checkpoint 2

.codespellignore

@@ -1,2 +1 @@
 iTerm
-psuedo

.github/actions/linux-code-sign/action.yml

@@ -1,44 +0,0 @@
-name: linux-code-sign
-description: Sign Linux artifacts with cosign.
-inputs:
-  target:
-    description: Target triple for the artifacts to sign.
-    required: true
-  artifacts-dir:
-    description: Absolute path to the directory containing built binaries to sign.
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Install cosign
-      uses: sigstore/cosign-installer@v3.7.0
-
-    - name: Cosign Linux artifacts
-      shell: bash
-      env:
-        COSIGN_EXPERIMENTAL: "1"
-        COSIGN_YES: "true"
-        COSIGN_OIDC_CLIENT_ID: "sigstore"
-        COSIGN_OIDC_ISSUER: "https://oauth2.sigstore.dev/auth"
-      run: |
-        set -euo pipefail
-
-        dest="${{ inputs.artifacts-dir }}"
-        if [[ ! -d "$dest" ]]; then
-          echo "Destination $dest does not exist"
-          exit 1
-        fi
-
-        for binary in codex codex-responses-api-proxy; do
-          artifact="${dest}/${binary}"
-          if [[ ! -f "$artifact" ]]; then
-            echo "Binary $artifact not found"
-            exit 1
-          fi
-
-          cosign sign-blob \
-            --yes \
-            --bundle "${artifact}.sigstore" \
-            "$artifact"
-        done

.github/actions/windows-code-sign/action.yml

@@ -1,55 +0,0 @@
-name: windows-code-sign
-description: Sign Windows binaries with Azure Trusted Signing.
-inputs:
-  target:
-    description: Target triple for the artifacts to sign.
-    required: true
-  client-id:
-    description: Azure Trusted Signing client ID.
-    required: true
-  tenant-id:
-    description: Azure tenant ID for Trusted Signing.
-    required: true
-  subscription-id:
-    description: Azure subscription ID for Trusted Signing.
-    required: true
-  endpoint:
-    description: Azure Trusted Signing endpoint.
-    required: true
-  account-name:
-    description: Azure Trusted Signing account name.
-    required: true
-  certificate-profile-name:
-    description: Certificate profile name for signing.
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Azure login for Trusted Signing (OIDC)
-      uses: azure/login@v2
-      with:
-        client-id: ${{ inputs.client-id }}
-        tenant-id: ${{ inputs.tenant-id }}
-        subscription-id: ${{ inputs.subscription-id }}
-
-    - name: Sign Windows binaries with Azure Trusted Signing
-      uses: azure/trusted-signing-action@v0
-      with:
-        endpoint: ${{ inputs.endpoint }}
-        trusted-signing-account-name: ${{ inputs.account-name }}
-        certificate-profile-name: ${{ inputs.certificate-profile-name }}
-        exclude-environment-credential: true
-        exclude-workload-identity-credential: true
-        exclude-managed-identity-credential: true
-        exclude-shared-token-cache-credential: true
-        exclude-visual-studio-credential: true
-        exclude-visual-studio-code-credential: true
-        exclude-azure-cli-credential: false
-        exclude-azure-powershell-credential: true
-        exclude-azure-developer-cli-credential: true
-        exclude-interactive-browser-credential: true
-        cache-dependencies: false
-        files: |
-          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex.exe
-          ${{ github.workspace }}/codex-rs/target/${{ inputs.target }}/release/codex-responses-api-proxy.exe

.github/workflows/rust-ci.yml

@@ -369,57 +369,6 @@ jobs:
 
     steps:
       - uses: actions/checkout@v6
-
-      # We have been running out of space when running this job on Linux for
-      # x86_64-unknown-linux-gnu, so remove some unnecessary dependencies.
-      - name: Remove unnecessary dependencies to save space
-        if: ${{ startsWith(matrix.runner, 'ubuntu') }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          sudo rm -rf \
-            /usr/local/lib/android \
-            /usr/share/dotnet \
-            /usr/local/share/boost \
-            /usr/local/lib/node_modules \
-            /opt/ghc
-          sudo apt-get remove -y docker.io docker-compose podman buildah
-
-      # Ensure brew includes this fix so that brew's shellenv.sh loads
-      # cleanly in the Codex sandbox (it is frequently eval'd via .zprofile
-      # for Brew users, including the macOS runners on GitHub):
-      #
-      # https://github.com/Homebrew/brew/pull/21157
-      #
-      # Once brew 5.0.5 is released and is the default on macOS runners, this
-      # step can be removed.
-      - name: Upgrade brew
-        if: ${{ startsWith(matrix.runner, 'macos') }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          brew --version
-          git -C "$(brew --repo)" fetch origin
-          git -C "$(brew --repo)" checkout main
-          git -C "$(brew --repo)" reset --hard origin/main
-          export HOMEBREW_UPDATE_TO_TAG=0
-          brew update
-          brew upgrade
-          brew --version
-
-      # Some integration tests rely on DotSlash being installed.
-      # See https://github.com/openai/codex/pull/7617.
-      - name: Install DotSlash
-        uses: facebook/install-dotslash@v2
-
-      - name: Pre-fetch DotSlash artifacts
-        # The Bash wrapper is not available on Windows.
-        if: ${{ !startsWith(matrix.runner, 'windows') }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          dotslash -- fetch exec-server/tests/suite/bash
-
       - uses: dtolnay/rust-toolchain@1.90
         with:
           targets: ${{ matrix.target }}

.github/workflows/rust-release.yml

@@ -50,9 +50,6 @@ jobs:
     name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
     runs-on: ${{ matrix.runner }}
     timeout-minutes: 30
-    permissions:
-      contents: read
-      id-token: write
     defaults:
       run:
         working-directory: codex-rs
@@ -103,25 +100,6 @@ jobs:
       - name: Cargo build
         run: cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy
 
-      - if: ${{ contains(matrix.target, 'linux') }}
-        name: Cosign Linux artifacts
-        uses: ./.github/actions/linux-code-sign
-        with:
-          target: ${{ matrix.target }}
-          artifacts-dir: ${{ github.workspace }}/codex-rs/target/${{ matrix.target }}/release
-
-      - if: ${{ contains(matrix.target, 'windows') }}
-        name: Sign Windows binaries with Azure Trusted Signing
-        uses: ./.github/actions/windows-code-sign
-        with:
-          target: ${{ matrix.target }}
-          client-id: ${{ secrets.AZURE_TRUSTED_SIGNING_CLIENT_ID }}
-          tenant-id: ${{ secrets.AZURE_TRUSTED_SIGNING_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID }}
-          endpoint: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
-          account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
-          certificate-profile-name: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME }}
-
       - if: ${{ matrix.runner == 'macos-15-xlarge' }}
         name: Configure Apple code signing
         shell: bash
@@ -305,11 +283,6 @@ jobs:
             cp target/${{ matrix.target }}/release/codex-responses-api-proxy "$dest/codex-responses-api-proxy-${{ matrix.target }}"
           fi
 
-          if [[ "${{ matrix.target }}" == *linux* ]]; then
-            cp target/${{ matrix.target }}/release/codex.sigstore "$dest/codex-${{ matrix.target }}.sigstore"
-            cp target/${{ matrix.target }}/release/codex-responses-api-proxy.sigstore "$dest/codex-responses-api-proxy-${{ matrix.target }}.sigstore"
-          fi
-
       - if: ${{ matrix.runner == 'windows-11-arm' }}
         name: Install zstd
         shell: powershell
@@ -348,11 +321,6 @@ jobs:
               continue
             fi
 
-            # Don't try to compress signature bundles.
-            if [[ "$base" == *.sigstore ]]; then
-              continue
-            fi
-
             # Create per-binary tar.gz
             tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
 

AGENTS.md

@@ -75,7 +75,6 @@ If you don’t have the tool:
 ### Test assertions
 
 - Tests should use pretty_assertions::assert_eq for clearer diffs. Import this at the top of the test module if it isn't already.
-- Prefer deep equals comparisons whenever possible. Perform `assert_eq!()` on entire objects, rather than individual fields.
 
 ### Integration tests (core)
 

codex-rs/Cargo.lock

@@ -887,7 +887,6 @@ dependencies = [
  "codex-file-search",
  "codex-login",
  "codex-protocol",
- "codex-rmcp-client",
  "codex-utils-json-to-toml",
  "core_test_support",
  "mcp-types",
@@ -1041,7 +1040,6 @@ dependencies = [
  "codex-rmcp-client",
  "codex-stdio-to-uds",
  "codex-tui",
- "codex-tui2",
  "codex-windows-sandbox",
  "ctor 0.5.0",
  "libc",
@@ -1050,7 +1048,7 @@ dependencies = [
  "pretty_assertions",
  "regex-lite",
  "serde_json",
- "supports-color 3.0.2",
+ "supports-color",
  "tempfile",
  "tokio",
  "toml",
@@ -1090,13 +1088,10 @@ dependencies = [
  "codex-login",
  "codex-tui",
  "crossterm",
- "owo-colors",
- "pretty_assertions",
  "ratatui",
  "reqwest",
  "serde",
  "serde_json",
- "supports-color 3.0.2",
  "tokio",
  "tokio-stream",
  "tracing",
@@ -1158,7 +1153,6 @@ dependencies = [
  "codex-otel",
  "codex-protocol",
  "codex-rmcp-client",
- "codex-utils-absolute-path",
  "codex-utils-pty",
  "codex-utils-readiness",
  "codex-utils-string",
@@ -1243,7 +1237,7 @@ dependencies = [
  "serde",
  "serde_json",
  "shlex",
- "supports-color 3.0.2",
+ "supports-color",
  "tempfile",
  "tokio",
  "tracing",
@@ -1259,14 +1253,10 @@ name = "codex-exec-server"
 version = "0.0.0"
 dependencies = [
  "anyhow",
- "assert_cmd",
  "async-trait",
  "clap",
  "codex-core",
- "codex-execpolicy",
- "exec_server_test_support",
  "libc",
- "maplit",
  "path-absolutize",
  "pretty_assertions",
  "rmcp",
@@ -1279,7 +1269,6 @@ dependencies = [
  "tokio-util",
  "tracing",
  "tracing-subscriber",
- "which",
 ]
 
 [[package]]
@@ -1305,7 +1294,7 @@ dependencies = [
  "allocative",
  "anyhow",
  "clap",
- "derive_more 2.1.0",
+ "derive_more 2.0.1",
  "env_logger",
  "log",
  "multimap",
@@ -1466,7 +1455,6 @@ dependencies = [
  "chrono",
  "codex-app-server-protocol",
  "codex-protocol",
- "codex-utils-absolute-path",
  "eventsource-stream",
  "http",
  "opentelemetry",
@@ -1487,7 +1475,6 @@ name = "codex-process-hardening"
 version = "0.0.0"
 dependencies = [
  "libc",
- "pretty_assertions",
 ]
 
 [[package]]
@@ -1495,6 +1482,7 @@ name = "codex-protocol"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "base64",
  "codex-git",
  "codex-utils-image",
  "icu_decimal",
@@ -1597,7 +1585,7 @@ dependencies = [
  "codex-windows-sandbox",
  "color-eyre",
  "crossterm",
- "derive_more 2.1.0",
+ "derive_more 2.0.1",
  "diffy",
  "dirs",
  "dunce",
@@ -1622,7 +1610,7 @@ dependencies = [
  "shlex",
  "strum 0.27.2",
  "strum_macros 0.27.2",
- "supports-color 3.0.2",
+ "supports-color",
  "tempfile",
  "textwrap 0.16.2",
  "tokio",
@@ -1641,28 +1629,6 @@ dependencies = [
  "vt100",
 ]
 
-[[package]]
-name = "codex-tui2"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "clap",
- "codex-arg0",
- "codex-common",
- "codex-core",
- "codex-tui",
-]
-
-[[package]]
-name = "codex-utils-absolute-path"
-version = "0.0.0"
-dependencies = [
- "path-absolutize",
- "serde",
- "serde_json",
- "tempfile",
-]
-
 [[package]]
 name = "codex-utils-cache"
 version = "0.0.0"
@@ -1698,13 +1664,8 @@ name = "codex-utils-pty"
 version = "0.0.0"
 dependencies = [
  "anyhow",
- "filedescriptor",
- "lazy_static",
- "log",
  "portable-pty",
- "shared_library",
  "tokio",
- "winapi",
 ]
 
 [[package]]
@@ -1727,6 +1688,7 @@ name = "codex-windows-sandbox"
 version = "0.0.0"
 dependencies = [
  "anyhow",
+ "base64",
  "chrono",
  "codex-protocol",
  "dirs-next",
@@ -1735,6 +1697,7 @@ dependencies = [
  "serde",
  "serde_json",
  "tempfile",
+ "windows 0.58.0",
  "windows-sys 0.52.0",
 ]
 
@@ -1827,9 +1790,9 @@ dependencies = [
 
 [[package]]
 name = "convert_case"
-version = "0.10.0"
+version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "633458d4ef8c78b72454de2d54fd6ab2e60f9e02be22f3c6104cdc8a4e0fceb9"
+checksum = "bb402b8d4c85569410425650ce3eddc7d698ed96d39a73f941b08fb63082f1e7"
 dependencies = [
  "unicode-segmentation",
 ]
@@ -2168,11 +2131,11 @@ dependencies = [
 
 [[package]]
 name = "derive_more"
-version = "2.1.0"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "10b768e943bed7bf2cab53df09f4bc34bfd217cdb57d971e769874c9a6710618"
+checksum = "093242cf7570c207c83073cf82f79706fe7b8317e98620a47d5be7c3d8497678"
 dependencies = [
- "derive_more-impl 2.1.0",
+ "derive_more-impl 2.0.1",
 ]
 
 [[package]]
@@ -2190,14 +2153,13 @@ dependencies = [
 
 [[package]]
 name = "derive_more-impl"
-version = "2.1.0"
+version = "2.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6d286bfdaf75e988b4a78e013ecd79c581e06399ab53fbacd2d916c2f904f30b"
+checksum = "bda628edc44c4bb645fbe0f758797143e4e07926f7ebf4e9bdfbd3d2ce621df3"
 dependencies = [
- "convert_case 0.10.0",
+ "convert_case 0.7.1",
  "proc-macro2",
  "quote",
- "rustc_version",
  "syn 2.0.104",
  "unicode-xid",
 ]
@@ -2538,18 +2500,6 @@ dependencies = [
  "pin-project-lite",
 ]
 
-[[package]]
-name = "exec_server_test_support"
-version = "0.0.0"
-dependencies = [
- "anyhow",
- "assert_cmd",
- "codex-core",
- "rmcp",
- "serde_json",
- "tokio",
-]
-
 [[package]]
 name = "eyre"
 version = "0.6.12"
@@ -2594,7 +2544,7 @@ checksum = "0ce92ff622d6dadf7349484f42c93271a0d49b7cc4d466a936405bacbe10aa78"
 dependencies = [
  "cfg-if",
  "rustix 1.0.8",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -3168,7 +3118,7 @@ dependencies = [
  "js-sys",
  "log",
  "wasm-bindgen",
- "windows-core",
+ "windows-core 0.61.2",
 ]
 
 [[package]]
@@ -3432,9 +3382,9 @@ dependencies = [
 
 [[package]]
 name = "insta"
-version = "1.44.3"
+version = "1.43.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5c943d4415edd8153251b6f197de5eb1640e56d84e8d9159bea190421c73698"
+checksum = "46fdb647ebde000f43b5b53f773c30cf9b0cb4300453208713fa38b2c70935a0"
 dependencies = [
  "console",
  "once_cell",
@@ -3498,7 +3448,7 @@ checksum = "e04d7f318608d35d4b61ddd75cbdaee86b023ebe2bd5a66ee0915f0bf93095a9"
 dependencies = [
  "hermit-abi",
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -4486,10 +4436,6 @@ name = "owo-colors"
 version = "4.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "48dd4f4a2c8405440fd0462561f0e5806bd0f77e86f51c761481bdd4018b545e"
-dependencies = [
- "supports-color 2.1.0",
- "supports-color 3.0.2",
-]
 
 [[package]]
 name = "parking"
@@ -4807,7 +4753,7 @@ dependencies = [
  "nix 0.30.1",
  "tokio",
  "tracing",
- "windows",
+ "windows 0.61.3",
 ]
 
 [[package]]
@@ -5287,7 +5233,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys 0.4.15",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -6226,16 +6172,6 @@ version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
-[[package]]
-name = "supports-color"
-version = "2.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6398cde53adc3c4557306a96ce67b302968513830a77a95b2b17305d9719a89"
-dependencies = [
- "is-terminal",
- "is_ci",
-]
-
 [[package]]
 name = "supports-color"
 version = "3.0.2"
@@ -6972,9 +6908,9 @@ checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
 
 [[package]]
 name = "ts-rs"
-version = "11.1.0"
+version = "11.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4994acea2522cd2b3b85c1d9529a55991e3ad5e25cdcd3de9d505972c4379424"
+checksum = "6ef1b7a6d914a34127ed8e1fa927eb7088903787bcded4fa3eef8f85ee1568be"
 dependencies = [
  "serde_json",
  "thiserror 2.0.17",
@@ -6984,9 +6920,9 @@ dependencies = [
 
 [[package]]
 name = "ts-rs-macros"
-version = "11.1.0"
+version = "11.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ee6ff59666c9cbaec3533964505d39154dc4e0a56151fdea30a09ed0301f62e2"
+checksum = "e9d4ed7b4c18cc150a6a0a1e9ea1ecfa688791220781af6e119f9599a8502a0a"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -7442,9 +7378,9 @@ dependencies = [
 
 [[package]]
 name = "wildmatch"
-version = "2.6.1"
+version = "2.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29333c3ea1ba8b17211763463ff24ee84e41c78224c16b001cd907e663a38c68"
+checksum = "39b7d07a236abaef6607536ccfaf19b396dbe3f5110ddb73d39f4562902ed382"
 
 [[package]]
 name = "winapi"
@@ -7468,7 +7404,7 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -7477,6 +7413,16 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
 
+[[package]]
+name = "windows"
+version = "0.58.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dd04d41d93c4992d421894c18c8b43496aa748dd4c081bac0dc93eb0489272b6"
+dependencies = [
+ "windows-core 0.58.0",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "windows"
 version = "0.61.3"
@@ -7484,7 +7430,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9babd3a767a4c1aef6900409f85f5d53ce2544ccdfaa86dad48c91782c6d6893"
 dependencies = [
  "windows-collections",
- "windows-core",
+ "windows-core 0.61.2",
  "windows-future",
  "windows-link 0.1.3",
  "windows-numerics",
@@ -7496,7 +7442,20 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8"
 dependencies = [
- "windows-core",
+ "windows-core 0.61.2",
+]
+
+[[package]]
+name = "windows-core"
+version = "0.58.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6ba6d44ec8c2591c134257ce647b7ea6b20335bf6379a27dac5f1641fcf59f99"
+dependencies = [
+ "windows-implement 0.58.0",
+ "windows-interface 0.58.0",
+ "windows-result 0.2.0",
+ "windows-strings 0.1.0",
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -7505,11 +7464,11 @@ version = "0.61.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0fdd3ddb90610c7638aa2b3a3ab2904fb9e5cdbecc643ddb3647212781c4ae3"
 dependencies = [
- "windows-implement",
- "windows-interface",
+ "windows-implement 0.60.0",
+ "windows-interface 0.59.1",
  "windows-link 0.1.3",
- "windows-result",
- "windows-strings",
+ "windows-result 0.3.4",
+ "windows-strings 0.4.2",
 ]
 
 [[package]]
@@ -7518,11 +7477,22 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e"
 dependencies = [
- "windows-core",
+ "windows-core 0.61.2",
  "windows-link 0.1.3",
  "windows-threading",
 ]
 
+[[package]]
+name = "windows-implement"
+version = "0.58.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2bbd5b46c938e506ecbce286b6628a02171d56153ba733b6c741fc627ec9579b"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
 [[package]]
 name = "windows-implement"
 version = "0.60.0"
@@ -7534,6 +7504,17 @@ dependencies = [
  "syn 2.0.104",
 ]
 
+[[package]]
+name = "windows-interface"
+version = "0.58.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "053c4c462dc91d3b1504c6fe5a726dd15e216ba718e84a0e46a88fbe5ded3515"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
 [[package]]
 name = "windows-interface"
 version = "0.59.1"
@@ -7563,7 +7544,7 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1"
 dependencies = [
- "windows-core",
+ "windows-core 0.61.2",
  "windows-link 0.1.3",
 ]
 
@@ -7574,8 +7555,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5b8a9ed28765efc97bbc954883f4e6796c33a06546ebafacbabee9696967499e"
 dependencies = [
  "windows-link 0.1.3",
- "windows-result",
- "windows-strings",
+ "windows-result 0.3.4",
+ "windows-strings 0.4.2",
+]
+
+[[package]]
+name = "windows-result"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d1043d8214f791817bab27572aaa8af63732e11bf84aa21a45a78d6c317ae0e"
+dependencies = [
+ "windows-targets 0.52.6",
 ]
 
 [[package]]
@@ -7587,6 +7577,16 @@ dependencies = [
  "windows-link 0.1.3",
 ]
 
+[[package]]
+name = "windows-strings"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4cd9b125c486025df0eabcb585e62173c6c9eddcec5d117d3b6e8c30e2ee4d10"
+dependencies = [
+ "windows-result 0.2.0",
+ "windows-targets 0.52.6",
+]
+
 [[package]]
 name = "windows-strings"
 version = "0.4.2"

codex-rs/Cargo.toml

@@ -34,8 +34,6 @@ members = [
     "stdio-to-uds",
     "otel",
     "tui",
-    "tui2",
-    "utils/absolute-path",
     "utils/git",
     "utils/cache",
     "utils/image",
@@ -49,7 +47,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.67.0-alpha.6"
+version = "0.0.0"
 # Track the edition for all workspace crates in one place. Individual
 # crates can still override this value, but keeping it here means new
 # crates created with `cargo new -w ...` automatically inherit the 2024
@@ -90,8 +88,6 @@ codex-responses-api-proxy = { path = "responses-api-proxy" }
 codex-rmcp-client = { path = "rmcp-client" }
 codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-tui = { path = "tui" }
-codex-tui2 = { path = "tui2" }
-codex-utils-absolute-path = { path = "utils/absolute-path" }
 codex-utils-cache = { path = "utils/cache" }
 codex-utils-image = { path = "utils/image" }
 codex-utils-json-to-toml = { path = "utils/json-to-toml" }
@@ -100,7 +96,6 @@ codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-string = { path = "utils/string" }
 codex-windows-sandbox = { path = "windows-sandbox-rs" }
 core_test_support = { path = "core/tests/common" }
-exec_server_test_support = { path = "exec-server/tests/common" }
 mcp-types = { path = "mcp-types" }
 mcp_test_support = { path = "mcp-server/tests/common" }
 
@@ -143,7 +138,7 @@ icu_provider = { version = "2.1", features = ["sync"] }
 ignore = "0.4.23"
 image = { version = "^0.25.9", default-features = false }
 indexmap = "2.12.0"
-insta = "1.44.3"
+insta = "1.43.2"
 itertools = "0.14.0"
 keyring = { version = "3.6", default-features = false }
 landlock = "0.4.1"
@@ -183,8 +178,8 @@ seccompiler = "0.5.0"
 sentry = "0.34.0"
 serde = "1"
 serde_json = "1"
-serde_with = "3.16"
 serde_yaml = "0.9"
+serde_with = "3.16"
 serial_test = "3.2.0"
 sha1 = "0.10.6"
 sha2 = "0.10"
@@ -227,7 +222,7 @@ vt100 = "0.16.2"
 walkdir = "2.5.0"
 webbrowser = "1.0"
 which = "6"
-wildmatch = "2.6.1"
+wildmatch = "2.5.0"
 
 wiremock = "0.6"
 zeroize = "1.8.2"

codex-rs/app-server-protocol/src/protocol/common.rs

@@ -139,11 +139,6 @@ client_request_definitions! {
         response: v2::ModelListResponse,
     },
 
-    McpServerOauthLogin => "mcpServer/oauth/login" {
-        params: v2::McpServerOauthLoginParams,
-        response: v2::McpServerOauthLoginResponse,
-    },
-
     McpServersList => "mcpServers/list" {
         params: v2::ListMcpServersParams,
         response: v2::ListMcpServersResponse,
@@ -529,7 +524,6 @@ server_notification_definitions! {
     CommandExecutionOutputDelta => "item/commandExecution/outputDelta" (v2::CommandExecutionOutputDeltaNotification),
     FileChangeOutputDelta => "item/fileChange/outputDelta" (v2::FileChangeOutputDeltaNotification),
     McpToolCallProgress => "item/mcpToolCall/progress" (v2::McpToolCallProgressNotification),
-    McpServerOauthLoginCompleted => "mcpServer/oauthLogin/completed" (v2::McpServerOauthLoginCompletedNotification),
     AccountUpdated => "account/updated" (v2::AccountUpdatedNotification),
     AccountRateLimitsUpdated => "account/rateLimits/updated" (v2::AccountRateLimitsUpdatedNotification),
     ReasoningSummaryTextDelta => "item/reasoning/summaryTextDelta" (v2::ReasoningSummaryTextDeltaNotification),

codex-rs/app-server-protocol/src/protocol/v2.rs

@@ -3,7 +3,6 @@ use std::path::PathBuf;
 
 use crate::protocol::common::AuthMode;
 use codex_protocol::account::PlanType;
-use codex_protocol::approvals::ExecPolicyAmendment as CoreExecPolicyAmendment;
 use codex_protocol::approvals::SandboxCommandAssessment as CoreSandboxCommandAssessment;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::items::AgentMessageContent as CoreAgentMessageContent;
@@ -288,11 +287,6 @@ v2_enum_from_core!(
 #[ts(export_to = "v2/")]
 pub enum ApprovalDecision {
     Accept,
-    /// Approve and remember the approval for the session.
-    AcceptForSession,
-    AcceptWithExecpolicyAmendment {
-        execpolicy_amendment: ExecPolicyAmendment,
-    },
     Decline,
     Cancel,
 }
@@ -388,27 +382,6 @@ impl From<CoreSandboxCommandAssessment> for SandboxCommandAssessment {
     }
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, JsonSchema, TS)]
-#[serde(transparent)]
-#[ts(type = "Array<string>", export_to = "v2/")]
-pub struct ExecPolicyAmendment {
-    pub command: Vec<String>,
-}
-
-impl ExecPolicyAmendment {
-    pub fn into_core(self) -> CoreExecPolicyAmendment {
-        CoreExecPolicyAmendment::new(self.command)
-    }
-}
-
-impl From<CoreExecPolicyAmendment> for ExecPolicyAmendment {
-    fn from(value: CoreExecPolicyAmendment) -> Self {
-        Self {
-            command: value.command().to_vec(),
-        }
-    }
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(tag = "type", rename_all = "camelCase")]
 #[ts(tag = "type")]
@@ -688,26 +661,6 @@ pub struct ListMcpServersResponse {
     pub next_cursor: Option<String>,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServerOauthLoginParams {
-    pub name: String,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub scopes: Option<Vec<String>>,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub timeout_secs: Option<i64>,
-}
-
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServerOauthLoginResponse {
-    pub authorization_url: String,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1487,17 +1440,6 @@ pub struct McpToolCallProgressNotification {
     pub message: String,
 }
 
-#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
-#[serde(rename_all = "camelCase")]
-#[ts(export_to = "v2/")]
-pub struct McpServerOauthLoginCompletedNotification {
-    pub name: String,
-    pub success: bool,
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
-    pub error: Option<String>,
-}
-
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
 #[serde(rename_all = "camelCase")]
 #[ts(export_to = "v2/")]
@@ -1526,8 +1468,15 @@ pub struct CommandExecutionRequestApprovalParams {
     pub reason: Option<String>,
     /// Optional model-provided risk assessment describing the blocked command.
     pub risk: Option<SandboxCommandAssessment>,
-    /// Optional proposed execpolicy amendment to allow similar commands without prompting.
-    pub proposed_execpolicy_amendment: Option<ExecPolicyAmendment>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
+#[serde(rename_all = "camelCase")]
+#[ts(export_to = "v2/")]
+pub struct CommandExecutionRequestAcceptSettings {
+    /// If true, automatically approve this command for the duration of the session.
+    #[serde(default)]
+    pub for_session: bool,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1535,6 +1484,10 @@ pub struct CommandExecutionRequestApprovalParams {
 #[ts(export_to = "v2/")]
 pub struct CommandExecutionRequestApprovalResponse {
     pub decision: ApprovalDecision,
+    /// Optional approval settings for when the decision is `accept`.
+    /// Ignored if the decision is `decline` or `cancel`.
+    #[serde(default)]
+    pub accept_settings: Option<CommandExecutionRequestAcceptSettings>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone, PartialEq, JsonSchema, TS)]
@@ -1571,7 +1524,6 @@ pub struct RateLimitSnapshot {
     pub primary: Option<RateLimitWindow>,
     pub secondary: Option<RateLimitWindow>,
     pub credits: Option<CreditsSnapshot>,
-    pub plan_type: Option<PlanType>,
 }
 
 impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
@@ -1580,7 +1532,6 @@ impl From<CoreRateLimitSnapshot> for RateLimitSnapshot {
             primary: value.primary.map(RateLimitWindow::from),
             secondary: value.secondary.map(RateLimitWindow::from),
             credits: value.credits.map(CreditsSnapshot::from),
-            plan_type: value.plan_type,
         }
     }
 }

codex-rs/app-server-test-client/src/main.rs

@@ -21,6 +21,7 @@ use codex_app_server_protocol::ApprovalDecision;
 use codex_app_server_protocol::AskForApproval;
 use codex_app_server_protocol::ClientInfo;
 use codex_app_server_protocol::ClientRequest;
+use codex_app_server_protocol::CommandExecutionRequestAcceptSettings;
 use codex_app_server_protocol::CommandExecutionRequestApprovalParams;
 use codex_app_server_protocol::CommandExecutionRequestApprovalResponse;
 use codex_app_server_protocol::FileChangeRequestApprovalParams;
@@ -753,7 +754,6 @@ impl CodexClient {
             item_id,
             reason,
             risk,
-            proposed_execpolicy_amendment,
         } = params;
 
         println!(
@@ -765,12 +765,10 @@ impl CodexClient {
         if let Some(risk) = risk.as_ref() {
             println!("< risk assessment: {risk:?}");
         }
-        if let Some(execpolicy_amendment) = proposed_execpolicy_amendment.as_ref() {
-            println!("< proposed execpolicy amendment: {execpolicy_amendment:?}");
-        }
 
         let response = CommandExecutionRequestApprovalResponse {
             decision: ApprovalDecision::Accept,
+            accept_settings: Some(CommandExecutionRequestAcceptSettings { for_session: false }),
         };
         self.send_server_request_response(request_id, &response)?;
         println!("< approved commandExecution request for item {item_id}");

codex-rs/app-server/Cargo.toml

@@ -26,7 +26,6 @@ codex-login = { workspace = true }
 codex-protocol = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-feedback = { workspace = true }
-codex-rmcp-client = { workspace = true }
 codex-utils-json-to-toml = { workspace = true }
 chrono = { workspace = true }
 serde = { workspace = true, features = ["derive"] }

codex-rs/app-server/src/bespoke_event_handling.rs

@@ -18,7 +18,6 @@ use codex_app_server_protocol::ContextCompactedNotification;
 use codex_app_server_protocol::ErrorNotification;
 use codex_app_server_protocol::ExecCommandApprovalParams;
 use codex_app_server_protocol::ExecCommandApprovalResponse;
-use codex_app_server_protocol::ExecPolicyAmendment as V2ExecPolicyAmendment;
 use codex_app_server_protocol::FileChangeOutputDeltaNotification;
 use codex_app_server_protocol::FileChangeRequestApprovalParams;
 use codex_app_server_protocol::FileChangeRequestApprovalResponse;
@@ -180,7 +179,7 @@ pub(crate) async fn apply_bespoke_event_handling(
             cwd,
             reason,
             risk,
-            proposed_execpolicy_amendment,
+            proposed_execpolicy_amendment: _,
             parsed_cmd,
         }) => match api_version {
             ApiVersion::V1 => {
@@ -208,8 +207,6 @@ pub(crate) async fn apply_bespoke_event_handling(
                     .map(V2ParsedCommand::from)
                     .collect::<Vec<_>>();
                 let command_string = shlex_join(&command);
-                let proposed_execpolicy_amendment_v2 =
-                    proposed_execpolicy_amendment.map(V2ExecPolicyAmendment::from);
 
                 let params = CommandExecutionRequestApprovalParams {
                     thread_id: conversation_id.to_string(),
@@ -219,7 +216,6 @@ pub(crate) async fn apply_bespoke_event_handling(
                     item_id: item_id.clone(),
                     reason,
                     risk: risk.map(V2SandboxCommandAssessment::from),
-                    proposed_execpolicy_amendment: proposed_execpolicy_amendment_v2,
                 };
                 let rx = outgoing
                     .send_request(ServerRequestPayload::CommandExecutionRequestApproval(
@@ -1051,11 +1047,7 @@ async fn on_file_change_request_approval_response(
                 });
 
             let (decision, completion_status) = match response.decision {
-                ApprovalDecision::Accept
-                | ApprovalDecision::AcceptForSession
-                | ApprovalDecision::AcceptWithExecpolicyAmendment { .. } => {
-                    (ReviewDecision::Approved, None)
-                }
+                ApprovalDecision::Accept => (ReviewDecision::Approved, None),
                 ApprovalDecision::Decline => {
                     (ReviewDecision::Denied, Some(PatchApplyStatus::Declined))
                 }
@@ -1117,27 +1109,25 @@ async fn on_command_execution_request_approval_response(
                     error!("failed to deserialize CommandExecutionRequestApprovalResponse: {err}");
                     CommandExecutionRequestApprovalResponse {
                         decision: ApprovalDecision::Decline,
+                        accept_settings: None,
                     }
                 });
 
-            let decision = response.decision;
+            let CommandExecutionRequestApprovalResponse {
+                decision,
+                accept_settings,
+            } = response;
 
-            let (decision, completion_status) = match decision {
-                ApprovalDecision::Accept => (ReviewDecision::Approved, None),
-                ApprovalDecision::AcceptForSession => (ReviewDecision::ApprovedForSession, None),
-                ApprovalDecision::AcceptWithExecpolicyAmendment {
-                    execpolicy_amendment,
-                } => (
-                    ReviewDecision::ApprovedExecpolicyAmendment {
-                        proposed_execpolicy_amendment: execpolicy_amendment.into_core(),
-                    },
-                    None,
-                ),
-                ApprovalDecision::Decline => (
+            let (decision, completion_status) = match (decision, accept_settings) {
+                (ApprovalDecision::Accept, Some(settings)) if settings.for_session => {
+                    (ReviewDecision::ApprovedForSession, None)
+                }
+                (ApprovalDecision::Accept, _) => (ReviewDecision::Approved, None),
+                (ApprovalDecision::Decline, _) => (
                     ReviewDecision::Denied,
                     Some(CommandExecutionStatus::Declined),
                 ),
-                ApprovalDecision::Cancel => (
+                (ApprovalDecision::Cancel, _) => (
                     ReviewDecision::Abort,
                     Some(CommandExecutionStatus::Declined),
                 ),
@@ -1509,7 +1499,6 @@ mod tests {
                 unlimited: false,
                 balance: Some("5".to_string()),
             }),
-            plan_type: None,
         };
 
         handle_token_count_event(

codex-rs/app-server/src/codex_message_processor.rs

@@ -55,9 +55,6 @@ use codex_app_server_protocol::LoginChatGptResponse;
 use codex_app_server_protocol::LogoutAccountResponse;
 use codex_app_server_protocol::LogoutChatGptResponse;
 use codex_app_server_protocol::McpServer;
-use codex_app_server_protocol::McpServerOauthLoginCompletedNotification;
-use codex_app_server_protocol::McpServerOauthLoginParams;
-use codex_app_server_protocol::McpServerOauthLoginResponse;
 use codex_app_server_protocol::ModelListParams;
 use codex_app_server_protocol::ModelListResponse;
 use codex_app_server_protocol::NewConversationParams;
@@ -118,7 +115,6 @@ use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
 use codex_core::config::ConfigToml;
 use codex_core::config::edit::ConfigEditsBuilder;
-use codex_core::config::types::McpServerTransportConfig;
 use codex_core::config_loader::load_config_as_toml;
 use codex_core::default_client::get_codex_user_agent;
 use codex_core::exec::ExecParams;
@@ -151,7 +147,6 @@ use codex_protocol::protocol::RolloutItem;
 use codex_protocol::protocol::SessionMetaLine;
 use codex_protocol::protocol::USER_MESSAGE_BEGIN;
 use codex_protocol::user_input::UserInput as CoreInputItem;
-use codex_rmcp_client::perform_oauth_login_return_url;
 use codex_utils_json_to_toml::json_to_toml;
 use std::collections::HashMap;
 use std::collections::HashSet;
@@ -166,7 +161,6 @@ use std::time::Duration;
 use tokio::select;
 use tokio::sync::Mutex;
 use tokio::sync::oneshot;
-use toml::Value as TomlValue;
 use tracing::error;
 use tracing::info;
 use tracing::warn;
@@ -204,7 +198,6 @@ pub(crate) struct CodexMessageProcessor {
     outgoing: Arc<OutgoingMessageSender>,
     codex_linux_sandbox_exe: Option<PathBuf>,
     config: Arc<Config>,
-    cli_overrides: Vec<(String, TomlValue)>,
     conversation_listeners: HashMap<Uuid, oneshot::Sender<()>>,
     active_login: Arc<Mutex<Option<ActiveLogin>>>,
     // Queue of pending interrupt requests per conversation. We reply when TurnAborted arrives.
@@ -251,7 +244,6 @@ impl CodexMessageProcessor {
         outgoing: Arc<OutgoingMessageSender>,
         codex_linux_sandbox_exe: Option<PathBuf>,
         config: Arc<Config>,
-        cli_overrides: Vec<(String, TomlValue)>,
         feedback: CodexFeedback,
     ) -> Self {
         Self {
@@ -260,7 +252,6 @@ impl CodexMessageProcessor {
             outgoing,
             codex_linux_sandbox_exe,
             config,
-            cli_overrides,
             conversation_listeners: HashMap::new(),
             active_login: Arc::new(Mutex::new(None)),
             pending_interrupts: Arc::new(Mutex::new(HashMap::new())),
@@ -270,16 +261,6 @@ impl CodexMessageProcessor {
         }
     }
 
-    async fn load_latest_config(&self) -> Result<Config, JSONRPCErrorError> {
-        Config::load_with_cli_overrides(self.cli_overrides.clone(), ConfigOverrides::default())
-            .await
-            .map_err(|err| JSONRPCErrorError {
-                code: INTERNAL_ERROR_CODE,
-                message: format!("failed to reload config: {err}"),
-                data: None,
-            })
-    }
-
     fn review_request_from_target(
         target: ApiReviewTarget,
     ) -> Result<(ReviewRequest, String), JSONRPCErrorError> {
@@ -388,9 +369,6 @@ impl CodexMessageProcessor {
             ClientRequest::ModelList { request_id, params } => {
                 self.list_models(request_id, params).await;
             }
-            ClientRequest::McpServerOauthLogin { request_id, params } => {
-                self.mcp_server_oauth_login(request_id, params).await;
-            }
             ClientRequest::McpServersList { request_id, params } => {
                 self.list_mcp_servers(request_id, params).await;
             }
@@ -1938,110 +1916,6 @@ impl CodexMessageProcessor {
         self.outgoing.send_response(request_id, response).await;
     }
 
-    async fn mcp_server_oauth_login(
-        &self,
-        request_id: RequestId,
-        params: McpServerOauthLoginParams,
-    ) {
-        let config = match self.load_latest_config().await {
-            Ok(config) => config,
-            Err(error) => {
-                self.outgoing.send_error(request_id, error).await;
-                return;
-            }
-        };
-
-        if !config.features.enabled(Feature::RmcpClient) {
-            let error = JSONRPCErrorError {
-                code: INVALID_REQUEST_ERROR_CODE,
-                message: "OAuth login is only supported when [features].rmcp_client is true in config.toml".to_string(),
-                data: None,
-            };
-            self.outgoing.send_error(request_id, error).await;
-            return;
-        }
-
-        let McpServerOauthLoginParams {
-            name,
-            scopes,
-            timeout_secs,
-        } = params;
-
-        let Some(server) = config.mcp_servers.get(&name) else {
-            let error = JSONRPCErrorError {
-                code: INVALID_REQUEST_ERROR_CODE,
-                message: format!("No MCP server named '{name}' found."),
-                data: None,
-            };
-            self.outgoing.send_error(request_id, error).await;
-            return;
-        };
-
-        let (url, http_headers, env_http_headers) = match &server.transport {
-            McpServerTransportConfig::StreamableHttp {
-                url,
-                http_headers,
-                env_http_headers,
-                ..
-            } => (url.clone(), http_headers.clone(), env_http_headers.clone()),
-            _ => {
-                let error = JSONRPCErrorError {
-                    code: INVALID_REQUEST_ERROR_CODE,
-                    message: "OAuth login is only supported for streamable HTTP servers."
-                        .to_string(),
-                    data: None,
-                };
-                self.outgoing.send_error(request_id, error).await;
-                return;
-            }
-        };
-
-        match perform_oauth_login_return_url(
-            &name,
-            &url,
-            config.mcp_oauth_credentials_store_mode,
-            http_headers,
-            env_http_headers,
-            scopes.as_deref().unwrap_or_default(),
-            timeout_secs,
-        )
-        .await
-        {
-            Ok(handle) => {
-                let authorization_url = handle.authorization_url().to_string();
-                let notification_name = name.clone();
-                let outgoing = Arc::clone(&self.outgoing);
-
-                tokio::spawn(async move {
-                    let (success, error) = match handle.wait().await {
-                        Ok(()) => (true, None),
-                        Err(err) => (false, Some(err.to_string())),
-                    };
-
-                    let notification = ServerNotification::McpServerOauthLoginCompleted(
-                        McpServerOauthLoginCompletedNotification {
-                            name: notification_name,
-                            success,
-                            error,
-                        },
-                    );
-                    outgoing.send_server_notification(notification).await;
-                });
-
-                let response = McpServerOauthLoginResponse { authorization_url };
-                self.outgoing.send_response(request_id, response).await;
-            }
-            Err(err) => {
-                let error = JSONRPCErrorError {
-                    code: INTERNAL_ERROR_CODE,
-                    message: format!("failed to login to MCP server '{name}': {err}"),
-                    data: None,
-                };
-                self.outgoing.send_error(request_id, error).await;
-            }
-        }
-    }
-
     async fn list_mcp_servers(&self, request_id: RequestId, params: ListMcpServersParams) {
         let snapshot = collect_mcp_snapshot(self.config.as_ref()).await;
 

codex-rs/app-server/src/message_processor.rs

@@ -59,7 +59,6 @@ impl MessageProcessor {
             outgoing.clone(),
             codex_linux_sandbox_exe,
             Arc::clone(&config),
-            cli_overrides.clone(),
             feedback,
         );
         let config_api = ConfigApi::new(config.codex_home.clone(), cli_overrides);

codex-rs/app-server/src/outgoing_message.rs

@@ -16,9 +16,6 @@ use tracing::warn;
 
 use crate::error_code::INTERNAL_ERROR_CODE;
 
-#[cfg(test)]
-use codex_protocol::account::PlanType;
-
 /// Sends messages to the client and manages request callbacks.
 pub(crate) struct OutgoingMessageSender {
     next_request_id: AtomicI64,
@@ -233,7 +230,6 @@ mod tests {
                     }),
                     secondary: None,
                     credits: None,
-                    plan_type: Some(PlanType::Plus),
                 },
             });
 
@@ -249,8 +245,7 @@ mod tests {
                             "resetsAt": 123
                         },
                         "secondary": null,
-                        "credits": null,
-                        "planType": "plus"
+                        "credits": null
                     }
                 },
             }),

codex-rs/app-server/tests/suite/v2/rate_limits.rs

@@ -11,7 +11,6 @@ use codex_app_server_protocol::RateLimitSnapshot;
 use codex_app_server_protocol::RateLimitWindow;
 use codex_app_server_protocol::RequestId;
 use codex_core::auth::AuthCredentialsStoreMode;
-use codex_protocol::account::PlanType as AccountPlanType;
 use pretty_assertions::assert_eq;
 use serde_json::json;
 use std::path::Path;
@@ -154,7 +153,6 @@ async fn get_account_rate_limits_returns_snapshot() -> Result<()> {
                 resets_at: Some(secondary_reset_timestamp),
             }),
             credits: None,
-            plan_type: Some(AccountPlanType::Pro),
         },
     };
     assert_eq!(received, expected);

codex-rs/app-server/tests/suite/v2/turn_start.rs

@@ -427,6 +427,7 @@ async fn turn_start_exec_approval_decline_v2() -> Result<()> {
         request_id,
         serde_json::to_value(CommandExecutionRequestApprovalResponse {
             decision: ApprovalDecision::Decline,
+            accept_settings: None,
         })?,
     )
     .await?;

codex-rs/apply-patch/src/lib.rs

@@ -112,7 +112,7 @@ fn classify_shell_name(shell: &str) -> Option<String> {
 
 fn classify_shell(shell: &str, flag: &str) -> Option<ApplyPatchShell> {
     classify_shell_name(shell).and_then(|name| match name.as_str() {
-        "bash" | "zsh" | "sh" if matches!(flag, "-lc" | "-c") => Some(ApplyPatchShell::Unix),
+        "bash" | "zsh" | "sh" if flag == "-lc" => Some(ApplyPatchShell::Unix),
         "pwsh" | "powershell" if flag.eq_ignore_ascii_case("-command") => {
             Some(ApplyPatchShell::PowerShell)
         }
@@ -699,7 +699,13 @@ fn derive_new_contents_from_chunks(
         }
     };
 
-    let original_lines: Vec<String> = build_lines_from_contents(&original_contents);
+    let mut original_lines: Vec<String> = original_contents.split('\n').map(String::from).collect();
+
+    // Drop the trailing empty element that results from the final newline so
+    // that line counts match the behaviour of standard `diff`.
+    if original_lines.last().is_some_and(String::is_empty) {
+        original_lines.pop();
+    }
 
     let replacements = compute_replacements(&original_lines, path, chunks)?;
     let new_lines = apply_replacements(original_lines, &replacements);
@@ -707,67 +713,13 @@ fn derive_new_contents_from_chunks(
     if !new_lines.last().is_some_and(String::is_empty) {
         new_lines.push(String::new());
     }
-    let new_contents = build_contents_from_lines(&original_contents, &new_lines);
+    let new_contents = new_lines.join("\n");
     Ok(AppliedPatch {
         original_contents,
         new_contents,
     })
 }
 
-// TODO(dylan-hurd-oai): I think we can migrate to just use `contents.lines()`
-// across all platforms.
-fn build_lines_from_contents(contents: &str) -> Vec<String> {
-    if cfg!(windows) {
-        contents.lines().map(String::from).collect()
-    } else {
-        let mut lines: Vec<String> = contents.split('\n').map(String::from).collect();
-
-        // Drop the trailing empty element that results from the final newline so
-        // that line counts match the behaviour of standard `diff`.
-        if lines.last().is_some_and(String::is_empty) {
-            lines.pop();
-        }
-
-        lines
-    }
-}
-
-fn build_contents_from_lines(original_contents: &str, lines: &[String]) -> String {
-    if cfg!(windows) {
-        // for now, only compute this if we're on Windows.
-        let uses_crlf = contents_uses_crlf(original_contents);
-        if uses_crlf {
-            lines.join("\r\n")
-        } else {
-            lines.join("\n")
-        }
-    } else {
-        lines.join("\n")
-    }
-}
-
-/// Detects whether the source file uses Windows CRLF line endings consistently.
-/// We only consider a file CRLF-formatted if every newline is part of a
-/// CRLF sequence. This avoids rewriting an LF-formatted file that merely
-/// contains embedded sequences of "\r\n".
-///
-/// Returns `true` if the file uses CRLF line endings, `false` otherwise.
-fn contents_uses_crlf(contents: &str) -> bool {
-    let bytes = contents.as_bytes();
-    let mut n_newlines = 0usize;
-    let mut n_crlf = 0usize;
-    for i in 0..bytes.len() {
-        if bytes[i] == b'\n' {
-            n_newlines += 1;
-            if i > 0 && bytes[i - 1] == b'\r' {
-                n_crlf += 1;
-            }
-        }
-    }
-
-    n_newlines > 0 && n_crlf == n_newlines
-}
-
 /// Compute a list of replacements needed to transform `original_lines` into the
 /// new lines, given the patch `chunks`. Each replacement is returned as
 /// `(start_index, old_len, new_lines)`.
@@ -1097,13 +1049,6 @@ mod tests {
         assert_match(&heredoc_script(""), None);
     }
 
-    #[test]
-    fn test_heredoc_non_login_shell() {
-        let script = heredoc_script("");
-        let args = strs_to_strings(&["bash", "-c", &script]);
-        assert_match_args(args, None);
-    }
-
     #[test]
     fn test_heredoc_applypatch() {
         let args = strs_to_strings(&[
@@ -1414,72 +1359,6 @@ PATCH"#,
         assert_eq!(contents, "a\nB\nc\nd\nE\nf\ng\n");
     }
 
-    /// Ensure CRLF line endings are preserved for updated files on Windows‑style inputs.
-    #[cfg(windows)]
-    #[test]
-    fn test_preserve_crlf_line_endings_on_update() {
-        let dir = tempdir().unwrap();
-        let path = dir.path().join("crlf.txt");
-
-        // Original file uses CRLF (\r\n) endings.
-        std::fs::write(&path, b"a\r\nb\r\nc\r\n").unwrap();
-
-        // Replace `b` -> `B` and append `d`.
-        let patch = wrap_patch(&format!(
-            r#"*** Update File: {}
-@@
- a
--b
-+B
-@@
- c
-+d
-*** End of File"#,
-            path.display()
-        ));
-
-        let mut stdout = Vec::new();
-        let mut stderr = Vec::new();
-        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
-
-        let out = std::fs::read(&path).unwrap();
-        // Expect all CRLF endings; count occurrences of CRLF and ensure there are 4 lines.
-        let content = String::from_utf8_lossy(&out);
-        assert!(content.contains("\r\n"));
-        // No bare LF occurrences immediately preceding a non-CR: the text should not contain "a\nb".
-        assert!(!content.contains("a\nb"));
-        // Validate exact content sequence with CRLF delimiters.
-        assert_eq!(content, "a\r\nB\r\nc\r\nd\r\n");
-    }
-
-    /// Ensure CRLF inputs with embedded carriage returns in the content are preserved.
-    #[cfg(windows)]
-    #[test]
-    fn test_preserve_crlf_embedded_carriage_returns_on_append() {
-        let dir = tempdir().unwrap();
-        let path = dir.path().join("crlf_cr_content.txt");
-
-        // Original file: first line has a literal '\r' in the content before the CRLF terminator.
-        std::fs::write(&path, b"foo\r\r\nbar\r\n").unwrap();
-
-        // Append a new line without modifying existing ones.
-        let patch = wrap_patch(&format!(
-            r#"*** Update File: {}
-@@
-+BAZ
-*** End of File"#,
-            path.display()
-        ));
-
-        let mut stdout = Vec::new();
-        let mut stderr = Vec::new();
-        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
-
-        let out = std::fs::read(&path).unwrap();
-        // CRLF endings must be preserved and the extra CR in "foo\r\r" must not be collapsed.
-        assert_eq!(out.as_slice(), b"foo\r\r\nbar\r\nBAZ\r\n");
-    }
-
     #[test]
     fn test_pure_addition_chunk_followed_by_removal() {
         let dir = tempdir().unwrap();
@@ -1665,37 +1544,6 @@ PATCH"#,
         assert_eq!(expected, diff);
     }
 
-    /// For LF-only inputs with a trailing newline ensure that the helper used
-    /// on Windows-style builds drops the synthetic trailing empty element so
-    /// replacements behave like standard `diff` line numbering.
-    #[test]
-    fn test_derive_new_contents_lf_trailing_newline() {
-        let dir = tempdir().unwrap();
-        let path = dir.path().join("lf_trailing_newline.txt");
-        fs::write(&path, "foo\nbar\n").unwrap();
-
-        let patch = wrap_patch(&format!(
-            r#"*** Update File: {}
-@@
- foo
--bar
-+BAR
-"#,
-            path.display()
-        ));
-
-        let patch = parse_patch(&patch).unwrap();
-        let chunks = match patch.hunks.as_slice() {
-            [Hunk::UpdateFile { chunks, .. }] => chunks,
-            _ => panic!("Expected a single UpdateFile hunk"),
-        };
-
-        let AppliedPatch { new_contents, .. } =
-            derive_new_contents_from_chunks(&path, chunks).unwrap();
-
-        assert_eq!(new_contents, "foo\nBAR\n");
-    }
-
     #[test]
     fn test_unified_diff_insert_at_eof() {
         // Insert a new line at end‑of‑file.

codex-rs/apply-patch/tests/fixtures/scenarios/.gitattributes

@@ -1 +0,0 @@
-** text eol=lf

codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/expected/bar.md

@@ -1 +0,0 @@
-This is a new file

codex-rs/apply-patch/tests/fixtures/scenarios/001_add_file/patch.txt

@@ -1,4 +0,0 @@
-*** Begin Patch
-*** Add File: bar.md
-+This is a new file
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/modify.txt

@@ -1,2 +0,0 @@
-line1
-changed

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/expected/nested/new.txt

@@ -1 +0,0 @@
-created

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/delete.txt

@@ -1 +0,0 @@
-obsolete

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/input/modify.txt

@@ -1,2 +0,0 @@
-line1
-line2

codex-rs/apply-patch/tests/fixtures/scenarios/002_multiple_operations/patch.txt

@@ -1,9 +0,0 @@
-*** Begin Patch
-*** Add File: nested/new.txt
-+created
-*** Delete File: delete.txt
-*** Update File: modify.txt
-@@
--line2
-+changed
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/expected/multi.txt

@@ -1,4 +0,0 @@
-line1
-changed2
-line3
-changed4

codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/input/multi.txt

@@ -1,4 +0,0 @@
-line1
-line2
-line3
-line4

codex-rs/apply-patch/tests/fixtures/scenarios/003_multiple_chunks/patch.txt

@@ -1,9 +0,0 @@
-*** Begin Patch
-*** Update File: multi.txt
-@@
--line2
-+changed2
-@@
--line4
-+changed4
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/old/other.txt

@@ -1 +0,0 @@
-unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/expected/renamed/dir/name.txt

@@ -1 +0,0 @@
-new content

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/name.txt

@@ -1 +0,0 @@
-old content

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/input/old/other.txt

@@ -1 +0,0 @@
-unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/004_move_to_new_directory/patch.txt

@@ -1,7 +0,0 @@
-*** Begin Patch
-*** Update File: old/name.txt
-*** Move to: renamed/dir/name.txt
-@@
--old content
-+new content
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/005_rejects_empty_patch/patch.txt

@@ -1,2 +0,0 @@
-*** Begin Patch
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/expected/modify.txt

@@ -1,2 +0,0 @@
-line1
-line2

codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/input/modify.txt

@@ -1,2 +0,0 @@
-line1
-line2

codex-rs/apply-patch/tests/fixtures/scenarios/006_rejects_missing_context/patch.txt

@@ -1,6 +0,0 @@
-*** Begin Patch
-*** Update File: modify.txt
-@@
--missing
-+changed
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/007_rejects_missing_file_delete/patch.txt

@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Delete File: missing.txt
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/008_rejects_empty_update_hunk/patch.txt

@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Update File: foo.txt
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/009_requires_existing_file_for_update/patch.txt

@@ -1,6 +0,0 @@
-*** Begin Patch
-*** Update File: missing.txt
-@@
--old
-+new
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/old/other.txt

@@ -1 +0,0 @@
-unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/expected/renamed/dir/name.txt

@@ -1 +0,0 @@
-new

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/name.txt

@@ -1 +0,0 @@
-from

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/old/other.txt

@@ -1 +0,0 @@
-unrelated file

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/input/renamed/dir/name.txt

@@ -1 +0,0 @@
-existing

codex-rs/apply-patch/tests/fixtures/scenarios/010_move_overwrites_existing_destination/patch.txt

@@ -1,7 +0,0 @@
-*** Begin Patch
-*** Update File: old/name.txt
-*** Move to: renamed/dir/name.txt
-@@
--from
-+new
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/expected/duplicate.txt

@@ -1 +0,0 @@
-new content

codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/input/duplicate.txt

@@ -1 +0,0 @@
-old content

codex-rs/apply-patch/tests/fixtures/scenarios/011_add_overwrites_existing_file/patch.txt

@@ -1,4 +0,0 @@
-*** Begin Patch
-*** Add File: duplicate.txt
-+new content
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/012_delete_directory_fails/patch.txt

@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Delete File: dir
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/013_rejects_invalid_hunk_header/patch.txt

@@ -1,3 +0,0 @@
-*** Begin Patch
-*** Frobnicate File: foo
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/expected/no_newline.txt

@@ -1,2 +0,0 @@
-first line
-second line

codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/input/no_newline.txt

@@ -1 +0,0 @@
-no newline at end

codex-rs/apply-patch/tests/fixtures/scenarios/014_update_file_appends_trailing_newline/patch.txt

@@ -1,7 +0,0 @@
-*** Begin Patch
-*** Update File: no_newline.txt
-@@
--no newline at end
-+first line
-+second line
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/015_failure_after_partial_success_leaves_changes/expected/created.txt

@@ -1 +0,0 @@
-hello

codex-rs/apply-patch/tests/fixtures/scenarios/015_failure_after_partial_success_leaves_changes/patch.txt

@@ -1,8 +0,0 @@
-*** Begin Patch
-*** Add File: created.txt
-+hello
-*** Update File: missing.txt
-@@
--old
-+new
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/016_pure_addition_update_chunk/expected/input.txt

@@ -1,4 +0,0 @@
-line1
-line2
-added line 1
-added line 2

codex-rs/apply-patch/tests/fixtures/scenarios/016_pure_addition_update_chunk/input/input.txt

@@ -1,2 +0,0 @@
-line1
-line2

codex-rs/apply-patch/tests/fixtures/scenarios/016_pure_addition_update_chunk/patch.txt

@@ -1,6 +0,0 @@
-*** Begin Patch
-*** Update File: input.txt
-@@
-+added line 1
-+added line 2
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/017_whitespace_padded_hunk_header/expected/foo.txt

@@ -1 +0,0 @@
-new

codex-rs/apply-patch/tests/fixtures/scenarios/017_whitespace_padded_hunk_header/input/foo.txt

@@ -1 +0,0 @@
-old

codex-rs/apply-patch/tests/fixtures/scenarios/017_whitespace_padded_hunk_header/patch.txt

@@ -1,6 +0,0 @@
-*** Begin Patch
-  *** Update File: foo.txt
-@@
--old
-+new
-*** End Patch

codex-rs/apply-patch/tests/fixtures/scenarios/018_whitespace_padded_patch_markers/expected/file.txt

@@ -1 +0,0 @@
-two

codex-rs/apply-patch/tests/fixtures/scenarios/018_whitespace_padded_patch_markers/input/file.txt

@@ -1 +0,0 @@
-one

codex-rs/apply-patch/tests/fixtures/scenarios/018_whitespace_padded_patch_markers/patch.txt

@@ -1,6 +0,0 @@
- *** Begin Patch
-*** Update File: file.txt
-@@
--one
-+two
-*** End Patch 

codex-rs/apply-patch/tests/fixtures/scenarios/README.md

@@ -1,18 +0,0 @@
-# Overview
-This directory is a collection of end to end tests for the apply-patch specification, meant to be easily portable to other languages or platforms.
-
-
-# Specification
-Each test case is one directory, composed of input state (input/), the patch operation (patch.txt), and the expected final state (expected/). This structure is designed to keep tests simple (i.e. test exactly one patch at a time) while still providing enough flexibility to test any given operation across files.
-
-Here's what this would look like for a simple test apply-patch test case to create a new file:
-
-```
-001_add/
-  input/
-    foo.md
-  expected/
-    foo.md
-    bar.md
-  patch.txt
-```

codex-rs/apply-patch/tests/suite/mod.rs

@@ -1,4 +1,3 @@
 mod cli;
-mod scenarios;
 #[cfg(not(target_os = "windows"))]
 mod tool;

codex-rs/apply-patch/tests/suite/scenarios.rs

@@ -1,114 +0,0 @@
-use assert_cmd::prelude::*;
-use pretty_assertions::assert_eq;
-use std::collections::BTreeMap;
-use std::fs;
-use std::path::Path;
-use std::path::PathBuf;
-use std::process::Command;
-use tempfile::tempdir;
-
-#[test]
-fn test_apply_patch_scenarios() -> anyhow::Result<()> {
-    for scenario in fs::read_dir("tests/fixtures/scenarios")? {
-        let scenario = scenario?;
-        let path = scenario.path();
-        if path.is_dir() {
-            run_apply_patch_scenario(&path)?;
-        }
-    }
-    Ok(())
-}
-
-/// Reads a scenario directory, copies the input files to a temporary directory, runs apply-patch,
-/// and asserts that the final state matches the expected state exactly.
-fn run_apply_patch_scenario(dir: &Path) -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-
-    // Copy the input files to the temporary directory
-    let input_dir = dir.join("input");
-    if input_dir.is_dir() {
-        copy_dir_recursive(&input_dir, tmp.path())?;
-    }
-
-    // Read the patch.txt file
-    let patch = fs::read_to_string(dir.join("patch.txt"))?;
-
-    // Run apply_patch in the temporary directory. We intentionally do not assert
-    // on the exit status here; the scenarios are specified purely in terms of
-    // final filesystem state, which we compare below.
-    Command::cargo_bin("apply_patch")?
-        .arg(patch)
-        .current_dir(tmp.path())
-        .output()?;
-
-    // Assert that the final state matches the expected state exactly
-    let expected_dir = dir.join("expected");
-    let expected_snapshot = snapshot_dir(&expected_dir)?;
-    let actual_snapshot = snapshot_dir(tmp.path())?;
-
-    assert_eq!(
-        actual_snapshot,
-        expected_snapshot,
-        "Scenario {} did not match expected final state",
-        dir.display()
-    );
-
-    Ok(())
-}
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-enum Entry {
-    File(Vec<u8>),
-    Dir,
-}
-
-fn snapshot_dir(root: &Path) -> anyhow::Result<BTreeMap<PathBuf, Entry>> {
-    let mut entries = BTreeMap::new();
-    if root.is_dir() {
-        snapshot_dir_recursive(root, root, &mut entries)?;
-    }
-    Ok(entries)
-}
-
-fn snapshot_dir_recursive(
-    base: &Path,
-    dir: &Path,
-    entries: &mut BTreeMap<PathBuf, Entry>,
-) -> anyhow::Result<()> {
-    for entry in fs::read_dir(dir)? {
-        let entry = entry?;
-        let path = entry.path();
-        let Some(stripped) = path.strip_prefix(base).ok() else {
-            continue;
-        };
-        let rel = stripped.to_path_buf();
-        let file_type = entry.file_type()?;
-        if file_type.is_dir() {
-            entries.insert(rel.clone(), Entry::Dir);
-            snapshot_dir_recursive(base, &path, entries)?;
-        } else if file_type.is_file() {
-            let contents = fs::read(&path)?;
-            entries.insert(rel, Entry::File(contents));
-        }
-    }
-    Ok(())
-}
-
-fn copy_dir_recursive(src: &Path, dst: &Path) -> anyhow::Result<()> {
-    for entry in fs::read_dir(src)? {
-        let entry = entry?;
-        let path = entry.path();
-        let file_type = entry.file_type()?;
-        let dest_path = dst.join(entry.file_name());
-        if file_type.is_dir() {
-            fs::create_dir_all(&dest_path)?;
-            copy_dir_recursive(&path, &dest_path)?;
-        } else if file_type.is_file() {
-            if let Some(parent) = dest_path.parent() {
-                fs::create_dir_all(parent)?;
-            }
-            fs::copy(&path, &dest_path)?;
-        }
-    }
-    Ok(())
-}

codex-rs/backend-client/src/client.rs

@@ -7,7 +7,6 @@ use crate::types::TurnAttemptsSiblingTurnsResponse;
 use anyhow::Result;
 use codex_core::auth::CodexAuth;
 use codex_core::default_client::get_codex_user_agent;
-use codex_protocol::account::PlanType as AccountPlanType;
 use codex_protocol::protocol::CreditsSnapshot;
 use codex_protocol::protocol::RateLimitSnapshot;
 use codex_protocol::protocol::RateLimitWindow;
@@ -292,7 +291,6 @@ impl Client {
             primary,
             secondary,
             credits: Self::map_credits(payload.credits),
-            plan_type: Some(Self::map_plan_type(payload.plan_type)),
         }
     }
 
@@ -327,23 +325,6 @@ impl Client {
         })
     }
 
-    fn map_plan_type(plan_type: crate::types::PlanType) -> AccountPlanType {
-        match plan_type {
-            crate::types::PlanType::Free => AccountPlanType::Free,
-            crate::types::PlanType::Plus => AccountPlanType::Plus,
-            crate::types::PlanType::Pro => AccountPlanType::Pro,
-            crate::types::PlanType::Team => AccountPlanType::Team,
-            crate::types::PlanType::Business => AccountPlanType::Business,
-            crate::types::PlanType::Enterprise => AccountPlanType::Enterprise,
-            crate::types::PlanType::Edu | crate::types::PlanType::Education => AccountPlanType::Edu,
-            crate::types::PlanType::Guest
-            | crate::types::PlanType::Go
-            | crate::types::PlanType::FreeWorkspace
-            | crate::types::PlanType::Quorum
-            | crate::types::PlanType::K12 => AccountPlanType::Unknown,
-        }
-    }
-
     fn window_minutes_from_seconds(seconds: i32) -> Option<i64> {
         if seconds <= 0 {
             return None;

codex-rs/cli/Cargo.toml

@@ -36,7 +36,6 @@ codex-responses-api-proxy = { workspace = true }
 codex-rmcp-client = { workspace = true }
 codex-stdio-to-uds = { workspace = true }
 codex-tui = { workspace = true }
-codex-tui2 = { workspace = true }
 ctor = { workspace = true }
 libc = { workspace = true }
 owo-colors = { workspace = true }

codex-rs/cli/src/main.rs

@@ -25,7 +25,6 @@ use codex_responses_api_proxy::Args as ResponsesApiProxyArgs;
 use codex_tui::AppExitInfo;
 use codex_tui::Cli as TuiCli;
 use codex_tui::update_action::UpdateAction;
-use codex_tui2 as tui2;
 use owo_colors::OwoColorize;
 use std::path::PathBuf;
 use supports_color::Stream;
@@ -38,11 +37,6 @@ use crate::mcp_cmd::McpCli;
 
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
-use codex_core::config::find_codex_home;
-use codex_core::config::load_config_as_toml_with_cli_overrides;
-use codex_core::features::Feature;
-use codex_core::features::FeatureOverrides;
-use codex_core::features::Features;
 use codex_core::features::is_known_feature_key;
 
 /// Codex CLI
@@ -450,7 +444,7 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                 &mut interactive.config_overrides,
                 root_config_overrides.clone(),
             );
-            let exit_info = run_interactive_tui(interactive, codex_linux_sandbox_exe).await?;
+            let exit_info = codex_tui::run_main(interactive, codex_linux_sandbox_exe).await?;
             handle_app_exit(exit_info)?;
         }
         Some(Subcommand::Exec(mut exec_cli)) => {
@@ -505,7 +499,7 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                 all,
                 config_overrides,
             );
-            let exit_info = run_interactive_tui(interactive, codex_linux_sandbox_exe).await?;
+            let exit_info = codex_tui::run_main(interactive, codex_linux_sandbox_exe).await?;
             handle_app_exit(exit_info)?;
         }
         Some(Subcommand::Login(mut login_cli)) => {
@@ -656,39 +650,6 @@ fn prepend_config_flags(
         .splice(0..0, cli_config_overrides.raw_overrides);
 }
 
-/// Run the interactive Codex TUI, dispatching to either the legacy implementation or the
-/// experimental TUI v2 shim based on feature flags resolved from config.
-async fn run_interactive_tui(
-    interactive: TuiCli,
-    codex_linux_sandbox_exe: Option<PathBuf>,
-) -> std::io::Result<AppExitInfo> {
-    if is_tui2_enabled(&interactive).await? {
-        tui2::run_main(interactive, codex_linux_sandbox_exe).await
-    } else {
-        codex_tui::run_main(interactive, codex_linux_sandbox_exe).await
-    }
-}
-
-/// Returns `Ok(true)` when the resolved configuration enables the `tui2` feature flag.
-///
-/// This performs a lightweight config load (honoring the same precedence as the lower-level TUI
-/// bootstrap: `$CODEX_HOME`, config.toml, profile, and CLI `-c` overrides) solely to decide which
-/// TUI frontend to launch. The full configuration is still loaded later by the interactive TUI.
-async fn is_tui2_enabled(cli: &TuiCli) -> std::io::Result<bool> {
-    let raw_overrides = cli.config_overrides.raw_overrides.clone();
-    let overrides_cli = codex_common::CliConfigOverrides { raw_overrides };
-    let cli_kv_overrides = overrides_cli
-        .parse_overrides()
-        .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidInput, e))?;
-
-    let codex_home = find_codex_home()?;
-    let config_toml = load_config_as_toml_with_cli_overrides(&codex_home, cli_kv_overrides).await?;
-    let config_profile = config_toml.get_config_profile(cli.config_profile.clone())?;
-    let overrides = FeatureOverrides::default();
-    let features = Features::from_config(&config_toml, &config_profile, overrides);
-    Ok(features.enabled(Feature::Tui2))
-}
-
 /// Build the final `TuiCli` for a `codex resume` invocation.
 fn finalize_resume_interactive(
     mut interactive: TuiCli,

codex-rs/cloud-tasks-client/src/api.rs

@@ -127,7 +127,6 @@ impl Default for TaskText {
 #[async_trait::async_trait]
 pub trait CloudBackend: Send + Sync {
     async fn list_tasks(&self, env: Option<&str>) -> Result<Vec<TaskSummary>>;
-    async fn get_task_summary(&self, id: TaskId) -> Result<TaskSummary>;
     async fn get_task_diff(&self, id: TaskId) -> Result<Option<String>>;
     /// Return assistant output messages (no diff) when available.
     async fn get_task_messages(&self, id: TaskId) -> Result<Vec<String>>;

codex-rs/cloud-tasks-client/src/http.rs

@@ -63,10 +63,6 @@ impl CloudBackend for HttpClient {
         self.tasks_api().list(env).await
     }
 
-    async fn get_task_summary(&self, id: TaskId) -> Result<TaskSummary> {
-        self.tasks_api().summary(id).await
-    }
-
     async fn get_task_diff(&self, id: TaskId) -> Result<Option<String>> {
         self.tasks_api().diff(id).await
     }
@@ -153,75 +149,6 @@ mod api {
             Ok(tasks)
         }
 
-        pub(crate) async fn summary(&self, id: TaskId) -> Result<TaskSummary> {
-            let id_str = id.0.clone();
-            let (details, body, ct) = self
-                .details_with_body(&id.0)
-                .await
-                .map_err(|e| CloudTaskError::Http(format!("get_task_details failed: {e}")))?;
-            let parsed: Value = serde_json::from_str(&body).map_err(|e| {
-                CloudTaskError::Http(format!(
-                    "Decode error for {}: {e}; content-type={ct}; body={body}",
-                    id.0
-                ))
-            })?;
-            let task_obj = parsed
-                .get("task")
-                .and_then(Value::as_object)
-                .ok_or_else(|| {
-                    CloudTaskError::Http(format!("Task metadata missing from details for {id_str}"))
-                })?;
-            let status_display = parsed
-                .get("task_status_display")
-                .or_else(|| task_obj.get("task_status_display"))
-                .and_then(Value::as_object)
-                .map(|m| {
-                    m.iter()
-                        .map(|(k, v)| (k.clone(), v.clone()))
-                        .collect::<HashMap<String, Value>>()
-                });
-            let status = map_status(status_display.as_ref());
-            let mut summary = diff_summary_from_status_display(status_display.as_ref());
-            if summary.files_changed == 0
-                && summary.lines_added == 0
-                && summary.lines_removed == 0
-                && let Some(diff) = details.unified_diff()
-            {
-                summary = diff_summary_from_diff(&diff);
-            }
-            let updated_at_raw = task_obj
-                .get("updated_at")
-                .and_then(Value::as_f64)
-                .or_else(|| task_obj.get("created_at").and_then(Value::as_f64))
-                .or_else(|| latest_turn_timestamp(status_display.as_ref()));
-            let environment_id = task_obj
-                .get("environment_id")
-                .and_then(Value::as_str)
-                .map(str::to_string);
-            let environment_label = env_label_from_status_display(status_display.as_ref());
-            let attempt_total = attempt_total_from_status_display(status_display.as_ref());
-            let title = task_obj
-                .get("title")
-                .and_then(Value::as_str)
-                .unwrap_or("<untitled>")
-                .to_string();
-            let is_review = task_obj
-                .get("is_review")
-                .and_then(Value::as_bool)
-                .unwrap_or(false);
-            Ok(TaskSummary {
-                id,
-                title,
-                status,
-                updated_at: parse_updated_at(updated_at_raw.as_ref()),
-                environment_id,
-                environment_label,
-                summary,
-                is_review,
-                attempt_total,
-            })
-        }
-
         pub(crate) async fn diff(&self, id: TaskId) -> Result<Option<String>> {
             let (details, body, ct) = self
                 .details_with_body(&id.0)
@@ -752,34 +679,6 @@ mod api {
             .map(str::to_string)
     }
 
-    fn diff_summary_from_diff(diff: &str) -> DiffSummary {
-        let mut files_changed = 0usize;
-        let mut lines_added = 0usize;
-        let mut lines_removed = 0usize;
-        for line in diff.lines() {
-            if line.starts_with("diff --git ") {
-                files_changed += 1;
-                continue;
-            }
-            if line.starts_with("+++") || line.starts_with("---") || line.starts_with("@@") {
-                continue;
-            }
-            match line.as_bytes().first() {
-                Some(b'+') => lines_added += 1,
-                Some(b'-') => lines_removed += 1,
-                _ => {}
-            }
-        }
-        if files_changed == 0 && !diff.trim().is_empty() {
-            files_changed = 1;
-        }
-        DiffSummary {
-            files_changed,
-            lines_added,
-            lines_removed,
-        }
-    }
-
     fn diff_summary_from_status_display(v: Option<&HashMap<String, Value>>) -> DiffSummary {
         let mut out = DiffSummary::default();
         let Some(map) = v else { return out };
@@ -801,17 +700,6 @@ mod api {
         out
     }
 
-    fn latest_turn_timestamp(v: Option<&HashMap<String, Value>>) -> Option<f64> {
-        let map = v?;
-        let latest = map
-            .get("latest_turn_status_display")
-            .and_then(Value::as_object)?;
-        latest
-            .get("updated_at")
-            .or_else(|| latest.get("created_at"))
-            .and_then(Value::as_f64)
-    }
-
     fn attempt_total_from_status_display(v: Option<&HashMap<String, Value>>) -> Option<usize> {
         let map = v?;
         let latest = map

codex-rs/cloud-tasks-client/src/mock.rs

@@ -1,7 +1,6 @@
 use crate::ApplyOutcome;
 use crate::AttemptStatus;
 use crate::CloudBackend;
-use crate::CloudTaskError;
 use crate::DiffSummary;
 use crate::Result;
 use crate::TaskId;
@@ -61,14 +60,6 @@ impl CloudBackend for MockClient {
         Ok(out)
     }
 
-    async fn get_task_summary(&self, id: TaskId) -> Result<TaskSummary> {
-        let tasks = self.list_tasks(None).await?;
-        tasks
-            .into_iter()
-            .find(|t| t.id == id)
-            .ok_or_else(|| CloudTaskError::Msg(format!("Task {} not found (mock)", id.0)))
-    }
-
     async fn get_task_diff(&self, id: TaskId) -> Result<Option<String>> {
         Ok(Some(mock_diff_for(&id)))
     }

codex-rs/cloud-tasks/Cargo.toml

@@ -34,9 +34,6 @@ tokio-stream = { workspace = true }
 tracing = { workspace = true, features = ["log"] }
 tracing-subscriber = { workspace = true, features = ["env-filter"] }
 unicode-width = { workspace = true }
-owo-colors = { workspace = true, features = ["supports-colors"] }
-supports-color = { workspace = true }
 
 [dev-dependencies]
 async-trait = { workspace = true }
-pretty_assertions = { workspace = true }

codex-rs/cloud-tasks/src/app.rs

@@ -350,7 +350,6 @@ pub enum AppEvent {
 mod tests {
     use super::*;
     use chrono::Utc;
-    use codex_cloud_tasks_client::CloudTaskError;
 
     struct FakeBackend {
         // maps env key to titles
@@ -386,17 +385,6 @@ mod tests {
             Ok(out)
         }
 
-        async fn get_task_summary(
-            &self,
-            id: TaskId,
-        ) -> codex_cloud_tasks_client::Result<TaskSummary> {
-            self.list_tasks(None)
-                .await?
-                .into_iter()
-                .find(|t| t.id == id)
-                .ok_or_else(|| CloudTaskError::Msg(format!("Task {} not found", id.0)))
-        }
-
         async fn get_task_diff(
             &self,
             _id: TaskId,

codex-rs/cloud-tasks/src/cli.rs

@@ -16,12 +16,6 @@ pub struct Cli {
 pub enum Command {
     /// Submit a new Codex Cloud task without launching the TUI.
     Exec(ExecCommand),
-    /// Show the status of a Codex Cloud task.
-    Status(StatusCommand),
-    /// Apply the diff for a Codex Cloud task locally.
-    Apply(ApplyCommand),
-    /// Show the unified diff for a Codex Cloud task.
-    Diff(DiffCommand),
 }
 
 #[derive(Debug, Args)]
@@ -57,32 +51,3 @@ fn parse_attempts(input: &str) -> Result<usize, String> {
         Err("attempts must be between 1 and 4".to_string())
     }
 }
-
-#[derive(Debug, Args)]
-pub struct StatusCommand {
-    /// Codex Cloud task identifier to inspect.
-    #[arg(value_name = "TASK_ID")]
-    pub task_id: String,
-}
-
-#[derive(Debug, Args)]
-pub struct ApplyCommand {
-    /// Codex Cloud task identifier to apply.
-    #[arg(value_name = "TASK_ID")]
-    pub task_id: String,
-
-    /// Attempt number to apply (1-based).
-    #[arg(long = "attempt", value_parser = parse_attempts, value_name = "N")]
-    pub attempt: Option<usize>,
-}
-
-#[derive(Debug, Args)]
-pub struct DiffCommand {
-    /// Codex Cloud task identifier to display.
-    #[arg(value_name = "TASK_ID")]
-    pub task_id: String,
-
-    /// Attempt number to display (1-based).
-    #[arg(long = "attempt", value_parser = parse_attempts, value_name = "N")]
-    pub attempt: Option<usize>,
-}

codex-rs/cloud-tasks/src/lib.rs

@@ -8,24 +8,17 @@ pub mod util;
 pub use cli::Cli;
 
 use anyhow::anyhow;
-use chrono::Utc;
-use codex_cloud_tasks_client::TaskStatus;
 use codex_login::AuthManager;
-use owo_colors::OwoColorize;
-use owo_colors::Stream;
-use std::cmp::Ordering;
 use std::io::IsTerminal;
 use std::io::Read;
 use std::path::PathBuf;
 use std::sync::Arc;
 use std::time::Duration;
 use std::time::Instant;
-use supports_color::Stream as SupportStream;
 use tokio::sync::mpsc::UnboundedSender;
 use tracing::info;
 use tracing_subscriber::EnvFilter;
 use util::append_error_log;
-use util::format_relative_time;
 use util::set_user_agent_suffix;
 
 struct ApplyJob {
@@ -200,273 +193,6 @@ fn resolve_query_input(query_arg: Option<String>) -> anyhow::Result<String> {
     }
 }
 
-fn parse_task_id(raw: &str) -> anyhow::Result<codex_cloud_tasks_client::TaskId> {
-    let trimmed = raw.trim();
-    if trimmed.is_empty() {
-        anyhow::bail!("task id must not be empty");
-    }
-    let without_fragment = trimmed.split('#').next().unwrap_or(trimmed);
-    let without_query = without_fragment
-        .split('?')
-        .next()
-        .unwrap_or(without_fragment);
-    let id = without_query
-        .rsplit('/')
-        .next()
-        .unwrap_or(without_query)
-        .trim();
-    if id.is_empty() {
-        anyhow::bail!("task id must not be empty");
-    }
-    Ok(codex_cloud_tasks_client::TaskId(id.to_string()))
-}
-
-#[derive(Clone, Debug)]
-struct AttemptDiffData {
-    placement: Option<i64>,
-    created_at: Option<chrono::DateTime<Utc>>,
-    diff: String,
-}
-
-fn cmp_attempt(lhs: &AttemptDiffData, rhs: &AttemptDiffData) -> Ordering {
-    match (lhs.placement, rhs.placement) {
-        (Some(a), Some(b)) => a.cmp(&b),
-        (Some(_), None) => Ordering::Less,
-        (None, Some(_)) => Ordering::Greater,
-        (None, None) => match (lhs.created_at, rhs.created_at) {
-            (Some(a), Some(b)) => a.cmp(&b),
-            (Some(_), None) => Ordering::Less,
-            (None, Some(_)) => Ordering::Greater,
-            (None, None) => Ordering::Equal,
-        },
-    }
-}
-
-async fn collect_attempt_diffs(
-    backend: &dyn codex_cloud_tasks_client::CloudBackend,
-    task_id: &codex_cloud_tasks_client::TaskId,
-) -> anyhow::Result<Vec<AttemptDiffData>> {
-    let text =
-        codex_cloud_tasks_client::CloudBackend::get_task_text(backend, task_id.clone()).await?;
-    let mut attempts = Vec::new();
-    if let Some(diff) =
-        codex_cloud_tasks_client::CloudBackend::get_task_diff(backend, task_id.clone()).await?
-    {
-        attempts.push(AttemptDiffData {
-            placement: text.attempt_placement,
-            created_at: None,
-            diff,
-        });
-    }
-    if let Some(turn_id) = text.turn_id {
-        let siblings = codex_cloud_tasks_client::CloudBackend::list_sibling_attempts(
-            backend,
-            task_id.clone(),
-            turn_id,
-        )
-        .await?;
-        for sibling in siblings {
-            if let Some(diff) = sibling.diff {
-                attempts.push(AttemptDiffData {
-                    placement: sibling.attempt_placement,
-                    created_at: sibling.created_at,
-                    diff,
-                });
-            }
-        }
-    }
-    attempts.sort_by(cmp_attempt);
-    if attempts.is_empty() {
-        anyhow::bail!(
-            "No diff available for task {}; it may still be running.",
-            task_id.0
-        );
-    }
-    Ok(attempts)
-}
-
-fn select_attempt(
-    attempts: &[AttemptDiffData],
-    attempt: Option<usize>,
-) -> anyhow::Result<&AttemptDiffData> {
-    if attempts.is_empty() {
-        anyhow::bail!("No attempts available");
-    }
-    let desired = attempt.unwrap_or(1);
-    let idx = desired
-        .checked_sub(1)
-        .ok_or_else(|| anyhow!("attempt must be at least 1"))?;
-    if idx >= attempts.len() {
-        anyhow::bail!(
-            "Attempt {desired} not available; only {} attempt(s) found",
-            attempts.len()
-        );
-    }
-    Ok(&attempts[idx])
-}
-
-fn task_status_label(status: &TaskStatus) -> &'static str {
-    match status {
-        TaskStatus::Pending => "PENDING",
-        TaskStatus::Ready => "READY",
-        TaskStatus::Applied => "APPLIED",
-        TaskStatus::Error => "ERROR",
-    }
-}
-
-fn summary_line(summary: &codex_cloud_tasks_client::DiffSummary, colorize: bool) -> String {
-    if summary.files_changed == 0 && summary.lines_added == 0 && summary.lines_removed == 0 {
-        let base = "no diff";
-        return if colorize {
-            base.if_supports_color(Stream::Stdout, |t| t.dimmed())
-                .to_string()
-        } else {
-            base.to_string()
-        };
-    }
-    let adds = summary.lines_added;
-    let dels = summary.lines_removed;
-    let files = summary.files_changed;
-    if colorize {
-        let adds_raw = format!("+{adds}");
-        let adds_str = adds_raw
-            .as_str()
-            .if_supports_color(Stream::Stdout, |t| t.green())
-            .to_string();
-        let dels_raw = format!("-{dels}");
-        let dels_str = dels_raw
-            .as_str()
-            .if_supports_color(Stream::Stdout, |t| t.red())
-            .to_string();
-        let bullet = "•"
-            .if_supports_color(Stream::Stdout, |t| t.dimmed())
-            .to_string();
-        let file_label = "file"
-            .if_supports_color(Stream::Stdout, |t| t.dimmed())
-            .to_string();
-        let plural = if files == 1 { "" } else { "s" };
-        format!("{adds_str}/{dels_str}  {bullet}  {files} {file_label}{plural}")
-    } else {
-        format!(
-            "+{adds}/-{dels} • {files} file{}",
-            if files == 1 { "" } else { "s" }
-        )
-    }
-}
-
-fn format_task_status_lines(
-    task: &codex_cloud_tasks_client::TaskSummary,
-    now: chrono::DateTime<Utc>,
-    colorize: bool,
-) -> Vec<String> {
-    let mut lines = Vec::new();
-    let status = task_status_label(&task.status);
-    let status = if colorize {
-        match task.status {
-            TaskStatus::Ready => status
-                .if_supports_color(Stream::Stdout, |t| t.green())
-                .to_string(),
-            TaskStatus::Pending => status
-                .if_supports_color(Stream::Stdout, |t| t.magenta())
-                .to_string(),
-            TaskStatus::Applied => status
-                .if_supports_color(Stream::Stdout, |t| t.blue())
-                .to_string(),
-            TaskStatus::Error => status
-                .if_supports_color(Stream::Stdout, |t| t.red())
-                .to_string(),
-        }
-    } else {
-        status.to_string()
-    };
-    lines.push(format!("[{status}] {}", task.title));
-    let mut meta_parts = Vec::new();
-    if let Some(label) = task.environment_label.as_deref().filter(|s| !s.is_empty()) {
-        if colorize {
-            meta_parts.push(
-                label
-                    .if_supports_color(Stream::Stdout, |t| t.dimmed())
-                    .to_string(),
-            );
-        } else {
-            meta_parts.push(label.to_string());
-        }
-    } else if let Some(id) = task.environment_id.as_deref() {
-        if colorize {
-            meta_parts.push(
-                id.if_supports_color(Stream::Stdout, |t| t.dimmed())
-                    .to_string(),
-            );
-        } else {
-            meta_parts.push(id.to_string());
-        }
-    }
-    let when = format_relative_time(now, task.updated_at);
-    meta_parts.push(if colorize {
-        when.as_str()
-            .if_supports_color(Stream::Stdout, |t| t.dimmed())
-            .to_string()
-    } else {
-        when
-    });
-    let sep = if colorize {
-        "  •  "
-            .if_supports_color(Stream::Stdout, |t| t.dimmed())
-            .to_string()
-    } else {
-        "  •  ".to_string()
-    };
-    lines.push(meta_parts.join(&sep));
-    lines.push(summary_line(&task.summary, colorize));
-    lines
-}
-
-async fn run_status_command(args: crate::cli::StatusCommand) -> anyhow::Result<()> {
-    let ctx = init_backend("codex_cloud_tasks_status").await?;
-    let task_id = parse_task_id(&args.task_id)?;
-    let summary =
-        codex_cloud_tasks_client::CloudBackend::get_task_summary(&*ctx.backend, task_id).await?;
-    let now = Utc::now();
-    let colorize = supports_color::on(SupportStream::Stdout).is_some();
-    for line in format_task_status_lines(&summary, now, colorize) {
-        println!("{line}");
-    }
-    if !matches!(summary.status, TaskStatus::Ready) {
-        std::process::exit(1);
-    }
-    Ok(())
-}
-
-async fn run_diff_command(args: crate::cli::DiffCommand) -> anyhow::Result<()> {
-    let ctx = init_backend("codex_cloud_tasks_diff").await?;
-    let task_id = parse_task_id(&args.task_id)?;
-    let attempts = collect_attempt_diffs(&*ctx.backend, &task_id).await?;
-    let selected = select_attempt(&attempts, args.attempt)?;
-    print!("{}", selected.diff);
-    Ok(())
-}
-
-async fn run_apply_command(args: crate::cli::ApplyCommand) -> anyhow::Result<()> {
-    let ctx = init_backend("codex_cloud_tasks_apply").await?;
-    let task_id = parse_task_id(&args.task_id)?;
-    let attempts = collect_attempt_diffs(&*ctx.backend, &task_id).await?;
-    let selected = select_attempt(&attempts, args.attempt)?;
-    let outcome = codex_cloud_tasks_client::CloudBackend::apply_task(
-        &*ctx.backend,
-        task_id,
-        Some(selected.diff.clone()),
-    )
-    .await?;
-    println!("{}", outcome.message);
-    if !matches!(
-        outcome.status,
-        codex_cloud_tasks_client::ApplyStatus::Success
-    ) {
-        std::process::exit(1);
-    }
-    Ok(())
-}
-
 fn level_from_status(status: codex_cloud_tasks_client::ApplyStatus) -> app::ApplyResultLevel {
     match status {
         codex_cloud_tasks_client::ApplyStatus::Success => app::ApplyResultLevel::Success,
@@ -596,9 +322,6 @@ pub async fn run_main(cli: Cli, _codex_linux_sandbox_exe: Option<PathBuf>) -> an
     if let Some(command) = cli.command {
         return match command {
             crate::cli::Command::Exec(args) => run_exec_command(args).await,
-            crate::cli::Command::Status(args) => run_status_command(args).await,
-            crate::cli::Command::Apply(args) => run_apply_command(args).await,
-            crate::cli::Command::Diff(args) => run_diff_command(args).await,
         };
     }
     let Cli { .. } = cli;
@@ -1990,111 +1713,14 @@ fn pretty_lines_from_error(raw: &str) -> Vec<String> {
 
 #[cfg(test)]
 mod tests {
-    use super::*;
-    use codex_cloud_tasks_client::DiffSummary;
-    use codex_cloud_tasks_client::MockClient;
-    use codex_cloud_tasks_client::TaskId;
-    use codex_cloud_tasks_client::TaskStatus;
-    use codex_cloud_tasks_client::TaskSummary;
     use codex_tui::ComposerAction;
     use codex_tui::ComposerInput;
     use crossterm::event::KeyCode;
     use crossterm::event::KeyEvent;
     use crossterm::event::KeyModifiers;
-    use pretty_assertions::assert_eq;
     use ratatui::buffer::Buffer;
     use ratatui::layout::Rect;
 
-    #[test]
-    fn format_task_status_lines_with_diff_and_label() {
-        let now = Utc::now();
-        let task = TaskSummary {
-            id: TaskId("task_1".to_string()),
-            title: "Example task".to_string(),
-            status: TaskStatus::Ready,
-            updated_at: now,
-            environment_id: Some("env-1".to_string()),
-            environment_label: Some("Env".to_string()),
-            summary: DiffSummary {
-                files_changed: 3,
-                lines_added: 5,
-                lines_removed: 2,
-            },
-            is_review: false,
-            attempt_total: None,
-        };
-        let lines = format_task_status_lines(&task, now, false);
-        assert_eq!(
-            lines,
-            vec![
-                "[READY] Example task".to_string(),
-                "Env  •  0s ago".to_string(),
-                "+5/-2 • 3 files".to_string(),
-            ]
-        );
-    }
-
-    #[test]
-    fn format_task_status_lines_without_diff_falls_back() {
-        let now = Utc::now();
-        let task = TaskSummary {
-            id: TaskId("task_2".to_string()),
-            title: "No diff task".to_string(),
-            status: TaskStatus::Pending,
-            updated_at: now,
-            environment_id: Some("env-2".to_string()),
-            environment_label: None,
-            summary: DiffSummary::default(),
-            is_review: false,
-            attempt_total: Some(1),
-        };
-        let lines = format_task_status_lines(&task, now, false);
-        assert_eq!(
-            lines,
-            vec![
-                "[PENDING] No diff task".to_string(),
-                "env-2  •  0s ago".to_string(),
-                "no diff".to_string(),
-            ]
-        );
-    }
-
-    #[tokio::test]
-    async fn collect_attempt_diffs_includes_sibling_attempts() {
-        let backend = MockClient;
-        let task_id = parse_task_id("https://chatgpt.com/codex/tasks/T-1000").expect("id");
-        let attempts = collect_attempt_diffs(&backend, &task_id)
-            .await
-            .expect("attempts");
-        assert_eq!(attempts.len(), 2);
-        assert_eq!(attempts[0].placement, Some(0));
-        assert_eq!(attempts[1].placement, Some(1));
-        assert!(!attempts[0].diff.is_empty());
-        assert!(!attempts[1].diff.is_empty());
-    }
-
-    #[test]
-    fn select_attempt_validates_bounds() {
-        let attempts = vec![AttemptDiffData {
-            placement: Some(0),
-            created_at: None,
-            diff: "diff --git a/file b/file\n".to_string(),
-        }];
-        let first = select_attempt(&attempts, Some(1)).expect("attempt 1");
-        assert_eq!(first.diff, "diff --git a/file b/file\n");
-        assert!(select_attempt(&attempts, Some(2)).is_err());
-    }
-
-    #[test]
-    fn parse_task_id_from_url_and_raw() {
-        let raw = parse_task_id("task_i_abc123").expect("raw id");
-        assert_eq!(raw.0, "task_i_abc123");
-        let url =
-            parse_task_id("https://chatgpt.com/codex/tasks/task_i_123456?foo=bar").expect("url id");
-        assert_eq!(url.0, "task_i_123456");
-        assert!(parse_task_id("   ").is_err());
-    }
-
     #[test]
     #[ignore = "very slow"]
     fn composer_input_renders_typed_characters() {

codex-rs/cloud-tasks/src/ui.rs

@@ -20,7 +20,8 @@ use std::time::Instant;
 
 use crate::app::App;
 use crate::app::AttemptView;
-use crate::util::format_relative_time_now;
+use chrono::Local;
+use chrono::Utc;
 use codex_cloud_tasks_client::AttemptStatus;
 use codex_cloud_tasks_client::TaskStatus;
 use codex_tui::render_markdown_text;
@@ -803,7 +804,7 @@ fn render_task_item(_app: &App, t: &codex_cloud_tasks_client::TaskSummary) -> Li
     if let Some(lbl) = t.environment_label.as_ref().filter(|s| !s.is_empty()) {
         meta.push(lbl.clone().dim());
     }
-    let when = format_relative_time_now(t.updated_at).dim();
+    let when = format_relative_time(t.updated_at).dim();
     if !meta.is_empty() {
         meta.push("  ".into());
         meta.push("•".dim());
@@ -840,6 +841,27 @@ fn render_task_item(_app: &App, t: &codex_cloud_tasks_client::TaskSummary) -> Li
     ListItem::new(vec![title, meta_line, sub, spacer])
 }
 
+fn format_relative_time(ts: chrono::DateTime<Utc>) -> String {
+    let now = Utc::now();
+    let mut secs = (now - ts).num_seconds();
+    if secs < 0 {
+        secs = 0;
+    }
+    if secs < 60 {
+        return format!("{secs}s ago");
+    }
+    let mins = secs / 60;
+    if mins < 60 {
+        return format!("{mins}m ago");
+    }
+    let hours = mins / 60;
+    if hours < 24 {
+        return format!("{hours}h ago");
+    }
+    let local = ts.with_timezone(&Local);
+    local.format("%b %e %H:%M").to_string()
+}
+
 fn draw_inline_spinner(
     frame: &mut Frame,
     area: Rect,

codex-rs/cloud-tasks/src/util.rs

@@ -1,6 +1,4 @@
 use base64::Engine as _;
-use chrono::DateTime;
-use chrono::Local;
 use chrono::Utc;
 use reqwest::header::HeaderMap;
 
@@ -122,27 +120,3 @@ pub fn task_url(base_url: &str, task_id: &str) -> String {
     }
     format!("{normalized}/codex/tasks/{task_id}")
 }
-
-pub fn format_relative_time(reference: DateTime<Utc>, ts: DateTime<Utc>) -> String {
-    let mut secs = (reference - ts).num_seconds();
-    if secs < 0 {
-        secs = 0;
-    }
-    if secs < 60 {
-        return format!("{secs}s ago");
-    }
-    let mins = secs / 60;
-    if mins < 60 {
-        return format!("{mins}m ago");
-    }
-    let hours = mins / 60;
-    if hours < 24 {
-        return format!("{hours}h ago");
-    }
-    let local = ts.with_timezone(&Local);
-    local.format("%b %e %H:%M").to_string()
-}
-
-pub fn format_relative_time_now(ts: DateTime<Utc>) -> String {
-    format_relative_time(Utc::now(), ts)
-}

codex-rs/codex-api/src/endpoint/models.rs

@@ -8,7 +8,6 @@ use codex_client::RequestTelemetry;
 use codex_protocol::openai_models::ModelsResponse;
 use http::HeaderMap;
 use http::Method;
-use http::header::ETAG;
 use std::sync::Arc;
 
 pub struct ModelsClient<T: HttpTransport, A: AuthProvider> {
@@ -60,23 +59,12 @@ impl<T: HttpTransport, A: AuthProvider> ModelsClient<T, A> {
         )
         .await?;
 
-        let header_etag = resp
-            .headers
-            .get(ETAG)
-            .and_then(|value| value.to_str().ok())
-            .map(ToString::to_string);
-
-        let ModelsResponse { models, etag } = serde_json::from_slice::<ModelsResponse>(&resp.body)
-            .map_err(|e| {
-                ApiError::Stream(format!(
-                    "failed to decode models response: {e}; body: {}",
-                    String::from_utf8_lossy(&resp.body)
-                ))
-            })?;
-
-        let etag = header_etag.unwrap_or(etag);
-
-        Ok(ModelsResponse { models, etag })
+        serde_json::from_slice::<ModelsResponse>(&resp.body).map_err(|e| {
+            ApiError::Stream(format!(
+                "failed to decode models response: {e}; body: {}",
+                String::from_utf8_lossy(&resp.body)
+            ))
+        })
     }
 }
 
@@ -98,36 +86,20 @@ mod tests {
     use std::sync::Mutex;
     use std::time::Duration;
 
-    #[derive(Clone)]
+    #[derive(Clone, Default)]
     struct CapturingTransport {
         last_request: Arc<Mutex<Option<Request>>>,
         body: Arc<ModelsResponse>,
     }
 
-    impl Default for CapturingTransport {
-        fn default() -> Self {
-            Self {
-                last_request: Arc::new(Mutex::new(None)),
-                body: Arc::new(ModelsResponse {
-                    models: Vec::new(),
-                    etag: String::new(),
-                }),
-            }
-        }
-    }
-
     #[async_trait]
     impl HttpTransport for CapturingTransport {
         async fn execute(&self, req: Request) -> Result<Response, TransportError> {
             *self.last_request.lock().unwrap() = Some(req);
             let body = serde_json::to_vec(&*self.body).unwrap();
-            let mut headers = HeaderMap::new();
-            if !self.body.etag.is_empty() {
-                headers.insert(ETAG, self.body.etag.parse().unwrap());
-            }
             Ok(Response {
                 status: StatusCode::OK,
-                headers,
+                headers: HeaderMap::new(),
                 body: body.into(),
             })
         }
@@ -166,10 +138,7 @@ mod tests {
 
     #[tokio::test]
     async fn appends_client_version_query() {
-        let response = ModelsResponse {
-            models: Vec::new(),
-            etag: String::new(),
-        };
+        let response = ModelsResponse { models: Vec::new() };
 
         let transport = CapturingTransport {
             last_request: Arc::new(Mutex::new(None)),
@@ -212,17 +181,15 @@ mod tests {
                     "display_name": "gpt-test",
                     "description": "desc",
                     "default_reasoning_level": "medium",
-                    "supported_reasoning_levels": [{"effort": "low", "description": "low"}, {"effort": "medium", "description": "medium"}, {"effort": "high", "description": "high"}],
+                    "supported_reasoning_levels": ["low", "medium", "high"],
                     "shell_type": "shell_command",
                     "visibility": "list",
                     "minimal_client_version": [0, 99, 0],
                     "supported_in_api": true,
-                    "priority": 1,
-                    "upgrade": null,
+                    "priority": 1
                 }))
                 .unwrap(),
             ],
-            etag: String::new(),
         };
 
         let transport = CapturingTransport {
@@ -246,31 +213,4 @@ mod tests {
         assert_eq!(result.models[0].supported_in_api, true);
         assert_eq!(result.models[0].priority, 1);
     }
-
-    #[tokio::test]
-    async fn list_models_includes_etag() {
-        let response = ModelsResponse {
-            models: Vec::new(),
-            etag: "\"abc\"".to_string(),
-        };
-
-        let transport = CapturingTransport {
-            last_request: Arc::new(Mutex::new(None)),
-            body: Arc::new(response),
-        };
-
-        let client = ModelsClient::new(
-            transport,
-            provider("https://example.com/api/codex"),
-            DummyAuth,
-        );
-
-        let result = client
-            .list_models("0.1.0", HeaderMap::new())
-            .await
-            .expect("request should succeed");
-
-        assert_eq!(result.models.len(), 0);
-        assert_eq!(result.etag, "\"abc\"");
-    }
 }

codex-rs/codex-api/src/rate_limits.rs

@@ -37,7 +37,6 @@ pub fn parse_rate_limit(headers: &HeaderMap) -> Option<RateLimitSnapshot> {
         primary,
         secondary,
         credits,
-        plan_type: None,
     })
 }
 

codex-rs/codex-api/src/sse/chat.rs

@@ -10,7 +10,6 @@ use eventsource_stream::Eventsource;
 use futures::Stream;
 use futures::StreamExt;
 use std::collections::HashMap;
-use std::collections::HashSet;
 use std::time::Duration;
 use tokio::sync::mpsc;
 use tokio::time::Instant;
@@ -42,17 +41,12 @@ pub async fn process_chat_sse<S>(
 
     #[derive(Default, Debug)]
     struct ToolCallState {
-        id: Option<String>,
         name: Option<String>,
         arguments: String,
     }
 
-    let mut tool_calls: HashMap<usize, ToolCallState> = HashMap::new();
-    let mut tool_call_order: Vec<usize> = Vec::new();
-    let mut tool_call_order_seen: HashSet<usize> = HashSet::new();
-    let mut tool_call_index_by_id: HashMap<String, usize> = HashMap::new();
-    let mut next_tool_call_index = 0usize;
-    let mut last_tool_call_index: Option<usize> = None;
+    let mut tool_calls: HashMap<String, ToolCallState> = HashMap::new();
+    let mut tool_call_order: Vec<String> = Vec::new();
     let mut assistant_item: Option<ResponseItem> = None;
     let mut reasoning_item: Option<ResponseItem> = None;
     let mut completed_sent = false;
@@ -155,55 +149,26 @@ pub async fn process_chat_sse<S>(
 
                 if let Some(tool_call_values) = delta.get("tool_calls").and_then(|c| c.as_array()) {
                     for tool_call in tool_call_values {
-                        let mut index = tool_call
-                            .get("index")
-                            .and_then(serde_json::Value::as_u64)
-                            .map(|i| i as usize);
+                        let id = tool_call
+                            .get("id")
+                            .and_then(|i| i.as_str())
+                            .map(str::to_string)
+                            .unwrap_or_else(|| format!("tool-call-{}", tool_call_order.len()));
 
-                        let mut call_id_for_lookup = None;
-                        if let Some(call_id) = tool_call.get("id").and_then(|i| i.as_str()) {
-                            call_id_for_lookup = Some(call_id.to_string());
-                            if let Some(existing) = tool_call_index_by_id.get(call_id) {
-                                index = Some(*existing);
-                            }
-                        }
-
-                        if index.is_none() && call_id_for_lookup.is_none() {
-                            index = last_tool_call_index;
-                        }
-
-                        let index = index.unwrap_or_else(|| {
-                            while tool_calls.contains_key(&next_tool_call_index) {
-                                next_tool_call_index += 1;
-                            }
-                            let idx = next_tool_call_index;
-                            next_tool_call_index += 1;
-                            idx
-                        });
-
-                        let call_state = tool_calls.entry(index).or_default();
-                        if tool_call_order_seen.insert(index) {
-                            tool_call_order.push(index);
-                        }
-
-                        if let Some(id) = tool_call.get("id").and_then(|i| i.as_str()) {
-                            call_state.id.get_or_insert_with(|| id.to_string());
-                            tool_call_index_by_id.entry(id.to_string()).or_insert(index);
+                        let call_state = tool_calls.entry(id.clone()).or_default();
+                        if !tool_call_order.contains(&id) {
+                            tool_call_order.push(id.clone());
                         }
 
                         if let Some(func) = tool_call.get("function") {
-                            if let Some(fname) = func.get("name").and_then(|n| n.as_str())
-                                && !fname.is_empty()
-                            {
-                                call_state.name.get_or_insert_with(|| fname.to_string());
+                            if let Some(fname) = func.get("name").and_then(|n| n.as_str()) {
+                                call_state.name = Some(fname.to_string());
                             }
                             if let Some(arguments) = func.get("arguments").and_then(|a| a.as_str())
                             {
                                 call_state.arguments.push_str(arguments);
                             }
                         }
-
-                        last_tool_call_index = Some(index);
                     }
                 }
             }
@@ -257,25 +222,13 @@ pub async fn process_chat_sse<S>(
                         .await;
                 }
 
-                for index in tool_call_order.drain(..) {
-                    let Some(state) = tool_calls.remove(&index) else {
-                        continue;
-                    };
-                    tool_call_order_seen.remove(&index);
-                    let ToolCallState {
-                        id,
-                        name,
-                        arguments,
-                    } = state;
-                    let Some(name) = name else {
-                        debug!("Skipping tool call at index {index} because name is missing");
-                        continue;
-                    };
+                for call_id in tool_call_order.drain(..) {
+                    let state = tool_calls.remove(&call_id).unwrap_or_default();
                     let item = ResponseItem::FunctionCall {
                         id: None,
-                        name,
-                        arguments,
-                        call_id: id.unwrap_or_else(|| format!("tool-call-{index}")),
+                        name: state.name.unwrap_or_default(),
+                        arguments: state.arguments,
+                        call_id: call_id.clone(),
                     };
                     let _ = tx_event.send(Ok(ResponseEvent::OutputItemDone(item))).await;
                 }
@@ -380,59 +333,6 @@ mod tests {
         out
     }
 
-    #[tokio::test]
-    async fn concatenates_tool_call_arguments_across_deltas() {
-        let delta_name = json!({
-            "choices": [{
-                "delta": {
-                    "tool_calls": [{
-                        "id": "call_a",
-                        "index": 0,
-                        "function": { "name": "do_a" }
-                    }]
-                }
-            }]
-        });
-
-        let delta_args_1 = json!({
-            "choices": [{
-                "delta": {
-                    "tool_calls": [{
-                        "index": 0,
-                        "function": { "arguments": "{ \"foo\":" }
-                    }]
-                }
-            }]
-        });
-
-        let delta_args_2 = json!({
-            "choices": [{
-                "delta": {
-                    "tool_calls": [{
-                        "index": 0,
-                        "function": { "arguments": "1}" }
-                    }]
-                }
-            }]
-        });
-
-        let finish = json!({
-            "choices": [{
-                "finish_reason": "tool_calls"
-            }]
-        });
-
-        let body = build_body(&[delta_name, delta_args_1, delta_args_2, finish]);
-        let events = collect_events(&body).await;
-        assert_matches!(
-            &events[..],
-            [
-                ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id, name, arguments, .. }),
-                ResponseEvent::Completed { .. }
-            ] if call_id == "call_a" && name == "do_a" && arguments == "{ \"foo\":1}"
-        );
-    }
-
     #[tokio::test]
     async fn emits_multiple_tool_calls() {
         let delta_a = json!({
@@ -465,74 +365,50 @@ mod tests {
 
         let body = build_body(&[delta_a, delta_b, finish]);
         let events = collect_events(&body).await;
+        assert_eq!(events.len(), 3);
+
         assert_matches!(
-            &events[..],
-            [
-                ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id: call_a, name: name_a, arguments: args_a, .. }),
-                ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id: call_b, name: name_b, arguments: args_b, .. }),
-                ResponseEvent::Completed { .. }
-            ] if call_a == "call_a" && name_a == "do_a" && args_a == "{\"foo\":1}" && call_b == "call_b" && name_b == "do_b" && args_b == "{\"bar\":2}"
+            &events[0],
+            ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id, name, arguments, .. })
+            if call_id == "call_a" && name == "do_a" && arguments == "{\"foo\":1}"
         );
+        assert_matches!(
+            &events[1],
+            ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id, name, arguments, .. })
+            if call_id == "call_b" && name == "do_b" && arguments == "{\"bar\":2}"
+        );
+        assert_matches!(events[2], ResponseEvent::Completed { .. });
     }
 
     #[tokio::test]
-    async fn emits_tool_calls_for_multiple_choices() {
-        let payload = json!({
-            "choices": [
-                {
-                    "delta": {
-                        "tool_calls": [{
-                            "id": "call_a",
-                            "index": 0,
-                            "function": { "name": "do_a", "arguments": "{}" }
-                        }]
-                    },
-                    "finish_reason": "tool_calls"
-                },
-                {
-                    "delta": {
-                        "tool_calls": [{
-                            "id": "call_b",
-                            "index": 0,
-                            "function": { "name": "do_b", "arguments": "{}" }
-                        }]
-                    },
-                    "finish_reason": "tool_calls"
-                }
-            ]
-        });
-
-        let body = build_body(&[payload]);
-        let events = collect_events(&body).await;
-        assert_matches!(
-            &events[..],
-            [
-                ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id: call_a, name: name_a, arguments: args_a, .. }),
-                ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { call_id: call_b, name: name_b, arguments: args_b, .. }),
-                ResponseEvent::Completed { .. }
-            ] if call_a == "call_a" && name_a == "do_a" && args_a == "{}" && call_b == "call_b" && name_b == "do_b" && args_b == "{}"
-        );
-    }
-
-    #[tokio::test]
-    async fn merges_tool_calls_by_index_when_id_missing_on_subsequent_deltas() {
-        let delta_with_id = json!({
+    async fn concatenates_tool_call_arguments_across_deltas() {
+        let delta_name = json!({
             "choices": [{
                 "delta": {
                     "tool_calls": [{
-                        "index": 0,
                         "id": "call_a",
-                        "function": { "name": "do_a", "arguments": "{ \"foo\":" }
+                        "function": { "name": "do_a" }
                     }]
                 }
             }]
         });
 
-        let delta_without_id = json!({
+        let delta_args_1 = json!({
             "choices": [{
                 "delta": {
                     "tool_calls": [{
-                        "index": 0,
+                        "id": "call_a",
+                        "function": { "arguments": "{ \"foo\":" }
+                    }]
+                }
+            }]
+        });
+
+        let delta_args_2 = json!({
+            "choices": [{
+                "delta": {
+                    "tool_calls": [{
+                        "id": "call_a",
                         "function": { "arguments": "1}" }
                     }]
                 }
@@ -545,7 +421,7 @@ mod tests {
             }]
         });
 
-        let body = build_body(&[delta_with_id, delta_without_id, finish]);
+        let body = build_body(&[delta_name, delta_args_1, delta_args_2, finish]);
         let events = collect_events(&body).await;
         assert_matches!(
             &events[..],
@@ -556,47 +432,6 @@ mod tests {
         );
     }
 
-    #[tokio::test]
-    async fn preserves_tool_call_name_when_empty_deltas_arrive() {
-        let delta_with_name = json!({
-            "choices": [{
-                "delta": {
-                    "tool_calls": [{
-                        "id": "call_a",
-                        "function": { "name": "do_a" }
-                    }]
-                }
-            }]
-        });
-
-        let delta_with_empty_name = json!({
-            "choices": [{
-                "delta": {
-                    "tool_calls": [{
-                        "id": "call_a",
-                        "function": { "name": "", "arguments": "{}" }
-                    }]
-                }
-            }]
-        });
-
-        let finish = json!({
-            "choices": [{
-                "finish_reason": "tool_calls"
-            }]
-        });
-
-        let body = build_body(&[delta_with_name, delta_with_empty_name, finish]);
-        let events = collect_events(&body).await;
-        assert_matches!(
-            &events[..],
-            [
-                ResponseEvent::OutputItemDone(ResponseItem::FunctionCall { name, arguments, .. }),
-                ResponseEvent::Completed { .. }
-            ] if name == "do_a" && arguments == "{}"
-        );
-    }
-
     #[tokio::test]
     async fn emits_tool_calls_even_when_content_and_reasoning_present() {
         let delta_content_and_tools = json!({

codex-rs/codex-api/tests/models_integration.rs

@@ -5,12 +5,11 @@ use codex_api::provider::RetryConfig;
 use codex_api::provider::WireApi;
 use codex_client::ReqwestTransport;
 use codex_protocol::openai_models::ClientVersion;
-use codex_protocol::openai_models::ConfigShellToolType;
 use codex_protocol::openai_models::ModelInfo;
 use codex_protocol::openai_models::ModelVisibility;
 use codex_protocol::openai_models::ModelsResponse;
-use codex_protocol::openai_models::ReasoningEffort;
-use codex_protocol::openai_models::ReasoningEffortPreset;
+use codex_protocol::openai_models::ReasoningLevel;
+use codex_protocol::openai_models::ShellType;
 use http::HeaderMap;
 use http::Method;
 use wiremock::Mock;
@@ -56,30 +55,18 @@ async fn models_client_hits_models_endpoint() {
             slug: "gpt-test".to_string(),
             display_name: "gpt-test".to_string(),
             description: Some("desc".to_string()),
-            default_reasoning_level: ReasoningEffort::Medium,
+            default_reasoning_level: ReasoningLevel::Medium,
             supported_reasoning_levels: vec![
-                ReasoningEffortPreset {
-                    effort: ReasoningEffort::Low,
-                    description: ReasoningEffort::Low.to_string(),
-                },
-                ReasoningEffortPreset {
-                    effort: ReasoningEffort::Medium,
-                    description: ReasoningEffort::Medium.to_string(),
-                },
-                ReasoningEffortPreset {
-                    effort: ReasoningEffort::High,
-                    description: ReasoningEffort::High.to_string(),
-                },
+                ReasoningLevel::Low,
+                ReasoningLevel::Medium,
+                ReasoningLevel::High,
             ],
-            shell_type: ConfigShellToolType::ShellCommand,
+            shell_type: ShellType::ShellCommand,
             visibility: ModelVisibility::List,
             minimal_client_version: ClientVersion(0, 1, 0),
             supported_in_api: true,
             priority: 1,
-            upgrade: None,
-            base_instructions: None,
         }],
-        etag: String::new(),
     };
 
     Mock::given(method("GET"))

codex-rs/core/Cargo.toml

@@ -1,8 +1,8 @@
 [package]
-edition.workspace = true
-license.workspace = true
 name = "codex-core"
 version.workspace = true
+edition.workspace = true
+license.workspace = true
 
 [lib]
 doctest = false
@@ -18,12 +18,12 @@ askama = { workspace = true }
 async-channel = { workspace = true }
 async-trait = { workspace = true }
 base64 = { workspace = true }
-chardetng = { workspace = true }
 chrono = { workspace = true, features = ["serde"] }
-codex-api = { workspace = true }
+chardetng = { workspace = true }
 codex-app-server-protocol = { workspace = true }
 codex-apply-patch = { workspace = true }
 codex-async-utils = { workspace = true }
+codex-api = { workspace = true }
 codex-execpolicy = { workspace = true }
 codex-file-search = { workspace = true }
 codex-git = { workspace = true }
@@ -31,15 +31,14 @@ codex-keyring-store = { workspace = true }
 codex-otel = { workspace = true, features = ["otel"] }
 codex-protocol = { workspace = true }
 codex-rmcp-client = { workspace = true }
-codex-utils-absolute-path = { workspace = true }
 codex-utils-pty = { workspace = true }
 codex-utils-readiness = { workspace = true }
 codex-utils-string = { workspace = true }
 codex-windows-sandbox = { package = "codex-windows-sandbox", path = "../windows-sandbox-rs" }
 dirs = { workspace = true }
 dunce = { workspace = true }
-encoding_rs = { workspace = true }
 env-flags = { workspace = true }
+encoding_rs = { workspace = true }
 eventsource-stream = { workspace = true }
 futures = { workspace = true }
 http = { workspace = true }
@@ -47,10 +46,8 @@ indexmap = { workspace = true }
 keyring = { workspace = true, features = ["crypto-rust"] }
 libc = { workspace = true }
 mcp-types = { workspace = true }
-once_cell = { workspace = true }
 os_info = { workspace = true }
 rand = { workspace = true }
-regex = { workspace = true }
 regex-lite = { workspace = true }
 reqwest = { workspace = true, features = ["json", "stream"] }
 serde = { workspace = true, features = ["derive"] }
@@ -61,6 +58,9 @@ sha2 = { workspace = true }
 shlex = { workspace = true }
 similar = { workspace = true }
 strum_macros = { workspace = true }
+url = { workspace = true }
+once_cell = { workspace = true }
+regex = { workspace = true }
 tempfile = { workspace = true }
 test-case = "3.3.1"
 test-log = { workspace = true }
@@ -84,20 +84,18 @@ toml_edit = { workspace = true }
 tracing = { workspace = true, features = ["log"] }
 tree-sitter = { workspace = true }
 tree-sitter-bash = { workspace = true }
-url = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v4", "v5"] }
 which = { workspace = true }
 wildmatch = { workspace = true }
 
 [features]
 deterministic_process_ids = []
-test-support = []
 
 
 [target.'cfg(target_os = "linux")'.dependencies]
-keyring = { workspace = true, features = ["linux-native-async-persistent"] }
 landlock = { workspace = true }
 seccompiler = { workspace = true }
+keyring = { workspace = true, features = ["linux-native-async-persistent"] }
 
 [target.'cfg(target_os = "macos")'.dependencies]
 core-foundation = "0.9"

codex-rs/core/src/auth.rs

@@ -32,9 +32,7 @@ use crate::token_data::TokenData;
 use crate::token_data::parse_id_token;
 use crate::util::try_parse_error_message;
 use codex_protocol::account::PlanType as AccountPlanType;
-use once_cell::sync::Lazy;
 use serde_json::Value;
-use tempfile::TempDir;
 use thiserror::Error;
 
 #[derive(Debug, Clone)]
@@ -64,8 +62,6 @@ const REFRESH_TOKEN_UNKNOWN_MESSAGE: &str =
 const REFRESH_TOKEN_URL: &str = "https://auth.openai.com/oauth/token";
 pub const REFRESH_TOKEN_URL_OVERRIDE_ENV_VAR: &str = "CODEX_REFRESH_TOKEN_URL_OVERRIDE";
 
-static TEST_AUTH_TEMP_DIRS: Lazy<Mutex<Vec<TempDir>>> = Lazy::new(|| Mutex::new(Vec::new()));
-
 #[derive(Debug, Error)]
 pub enum RefreshTokenError {
     #[error("{0}")]
@@ -231,6 +227,23 @@ impl CodexAuth {
             })
     }
 
+    /// Raw plan string from the ID token (including unknown/new plan types).
+    pub fn raw_plan_type(&self) -> Option<String> {
+        self.get_plan_type().map(|plan| match plan {
+            InternalPlanType::Known(k) => format!("{k:?}"),
+            InternalPlanType::Unknown(raw) => raw,
+        })
+    }
+
+    /// Raw internal plan value from the ID token.
+    /// Exposes the underlying `token_data::PlanType` without mapping it to the
+    /// public `AccountPlanType`. Use this when downstream code needs to inspect
+    /// internal/unknown plan strings exactly as issued in the token.
+    pub(crate) fn get_plan_type(&self) -> Option<InternalPlanType> {
+        self.get_current_token_data()
+            .and_then(|t| t.id_token.chatgpt_plan_type)
+    }
+
     fn get_current_auth_json(&self) -> Option<AuthDotJson> {
         #[expect(clippy::unwrap_used)]
         self.auth_dot_json.lock().unwrap().clone()
@@ -1028,6 +1041,10 @@ mod tests {
             .expect("auth available");
 
         pretty_assertions::assert_eq!(auth.account_plan_type(), Some(AccountPlanType::Pro));
+        pretty_assertions::assert_eq!(
+            auth.get_plan_type(),
+            Some(InternalPlanType::Known(InternalKnownPlan::Pro))
+        );
     }
 
     #[test]
@@ -1048,6 +1065,10 @@ mod tests {
             .expect("auth available");
 
         pretty_assertions::assert_eq!(auth.account_plan_type(), Some(AccountPlanType::Unknown));
+        pretty_assertions::assert_eq!(
+            auth.get_plan_type(),
+            Some(InternalPlanType::Unknown("mystery-tier".to_string()))
+        );
     }
 }
 
@@ -1092,19 +1113,11 @@ impl AuthManager {
         }
     }
 
-    #[cfg(any(test, feature = "test-support"))]
-    #[expect(clippy::expect_used)]
     /// Create an AuthManager with a specific CodexAuth, for testing only.
     pub fn from_auth_for_testing(auth: CodexAuth) -> Arc<Self> {
         let cached = CachedAuth { auth: Some(auth) };
-        let temp_dir = tempfile::tempdir().expect("temp codex home");
-        let codex_home = temp_dir.path().to_path_buf();
-        TEST_AUTH_TEMP_DIRS
-            .lock()
-            .expect("lock test codex homes")
-            .push(temp_dir);
         Arc::new(Self {
-            codex_home,
+            codex_home: PathBuf::new(),
             inner: RwLock::new(cached),
             enable_codex_api_key_env: false,
             auth_credentials_store_mode: AuthCredentialsStoreMode::File,
@@ -1116,10 +1129,6 @@ impl AuthManager {
         self.inner.read().ok().and_then(|c| c.auth.clone())
     }
 
-    pub fn codex_home(&self) -> &Path {
-        &self.codex_home
-    }
-
     /// Force a reload of the auth information from auth.json. Returns
     /// whether the auth value changed.
     pub fn reload(&self) -> bool {

codex-rs/core/src/client.rs

@@ -48,6 +48,7 @@ use crate::error::Result;
 use crate::flags::CODEX_RS_SSE_FIXTURE;
 use crate::model_provider_info::ModelProviderInfo;
 use crate::model_provider_info::WireApi;
+use crate::openai_model_info::get_model_info;
 use crate::openai_models::model_family::ModelFamily;
 use crate::tools::spec::create_tools_json_for_chat_completions_api;
 use crate::tools::spec::create_tools_json_for_responses_api;
@@ -94,11 +95,19 @@ impl ModelClient {
     pub fn get_model_context_window(&self) -> Option<i64> {
         let model_family = self.get_model_family();
         let effective_context_window_percent = model_family.effective_context_window_percent;
-        model_family
-            .context_window
+        self.config
+            .model_context_window
+            .or_else(|| get_model_info(&model_family).map(|info| info.context_window))
             .map(|w| w.saturating_mul(effective_context_window_percent) / 100)
     }
 
+    pub fn get_auto_compact_token_limit(&self) -> Option<i64> {
+        let model_family = self.get_model_family();
+        self.config.model_auto_compact_token_limit.or_else(|| {
+            get_model_info(&model_family).and_then(|info| info.auto_compact_token_limit)
+        })
+    }
+
     pub fn config(&self) -> Arc<Config> {
         Arc::clone(&self.config)
     }

codex-rs/core/src/codex.rs

@@ -11,10 +11,8 @@ use crate::compact;
 use crate::compact::run_inline_auto_compact_task;
 use crate::compact::should_use_remote_compact_task;
 use crate::compact_remote::run_inline_remote_auto_compact_task;
-use crate::exec_policy::load_exec_policy_for_features;
 use crate::features::Feature;
 use crate::features::Features;
-use crate::openai_models::model_family::ModelFamily;
 use crate::openai_models::models_manager::ModelsManager;
 use crate::parse_command::parse_command;
 use crate::parse_turn_item;
@@ -80,6 +78,7 @@ use crate::exec::StreamOutput;
 use crate::exec_policy::ExecPolicyUpdateError;
 use crate::mcp::auth::compute_auth_statuses;
 use crate::mcp_connection_manager::McpConnectionManager;
+use crate::openai_model_info::get_model_info;
 use crate::project_doc::get_user_instructions;
 use crate::protocol::AgentMessageContentDeltaEvent;
 use crate::protocol::AgentReasoningSectionBreakEvent;
@@ -109,7 +108,6 @@ use crate::rollout::RolloutRecorder;
 use crate::rollout::RolloutRecorderParams;
 use crate::rollout::map_session_init_error;
 use crate::shell;
-use crate::shell_snapshot::ShellSnapshot;
 use crate::state::ActiveTurn;
 use crate::state::SessionServices;
 use crate::state::SessionState;
@@ -176,10 +174,9 @@ impl Codex {
 
         let user_instructions = get_user_instructions(&config).await;
 
-        let exec_policy = load_exec_policy_for_features(&config.features, &config.codex_home)
+        let exec_policy = crate::exec_policy::exec_policy_for(&config.features, &config.codex_home)
             .await
             .map_err(|err| CodexErr::Fatal(format!("failed to load execpolicy: {err}")))?;
-        let exec_policy = Arc::new(RwLock::new(exec_policy));
 
         let config = Arc::new(config);
 
@@ -399,35 +396,35 @@ pub(crate) struct SessionSettingsUpdate {
 }
 
 impl Session {
-    fn build_per_turn_config(session_configuration: &SessionConfiguration) -> Config {
+    fn make_turn_context(
+        auth_manager: Option<Arc<AuthManager>>,
+        models_manager: Arc<ModelsManager>,
+        otel_event_manager: &OtelEventManager,
+        provider: ModelProviderInfo,
+        session_configuration: &SessionConfiguration,
+        conversation_id: ConversationId,
+        sub_id: String,
+    ) -> TurnContext {
         let config = session_configuration.original_config_do_not_use.clone();
+        let features = &config.features;
         let mut per_turn_config = (*config).clone();
         per_turn_config.model = session_configuration.model.clone();
         per_turn_config.model_reasoning_effort = session_configuration.model_reasoning_effort;
         per_turn_config.model_reasoning_summary = session_configuration.model_reasoning_summary;
-        per_turn_config.features = config.features.clone();
-        per_turn_config
-    }
+        per_turn_config.features = features.clone();
+        let model_family =
+            models_manager.construct_model_family(&per_turn_config.model, &per_turn_config);
+        if let Some(model_info) = get_model_info(&model_family) {
+            per_turn_config.model_context_window = Some(model_info.context_window);
+        }
 
-    #[allow(clippy::too_many_arguments)]
-    fn make_turn_context(
-        auth_manager: Option<Arc<AuthManager>>,
-        otel_event_manager: &OtelEventManager,
-        provider: ModelProviderInfo,
-        session_configuration: &SessionConfiguration,
-        per_turn_config: Config,
-        model_family: ModelFamily,
-        conversation_id: ConversationId,
-        sub_id: String,
-    ) -> TurnContext {
         let otel_event_manager = otel_event_manager.clone().with_model(
             session_configuration.model.as_str(),
-            model_family.slug.as_str(),
+            session_configuration.model.as_str(),
         );
 
-        let per_turn_config = Arc::new(per_turn_config);
         let client = ModelClient::new(
-            per_turn_config.clone(),
+            Arc::new(per_turn_config.clone()),
             auth_manager,
             model_family.clone(),
             otel_event_manager,
@@ -440,7 +437,7 @@ impl Session {
 
         let tools_config = ToolsConfig::new(&ToolsConfigParams {
             model_family: &model_family,
-            features: &per_turn_config.features,
+            features,
         });
 
         TurnContext {
@@ -453,14 +450,14 @@ impl Session {
             user_instructions: session_configuration.user_instructions.clone(),
             approval_policy: session_configuration.approval_policy,
             sandbox_policy: session_configuration.sandbox_policy.clone(),
-            shell_environment_policy: per_turn_config.shell_environment_policy.clone(),
+            shell_environment_policy: config.shell_environment_policy.clone(),
             tools_config,
             final_output_json_schema: None,
-            codex_linux_sandbox_exe: per_turn_config.codex_linux_sandbox_exe.clone(),
+            codex_linux_sandbox_exe: config.codex_linux_sandbox_exe.clone(),
             tool_call_gate: Arc::new(ReadinessFlag::new()),
             exec_policy: session_configuration.exec_policy.clone(),
             truncation_policy: TruncationPolicy::new(
-                per_turn_config.as_ref(),
+                &per_turn_config,
                 model_family.truncation_policy,
             ),
         }
@@ -511,6 +508,7 @@ impl Session {
         // - load history metadata
         let rollout_fut = RolloutRecorder::new(&config, rollout_params);
 
+        let default_shell = shell::default_user_shell();
         let history_meta_fut = crate::message_history::history_metadata(&config);
         let auth_statuses_fut = compute_auth_statuses(
             config.mcp_servers.iter(),
@@ -531,7 +529,7 @@ impl Session {
 
         for (alias, feature) in config.features.legacy_feature_usages() {
             let canonical = feature.key();
-            let summary = format!("`{alias}` is deprecated. Use `[features].{canonical}` instead.");
+            let summary = format!("`{alias}` is deprecated. Use `{canonical}` instead.");
             let details = if alias == canonical {
                 None
             } else {
@@ -545,9 +543,7 @@ impl Session {
             });
         }
 
-        let model_family = models_manager
-            .construct_model_family(&config.model, &config)
-            .await;
+        let model_family = models_manager.construct_model_family(&config.model, &config);
         // todo(aibrahim): why are we passing model here while it can change?
         let otel_event_manager = OtelEventManager::new(
             conversation_id,
@@ -572,14 +568,7 @@ impl Session {
             config.active_profile.clone(),
         );
 
-        let mut default_shell = shell::default_user_shell();
         // Create the mutable state for the Session.
-        if config.features.enabled(Feature::ShellSnapshot) {
-            default_shell.shell_snapshot =
-                ShellSnapshot::try_new(&config.codex_home, &default_shell)
-                    .await
-                    .map(Arc::new);
-        }
         let state = SessionState::new(session_configuration.clone());
 
         let services = SessionServices {
@@ -588,7 +577,7 @@ impl Session {
             unified_exec_manager: UnifiedExecSessionManager::default(),
             notifier: UserNotifier::new(config.notify.clone()),
             rollout: Mutex::new(Some(rollout_recorder)),
-            user_shell: Arc::new(default_shell),
+            user_shell: default_shell,
             show_raw_agent_reasoning: config.show_raw_agent_reasoning,
             auth_manager: Arc::clone(&auth_manager),
             otel_event_manager,
@@ -777,19 +766,12 @@ impl Session {
             session_configuration
         };
 
-        let per_turn_config = Self::build_per_turn_config(&session_configuration);
-        let model_family = self
-            .services
-            .models_manager
-            .construct_model_family(&per_turn_config.model, &per_turn_config)
-            .await;
         let mut turn_context: TurnContext = Self::make_turn_context(
             Some(Arc::clone(&self.services.auth_manager)),
+            Arc::clone(&self.services.models_manager),
             &self.services.otel_event_manager,
             session_configuration.provider.clone(),
             &session_configuration,
-            per_turn_config,
-            model_family,
             self.conversation_id,
             sub_id,
         );
@@ -806,16 +788,14 @@ impl Session {
     ) -> Option<ResponseItem> {
         let prev = previous?;
 
-        let shell = self.user_shell();
-        let prev_context = EnvironmentContext::from_turn_context(prev.as_ref(), shell.as_ref());
-        let next_context = EnvironmentContext::from_turn_context(next, shell.as_ref());
+        let prev_context = EnvironmentContext::from(prev.as_ref());
+        let next_context = EnvironmentContext::from(next);
         if prev_context.equals_except_shell(&next_context) {
             return None;
         }
         Some(ResponseItem::from(EnvironmentContext::diff(
             prev.as_ref(),
             next,
-            shell.as_ref(),
         )))
     }
 
@@ -1165,7 +1145,6 @@ impl Session {
 
     pub(crate) fn build_initial_context(&self, turn_context: &TurnContext) -> Vec<ResponseItem> {
         let mut items = Vec::<ResponseItem>::with_capacity(3);
-        let shell = self.user_shell();
         if let Some(developer_instructions) = turn_context.developer_instructions.as_deref() {
             items.push(DeveloperInstructions::new(developer_instructions.to_string()).into());
         }
@@ -1182,7 +1161,7 @@ impl Session {
             Some(turn_context.cwd.clone()),
             Some(turn_context.approval_policy),
             Some(turn_context.sandbox_policy.clone()),
-            shell.as_ref().clone(),
+            self.user_shell().clone(),
         )));
         items
     }
@@ -1457,8 +1436,8 @@ impl Session {
         &self.services.notifier
     }
 
-    pub(crate) fn user_shell(&self) -> Arc<shell::Shell> {
-        Arc::clone(&self.services.user_shell)
+    pub(crate) fn user_shell(&self) -> &shell::Shell {
+        &self.services.user_shell
     }
 
     fn show_raw_agent_reasoning(&self) -> bool {
@@ -1475,16 +1454,6 @@ async fn submission_loop(sess: Arc<Session>, config: Arc<Config>, rx_sub: Receiv
     let mut previous_context: Option<Arc<TurnContext>> =
         Some(sess.new_turn(SessionSettingsUpdate::default()).await);
 
-    if config.features.enabled(Feature::RemoteModels)
-        && let Err(err) = sess
-            .services
-            .models_manager
-            .refresh_available_models(&config.model_provider)
-            .await
-    {
-        error!("failed to refresh available models: {err}");
-    }
-
     // To break out of this loop, send Op::Shutdown.
     while let Ok(sub) = rx_sub.recv().await {
         debug!(?sub, "Submission");
@@ -1936,8 +1905,7 @@ async fn spawn_review_thread(
     let review_model_family = sess
         .services
         .models_manager
-        .construct_model_family(&model, &config)
-        .await;
+        .construct_model_family(&model, &config);
     // For reviews, disable web_search and view_image regardless of global settings.
     let mut review_features = sess.features.clone();
     review_features
@@ -1960,6 +1928,9 @@ async fn spawn_review_thread(
     per_turn_config.model_reasoning_effort = Some(ReasoningEffortConfig::Low);
     per_turn_config.model_reasoning_summary = ReasoningSummaryConfig::Detailed;
     per_turn_config.features = review_features.clone();
+    if let Some(model_info) = get_model_info(&model_family) {
+        per_turn_config.model_context_window = Some(model_info.context_window);
+    }
 
     let otel_event_manager = parent_turn_context
         .client
@@ -2099,8 +2070,7 @@ pub(crate) async fn run_task(
                 } = turn_output;
                 let limit = turn_context
                     .client
-                    .get_model_family()
-                    .auto_compact_token_limit()
+                    .get_auto_compact_token_limit()
                     .unwrap_or(i64::MAX);
                 let total_usage_tokens = sess.get_total_token_usage().await;
                 let token_limit_reached = total_usage_tokens >= limit;
@@ -2184,11 +2154,21 @@ async fn run_turn(
         .get_model_family()
         .supports_parallel_tool_calls;
 
+    // TODO(jif) revert once testing phase is done.
+    let parallel_tool_calls = model_supports_parallel && sess.enabled(Feature::ParallelToolCalls);
+    let mut base_instructions = turn_context.base_instructions.clone();
+    if parallel_tool_calls {
+        static INSTRUCTIONS: &str = include_str!("../templates/parallel/instructions.md");
+        let family = turn_context.client.get_model_family();
+        let mut new_instructions = base_instructions.unwrap_or(family.base_instructions);
+        new_instructions.push_str(INSTRUCTIONS);
+        base_instructions = Some(new_instructions);
+    }
     let prompt = Prompt {
         input,
         tools: router.specs(),
-        parallel_tool_calls: model_supports_parallel && sess.enabled(Feature::ParallelToolCalls),
-        base_instructions_override: turn_context.base_instructions.clone(),
+        parallel_tool_calls,
+        base_instructions_override: base_instructions,
         output_schema: turn_context.final_output_json_schema.clone(),
     };
 
@@ -2493,7 +2473,6 @@ pub(crate) use tests::make_session_and_context_with_rx;
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::CodexAuth;
     use crate::config::ConfigOverrides;
     use crate::config::ConfigToml;
     use crate::exec::ExecToolCallOutput;
@@ -2616,7 +2595,6 @@ mod tests {
                 unlimited: false,
                 balance: Some("10.00".to_string()),
             }),
-            plan_type: Some(codex_protocol::account::PlanType::Plus),
         };
         state.set_rate_limits(initial.clone());
 
@@ -2632,7 +2610,6 @@ mod tests {
                 resets_at: Some(1_900),
             }),
             credits: None,
-            plan_type: None,
         };
         state.set_rate_limits(update.clone());
 
@@ -2642,78 +2619,6 @@ mod tests {
                 primary: update.primary.clone(),
                 secondary: update.secondary,
                 credits: initial.credits,
-                plan_type: initial.plan_type,
-            })
-        );
-    }
-
-    #[test]
-    fn set_rate_limits_updates_plan_type_when_present() {
-        let codex_home = tempfile::tempdir().expect("create temp dir");
-        let config = Config::load_from_base_config_with_overrides(
-            ConfigToml::default(),
-            ConfigOverrides::default(),
-            codex_home.path().to_path_buf(),
-        )
-        .expect("load default test config");
-        let config = Arc::new(config);
-        let session_configuration = SessionConfiguration {
-            provider: config.model_provider.clone(),
-            model: config.model.clone(),
-            model_reasoning_effort: config.model_reasoning_effort,
-            model_reasoning_summary: config.model_reasoning_summary,
-            developer_instructions: config.developer_instructions.clone(),
-            user_instructions: config.user_instructions.clone(),
-            base_instructions: config.base_instructions.clone(),
-            compact_prompt: config.compact_prompt.clone(),
-            approval_policy: config.approval_policy,
-            sandbox_policy: config.sandbox_policy.clone(),
-            cwd: config.cwd.clone(),
-            original_config_do_not_use: Arc::clone(&config),
-            exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
-            session_source: SessionSource::Exec,
-        };
-
-        let mut state = SessionState::new(session_configuration);
-        let initial = RateLimitSnapshot {
-            primary: Some(RateLimitWindow {
-                used_percent: 15.0,
-                window_minutes: Some(20),
-                resets_at: Some(1_600),
-            }),
-            secondary: Some(RateLimitWindow {
-                used_percent: 5.0,
-                window_minutes: Some(45),
-                resets_at: Some(1_650),
-            }),
-            credits: Some(CreditsSnapshot {
-                has_credits: true,
-                unlimited: false,
-                balance: Some("15.00".to_string()),
-            }),
-            plan_type: Some(codex_protocol::account::PlanType::Plus),
-        };
-        state.set_rate_limits(initial.clone());
-
-        let update = RateLimitSnapshot {
-            primary: Some(RateLimitWindow {
-                used_percent: 35.0,
-                window_minutes: Some(25),
-                resets_at: Some(1_700),
-            }),
-            secondary: None,
-            credits: None,
-            plan_type: Some(codex_protocol::account::PlanType::Pro),
-        };
-        state.set_rate_limits(update.clone());
-
-        assert_eq!(
-            state.latest_rate_limits,
-            Some(RateLimitSnapshot {
-                primary: update.primary,
-                secondary: update.secondary,
-                credits: initial.credits,
-                plan_type: update.plan_type,
             })
         );
     }
@@ -2830,12 +2735,15 @@ mod tests {
     fn otel_event_manager(
         conversation_id: ConversationId,
         config: &Config,
-        model_family: &ModelFamily,
+        models_manager: &ModelsManager,
     ) -> OtelEventManager {
         OtelEventManager::new(
             conversation_id,
             config.model.as_str(),
-            model_family.slug.as_str(),
+            models_manager
+                .construct_model_family(&config.model, config)
+                .slug
+                .as_str(),
             None,
             Some("test@test.com".to_string()),
             Some(AuthMode::ChatGPT),
@@ -2855,9 +2763,15 @@ mod tests {
         .expect("load default test config");
         let config = Arc::new(config);
         let conversation_id = ConversationId::default();
-        let auth_manager =
-            AuthManager::from_auth_for_testing(CodexAuth::from_api_key("Test API Key"));
-        let models_manager = Arc::new(ModelsManager::new(auth_manager.clone()));
+        let auth_manager = AuthManager::shared(
+            config.cwd.clone(),
+            false,
+            config.cli_auth_credentials_store_mode,
+        );
+        let models_manager = Arc::new(ModelsManager::new(auth_manager.get_auth_mode()));
+        let otel_event_manager =
+            otel_event_manager(conversation_id, config.as_ref(), &models_manager);
+
         let session_configuration = SessionConfiguration {
             provider: config.model_provider.clone(),
             model: config.model.clone(),
@@ -2874,11 +2788,6 @@ mod tests {
             exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
             session_source: SessionSource::Exec,
         };
-        let per_turn_config = Session::build_per_turn_config(&session_configuration);
-        let model_family =
-            ModelsManager::construct_model_family_offline(&per_turn_config.model, &per_turn_config);
-        let otel_event_manager =
-            otel_event_manager(conversation_id, config.as_ref(), &model_family);
 
         let state = SessionState::new(session_configuration.clone());
 
@@ -2888,21 +2797,20 @@ mod tests {
             unified_exec_manager: UnifiedExecSessionManager::default(),
             notifier: UserNotifier::new(None),
             rollout: Mutex::new(None),
-            user_shell: Arc::new(default_user_shell()),
+            user_shell: default_user_shell(),
             show_raw_agent_reasoning: config.show_raw_agent_reasoning,
-            auth_manager: auth_manager.clone(),
+            auth_manager: Arc::clone(&auth_manager),
             otel_event_manager: otel_event_manager.clone(),
-            models_manager,
+            models_manager: models_manager.clone(),
             tool_approvals: Mutex::new(ApprovalStore::default()),
         };
 
         let turn_context = Session::make_turn_context(
             Some(Arc::clone(&auth_manager)),
+            models_manager,
             &otel_event_manager,
             session_configuration.provider.clone(),
             &session_configuration,
-            per_turn_config,
-            model_family,
             conversation_id,
             "turn_id".to_string(),
         );
@@ -2937,9 +2845,15 @@ mod tests {
         .expect("load default test config");
         let config = Arc::new(config);
         let conversation_id = ConversationId::default();
-        let auth_manager =
-            AuthManager::from_auth_for_testing(CodexAuth::from_api_key("Test API Key"));
-        let models_manager = Arc::new(ModelsManager::new(auth_manager.clone()));
+        let auth_manager = AuthManager::shared(
+            config.cwd.clone(),
+            false,
+            config.cli_auth_credentials_store_mode,
+        );
+        let models_manager = Arc::new(ModelsManager::new(auth_manager.get_auth_mode()));
+        let otel_event_manager =
+            otel_event_manager(conversation_id, config.as_ref(), &models_manager);
+
         let session_configuration = SessionConfiguration {
             provider: config.model_provider.clone(),
             model: config.model.clone(),
@@ -2956,11 +2870,6 @@ mod tests {
             exec_policy: Arc::new(RwLock::new(ExecPolicy::empty())),
             session_source: SessionSource::Exec,
         };
-        let per_turn_config = Session::build_per_turn_config(&session_configuration);
-        let model_family =
-            ModelsManager::construct_model_family_offline(&per_turn_config.model, &per_turn_config);
-        let otel_event_manager =
-            otel_event_manager(conversation_id, config.as_ref(), &model_family);
 
         let state = SessionState::new(session_configuration.clone());
 
@@ -2970,21 +2879,20 @@ mod tests {
             unified_exec_manager: UnifiedExecSessionManager::default(),
             notifier: UserNotifier::new(None),
             rollout: Mutex::new(None),
-            user_shell: Arc::new(default_user_shell()),
+            user_shell: default_user_shell(),
             show_raw_agent_reasoning: config.show_raw_agent_reasoning,
             auth_manager: Arc::clone(&auth_manager),
             otel_event_manager: otel_event_manager.clone(),
-            models_manager,
+            models_manager: models_manager.clone(),
             tool_approvals: Mutex::new(ApprovalStore::default()),
         };
 
         let turn_context = Arc::new(Session::make_turn_context(
             Some(Arc::clone(&auth_manager)),
+            models_manager,
             &otel_event_manager,
             session_configuration.provider.clone(),
             &session_configuration,
-            per_turn_config,
-            model_family,
             conversation_id,
             "turn_id".to_string(),
         ));

codex-rs/core/src/config/mod.rs

@@ -26,6 +26,8 @@ use crate::model_provider_info::LMSTUDIO_OSS_PROVIDER_ID;
 use crate::model_provider_info::ModelProviderInfo;
 use crate::model_provider_info::OLLAMA_OSS_PROVIDER_ID;
 use crate::model_provider_info::built_in_model_providers;
+use crate::openai_model_info::get_model_info;
+use crate::openai_models::model_family::find_family_for_model;
 use crate::project_doc::DEFAULT_PROJECT_DOC_FILENAME;
 use crate::project_doc::LOCAL_PROJECT_DOC_FILENAME;
 use crate::protocol::AskForApproval;
@@ -40,7 +42,6 @@ use codex_protocol::config_types::TrustLevel;
 use codex_protocol::config_types::Verbosity;
 use codex_protocol::openai_models::ReasoningEffort;
 use codex_rmcp_client::OAuthCredentialsStoreMode;
-use codex_utils_absolute_path::AbsolutePathBufGuard;
 use dirs::home_dir;
 use dunce::canonicalize;
 use serde::Deserialize;
@@ -300,9 +301,9 @@ impl Config {
         )
         .await?;
 
-        let cfg = deserialize_config_toml_with_base(root_value, &codex_home).map_err(|e| {
+        let cfg: ConfigToml = root_value.try_into().map_err(|e| {
             tracing::error!("Failed to deserialize overridden config: {e}");
-            e
+            std::io::Error::new(std::io::ErrorKind::InvalidData, e)
         })?;
 
         Self::load_from_base_config_with_overrides(cfg, overrides, codex_home)
@@ -320,9 +321,9 @@ pub async fn load_config_as_toml_with_cli_overrides(
     )
     .await?;
 
-    let cfg = deserialize_config_toml_with_base(root_value, codex_home).map_err(|e| {
+    let cfg: ConfigToml = root_value.try_into().map_err(|e| {
         tracing::error!("Failed to deserialize overridden config: {e}");
-        e
+        std::io::Error::new(std::io::ErrorKind::InvalidData, e)
     })?;
 
     Ok(cfg)
@@ -358,18 +359,6 @@ fn apply_overlays(
     base
 }
 
-fn deserialize_config_toml_with_base(
-    root_value: TomlValue,
-    config_base_dir: &Path,
-) -> std::io::Result<ConfigToml> {
-    // This guard ensures that any relative paths that is deserialized into an
-    // [AbsolutePathBuf] is resolved against `config_base_dir`.
-    let _guard = AbsolutePathBufGuard::new(config_base_dir);
-    root_value
-        .try_into()
-        .map_err(|e| std::io::Error::new(std::io::ErrorKind::InvalidData, e))
-}
-
 pub async fn load_global_mcp_servers(
     codex_home: &Path,
 ) -> std::io::Result<BTreeMap<String, McpServerConfig>> {
@@ -1117,12 +1106,23 @@ impl Config {
 
         let forced_login_method = cfg.forced_login_method;
 
-        // todo(aibrahim): make model optional
         let model = model
             .or(config_profile.model)
             .or(cfg.model)
             .unwrap_or_else(default_model);
 
+        let model_family = find_family_for_model(&model);
+
+        let openai_model_info = get_model_info(&model_family);
+        let model_context_window = cfg
+            .model_context_window
+            .or_else(|| openai_model_info.as_ref().map(|info| info.context_window));
+        let model_auto_compact_token_limit = cfg.model_auto_compact_token_limit.or_else(|| {
+            openai_model_info
+                .as_ref()
+                .and_then(|info| info.auto_compact_token_limit)
+        });
+
         let compact_prompt = compact_prompt.or(cfg.compact_prompt).and_then(|value| {
             let trimmed = value.trim();
             if trimmed.is_empty() {
@@ -1168,8 +1168,8 @@ impl Config {
         let config = Self {
             model,
             review_model,
-            model_context_window: cfg.model_context_window,
-            model_auto_compact_token_limit: cfg.model_auto_compact_token_limit,
+            model_context_window,
+            model_auto_compact_token_limit,
             model_provider_id,
             model_provider,
             cwd: resolved_cwd,
@@ -1865,11 +1865,10 @@ trust_level = "trusted"
         };
 
         let root_value = load_resolved_config(codex_home.path(), Vec::new(), overrides).await?;
-        let cfg =
-            deserialize_config_toml_with_base(root_value, codex_home.path()).map_err(|e| {
-                tracing::error!("Failed to deserialize overridden config: {e}");
-                e
-            })?;
+        let cfg: ConfigToml = root_value.try_into().map_err(|e| {
+            tracing::error!("Failed to deserialize overridden config: {e}");
+            std::io::Error::new(std::io::ErrorKind::InvalidData, e)
+        })?;
         assert_eq!(
             cfg.mcp_oauth_credentials_store,
             Some(OAuthCredentialsStoreMode::Keyring),
@@ -1986,11 +1985,10 @@ trust_level = "trusted"
         )
         .await?;
 
-        let cfg =
-            deserialize_config_toml_with_base(root_value, codex_home.path()).map_err(|e| {
-                tracing::error!("Failed to deserialize overridden config: {e}");
-                e
-            })?;
+        let cfg: ConfigToml = root_value.try_into().map_err(|e| {
+            tracing::error!("Failed to deserialize overridden config: {e}");
+            std::io::Error::new(std::io::ErrorKind::InvalidData, e)
+        })?;
 
         assert_eq!(cfg.model.as_deref(), Some("managed_config"));
         Ok(())
@@ -2952,8 +2950,8 @@ model_verbosity = "high"
             Config {
                 model: "o3".to_string(),
                 review_model: OPENAI_DEFAULT_REVIEW_MODEL.to_string(),
-                model_context_window: None,
-                model_auto_compact_token_limit: None,
+                model_context_window: Some(200_000),
+                model_auto_compact_token_limit: Some(180_000),
                 model_provider_id: "openai".to_string(),
                 model_provider: fixture.openai_provider.clone(),
                 approval_policy: AskForApproval::Never,
@@ -3027,8 +3025,8 @@ model_verbosity = "high"
         let expected_gpt3_profile_config = Config {
             model: "gpt-3.5-turbo".to_string(),
             review_model: OPENAI_DEFAULT_REVIEW_MODEL.to_string(),
-            model_context_window: None,
-            model_auto_compact_token_limit: None,
+            model_context_window: Some(16_385),
+            model_auto_compact_token_limit: Some(14_746),
             model_provider_id: "openai-chat-completions".to_string(),
             model_provider: fixture.openai_chat_completions_provider.clone(),
             approval_policy: AskForApproval::UnlessTrusted,
@@ -3117,8 +3115,8 @@ model_verbosity = "high"
         let expected_zdr_profile_config = Config {
             model: "o3".to_string(),
             review_model: OPENAI_DEFAULT_REVIEW_MODEL.to_string(),
-            model_context_window: None,
-            model_auto_compact_token_limit: None,
+            model_context_window: Some(200_000),
+            model_auto_compact_token_limit: Some(180_000),
             model_provider_id: "openai".to_string(),
             model_provider: fixture.openai_provider.clone(),
             approval_policy: AskForApproval::OnFailure,
@@ -3193,8 +3191,8 @@ model_verbosity = "high"
         let expected_gpt5_profile_config = Config {
             model: "gpt-5.1".to_string(),
             review_model: OPENAI_DEFAULT_REVIEW_MODEL.to_string(),
-            model_context_window: None,
-            model_auto_compact_token_limit: None,
+            model_context_window: Some(272_000),
+            model_auto_compact_token_limit: Some(244_800),
             model_provider_id: "openai".to_string(),
             model_provider: fixture.openai_provider.clone(),
             approval_policy: AskForApproval::OnFailure,

codex-rs/core/src/config/types.rs

@@ -3,14 +3,13 @@
 // Note this file should generally be restricted to simple struct/enum
 // definitions that do not contain business logic.
 
-use codex_utils_absolute_path::AbsolutePathBuf;
+use serde::Deserializer;
 use std::collections::HashMap;
 use std::path::PathBuf;
 use std::time::Duration;
 use wildmatch::WildMatchPattern;
 
 use serde::Deserialize;
-use serde::Deserializer;
 use serde::Serialize;
 use serde::de::Error as SerdeError;
 
@@ -286,9 +285,9 @@ pub enum OtelHttpProtocol {
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 #[serde(rename_all = "kebab-case")]
 pub struct OtelTlsConfig {
-    pub ca_certificate: Option<AbsolutePathBuf>,
-    pub client_certificate: Option<AbsolutePathBuf>,
-    pub client_private_key: Option<AbsolutePathBuf>,
+    pub ca_certificate: Option<PathBuf>,
+    pub client_certificate: Option<PathBuf>,
+    pub client_private_key: Option<PathBuf>,
 }
 
 /// Which OTEL exporter to use.

codex-rs/core/src/context_manager/history.rs

@@ -87,7 +87,6 @@ impl ContextManager {
 
         let items_tokens = self.items.iter().fold(0i64, |acc, item| {
             acc + match item {
-                ResponseItem::GhostSnapshot { .. } => 0,
                 ResponseItem::Reasoning {
                     encrypted_content: Some(content),
                     ..

codex-rs/core/src/conversation_manager.rs

@@ -47,11 +47,10 @@ impl ConversationManager {
             conversations: Arc::new(RwLock::new(HashMap::new())),
             auth_manager: auth_manager.clone(),
             session_source,
-            models_manager: Arc::new(ModelsManager::new(auth_manager)),
+            models_manager: Arc::new(ModelsManager::new(auth_manager.get_auth_mode())),
         }
     }
 
-    #[cfg(any(test, feature = "test-support"))]
     /// Construct with a dummy AuthManager containing the provided CodexAuth.
     /// Used for integration tests: should not be used by ordinary business logic.
     pub fn with_auth(auth: CodexAuth) -> Self {
@@ -214,7 +213,7 @@ impl ConversationManager {
     }
 
     pub async fn list_models(&self) -> Vec<ModelPreset> {
-        self.models_manager.list_models().await
+        self.models_manager.available_models.read().await.clone()
     }
 
     pub fn get_models_manager(&self) -> Arc<ModelsManager> {

codex-rs/core/src/environment_context.rs

@@ -6,6 +6,7 @@ use crate::codex::TurnContext;
 use crate::protocol::AskForApproval;
 use crate::protocol::SandboxPolicy;
 use crate::shell::Shell;
+use crate::shell::default_user_shell;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::ResponseItem;
@@ -94,7 +95,7 @@ impl EnvironmentContext {
             && self.writable_roots == *writable_roots
     }
 
-    pub fn diff(before: &TurnContext, after: &TurnContext, shell: &Shell) -> Self {
+    pub fn diff(before: &TurnContext, after: &TurnContext) -> Self {
         let cwd = if before.cwd != after.cwd {
             Some(after.cwd.clone())
         } else {
@@ -110,15 +111,18 @@ impl EnvironmentContext {
         } else {
             None
         };
-        EnvironmentContext::new(cwd, approval_policy, sandbox_policy, shell.clone())
+        EnvironmentContext::new(cwd, approval_policy, sandbox_policy, default_user_shell())
     }
+}
 
-    pub fn from_turn_context(turn_context: &TurnContext, shell: &Shell) -> Self {
+impl From<&TurnContext> for EnvironmentContext {
+    fn from(turn_context: &TurnContext) -> Self {
         Self::new(
             Some(turn_context.cwd.clone()),
             Some(turn_context.approval_policy),
             Some(turn_context.sandbox_policy.clone()),
-            shell.clone(),
+            // Shell is not configurable from turn to turn
+            default_user_shell(),
         )
     }
 }
@@ -197,7 +201,6 @@ mod tests {
         Shell {
             shell_type: ShellType::Bash,
             shell_path: PathBuf::from("/bin/bash"),
-            shell_snapshot: None,
         }
     }
 
@@ -335,7 +338,6 @@ mod tests {
             Shell {
                 shell_type: ShellType::Bash,
                 shell_path: "/bin/bash".into(),
-                shell_snapshot: None,
             },
         );
         let context2 = EnvironmentContext::new(
@@ -345,7 +347,6 @@ mod tests {
             Shell {
                 shell_type: ShellType::Zsh,
                 shell_path: "/bin/zsh".into(),
-                shell_snapshot: None,
             },
         );
 

codex-rs/core/src/error.rs

@@ -560,7 +560,6 @@ mod tests {
                 resets_at: Some(secondary_reset_at),
             }),
             credits: None,
-            plan_type: None,
         }
     }
 

codex-rs/core/src/exec_policy.rs

@@ -34,13 +34,6 @@ const POLICY_DIR_NAME: &str = "policy";
 const POLICY_EXTENSION: &str = "codexpolicy";
 const DEFAULT_POLICY_FILE: &str = "default.codexpolicy";
 
-fn is_policy_match(rule_match: &RuleMatch) -> bool {
-    match rule_match {
-        RuleMatch::PrefixRuleMatch { .. } => true,
-        RuleMatch::HeuristicsRuleMatch { .. } => false,
-    }
-}
-
 #[derive(Debug, Error)]
 pub enum ExecPolicyError {
     #[error("failed to read execpolicy files from {dir}: {source}")]
@@ -80,18 +73,14 @@ pub enum ExecPolicyUpdateError {
     FeatureDisabled,
 }
 
-pub(crate) async fn load_exec_policy_for_features(
+pub(crate) async fn exec_policy_for(
     features: &Features,
     codex_home: &Path,
-) -> Result<Policy, ExecPolicyError> {
+) -> Result<Arc<RwLock<Policy>>, ExecPolicyError> {
     if !features.enabled(Feature::ExecPolicy) {
-        Ok(Policy::empty())
-    } else {
-        load_exec_policy(codex_home).await
+        return Ok(Arc::new(RwLock::new(Policy::empty())));
     }
-}
 
-pub async fn load_exec_policy(codex_home: &Path) -> Result<Policy, ExecPolicyError> {
     let policy_dir = codex_home.join(POLICY_DIR_NAME);
     let policy_paths = collect_policy_files(&policy_dir).await?;
 
@@ -113,7 +102,7 @@ pub async fn load_exec_policy(codex_home: &Path) -> Result<Policy, ExecPolicyErr
             })?;
     }
 
-    let policy = parser.build();
+    let policy = Arc::new(RwLock::new(parser.build()));
     tracing::debug!(
         "loaded execpolicy from {} files in {}",
         policy_paths.len(),
@@ -154,62 +143,49 @@ pub(crate) async fn append_execpolicy_amendment_and_update(
     Ok(())
 }
 
-/// Derive a proposed execpolicy amendment when a command requires user approval
-/// - If any execpolicy rule prompts, return None, because an amendment would not skip that policy requirement.
-/// - Otherwise return the first heuristics Prompt.
-/// - Examples:
+/// Returns a proposed execpolicy amendment only when heuristics caused
+/// the prompt decision, so we can offer to apply that amendment for future runs.
+///
+/// The amendment uses the first command heuristics marked as `Prompt`. If any explicit
+/// execpolicy rule also prompts, we return `None` because applying the amendment would not
+/// skip that policy requirement.
+///
+/// Examples:
 /// - execpolicy: empty. Command: `["python"]`. Heuristics prompt -> `Some(vec!["python"])`.
 /// - execpolicy: empty. Command: `["bash", "-c", "cd /some/folder && prog1 --option1 arg1 && prog2 --option2 arg2"]`.
 ///   Parsed commands include `cd /some/folder`, `prog1 --option1 arg1`, and `prog2 --option2 arg2`. If heuristics allow `cd` but prompt
 ///   on `prog1`, we return `Some(vec!["prog1", "--option1", "arg1"])`.
 /// - execpolicy: contains a `prompt for prefix ["prog2"]` rule. For the same command as above,
 ///   we return `None` because an execpolicy prompt still applies even if we amend execpolicy to allow ["prog1", "--option1", "arg1"].
-fn try_derive_execpolicy_amendment_for_prompt_rules(
-    matched_rules: &[RuleMatch],
-) -> Option<ExecPolicyAmendment> {
-    if matched_rules
-        .iter()
-        .any(|rule_match| is_policy_match(rule_match) && rule_match.decision() == Decision::Prompt)
-    {
+fn proposed_execpolicy_amendment(evaluation: &Evaluation) -> Option<ExecPolicyAmendment> {
+    if evaluation.decision != Decision::Prompt {
         return None;
     }
 
-    matched_rules
-        .iter()
-        .find_map(|rule_match| match rule_match {
-            RuleMatch::HeuristicsRuleMatch {
-                command,
-                decision: Decision::Prompt,
-            } => Some(ExecPolicyAmendment::from(command.clone())),
-            _ => None,
-        })
-}
-
-/// - Note: we only use this amendment when the command fails to run in sandbox and codex prompts the user to run outside the sandbox
-/// - The purpose of this amendment is to bypass sandbox for similar commands in the future
-/// - If any execpolicy rule matches, return None, because we would already be running command outside the sandbox
-fn try_derive_execpolicy_amendment_for_allow_rules(
-    matched_rules: &[RuleMatch],
-) -> Option<ExecPolicyAmendment> {
-    if matched_rules.iter().any(is_policy_match) {
-        return None;
+    let mut first_prompt_from_heuristics: Option<Vec<String>> = None;
+    for rule_match in &evaluation.matched_rules {
+        match rule_match {
+            RuleMatch::HeuristicsRuleMatch { command, decision } => {
+                if *decision == Decision::Prompt && first_prompt_from_heuristics.is_none() {
+                    first_prompt_from_heuristics = Some(command.clone());
+                }
+            }
+            _ if rule_match.decision() == Decision::Prompt => {
+                return None;
+            }
+            _ => {}
+        }
     }
 
-    matched_rules
-        .iter()
-        .find_map(|rule_match| match rule_match {
-            RuleMatch::HeuristicsRuleMatch {
-                command,
-                decision: Decision::Allow,
-            } => Some(ExecPolicyAmendment::from(command.clone())),
-            _ => None,
-        })
+    first_prompt_from_heuristics.map(ExecPolicyAmendment::from)
 }
 
 /// Only return PROMPT_REASON when an execpolicy rule drove the prompt decision.
 fn derive_prompt_reason(evaluation: &Evaluation) -> Option<String> {
     evaluation.matched_rules.iter().find_map(|rule_match| {
-        if is_policy_match(rule_match) && rule_match.decision() == Decision::Prompt {
+        if !matches!(rule_match, RuleMatch::HeuristicsRuleMatch { .. })
+            && rule_match.decision() == Decision::Prompt
+        {
             Some(PROMPT_REASON.to_string())
         } else {
             None
@@ -235,6 +211,10 @@ pub(crate) async fn create_exec_approval_requirement_for_command(
     };
     let policy = exec_policy.read().await;
     let evaluation = policy.check_multiple(commands.iter(), &heuristics_fallback);
+    let has_policy_allow = evaluation.matched_rules.iter().any(|rule_match| {
+        !matches!(rule_match, RuleMatch::HeuristicsRuleMatch { .. })
+            && rule_match.decision() == Decision::Allow
+    });
 
     match evaluation.decision {
         Decision::Forbidden => ExecApprovalRequirement::Forbidden {
@@ -249,7 +229,7 @@ pub(crate) async fn create_exec_approval_requirement_for_command(
                 ExecApprovalRequirement::NeedsApproval {
                     reason: derive_prompt_reason(&evaluation),
                     proposed_execpolicy_amendment: if features.enabled(Feature::ExecPolicy) {
-                        try_derive_execpolicy_amendment_for_prompt_rules(&evaluation.matched_rules)
+                        proposed_execpolicy_amendment(&evaluation)
                     } else {
                         None
                     },
@@ -257,15 +237,7 @@ pub(crate) async fn create_exec_approval_requirement_for_command(
             }
         }
         Decision::Allow => ExecApprovalRequirement::Skip {
-            // Bypass sandbox if execpolicy allows the command
-            bypass_sandbox: evaluation.matched_rules.iter().any(|rule_match| {
-                is_policy_match(rule_match) && rule_match.decision() == Decision::Allow
-            }),
-            proposed_execpolicy_amendment: if features.enabled(Feature::ExecPolicy) {
-                try_derive_execpolicy_amendment_for_allow_rules(&evaluation.matched_rules)
-            } else {
-                None
-            },
+            bypass_sandbox: has_policy_allow,
         },
     }
 }
@@ -334,7 +306,7 @@ mod tests {
         features.disable(Feature::ExecPolicy);
         let temp_dir = tempdir().expect("create temp dir");
 
-        let policy = load_exec_policy_for_features(&features, temp_dir.path())
+        let policy = exec_policy_for(&features, temp_dir.path())
             .await
             .expect("policy result");
 
@@ -347,7 +319,10 @@ mod tests {
                     decision: Decision::Allow
                 }],
             },
-            policy.check_multiple(commands.iter(), &|_| Decision::Allow)
+            policy
+                .read()
+                .await
+                .check_multiple(commands.iter(), &|_| Decision::Allow)
         );
         assert!(!temp_dir.path().join(POLICY_DIR_NAME).exists());
     }
@@ -375,7 +350,7 @@ mod tests {
         )
         .expect("write policy file");
 
-        let policy = load_exec_policy(temp_dir.path())
+        let policy = exec_policy_for(&Features::with_defaults(), temp_dir.path())
             .await
             .expect("policy result");
         let command = [vec!["rm".to_string()]];
@@ -387,7 +362,10 @@ mod tests {
                     decision: Decision::Forbidden
                 }],
             },
-            policy.check_multiple(command.iter(), &|_| Decision::Allow)
+            policy
+                .read()
+                .await
+                .check_multiple(command.iter(), &|_| Decision::Allow)
         );
     }
 
@@ -400,7 +378,7 @@ mod tests {
         )
         .expect("write policy file");
 
-        let policy = load_exec_policy(temp_dir.path())
+        let policy = exec_policy_for(&Features::with_defaults(), temp_dir.path())
             .await
             .expect("policy result");
         let command = [vec!["ls".to_string()]];
@@ -412,7 +390,10 @@ mod tests {
                     decision: Decision::Allow
                 }],
             },
-            policy.check_multiple(command.iter(), &|_| Decision::Allow)
+            policy
+                .read()
+                .await
+                .check_multiple(command.iter(), &|_| Decision::Allow)
         );
     }
 
@@ -754,56 +735,4 @@ prefix_rule(pattern=["rm"], decision="forbidden")
             }
         );
     }
-
-    #[tokio::test]
-    async fn proposed_execpolicy_amendment_is_present_when_heuristics_allow() {
-        let command = vec!["echo".to_string(), "safe".to_string()];
-
-        let requirement = create_exec_approval_requirement_for_command(
-            &Arc::new(RwLock::new(Policy::empty())),
-            &Features::with_defaults(),
-            &command,
-            AskForApproval::OnRequest,
-            &SandboxPolicy::ReadOnly,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
-
-        assert_eq!(
-            requirement,
-            ExecApprovalRequirement::Skip {
-                bypass_sandbox: false,
-                proposed_execpolicy_amendment: Some(ExecPolicyAmendment::new(command)),
-            }
-        );
-    }
-
-    #[tokio::test]
-    async fn proposed_execpolicy_amendment_is_suppressed_when_policy_matches_allow() {
-        let policy_src = r#"prefix_rule(pattern=["echo"], decision="allow")"#;
-        let mut parser = PolicyParser::new();
-        parser
-            .parse("test.codexpolicy", policy_src)
-            .expect("parse policy");
-        let policy = Arc::new(RwLock::new(parser.build()));
-        let command = vec!["echo".to_string(), "safe".to_string()];
-
-        let requirement = create_exec_approval_requirement_for_command(
-            &policy,
-            &Features::with_defaults(),
-            &command,
-            AskForApproval::OnRequest,
-            &SandboxPolicy::ReadOnly,
-            SandboxPermissions::UseDefault,
-        )
-        .await;
-
-        assert_eq!(
-            requirement,
-            ExecApprovalRequirement::Skip {
-                bypass_sandbox: true,
-                proposed_execpolicy_amendment: None,
-            }
-        );
-    }
 }

codex-rs/core/src/features.rs

@@ -54,16 +54,10 @@ pub enum Feature {
     WindowsSandbox,
     /// Remote compaction enabled (only for ChatGPT auth)
     RemoteCompaction,
-    /// Refresh remote models and emit AppReady once the list is available.
-    RemoteModels,
     /// Allow model to call multiple tools in parallel (only for models supporting it).
     ParallelToolCalls,
     /// Experimental skills injection (CLI flag-driven).
     Skills,
-    /// Experimental shell snapshotting.
-    ShellSnapshot,
-    /// Experimental TUI v2 (viewport) implementation.
-    Tui2,
 }
 
 impl Feature {
@@ -272,12 +266,6 @@ pub const FEATURES: &[FeatureSpec] = &[
         stage: Stage::Stable,
         default_enabled: true,
     },
-    FeatureSpec {
-        id: Feature::ParallelToolCalls,
-        key: "parallel",
-        stage: Stage::Stable,
-        default_enabled: true,
-    },
     FeatureSpec {
         id: Feature::ViewImageTool,
         key: "view_image_tool",
@@ -345,12 +333,6 @@ pub const FEATURES: &[FeatureSpec] = &[
         stage: Stage::Experimental,
         default_enabled: true,
     },
-    FeatureSpec {
-        id: Feature::RemoteModels,
-        key: "remote_models",
-        stage: Stage::Experimental,
-        default_enabled: false,
-    },
     FeatureSpec {
         id: Feature::ParallelToolCalls,
         key: "parallel",
@@ -363,16 +345,4 @@ pub const FEATURES: &[FeatureSpec] = &[
         stage: Stage::Experimental,
         default_enabled: false,
     },
-    FeatureSpec {
-        id: Feature::ShellSnapshot,
-        key: "shell_snapshot",
-        stage: Stage::Experimental,
-        default_enabled: false,
-    },
-    FeatureSpec {
-        id: Feature::Tui2,
-        key: "tui2",
-        stage: Stage::Experimental,
-        default_enabled: false,
-    },
 ];

codex-rs/core/src/lib.rs

@@ -67,12 +67,12 @@ pub use conversation_manager::NewConversation;
 pub use auth::AuthManager;
 pub use auth::CodexAuth;
 pub mod default_client;
+mod openai_model_info;
 pub mod project_doc;
 mod rollout;
 pub(crate) mod safety;
 pub mod seatbelt;
 pub mod shell;
-pub mod shell_snapshot;
 pub mod skills;
 pub mod spawn;
 pub mod terminal;
@@ -97,10 +97,7 @@ mod user_shell_command;
 pub mod util;
 
 pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
-pub use command_safety::is_dangerous_command;
 pub use command_safety::is_safe_command;
-pub use exec_policy::ExecPolicyError;
-pub use exec_policy::load_exec_policy;
 pub use safety::get_platform_sandbox;
 pub use safety::set_windows_sandbox_enabled;
 // Re-export the protocol types from the standalone `codex-protocol` crate so existing

codex-rs/core/src/openai_model_info.rs

@@ -0,0 +1,83 @@
+use crate::openai_models::model_family::ModelFamily;
+
+// Shared constants for commonly used window/token sizes.
+pub(crate) const CONTEXT_WINDOW_272K: i64 = 272_000;
+
+/// Metadata about a model, particularly OpenAI models.
+/// We may want to consider including details like the pricing for
+/// input tokens, output tokens, etc., though users will need to be able to
+/// override this in config.toml, as this information can get out of date.
+/// Though this would help present more accurate pricing information in the UI.
+#[derive(Debug)]
+pub(crate) struct ModelInfo {
+    /// Size of the context window in tokens. This is the maximum size of the input context.
+    pub(crate) context_window: i64,
+
+    /// Token threshold where we should automatically compact conversation history. This considers
+    /// input tokens + output tokens of this turn.
+    pub(crate) auto_compact_token_limit: Option<i64>,
+}
+
+impl ModelInfo {
+    const fn new(context_window: i64) -> Self {
+        Self {
+            context_window,
+            auto_compact_token_limit: Some(Self::default_auto_compact_limit(context_window)),
+        }
+    }
+
+    const fn default_auto_compact_limit(context_window: i64) -> i64 {
+        (context_window * 9) / 10
+    }
+}
+
+pub(crate) fn get_model_info(model_family: &ModelFamily) -> Option<ModelInfo> {
+    let slug = model_family.slug.as_str();
+    match slug {
+        // OSS models have a 128k shared token pool.
+        // Arbitrarily splitting it: 3/4 input context, 1/4 output.
+        // https://openai.com/index/gpt-oss-model-card/
+        "gpt-oss-20b" => Some(ModelInfo::new(96_000)),
+        "gpt-oss-120b" => Some(ModelInfo::new(96_000)),
+        // https://platform.openai.com/docs/models/o3
+        "o3" => Some(ModelInfo::new(200_000)),
+
+        // https://platform.openai.com/docs/models/o4-mini
+        "o4-mini" => Some(ModelInfo::new(200_000)),
+
+        // https://platform.openai.com/docs/models/codex-mini-latest
+        "codex-mini-latest" => Some(ModelInfo::new(200_000)),
+
+        // As of Jun 25, 2025, gpt-4.1 defaults to gpt-4.1-2025-04-14.
+        // https://platform.openai.com/docs/models/gpt-4.1
+        "gpt-4.1" | "gpt-4.1-2025-04-14" => Some(ModelInfo::new(1_047_576)),
+
+        // As of Jun 25, 2025, gpt-4o defaults to gpt-4o-2024-08-06.
+        // https://platform.openai.com/docs/models/gpt-4o
+        "gpt-4o" | "gpt-4o-2024-08-06" => Some(ModelInfo::new(128_000)),
+
+        // https://platform.openai.com/docs/models/gpt-4o?snapshot=gpt-4o-2024-05-13
+        "gpt-4o-2024-05-13" => Some(ModelInfo::new(128_000)),
+
+        // https://platform.openai.com/docs/models/gpt-4o?snapshot=gpt-4o-2024-11-20
+        "gpt-4o-2024-11-20" => Some(ModelInfo::new(128_000)),
+
+        // https://platform.openai.com/docs/models/gpt-3.5-turbo
+        "gpt-3.5-turbo" => Some(ModelInfo::new(16_385)),
+
+        _ if slug.starts_with("gpt-5-codex")
+            || slug.starts_with("gpt-5.1-codex")
+            || slug.starts_with("gpt-5.1-codex-max") =>
+        {
+            Some(ModelInfo::new(CONTEXT_WINDOW_272K))
+        }
+
+        _ if slug.starts_with("gpt-5") => Some(ModelInfo::new(CONTEXT_WINDOW_272K)),
+
+        _ if slug.starts_with("codex-") => Some(ModelInfo::new(CONTEXT_WINDOW_272K)),
+
+        _ if slug.starts_with("exp-") => Some(ModelInfo::new(CONTEXT_WINDOW_272K)),
+
+        _ => None,
+    }
+}