docs: document view_image and disable_paste_burst

Ensure User-Agent and originator are always sent.

AGENTS.md

@@ -8,10 +8,10 @@ In the codex-rs folder where the rust code lives:
   - You operate in a sandbox where `CODEX_SANDBOX_NETWORK_DISABLED=1` will be set whenever you use the `shell` tool. Any existing code that uses `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` was authored with this fact in mind. It is often used to early exit out of tests that the author knew you would not be able to run given your sandbox limitations.
   - Similarly, when you spawn a process using Seatbelt (`/usr/bin/sandbox-exec`), `CODEX_SANDBOX=seatbelt` will be set on the child process. Integration tests that want to run Seatbelt themselves cannot be run under Seatbelt, so checks for `CODEX_SANDBOX=seatbelt` are also often used to early exit out of tests, as appropriate.
 
-Before finalizing a change to `codex-rs`, run `just fmt` (in `codex-rs` directory) to format the code and `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Additionally, run the tests:
+Run `just fmt` (in `codex-rs` directory) automatically after making Rust code changes; do not ask for approval to run it. Before finalizing a change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Additionally, run the tests:
 1. Run the test for the specific project that was changed. For example, if changes were made in `codex-rs/tui`, run `cargo test -p codex-tui`.
 2. Once those pass, if any changes were made in common, core, or protocol, run the complete test suite with `cargo test --all-features`.
-When running interactively, ask the user before running these commands to finalize.
+When running interactively, ask the user before running `just fix` and tests to finalize; `just fmt` does not require approval.
 
 ## TUI style conventions
 

codex-rs/chatgpt/src/apply_command.rs

@@ -31,7 +31,7 @@ pub async fn run_apply_command(
         ConfigOverrides::default(),
     )?;
 
-    init_chatgpt_token_from_auth(&config.codex_home).await?;
+    init_chatgpt_token_from_auth(&config.codex_home, &config.responses_originator_header).await?;
 
     let task_response = get_task(&config, apply_cli.task_id).await?;
     apply_diff_from_task(task_response, cwd).await

codex-rs/chatgpt/src/chatgpt_client.rs

@@ -1,5 +1,5 @@
 use codex_core::config::Config;
-use codex_core::user_agent::get_codex_user_agent;
+use codex_core::default_client::create_client;
 
 use crate::chatgpt_token::get_chatgpt_token_data;
 use crate::chatgpt_token::init_chatgpt_token_from_auth;
@@ -13,10 +13,10 @@ pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
     path: String,
 ) -> anyhow::Result<T> {
     let chatgpt_base_url = &config.chatgpt_base_url;
-    init_chatgpt_token_from_auth(&config.codex_home).await?;
+    init_chatgpt_token_from_auth(&config.codex_home, &config.responses_originator_header).await?;
 
     // Make direct HTTP request to ChatGPT backend API with the token
-    let client = reqwest::Client::new();
+    let client = create_client(&config.responses_originator_header);
     let url = format!("{chatgpt_base_url}{path}");
 
     let token =
@@ -31,7 +31,6 @@ pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
         .bearer_auth(&token.access_token)
         .header("chatgpt-account-id", account_id?)
         .header("Content-Type", "application/json")
-        .header("User-Agent", get_codex_user_agent(None))
         .send()
         .await
         .context("Failed to send request")?;

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -19,8 +19,11 @@ pub fn set_chatgpt_token_data(value: TokenData) {
 }
 
 /// Initialize the ChatGPT token from auth.json file
-pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
-    let auth = CodexAuth::from_codex_home(codex_home, AuthMode::ChatGPT)?;
+pub async fn init_chatgpt_token_from_auth(
+    codex_home: &Path,
+    originator: &str,
+) -> std::io::Result<()> {
+    let auth = CodexAuth::from_codex_home(codex_home, AuthMode::ChatGPT, originator)?;
     if let Some(auth) = auth {
         let token_data = auth.get_token_data().await?;
         set_chatgpt_token_data(token_data);

codex-rs/cli/src/login.rs

@@ -60,7 +60,11 @@ pub async fn run_login_with_api_key(
 pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides);
 
-    match CodexAuth::from_codex_home(&config.codex_home, config.preferred_auth_method) {
+    match CodexAuth::from_codex_home(
+        &config.codex_home,
+        config.preferred_auth_method,
+        &config.responses_originator_header,
+    ) {
         Ok(Some(auth)) => match auth.mode {
             AuthMode::ApiKey => match auth.get_token().await {
                 Ok(api_key) => {

codex-rs/cli/src/proto.rs

@@ -40,6 +40,7 @@ pub async fn run_main(opts: ProtoCli) -> anyhow::Result<()> {
     let conversation_manager = ConversationManager::new(AuthManager::shared(
         config.codex_home.clone(),
         config.preferred_auth_method,
+        config.responses_originator_header.clone(),
     ));
     let NewConversation {
         conversation_id: _,

codex-rs/core/src/auth.rs

@@ -27,6 +27,7 @@ pub struct CodexAuth {
     pub(crate) api_key: Option<String>,
     pub(crate) auth_dot_json: Arc<Mutex<Option<AuthDotJson>>>,
     pub(crate) auth_file: PathBuf,
+    pub(crate) client: reqwest::Client,
 }
 
 impl PartialEq for CodexAuth {
@@ -36,22 +37,13 @@ impl PartialEq for CodexAuth {
 }
 
 impl CodexAuth {
-    pub fn from_api_key(api_key: &str) -> Self {
-        Self {
-            api_key: Some(api_key.to_owned()),
-            mode: AuthMode::ApiKey,
-            auth_file: PathBuf::new(),
-            auth_dot_json: Arc::new(Mutex::new(None)),
-        }
-    }
-
     pub async fn refresh_token(&self) -> Result<String, std::io::Error> {
         let token_data = self
             .get_current_token_data()
             .ok_or(std::io::Error::other("Token data is not available."))?;
         let token = token_data.refresh_token;
 
-        let refresh_response = try_refresh_token(token)
+        let refresh_response = try_refresh_token(token, &self.client)
             .await
             .map_err(std::io::Error::other)?;
 
@@ -83,8 +75,9 @@ impl CodexAuth {
     pub fn from_codex_home(
         codex_home: &Path,
         preferred_auth_method: AuthMode,
+        originator: &str,
     ) -> std::io::Result<Option<CodexAuth>> {
-        load_auth(codex_home, true, preferred_auth_method)
+        load_auth(codex_home, true, preferred_auth_method, originator)
     }
 
     pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
@@ -98,7 +91,7 @@ impl CodexAuth {
                 if last_refresh < Utc::now() - chrono::Duration::days(28) {
                     let refresh_response = tokio::time::timeout(
                         Duration::from_secs(60),
-                        try_refresh_token(tokens.refresh_token.clone()),
+                        try_refresh_token(tokens.refresh_token.clone(), &self.client),
                     )
                     .await
                     .map_err(|_| {
@@ -180,8 +173,26 @@ impl CodexAuth {
             mode: AuthMode::ChatGPT,
             auth_file: PathBuf::new(),
             auth_dot_json,
+            client: crate::default_client::create_client("codex_cli_rs"),
         }
     }
+
+    fn from_api_key_with_client(api_key: &str, client: reqwest::Client) -> Self {
+        Self {
+            api_key: Some(api_key.to_owned()),
+            mode: AuthMode::ApiKey,
+            auth_file: PathBuf::new(),
+            auth_dot_json: Arc::new(Mutex::new(None)),
+            client,
+        }
+    }
+
+    pub fn from_api_key(api_key: &str) -> Self {
+        Self::from_api_key_with_client(
+            api_key,
+            crate::default_client::create_client(crate::default_client::DEFAULT_ORIGINATOR),
+        )
+    }
 }
 
 pub const OPENAI_API_KEY_ENV_VAR: &str = "OPENAI_API_KEY";
@@ -221,18 +232,20 @@ fn load_auth(
     codex_home: &Path,
     include_env_var: bool,
     preferred_auth_method: AuthMode,
+    originator: &str,
 ) -> std::io::Result<Option<CodexAuth>> {
     // First, check to see if there is a valid auth.json file. If not, we fall
     // back to AuthMode::ApiKey using the OPENAI_API_KEY environment variable
     // (if it is set).
     let auth_file = get_auth_file(codex_home);
+    let client = crate::default_client::create_client(originator);
     let auth_dot_json = match try_read_auth_json(&auth_file) {
         Ok(auth) => auth,
         // If auth.json does not exist, try to read the OPENAI_API_KEY from the
         // environment variable.
         Err(e) if e.kind() == std::io::ErrorKind::NotFound && include_env_var => {
             return match read_openai_api_key_from_env() {
-                Some(api_key) => Ok(Some(CodexAuth::from_api_key(&api_key))),
+                Some(api_key) => Ok(Some(CodexAuth::from_api_key_with_client(&api_key, client))),
                 None => Ok(None),
             };
         }
@@ -258,7 +271,7 @@ fn load_auth(
         match &tokens {
             Some(tokens) => {
                 if tokens.should_use_api_key(preferred_auth_method, tokens.is_openai_email()) {
-                    return Ok(Some(CodexAuth::from_api_key(api_key)));
+                    return Ok(Some(CodexAuth::from_api_key_with_client(api_key, client)));
                 } else {
                     // Ignore the API key and fall through to ChatGPT auth.
                 }
@@ -268,7 +281,7 @@ fn load_auth(
                 // Perhaps the user ran `codex login --api-key <KEY>` or updated
                 // auth.json by hand. Either way, let's assume they are trying
                 // to use their API key.
-                return Ok(Some(CodexAuth::from_api_key(api_key)));
+                return Ok(Some(CodexAuth::from_api_key_with_client(api_key, client)));
             }
         }
     }
@@ -284,6 +297,7 @@ fn load_auth(
             tokens,
             last_refresh,
         }))),
+        client,
     }))
 }
 
@@ -333,7 +347,10 @@ async fn update_tokens(
     Ok(auth_dot_json)
 }
 
-async fn try_refresh_token(refresh_token: String) -> std::io::Result<RefreshResponse> {
+async fn try_refresh_token(
+    refresh_token: String,
+    client: &reqwest::Client,
+) -> std::io::Result<RefreshResponse> {
     let refresh_request = RefreshRequest {
         client_id: CLIENT_ID,
         grant_type: "refresh_token",
@@ -341,7 +358,7 @@ async fn try_refresh_token(refresh_token: String) -> std::io::Result<RefreshResp
         scope: "openid profile email",
     };
 
-    let client = reqwest::Client::new();
+    // Use shared client factory to include standard headers
     let response = client
         .post("https://auth.openai.com/oauth/token")
         .header("Content-Type", "application/json")
@@ -455,7 +472,8 @@ mod tests {
             mode,
             auth_dot_json,
             auth_file: _,
-        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            ..
+        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT, "codex_cli_rs")
             .unwrap()
             .unwrap();
         assert_eq!(None, api_key);
@@ -506,7 +524,8 @@ mod tests {
             mode,
             auth_dot_json,
             auth_file: _,
-        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            ..
+        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT, "codex_cli_rs")
             .unwrap()
             .unwrap();
         assert_eq!(None, api_key);
@@ -556,7 +575,8 @@ mod tests {
             mode,
             auth_dot_json,
             auth_file: _,
-        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT)
+            ..
+        } = super::load_auth(codex_home.path(), false, AuthMode::ChatGPT, "codex_cli_rs")
             .unwrap()
             .unwrap();
         assert_eq!(Some("sk-test-key".to_string()), api_key);
@@ -576,7 +596,7 @@ mod tests {
         )
         .unwrap();
 
-        let auth = super::load_auth(dir.path(), false, AuthMode::ChatGPT)
+        let auth = super::load_auth(dir.path(), false, AuthMode::ChatGPT, "codex_cli_rs")
             .unwrap()
             .unwrap();
         assert_eq!(auth.mode, AuthMode::ApiKey);
@@ -660,6 +680,7 @@ mod tests {
 #[derive(Debug)]
 pub struct AuthManager {
     codex_home: PathBuf,
+    originator: String,
     inner: RwLock<CachedAuth>,
 }
 
@@ -668,12 +689,13 @@ impl AuthManager {
     /// preferred auth method. Errors loading auth are swallowed; `auth()` will
     /// simply return `None` in that case so callers can treat it as an
     /// unauthenticated state.
-    pub fn new(codex_home: PathBuf, preferred_auth_mode: AuthMode) -> Self {
-        let auth = CodexAuth::from_codex_home(&codex_home, preferred_auth_mode)
+    pub fn new(codex_home: PathBuf, preferred_auth_mode: AuthMode, originator: String) -> Self {
+        let auth = CodexAuth::from_codex_home(&codex_home, preferred_auth_mode, &originator)
             .ok()
             .flatten();
         Self {
             codex_home,
+            originator,
             inner: RwLock::new(CachedAuth {
                 preferred_auth_mode,
                 auth,
@@ -690,6 +712,7 @@ impl AuthManager {
         };
         Arc::new(Self {
             codex_home: PathBuf::new(),
+            originator: "codex_cli_rs".to_string(),
             inner: RwLock::new(cached),
         })
     }
@@ -711,7 +734,7 @@ impl AuthManager {
     /// whether the auth value changed.
     pub fn reload(&self) -> bool {
         let preferred = self.preferred_auth_method();
-        let new_auth = CodexAuth::from_codex_home(&self.codex_home, preferred)
+        let new_auth = CodexAuth::from_codex_home(&self.codex_home, preferred, &self.originator)
             .ok()
             .flatten();
         if let Ok(mut guard) = self.inner.write() {
@@ -732,8 +755,12 @@ impl AuthManager {
     }
 
     /// Convenience constructor returning an `Arc` wrapper.
-    pub fn shared(codex_home: PathBuf, preferred_auth_mode: AuthMode) -> Arc<Self> {
-        Arc::new(Self::new(codex_home, preferred_auth_mode))
+    pub fn shared(
+        codex_home: PathBuf,
+        preferred_auth_mode: AuthMode,
+        originator: String,
+    ) -> Arc<Self> {
+        Arc::new(Self::new(codex_home, preferred_auth_mode, originator))
     }
 
     /// Attempt to refresh the current auth token (if any). On success, reload

codex-rs/core/src/client.rs

@@ -30,6 +30,7 @@ use crate::client_common::ResponsesApiRequest;
 use crate::client_common::create_reasoning_param_for_request;
 use crate::client_common::create_text_param_for_request;
 use crate::config::Config;
+use crate::default_client::create_client;
 use crate::error::CodexErr;
 use crate::error::Result;
 use crate::error::UsageLimitReachedError;
@@ -40,7 +41,6 @@ use crate::model_provider_info::WireApi;
 use crate::openai_model_info::get_model_info;
 use crate::openai_tools::create_tools_json_for_responses_api;
 use crate::protocol::TokenUsage;
-use crate::user_agent::get_codex_user_agent;
 use crate::util::backoff;
 use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
 use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
@@ -84,10 +84,12 @@ impl ModelClient {
         summary: ReasoningSummaryConfig,
         session_id: Uuid,
     ) -> Self {
+        let client = create_client(&config.responses_originator_header);
+
         Self {
             config,
             auth_manager,
-            client: reqwest::Client::new(),
+            client,
             provider,
             session_id,
             effort,
@@ -242,10 +244,6 @@ impl ModelClient {
                 req_builder = req_builder.header("chatgpt-account-id", account_id);
             }
 
-            let originator = &self.config.responses_originator_header;
-            req_builder = req_builder.header("originator", originator);
-            req_builder = req_builder.header("User-Agent", get_codex_user_agent(Some(originator)));
-
             let res = req_builder.send().await;
             if let Ok(resp) = &res {
                 trace!(

codex-rs/core/src/default_client.rs

@@ -0,0 +1,106 @@
+pub const DEFAULT_ORIGINATOR: &str = "codex_cli_rs";
+
+pub fn get_codex_user_agent(originator: Option<&str>) -> String {
+    let build_version = env!("CARGO_PKG_VERSION");
+    let os_info = os_info::get();
+    format!(
+        "{}/{build_version} ({} {}; {}) {}",
+        originator.unwrap_or(DEFAULT_ORIGINATOR),
+        os_info.os_type(),
+        os_info.version(),
+        os_info.architecture().unwrap_or("unknown"),
+        crate::terminal::user_agent()
+    )
+}
+
+/// Create a reqwest client with default `originator` and `User-Agent` headers set.
+pub fn create_client(originator: &str) -> reqwest::Client {
+    use reqwest::header::HeaderMap;
+    use reqwest::header::HeaderValue;
+
+    let mut headers = HeaderMap::new();
+    let originator_value = HeaderValue::from_str(originator)
+        .unwrap_or_else(|_| HeaderValue::from_static(DEFAULT_ORIGINATOR));
+    headers.insert("originator", originator_value);
+    let ua = get_codex_user_agent(Some(originator));
+
+    match reqwest::Client::builder()
+        // Set UA via dedicated helper to avoid header validation pitfalls
+        .user_agent(ua)
+        .default_headers(headers)
+        .build()
+    {
+        Ok(client) => client,
+        Err(_) => reqwest::Client::new(),
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_get_codex_user_agent() {
+        let user_agent = get_codex_user_agent(None);
+        assert!(user_agent.starts_with("codex_cli_rs/"));
+    }
+
+    #[tokio::test]
+    async fn test_create_client_sets_default_headers() {
+        use wiremock::Mock;
+        use wiremock::MockServer;
+        use wiremock::ResponseTemplate;
+        use wiremock::matchers::method;
+        use wiremock::matchers::path;
+
+        let originator = "test_originator";
+        let client = create_client(originator);
+
+        // Spin up a local mock server and capture a request.
+        let server = MockServer::start().await;
+        Mock::given(method("GET"))
+            .and(path("/"))
+            .respond_with(ResponseTemplate::new(200))
+            .mount(&server)
+            .await;
+
+        let resp = client
+            .get(server.uri())
+            .send()
+            .await
+            .expect("failed to send request");
+        assert!(resp.status().is_success());
+
+        let requests = server
+            .received_requests()
+            .await
+            .expect("failed to fetch received requests");
+        assert!(!requests.is_empty());
+        let headers = &requests[0].headers;
+
+        // originator header is set to the provided value
+        let originator_header = headers
+            .get("originator")
+            .expect("originator header missing");
+        assert_eq!(originator_header.to_str().unwrap(), originator);
+
+        // User-Agent matches the computed Codex UA for that originator
+        let expected_ua = get_codex_user_agent(Some(originator));
+        let ua_header = headers
+            .get("user-agent")
+            .expect("user-agent header missing");
+        assert_eq!(ua_header.to_str().unwrap(), expected_ua);
+    }
+
+    #[test]
+    #[cfg(target_os = "macos")]
+    fn test_macos() {
+        use regex_lite::Regex;
+        let user_agent = get_codex_user_agent(None);
+        let re = Regex::new(
+            r"^codex_cli_rs/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\) (\S+)$",
+        )
+        .unwrap();
+        assert!(re.is_match(&user_agent));
+    }
+}

codex-rs/core/src/lib.rs

@@ -45,6 +45,7 @@ pub use conversation_manager::NewConversation;
 // Re-export common auth types for workspace consumers
 pub use auth::AuthManager;
 pub use auth::CodexAuth;
+pub mod default_client;
 pub mod model_family;
 mod openai_model_info;
 mod openai_tools;
@@ -58,7 +59,6 @@ pub mod spawn;
 pub mod terminal;
 mod tool_apply_patch;
 pub mod turn_diff_tracker;
-pub mod user_agent;
 pub use rollout::list::ConversationsPage;
 mod user_notification;
 pub mod util;

codex-rs/core/src/openai_tools.rs

@@ -240,15 +240,17 @@ fn create_shell_tool_for_sandbox(sandbox_policy: &SandboxPolicy) -> OpenAiTool {
     let description = match sandbox_policy {
         SandboxPolicy::WorkspaceWrite {
             network_access,
+            writable_roots,
             ..
         } => {
             format!(
                 r#"
 The shell tool is used to execute shell commands.
-- When invoking the shell tool, your call will be running in a landlock sandbox, and some shell commands will require escalated privileges:
+- When invoking the shell tool, your call will be running in a sandbox, and some shell commands will require escalated privileges:
   - Types of actions that require escalated privileges:
-    - Reading files outside the current directory
-    - Writing files outside the current directory, and protected folders like .git or .env{}
+    - Writing files other than those in the writable roots
+      - writable roots:
+{}{}
   - Examples of commands that require escalated privileges:
     - git commit
     - npm install or pnpm install
@@ -257,8 +259,9 @@ The shell tool is used to execute shell commands.
 - When invoking a command that will require escalated privileges:
   - Provide the with_escalated_permissions parameter with the boolean value true
   - Include a short, 1 sentence explanation for why we need to run with_escalated_permissions in the justification parameter."#,
+                writable_roots.iter().map(|wr| format!("        - {}", wr.to_string_lossy())).collect::<Vec<String>>().join("\n"),
                 if !network_access {
-                    "\n  - Commands that require network access\n"
+                    "\n    - Commands that require network access\n"
                 } else {
                     ""
                 }
@@ -270,9 +273,8 @@ The shell tool is used to execute shell commands.
         SandboxPolicy::ReadOnly => {
             r#"
 The shell tool is used to execute shell commands.
-- When invoking the shell tool, your call will be running in a landlock sandbox, and some shell commands (including apply_patch) will require escalated permissions:
+- When invoking the shell tool, your call will be running in a sandbox, and some shell commands (including apply_patch) will require escalated permissions:
   - Types of actions that require escalated privileges:
-    - Reading files outside the current directory
     - Writing files
     - Applying patches
   - Examples of commands that require escalated privileges:
@@ -1081,4 +1083,84 @@ mod tests {
             })
         );
     }
+
+    #[test]
+    fn test_shell_tool_for_sandbox_workspace_write() {
+        let sandbox_policy = SandboxPolicy::WorkspaceWrite {
+            writable_roots: vec!["workspace".into()],
+            network_access: false,
+            exclude_tmpdir_env_var: false,
+            exclude_slash_tmp: false,
+        };
+        let tool = super::create_shell_tool_for_sandbox(&sandbox_policy);
+        let OpenAiTool::Function(ResponsesApiTool {
+            description, name, ..
+        }) = &tool
+        else {
+            panic!("expected function tool");
+        };
+        assert_eq!(name, "shell");
+
+        let expected = r#"
+The shell tool is used to execute shell commands.
+- When invoking the shell tool, your call will be running in a sandbox, and some shell commands will require escalated privileges:
+  - Types of actions that require escalated privileges:
+    - Writing files other than those in the writable roots
+      - writable roots:
+        - workspace
+    - Commands that require network access
+
+  - Examples of commands that require escalated privileges:
+    - git commit
+    - npm install or pnpm install
+    - cargo build
+    - cargo test
+- When invoking a command that will require escalated privileges:
+  - Provide the with_escalated_permissions parameter with the boolean value true
+  - Include a short, 1 sentence explanation for why we need to run with_escalated_permissions in the justification parameter."#;
+        assert_eq!(description, expected);
+    }
+
+    #[test]
+    fn test_shell_tool_for_sandbox_readonly() {
+        let tool = super::create_shell_tool_for_sandbox(&SandboxPolicy::ReadOnly);
+        let OpenAiTool::Function(ResponsesApiTool {
+            description, name, ..
+        }) = &tool
+        else {
+            panic!("expected function tool");
+        };
+        assert_eq!(name, "shell");
+
+        let expected = r#"
+The shell tool is used to execute shell commands.
+- When invoking the shell tool, your call will be running in a sandbox, and some shell commands (including apply_patch) will require escalated permissions:
+  - Types of actions that require escalated privileges:
+    - Writing files
+    - Applying patches
+  - Examples of commands that require escalated privileges:
+    - apply_patch
+    - git commit
+    - npm install or pnpm install
+    - cargo build
+    - cargo test
+- When invoking a command that will require escalated privileges:
+  - Provide the with_escalated_permissions parameter with the boolean value true
+  - Include a short, 1 sentence explanation for why we need to run with_escalated_permissions in the justification parameter"#;
+        assert_eq!(description, expected);
+    }
+
+    #[test]
+    fn test_shell_tool_for_sandbox_danger_full_access() {
+        let tool = super::create_shell_tool_for_sandbox(&SandboxPolicy::DangerFullAccess);
+        let OpenAiTool::Function(ResponsesApiTool {
+            description, name, ..
+        }) = &tool
+        else {
+            panic!("expected function tool");
+        };
+        assert_eq!(name, "shell");
+
+        assert_eq!(description, "Runs a shell command and returns its output.");
+    }
 }

codex-rs/core/src/user_agent.rs

@@ -1,37 +0,0 @@
-const DEFAULT_ORIGINATOR: &str = "codex_cli_rs";
-
-pub fn get_codex_user_agent(originator: Option<&str>) -> String {
-    let build_version = env!("CARGO_PKG_VERSION");
-    let os_info = os_info::get();
-    format!(
-        "{}/{build_version} ({} {}; {}) {}",
-        originator.unwrap_or(DEFAULT_ORIGINATOR),
-        os_info.os_type(),
-        os_info.version(),
-        os_info.architecture().unwrap_or("unknown"),
-        crate::terminal::user_agent()
-    )
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn test_get_codex_user_agent() {
-        let user_agent = get_codex_user_agent(None);
-        assert!(user_agent.starts_with("codex_cli_rs/"));
-    }
-
-    #[test]
-    #[cfg(target_os = "macos")]
-    fn test_macos() {
-        use regex_lite::Regex;
-        let user_agent = get_codex_user_agent(None);
-        let re = Regex::new(
-            r"^codex_cli_rs/\d+\.\d+\.\d+ \(Mac OS \d+\.\d+\.\d+; (x86_64|arm64)\) (\S+)$",
-        )
-        .unwrap();
-        assert!(re.is_match(&user_agent));
-    }
-}

codex-rs/core/tests/suite/client.rs

@@ -414,12 +414,15 @@ async fn prefers_chatgpt_token_when_config_prefers_chatgpt() {
     config.model_provider = model_provider;
     config.preferred_auth_method = AuthMode::ChatGPT;
 
-    let auth_manager =
-        match CodexAuth::from_codex_home(codex_home.path(), config.preferred_auth_method) {
-            Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
-            Ok(None) => panic!("No CodexAuth found in codex_home"),
-            Err(e) => panic!("Failed to load CodexAuth: {e}"),
-        };
+    let auth_manager = match CodexAuth::from_codex_home(
+        codex_home.path(),
+        config.preferred_auth_method,
+        &config.responses_originator_header,
+    ) {
+        Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
+        Ok(None) => panic!("No CodexAuth found in codex_home"),
+        Err(e) => panic!("Failed to load CodexAuth: {e}"),
+    };
     let conversation_manager = ConversationManager::new(auth_manager);
     let NewConversation {
         conversation: codex,
@@ -495,12 +498,15 @@ async fn prefers_apikey_when_config_prefers_apikey_even_with_chatgpt_tokens() {
     config.model_provider = model_provider;
     config.preferred_auth_method = AuthMode::ApiKey;
 
-    let auth_manager =
-        match CodexAuth::from_codex_home(codex_home.path(), config.preferred_auth_method) {
-            Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
-            Ok(None) => panic!("No CodexAuth found in codex_home"),
-            Err(e) => panic!("Failed to load CodexAuth: {e}"),
-        };
+    let auth_manager = match CodexAuth::from_codex_home(
+        codex_home.path(),
+        config.preferred_auth_method,
+        &config.responses_originator_header,
+    ) {
+        Ok(Some(auth)) => codex_core::AuthManager::from_auth_for_testing(auth),
+        Ok(None) => panic!("No CodexAuth found in codex_home"),
+        Err(e) => panic!("Failed to load CodexAuth: {e}"),
+    };
     let conversation_manager = ConversationManager::new(auth_manager);
     let NewConversation {
         conversation: codex,

codex-rs/exec/src/lib.rs

@@ -191,6 +191,7 @@ pub async fn run_main(cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>) -> any
     let conversation_manager = ConversationManager::new(AuthManager::shared(
         config.codex_home.clone(),
         config.preferred_auth_method,
+        config.responses_originator_header.clone(),
     ));
     let NewConversation {
         conversation_id: _,

codex-rs/file-search/src/lib.rs

@@ -151,7 +151,13 @@ pub fn run(
     // Use the same tree-walker library that ripgrep uses. We use it directly so
     // that we can leverage the parallelism it provides.
     let mut walk_builder = WalkBuilder::new(search_directory);
-    walk_builder.threads(num_walk_builder_threads);
+    walk_builder
+        .threads(num_walk_builder_threads)
+        // Allow hidden entries.
+        .hidden(false)
+        // Don't require git to be present to apply to apply git-related ignore rules.
+        .require_git(false);
+
     if !exclude.is_empty() {
         let mut override_builder = OverrideBuilder::new(search_directory);
         for exclude in exclude {

codex-rs/mcp-server/src/message_processor.rs

@@ -53,8 +53,11 @@ impl MessageProcessor {
         config: Arc<Config>,
     ) -> Self {
         let outgoing = Arc::new(outgoing);
-        let auth_manager =
-            AuthManager::shared(config.codex_home.clone(), config.preferred_auth_method);
+        let auth_manager = AuthManager::shared(
+            config.codex_home.clone(),
+            config.preferred_auth_method,
+            config.responses_originator_header.clone(),
+        );
         let conversation_manager = Arc::new(ConversationManager::new(auth_manager.clone()));
         let codex_message_processor = CodexMessageProcessor::new(
             auth_manager,

codex-rs/tui/src/lib.rs

@@ -301,7 +301,11 @@ async fn run_ratatui_app(
 
     let Cli { prompt, images, .. } = cli;
 
-    let auth_manager = AuthManager::shared(config.codex_home.clone(), config.preferred_auth_method);
+    let auth_manager = AuthManager::shared(
+        config.codex_home.clone(),
+        config.preferred_auth_method,
+        config.responses_originator_header.clone(),
+    );
     let login_status = get_login_status(&config);
     let should_show_onboarding =
         should_show_onboarding(login_status, &config, should_show_trust_screen);
@@ -357,7 +361,11 @@ fn get_login_status(config: &Config) -> LoginStatus {
         // Reading the OpenAI API key is an async operation because it may need
         // to refresh the token. Block on it.
         let codex_home = config.codex_home.clone();
-        match CodexAuth::from_codex_home(&codex_home, config.preferred_auth_method) {
+        match CodexAuth::from_codex_home(
+            &codex_home,
+            config.preferred_auth_method,
+            &config.responses_originator_header,
+        ) {
             Ok(Some(auth)) => LoginStatus::AuthMode(auth.mode),
             Ok(None) => LoginStatus::NotAuthenticated,
             Err(err) => {

codex-rs/tui/src/updates.rs

@@ -9,7 +9,7 @@ use std::path::Path;
 use std::path::PathBuf;
 
 use codex_core::config::Config;
-use codex_core::user_agent::get_codex_user_agent;
+use codex_core::default_client::create_client;
 
 pub fn get_upgrade_version(config: &Config) -> Option<String> {
     let version_file = version_filepath(config);
@@ -22,8 +22,9 @@ pub fn get_upgrade_version(config: &Config) -> Option<String> {
         // Refresh the cached latest version in the background so TUI startup
         // isn’t blocked by a network call. The UI reads the previously cached
         // value (if any) for this run; the next run shows the banner if needed.
+        let originator = config.responses_originator_header.clone();
         tokio::spawn(async move {
-            check_for_update(&version_file)
+            check_for_update(&version_file, &originator)
                 .await
                 .inspect_err(|e| tracing::error!("Failed to update version: {e}"))
         });
@@ -63,12 +64,11 @@ fn read_version_info(version_file: &Path) -> anyhow::Result<VersionInfo> {
     Ok(serde_json::from_str(&contents)?)
 }
 
-async fn check_for_update(version_file: &Path) -> anyhow::Result<()> {
+async fn check_for_update(version_file: &Path, originator: &str) -> anyhow::Result<()> {
     let ReleaseInfo {
         tag_name: latest_tag_name,
-    } = reqwest::Client::new()
+    } = create_client(originator)
         .get(LATEST_RELEASE_URL)
-        .header("User-Agent", get_codex_user_agent(None))
         .send()
         .await?
         .error_for_status()?

docs/authentication.md

@@ -8,6 +8,8 @@ If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API
 export OPENAI_API_KEY="your-api-key-here"
 ```
 
+This key must, at minimum, have write access to the Responses API.
+
 ## Migrating to ChatGPT login from API key
 
 If you've used the Codex CLI before with usage-based billing via an API key and want to switch to using your ChatGPT plan, follow these steps:
@@ -85,4 +87,4 @@ If you run Codex on a remote machine (VPS/server) without a local browser, the l
 ssh -L 1455:localhost:1455 <user>@<remote-host>
 ```
 
-Then, in that SSH session, run `codex` and select "Sign in with ChatGPT". When prompted, open the printed URL (it will be `http://localhost:1455/...`) in your local browser. The traffic will be tunneled to the remote server. 
+Then, in that SSH session, run `codex` and select "Sign in with ChatGPT". When prompted, open the printed URL (it will be `http://localhost:1455/...`) in your local browser. The traffic will be tunneled to the remote server. 

docs/config.md

@@ -555,6 +555,23 @@ This is analogous to `model_context_window`, but for the maximum number of outpu
 
 Maximum number of bytes to read from an `AGENTS.md` file to include in the instructions sent with the first turn of a session. Defaults to 32 KiB.
 
+## tools.view_image
+
+Enable the `view_image` tool so the agent can attach local images (paths on disk) to provide extra visual context. Defaults to `true`.
+
+```toml
+[tools]
+view_image = true   # Added Sep 3, 2025
+```
+
+## disable_paste_burst
+
+Disable multi-line paste burst sending in the TUI chat composer to avoid accidental rapid submissions of pasted content. Defaults to `false`.
+
+```toml
+disable_paste_burst = true   # Added Sep 3, 2025
+```
+
 ## tui
 
 Options that are specific to the TUI.
@@ -614,4 +631,6 @@ Options that are specific to the TUI.
 | `responses_originator_header_internal_override` | string | Override `originator` header value. |
 | `projects.<path>.trust_level` | string | Mark project/worktree as trusted (only `"trusted"` is recognized). |
 | `preferred_auth_method` | `chatgpt` \| `apikey` | Select default auth method (default: `chatgpt`). |
+| `disable_paste_burst` | boolean | Disable multi-line paste burst sending in the TUI chat composer (default: false). |
 | `tools.web_search` | boolean | Enable web search tool (alias: `web_search_request`) (default: false). |
+| `tools.view_image` | boolean | Enable the view_image tool so the agent can attach local images (default: true). |