert_eq!(data1.len(), 2);
    for thread in &data1 {
        assert_eq!(thread.preview, "Hello");
@@ -171,16 +119,22 @@ async fn thread_list_pagination_next_cursor_none_on_last_page() -> Result<()> {
    let cursor1 = cursor1.expect("expected nextCursor on first page");

    // Page 2: with cursor → expect next_cursor None when no more results.
+    let page2_id = mcp
+        .send_thread_list_request(ThreadListParams {
+            cursor: Some(cursor1),
+            limit: Some(2),
+            model_providers: Some(vec!["mock_provider".to_string()]),
+        })
+        .await?;
+    let page2_resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(page2_id)),
+    )
+    .await??;
    let ThreadListResponse {
        data: data2,
        next_cursor: cursor2,
-    } = list_threads(
-        &mut mcp,
-        Some(cursor1),
-        Some(2),
-        Some(vec!["mock_provider".to_string()]),
-    )
-    .await?;
+    } = to_response::<ThreadListResponse>(page2_resp)?;
    assert!(data2.len() <= 2);
    for thread in &data2 {
        assert_eq!(thread.preview, "Hello");
@@ -219,16 +173,23 @@ async fn thread_list_respects_provider_filter() -> Result<()> {
        None,
    )?;

-    let mut mcp = init_mcp(codex_home.path()).await?;
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;

    // Filter to only other_provider; expect 1 item, nextCursor None.
-    let ThreadListResponse { data, next_cursor } = list_threads(
-        &mut mcp,
-        None,
-        Some(10),
-        Some(vec!["other_provider".to_string()]),
+    let list_id = mcp
+        .send_thread_list_request(ThreadListParams {
+            cursor: None,
+            limit: Some(10),
+            model_providers: Some(vec!["other_provider".to_string()]),
+        })
+        .await?;
+    let resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(list_id)),
    )
-    .await?;
+    .await??;
+    let ThreadListResponse { data, next_cursor } = to_response::<ThreadListResponse>(resp)?;
    assert_eq!(data.len(), 1);
    assert_eq!(next_cursor, None);
    let thread = &data[0];
@@ -244,146 +205,6 @@ async fn thread_list_respects_provider_filter() -> Result<()> {
    Ok(())
 }

-#[tokio::test]
-async fn thread_list_fetches_until_limit_or_exhausted() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_minimal_config(codex_home.path())?;
-
-    // Newest 16 conversations belong to a different provider; the older 8 are the
-    // only ones that match the filter. We request 8 so the server must keep
-    // paging past the first two pages to reach the desired count.
-    create_fake_rollouts(
-        codex_home.path(),
-        24,
-        |i| {
-            if i < 16 {
-                "skip_provider"
-            } else {
-                "target_provider"
-            }
-        },
-        |i| timestamp_at(2025, 3, 30 - i as u32, 12, 0, 0),
-        "Hello",
-    )?;
-
-    let mut mcp = init_mcp(codex_home.path()).await?;
-
-    // Request 8 threads for the target provider; the matches only start on the
-    // third page so we rely on pagination to reach the limit.
-    let ThreadListResponse { data, next_cursor } = list_threads(
-        &mut mcp,
-        None,
-        Some(8),
-        Some(vec!["target_provider".to_string()]),
-    )
-    .await?;
-    assert_eq!(
-        data.len(),
-        8,
-        "should keep paging until the requested count is filled"
-    );
-    assert!(
-        data.iter()
-            .all(|thread| thread.model_provider == "target_provider"),
-        "all returned threads must match the requested provider"
-    );
-    assert_eq!(
-        next_cursor, None,
-        "once the requested count is satisfied on the final page, nextCursor should be None"
-    );
-
-    Ok(())
-}
-
-#[tokio::test]
-async fn thread_list_enforces_max_limit() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_minimal_config(codex_home.path())?;
-
-    create_fake_rollouts(
-        codex_home.path(),
-        105,
-        |_| "mock_provider",
-        |i| {
-            let month = 5 + (i / 28);
-            let day = (i % 28) + 1;
-            timestamp_at(2025, month as u32, day as u32, 0, 0, 0)
-        },
-        "Hello",
-    )?;
-
-    let mut mcp = init_mcp(codex_home.path()).await?;
-
-    let ThreadListResponse { data, next_cursor } = list_threads(
-        &mut mcp,
-        None,
-        Some(200),
-        Some(vec!["mock_provider".to_string()]),
-    )
-    .await?;
-    assert_eq!(
-        data.len(),
-        100,
-        "limit should be clamped to the maximum page size"
-    );
-    assert!(
-        next_cursor.is_some(),
-        "when more than the maximum exist, nextCursor should continue pagination"
-    );
-
-    Ok(())
-}
-
-#[tokio::test]
-async fn thread_list_stops_when_not_enough_filtered_results_exist() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_minimal_config(codex_home.path())?;
-
-    // Only the last 7 conversations match the provider filter; we ask for 10 to
-    // ensure the server exhausts pagination without looping forever.
-    create_fake_rollouts(
-        codex_home.path(),
-        22,
-        |i| {
-            if i < 15 {
-                "skip_provider"
-            } else {
-                "target_provider"
-            }
-        },
-        |i| timestamp_at(2025, 4, 28 - i as u32, 8, 0, 0),
-        "Hello",
-    )?;
-
-    let mut mcp = init_mcp(codex_home.path()).await?;
-
-    // Request more threads than exist after filtering; expect all matches to be
-    // returned with nextCursor None.
-    let ThreadListResponse { data, next_cursor } = list_threads(
-        &mut mcp,
-        None,
-        Some(10),
-        Some(vec!["target_provider".to_string()]),
-    )
-    .await?;
-    assert_eq!(
-        data.len(),
-        7,
-        "all available filtered threads should be returned"
-    );
-    assert!(
-        data.iter()
-            .all(|thread| thread.model_provider == "target_provider"),
-        "results should still respect the provider filter"
-    );
-    assert_eq!(
-        next_cursor, None,
-        "when results are exhausted before reaching the limit, nextCursor should be None"
-    );
-
-    Ok(())
-}
-
 #[tokio::test]
 async fn thread_list_includes_git_info() -> Result<()> {
    let codex_home = TempDir::new()?;
@@ -403,15 +224,22 @@ async fn thread_list_includes_git_info() -> Result<()> {
        Some(git_info),
    )?;

-    let mut mcp = init_mcp(codex_home.path()).await?;
+    let mut mcp = McpProcess::new(codex_home.path()).await?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;

-    let ThreadListResponse { data, .. } = list_threads(
-        &mut mcp,
-        None,
-        Some(10),
-        Some(vec!["mock_provider".to_string()]),
+    let list_id = mcp
+        .send_thread_list_request(ThreadListParams {
+            cursor: None,
+            limit: Some(10),
+            model_providers: Some(vec!["mock_provider".to_string()]),
+        })
+        .await?;
+    let resp: JSONRPCResponse = timeout(
+        DEFAULT_READ_TIMEOUT,
+        mcp.read_stream_until_response_message(RequestId::Integer(list_id)),
    )
-    .await?;
+    .await??;
+    let ThreadListResponse { data, .. } = to_response::<ThreadListResponse>(resp)?;
    let thread = data
        .iter()
        .find(|t| t.id == conversation_id)
--- a/codex-rs/app-server/tests/suite/v2/turn_interrupt.rs
+++ b/codex-rs/app-server/tests/suite/v2/turn_interrupt.rs
@@ -88,11 +88,10 @@ async fn turn_interrupt_aborts_running_turn() -> Result<()> {
    // Give the command a brief moment to start.
    tokio::time::sleep(std::time::Duration::from_secs(1)).await;

-    let thread_id = thread.id.clone();
    // Interrupt the in-progress turn by id (v2 API).
    let interrupt_id = mcp
        .send_turn_interrupt_request(TurnInterruptParams {
-            thread_id: thread_id.clone(),
+            thread_id: thread.id,
            turn_id: turn.id,
        })
        .await?;
@@ -113,7 +112,6 @@ async fn turn_interrupt_aborts_running_turn() -> Result<()> {
            .params
            .expect("turn/completed params must be present"),
    )?;
-    assert_eq!(completed.thread_id, thread_id);
    assert_eq!(completed.turn.status, TurnStatus::Interrupted);

    Ok(())
--- a/codex-rs/app-server/tests/suite/v2/turn_start.rs
+++ b/codex-rs/app-server/tests/suite/v2/turn_start.rs
@@ -1,7 +1,6 @@
 use anyhow::Result;
 use app_test_support::McpProcess;
 use app_test_support::create_apply_patch_sse_response;
-use app_test_support::create_exec_command_sse_response;
 use app_test_support::create_final_assistant_message_sse_response;
 use app_test_support::create_mock_chat_completions_server;
 use app_test_support::create_mock_chat_completions_server_unchecked;
@@ -11,7 +10,6 @@ use app_test_support::to_response;
 use codex_app_server_protocol::ApprovalDecision;
 use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::CommandExecutionStatus;
-use codex_app_server_protocol::FileChangeOutputDeltaNotification;
 use codex_app_server_protocol::FileChangeRequestApprovalResponse;
 use codex_app_server_protocol::ItemCompletedNotification;
 use codex_app_server_protocol::ItemStartedNotification;
@@ -30,8 +28,8 @@ use codex_app_server_protocol::TurnStartResponse;
 use codex_app_server_protocol::TurnStartedNotification;
 use codex_app_server_protocol::TurnStatus;
 use codex_app_server_protocol::UserInput as V2UserInput;
+use codex_core::protocol_config_types::ReasoningEffort;
 use codex_core::protocol_config_types::ReasoningSummary;
-use codex_protocol::openai_models::ReasoningEffort;
 use core_test_support::skip_if_no_network;
 use pretty_assertions::assert_eq;
 use std::path::Path;
@@ -97,7 +95,6 @@ async fn turn_start_emits_notifications_and_accepts_model_override() -> Result<(
    .await??;
    let started: TurnStartedNotification =
        serde_json::from_value(notif.params.expect("params must be present"))?;
-    assert_eq!(started.thread_id, thread.id);
    assert_eq!(
        started.turn.status,
        codex_app_server_protocol::TurnStatus::InProgress
@@ -141,7 +138,6 @@ async fn turn_start_emits_notifications_and_accepts_model_override() -> Result<(
            .params
            .expect("turn/completed params must be present"),
    )?;
-    assert_eq!(completed.thread_id, thread.id);
    assert_eq!(completed.turn.status, TurnStatus::Completed);

    Ok(())
@@ -427,6 +423,7 @@ async fn turn_start_exec_approval_decline_v2() -> Result<()> {
        request_id,
        serde_json::to_value(CommandExecutionRequestApprovalResponse {
            decision: ApprovalDecision::Decline,
+            accept_settings: None,
        })?,
    )
    .await?;
@@ -532,7 +529,7 @@ async fn turn_start_updates_sandbox_and_cwd_between_turns_v2() -> Result<()> {
            cwd: Some(first_cwd.clone()),
            approval_policy: Some(codex_app_server_protocol::AskForApproval::Never),
            sandbox_policy: Some(codex_app_server_protocol::SandboxPolicy::WorkspaceWrite {
-                writable_roots: vec![first_cwd.try_into()?],
+                writable_roots: vec![first_cwd.clone()],
                network_access: false,
                exclude_tmpdir_env_var: false,
                exclude_slash_tmp: false,
@@ -617,6 +614,10 @@ async fn turn_start_updates_sandbox_and_cwd_between_turns_v2() -> Result<()> {
 #[tokio::test]
 async fn turn_start_file_change_approval_v2() -> Result<()> {
    skip_if_no_network!(Ok(()));
+    if cfg!(windows) {
+        // TODO apply_patch approvals are not parsed from powershell commands yet
+        return Ok(());
+    }

    let tmp = TempDir::new()?;
    let codex_home = tmp.path().join("codex_home");
@@ -725,26 +726,6 @@ async fn turn_start_file_change_approval_v2() -> Result<()> {
    )
    .await?;

-    let output_delta_notif = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("item/fileChange/outputDelta"),
-    )
-    .await??;
-    let output_delta: FileChangeOutputDeltaNotification = serde_json::from_value(
-        output_delta_notif
-            .params
-            .clone()
-            .expect("item/fileChange/outputDelta params"),
-    )?;
-    assert_eq!(output_delta.thread_id, thread.id);
-    assert_eq!(output_delta.turn_id, turn.id);
-    assert_eq!(output_delta.item_id, "patch-call");
-    assert!(
-        !output_delta.delta.is_empty(),
-        "expected delta to be non-empty, got: {}",
-        output_delta.delta
-    );
-
    let completed_file_change = timeout(DEFAULT_READ_TIMEOUT, async {
        loop {
            let completed_notif = mcp
@@ -783,6 +764,10 @@ async fn turn_start_file_change_approval_v2() -> Result<()> {
 #[tokio::test]
 async fn turn_start_file_change_approval_decline_v2() -> Result<()> {
    skip_if_no_network!(Ok(()));
+    if cfg!(windows) {
+        // TODO apply_patch approvals are not parsed from powershell commands yet
+        return Ok(());
+    }

    let tmp = TempDir::new()?;
    let codex_home = tmp.path().join("codex_home");
@@ -928,134 +913,6 @@ async fn turn_start_file_change_approval_decline_v2() -> Result<()> {
    Ok(())
 }

-#[tokio::test]
-#[cfg_attr(windows, ignore = "process id reporting differs on Windows")]
-async fn command_execution_notifications_include_process_id() -> Result<()> {
-    skip_if_no_network!(Ok(()));
-
-    let responses = vec![
-        create_exec_command_sse_response("uexec-1")?,
-        create_final_assistant_message_sse_response("done")?,
-    ];
-    let server = create_mock_chat_completions_server(responses).await;
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), &server.uri(), "never")?;
-    let config_toml = codex_home.path().join("config.toml");
-    let mut config_contents = std::fs::read_to_string(&config_toml)?;
-    config_contents.push_str(
-        r#"
-[features]
-unified_exec = true
-"#,
-    );
-    std::fs::write(&config_toml, config_contents)?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let start_id = mcp
-        .send_thread_start_request(ThreadStartParams {
-            model: Some("mock-model".to_string()),
-            ..Default::default()
-        })
-        .await?;
-    let start_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(start_id)),
-    )
-    .await??;
-    let ThreadStartResponse { thread, .. } = to_response::<ThreadStartResponse>(start_resp)?;
-
-    let turn_id = mcp
-        .send_turn_start_request(TurnStartParams {
-            thread_id: thread.id.clone(),
-            input: vec![V2UserInput::Text {
-                text: "run a command".to_string(),
-            }],
-            ..Default::default()
-        })
-        .await?;
-    let turn_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(turn_id)),
-    )
-    .await??;
-    let TurnStartResponse { turn: _turn } = to_response::<TurnStartResponse>(turn_resp)?;
-
-    let started_command = timeout(DEFAULT_READ_TIMEOUT, async {
-        loop {
-            let notif = mcp
-                .read_stream_until_notification_message("item/started")
-                .await?;
-            let started: ItemStartedNotification = serde_json::from_value(
-                notif
-                    .params
-                    .clone()
-                    .expect("item/started should include params"),
-            )?;
-            if let ThreadItem::CommandExecution { .. } = started.item {
-                return Ok::<ThreadItem, anyhow::Error>(started.item);
-            }
-        }
-    })
-    .await??;
-    let ThreadItem::CommandExecution {
-        id,
-        process_id: started_process_id,
-        status,
-        ..
-    } = started_command
-    else {
-        unreachable!("loop ensures we break on command execution items");
-    };
-    assert_eq!(id, "uexec-1");
-    assert_eq!(status, CommandExecutionStatus::InProgress);
-    let started_process_id = started_process_id.expect("process id should be present");
-
-    let completed_command = timeout(DEFAULT_READ_TIMEOUT, async {
-        loop {
-            let notif = mcp
-                .read_stream_until_notification_message("item/completed")
-                .await?;
-            let completed: ItemCompletedNotification = serde_json::from_value(
-                notif
-                    .params
-                    .clone()
-                    .expect("item/completed should include params"),
-            )?;
-            if let ThreadItem::CommandExecution { .. } = completed.item {
-                return Ok::<ThreadItem, anyhow::Error>(completed.item);
-            }
-        }
-    })
-    .await??;
-    let ThreadItem::CommandExecution {
-        id: completed_id,
-        process_id: completed_process_id,
-        status: completed_status,
-        exit_code,
-        ..
-    } = completed_command
-    else {
-        unreachable!("loop ensures we break on command execution items");
-    };
-    assert_eq!(completed_id, "uexec-1");
-    assert_eq!(completed_status, CommandExecutionStatus::Completed);
-    assert_eq!(exit_code, Some(0));
-    assert_eq!(
-        completed_process_id.as_deref(),
-        Some(started_process_id.as_str())
-    );
-
-    timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("turn/completed"),
-    )
-    .await??;
-
-    Ok(())
-}
-
 // Helper to create a config.toml pointing at the mock model server.
 fn create_config_toml(
    codex_home: &Path,
--- a/codex-rs/apply-patch/Cargo.toml
+++ b/codex-rs/apply-patch/Cargo.toml
@@ -1,8 +1,7 @@
 [package]
+edition = "2024"
 name = "codex-apply-patch"
-version.workspace = true
-edition.workspace = true
-license.workspace = true
+version = { workspace = true }

 [lib]
 name = "codex_apply_patch"
--- a/codex-rs/apply-patch/src/lib.rs
+++ b/codex-rs/apply-patch/src/lib.rs
@@ -30,13 +30,7 @@ pub use standalone_executable::main;
 pub const APPLY_PATCH_TOOL_INSTRUCTIONS: &str = include_str!("../apply_patch_tool_instructions.md");

 const APPLY_PATCH_COMMANDS: [&str; 2] = ["apply_patch", "applypatch"];
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq)]
-enum ApplyPatchShell {
-    Unix,
-    PowerShell,
-    Cmd,
-}
+const APPLY_PATCH_SHELLS: [&str; 3] = ["bash", "zsh", "sh"];

 #[derive(Debug, Error, PartialEq)]
 pub enum ApplyPatchError {
@@ -103,55 +97,11 @@ pub struct ApplyPatchArgs {
    pub workdir: Option<String>,
 }

-fn classify_shell_name(shell: &str) -> Option<String> {
+fn shell_supports_apply_patch(shell: &str) -> bool {
    std::path::Path::new(shell)
-        .file_stem()
+        .file_name()
        .and_then(|name| name.to_str())
-        .map(str::to_ascii_lowercase)
-}
-
-fn classify_shell(shell: &str, flag: &str) -> Option<ApplyPatchShell> {
-    classify_shell_name(shell).and_then(|name| match name.as_str() {
-        "bash" | "zsh" | "sh" if matches!(flag, "-lc" | "-c") => Some(ApplyPatchShell::Unix),
-        "pwsh" | "powershell" if flag.eq_ignore_ascii_case("-command") => {
-            Some(ApplyPatchShell::PowerShell)
-        }
-        "cmd" if flag.eq_ignore_ascii_case("/c") => Some(ApplyPatchShell::Cmd),
-        _ => None,
-    })
-}
-
-fn can_skip_flag(shell: &str, flag: &str) -> bool {
-    classify_shell_name(shell).is_some_and(|name| {
-        matches!(name.as_str(), "pwsh" | "powershell") && flag.eq_ignore_ascii_case("-noprofile")
-    })
-}
-
-fn parse_shell_script(argv: &[String]) -> Option<(ApplyPatchShell, &str)> {
-    match argv {
-        [shell, flag, script] => classify_shell(shell, flag).map(|shell_type| {
-            let script = script.as_str();
-            (shell_type, script)
-        }),
-        [shell, skip_flag, flag, script] if can_skip_flag(shell, skip_flag) => {
-            classify_shell(shell, flag).map(|shell_type| {
-                let script = script.as_str();
-                (shell_type, script)
-            })
-        }
-        _ => None,
-    }
-}
-
-fn extract_apply_patch_from_shell(
-    shell: ApplyPatchShell,
-    script: &str,
-) -> std::result::Result<(String, Option<String>), ExtractHeredocError> {
-    match shell {
-        ApplyPatchShell::Unix | ApplyPatchShell::PowerShell | ApplyPatchShell::Cmd => {
-            extract_apply_patch_from_bash(script)
-        }
-    }
+        .is_some_and(|name| APPLY_PATCH_SHELLS.contains(&name))
 }

 pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
@@ -161,9 +111,9 @@ pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
            Ok(source) => MaybeApplyPatch::Body(source),
            Err(e) => MaybeApplyPatch::PatchParseError(e),
        },
-        // Shell heredoc form: (optional `cd <path> &&`) apply_patch <<'EOF' ...
-        _ => match parse_shell_script(argv) {
-            Some((shell, script)) => match extract_apply_patch_from_shell(shell, script) {
+        // Bash heredoc form: (optional `cd <path> &&`) apply_patch <<'EOF' ...
+        [shell, flag, script] if shell_supports_apply_patch(shell) && flag == "-lc" => {
+            match extract_apply_patch_from_bash(script) {
                Ok((body, workdir)) => match parse_patch(&body) {
                    Ok(mut source) => {
                        source.workdir = workdir;
@@ -175,9 +125,9 @@ pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
                    MaybeApplyPatch::NotApplyPatch
                }
                Err(e) => MaybeApplyPatch::ShellParseError(e),
-            },
-            None => MaybeApplyPatch::NotApplyPatch,
-        },
+            }
+        }
+        _ => MaybeApplyPatch::NotApplyPatch,
    }
 }

@@ -272,17 +222,24 @@ impl ApplyPatchAction {
 /// cwd must be an absolute path so that we can resolve relative paths in the
 /// patch.
 pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApplyPatchVerified {
-    // Detect a raw patch body passed directly as the command or as the body of a shell
+    // Detect a raw patch body passed directly as the command or as the body of a bash -lc
    // script. In these cases, report an explicit error rather than applying the patch.
-    if let [body] = argv
-        && parse_patch(body).is_ok()
-    {
-        return MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation);
-    }
-    if let Some((_, script)) = parse_shell_script(argv)
-        && parse_patch(script).is_ok()
-    {
-        return MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation);
+    match argv {
+        [body] => {
+            if parse_patch(body).is_ok() {
+                return MaybeApplyPatchVerified::CorrectnessError(
+                    ApplyPatchError::ImplicitInvocation,
+                );
+            }
+        }
+        [shell, flag, script]
+            if shell_supports_apply_patch(shell)
+                && flag == "-lc"
+                && parse_patch(script).is_ok() =>
+        {
+            return MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation);
+        }
+        _ => {}
    }

    match maybe_parse_apply_patch(argv) {
@@ -914,22 +871,6 @@ mod tests {
        strs_to_strings(&["bash", "-lc", script])
    }

-    fn args_powershell(script: &str) -> Vec<String> {
-        strs_to_strings(&["powershell.exe", "-Command", script])
-    }
-
-    fn args_powershell_no_profile(script: &str) -> Vec<String> {
-        strs_to_strings(&["powershell.exe", "-NoProfile", "-Command", script])
-    }
-
-    fn args_pwsh(script: &str) -> Vec<String> {
-        strs_to_strings(&["pwsh", "-NoProfile", "-Command", script])
-    }
-
-    fn args_cmd(script: &str) -> Vec<String> {
-        strs_to_strings(&["cmd.exe", "/c", script])
-    }
-
    fn heredoc_script(prefix: &str) -> String {
        format!(
            "{prefix}apply_patch <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH"
@@ -949,7 +890,8 @@ mod tests {
        }]
    }

-    fn assert_match_args(args: Vec<String>, expected_workdir: Option<&str>) {
+    fn assert_match(script: &str, expected_workdir: Option<&str>) {
+        let args = args_bash(script);
        match maybe_parse_apply_patch(&args) {
            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, workdir, .. }) => {
                assert_eq!(workdir.as_deref(), expected_workdir);
@@ -959,11 +901,6 @@ mod tests {
        }
    }

-    fn assert_match(script: &str, expected_workdir: Option<&str>) {
-        let args = args_bash(script);
-        assert_match_args(args, expected_workdir);
-    }
-
    fn assert_not_match(script: &str) {
        let args = args_bash(script);
        assert_matches!(
@@ -1049,13 +986,6 @@ mod tests {
        assert_match(&heredoc_script(""), None);
    }

-    #[test]
-    fn test_heredoc_non_login_shell() {
-        let script = heredoc_script("");
-        let args = strs_to_strings(&["bash", "-c", &script]);
-        assert_match_args(args, None);
-    }
-
    #[test]
    fn test_heredoc_applypatch() {
        let args = strs_to_strings(&[
@@ -1084,28 +1014,6 @@ PATCH"#,
        }
    }

-    #[test]
-    fn test_powershell_heredoc() {
-        let script = heredoc_script("");
-        assert_match_args(args_powershell(&script), None);
-    }
-    #[test]
-    fn test_powershell_heredoc_no_profile() {
-        let script = heredoc_script("");
-        assert_match_args(args_powershell_no_profile(&script), None);
-    }
-    #[test]
-    fn test_pwsh_heredoc() {
-        let script = heredoc_script("");
-        assert_match_args(args_pwsh(&script), None);
-    }
-
-    #[test]
-    fn test_cmd_heredoc_with_cd() {
-        let script = heredoc_script("cd foo && ");
-        assert_match_args(args_cmd(&script), Some("foo"));
-    }
-
    #[test]
    fn test_heredoc_with_leading_cd() {
        assert_match(&heredoc_script("cd foo && "), Some("foo"));
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/.gitattributes
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/.gitattributes
@@ -1 +0,0 @@
-** text eol=lf
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/expected/bar.md
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/expected/bar.md
@@ -1 +0,0 @@
-This is a new file
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/patch.txt
@@ -1,4 +0,0 @@
-*** Begin Patch
-*** Add File: bar.md
-+This is a new file
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/modify.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/modify.txt
@@ -1,2 +0,0 @@
-line1
-changed
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/nested/new.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/nested/new.txt
@@ -1 +0,0 @@
-created
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/delete.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/delete.txt
@@ -1 +0,0 @@
-obsolete
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/modify.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/modify.txt
@@ -1,2 +0,0 @@
-line1
-line2
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/patch.txt
@@ -1,9 +0,0 @@
-*** Begin Patch
-*** Add File: nested/new.txt
-+created
-*** Delete File: delete.txt
-*** Update File: modify.txt
-@@
-line2
-+changed
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/expected/multi.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/expected/multi.txt
@@ -1,4 +0,0 @@
-line1
-changed2
-line3
-changed4
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/input/multi.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/input/multi.txt
@@ -1,4 +0,0 @@
-line1
-line2
-line3
-line4
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/patch.txt
@@ -1,9 +0,0 @@
-*** Begin Patch
-*** Update File: multi.txt
-@@
-line2
-+changed2
-@@
-line4
-+changed4
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/old/other.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/old/other.txt
@@ -1 +0,0 @@
-unrelated file
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/renamed/dir/name.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/renamed/dir/name.txt
@@ -1 +0,0 @@
-new content
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/name.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/name.txt
@@ -1 +0,0 @@
-old content
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/other.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/other.txt
@@ -1 +0,0 @@
-unrelated file
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/patch.txt
@@ -1,7 +0,0 @@
-*** Begin Patch
-*** Update File: old/name.txt
-*** Move to: renamed/dir/name.txt
-@@
-old content
-+new content
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/005_rejects_empty_patch/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/005_rejects_empty_patch/patch.txt
@@ -1,2 +0,0 @@
-*** Begin Patch
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/expected/modify.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/expected/modify.txt
@@ -1,2 +0,0 @@
-line1
-line2
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/input/modify.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/input/modify.txt
@@ -1,2 +0,0 @@
-line1
-line2
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/patch.txt
@@ -1,6 +0,0 @@
-*** Begin Patch
-*** Update File: modify.txt
-@@
-missing
-+changed
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/007_rejects_missing_file_delete/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/007_rejects_missing_file_delete/patch.txt
@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Delete File: missing.txt
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/008_rejects_empty_update_hunk/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/008_rejects_empty_update_hunk/patch.txt
@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Update File: foo.txt
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/009_requires_existing_file_for_update/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/009_requires_existing_file_for_update/patch.txt
@@ -1,6 +0,0 @@
-*** Begin Patch
-*** Update File: missing.txt
-@@
-old
-+new
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/old/other.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/old/other.txt
@@ -1 +0,0 @@
-unrelated file
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/renamed/dir/name.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/renamed/dir/name.txt
@@ -1 +0,0 @@
-new
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/name.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/name.txt
@@ -1 +0,0 @@
-from
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/other.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/other.txt
@@ -1 +0,0 @@
-unrelated file
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/renamed/dir/name.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/renamed/dir/name.txt
@@ -1 +0,0 @@
-existing
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/patch.txt
@@ -1,7 +0,0 @@
-*** Begin Patch
-*** Update File: old/name.txt
-*** Move to: renamed/dir/name.txt
-@@
-from
-+new
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/expected/duplicate.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/expected/duplicate.txt
@@ -1 +0,0 @@
-new content
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/input/duplicate.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/input/duplicate.txt
@@ -1 +0,0 @@
-old content
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/patch.txt
@@ -1,4 +0,0 @@
-*** Begin Patch
-*** Add File: duplicate.txt
-+new content
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/012_delete_directory_fails/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/012_delete_directory_fails/patch.txt
@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Delete File: dir
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/013_rejects_invalid_hunk_header/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/013_rejects_invalid_hunk_header/patch.txt
@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Frobnicate File: foo
-*** End Patch
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/expected/no_newline.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/expected/no_newline.txt
@@ -1,2 +0,0 @@
-first line
-second line
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/input/no_newline.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/input/no_newline.txt
@@ -1 +0,0 @@
-no newline at end
--- a/codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/patch.txt
+++ b/codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/patch.txt
@@ -1,7 +0,0 @@
-*** Begin Patch
-*** Update File: no_newline.txt
-@@
-no newline at end
-+first line
-+second line
-*** End Patch
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Friel	4cfca3c5ce	Clarify subagent flag docs	2025-11-23 11:49:47 -08:00
Friel	2b0d67f1a7	Update subagent docs and defaults	2025-11-22 19:42:48 -08:00
Friel	da7d6f1abb	docs: refine subagent behavior docs	2025-11-22 09:34:49 -08:00
Friel	beb71f4a00	Add subagent tools	2025-11-22 00:16:43 -08:00