Merge branch 'main' into patch-guard

.github/workflows/rust-ci.yml

@@ -9,7 +9,7 @@ on:
 # CI builds in debug (dev) for faster signal.
 
 jobs:
-  # --- Detect what changed to detect which tests to run (always runs) -------------------------------------
+  # --- Detect what changed (always runs) -------------------------------------
   changed:
     name: Detect changed areas
     runs-on: ubuntu-24.04
@@ -84,8 +84,8 @@ jobs:
         run: cargo shear
 
   # --- CI to validate on different os/targets --------------------------------
-  lint_build:
-    name: Lint/Build — ${{ matrix.runner }} - ${{ matrix.target }}${{ matrix.profile == 'release' && ' (release)' || '' }}
+  lint_build_test:
+    name: ${{ matrix.runner }} - ${{ matrix.target }}${{ matrix.profile == 'release' && ' (release)' || '' }}
     runs-on: ${{ matrix.runner }}
     timeout-minutes: 30
     needs: changed
@@ -94,11 +94,6 @@ jobs:
     defaults:
       run:
         working-directory: codex-rs
-    env:
-      # Speed up repeated builds across CI runs by caching compiled objects.
-      RUSTC_WRAPPER: sccache
-      CARGO_INCREMENTAL: "0"
-      SCCACHE_CACHE_SIZE: 10G
 
     strategy:
       fail-fast: false
@@ -164,83 +159,20 @@ jobs:
             ~/.cargo/registry/index/
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}
-          restore-keys: |
-            cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-
+          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}
 
-      # Install and restore sccache cache
-      - name: Install sccache
-        uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
-        with:
-          tool: sccache
-          version: 0.7.5
-
-      - name: Configure sccache backend
-        shell: bash
-        run: |
-          set -euo pipefail
-          if [[ -n "${ACTIONS_CACHE_URL:-}" && -n "${ACTIONS_RUNTIME_TOKEN:-}" ]]; then
-            echo "SCCACHE_GHA_ENABLED=true" >> "$GITHUB_ENV"
-            echo "Using sccache GitHub backend"
-          else
-            echo "SCCACHE_GHA_ENABLED=false" >> "$GITHUB_ENV"
-            echo "SCCACHE_DIR=${{ github.workspace }}/.sccache" >> "$GITHUB_ENV"
-            echo "Using sccache local disk + actions/cache fallback"
-          fi
-
-      - name: Restore sccache cache (fallback)
-        if: ${{ env.SCCACHE_GHA_ENABLED != 'true' }}
-        id: cache_sccache_restore
+      - name: Restore target cache (except gnu-dev)
+        id: cache_target_restore
+        if: ${{ !(matrix.target == 'x86_64-unknown-linux-gnu' && matrix.profile != 'release') }}
         uses: actions/cache/restore@v4
         with:
-          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}
-          restore-keys: |
-            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-
-            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-
-
-      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
-        name: Prepare APT cache directories (musl)
-        shell: bash
-        run: |
-          set -euo pipefail
-          sudo mkdir -p /var/cache/apt/archives /var/lib/apt/lists
-          sudo chown -R "$USER:$USER" /var/cache/apt /var/lib/apt/lists
-
-      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
-        name: Restore APT cache (musl)
-        id: cache_apt_restore
-        uses: actions/cache/restore@v4
-        with:
-          path: |
-            /var/cache/apt
-          key: apt-${{ matrix.runner }}-${{ matrix.target }}-v1
+          path: ${{ github.workspace }}/codex-rs/target/
+          key: cargo-target-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
-        env:
-          DEBIAN_FRONTEND: noninteractive
-        shell: bash
         run: |
-          set -euo pipefail
-          sudo apt-get -y update -o Acquire::Retries=3
-          sudo apt-get -y install --no-install-recommends musl-tools pkg-config
-
-      - name: Install cargo-chef
-        if: ${{ matrix.profile == 'release' }}
-        uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
-        with:
-          tool: cargo-chef
-          version: 0.1.71
-
-      - name: Pre-warm dependency cache (cargo-chef)
-        if: ${{ matrix.profile == 'release' }}
-        shell: bash
-        run: |
-          set -euo pipefail
-          RECIPE="${RUNNER_TEMP}/chef-recipe.json"
-          cargo chef prepare --recipe-path "$RECIPE"
-          cargo chef cook --recipe-path "$RECIPE" --target ${{ matrix.target }} --release --all-features
+          sudo apt install -y musl-tools pkg-config && sudo rm -rf /var/lib/apt/lists/*
 
       - name: cargo clippy
         id: clippy
@@ -259,6 +191,20 @@ jobs:
           find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
             | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo check --profile ${{ matrix.profile }}'
 
+      - uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
+        with:
+          tool: nextest
+          version: 0.9.103
+
+      - name: tests
+        id: test
+        # Tests take too long for release builds to run them on every PR.
+        if: ${{ matrix.profile != 'release' }}
+        continue-on-error: true
+        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }}
+        env:
+          RUST_BACKTRACE: 1
+
       # Save caches explicitly; make non-fatal so cache packaging
       # never fails the overall job. Only save when key wasn't hit.
       - name: Save cargo home cache
@@ -271,193 +217,33 @@ jobs:
             ~/.cargo/registry/index/
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}
+          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}
 
-      - name: Save sccache cache (fallback)
-        if: always() && !cancelled() && env.SCCACHE_GHA_ENABLED != 'true'
+      - name: Save target cache (except gnu-dev)
+        if: >-
+          always() && !cancelled() &&
+          (steps.cache_target_restore.outputs.cache-hit != 'true') &&
+          !(matrix.target == 'x86_64-unknown-linux-gnu' && matrix.profile != 'release')
         continue-on-error: true
         uses: actions/cache/save@v4
         with:
-          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}
-
-      - name: sccache stats
-        if: always()
-        continue-on-error: true
-        run: sccache --show-stats || true
-
-      - name: sccache summary
-        if: always()
-        shell: bash
-        run: |
-          {
-            echo "### sccache stats — ${{ matrix.target }} (${{ matrix.profile }})";
-            echo;
-            echo '```';
-            sccache --show-stats || true;
-            echo '```';
-          } >> "$GITHUB_STEP_SUMMARY"
-
-      - name: Save APT cache (musl)
-        if: always() && !cancelled() && (matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl') && steps.cache_apt_restore.outputs.cache-hit != 'true'
-        continue-on-error: true
-        uses: actions/cache/save@v4
-        with:
-          path: |
-            /var/cache/apt
-          key: apt-${{ matrix.runner }}-${{ matrix.target }}-v1
+          path: ${{ github.workspace }}/codex-rs/target/
+          key: cargo-target-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}
 
       # Fail the job if any of the previous steps failed.
       - name: verify all steps passed
         if: |
           steps.clippy.outcome == 'failure' ||
-          steps.cargo_check_all_crates.outcome == 'failure'
+          steps.cargo_check_all_crates.outcome == 'failure' ||
+          steps.test.outcome == 'failure'
         run: |
-          echo "One or more checks failed (clippy or cargo_check_all_crates). See logs for details."
-          exit 1
-
-  tests:
-    name: Tests — ${{ matrix.runner }} - ${{ matrix.target }}
-    runs-on: ${{ matrix.runner }}
-    timeout-minutes: 30
-    needs: changed
-    if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
-    defaults:
-      run:
-        working-directory: codex-rs
-    env:
-      RUSTC_WRAPPER: sccache
-      CARGO_INCREMENTAL: "0"
-      SCCACHE_CACHE_SIZE: 10G
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: macos-14
-            target: aarch64-apple-darwin
-            profile: dev
-          - runner: ubuntu-24.04
-            target: x86_64-unknown-linux-gnu
-            profile: dev
-          - runner: ubuntu-24.04-arm
-            target: aarch64-unknown-linux-gnu
-            profile: dev
-          - runner: windows-latest
-            target: x86_64-pc-windows-msvc
-            profile: dev
-          - runner: windows-11-arm
-            target: aarch64-pc-windows-msvc
-            profile: dev
-
-    steps:
-      - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.90
-        with:
-          targets: ${{ matrix.target }}
-
-      - name: Restore cargo home cache
-        id: cache_cargo_home_restore
-        uses: actions/cache/restore@v4
-        with:
-          path: |
-            ~/.cargo/bin/
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}
-          restore-keys: |
-            cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-
-
-      - name: Install sccache
-        uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
-        with:
-          tool: sccache
-          version: 0.7.5
-
-      - name: Configure sccache backend
-        shell: bash
-        run: |
-          set -euo pipefail
-          if [[ -n "${ACTIONS_CACHE_URL:-}" && -n "${ACTIONS_RUNTIME_TOKEN:-}" ]]; then
-            echo "SCCACHE_GHA_ENABLED=true" >> "$GITHUB_ENV"
-            echo "Using sccache GitHub backend"
-          else
-            echo "SCCACHE_GHA_ENABLED=false" >> "$GITHUB_ENV"
-            echo "SCCACHE_DIR=${{ github.workspace }}/.sccache" >> "$GITHUB_ENV"
-            echo "Using sccache local disk + actions/cache fallback"
-          fi
-
-      - name: Restore sccache cache (fallback)
-        if: ${{ env.SCCACHE_GHA_ENABLED != 'true' }}
-        id: cache_sccache_restore
-        uses: actions/cache/restore@v4
-        with:
-          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}
-          restore-keys: |
-            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-
-            sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-
-
-      - uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
-        with:
-          tool: nextest
-          version: 0.9.103
-
-      - name: tests
-        id: test
-        continue-on-error: true
-        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }} --cargo-profile ci-test
-        env:
-          RUST_BACKTRACE: 1
-
-      - name: Save cargo home cache
-        if: always() && !cancelled() && steps.cache_cargo_home_restore.outputs.cache-hit != 'true'
-        continue-on-error: true
-        uses: actions/cache/save@v4
-        with:
-          path: |
-            ~/.cargo/bin/
-            ~/.cargo/registry/index/
-            ~/.cargo/registry/cache/
-            ~/.cargo/git/db/
-          key: cargo-home-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('codex-rs/rust-toolchain.toml') }}
-
-      - name: Save sccache cache (fallback)
-        if: always() && !cancelled() && env.SCCACHE_GHA_ENABLED != 'true'
-        continue-on-error: true
-        uses: actions/cache/save@v4
-        with:
-          path: ${{ github.workspace }}/.sccache/
-          key: sccache-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}-${{ github.run_id }}
-
-      - name: sccache stats
-        if: always()
-        continue-on-error: true
-        run: sccache --show-stats || true
-
-      - name: sccache summary
-        if: always()
-        shell: bash
-        run: |
-          {
-            echo "### sccache stats — ${{ matrix.target }} (tests)";
-            echo;
-            echo '```';
-            sccache --show-stats || true;
-            echo '```';
-          } >> "$GITHUB_STEP_SUMMARY"
-
-      - name: verify tests passed
-        if: steps.test.outcome == 'failure'
-        run: |
-          echo "Tests failed. See logs for details."
+          echo "One or more checks failed (clippy, cargo_check_all_crates, or test). See logs for details."
           exit 1
 
   # --- Gatherer job that you mark as the ONLY required status -----------------
   results:
     name: CI results (required)
-    needs: [changed, general, cargo_shear, lint_build, tests]
+    needs: [changed, general, cargo_shear, lint_build_test]
     if: always()
     runs-on: ubuntu-24.04
     steps:
@@ -466,8 +252,7 @@ jobs:
         run: |
           echo "general: ${{ needs.general.result }}"
           echo "shear  : ${{ needs.cargo_shear.result }}"
-          echo "lint   : ${{ needs.lint_build.result }}"
-          echo "tests  : ${{ needs.tests.result }}"
+          echo "matrix : ${{ needs.lint_build_test.result }}"
 
           # If nothing relevant changed (PR touching only root README, etc.),
           # declare success regardless of other jobs.
@@ -479,10 +264,4 @@ jobs:
           # Otherwise require the jobs to have succeeded
           [[ '${{ needs.general.result }}' == 'success' ]] || { echo 'general failed'; exit 1; }
           [[ '${{ needs.cargo_shear.result }}' == 'success' ]] || { echo 'cargo_shear failed'; exit 1; }
-          [[ '${{ needs.lint_build.result }}' == 'success' ]] || { echo 'lint_build failed'; exit 1; }
-          [[ '${{ needs.tests.result }}' == 'success' ]] || { echo 'tests failed'; exit 1; }
-
-      - name: sccache summary note
-        if: always()
-        run: |
-          echo "Per-job sccache stats are attached to each matrix job's Step Summary."
+          [[ '${{ needs.lint_build_test.result }}' == 'success' ]] || { echo 'matrix failed'; exit 1; }

.github/workflows/rust-release.yml

@@ -58,9 +58,9 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - runner: macos-15-xlarge
+          - runner: macos-14
             target: aarch64-apple-darwin
-          - runner: macos-15-xlarge
+          - runner: macos-14
             target: x86_64-apple-darwin
           - runner: ubuntu-24.04
             target: x86_64-unknown-linux-musl
@@ -100,7 +100,7 @@ jobs:
       - name: Cargo build
         run: cargo build --target ${{ matrix.target }} --release --bin codex --bin codex-responses-api-proxy
 
-      - if: ${{ matrix.runner == 'macos-15-xlarge' }}
+      - if: ${{ matrix.runner == 'macos-14' }}
         name: Configure Apple code signing
         shell: bash
         env:
@@ -185,7 +185,7 @@ jobs:
           echo "APPLE_CODESIGN_KEYCHAIN=$keychain_path" >> "$GITHUB_ENV"
           echo "::add-mask::$APPLE_CODESIGN_IDENTITY"
 
-      - if: ${{ matrix.runner == 'macos-15-xlarge' }}
+      - if: ${{ matrix.runner == 'macos-14' }}
         name: Sign macOS binaries
         shell: bash
         run: |
@@ -206,69 +206,6 @@ jobs:
             codesign --force --options runtime --timestamp --sign "$APPLE_CODESIGN_IDENTITY" "${keychain_args[@]}" "$path"
           done
 
-      - if: ${{ matrix.runner == 'macos-15-xlarge' }}
-        name: Notarize macOS binaries
-        shell: bash
-        env:
-          APPLE_NOTARIZATION_KEY_P8: ${{ secrets.APPLE_NOTARIZATION_KEY_P8 }}
-          APPLE_NOTARIZATION_KEY_ID: ${{ secrets.APPLE_NOTARIZATION_KEY_ID }}
-          APPLE_NOTARIZATION_ISSUER_ID: ${{ secrets.APPLE_NOTARIZATION_ISSUER_ID }}
-        run: |
-          set -euo pipefail
-
-          for var in APPLE_NOTARIZATION_KEY_P8 APPLE_NOTARIZATION_KEY_ID APPLE_NOTARIZATION_ISSUER_ID; do
-            if [[ -z "${!var:-}" ]]; then
-              echo "$var is required for notarization"
-              exit 1
-            fi
-          done
-
-          notary_key_path="${RUNNER_TEMP}/notarytool.key.p8"
-          echo "$APPLE_NOTARIZATION_KEY_P8" | base64 -d > "$notary_key_path"
-          cleanup_notary() {
-            rm -f "$notary_key_path"
-          }
-          trap cleanup_notary EXIT
-
-          notarize_binary() {
-            local binary="$1"
-            local source_path="target/${{ matrix.target }}/release/${binary}"
-            local archive_path="${RUNNER_TEMP}/${binary}.zip"
-
-            if [[ ! -f "$source_path" ]]; then
-              echo "Binary $source_path not found"
-              exit 1
-            fi
-
-            rm -f "$archive_path"
-            ditto -c -k --keepParent "$source_path" "$archive_path"
-
-            submission_json=$(xcrun notarytool submit "$archive_path" \
-              --key "$notary_key_path" \
-              --key-id "$APPLE_NOTARIZATION_KEY_ID" \
-              --issuer "$APPLE_NOTARIZATION_ISSUER_ID" \
-              --output-format json \
-              --wait)
-
-            status=$(printf '%s\n' "$submission_json" | jq -r '.status // "Unknown"')
-            submission_id=$(printf '%s\n' "$submission_json" | jq -r '.id // ""')
-
-            if [[ -z "$submission_id" ]]; then
-              echo "Failed to retrieve submission ID for $binary"
-              exit 1
-            fi
-
-            echo "::notice title=Notarization::$binary submission ${submission_id} completed with status ${status}"
-
-            if [[ "$status" != "Accepted" ]]; then
-              echo "Notarization failed for ${binary} (submission ${submission_id}, status ${status})"
-              exit 1
-            fi
-          }
-
-          notarize_binary "codex"
-          notarize_binary "codex-responses-api-proxy"
-
       - name: Stage artifacts
         shell: bash
         run: |
@@ -328,7 +265,7 @@ jobs:
           done
 
       - name: Remove signing keychain
-        if: ${{ always() && matrix.runner == 'macos-15-xlarge' }}
+        if: ${{ always() && matrix.runner == 'macos-14' }}
         shell: bash
         env:
           APPLE_CODESIGN_KEYCHAIN: ${{ env.APPLE_CODESIGN_KEYCHAIN }}

.gitignore

@@ -30,7 +30,6 @@ result
 # cli tools
 CLAUDE.md
 .claude/
-AGENTS.override.md
 
 # caches
 .cache/

.vscode/settings.json

@@ -3,7 +3,6 @@
     "rust-analyzer.check.command": "clippy",
     "rust-analyzer.check.extraArgs": ["--all-features", "--tests"],
     "rust-analyzer.rustfmt.extraArgs": ["--config", "imports_granularity=Item"],
-    "rust-analyzer.cargo.targetDir": "${workspaceFolder}/codex-rs/target/rust-analyzer",
     "[rust]": {
         "editor.defaultFormatter": "rust-lang.rust-analyzer",
         "editor.formatOnSave": true,

AGENTS.md

@@ -11,9 +11,7 @@ In the codex-rs folder where the rust code lives:
 - Always collapse if statements per https://rust-lang.github.io/rust-clippy/master/index.html#collapsible_if
 - Always inline format! args when possible per https://rust-lang.github.io/rust-clippy/master/index.html#uninlined_format_args
 - Use method references over closures when possible per https://rust-lang.github.io/rust-clippy/master/index.html#redundant_closure_for_method_calls
-- Do not use unsigned integer even if the number cannot be negative.
 - When writing tests, prefer comparing the equality of entire objects over fields one by one.
-- When making a change that adds or changes an API, ensure that the documentation in the `docs/` folder is up to date if applicable.
 
 Run `just fmt` (in `codex-rs` directory) automatically after making Rust code changes; do not ask for approval to run it. Before finalizing a change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Additionally, run the tests:
 

CHANGELOG.md

@@ -1 +1 @@
-The changelog can be found on the [releases page](https://github.com/openai/codex/releases).
+The changelog can be found on the [releases page](https://github.com/openai/codex/releases)

README.md

@@ -1,4 +1,4 @@
-<p align="center"><code>npm i -g @openai/codex</code><br />or <code>brew install --cask codex</code></p>
+<p align="center"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>
 
 <p align="center"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.
 </br>
@@ -24,7 +24,7 @@ npm install -g @openai/codex
 Alternatively, if you use Homebrew:
 
 ```shell
-brew install --cask codex
+brew install codex
 ```
 
 Then simply run `codex` to get started:
@@ -33,8 +33,6 @@ Then simply run `codex` to get started:
 codex
 ```
 
-If you're running into upgrade issues with Homebrew, see the [FAQ entry on brew upgrade codex](./docs/faq.md#brew-update-codex-isnt-upgrading-me).
-
 <details>
 <summary>You can also go to the <a href="https://github.com/openai/codex/releases/latest">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>
 
@@ -77,7 +75,6 @@ Codex CLI supports a rich set of configuration options, with preferences stored
   - [CLI usage](./docs/getting-started.md#cli-usage)
   - [Running with a prompt as input](./docs/getting-started.md#running-with-a-prompt-as-input)
   - [Example prompts](./docs/getting-started.md#example-prompts)
-  - [Custom prompts](./docs/prompts.md)
   - [Memory with AGENTS.md](./docs/getting-started.md#memory-with-agentsmd)
   - [Configuration](./docs/config.md)
 - [**Sandbox & approvals**](./docs/sandbox.md)

cliff.toml

@@ -4,7 +4,7 @@
 header = """
 # Changelog
 
-You can install any of these versions: `npm install -g @openai/codex@<version>`
+You can install any of these versions: `npm install -g codex@version`
 """
 
 body = """

codex-rs/.gitignore

@@ -1,5 +1,4 @@
 /target/
-/target-*/
 
 # Recommended value of CARGO_TARGET_DIR when using Docker as explained in .devcontainer/README.md.
 /target-amd64/

codex-rs/Cargo.toml

@@ -2,12 +2,10 @@
 members = [
     "backend-client",
     "ansi-escape",
-    "async-utils",
     "app-server",
     "app-server-protocol",
     "apply-patch",
     "arg0",
-    "feedback",
     "codex-backend-openapi-models",
     "cloud-tasks",
     "cloud-tasks-client",
@@ -16,10 +14,11 @@ members = [
     "core",
     "exec",
     "execpolicy",
-    "keyring-store",
     "file-search",
+    "git-tooling",
     "linux-sandbox",
     "login",
+    "mcp-client",
     "mcp-server",
     "mcp-types",
     "ollama",
@@ -28,17 +27,12 @@ members = [
     "protocol-ts",
     "rmcp-client",
     "responses-api-proxy",
-    "stdio-to-uds",
     "otel",
     "tui",
-    "utils/git",
-    "utils/cache",
-    "utils/image",
+    "git-apply",
     "utils/json-to-toml",
-    "utils/pty",
     "utils/readiness",
     "utils/string",
-    "utils/tokenizer",
 ]
 resolver = "2"
 
@@ -58,18 +52,15 @@ codex-app-server = { path = "app-server" }
 codex-app-server-protocol = { path = "app-server-protocol" }
 codex-apply-patch = { path = "apply-patch" }
 codex-arg0 = { path = "arg0" }
-codex-async-utils = { path = "async-utils" }
-codex-backend-client = { path = "backend-client" }
 codex-chatgpt = { path = "chatgpt" }
 codex-common = { path = "common" }
 codex-core = { path = "core" }
 codex-exec = { path = "exec" }
-codex-feedback = { path = "feedback" }
 codex-file-search = { path = "file-search" }
-codex-git = { path = "utils/git" }
-codex-keyring-store = { path = "keyring-store" }
+codex-git-tooling = { path = "git-tooling" }
 codex-linux-sandbox = { path = "linux-sandbox" }
 codex-login = { path = "login" }
+codex-mcp-client = { path = "mcp-client" }
 codex-mcp-server = { path = "mcp-server" }
 codex-ollama = { path = "ollama" }
 codex-otel = { path = "otel" }
@@ -78,15 +69,10 @@ codex-protocol = { path = "protocol" }
 codex-protocol-ts = { path = "protocol-ts" }
 codex-responses-api-proxy = { path = "responses-api-proxy" }
 codex-rmcp-client = { path = "rmcp-client" }
-codex-stdio-to-uds = { path = "stdio-to-uds" }
 codex-tui = { path = "tui" }
-codex-utils-cache = { path = "utils/cache" }
-codex-utils-image = { path = "utils/image" }
 codex-utils-json-to-toml = { path = "utils/json-to-toml" }
-codex-utils-pty = { path = "utils/pty" }
 codex-utils-readiness = { path = "utils/readiness" }
 codex-utils-string = { path = "utils/string" }
-codex-utils-tokenizer = { path = "utils/tokenizer" }
 core_test_support = { path = "core/tests/common" }
 mcp-types = { path = "mcp-types" }
 mcp_test_support = { path = "mcp-server/tests/common" }
@@ -97,8 +83,8 @@ ansi-to-tui = "7.0.0"
 anyhow = "1"
 arboard = "3"
 askama = "0.12"
-assert_cmd = "2"
 assert_matches = "1.5.0"
+assert_cmd = "2"
 async-channel = "2.3.1"
 async-stream = "0.3.6"
 async-trait = "0.1.89"
@@ -121,10 +107,8 @@ env_logger = "0.11.5"
 escargot = "0.5"
 eventsource-stream = "0.2.3"
 futures = { version = "0.3", default-features = false }
-http = "1.3.1"
-icu_decimal = "2.1"
-icu_provider = { version = "2.1", features = ["sync"] }
-icu_locale_core = "2.1"
+icu_decimal = "2.0.0"
+icu_locale_core = "2.0.0"
 ignore = "0.4.23"
 image = { version = "^0.25.8", default-features = false }
 indexmap = "2.6.0"
@@ -135,7 +119,6 @@ landlock = "0.4.1"
 lazy_static = "1"
 libc = "0.2.175"
 log = "0.4"
-lru = "0.12.5"
 maplit = "1.0.2"
 mime_guess = "2.0.5"
 multimap = "0.10.0"
@@ -151,6 +134,7 @@ os_info = "3.12.0"
 owo-colors = "4.2.0"
 paste = "1.0.15"
 path-absolutize = "3.1.1"
+path-clean = "1.0.1"
 pathdiff = "0.2"
 portable-pty = "0.9.0"
 predicates = "3"
@@ -158,13 +142,11 @@ pretty_assertions = "1.4.1"
 pulldown-cmark = "0.10"
 rand = "0.9"
 ratatui = "0.29.0"
-ratatui-macros = "0.6.0"
 regex-lite = "0.1.7"
 reqwest = "0.12"
-rmcp = { version = "0.8.3", default-features = false }
+rmcp = { version = "0.8.0", default-features = false }
 schemars = "0.8.22"
 seccompiler = "0.5.0"
-sentry = "0.34.0"
 serde = "1"
 serde_json = "1"
 serde_with = "3.14"
@@ -179,7 +161,6 @@ strum_macros = "0.27.2"
 supports-color = "3.0.2"
 sys-locale = "0.3.2"
 tempfile = "3.23.0"
-test-log = "0.2.18"
 textwrap = "0.16.2"
 thiserror = "2.0.16"
 time = "0.3"
@@ -199,7 +180,6 @@ tree-sitter = "0.25.10"
 tree-sitter-bash = "0.25"
 tree-sitter-highlight = "0.25.10"
 ts-rs = "11"
-uds_windows = "1.1.0"
 unicode-segmentation = "1.12.0"
 unicode-width = "0.2"
 url = "2"
@@ -254,7 +234,7 @@ unwrap_used = "deny"
 # cargo-shear cannot see the platform-specific openssl-sys usage, so we
 # silence the false positive here instead of deleting a real dependency.
 [workspace.metadata.cargo-shear]
-ignored = ["icu_provider", "openssl-sys", "codex-utils-readiness", "codex-utils-tokenizer"]
+ignored = ["openssl-sys", "codex-utils-readiness"]
 
 [profile.release]
 lto = "fat"
@@ -265,11 +245,6 @@ strip = "symbols"
 # See https://github.com/openai/codex/issues/1411 for details.
 codegen-units = 1
 
-[profile.ci-test]
-debug = 1         # Reduce debug symbol size
-inherits = "test"
-opt-level = 0
-
 [patch.crates-io]
 # Uncomment to debug local changes.
 # ratatui = { path = "../../ratatui" }

codex-rs/README.md

@@ -11,12 +11,7 @@ npm i -g @openai/codex
 codex
 ```
 
-You can also install via Homebrew (`brew install --cask codex`) or download a platform-specific release directly from our [GitHub Releases](https://github.com/openai/codex/releases).
-
-## Documentation quickstart
-
-- First run with Codex? Follow the walkthrough in [`docs/getting-started.md`](../docs/getting-started.md) for prompts, keyboard shortcuts, and session management.
-- Already shipping with Codex and want deeper control? Jump to [`docs/advanced.md`](../docs/advanced.md) and the configuration reference at [`docs/config.md`](../docs/config.md).
+You can also install via Homebrew (`brew install codex`) or download a platform-specific release directly from our [GitHub Releases](https://github.com/openai/codex/releases).
 
 ## What's new in the Rust CLI
 
@@ -52,6 +47,30 @@ You can enable notifications by configuring a script that is run whenever the ag
 
 To run Codex non-interactively, run `codex exec PROMPT` (you can also pass the prompt via `stdin`) and Codex will work on your task until it decides that it is done and exits. Output is printed to the terminal directly. You can set the `RUST_LOG` environment variable to see more about what's going on.
 
+### Use `@` for file search
+
+Typing `@` triggers a fuzzy-filename search over the workspace root. Use up/down to select among the results and Tab or Enter to replace the `@` with the selected path. You can use Esc to cancel the search.
+
+### Esc–Esc to edit a previous message
+
+When the chat composer is empty, press Esc to prime “backtrack” mode. Press Esc again to open a transcript preview highlighting the last user message; press Esc repeatedly to step to older user messages. Press Enter to confirm and Codex will fork the conversation from that point, trim the visible transcript accordingly, and pre‑fill the composer with the selected user message so you can edit and resubmit it.
+
+In the transcript preview, the footer shows an `Esc edit prev` hint while editing is active.
+
+### `--cd`/`-C` flag
+
+Sometimes it is not convenient to `cd` to the directory you want Codex to use as the "working root" before running Codex. Fortunately, `codex` supports a `--cd` option so you can specify whatever folder you want. You can confirm that Codex is honoring `--cd` by double-checking the **workdir** it reports in the TUI at the start of a new session.
+
+### Shell completions
+
+Generate shell completion scripts via:
+
+```shell
+codex completion bash
+codex completion zsh
+codex completion fish
+```
+
 ### Experimenting with the Codex Sandbox
 
 To test to see what happens when a command is run under the sandbox provided by Codex, we provide the following subcommands in Codex CLI:

codex-rs/app-server-protocol/Cargo.toml

@@ -11,11 +11,8 @@ path = "src/lib.rs"
 workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-clap = { workspace = true, features = ["derive"] }
 codex-protocol = { workspace = true }
 paste = { workspace = true }
-schemars = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 strum_macros = { workspace = true }

codex-rs/app-server-protocol/src/bin/export.rs

@@ -1,22 +0,0 @@
-use anyhow::Result;
-use clap::Parser;
-use std::path::PathBuf;
-
-#[derive(Parser, Debug)]
-#[command(
-    about = "Generate TypeScript bindings and JSON Schemas for the Codex app-server protocol"
-)]
-struct Args {
-    /// Output directory where generated files will be written
-    #[arg(short = 'o', long = "out", value_name = "DIR")]
-    out_dir: PathBuf,
-
-    /// Optional Prettier executable path to format generated TypeScript files
-    #[arg(short = 'p', long = "prettier", value_name = "PRETTIER_BIN")]
-    prettier: Option<PathBuf>,
-}
-
-fn main() -> Result<()> {
-    let args = Args::parse();
-    codex_app_server_protocol::generate_types(&args.out_dir, args.prettier.as_deref())
-}

codex-rs/app-server-protocol/src/export.rs

@@ -1,737 +0,0 @@
-use crate::ClientNotification;
-use crate::ClientRequest;
-use crate::ServerNotification;
-use crate::ServerRequest;
-use crate::export_client_response_schemas;
-use crate::export_client_responses;
-use crate::export_server_response_schemas;
-use crate::export_server_responses;
-use anyhow::Context;
-use anyhow::Result;
-use anyhow::anyhow;
-use schemars::JsonSchema;
-use schemars::schema::RootSchema;
-use schemars::schema_for;
-use serde::Serialize;
-use serde_json::Map;
-use serde_json::Value;
-use std::collections::BTreeMap;
-use std::collections::HashSet;
-use std::ffi::OsStr;
-use std::fs;
-use std::io::Read;
-use std::io::Write;
-use std::path::Path;
-use std::path::PathBuf;
-use std::process::Command;
-use ts_rs::TS;
-
-const HEADER: &str = "// GENERATED CODE! DO NOT MODIFY BY HAND!\n\n";
-
-macro_rules! for_each_schema_type {
-    ($macro:ident) => {
-        $macro!(crate::RequestId);
-        $macro!(crate::JSONRPCMessage);
-        $macro!(crate::JSONRPCRequest);
-        $macro!(crate::JSONRPCNotification);
-        $macro!(crate::JSONRPCResponse);
-        $macro!(crate::JSONRPCError);
-        $macro!(crate::JSONRPCErrorError);
-        $macro!(crate::AddConversationListenerParams);
-        $macro!(crate::AddConversationSubscriptionResponse);
-        $macro!(crate::ApplyPatchApprovalParams);
-        $macro!(crate::ApplyPatchApprovalResponse);
-        $macro!(crate::ArchiveConversationParams);
-        $macro!(crate::ArchiveConversationResponse);
-        $macro!(crate::AuthMode);
-        $macro!(crate::AuthStatusChangeNotification);
-        $macro!(crate::CancelLoginChatGptParams);
-        $macro!(crate::CancelLoginChatGptResponse);
-        $macro!(crate::ClientInfo);
-        $macro!(crate::ClientNotification);
-        $macro!(crate::ClientRequest);
-        $macro!(crate::ConversationSummary);
-        $macro!(crate::ExecCommandApprovalParams);
-        $macro!(crate::ExecCommandApprovalResponse);
-        $macro!(crate::ExecOneOffCommandParams);
-        $macro!(crate::ExecOneOffCommandResponse);
-        $macro!(crate::FuzzyFileSearchParams);
-        $macro!(crate::FuzzyFileSearchResponse);
-        $macro!(crate::FuzzyFileSearchResult);
-        $macro!(crate::GetAuthStatusParams);
-        $macro!(crate::GetAuthStatusResponse);
-        $macro!(crate::GetUserAgentResponse);
-        $macro!(crate::GetUserSavedConfigResponse);
-        $macro!(crate::GitDiffToRemoteParams);
-        $macro!(crate::GitDiffToRemoteResponse);
-        $macro!(crate::GitSha);
-        $macro!(crate::InitializeParams);
-        $macro!(crate::InitializeResponse);
-        $macro!(crate::InputItem);
-        $macro!(crate::InterruptConversationParams);
-        $macro!(crate::InterruptConversationResponse);
-        $macro!(crate::ListConversationsParams);
-        $macro!(crate::ListConversationsResponse);
-        $macro!(crate::LoginApiKeyParams);
-        $macro!(crate::LoginApiKeyResponse);
-        $macro!(crate::LoginChatGptCompleteNotification);
-        $macro!(crate::LoginChatGptResponse);
-        $macro!(crate::LogoutChatGptParams);
-        $macro!(crate::LogoutChatGptResponse);
-        $macro!(crate::NewConversationParams);
-        $macro!(crate::NewConversationResponse);
-        $macro!(crate::Profile);
-        $macro!(crate::RemoveConversationListenerParams);
-        $macro!(crate::RemoveConversationSubscriptionResponse);
-        $macro!(crate::ResumeConversationParams);
-        $macro!(crate::ResumeConversationResponse);
-        $macro!(crate::SandboxSettings);
-        $macro!(crate::SendUserMessageParams);
-        $macro!(crate::SendUserMessageResponse);
-        $macro!(crate::SendUserTurnParams);
-        $macro!(crate::SendUserTurnResponse);
-        $macro!(crate::ServerNotification);
-        $macro!(crate::ServerRequest);
-        $macro!(crate::SessionConfiguredNotification);
-        $macro!(crate::SetDefaultModelParams);
-        $macro!(crate::SetDefaultModelResponse);
-        $macro!(crate::Tools);
-        $macro!(crate::UserInfoResponse);
-        $macro!(crate::UserSavedConfig);
-        $macro!(codex_protocol::protocol::EventMsg);
-        $macro!(codex_protocol::protocol::FileChange);
-        $macro!(codex_protocol::parse_command::ParsedCommand);
-        $macro!(codex_protocol::protocol::SandboxPolicy);
-    };
-}
-
-pub fn generate_types(out_dir: &Path, prettier: Option<&Path>) -> Result<()> {
-    generate_ts(out_dir, prettier)?;
-    generate_json(out_dir)?;
-    Ok(())
-}
-
-pub fn generate_ts(out_dir: &Path, prettier: Option<&Path>) -> Result<()> {
-    ensure_dir(out_dir)?;
-
-    ClientRequest::export_all_to(out_dir)?;
-    export_client_responses(out_dir)?;
-    ClientNotification::export_all_to(out_dir)?;
-
-    ServerRequest::export_all_to(out_dir)?;
-    export_server_responses(out_dir)?;
-    ServerNotification::export_all_to(out_dir)?;
-
-    generate_index_ts(out_dir)?;
-
-    let ts_files = ts_files_in(out_dir)?;
-    for file in &ts_files {
-        prepend_header_if_missing(file)?;
-    }
-
-    if let Some(prettier_bin) = prettier
-        && !ts_files.is_empty()
-    {
-        let status = Command::new(prettier_bin)
-            .arg("--write")
-            .args(ts_files.iter().map(|p| p.as_os_str()))
-            .status()
-            .with_context(|| format!("Failed to invoke Prettier at {}", prettier_bin.display()))?;
-        if !status.success() {
-            return Err(anyhow!("Prettier failed with status {status}"));
-        }
-    }
-
-    Ok(())
-}
-
-pub fn generate_json(out_dir: &Path) -> Result<()> {
-    ensure_dir(out_dir)?;
-    let mut bundle: BTreeMap<String, RootSchema> = BTreeMap::new();
-
-    macro_rules! add_schema {
-        ($ty:path) => {{
-            let name = type_basename(stringify!($ty));
-            let schema = write_json_schema_with_return::<$ty>(out_dir, &name)?;
-            bundle.insert(name, schema);
-        }};
-    }
-
-    for_each_schema_type!(add_schema);
-
-    export_client_response_schemas(out_dir)?;
-    export_server_response_schemas(out_dir)?;
-
-    let mut definitions = Map::new();
-
-    const SPECIAL_DEFINITIONS: &[&str] = &[
-        "ClientNotification",
-        "ClientRequest",
-        "EventMsg",
-        "FileChange",
-        "InputItem",
-        "ParsedCommand",
-        "SandboxPolicy",
-        "ServerNotification",
-        "ServerRequest",
-    ];
-
-    for (name, schema) in bundle {
-        let mut schema_value = serde_json::to_value(schema)?;
-        annotate_schema(&mut schema_value, Some(name.as_str()));
-
-        if let Value::Object(ref mut obj) = schema_value
-            && let Some(defs) = obj.remove("definitions")
-            && let Value::Object(defs_obj) = defs
-        {
-            for (def_name, mut def_schema) in defs_obj {
-                if !SPECIAL_DEFINITIONS.contains(&def_name.as_str()) {
-                    annotate_schema(&mut def_schema, Some(def_name.as_str()));
-                    definitions.insert(def_name, def_schema);
-                }
-            }
-        }
-        definitions.insert(name, schema_value);
-    }
-
-    let mut root = Map::new();
-    root.insert(
-        "$schema".to_string(),
-        Value::String("http://json-schema.org/draft-07/schema#".into()),
-    );
-    root.insert(
-        "title".to_string(),
-        Value::String("CodexAppServerProtocol".into()),
-    );
-    root.insert("type".to_string(), Value::String("object".into()));
-    root.insert("definitions".to_string(), Value::Object(definitions));
-
-    write_pretty_json(
-        out_dir.join("codex_app_server_protocol.schemas.json"),
-        &Value::Object(root),
-    )?;
-
-    Ok(())
-}
-
-fn write_json_schema_with_return<T>(out_dir: &Path, name: &str) -> Result<RootSchema>
-where
-    T: JsonSchema,
-{
-    let file_stem = name.trim();
-    let schema = schema_for!(T);
-    let mut schema_value = serde_json::to_value(schema)?;
-    annotate_schema(&mut schema_value, Some(file_stem));
-    write_pretty_json(out_dir.join(format!("{file_stem}.json")), &schema_value)
-        .with_context(|| format!("Failed to write JSON schema for {file_stem}"))?;
-    let annotated_schema = serde_json::from_value(schema_value)?;
-    Ok(annotated_schema)
-}
-
-pub(crate) fn write_json_schema<T>(out_dir: &Path, name: &str) -> Result<()>
-where
-    T: JsonSchema,
-{
-    write_json_schema_with_return::<T>(out_dir, name).map(|_| ())
-}
-
-fn write_pretty_json(path: PathBuf, value: &impl Serialize) -> Result<()> {
-    let json = serde_json::to_vec_pretty(value)
-        .with_context(|| format!("Failed to serialize JSON schema to {}", path.display()))?;
-    fs::write(&path, json).with_context(|| format!("Failed to write {}", path.display()))?;
-    Ok(())
-}
-fn type_basename(type_path: &str) -> String {
-    type_path
-        .rsplit_once("::")
-        .map(|(_, name)| name)
-        .unwrap_or(type_path)
-        .trim()
-        .to_string()
-}
-
-fn variant_definition_name(base: &str, variant: &Value) -> Option<String> {
-    if let Some(props) = variant.get("properties").and_then(Value::as_object) {
-        if let Some(method_literal) = literal_from_property(props, "method") {
-            let pascal = to_pascal_case(method_literal);
-            return Some(match base {
-                "ClientRequest" | "ServerRequest" => format!("{pascal}Request"),
-                "ClientNotification" | "ServerNotification" => format!("{pascal}Notification"),
-                _ => format!("{pascal}{base}"),
-            });
-        }
-
-        if let Some(type_literal) = literal_from_property(props, "type") {
-            let pascal = to_pascal_case(type_literal);
-            return Some(match base {
-                "EventMsg" => format!("{pascal}EventMsg"),
-                _ => format!("{pascal}{base}"),
-            });
-        }
-
-        if let Some(mode_literal) = literal_from_property(props, "mode") {
-            let pascal = to_pascal_case(mode_literal);
-            return Some(match base {
-                "SandboxPolicy" => format!("{pascal}SandboxPolicy"),
-                _ => format!("{pascal}{base}"),
-            });
-        }
-
-        if props.len() == 1
-            && let Some(key) = props.keys().next()
-        {
-            let pascal = to_pascal_case(key);
-            return Some(format!("{pascal}{base}"));
-        }
-    }
-
-    if let Some(required) = variant.get("required").and_then(Value::as_array)
-        && required.len() == 1
-        && let Some(key) = required[0].as_str()
-    {
-        let pascal = to_pascal_case(key);
-        return Some(format!("{pascal}{base}"));
-    }
-
-    None
-}
-
-fn literal_from_property<'a>(props: &'a Map<String, Value>, key: &str) -> Option<&'a str> {
-    props.get(key).and_then(string_literal)
-}
-
-fn string_literal(value: &Value) -> Option<&str> {
-    value.get("const").and_then(Value::as_str).or_else(|| {
-        value
-            .get("enum")
-            .and_then(Value::as_array)
-            .and_then(|arr| arr.first())
-            .and_then(Value::as_str)
-    })
-}
-
-fn annotate_schema(value: &mut Value, base: Option<&str>) {
-    match value {
-        Value::Object(map) => annotate_object(map, base),
-        Value::Array(items) => {
-            for item in items {
-                annotate_schema(item, base);
-            }
-        }
-        _ => {}
-    }
-}
-
-fn annotate_object(map: &mut Map<String, Value>, base: Option<&str>) {
-    let owner = map.get("title").and_then(Value::as_str).map(str::to_owned);
-    if let Some(owner) = owner.as_deref()
-        && let Some(Value::Object(props)) = map.get_mut("properties")
-    {
-        set_discriminator_titles(props, owner);
-    }
-
-    if let Some(Value::Array(variants)) = map.get_mut("oneOf") {
-        annotate_variant_list(variants, base);
-    }
-    if let Some(Value::Array(variants)) = map.get_mut("anyOf") {
-        annotate_variant_list(variants, base);
-    }
-
-    if let Some(Value::Object(defs)) = map.get_mut("definitions") {
-        for (name, schema) in defs.iter_mut() {
-            annotate_schema(schema, Some(name.as_str()));
-        }
-    }
-
-    if let Some(Value::Object(defs)) = map.get_mut("$defs") {
-        for (name, schema) in defs.iter_mut() {
-            annotate_schema(schema, Some(name.as_str()));
-        }
-    }
-
-    if let Some(Value::Object(props)) = map.get_mut("properties") {
-        for value in props.values_mut() {
-            annotate_schema(value, base);
-        }
-    }
-
-    if let Some(items) = map.get_mut("items") {
-        annotate_schema(items, base);
-    }
-
-    if let Some(additional) = map.get_mut("additionalProperties") {
-        annotate_schema(additional, base);
-    }
-
-    for (key, child) in map.iter_mut() {
-        match key.as_str() {
-            "oneOf"
-            | "anyOf"
-            | "definitions"
-            | "$defs"
-            | "properties"
-            | "items"
-            | "additionalProperties" => {}
-            _ => annotate_schema(child, base),
-        }
-    }
-}
-
-fn annotate_variant_list(variants: &mut [Value], base: Option<&str>) {
-    let mut seen = HashSet::new();
-
-    for variant in variants.iter() {
-        if let Some(name) = variant_title(variant) {
-            seen.insert(name.to_owned());
-        }
-    }
-
-    for variant in variants.iter_mut() {
-        let mut variant_name = variant_title(variant).map(str::to_owned);
-
-        if variant_name.is_none()
-            && let Some(base_name) = base
-            && let Some(name) = variant_definition_name(base_name, variant)
-        {
-            let mut candidate = name.clone();
-            let mut index = 2;
-            while seen.contains(&candidate) {
-                candidate = format!("{name}{index}");
-                index += 1;
-            }
-            if let Some(obj) = variant.as_object_mut() {
-                obj.insert("title".into(), Value::String(candidate.clone()));
-            }
-            seen.insert(candidate.clone());
-            variant_name = Some(candidate);
-        }
-
-        if let Some(name) = variant_name.as_deref()
-            && let Some(obj) = variant.as_object_mut()
-            && let Some(Value::Object(props)) = obj.get_mut("properties")
-        {
-            set_discriminator_titles(props, name);
-        }
-
-        annotate_schema(variant, base);
-    }
-}
-
-const DISCRIMINATOR_KEYS: &[&str] = &["type", "method", "mode", "status", "role", "reason"];
-
-fn set_discriminator_titles(props: &mut Map<String, Value>, owner: &str) {
-    for key in DISCRIMINATOR_KEYS {
-        if let Some(prop_schema) = props.get_mut(*key)
-            && string_literal(prop_schema).is_some()
-            && let Value::Object(prop_obj) = prop_schema
-        {
-            if prop_obj.contains_key("title") {
-                continue;
-            }
-            let suffix = to_pascal_case(key);
-            prop_obj.insert("title".into(), Value::String(format!("{owner}{suffix}")));
-        }
-    }
-}
-
-fn variant_title(value: &Value) -> Option<&str> {
-    value
-        .as_object()
-        .and_then(|obj| obj.get("title"))
-        .and_then(Value::as_str)
-}
-
-fn to_pascal_case(input: &str) -> String {
-    let mut result = String::new();
-    let mut capitalize_next = true;
-
-    for c in input.chars() {
-        if c == '_' || c == '-' {
-            capitalize_next = true;
-            continue;
-        }
-
-        if capitalize_next {
-            result.extend(c.to_uppercase());
-            capitalize_next = false;
-        } else {
-            result.push(c);
-        }
-    }
-
-    result
-}
-
-fn ensure_dir(dir: &Path) -> Result<()> {
-    fs::create_dir_all(dir)
-        .with_context(|| format!("Failed to create output directory {}", dir.display()))
-}
-
-fn prepend_header_if_missing(path: &Path) -> Result<()> {
-    let mut content = String::new();
-    {
-        let mut f = fs::File::open(path)
-            .with_context(|| format!("Failed to open {} for reading", path.display()))?;
-        f.read_to_string(&mut content)
-            .with_context(|| format!("Failed to read {}", path.display()))?;
-    }
-
-    if content.starts_with(HEADER) {
-        return Ok(());
-    }
-
-    let mut f = fs::File::create(path)
-        .with_context(|| format!("Failed to open {} for writing", path.display()))?;
-    f.write_all(HEADER.as_bytes())
-        .with_context(|| format!("Failed to write header to {}", path.display()))?;
-    f.write_all(content.as_bytes())
-        .with_context(|| format!("Failed to write content to {}", path.display()))?;
-    Ok(())
-}
-
-fn ts_files_in(dir: &Path) -> Result<Vec<PathBuf>> {
-    let mut files = Vec::new();
-    for entry in
-        fs::read_dir(dir).with_context(|| format!("Failed to read dir {}", dir.display()))?
-    {
-        let entry = entry?;
-        let path = entry.path();
-        if path.is_file() && path.extension() == Some(OsStr::new("ts")) {
-            files.push(path);
-        }
-    }
-    files.sort();
-    Ok(files)
-}
-
-fn generate_index_ts(out_dir: &Path) -> Result<PathBuf> {
-    let mut entries: Vec<String> = Vec::new();
-    let mut stems: Vec<String> = ts_files_in(out_dir)?
-        .into_iter()
-        .filter_map(|p| {
-            let stem = p.file_stem()?.to_string_lossy().into_owned();
-            if stem == "index" { None } else { Some(stem) }
-        })
-        .collect();
-    stems.sort();
-    stems.dedup();
-
-    for name in stems {
-        entries.push(format!("export type {{ {name} }} from \"./{name}\";\n"));
-    }
-
-    let mut content =
-        String::with_capacity(HEADER.len() + entries.iter().map(String::len).sum::<usize>());
-    content.push_str(HEADER);
-    for line in &entries {
-        content.push_str(line);
-    }
-
-    let index_path = out_dir.join("index.ts");
-    let mut f = fs::File::create(&index_path)
-        .with_context(|| format!("Failed to create {}", index_path.display()))?;
-    f.write_all(content.as_bytes())
-        .with_context(|| format!("Failed to write {}", index_path.display()))?;
-    Ok(index_path)
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use anyhow::Result;
-    use std::collections::BTreeSet;
-    use std::fs;
-    use std::path::PathBuf;
-    use uuid::Uuid;
-
-    #[test]
-    fn generated_ts_has_no_optional_nullable_fields() -> Result<()> {
-        let output_dir = std::env::temp_dir().join(format!("codex_ts_types_{}", Uuid::now_v7()));
-        fs::create_dir(&output_dir)?;
-
-        struct TempDirGuard(PathBuf);
-
-        impl Drop for TempDirGuard {
-            fn drop(&mut self) {
-                let _ = fs::remove_dir_all(&self.0);
-            }
-        }
-
-        let _guard = TempDirGuard(output_dir.clone());
-
-        generate_ts(&output_dir, None)?;
-
-        let mut undefined_offenders = Vec::new();
-        let mut optional_nullable_offenders = BTreeSet::new();
-        let mut stack = vec![output_dir];
-        while let Some(dir) = stack.pop() {
-            for entry in fs::read_dir(&dir)? {
-                let entry = entry?;
-                let path = entry.path();
-                if path.is_dir() {
-                    stack.push(path);
-                    continue;
-                }
-
-                if matches!(path.extension().and_then(|ext| ext.to_str()), Some("ts")) {
-                    let contents = fs::read_to_string(&path)?;
-                    if contents.contains("| undefined") {
-                        undefined_offenders.push(path.clone());
-                    }
-
-                    const SKIP_PREFIXES: &[&str] = &[
-                        "const ",
-                        "let ",
-                        "var ",
-                        "export const ",
-                        "export let ",
-                        "export var ",
-                    ];
-
-                    let mut search_start = 0;
-                    while let Some(idx) = contents[search_start..].find("| null") {
-                        let abs_idx = search_start + idx;
-                        // Find the property-colon for this field by scanning forward
-                        // from the start of the segment and ignoring nested braces,
-                        // brackets, and parens. This avoids colons inside nested
-                        // type literals like `{ [k in string]?: string }`.
-
-                        let line_start_idx =
-                            contents[..abs_idx].rfind('\n').map(|i| i + 1).unwrap_or(0);
-
-                        let mut segment_start_idx = line_start_idx;
-                        if let Some(rel_idx) = contents[line_start_idx..abs_idx].rfind(',') {
-                            segment_start_idx = segment_start_idx.max(line_start_idx + rel_idx + 1);
-                        }
-                        if let Some(rel_idx) = contents[line_start_idx..abs_idx].rfind('{') {
-                            segment_start_idx = segment_start_idx.max(line_start_idx + rel_idx + 1);
-                        }
-                        if let Some(rel_idx) = contents[line_start_idx..abs_idx].rfind('}') {
-                            segment_start_idx = segment_start_idx.max(line_start_idx + rel_idx + 1);
-                        }
-
-                        // Scan forward for the colon that separates the field name from its type.
-                        let mut level_brace = 0_i32;
-                        let mut level_brack = 0_i32;
-                        let mut level_paren = 0_i32;
-                        let mut in_single = false;
-                        let mut in_double = false;
-                        let mut escape = false;
-                        let mut prop_colon_idx = None;
-                        for (i, ch) in contents[segment_start_idx..abs_idx].char_indices() {
-                            let idx_abs = segment_start_idx + i;
-                            if escape {
-                                escape = false;
-                                continue;
-                            }
-                            match ch {
-                                '\\' => {
-                                    // Only treat as escape when inside a string.
-                                    if in_single || in_double {
-                                        escape = true;
-                                    }
-                                }
-                                '\'' => {
-                                    if !in_double {
-                                        in_single = !in_single;
-                                    }
-                                }
-                                '"' => {
-                                    if !in_single {
-                                        in_double = !in_double;
-                                    }
-                                }
-                                '{' if !in_single && !in_double => level_brace += 1,
-                                '}' if !in_single && !in_double => level_brace -= 1,
-                                '[' if !in_single && !in_double => level_brack += 1,
-                                ']' if !in_single && !in_double => level_brack -= 1,
-                                '(' if !in_single && !in_double => level_paren += 1,
-                                ')' if !in_single && !in_double => level_paren -= 1,
-                                ':' if !in_single
-                                    && !in_double
-                                    && level_brace == 0
-                                    && level_brack == 0
-                                    && level_paren == 0 =>
-                                {
-                                    prop_colon_idx = Some(idx_abs);
-                                    break;
-                                }
-                                _ => {}
-                            }
-                        }
-
-                        let Some(colon_idx) = prop_colon_idx else {
-                            search_start = abs_idx + 5;
-                            continue;
-                        };
-
-                        let mut field_prefix = contents[segment_start_idx..colon_idx].trim();
-                        if field_prefix.is_empty() {
-                            search_start = abs_idx + 5;
-                            continue;
-                        }
-
-                        if let Some(comment_idx) = field_prefix.rfind("*/") {
-                            field_prefix = field_prefix[comment_idx + 2..].trim_start();
-                        }
-
-                        if field_prefix.is_empty() {
-                            search_start = abs_idx + 5;
-                            continue;
-                        }
-
-                        if SKIP_PREFIXES
-                            .iter()
-                            .any(|prefix| field_prefix.starts_with(prefix))
-                        {
-                            search_start = abs_idx + 5;
-                            continue;
-                        }
-
-                        if field_prefix.contains('(') {
-                            search_start = abs_idx + 5;
-                            continue;
-                        }
-
-                        // If the last non-whitespace before ':' is '?', then this is an
-                        // optional field with a nullable type (i.e., "?: T | null"),
-                        // which we explicitly disallow.
-                        if field_prefix.chars().rev().find(|c| !c.is_whitespace()) == Some('?') {
-                            let line_number =
-                                contents[..abs_idx].chars().filter(|c| *c == '\n').count() + 1;
-                            let offending_line_end = contents[line_start_idx..]
-                                .find('\n')
-                                .map(|i| line_start_idx + i)
-                                .unwrap_or(contents.len());
-                            let offending_snippet =
-                                contents[line_start_idx..offending_line_end].trim();
-
-                            optional_nullable_offenders.insert(format!(
-                                "{}:{}: {offending_snippet}",
-                                path.display(),
-                                line_number
-                            ));
-                        }
-
-                        search_start = abs_idx + 5;
-                    }
-                }
-            }
-        }
-
-        assert!(
-            undefined_offenders.is_empty(),
-            "Generated TypeScript still includes unions with `undefined` in {undefined_offenders:?}"
-        );
-
-        // If this assertion fails, it means a field was generated as
-        // "?: T | null" — i.e., both optional (undefined) and nullable (null).
-        // We only want either "?: T" or ": T | null".
-        assert!(
-            optional_nullable_offenders.is_empty(),
-            "Generated TypeScript has optional fields with nullable types (disallowed '?: T | null'), add #[ts(optional)] to fix:\n{optional_nullable_offenders:?}"
-        );
-
-        Ok(())
-    }
-}

codex-rs/app-server-protocol/src/jsonrpc_lite.rs

@@ -1,14 +1,13 @@
 //! We do not do true JSON-RPC 2.0, as we neither send nor expect the
 //! "jsonrpc": "2.0" field.
 
-use schemars::JsonSchema;
 use serde::Deserialize;
 use serde::Serialize;
 use ts_rs::TS;
 
 pub const JSONRPC_VERSION: &str = "2.0";
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, Hash, Eq, TS)]
 #[serde(untagged)]
 pub enum RequestId {
     String(String),
@@ -19,7 +18,7 @@ pub enum RequestId {
 pub type Result = serde_json::Value;
 
 /// Refers to any valid JSON-RPC object that can be decoded off the wire, or encoded to be sent.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 #[serde(untagged)]
 pub enum JSONRPCMessage {
     Request(JSONRPCRequest),
@@ -29,43 +28,40 @@ pub enum JSONRPCMessage {
 }
 
 /// A request that expects a response.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCRequest {
     pub id: RequestId,
     pub method: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
     pub params: Option<serde_json::Value>,
 }
 
 /// A notification which does not expect a response.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCNotification {
     pub method: String,
     #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
     pub params: Option<serde_json::Value>,
 }
 
 /// A successful (non-error) response to a request.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCResponse {
     pub id: RequestId,
     pub result: Result,
 }
 
 /// A response to a request that indicates an error occurred.
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCError {
     pub error: JSONRPCErrorError,
     pub id: RequestId,
 }
 
-#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, JsonSchema, TS)]
+#[derive(Debug, Clone, PartialEq, Deserialize, Serialize, TS)]
 pub struct JSONRPCErrorError {
     pub code: i64,
     #[serde(default, skip_serializing_if = "Option::is_none")]
-    #[ts(optional)]
     pub data: Option<serde_json::Value>,
     pub message: String,
 }

codex-rs/app-server-protocol/src/lib.rs

@@ -1,9 +1,5 @@
-mod export;
 mod jsonrpc_lite;
 mod protocol;
 
-pub use export::generate_json;
-pub use export::generate_ts;
-pub use export::generate_types;
 pub use jsonrpc_lite::*;
 pub use protocol::*;

codex-rs/app-server/Cargo.toml

@@ -19,14 +19,11 @@ anyhow = { workspace = true }
 codex-arg0 = { workspace = true }
 codex-common = { workspace = true, features = ["cli"] }
 codex-core = { workspace = true }
-codex-backend-client = { workspace = true }
 codex-file-search = { workspace = true }
 codex-login = { workspace = true }
 codex-protocol = { workspace = true }
 codex-app-server-protocol = { workspace = true }
-codex-feedback = { workspace = true }
 codex-utils-json-to-toml = { workspace = true }
-chrono = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 tokio = { workspace = true, features = [
@@ -38,7 +35,6 @@ tokio = { workspace = true, features = [
 ] }
 tracing = { workspace = true, features = ["log"] }
 tracing-subscriber = { workspace = true, features = ["env-filter", "fmt"] }
-opentelemetry-appender-tracing = { workspace = true }
 uuid = { workspace = true, features = ["serde", "v7"] }
 
 [dev-dependencies]
@@ -48,7 +44,6 @@ base64 = { workspace = true }
 core_test_support = { workspace = true }
 os_info = { workspace = true }
 pretty_assertions = { workspace = true }
-serial_test = { workspace = true }
 tempfile = { workspace = true }
 toml = { workspace = true }
 wiremock = { workspace = true }

codex-rs/app-server/src/fuzzy_file_search.rs

@@ -46,7 +46,6 @@ pub(crate) async fn run_fuzzy_file_search(
                 threads,
                 cancel_flag,
                 COMPUTE_INDICES,
-                true,
             ) {
                 Ok(res) => Ok((root, res)),
                 Err(err) => Err((root, err)),

codex-rs/app-server/src/lib.rs

@@ -1,38 +1,32 @@
 #![deny(clippy::print_stdout, clippy::print_stderr)]
 
-use codex_common::CliConfigOverrides;
-use codex_core::config::Config;
-use codex_core::config::ConfigOverrides;
-use opentelemetry_appender_tracing::layer::OpenTelemetryTracingBridge;
 use std::io::ErrorKind;
 use std::io::Result as IoResult;
 use std::path::PathBuf;
 
-use crate::message_processor::MessageProcessor;
-use crate::outgoing_message::OutgoingMessage;
-use crate::outgoing_message::OutgoingMessageSender;
+use codex_common::CliConfigOverrides;
+use codex_core::config::Config;
+use codex_core::config::ConfigOverrides;
+
 use codex_app_server_protocol::JSONRPCMessage;
-use codex_feedback::CodexFeedback;
 use tokio::io::AsyncBufReadExt;
 use tokio::io::AsyncWriteExt;
 use tokio::io::BufReader;
 use tokio::io::{self};
 use tokio::sync::mpsc;
-use tracing::Level;
 use tracing::debug;
 use tracing::error;
 use tracing::info;
 use tracing_subscriber::EnvFilter;
-use tracing_subscriber::Layer;
-use tracing_subscriber::filter::Targets;
-use tracing_subscriber::layer::SubscriberExt;
-use tracing_subscriber::util::SubscriberInitExt;
+
+use crate::message_processor::MessageProcessor;
+use crate::outgoing_message::OutgoingMessage;
+use crate::outgoing_message::OutgoingMessageSender;
 
 mod codex_message_processor;
 mod error_code;
 mod fuzzy_file_search;
 mod message_processor;
-mod models;
 mod outgoing_message;
 
 /// Size of the bounded channels used to communicate between tasks. The value
@@ -44,6 +38,13 @@ pub async fn run_main(
     codex_linux_sandbox_exe: Option<PathBuf>,
     cli_config_overrides: CliConfigOverrides,
 ) -> IoResult<()> {
+    // Install a simple subscriber so `tracing` output is visible.  Users can
+    // control the log level with `RUST_LOG`.
+    tracing_subscriber::fmt()
+        .with_writer(std::io::stderr)
+        .with_env_filter(EnvFilter::from_default_env())
+        .init();
+
     // Set up channels.
     let (incoming_tx, mut incoming_rx) = mpsc::channel::<JSONRPCMessage>(CHANNEL_CAPACITY);
     let (outgoing_tx, mut outgoing_rx) = mpsc::unbounded_channel::<OutgoingMessage>();
@@ -85,38 +86,6 @@ pub async fn run_main(
             std::io::Error::new(ErrorKind::InvalidData, format!("error loading config: {e}"))
         })?;
 
-    let feedback = CodexFeedback::new();
-
-    let otel =
-        codex_core::otel_init::build_provider(&config, env!("CARGO_PKG_VERSION")).map_err(|e| {
-            std::io::Error::new(
-                ErrorKind::InvalidData,
-                format!("error loading otel config: {e}"),
-            )
-        })?;
-
-    // Install a simple subscriber so `tracing` output is visible.  Users can
-    // control the log level with `RUST_LOG`.
-    let stderr_fmt = tracing_subscriber::fmt::layer()
-        .with_writer(std::io::stderr)
-        .with_filter(EnvFilter::from_default_env());
-
-    let feedback_layer = tracing_subscriber::fmt::layer()
-        .with_writer(feedback.make_writer())
-        .with_ansi(false)
-        .with_target(false)
-        .with_filter(Targets::new().with_default(Level::TRACE));
-
-    let _ = tracing_subscriber::registry()
-        .with(stderr_fmt)
-        .with(feedback_layer)
-        .with(otel.as_ref().map(|provider| {
-            OpenTelemetryTracingBridge::new(&provider.logger).with_filter(
-                tracing_subscriber::filter::filter_fn(codex_core::otel_init::codex_export_filter),
-            )
-        }))
-        .try_init();
-
     // Task: process incoming messages.
     let processor_handle = tokio::spawn({
         let outgoing_message_sender = OutgoingMessageSender::new(outgoing_tx);
@@ -124,7 +93,6 @@ pub async fn run_main(
             outgoing_message_sender,
             codex_linux_sandbox_exe,
             std::sync::Arc::new(config),
-            feedback.clone(),
         );
         async move {
             while let Some(msg) = incoming_rx.recv().await {

codex-rs/app-server/src/message_processor.rs

@@ -17,7 +17,6 @@ use codex_core::ConversationManager;
 use codex_core::config::Config;
 use codex_core::default_client::USER_AGENT_SUFFIX;
 use codex_core::default_client::get_codex_user_agent;
-use codex_feedback::CodexFeedback;
 use codex_protocol::protocol::SessionSource;
 use std::sync::Arc;
 
@@ -34,14 +33,9 @@ impl MessageProcessor {
         outgoing: OutgoingMessageSender,
         codex_linux_sandbox_exe: Option<PathBuf>,
         config: Arc<Config>,
-        feedback: CodexFeedback,
     ) -> Self {
         let outgoing = Arc::new(outgoing);
-        let auth_manager = AuthManager::shared(
-            config.codex_home.clone(),
-            false,
-            config.cli_auth_credentials_store_mode,
-        );
+        let auth_manager = AuthManager::shared(config.codex_home.clone(), false);
         let conversation_manager = Arc::new(ConversationManager::new(
             auth_manager.clone(),
             SessionSource::VSCode,
@@ -52,7 +46,6 @@ impl MessageProcessor {
             outgoing.clone(),
             codex_linux_sandbox_exe,
             config,
-            feedback,
         );
 
         Self {

codex-rs/app-server/src/models.rs

@@ -1,38 +0,0 @@
-use codex_app_server_protocol::Model;
-use codex_app_server_protocol::ReasoningEffortOption;
-use codex_common::model_presets::ModelPreset;
-use codex_common::model_presets::ReasoningEffortPreset;
-use codex_common::model_presets::builtin_model_presets;
-
-pub fn supported_models() -> Vec<Model> {
-    builtin_model_presets(None)
-        .into_iter()
-        .map(model_from_preset)
-        .collect()
-}
-
-fn model_from_preset(preset: ModelPreset) -> Model {
-    Model {
-        id: preset.id.to_string(),
-        model: preset.model.to_string(),
-        display_name: preset.display_name.to_string(),
-        description: preset.description.to_string(),
-        supported_reasoning_efforts: reasoning_efforts_from_preset(
-            preset.supported_reasoning_efforts,
-        ),
-        default_reasoning_effort: preset.default_reasoning_effort,
-        is_default: preset.is_default,
-    }
-}
-
-fn reasoning_efforts_from_preset(
-    efforts: &'static [ReasoningEffortPreset],
-) -> Vec<ReasoningEffortOption> {
-    efforts
-        .iter()
-        .map(|preset| ReasoningEffortOption {
-            reasoning_effort: preset.effort,
-            description: preset.description.to_string(),
-        })
-        .collect()
-}

codex-rs/app-server/src/outgoing_message.rs

@@ -142,8 +142,6 @@ pub(crate) struct OutgoingError {
 #[cfg(test)]
 mod tests {
     use codex_app_server_protocol::LoginChatGptCompleteNotification;
-    use codex_protocol::protocol::RateLimitSnapshot;
-    use codex_protocol::protocol::RateLimitWindow;
     use pretty_assertions::assert_eq;
     use serde_json::json;
     use uuid::Uuid;
@@ -166,7 +164,6 @@ mod tests {
                 "params": {
                     "loginId": Uuid::nil(),
                     "success": true,
-                    "error": null,
                 },
             }),
             serde_json::to_value(jsonrpc_notification)
@@ -174,34 +171,4 @@ mod tests {
             "ensure the strum macros serialize the method field correctly"
         );
     }
-
-    #[test]
-    fn verify_account_rate_limits_notification_serialization() {
-        let notification = ServerNotification::AccountRateLimitsUpdated(RateLimitSnapshot {
-            primary: Some(RateLimitWindow {
-                used_percent: 25.0,
-                window_minutes: Some(15),
-                resets_at: Some(123),
-            }),
-            secondary: None,
-        });
-
-        let jsonrpc_notification = OutgoingMessage::AppServerNotification(notification);
-        assert_eq!(
-            json!({
-                "method": "account/rateLimits/updated",
-                "params": {
-                    "primary": {
-                        "used_percent": 25.0,
-                        "window_minutes": 15,
-                        "resets_at": 123,
-                    },
-                    "secondary": null,
-                },
-            }),
-            serde_json::to_value(jsonrpc_notification)
-                .expect("ensure the notification serializes correctly"),
-            "ensure the notification serializes correctly"
-        );
-    }
 }

codex-rs/app-server/tests/common/Cargo.toml

@@ -9,10 +9,7 @@ path = "lib.rs"
 [dependencies]
 anyhow = { workspace = true }
 assert_cmd = { workspace = true }
-base64 = { workspace = true }
-chrono = { workspace = true }
 codex-app-server-protocol = { workspace = true }
-codex-core = { workspace = true }
 serde = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true, features = [

codex-rs/app-server/tests/common/auth_fixtures.rs

@@ -1,135 +0,0 @@
-use std::path::Path;
-
-use anyhow::Context;
-use anyhow::Result;
-use base64::Engine;
-use base64::engine::general_purpose::URL_SAFE_NO_PAD;
-use chrono::DateTime;
-use chrono::Utc;
-use codex_core::auth::AuthCredentialsStoreMode;
-use codex_core::auth::AuthDotJson;
-use codex_core::auth::save_auth;
-use codex_core::token_data::TokenData;
-use codex_core::token_data::parse_id_token;
-use serde_json::json;
-
-/// Builder for writing a fake ChatGPT auth.json in tests.
-#[derive(Debug, Clone)]
-pub struct ChatGptAuthFixture {
-    access_token: String,
-    refresh_token: String,
-    account_id: Option<String>,
-    claims: ChatGptIdTokenClaims,
-    last_refresh: Option<Option<DateTime<Utc>>>,
-}
-
-impl ChatGptAuthFixture {
-    pub fn new(access_token: impl Into<String>) -> Self {
-        Self {
-            access_token: access_token.into(),
-            refresh_token: "refresh-token".to_string(),
-            account_id: None,
-            claims: ChatGptIdTokenClaims::default(),
-            last_refresh: None,
-        }
-    }
-
-    pub fn refresh_token(mut self, refresh_token: impl Into<String>) -> Self {
-        self.refresh_token = refresh_token.into();
-        self
-    }
-
-    pub fn account_id(mut self, account_id: impl Into<String>) -> Self {
-        self.account_id = Some(account_id.into());
-        self
-    }
-
-    pub fn plan_type(mut self, plan_type: impl Into<String>) -> Self {
-        self.claims.plan_type = Some(plan_type.into());
-        self
-    }
-
-    pub fn email(mut self, email: impl Into<String>) -> Self {
-        self.claims.email = Some(email.into());
-        self
-    }
-
-    pub fn last_refresh(mut self, last_refresh: Option<DateTime<Utc>>) -> Self {
-        self.last_refresh = Some(last_refresh);
-        self
-    }
-
-    pub fn claims(mut self, claims: ChatGptIdTokenClaims) -> Self {
-        self.claims = claims;
-        self
-    }
-}
-
-#[derive(Debug, Clone, Default)]
-pub struct ChatGptIdTokenClaims {
-    pub email: Option<String>,
-    pub plan_type: Option<String>,
-}
-
-impl ChatGptIdTokenClaims {
-    pub fn new() -> Self {
-        Self::default()
-    }
-
-    pub fn email(mut self, email: impl Into<String>) -> Self {
-        self.email = Some(email.into());
-        self
-    }
-
-    pub fn plan_type(mut self, plan_type: impl Into<String>) -> Self {
-        self.plan_type = Some(plan_type.into());
-        self
-    }
-}
-
-pub fn encode_id_token(claims: &ChatGptIdTokenClaims) -> Result<String> {
-    let header = json!({ "alg": "none", "typ": "JWT" });
-    let mut payload = serde_json::Map::new();
-    if let Some(email) = &claims.email {
-        payload.insert("email".to_string(), json!(email));
-    }
-    if let Some(plan_type) = &claims.plan_type {
-        payload.insert(
-            "https://api.openai.com/auth".to_string(),
-            json!({ "chatgpt_plan_type": plan_type }),
-        );
-    }
-    let payload = serde_json::Value::Object(payload);
-
-    let header_b64 =
-        URL_SAFE_NO_PAD.encode(serde_json::to_vec(&header).context("serialize jwt header")?);
-    let payload_b64 =
-        URL_SAFE_NO_PAD.encode(serde_json::to_vec(&payload).context("serialize jwt payload")?);
-    let signature_b64 = URL_SAFE_NO_PAD.encode(b"signature");
-    Ok(format!("{header_b64}.{payload_b64}.{signature_b64}"))
-}
-
-pub fn write_chatgpt_auth(
-    codex_home: &Path,
-    fixture: ChatGptAuthFixture,
-    cli_auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> Result<()> {
-    let id_token_raw = encode_id_token(&fixture.claims)?;
-    let id_token = parse_id_token(&id_token_raw).context("parse id token")?;
-    let tokens = TokenData {
-        id_token,
-        access_token: fixture.access_token,
-        refresh_token: fixture.refresh_token,
-        account_id: fixture.account_id,
-    };
-
-    let last_refresh = fixture.last_refresh.unwrap_or_else(|| Some(Utc::now()));
-
-    let auth = AuthDotJson {
-        openai_api_key: None,
-        tokens: Some(tokens),
-        last_refresh,
-    };
-
-    save_auth(codex_home, &auth, cli_auth_credentials_store_mode).context("write auth.json")
-}

codex-rs/app-server/tests/common/lib.rs

@@ -1,12 +1,7 @@
-mod auth_fixtures;
 mod mcp_process;
 mod mock_model_server;
 mod responses;
 
-pub use auth_fixtures::ChatGptAuthFixture;
-pub use auth_fixtures::ChatGptIdTokenClaims;
-pub use auth_fixtures::encode_id_token;
-pub use auth_fixtures::write_chatgpt_auth;
 use codex_app_server_protocol::JSONRPCResponse;
 pub use mcp_process::McpProcess;
 pub use mock_model_server::create_mock_chat_completions_server;

codex-rs/app-server/tests/common/mcp_process.rs

@@ -21,7 +21,6 @@ use codex_app_server_protocol::GetAuthStatusParams;
 use codex_app_server_protocol::InitializeParams;
 use codex_app_server_protocol::InterruptConversationParams;
 use codex_app_server_protocol::ListConversationsParams;
-use codex_app_server_protocol::ListModelsParams;
 use codex_app_server_protocol::LoginApiKeyParams;
 use codex_app_server_protocol::NewConversationParams;
 use codex_app_server_protocol::RemoveConversationListenerParams;
@@ -30,7 +29,6 @@ use codex_app_server_protocol::SendUserMessageParams;
 use codex_app_server_protocol::SendUserTurnParams;
 use codex_app_server_protocol::ServerRequest;
 use codex_app_server_protocol::SetDefaultModelParams;
-use codex_app_server_protocol::UploadFeedbackParams;
 
 use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCMessage;
@@ -238,20 +236,6 @@ impl McpProcess {
         self.send_request("getUserAgent", None).await
     }
 
-    /// Send an `account/rateLimits/read` JSON-RPC request.
-    pub async fn send_get_account_rate_limits_request(&mut self) -> anyhow::Result<i64> {
-        self.send_request("account/rateLimits/read", None).await
-    }
-
-    /// Send a `feedback/upload` JSON-RPC request.
-    pub async fn send_upload_feedback_request(
-        &mut self,
-        params: UploadFeedbackParams,
-    ) -> anyhow::Result<i64> {
-        let params = Some(serde_json::to_value(params)?);
-        self.send_request("feedback/upload", params).await
-    }
-
     /// Send a `userInfo` JSON-RPC request.
     pub async fn send_user_info_request(&mut self) -> anyhow::Result<i64> {
         self.send_request("userInfo", None).await
@@ -275,15 +259,6 @@ impl McpProcess {
         self.send_request("listConversations", params).await
     }
 
-    /// Send a `model/list` JSON-RPC request.
-    pub async fn send_list_models_request(
-        &mut self,
-        params: ListModelsParams,
-    ) -> anyhow::Result<i64> {
-        let params = Some(serde_json::to_value(params)?);
-        self.send_request("model/list", params).await
-    }
-
     /// Send a `resumeConversation` JSON-RPC request.
     pub async fn send_resume_conversation_request(
         &mut self,

codex-rs/app-server/tests/suite/archive_conversation.rs

@@ -1,4 +1,5 @@
-use anyhow::Result;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::ArchiveConversationParams;
@@ -8,37 +9,45 @@ use codex_app_server_protocol::NewConversationParams;
 use codex_app_server_protocol::NewConversationResponse;
 use codex_app_server_protocol::RequestId;
 use codex_core::ARCHIVED_SESSIONS_SUBDIR;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn archive_conversation_moves_rollout_into_archived_directory() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn archive_conversation_moves_rollout_into_archived_directory() {
+    let codex_home = TempDir::new().expect("create temp dir");
+    create_config_toml(codex_home.path()).expect("write config.toml");
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("initialize timeout")
+        .expect("initialize request");
 
     let new_request_id = mcp
         .send_new_conversation_request(NewConversationParams {
             model: Some("mock-model".to_string()),
             ..Default::default()
         })
-        .await?;
+        .await
+        .expect("send newConversation");
     let new_response: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(new_request_id)),
     )
-    .await??;
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation response");
 
     let NewConversationResponse {
         conversation_id,
         rollout_path,
         ..
-    } = to_response::<NewConversationResponse>(new_response)?;
+    } = to_response::<NewConversationResponse>(new_response)
+        .expect("deserialize newConversation response");
 
     assert!(
         rollout_path.exists(),
@@ -51,15 +60,19 @@ async fn archive_conversation_moves_rollout_into_archived_directory() -> Result<
             conversation_id,
             rollout_path: rollout_path.clone(),
         })
-        .await?;
+        .await
+        .expect("send archiveConversation");
     let archive_response: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(archive_request_id)),
     )
-    .await??;
+    .await
+    .expect("archiveConversation timeout")
+    .expect("archiveConversation response");
 
     let _: ArchiveConversationResponse =
-        to_response::<ArchiveConversationResponse>(archive_response)?;
+        to_response::<ArchiveConversationResponse>(archive_response)
+            .expect("deserialize archiveConversation response");
 
     let archived_directory = codex_home.path().join(ARCHIVED_SESSIONS_SUBDIR);
     let archived_rollout_path =
@@ -77,8 +90,6 @@ async fn archive_conversation_moves_rollout_into_archived_directory() -> Result<
         "expected archived rollout path {} to exist",
         archived_rollout_path.display()
     );
-
-    Ok(())
 }
 
 fn create_config_toml(codex_home: &Path) -> std::io::Result<()> {

codex-rs/app-server/tests/suite/auth.rs

@@ -1,16 +1,15 @@
-use anyhow::Result;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::AuthMode;
 use codex_app_server_protocol::GetAuthStatusParams;
 use codex_app_server_protocol::GetAuthStatusResponse;
-use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::LoginApiKeyParams;
 use codex_app_server_protocol::LoginApiKeyResponse;
 use codex_app_server_protocol::RequestId;
 use pretty_assertions::assert_eq;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
@@ -58,112 +57,125 @@ sandbox_mode = "danger-full-access"
     )
 }
 
-fn create_config_toml_forced_login(codex_home: &Path, forced_method: &str) -> std::io::Result<()> {
-    let config_toml = codex_home.join("config.toml");
-    let contents = format!(
-        r#"
-model = "mock-model"
-approval_policy = "never"
-sandbox_mode = "danger-full-access"
-forced_login_method = "{forced_method}"
-"#
-    );
-    std::fs::write(config_toml, contents)
-}
-
-async fn login_with_api_key_via_request(mcp: &mut McpProcess, api_key: &str) -> Result<()> {
+async fn login_with_api_key_via_request(mcp: &mut McpProcess, api_key: &str) {
     let request_id = mcp
         .send_login_api_key_request(LoginApiKeyParams {
             api_key: api_key.to_string(),
         })
-        .await?;
+        .await
+        .unwrap_or_else(|e| panic!("send loginApiKey: {e}"));
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
-    let _: LoginApiKeyResponse = to_response(resp)?;
-    Ok(())
+    .await
+    .unwrap_or_else(|e| panic!("loginApiKey timeout: {e}"))
+    .unwrap_or_else(|e| panic!("loginApiKey response: {e}"));
+    let _: LoginApiKeyResponse =
+        to_response(resp).unwrap_or_else(|e| panic!("deserialize login response: {e}"));
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_auth_status_no_auth() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn get_auth_status_no_auth() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
 
-    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)]).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)])
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
     let request_id = mcp
         .send_get_auth_status_request(GetAuthStatusParams {
             include_token: Some(true),
             refresh_token: Some(false),
         })
-        .await?;
+        .await
+        .expect("send getAuthStatus");
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
-    let status: GetAuthStatusResponse = to_response(resp)?;
+    .await
+    .expect("getAuthStatus timeout")
+    .expect("getAuthStatus response");
+    let status: GetAuthStatusResponse = to_response(resp).expect("deserialize status");
     assert_eq!(status.auth_method, None, "expected no auth method");
     assert_eq!(status.auth_token, None, "expected no token");
-    Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_auth_status_with_api_key() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn get_auth_status_with_api_key() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    login_with_api_key_via_request(&mut mcp, "sk-test-key").await?;
+    login_with_api_key_via_request(&mut mcp, "sk-test-key").await;
 
     let request_id = mcp
         .send_get_auth_status_request(GetAuthStatusParams {
             include_token: Some(true),
             refresh_token: Some(false),
         })
-        .await?;
+        .await
+        .expect("send getAuthStatus");
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
-    let status: GetAuthStatusResponse = to_response(resp)?;
+    .await
+    .expect("getAuthStatus timeout")
+    .expect("getAuthStatus response");
+    let status: GetAuthStatusResponse = to_response(resp).expect("deserialize status");
     assert_eq!(status.auth_method, Some(AuthMode::ApiKey));
     assert_eq!(status.auth_token, Some("sk-test-key".to_string()));
-    Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_auth_status_with_api_key_when_auth_not_required() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml_custom_provider(codex_home.path(), false)?;
+async fn get_auth_status_with_api_key_when_auth_not_required() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml_custom_provider(codex_home.path(), false)
+        .unwrap_or_else(|err| panic!("write config.toml: {err}"));
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    login_with_api_key_via_request(&mut mcp, "sk-test-key").await?;
+    login_with_api_key_via_request(&mut mcp, "sk-test-key").await;
 
     let request_id = mcp
         .send_get_auth_status_request(GetAuthStatusParams {
             include_token: Some(true),
             refresh_token: Some(false),
         })
-        .await?;
+        .await
+        .expect("send getAuthStatus");
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
-    let status: GetAuthStatusResponse = to_response(resp)?;
+    .await
+    .expect("getAuthStatus timeout")
+    .expect("getAuthStatus response");
+    let status: GetAuthStatusResponse = to_response(resp).expect("deserialize status");
     assert_eq!(status.auth_method, None, "expected no auth method");
     assert_eq!(status.auth_token, None, "expected no token");
     assert_eq!(
@@ -171,60 +183,41 @@ async fn get_auth_status_with_api_key_when_auth_not_required() -> Result<()> {
         Some(false),
         "requires_openai_auth should be false",
     );
-    Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_auth_status_with_api_key_no_include_token() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn get_auth_status_with_api_key_no_include_token() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    login_with_api_key_via_request(&mut mcp, "sk-test-key").await?;
+    login_with_api_key_via_request(&mut mcp, "sk-test-key").await;
 
     // Build params via struct so None field is omitted in wire JSON.
     let params = GetAuthStatusParams {
         include_token: None,
         refresh_token: Some(false),
     };
-    let request_id = mcp.send_get_auth_status_request(params).await?;
+    let request_id = mcp
+        .send_get_auth_status_request(params)
+        .await
+        .expect("send getAuthStatus");
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
-    let status: GetAuthStatusResponse = to_response(resp)?;
+    .await
+    .expect("getAuthStatus timeout")
+    .expect("getAuthStatus response");
+    let status: GetAuthStatusResponse = to_response(resp).expect("deserialize status");
     assert_eq!(status.auth_method, Some(AuthMode::ApiKey));
     assert!(status.auth_token.is_none(), "token must be omitted");
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn login_api_key_rejected_when_forced_chatgpt() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml_forced_login(codex_home.path(), "chatgpt")?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp
-        .send_login_api_key_request(LoginApiKeyParams {
-            api_key: "sk-test-key".to_string(),
-        })
-        .await?;
-
-    let err: JSONRPCError = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_error_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    assert_eq!(
-        err.error.message,
-        "API key login is disabled. Use ChatGPT login instead."
-    );
-    Ok(())
 }

codex-rs/app-server/tests/suite/codex_message_processor_flow.rs

@@ -1,4 +1,5 @@
-use anyhow::Result;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::create_final_assistant_message_sse_response;
 use app_test_support::create_mock_chat_completions_server;
@@ -26,32 +27,31 @@ use codex_core::protocol_config_types::ReasoningEffort;
 use codex_core::protocol_config_types::ReasoningSummary;
 use codex_core::spawn::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
 use codex_protocol::config_types::SandboxMode;
-use codex_protocol::parse_command::ParsedCommand;
 use codex_protocol::protocol::Event;
 use codex_protocol::protocol::EventMsg;
+use codex_protocol::protocol::InputMessageKind;
 use pretty_assertions::assert_eq;
 use std::env;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
-async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
+async fn test_codex_jsonrpc_conversation_flow() {
     if env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
         println!(
             "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
         );
-        return Ok(());
+        return;
     }
 
-    let tmp = TempDir::new()?;
+    let tmp = TempDir::new().expect("tmp dir");
     // Temporary Codex home with config pointing at the mock server.
     let codex_home = tmp.path().join("codex_home");
-    std::fs::create_dir(&codex_home)?;
+    std::fs::create_dir(&codex_home).expect("create codex home dir");
     let working_directory = tmp.path().join("workdir");
-    std::fs::create_dir(&working_directory)?;
+    std::fs::create_dir(&working_directory).expect("create working directory");
 
     // Create a mock model server that immediately ends each turn.
     // Two turns are expected: initial session configure + one user message.
@@ -61,15 +61,20 @@ async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
             Some(&working_directory),
             Some(5000),
             "call1234",
-        )?,
-        create_final_assistant_message_sse_response("Enjoy your new git repo!")?,
+        )
+        .expect("create shell sse response"),
+        create_final_assistant_message_sse_response("Enjoy your new git repo!")
+            .expect("create final assistant message"),
     ];
     let server = create_mock_chat_completions_server(responses).await;
-    create_config_toml(&codex_home, &server.uri())?;
+    create_config_toml(&codex_home, &server.uri()).expect("write config");
 
     // Start MCP server and initialize.
-    let mut mcp = McpProcess::new(&codex_home).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(&codex_home).await.expect("spawn mcp");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init error");
 
     // 1) newConversation
     let new_conv_id = mcp
@@ -77,13 +82,17 @@ async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
             cwd: Some(working_directory.to_string_lossy().into_owned()),
             ..Default::default()
         })
-        .await?;
+        .await
+        .expect("send newConversation");
     let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
-    .await??;
-    let new_conv_resp = to_response::<NewConversationResponse>(new_conv_resp)?;
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
+    let new_conv_resp = to_response::<NewConversationResponse>(new_conv_resp)
+        .expect("deserialize newConversation response");
     let NewConversationResponse {
         conversation_id,
         model,
@@ -94,18 +103,19 @@ async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
 
     // 2) addConversationListener
     let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: false,
-        })
-        .await?;
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
+        .await
+        .expect("send addConversationListener");
     let add_listener_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
     )
-    .await??;
+    .await
+    .expect("addConversationListener timeout")
+    .expect("addConversationListener resp");
     let AddConversationSubscriptionResponse { subscription_id } =
-        to_response::<AddConversationSubscriptionResponse>(add_listener_resp)?;
+        to_response::<AddConversationSubscriptionResponse>(add_listener_resp)
+            .expect("deserialize addConversationListener response");
 
     // 3) sendUserMessage (should trigger notifications; we only validate an OK response)
     let send_user_id = mcp
@@ -115,13 +125,17 @@ async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
                 text: "text".to_string(),
             }],
         })
-        .await?;
+        .await
+        .expect("send sendUserMessage");
     let send_user_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(send_user_id)),
     )
-    .await??;
-    let SendUserMessageResponse {} = to_response::<SendUserMessageResponse>(send_user_resp)?;
+    .await
+    .expect("sendUserMessage timeout")
+    .expect("sendUserMessage resp");
+    let SendUserMessageResponse {} = to_response::<SendUserMessageResponse>(send_user_resp)
+        .expect("deserialize sendUserMessage response");
 
     // Verify the task_finished notification is received.
     // Note this also ensures that the final request to the server was made.
@@ -129,7 +143,9 @@ async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/task_complete"),
     )
-    .await??;
+    .await
+    .expect("task_finished_notification timeout")
+    .expect("task_finished_notification resp");
     let serde_json::Value::Object(map) = task_finished_notification
         .params
         .expect("notification should have params")
@@ -147,31 +163,33 @@ async fn test_codex_jsonrpc_conversation_flow() -> Result<()> {
         .send_remove_conversation_listener_request(RemoveConversationListenerParams {
             subscription_id,
         })
-        .await?;
+        .await
+        .expect("send removeConversationListener");
     let remove_listener_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(remove_listener_id)),
     )
-    .await??;
-    let RemoveConversationSubscriptionResponse {} = to_response(remove_listener_resp)?;
-
-    Ok(())
+    .await
+    .expect("removeConversationListener timeout")
+    .expect("removeConversationListener resp");
+    let RemoveConversationSubscriptionResponse {} =
+        to_response(remove_listener_resp).expect("deserialize removeConversationListener response");
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
-async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
+async fn test_send_user_turn_changes_approval_policy_behavior() {
     if env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
         println!(
             "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
         );
-        return Ok(());
+        return;
     }
 
-    let tmp = TempDir::new()?;
+    let tmp = TempDir::new().expect("tmp dir");
     let codex_home = tmp.path().join("codex_home");
-    std::fs::create_dir(&codex_home)?;
+    std::fs::create_dir(&codex_home).expect("create codex home dir");
     let working_directory = tmp.path().join("workdir");
-    std::fs::create_dir(&working_directory)?;
+    std::fs::create_dir(&working_directory).expect("create working directory");
 
     // Mock server will request a python shell call for the first and second turn, then finish.
     let responses = vec![
@@ -184,8 +202,10 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
             Some(&working_directory),
             Some(5000),
             "call1",
-        )?,
-        create_final_assistant_message_sse_response("done 1")?,
+        )
+        .expect("create first shell sse response"),
+        create_final_assistant_message_sse_response("done 1")
+            .expect("create final assistant message 1"),
         create_shell_sse_response(
             vec![
                 "python3".to_string(),
@@ -195,15 +215,20 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
             Some(&working_directory),
             Some(5000),
             "call2",
-        )?,
-        create_final_assistant_message_sse_response("done 2")?,
+        )
+        .expect("create second shell sse response"),
+        create_final_assistant_message_sse_response("done 2")
+            .expect("create final assistant message 2"),
     ];
     let server = create_mock_chat_completions_server(responses).await;
-    create_config_toml(&codex_home, &server.uri())?;
+    create_config_toml(&codex_home, &server.uri()).expect("write config");
 
     // Start MCP server and initialize.
-    let mut mcp = McpProcess::new(&codex_home).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(&codex_home).await.expect("spawn mcp");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init error");
 
     // 1) Start conversation with approval_policy=untrusted
     let new_conv_id = mcp
@@ -211,30 +236,36 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
             cwd: Some(working_directory.to_string_lossy().into_owned()),
             ..Default::default()
         })
-        .await?;
+        .await
+        .expect("send newConversation");
     let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
-    .await??;
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
     let NewConversationResponse {
         conversation_id, ..
-    } = to_response::<NewConversationResponse>(new_conv_resp)?;
+    } = to_response::<NewConversationResponse>(new_conv_resp)
+        .expect("deserialize newConversation response");
 
     // 2) addConversationListener
     let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: false,
-        })
-        .await?;
-    let _: AddConversationSubscriptionResponse = to_response::<AddConversationSubscriptionResponse>(
-        timeout(
-            DEFAULT_READ_TIMEOUT,
-            mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
+        .await
+        .expect("send addConversationListener");
+    let _: AddConversationSubscriptionResponse =
+        to_response::<AddConversationSubscriptionResponse>(
+            timeout(
+                DEFAULT_READ_TIMEOUT,
+                mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
+            )
+            .await
+            .expect("addConversationListener timeout")
+            .expect("addConversationListener resp"),
         )
-        .await??,
-    )?;
+        .expect("deserialize addConversationListener response");
 
     // 3) sendUserMessage triggers a shell call; approval policy is Untrusted so we should get an elicitation
     let send_user_id = mcp
@@ -244,21 +275,27 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
                 text: "run python".to_string(),
             }],
         })
-        .await?;
+        .await
+        .expect("send sendUserMessage");
     let _send_user_resp: SendUserMessageResponse = to_response::<SendUserMessageResponse>(
         timeout(
             DEFAULT_READ_TIMEOUT,
             mcp.read_stream_until_response_message(RequestId::Integer(send_user_id)),
         )
-        .await??,
-    )?;
+        .await
+        .expect("sendUserMessage timeout")
+        .expect("sendUserMessage resp"),
+    )
+    .expect("deserialize sendUserMessage response");
 
     // Expect an ExecCommandApproval request (elicitation)
     let request = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_request_message(),
     )
-    .await??;
+    .await
+    .expect("waiting for exec approval request timeout")
+    .expect("exec approval request");
     let ServerRequest::ExecCommandApproval { request_id, params } = request else {
         panic!("expected ExecCommandApproval request, got: {request:?}");
     };
@@ -274,10 +311,6 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
             ],
             cwd: working_directory.clone(),
             reason: None,
-            risk: None,
-            parsed_cmd: vec![ParsedCommand::Unknown {
-                cmd: "python3 -c 'print(42)'".to_string()
-            }],
         },
         params
     );
@@ -287,14 +320,17 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
         request_id,
         serde_json::json!({ "decision": codex_core::protocol::ReviewDecision::Approved }),
     )
-    .await?;
+    .await
+    .expect("send approval response");
 
     // Wait for first TaskComplete
     let _ = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/task_complete"),
     )
-    .await??;
+    .await
+    .expect("task_complete 1 timeout")
+    .expect("task_complete 1 notification");
 
     // 4) sendUserTurn with approval_policy=never should run without elicitation
     let send_turn_id = mcp
@@ -310,15 +346,19 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
             effort: Some(ReasoningEffort::Medium),
             summary: ReasoningSummary::Auto,
         })
-        .await?;
+        .await
+        .expect("send sendUserTurn");
     // Acknowledge sendUserTurn
     let _send_turn_resp: SendUserTurnResponse = to_response::<SendUserTurnResponse>(
         timeout(
             DEFAULT_READ_TIMEOUT,
             mcp.read_stream_until_response_message(RequestId::Integer(send_turn_id)),
         )
-        .await??,
-    )?;
+        .await
+        .expect("sendUserTurn timeout")
+        .expect("sendUserTurn resp"),
+    )
+    .expect("deserialize sendUserTurn response");
 
     // Ensure we do NOT receive an ExecCommandApproval request before the task completes.
     // If any Request is seen while waiting for task_complete, the helper will error and the test fails.
@@ -326,31 +366,31 @@ async fn test_send_user_turn_changes_approval_policy_behavior() -> Result<()> {
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/task_complete"),
     )
-    .await??;
-
-    Ok(())
+    .await
+    .expect("task_complete 2 timeout")
+    .expect("task_complete 2 notification");
 }
 
 // Helper: minimal config.toml pointing at mock provider.
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
-async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<()> {
+async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() {
     if env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
         println!(
             "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
         );
-        return Ok(());
+        return;
     }
 
-    let tmp = TempDir::new()?;
+    let tmp = TempDir::new().expect("tmp dir");
     let codex_home = tmp.path().join("codex_home");
-    std::fs::create_dir(&codex_home)?;
+    std::fs::create_dir(&codex_home).expect("create codex home dir");
     let workspace_root = tmp.path().join("workspace");
-    std::fs::create_dir(&workspace_root)?;
+    std::fs::create_dir(&workspace_root).expect("create workspace root");
     let first_cwd = workspace_root.join("turn1");
     let second_cwd = workspace_root.join("turn2");
-    std::fs::create_dir(&first_cwd)?;
-    std::fs::create_dir(&second_cwd)?;
+    std::fs::create_dir(&first_cwd).expect("create first cwd");
+    std::fs::create_dir(&second_cwd).expect("create second cwd");
 
     let responses = vec![
         create_shell_sse_response(
@@ -362,8 +402,10 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
             None,
             Some(5000),
             "call-first",
-        )?,
-        create_final_assistant_message_sse_response("done first")?,
+        )
+        .expect("create first shell response"),
+        create_final_assistant_message_sse_response("done first")
+            .expect("create first final assistant message"),
         create_shell_sse_response(
             vec![
                 "bash".to_string(),
@@ -373,14 +415,21 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
             None,
             Some(5000),
             "call-second",
-        )?,
-        create_final_assistant_message_sse_response("done second")?,
+        )
+        .expect("create second shell response"),
+        create_final_assistant_message_sse_response("done second")
+            .expect("create second final assistant message"),
     ];
     let server = create_mock_chat_completions_server(responses).await;
-    create_config_toml(&codex_home, &server.uri())?;
+    create_config_toml(&codex_home, &server.uri()).expect("write config");
 
-    let mut mcp = McpProcess::new(&codex_home).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(&codex_home)
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
     let new_conv_id = mcp
         .send_new_conversation_request(NewConversationParams {
@@ -389,29 +438,33 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
             sandbox: Some(SandboxMode::WorkspaceWrite),
             ..Default::default()
         })
-        .await?;
+        .await
+        .expect("send newConversation");
     let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
-    .await??;
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
     let NewConversationResponse {
         conversation_id,
         model,
         ..
-    } = to_response::<NewConversationResponse>(new_conv_resp)?;
+    } = to_response::<NewConversationResponse>(new_conv_resp)
+        .expect("deserialize newConversation response");
 
     let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: false,
-        })
-        .await?;
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
+        .await
+        .expect("send addConversationListener");
     timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
     )
-    .await??;
+    .await
+    .expect("addConversationListener timeout")
+    .expect("addConversationListener resp");
 
     let first_turn_id = mcp
         .send_send_user_turn_request(SendUserTurnParams {
@@ -431,17 +484,22 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
             effort: Some(ReasoningEffort::Medium),
             summary: ReasoningSummary::Auto,
         })
-        .await?;
+        .await
+        .expect("send first sendUserTurn");
     timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(first_turn_id)),
     )
-    .await??;
+    .await
+    .expect("sendUserTurn 1 timeout")
+    .expect("sendUserTurn 1 resp");
     timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/task_complete"),
     )
-    .await??;
+    .await
+    .expect("task_complete 1 timeout")
+    .expect("task_complete 1 notification");
 
     let second_turn_id = mcp
         .send_send_user_turn_request(SendUserTurnParams {
@@ -456,18 +514,60 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
             effort: Some(ReasoningEffort::Medium),
             summary: ReasoningSummary::Auto,
         })
-        .await?;
+        .await
+        .expect("send second sendUserTurn");
     timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(second_turn_id)),
     )
-    .await??;
+    .await
+    .expect("sendUserTurn 2 timeout")
+    .expect("sendUserTurn 2 resp");
+
+    let mut env_message: Option<String> = None;
+    let second_cwd_str = second_cwd.to_string_lossy().into_owned();
+    for _ in 0..10 {
+        let notification = timeout(
+            DEFAULT_READ_TIMEOUT,
+            mcp.read_stream_until_notification_message("codex/event/user_message"),
+        )
+        .await
+        .expect("user_message timeout")
+        .expect("user_message notification");
+        let params = notification
+            .params
+            .clone()
+            .expect("user_message should include params");
+        let event: Event = serde_json::from_value(params).expect("deserialize user_message event");
+        if let EventMsg::UserMessage(user) = event.msg
+            && matches!(user.kind, Some(InputMessageKind::EnvironmentContext))
+            && user.message.contains(&second_cwd_str)
+        {
+            env_message = Some(user.message);
+            break;
+        }
+    }
+    let env_message = env_message.expect("expected environment context update");
+    assert!(
+        env_message.contains("<sandbox_mode>danger-full-access</sandbox_mode>"),
+        "env context should reflect new sandbox mode: {env_message}"
+    );
+    assert!(
+        env_message.contains("<network_access>enabled</network_access>"),
+        "env context should enable network access for danger-full-access policy: {env_message}"
+    );
+    assert!(
+        env_message.contains(&second_cwd_str),
+        "env context should include updated cwd: {env_message}"
+    );
 
     let exec_begin_notification = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/exec_command_begin"),
     )
-    .await??;
+    .await
+    .expect("exec_command_begin timeout")
+    .expect("exec_command_begin notification");
     let params = exec_begin_notification
         .params
         .clone()
@@ -495,9 +595,9 @@ async fn test_send_user_turn_updates_sandbox_and_cwd_between_turns() -> Result<(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/task_complete"),
     )
-    .await??;
-
-    Ok(())
+    .await
+    .expect("task_complete 2 timeout")
+    .expect("task_complete 2 notification");
 }
 
 fn create_config_toml(codex_home: &Path, server_uri: &str) -> std::io::Result<()> {

codex-rs/app-server/tests/suite/config.rs

@@ -1,4 +1,6 @@
-use anyhow::Result;
+use std::collections::HashMap;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::GetUserSavedConfigResponse;
@@ -9,14 +11,11 @@ use codex_app_server_protocol::SandboxSettings;
 use codex_app_server_protocol::Tools;
 use codex_app_server_protocol::UserSavedConfig;
 use codex_core::protocol::AskForApproval;
-use codex_protocol::config_types::ForcedLoginMethod;
 use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
 use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
 use pretty_assertions::assert_eq;
-use std::collections::HashMap;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
@@ -34,8 +33,6 @@ model_reasoning_summary = "detailed"
 model_reasoning_effort = "high"
 model_verbosity = "medium"
 profile = "test"
-forced_chatgpt_workspace_id = "12345678-0000-0000-0000-000000000000"
-forced_login_method = "chatgpt"
 
 [sandbox_workspace_write]
 writable_roots = ["/tmp"]
@@ -60,21 +57,31 @@ chatgpt_base_url = "https://api.chatgpt.com"
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
-async fn get_config_toml_parses_all_fields() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn get_config_toml_parses_all_fields() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml(codex_home.path()).expect("write config.toml");
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    let request_id = mcp.send_get_user_saved_config_request().await?;
+    let request_id = mcp
+        .send_get_user_saved_config_request()
+        .await
+        .expect("send getUserSavedConfig");
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
+    .await
+    .expect("getUserSavedConfig timeout")
+    .expect("getUserSavedConfig response");
 
-    let config: GetUserSavedConfigResponse = to_response(resp)?;
+    let config: GetUserSavedConfigResponse = to_response(resp).expect("deserialize config");
     let expected = GetUserSavedConfigResponse {
         config: UserSavedConfig {
             approval_policy: Some(AskForApproval::OnRequest),
@@ -85,8 +92,6 @@ async fn get_config_toml_parses_all_fields() -> Result<()> {
                 exclude_tmpdir_env_var: Some(true),
                 exclude_slash_tmp: Some(true),
             }),
-            forced_chatgpt_workspace_id: Some("12345678-0000-0000-0000-000000000000".into()),
-            forced_login_method: Some(ForcedLoginMethod::Chatgpt),
             model: Some("gpt-5-codex".into()),
             model_reasoning_effort: Some(ReasoningEffort::High),
             model_reasoning_summary: Some(ReasoningSummary::Detailed),
@@ -112,31 +117,38 @@ async fn get_config_toml_parses_all_fields() -> Result<()> {
     };
 
     assert_eq!(config, expected);
-    Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_config_toml_empty() -> Result<()> {
-    let codex_home = TempDir::new()?;
+async fn get_config_toml_empty() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    let request_id = mcp.send_get_user_saved_config_request().await?;
+    let request_id = mcp
+        .send_get_user_saved_config_request()
+        .await
+        .expect("send getUserSavedConfig");
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
+    .await
+    .expect("getUserSavedConfig timeout")
+    .expect("getUserSavedConfig response");
 
-    let config: GetUserSavedConfigResponse = to_response(resp)?;
+    let config: GetUserSavedConfigResponse = to_response(resp).expect("deserialize config");
     let expected = GetUserSavedConfigResponse {
         config: UserSavedConfig {
             approval_policy: None,
             sandbox_mode: None,
             sandbox_settings: None,
-            forced_chatgpt_workspace_id: None,
-            forced_login_method: None,
             model: None,
             model_reasoning_effort: None,
             model_reasoning_summary: None,
@@ -148,5 +160,4 @@ async fn get_config_toml_empty() -> Result<()> {
     };
 
     assert_eq!(config, expected);
-    Ok(())
 }

codex-rs/app-server/tests/suite/create_conversation.rs

@@ -1,4 +1,5 @@
-use anyhow::Result;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::create_final_assistant_message_sse_response;
 use app_test_support::create_mock_chat_completions_server;
@@ -14,25 +15,31 @@ use codex_app_server_protocol::SendUserMessageParams;
 use codex_app_server_protocol::SendUserMessageResponse;
 use pretty_assertions::assert_eq;
 use serde_json::json;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_conversation_create_and_send_message_ok() -> Result<()> {
+async fn test_conversation_create_and_send_message_ok() {
     // Mock server – we won't strictly rely on it, but provide one to satisfy any model wiring.
-    let responses = vec![create_final_assistant_message_sse_response("Done")?];
+    let responses = vec![
+        create_final_assistant_message_sse_response("Done").expect("build mock assistant message"),
+    ];
     let server = create_mock_chat_completions_server(responses).await;
 
     // Temporary Codex home with config pointing at the mock server.
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), &server.uri())?;
+    let codex_home = TempDir::new().expect("create temp dir");
+    create_config_toml(codex_home.path(), &server.uri()).expect("write config.toml");
 
     // Start MCP server process and initialize.
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
     // Create a conversation via the new JSON-RPC API.
     let new_conv_id = mcp
@@ -40,35 +47,40 @@ async fn test_conversation_create_and_send_message_ok() -> Result<()> {
             model: Some("o3".to_string()),
             ..Default::default()
         })
-        .await?;
+        .await
+        .expect("send newConversation");
     let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
-    .await??;
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
     let NewConversationResponse {
         conversation_id,
         model,
         reasoning_effort: _,
         rollout_path: _,
-    } = to_response::<NewConversationResponse>(new_conv_resp)?;
+    } = to_response::<NewConversationResponse>(new_conv_resp)
+        .expect("deserialize newConversation response");
     assert_eq!(model, "o3");
 
     // Add a listener so we receive notifications for this conversation (not strictly required for this test).
     let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: false,
-        })
-        .await?;
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
+        .await
+        .expect("send addConversationListener");
     let _sub: AddConversationSubscriptionResponse =
         to_response::<AddConversationSubscriptionResponse>(
             timeout(
                 DEFAULT_READ_TIMEOUT,
                 mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
             )
-            .await??,
-        )?;
+            .await
+            .expect("addConversationListener timeout")
+            .expect("addConversationListener resp"),
+        )
+        .expect("deserialize addConversationListener response");
 
     // Now send a user message via the wire API and expect an OK (empty object) result.
     let send_id = mcp
@@ -78,32 +90,36 @@ async fn test_conversation_create_and_send_message_ok() -> Result<()> {
                 text: "Hello".to_string(),
             }],
         })
-        .await?;
+        .await
+        .expect("send sendUserMessage");
     let send_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(send_id)),
     )
-    .await??;
-    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(send_resp)?;
+    .await
+    .expect("sendUserMessage timeout")
+    .expect("sendUserMessage resp");
+    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(send_resp)
+        .expect("deserialize sendUserMessage response");
 
     // avoid race condition by waiting for the mock server to receive the chat.completions request
     let deadline = std::time::Instant::now() + DEFAULT_READ_TIMEOUT;
-    let requests = loop {
+    loop {
         let requests = server.received_requests().await.unwrap_or_default();
         if !requests.is_empty() {
-            break requests;
+            break;
         }
         if std::time::Instant::now() >= deadline {
             panic!("mock server did not receive the chat.completions request in time");
         }
         tokio::time::sleep(std::time::Duration::from_millis(10)).await;
-    };
+    }
 
     // Verify the outbound request body matches expectations for Chat Completions.
-    let request = requests
-        .first()
-        .expect("mock server should have received at least one request");
-    let body = request.body_json::<serde_json::Value>()?;
+    let request = &server.received_requests().await.unwrap()[0];
+    let body = request
+        .body_json::<serde_json::Value>()
+        .expect("parse request body as JSON");
     assert_eq!(body["model"], json!("o3"));
     assert!(body["stream"].as_bool().unwrap_or(false));
     let messages = body["messages"]
@@ -114,7 +130,6 @@ async fn test_conversation_create_and_send_message_ok() -> Result<()> {
     assert_eq!(last["content"], json!("Hello"));
 
     drop(server);
-    Ok(())
 }
 
 // Helper to create a config.toml pointing at the mock model server.

codex-rs/app-server/tests/suite/fuzzy_file_search.rs

@@ -1,5 +1,5 @@
+use anyhow::Context;
 use anyhow::Result;
-use anyhow::anyhow;
 use app_test_support::McpProcess;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::RequestId;
@@ -13,39 +13,48 @@ const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_fuzzy_file_search_sorts_and_includes_indices() -> Result<()> {
     // Prepare a temporary Codex home and a separate root with test files.
-    let codex_home = TempDir::new()?;
-    let root = TempDir::new()?;
+    let codex_home = TempDir::new().context("create temp codex home")?;
+    let root = TempDir::new().context("create temp search root")?;
 
     // Create files designed to have deterministic ordering for query "abe".
-    std::fs::write(root.path().join("abc"), "x")?;
-    std::fs::write(root.path().join("abcde"), "x")?;
-    std::fs::write(root.path().join("abexy"), "x")?;
-    std::fs::write(root.path().join("zzz.txt"), "x")?;
+    std::fs::write(root.path().join("abc"), "x").context("write file abc")?;
+    std::fs::write(root.path().join("abcde"), "x").context("write file abcde")?;
+    std::fs::write(root.path().join("abexy"), "x").context("write file abexy")?;
+    std::fs::write(root.path().join("zzz.txt"), "x").context("write file zzz")?;
     let sub_dir = root.path().join("sub");
-    std::fs::create_dir_all(&sub_dir)?;
+    std::fs::create_dir_all(&sub_dir).context("create sub dir")?;
     let sub_abce_path = sub_dir.join("abce");
-    std::fs::write(&sub_abce_path, "x")?;
+    std::fs::write(&sub_abce_path, "x").context("write file sub/abce")?;
     let sub_abce_rel = sub_abce_path
-        .strip_prefix(root.path())?
+        .strip_prefix(root.path())
+        .context("strip root prefix from sub/abce")?
         .to_string_lossy()
         .to_string();
 
     // Start MCP server and initialize.
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .context("spawn mcp")?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .context("init timeout")?
+        .context("init failed")?;
 
     let root_path = root.path().to_string_lossy().to_string();
     // Send fuzzyFileSearch request.
     let request_id = mcp
         .send_fuzzy_file_search_request("abe", vec![root_path.clone()], None)
-        .await?;
+        .await
+        .context("send fuzzyFileSearch")?;
 
     // Read response and verify shape and ordering.
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
+    .await
+    .context("fuzzyFileSearch timeout")?
+    .context("fuzzyFileSearch resp")?;
 
     let value = resp.result;
     // The path separator on Windows affects the score.
@@ -85,18 +94,24 @@ async fn test_fuzzy_file_search_sorts_and_includes_indices() -> Result<()> {
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
 async fn test_fuzzy_file_search_accepts_cancellation_token() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    let root = TempDir::new()?;
+    let codex_home = TempDir::new().context("create temp codex home")?;
+    let root = TempDir::new().context("create temp search root")?;
 
-    std::fs::write(root.path().join("alpha.txt"), "contents")?;
+    std::fs::write(root.path().join("alpha.txt"), "contents").context("write alpha")?;
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .context("spawn mcp")?;
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .context("init timeout")?
+        .context("init failed")?;
 
     let root_path = root.path().to_string_lossy().to_string();
     let request_id = mcp
         .send_fuzzy_file_search_request("alp", vec![root_path.clone()], None)
-        .await?;
+        .await
+        .context("send fuzzyFileSearch")?;
 
     let request_id_2 = mcp
         .send_fuzzy_file_search_request(
@@ -104,20 +119,23 @@ async fn test_fuzzy_file_search_accepts_cancellation_token() -> Result<()> {
             vec![root_path.clone()],
             Some(request_id.to_string()),
         )
-        .await?;
+        .await
+        .context("send fuzzyFileSearch")?;
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id_2)),
     )
-    .await??;
+    .await
+    .context("fuzzyFileSearch timeout")?
+    .context("fuzzyFileSearch resp")?;
 
     let files = resp
         .result
         .get("files")
-        .ok_or_else(|| anyhow!("files key missing"))?
+        .context("files key missing")?
         .as_array()
-        .ok_or_else(|| anyhow!("files not array"))?
+        .context("files not array")?
         .clone();
 
     assert_eq!(files.len(), 1);

codex-rs/app-server/tests/suite/interrupt.rs

@@ -88,10 +88,7 @@ async fn shell_command_interruption() -> anyhow::Result<()> {
 
     // 2) addConversationListener
     let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: false,
-        })
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
         .await?;
     let _add_listener_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,

codex-rs/app-server/tests/suite/list_resume.rs

@@ -1,4 +1,6 @@
-use anyhow::Result;
+use std::fs;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::JSONRPCNotification;
@@ -11,13 +13,8 @@ use codex_app_server_protocol::ResumeConversationParams;
 use codex_app_server_protocol::ResumeConversationResponse;
 use codex_app_server_protocol::ServerNotification;
 use codex_app_server_protocol::SessionConfiguredNotification;
-use codex_core::protocol::EventMsg;
-use codex_protocol::models::ContentItem;
-use codex_protocol::models::ResponseItem;
 use pretty_assertions::assert_eq;
 use serde_json::json;
-use std::fs;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 use uuid::Uuid;
@@ -25,56 +22,58 @@ use uuid::Uuid;
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn test_list_and_resume_conversations() -> Result<()> {
+async fn test_list_and_resume_conversations() {
     // Prepare a temporary CODEX_HOME with a few fake rollout files.
-    let codex_home = TempDir::new()?;
+    let codex_home = TempDir::new().expect("create temp dir");
     create_fake_rollout(
         codex_home.path(),
         "2025-01-02T12-00-00",
         "2025-01-02T12:00:00Z",
         "Hello A",
-        Some("openai"),
-    )?;
+    );
     create_fake_rollout(
         codex_home.path(),
         "2025-01-01T13-00-00",
         "2025-01-01T13:00:00Z",
         "Hello B",
-        Some("openai"),
-    )?;
+    );
     create_fake_rollout(
         codex_home.path(),
         "2025-01-01T12-00-00",
         "2025-01-01T12:00:00Z",
         "Hello C",
-        None,
-    )?;
+    );
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
     // Request first page with size 2
     let req_id = mcp
         .send_list_conversations_request(ListConversationsParams {
             page_size: Some(2),
             cursor: None,
-            model_providers: None,
         })
-        .await?;
+        .await
+        .expect("send listConversations");
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(req_id)),
     )
-    .await??;
+    .await
+    .expect("listConversations timeout")
+    .expect("listConversations resp");
     let ListConversationsResponse { items, next_cursor } =
-        to_response::<ListConversationsResponse>(resp)?;
+        to_response::<ListConversationsResponse>(resp).expect("deserialize response");
 
     assert_eq!(items.len(), 2);
     // Newest first; preview text should match
     assert_eq!(items[0].preview, "Hello A");
     assert_eq!(items[1].preview, "Hello B");
-    assert_eq!(items[0].model_provider, "openai");
-    assert_eq!(items[1].model_provider, "openai");
     assert!(items[0].path.is_absolute());
     assert!(next_cursor.is_some());
 
@@ -83,315 +82,100 @@ async fn test_list_and_resume_conversations() -> Result<()> {
         .send_list_conversations_request(ListConversationsParams {
             page_size: Some(2),
             cursor: next_cursor,
-            model_providers: None,
         })
-        .await?;
+        .await
+        .expect("send listConversations page 2");
     let resp2: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(req_id2)),
     )
-    .await??;
+    .await
+    .expect("listConversations page 2 timeout")
+    .expect("listConversations page 2 resp");
     let ListConversationsResponse {
         items: items2,
         next_cursor: next2,
         ..
-    } = to_response::<ListConversationsResponse>(resp2)?;
+    } = to_response::<ListConversationsResponse>(resp2).expect("deserialize response");
     assert_eq!(items2.len(), 1);
     assert_eq!(items2[0].preview, "Hello C");
-    assert_eq!(items2[0].model_provider, "openai");
-    assert_eq!(next2, None);
+    assert!(next2.is_some());
 
-    // Add a conversation with an explicit non-OpenAI provider for filter tests.
-    create_fake_rollout(
-        codex_home.path(),
-        "2025-01-01T11-30-00",
-        "2025-01-01T11:30:00Z",
-        "Hello TP",
-        Some("test-provider"),
-    )?;
-
-    // Filtering by model provider should return only matching sessions.
-    let filter_req_id = mcp
-        .send_list_conversations_request(ListConversationsParams {
-            page_size: Some(10),
-            cursor: None,
-            model_providers: Some(vec!["test-provider".to_string()]),
-        })
-        .await?;
-    let filter_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(filter_req_id)),
-    )
-    .await??;
-    let ListConversationsResponse {
-        items: filtered_items,
-        next_cursor: filtered_next,
-    } = to_response::<ListConversationsResponse>(filter_resp)?;
-    assert_eq!(filtered_items.len(), 1);
-    assert_eq!(filtered_next, None);
-    assert_eq!(filtered_items[0].preview, "Hello TP");
-    assert_eq!(filtered_items[0].model_provider, "test-provider");
-
-    // Empty filter should include every session regardless of provider metadata.
-    let unfiltered_req_id = mcp
-        .send_list_conversations_request(ListConversationsParams {
-            page_size: Some(10),
-            cursor: None,
-            model_providers: Some(Vec::new()),
-        })
-        .await?;
-    let unfiltered_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(unfiltered_req_id)),
-    )
-    .await??;
-    let ListConversationsResponse {
-        items: unfiltered_items,
-        next_cursor: unfiltered_next,
-    } = to_response::<ListConversationsResponse>(unfiltered_resp)?;
-    assert_eq!(unfiltered_items.len(), 4);
-    assert!(unfiltered_next.is_none());
-
-    let empty_req_id = mcp
-        .send_list_conversations_request(ListConversationsParams {
-            page_size: Some(10),
-            cursor: None,
-            model_providers: Some(vec!["other".to_string()]),
-        })
-        .await?;
-    let empty_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(empty_req_id)),
-    )
-    .await??;
-    let ListConversationsResponse {
-        items: empty_items,
-        next_cursor: empty_next,
-    } = to_response::<ListConversationsResponse>(empty_resp)?;
-    assert!(empty_items.is_empty());
-    assert!(empty_next.is_none());
-
-    let first_item = &items[0];
-
-    // Now resume one of the sessions from an explicit rollout path.
+    // Now resume one of the sessions and expect a SessionConfigured notification and response.
     let resume_req_id = mcp
         .send_resume_conversation_request(ResumeConversationParams {
-            path: Some(first_item.path.clone()),
-            conversation_id: None,
-            history: None,
+            path: items[0].path.clone(),
             overrides: Some(NewConversationParams {
                 model: Some("o3".to_string()),
                 ..Default::default()
             }),
         })
-        .await?;
+        .await
+        .expect("send resumeConversation");
 
     // Expect a codex/event notification with msg.type == sessionConfigured
     let notification: JSONRPCNotification = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("sessionConfigured"),
     )
-    .await??;
-    let session_configured: ServerNotification = notification.try_into()?;
+    .await
+    .expect("sessionConfigured notification timeout")
+    .expect("sessionConfigured notification");
+    let session_configured: ServerNotification = notification
+        .try_into()
+        .expect("deserialize sessionConfigured notification");
+    // Basic shape assertion: ensure event type is sessionConfigured
     let ServerNotification::SessionConfigured(SessionConfiguredNotification {
         model,
         rollout_path,
-        initial_messages: session_initial_messages,
         ..
     }) = session_configured
     else {
         unreachable!("expected sessionConfigured notification");
     };
     assert_eq!(model, "o3");
-    assert_eq!(rollout_path, first_item.path.clone());
-    let session_initial_messages = session_initial_messages
-        .expect("expected initial messages when resuming from rollout path");
-    match session_initial_messages.as_slice() {
-        [EventMsg::UserMessage(message)] => {
-            assert_eq!(message.message, first_item.preview.clone());
-        }
-        other => panic!("unexpected initial messages from rollout resume: {other:#?}"),
-    }
+    assert_eq!(items[0].path.clone(), rollout_path);
 
     // Then the response for resumeConversation
     let resume_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(resume_req_id)),
     )
-    .await??;
+    .await
+    .expect("resumeConversation timeout")
+    .expect("resumeConversation resp");
     let ResumeConversationResponse {
-        conversation_id,
-        model: resume_model,
-        initial_messages: response_initial_messages,
-        ..
-    } = to_response::<ResumeConversationResponse>(resume_resp)?;
+        conversation_id, ..
+    } = to_response::<ResumeConversationResponse>(resume_resp)
+        .expect("deserialize resumeConversation response");
     // conversation id should be a valid UUID
     assert!(!conversation_id.to_string().is_empty());
-    assert_eq!(resume_model, "o3");
-    let response_initial_messages =
-        response_initial_messages.expect("expected initial messages in resume response");
-    match response_initial_messages.as_slice() {
-        [EventMsg::UserMessage(message)] => {
-            assert_eq!(message.message, first_item.preview.clone());
-        }
-        other => panic!("unexpected initial messages in resume response: {other:#?}"),
-    }
-
-    // Resuming with only a conversation id should locate the rollout automatically.
-    let resume_by_id_req_id = mcp
-        .send_resume_conversation_request(ResumeConversationParams {
-            path: None,
-            conversation_id: Some(first_item.conversation_id),
-            history: None,
-            overrides: Some(NewConversationParams {
-                model: Some("o3".to_string()),
-                ..Default::default()
-            }),
-        })
-        .await?;
-    let notification: JSONRPCNotification = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("sessionConfigured"),
-    )
-    .await??;
-    let session_configured: ServerNotification = notification.try_into()?;
-    let ServerNotification::SessionConfigured(SessionConfiguredNotification {
-        model,
-        rollout_path,
-        initial_messages: session_initial_messages,
-        ..
-    }) = session_configured
-    else {
-        unreachable!("expected sessionConfigured notification");
-    };
-    assert_eq!(model, "o3");
-    assert_eq!(rollout_path, first_item.path.clone());
-    let session_initial_messages = session_initial_messages
-        .expect("expected initial messages when resuming from conversation id");
-    match session_initial_messages.as_slice() {
-        [EventMsg::UserMessage(message)] => {
-            assert_eq!(message.message, first_item.preview.clone());
-        }
-        other => panic!("unexpected initial messages from conversation id resume: {other:#?}"),
-    }
-    let resume_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(resume_by_id_req_id)),
-    )
-    .await??;
-    let ResumeConversationResponse {
-        conversation_id: by_id_conversation_id,
-        model: by_id_model,
-        initial_messages: by_id_initial_messages,
-        ..
-    } = to_response::<ResumeConversationResponse>(resume_resp)?;
-    assert!(!by_id_conversation_id.to_string().is_empty());
-    assert_eq!(by_id_model, "o3");
-    let by_id_initial_messages = by_id_initial_messages
-        .expect("expected initial messages when resuming from conversation id response");
-    match by_id_initial_messages.as_slice() {
-        [EventMsg::UserMessage(message)] => {
-            assert_eq!(message.message, first_item.preview.clone());
-        }
-        other => {
-            panic!("unexpected initial messages in conversation id resume response: {other:#?}")
-        }
-    }
-
-    // Resuming with explicit history should succeed even without a stored rollout.
-    let fork_history_text = "Hello from history";
-    let history = vec![ResponseItem::Message {
-        id: None,
-        role: "user".to_string(),
-        content: vec![ContentItem::InputText {
-            text: fork_history_text.to_string(),
-        }],
-    }];
-    let resume_with_history_req_id = mcp
-        .send_resume_conversation_request(ResumeConversationParams {
-            path: None,
-            conversation_id: None,
-            history: Some(history),
-            overrides: Some(NewConversationParams {
-                model: Some("o3".to_string()),
-                ..Default::default()
-            }),
-        })
-        .await?;
-    let notification: JSONRPCNotification = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("sessionConfigured"),
-    )
-    .await??;
-    let session_configured: ServerNotification = notification.try_into()?;
-    let ServerNotification::SessionConfigured(SessionConfiguredNotification {
-        model,
-        initial_messages: session_initial_messages,
-        ..
-    }) = session_configured
-    else {
-        unreachable!("expected sessionConfigured notification");
-    };
-    assert_eq!(model, "o3");
-    assert!(
-        session_initial_messages.as_ref().is_none_or(Vec::is_empty),
-        "expected no initial messages when resuming from explicit history but got {session_initial_messages:#?}"
-    );
-    let resume_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(resume_with_history_req_id)),
-    )
-    .await??;
-    let ResumeConversationResponse {
-        conversation_id: history_conversation_id,
-        model: history_model,
-        initial_messages: history_initial_messages,
-        ..
-    } = to_response::<ResumeConversationResponse>(resume_resp)?;
-    assert!(!history_conversation_id.to_string().is_empty());
-    assert_eq!(history_model, "o3");
-    assert!(
-        history_initial_messages.as_ref().is_none_or(Vec::is_empty),
-        "expected no initial messages in resume response when history is provided but got {history_initial_messages:#?}"
-    );
-
-    Ok(())
 }
 
-fn create_fake_rollout(
-    codex_home: &Path,
-    filename_ts: &str,
-    meta_rfc3339: &str,
-    preview: &str,
-    model_provider: Option<&str>,
-) -> Result<()> {
+fn create_fake_rollout(codex_home: &Path, filename_ts: &str, meta_rfc3339: &str, preview: &str) {
     let uuid = Uuid::new_v4();
     // sessions/YYYY/MM/DD/ derived from filename_ts (YYYY-MM-DDThh-mm-ss)
     let year = &filename_ts[0..4];
     let month = &filename_ts[5..7];
     let day = &filename_ts[8..10];
     let dir = codex_home.join("sessions").join(year).join(month).join(day);
-    fs::create_dir_all(&dir)?;
+    fs::create_dir_all(&dir).unwrap_or_else(|e| panic!("create sessions dir: {e}"));
 
     let file_path = dir.join(format!("rollout-{filename_ts}-{uuid}.jsonl"));
     let mut lines = Vec::new();
     // Meta line with timestamp (flattened meta in payload for new schema)
-    let mut payload = json!({
-        "id": uuid,
-        "timestamp": meta_rfc3339,
-        "cwd": "/",
-        "originator": "codex",
-        "cli_version": "0.0.0",
-        "instructions": null,
-    });
-    if let Some(provider) = model_provider {
-        payload["model_provider"] = json!(provider);
-    }
     lines.push(
         json!({
             "timestamp": meta_rfc3339,
             "type": "session_meta",
-            "payload": payload
+            "payload": {
+                "id": uuid,
+                "timestamp": meta_rfc3339,
+                "cwd": "/",
+                "originator": "codex",
+                "cli_version": "0.0.0",
+                "instructions": null
+            }
         })
         .to_string(),
     );
@@ -421,6 +205,6 @@ fn create_fake_rollout(
         })
         .to_string(),
     );
-    fs::write(file_path, lines.join("\n") + "\n")?;
-    Ok(())
+    fs::write(file_path, lines.join("\n") + "\n")
+        .unwrap_or_else(|e| panic!("write rollout file: {e}"));
 }

codex-rs/app-server/tests/suite/login.rs

@@ -1,20 +1,17 @@
-use anyhow::Result;
+use std::path::Path;
+use std::time::Duration;
+
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::CancelLoginChatGptParams;
 use codex_app_server_protocol::CancelLoginChatGptResponse;
 use codex_app_server_protocol::GetAuthStatusParams;
 use codex_app_server_protocol::GetAuthStatusResponse;
-use codex_app_server_protocol::JSONRPCError;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::LoginChatGptResponse;
 use codex_app_server_protocol::LogoutChatGptResponse;
 use codex_app_server_protocol::RequestId;
-use codex_core::auth::AuthCredentialsStoreMode;
 use codex_login::login_with_api_key;
-use serial_test::serial;
-use std::path::Path;
-use std::time::Duration;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
@@ -43,26 +40,32 @@ stream_max_retries = 0
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn logout_chatgpt_removes_auth() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
-    login_with_api_key(
-        codex_home.path(),
-        "sk-test-key",
-        AuthCredentialsStoreMode::File,
-    )?;
+async fn logout_chatgpt_removes_auth() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml(codex_home.path()).expect("write config.toml");
+    login_with_api_key(codex_home.path(), "sk-test-key").expect("seed api key");
     assert!(codex_home.path().join("auth.json").exists());
 
-    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)]).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)])
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    let id = mcp.send_logout_chat_gpt_request().await?;
+    let id = mcp
+        .send_logout_chat_gpt_request()
+        .await
+        .expect("send logoutChatGpt");
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(id)),
     )
-    .await??;
-    let _ok: LogoutChatGptResponse = to_response(resp)?;
+    .await
+    .expect("logoutChatGpt timeout")
+    .expect("logoutChatGpt response");
+    let _ok: LogoutChatGptResponse = to_response(resp).expect("deserialize logout response");
 
     assert!(
         !codex_home.path().join("auth.json").exists(),
@@ -75,47 +78,61 @@ async fn logout_chatgpt_removes_auth() -> Result<()> {
             include_token: Some(true),
             refresh_token: Some(false),
         })
-        .await?;
+        .await
+        .expect("send getAuthStatus");
     let status_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(status_id)),
     )
-    .await??;
-    let status: GetAuthStatusResponse = to_response(status_resp)?;
+    .await
+    .expect("getAuthStatus timeout")
+    .expect("getAuthStatus response");
+    let status: GetAuthStatusResponse = to_response(status_resp).expect("deserialize status");
     assert_eq!(status.auth_method, None);
     assert_eq!(status.auth_token, None);
-    Ok(())
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-// Serialize tests that launch the login server since it binds to a fixed port.
-#[serial(login_port)]
-async fn login_and_cancel_chatgpt() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn login_and_cancel_chatgpt() {
+    let codex_home = TempDir::new().unwrap_or_else(|e| panic!("create tempdir: {e}"));
+    create_config_toml(codex_home.path()).unwrap_or_else(|err| panic!("write config.toml: {err}"));
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
-    let login_id = mcp.send_login_chat_gpt_request().await?;
+    let login_id = mcp
+        .send_login_chat_gpt_request()
+        .await
+        .expect("send loginChatGpt");
     let login_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(login_id)),
     )
-    .await??;
-    let login: LoginChatGptResponse = to_response(login_resp)?;
+    .await
+    .expect("loginChatGpt timeout")
+    .expect("loginChatGpt response");
+    let login: LoginChatGptResponse = to_response(login_resp).expect("deserialize login resp");
 
     let cancel_id = mcp
         .send_cancel_login_chat_gpt_request(CancelLoginChatGptParams {
             login_id: login.login_id,
         })
-        .await?;
+        .await
+        .expect("send cancelLoginChatGpt");
     let cancel_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(cancel_id)),
     )
-    .await??;
-    let _ok: CancelLoginChatGptResponse = to_response(cancel_resp)?;
+    .await
+    .expect("cancelLoginChatGpt timeout")
+    .expect("cancelLoginChatGpt response");
+    let _ok: CancelLoginChatGptResponse =
+        to_response(cancel_resp).expect("deserialize cancel response");
 
     // Optionally observe the completion notification; do not fail if it races.
     let maybe_note = timeout(
@@ -126,81 +143,4 @@ async fn login_and_cancel_chatgpt() -> Result<()> {
     if maybe_note.is_err() {
         eprintln!("warning: did not observe login_chat_gpt_complete notification after cancel");
     }
-    Ok(())
-}
-
-fn create_config_toml_forced_login(codex_home: &Path, forced_method: &str) -> std::io::Result<()> {
-    let config_toml = codex_home.join("config.toml");
-    let contents = format!(
-        r#"
-model = "mock-model"
-approval_policy = "never"
-sandbox_mode = "danger-full-access"
-forced_login_method = "{forced_method}"
-"#
-    );
-    std::fs::write(config_toml, contents)
-}
-
-fn create_config_toml_forced_workspace(
-    codex_home: &Path,
-    workspace_id: &str,
-) -> std::io::Result<()> {
-    let config_toml = codex_home.join("config.toml");
-    let contents = format!(
-        r#"
-model = "mock-model"
-approval_policy = "never"
-sandbox_mode = "danger-full-access"
-forced_chatgpt_workspace_id = "{workspace_id}"
-"#
-    );
-    std::fs::write(config_toml, contents)
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn login_chatgpt_rejected_when_forced_api() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml_forced_login(codex_home.path(), "api")?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp.send_login_chat_gpt_request().await?;
-    let err: JSONRPCError = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_error_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    assert_eq!(
-        err.error.message,
-        "ChatGPT login is disabled. Use API key login instead."
-    );
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-// Serialize tests that launch the login server since it binds to a fixed port.
-#[serial(login_port)]
-async fn login_chatgpt_includes_forced_workspace_query_param() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml_forced_workspace(codex_home.path(), "ws-forced")?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp.send_login_chat_gpt_request().await?;
-    let resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    let login: LoginChatGptResponse = to_response(resp)?;
-    assert!(
-        login.auth_url.contains("allowed_workspace_id=ws-forced"),
-        "auth URL should include forced workspace"
-    );
-    Ok(())
 }

codex-rs/app-server/tests/suite/mod.rs

@@ -7,8 +7,6 @@ mod fuzzy_file_search;
 mod interrupt;
 mod list_resume;
 mod login;
-mod model_list;
-mod rate_limits;
 mod send_message;
 mod set_default_model;
 mod user_agent;

codex-rs/app-server/tests/suite/model_list.rs

@@ -1,183 +0,0 @@
-use std::time::Duration;
-
-use anyhow::Result;
-use anyhow::anyhow;
-use app_test_support::McpProcess;
-use app_test_support::to_response;
-use codex_app_server_protocol::JSONRPCError;
-use codex_app_server_protocol::JSONRPCResponse;
-use codex_app_server_protocol::ListModelsParams;
-use codex_app_server_protocol::ListModelsResponse;
-use codex_app_server_protocol::Model;
-use codex_app_server_protocol::ReasoningEffortOption;
-use codex_app_server_protocol::RequestId;
-use codex_protocol::config_types::ReasoningEffort;
-use pretty_assertions::assert_eq;
-use tempfile::TempDir;
-use tokio::time::timeout;
-
-const DEFAULT_TIMEOUT: Duration = Duration::from_secs(10);
-const INVALID_REQUEST_ERROR_CODE: i64 = -32600;
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn list_models_returns_all_models_with_large_limit() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-
-    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp
-        .send_list_models_request(ListModelsParams {
-            page_size: Some(100),
-            cursor: None,
-        })
-        .await?;
-
-    let response: JSONRPCResponse = timeout(
-        DEFAULT_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    let ListModelsResponse { items, next_cursor } = to_response::<ListModelsResponse>(response)?;
-
-    let expected_models = vec![
-        Model {
-            id: "gpt-5-codex".to_string(),
-            model: "gpt-5-codex".to_string(),
-            display_name: "gpt-5-codex".to_string(),
-            description: "Optimized for coding tasks with many tools.".to_string(),
-            supported_reasoning_efforts: vec![
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Low,
-                    description: "Fastest responses with limited reasoning".to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Medium,
-                    description: "Dynamically adjusts reasoning based on the task".to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::High,
-                    description: "Maximizes reasoning depth for complex or ambiguous problems"
-                        .to_string(),
-                },
-            ],
-            default_reasoning_effort: ReasoningEffort::Medium,
-            is_default: true,
-        },
-        Model {
-            id: "gpt-5".to_string(),
-            model: "gpt-5".to_string(),
-            display_name: "gpt-5".to_string(),
-            description: "Broad world knowledge with strong general reasoning.".to_string(),
-            supported_reasoning_efforts: vec![
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Minimal,
-                    description: "Fastest responses with little reasoning".to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Low,
-                    description: "Balances speed with some reasoning; useful for straightforward \
-                                   queries and short explanations"
-                        .to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::Medium,
-                    description: "Provides a solid balance of reasoning depth and latency for \
-                         general-purpose tasks"
-                        .to_string(),
-                },
-                ReasoningEffortOption {
-                    reasoning_effort: ReasoningEffort::High,
-                    description: "Maximizes reasoning depth for complex or ambiguous problems"
-                        .to_string(),
-                },
-            ],
-            default_reasoning_effort: ReasoningEffort::Medium,
-            is_default: false,
-        },
-    ];
-
-    assert_eq!(items, expected_models);
-    assert!(next_cursor.is_none());
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn list_models_pagination_works() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-
-    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
-
-    let first_request = mcp
-        .send_list_models_request(ListModelsParams {
-            page_size: Some(1),
-            cursor: None,
-        })
-        .await?;
-
-    let first_response: JSONRPCResponse = timeout(
-        DEFAULT_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(first_request)),
-    )
-    .await??;
-
-    let ListModelsResponse {
-        items: first_items,
-        next_cursor: first_cursor,
-    } = to_response::<ListModelsResponse>(first_response)?;
-
-    assert_eq!(first_items.len(), 1);
-    assert_eq!(first_items[0].id, "gpt-5-codex");
-    let next_cursor = first_cursor.ok_or_else(|| anyhow!("cursor for second page"))?;
-
-    let second_request = mcp
-        .send_list_models_request(ListModelsParams {
-            page_size: Some(1),
-            cursor: Some(next_cursor.clone()),
-        })
-        .await?;
-
-    let second_response: JSONRPCResponse = timeout(
-        DEFAULT_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(second_request)),
-    )
-    .await??;
-
-    let ListModelsResponse {
-        items: second_items,
-        next_cursor: second_cursor,
-    } = to_response::<ListModelsResponse>(second_response)?;
-
-    assert_eq!(second_items.len(), 1);
-    assert_eq!(second_items[0].id, "gpt-5");
-    assert!(second_cursor.is_none());
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn list_models_rejects_invalid_cursor() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-
-    timeout(DEFAULT_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp
-        .send_list_models_request(ListModelsParams {
-            page_size: None,
-            cursor: Some("invalid".to_string()),
-        })
-        .await?;
-
-    let error: JSONRPCError = timeout(
-        DEFAULT_TIMEOUT,
-        mcp.read_stream_until_error_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    assert_eq!(error.id, RequestId::Integer(request_id));
-    assert_eq!(error.error.code, INVALID_REQUEST_ERROR_CODE);
-    assert_eq!(error.error.message, "invalid cursor: invalid");
-    Ok(())
-}

codex-rs/app-server/tests/suite/rate_limits.rs

@@ -1,181 +0,0 @@
-use anyhow::Result;
-use app_test_support::ChatGptAuthFixture;
-use app_test_support::McpProcess;
-use app_test_support::to_response;
-use app_test_support::write_chatgpt_auth;
-use codex_app_server_protocol::GetAccountRateLimitsResponse;
-use codex_app_server_protocol::JSONRPCError;
-use codex_app_server_protocol::JSONRPCResponse;
-use codex_app_server_protocol::LoginApiKeyParams;
-use codex_app_server_protocol::RequestId;
-use codex_core::auth::AuthCredentialsStoreMode;
-use codex_protocol::protocol::RateLimitSnapshot;
-use codex_protocol::protocol::RateLimitWindow;
-use pretty_assertions::assert_eq;
-use serde_json::json;
-use std::path::Path;
-use tempfile::TempDir;
-use tokio::time::timeout;
-use wiremock::Mock;
-use wiremock::MockServer;
-use wiremock::ResponseTemplate;
-use wiremock::matchers::header;
-use wiremock::matchers::method;
-use wiremock::matchers::path;
-
-const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
-const INVALID_REQUEST_ERROR_CODE: i64 = -32600;
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_account_rate_limits_requires_auth() -> Result<()> {
-    let codex_home = TempDir::new()?;
-
-    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)]).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp.send_get_account_rate_limits_request().await?;
-
-    let error: JSONRPCError = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_error_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    assert_eq!(error.id, RequestId::Integer(request_id));
-    assert_eq!(error.error.code, INVALID_REQUEST_ERROR_CODE);
-    assert_eq!(
-        error.error.message,
-        "codex account authentication required to read rate limits"
-    );
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_account_rate_limits_requires_chatgpt_auth() -> Result<()> {
-    let codex_home = TempDir::new()?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    login_with_api_key(&mut mcp, "sk-test-key").await?;
-
-    let request_id = mcp.send_get_account_rate_limits_request().await?;
-
-    let error: JSONRPCError = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_error_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    assert_eq!(error.id, RequestId::Integer(request_id));
-    assert_eq!(error.error.code, INVALID_REQUEST_ERROR_CODE);
-    assert_eq!(
-        error.error.message,
-        "chatgpt authentication required to read rate limits"
-    );
-
-    Ok(())
-}
-
-#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_account_rate_limits_returns_snapshot() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    write_chatgpt_auth(
-        codex_home.path(),
-        ChatGptAuthFixture::new("chatgpt-token")
-            .account_id("account-123")
-            .plan_type("pro"),
-        AuthCredentialsStoreMode::File,
-    )?;
-
-    let server = MockServer::start().await;
-    let server_url = server.uri();
-    write_chatgpt_base_url(codex_home.path(), &server_url)?;
-
-    let primary_reset_timestamp = chrono::DateTime::parse_from_rfc3339("2025-01-01T00:02:00Z")
-        .expect("parse primary reset timestamp")
-        .timestamp();
-    let secondary_reset_timestamp = chrono::DateTime::parse_from_rfc3339("2025-01-01T01:00:00Z")
-        .expect("parse secondary reset timestamp")
-        .timestamp();
-    let response_body = json!({
-        "plan_type": "pro",
-        "rate_limit": {
-            "allowed": true,
-            "limit_reached": false,
-            "primary_window": {
-                "used_percent": 42,
-                "limit_window_seconds": 3600,
-                "reset_after_seconds": 120,
-                "reset_at": primary_reset_timestamp,
-            },
-            "secondary_window": {
-                "used_percent": 5,
-                "limit_window_seconds": 86400,
-                "reset_after_seconds": 43200,
-                "reset_at": secondary_reset_timestamp,
-            }
-        }
-    });
-
-    Mock::given(method("GET"))
-        .and(path("/api/codex/usage"))
-        .and(header("authorization", "Bearer chatgpt-token"))
-        .and(header("chatgpt-account-id", "account-123"))
-        .respond_with(ResponseTemplate::new(200).set_body_json(response_body))
-        .mount(&server)
-        .await;
-
-    let mut mcp = McpProcess::new_with_env(codex_home.path(), &[("OPENAI_API_KEY", None)]).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let request_id = mcp.send_get_account_rate_limits_request().await?;
-
-    let response: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    let received: GetAccountRateLimitsResponse = to_response(response)?;
-
-    let expected = GetAccountRateLimitsResponse {
-        rate_limits: RateLimitSnapshot {
-            primary: Some(RateLimitWindow {
-                used_percent: 42.0,
-                window_minutes: Some(60),
-                resets_at: Some(primary_reset_timestamp),
-            }),
-            secondary: Some(RateLimitWindow {
-                used_percent: 5.0,
-                window_minutes: Some(1440),
-                resets_at: Some(secondary_reset_timestamp),
-            }),
-        },
-    };
-    assert_eq!(received, expected);
-
-    Ok(())
-}
-
-async fn login_with_api_key(mcp: &mut McpProcess, api_key: &str) -> Result<()> {
-    let request_id = mcp
-        .send_login_api_key_request(LoginApiKeyParams {
-            api_key: api_key.to_string(),
-        })
-        .await?;
-
-    timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
-    )
-    .await??;
-
-    Ok(())
-}
-
-fn write_chatgpt_base_url(codex_home: &Path, base_url: &str) -> std::io::Result<()> {
-    let config_toml = codex_home.join("config.toml");
-    std::fs::write(config_toml, format!("chatgpt_base_url = \"{base_url}\"\n"))
-}

codex-rs/app-server/tests/suite/send_message.rs

@@ -1,4 +1,5 @@
-use anyhow::Result;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::create_final_assistant_message_sse_response;
 use app_test_support::create_mock_chat_completions_server;
@@ -14,76 +15,73 @@ use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::SendUserMessageParams;
 use codex_app_server_protocol::SendUserMessageResponse;
 use codex_protocol::ConversationId;
-use codex_protocol::models::ContentItem;
-use codex_protocol::models::ResponseItem;
-use codex_protocol::protocol::RawResponseItemEvent;
 use pretty_assertions::assert_eq;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test]
-async fn test_send_message_success() -> Result<()> {
+async fn test_send_message_success() {
     // Spin up a mock completions server that immediately ends the Codex turn.
     // Two Codex turns hit the mock model (session start + send-user-message). Provide two SSE responses.
     let responses = vec![
-        create_final_assistant_message_sse_response("Done")?,
-        create_final_assistant_message_sse_response("Done")?,
+        create_final_assistant_message_sse_response("Done").expect("build mock assistant message"),
+        create_final_assistant_message_sse_response("Done").expect("build mock assistant message"),
     ];
     let server = create_mock_chat_completions_server(responses).await;
 
     // Create a temporary Codex home with config pointing at the mock server.
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), &server.uri())?;
+    let codex_home = TempDir::new().expect("create temp dir");
+    create_config_toml(codex_home.path(), &server.uri()).expect("write config.toml");
 
     // Start MCP server process and initialize.
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timed out")
+        .expect("init failed");
 
     // Start a conversation using the new wire API.
     let new_conv_id = mcp
-        .send_new_conversation_request(NewConversationParams {
-            ..Default::default()
-        })
-        .await?;
+        .send_new_conversation_request(NewConversationParams::default())
+        .await
+        .expect("send newConversation");
     let new_conv_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
     )
-    .await??;
+    .await
+    .expect("newConversation timeout")
+    .expect("newConversation resp");
     let NewConversationResponse {
         conversation_id, ..
-    } = to_response::<_>(new_conv_resp)?;
+    } = to_response::<_>(new_conv_resp).expect("deserialize newConversation response");
 
     // 2) addConversationListener
     let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: false,
-        })
-        .await?;
+        .send_add_conversation_listener_request(AddConversationListenerParams { conversation_id })
+        .await
+        .expect("send addConversationListener");
     let add_listener_resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
     )
-    .await??;
+    .await
+    .expect("addConversationListener timeout")
+    .expect("addConversationListener resp");
     let AddConversationSubscriptionResponse { subscription_id: _ } =
-        to_response::<_>(add_listener_resp)?;
+        to_response::<_>(add_listener_resp).expect("deserialize addConversationListener response");
 
     // Now exercise sendUserMessage twice.
-    send_message("Hello", conversation_id, &mut mcp).await?;
-    send_message("Hello again", conversation_id, &mut mcp).await?;
-    Ok(())
+    send_message("Hello", conversation_id, &mut mcp).await;
+    send_message("Hello again", conversation_id, &mut mcp).await;
 }
 
 #[expect(clippy::expect_used)]
-async fn send_message(
-    message: &str,
-    conversation_id: ConversationId,
-    mcp: &mut McpProcess,
-) -> Result<()> {
+async fn send_message(message: &str, conversation_id: ConversationId, mcp: &mut McpProcess) {
     // Now exercise sendUserMessage.
     let send_id = mcp
         .send_send_user_message_request(SendUserMessageParams {
@@ -92,15 +90,19 @@ async fn send_message(
                 text: message.to_string(),
             }],
         })
-        .await?;
+        .await
+        .expect("send sendUserMessage");
 
     let response: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(send_id)),
     )
-    .await??;
+    .await
+    .expect("sendUserMessage response timeout")
+    .expect("sendUserMessage response error");
 
-    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(response)?;
+    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(response)
+        .expect("deserialize sendUserMessage response");
 
     // Verify the task_finished notification is received.
     // Note this also ensures that the final request to the server was made.
@@ -108,7 +110,9 @@ async fn send_message(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_notification_message("codex/event/task_complete"),
     )
-    .await??;
+    .await
+    .expect("task_finished_notification timeout")
+    .expect("task_finished_notification resp");
     let serde_json::Value::Object(map) = task_finished_notification
         .params
         .expect("notification should have params")
@@ -120,105 +124,17 @@ async fn send_message(
             .expect("should have conversationId"),
         &serde_json::Value::String(conversation_id.to_string())
     );
-
-    let raw_attempt = tokio::time::timeout(
-        std::time::Duration::from_millis(200),
-        mcp.read_stream_until_notification_message("codex/event/raw_response_item"),
-    )
-    .await;
-    assert!(
-        raw_attempt.is_err(),
-        "unexpected raw item notification when not opted in"
-    );
-    Ok(())
 }
 
 #[tokio::test]
-async fn test_send_message_raw_notifications_opt_in() -> Result<()> {
-    let responses = vec![create_final_assistant_message_sse_response("Done")?];
-    let server = create_mock_chat_completions_server(responses).await;
-
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path(), &server.uri())?;
-
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
-
-    let new_conv_id = mcp
-        .send_new_conversation_request(NewConversationParams {
-            developer_instructions: Some("Use the test harness tools.".to_string()),
-            ..Default::default()
-        })
-        .await?;
-    let new_conv_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(new_conv_id)),
-    )
-    .await??;
-    let NewConversationResponse {
-        conversation_id, ..
-    } = to_response::<_>(new_conv_resp)?;
-
-    let add_listener_id = mcp
-        .send_add_conversation_listener_request(AddConversationListenerParams {
-            conversation_id,
-            experimental_raw_events: true,
-        })
-        .await?;
-    let add_listener_resp: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(add_listener_id)),
-    )
-    .await??;
-    let AddConversationSubscriptionResponse { subscription_id: _ } =
-        to_response::<_>(add_listener_resp)?;
-
-    let send_id = mcp
-        .send_send_user_message_request(SendUserMessageParams {
-            conversation_id,
-            items: vec![InputItem::Text {
-                text: "Hello".to_string(),
-            }],
-        })
-        .await?;
-
-    let developer = read_raw_response_item(&mut mcp, conversation_id).await;
-    assert_developer_message(&developer, "Use the test harness tools.");
-
-    let instructions = read_raw_response_item(&mut mcp, conversation_id).await;
-    assert_instructions_message(&instructions);
-
-    let environment = read_raw_response_item(&mut mcp, conversation_id).await;
-    assert_environment_message(&environment);
-
-    let response: JSONRPCResponse = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_response_message(RequestId::Integer(send_id)),
-    )
-    .await??;
-    let _ok: SendUserMessageResponse = to_response::<SendUserMessageResponse>(response)?;
-
-    let user_message = read_raw_response_item(&mut mcp, conversation_id).await;
-    assert_user_message(&user_message, "Hello");
-
-    let assistant_message = read_raw_response_item(&mut mcp, conversation_id).await;
-    assert_assistant_message(&assistant_message, "Done");
-
-    let _ = tokio::time::timeout(
-        std::time::Duration::from_millis(250),
-        mcp.read_stream_until_notification_message("codex/event/task_complete"),
-    )
-    .await;
-
-    Ok(())
-}
-
-#[tokio::test]
-async fn test_send_message_session_not_found() -> Result<()> {
+async fn test_send_message_session_not_found() {
     // Start MCP without creating a Codex session
-    let codex_home = TempDir::new()?;
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let codex_home = TempDir::new().expect("tempdir");
+    let mut mcp = McpProcess::new(codex_home.path()).await.expect("spawn");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("timeout")
+        .expect("init");
 
     let unknown = ConversationId::new();
     let req_id = mcp
@@ -228,16 +144,18 @@ async fn test_send_message_session_not_found() -> Result<()> {
                 text: "ping".to_string(),
             }],
         })
-        .await?;
+        .await
+        .expect("send sendUserMessage");
 
     // Expect an error response for unknown conversation.
     let err = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_error_message(RequestId::Integer(req_id)),
     )
-    .await??;
+    .await
+    .expect("timeout")
+    .expect("error");
     assert_eq!(err.id, RequestId::Integer(req_id));
-    Ok(())
 }
 
 // ---------------------------------------------------------------------------
@@ -266,125 +184,3 @@ stream_max_retries = 0
         ),
     )
 }
-
-#[expect(clippy::expect_used)]
-async fn read_raw_response_item(
-    mcp: &mut McpProcess,
-    conversation_id: ConversationId,
-) -> ResponseItem {
-    let raw_notification: JSONRPCNotification = timeout(
-        DEFAULT_READ_TIMEOUT,
-        mcp.read_stream_until_notification_message("codex/event/raw_response_item"),
-    )
-    .await
-    .expect("codex/event/raw_response_item notification timeout")
-    .expect("codex/event/raw_response_item notification resp");
-
-    let serde_json::Value::Object(params) = raw_notification
-        .params
-        .expect("codex/event/raw_response_item should have params")
-    else {
-        panic!("codex/event/raw_response_item should have params");
-    };
-
-    let conversation_id_value = params
-        .get("conversationId")
-        .and_then(|value| value.as_str())
-        .expect("raw response item should include conversationId");
-
-    assert_eq!(
-        conversation_id_value,
-        conversation_id.to_string(),
-        "raw response item conversation mismatch"
-    );
-
-    let msg_value = params
-        .get("msg")
-        .cloned()
-        .expect("raw response item should include msg payload");
-
-    let event: RawResponseItemEvent =
-        serde_json::from_value(msg_value).expect("deserialize raw response item");
-    event.item
-}
-
-fn assert_instructions_message(item: &ResponseItem) {
-    match item {
-        ResponseItem::Message { role, content, .. } => {
-            assert_eq!(role, "user");
-            let texts = content_texts(content);
-            assert!(
-                texts
-                    .iter()
-                    .any(|text| text.contains("<user_instructions>")),
-                "expected instructions message, got {texts:?}"
-            );
-        }
-        other => panic!("expected instructions message, got {other:?}"),
-    }
-}
-
-fn assert_developer_message(item: &ResponseItem, expected_text: &str) {
-    match item {
-        ResponseItem::Message { role, content, .. } => {
-            assert_eq!(role, "developer");
-            let texts = content_texts(content);
-            assert_eq!(
-                texts,
-                vec![expected_text],
-                "expected developer instructions message, got {texts:?}"
-            );
-        }
-        other => panic!("expected developer instructions message, got {other:?}"),
-    }
-}
-
-fn assert_environment_message(item: &ResponseItem) {
-    match item {
-        ResponseItem::Message { role, content, .. } => {
-            assert_eq!(role, "user");
-            let texts = content_texts(content);
-            assert!(
-                texts
-                    .iter()
-                    .any(|text| text.contains("<environment_context>")),
-                "expected environment context message, got {texts:?}"
-            );
-        }
-        other => panic!("expected environment message, got {other:?}"),
-    }
-}
-
-fn assert_user_message(item: &ResponseItem, expected_text: &str) {
-    match item {
-        ResponseItem::Message { role, content, .. } => {
-            assert_eq!(role, "user");
-            let texts = content_texts(content);
-            assert_eq!(texts, vec![expected_text]);
-        }
-        other => panic!("expected user message, got {other:?}"),
-    }
-}
-
-fn assert_assistant_message(item: &ResponseItem, expected_text: &str) {
-    match item {
-        ResponseItem::Message { role, content, .. } => {
-            assert_eq!(role, "assistant");
-            let texts = content_texts(content);
-            assert_eq!(texts, vec![expected_text]);
-        }
-        other => panic!("expected assistant message, got {other:?}"),
-    }
-}
-
-fn content_texts(content: &[ContentItem]) -> Vec<&str> {
-    content
-        .iter()
-        .filter_map(|item| match item {
-            ContentItem::InputText { text } | ContentItem::OutputText { text } => {
-                Some(text.as_str())
-            }
-            _ => None,
-        })
-        .collect()
-}

codex-rs/app-server/tests/suite/set_default_model.rs

@@ -1,4 +1,5 @@
-use anyhow::Result;
+use std::path::Path;
+
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::JSONRPCResponse;
@@ -7,38 +8,50 @@ use codex_app_server_protocol::SetDefaultModelParams;
 use codex_app_server_protocol::SetDefaultModelResponse;
 use codex_core::config::ConfigToml;
 use pretty_assertions::assert_eq;
-use std::path::Path;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn set_default_model_persists_overrides() -> Result<()> {
-    let codex_home = TempDir::new()?;
-    create_config_toml(codex_home.path())?;
+async fn set_default_model_persists_overrides() {
+    let codex_home = TempDir::new().expect("create tempdir");
+    create_config_toml(codex_home.path()).expect("write config.toml");
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("init timeout")
+        .expect("init failed");
 
     let params = SetDefaultModelParams {
         model: Some("gpt-4.1".to_string()),
         reasoning_effort: None,
     };
 
-    let request_id = mcp.send_set_default_model_request(params).await?;
+    let request_id = mcp
+        .send_set_default_model_request(params)
+        .await
+        .expect("send setDefaultModel");
 
     let resp: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
+    .await
+    .expect("setDefaultModel timeout")
+    .expect("setDefaultModel response");
 
-    let _: SetDefaultModelResponse = to_response(resp)?;
+    let _: SetDefaultModelResponse =
+        to_response(resp).expect("deserialize setDefaultModel response");
 
     let config_path = codex_home.path().join("config.toml");
-    let config_contents = tokio::fs::read_to_string(&config_path).await?;
-    let config_toml: ConfigToml = toml::from_str(&config_contents)?;
+    let config_contents = tokio::fs::read_to_string(&config_path)
+        .await
+        .expect("read config.toml");
+    let config_toml: ConfigToml = toml::from_str(&config_contents).expect("parse config.toml");
 
     assert_eq!(
         ConfigToml {
@@ -48,7 +61,6 @@ async fn set_default_model_persists_overrides() -> Result<()> {
         },
         config_toml,
     );
-    Ok(())
 }
 
 // Helper to create a config.toml; mirrors create_conversation.rs

codex-rs/app-server/tests/suite/user_agent.rs

@@ -1,4 +1,3 @@
-use anyhow::Result;
 use app_test_support::McpProcess;
 use app_test_support::to_response;
 use codex_app_server_protocol::GetUserAgentResponse;
@@ -11,18 +10,28 @@ use tokio::time::timeout;
 const DEFAULT_READ_TIMEOUT: std::time::Duration = std::time::Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn get_user_agent_returns_current_codex_user_agent() -> Result<()> {
-    let codex_home = TempDir::new()?;
+async fn get_user_agent_returns_current_codex_user_agent() {
+    let codex_home = TempDir::new().unwrap_or_else(|err| panic!("create tempdir: {err}"));
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("initialize timeout")
+        .expect("initialize request");
 
-    let request_id = mcp.send_get_user_agent_request().await?;
+    let request_id = mcp
+        .send_get_user_agent_request()
+        .await
+        .expect("send getUserAgent");
     let response: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
+    .await
+    .expect("getUserAgent timeout")
+    .expect("getUserAgent response");
 
     let os_info = os_info::get();
     let user_agent = format!(
@@ -33,9 +42,9 @@ async fn get_user_agent_returns_current_codex_user_agent() -> Result<()> {
         codex_core::terminal::user_agent()
     );
 
-    let received: GetUserAgentResponse = to_response(response)?;
+    let received: GetUserAgentResponse =
+        to_response(response).expect("deserialize getUserAgent response");
     let expected = GetUserAgentResponse { user_agent };
 
     assert_eq!(received, expected);
-    Ok(())
 }

codex-rs/app-server/tests/suite/user_info.rs

@@ -1,46 +1,78 @@
-use anyhow::Result;
-use app_test_support::ChatGptAuthFixture;
+use std::time::Duration;
+
+use anyhow::Context;
 use app_test_support::McpProcess;
 use app_test_support::to_response;
-use app_test_support::write_chatgpt_auth;
+use base64::Engine;
+use base64::engine::general_purpose::URL_SAFE_NO_PAD;
 use codex_app_server_protocol::JSONRPCResponse;
 use codex_app_server_protocol::RequestId;
 use codex_app_server_protocol::UserInfoResponse;
-use codex_core::auth::AuthCredentialsStoreMode;
+use codex_core::auth::AuthDotJson;
+use codex_core::auth::get_auth_file;
+use codex_core::auth::write_auth_json;
+use codex_core::token_data::IdTokenInfo;
+use codex_core::token_data::TokenData;
 use pretty_assertions::assert_eq;
-use std::time::Duration;
+use serde_json::json;
 use tempfile::TempDir;
 use tokio::time::timeout;
 
 const DEFAULT_READ_TIMEOUT: Duration = Duration::from_secs(10);
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-async fn user_info_returns_email_from_auth_json() -> Result<()> {
-    let codex_home = TempDir::new()?;
+async fn user_info_returns_email_from_auth_json() {
+    let codex_home = TempDir::new().expect("create tempdir");
 
-    write_chatgpt_auth(
-        codex_home.path(),
-        ChatGptAuthFixture::new("access")
-            .refresh_token("refresh")
-            .email("user@example.com"),
-        AuthCredentialsStoreMode::File,
-    )?;
+    let auth_path = get_auth_file(codex_home.path());
+    let mut id_token = IdTokenInfo::default();
+    id_token.email = Some("user@example.com".to_string());
+    id_token.raw_jwt = encode_id_token_with_email("user@example.com").expect("encode id token");
 
-    let mut mcp = McpProcess::new(codex_home.path()).await?;
-    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize()).await??;
+    let auth = AuthDotJson {
+        openai_api_key: None,
+        tokens: Some(TokenData {
+            id_token,
+            access_token: "access".to_string(),
+            refresh_token: "refresh".to_string(),
+            account_id: None,
+        }),
+        last_refresh: None,
+    };
+    write_auth_json(&auth_path, &auth).expect("write auth.json");
 
-    let request_id = mcp.send_user_info_request().await?;
+    let mut mcp = McpProcess::new(codex_home.path())
+        .await
+        .expect("spawn mcp process");
+    timeout(DEFAULT_READ_TIMEOUT, mcp.initialize())
+        .await
+        .expect("initialize timeout")
+        .expect("initialize request");
+
+    let request_id = mcp.send_user_info_request().await.expect("send userInfo");
     let response: JSONRPCResponse = timeout(
         DEFAULT_READ_TIMEOUT,
         mcp.read_stream_until_response_message(RequestId::Integer(request_id)),
     )
-    .await??;
+    .await
+    .expect("userInfo timeout")
+    .expect("userInfo response");
 
-    let received: UserInfoResponse = to_response(response)?;
+    let received: UserInfoResponse = to_response(response).expect("deserialize userInfo response");
     let expected = UserInfoResponse {
         alleged_user_email: Some("user@example.com".to_string()),
     };
 
     assert_eq!(received, expected);
-    Ok(())
+}
+
+fn encode_id_token_with_email(email: &str) -> anyhow::Result<String> {
+    let header_b64 = URL_SAFE_NO_PAD.encode(
+        serde_json::to_vec(&json!({ "alg": "none", "typ": "JWT" }))
+            .context("serialize jwt header")?,
+    );
+    let payload =
+        serde_json::to_vec(&json!({ "email": email })).context("serialize jwt payload")?;
+    let payload_b64 = URL_SAFE_NO_PAD.encode(payload);
+    Ok(format!("{header_b64}.{payload_b64}.signature"))
 }

codex-rs/apply-patch/tests/suite/mod.rs

@@ -1,3 +1 @@
 mod cli;
-#[cfg(not(target_os = "windows"))]
-mod tool;

codex-rs/apply-patch/tests/suite/tool.rs

@@ -1,257 +0,0 @@
-use assert_cmd::Command;
-use pretty_assertions::assert_eq;
-use std::fs;
-use std::path::Path;
-use tempfile::tempdir;
-
-fn run_apply_patch_in_dir(dir: &Path, patch: &str) -> anyhow::Result<assert_cmd::assert::Assert> {
-    let mut cmd = Command::cargo_bin("apply_patch")?;
-    cmd.current_dir(dir);
-    Ok(cmd.arg(patch).assert())
-}
-
-fn apply_patch_command(dir: &Path) -> anyhow::Result<Command> {
-    let mut cmd = Command::cargo_bin("apply_patch")?;
-    cmd.current_dir(dir);
-    Ok(cmd)
-}
-
-#[test]
-fn test_apply_patch_cli_applies_multiple_operations() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let modify_path = tmp.path().join("modify.txt");
-    let delete_path = tmp.path().join("delete.txt");
-
-    fs::write(&modify_path, "line1\nline2\n")?;
-    fs::write(&delete_path, "obsolete\n")?;
-
-    let patch = "*** Begin Patch\n*** Add File: nested/new.txt\n+created\n*** Delete File: delete.txt\n*** Update File: modify.txt\n@@\n-line2\n+changed\n*** End Patch";
-
-    run_apply_patch_in_dir(tmp.path(), patch)?.success().stdout(
-        "Success. Updated the following files:\nA nested/new.txt\nM modify.txt\nD delete.txt\n",
-    );
-
-    assert_eq!(
-        fs::read_to_string(tmp.path().join("nested/new.txt"))?,
-        "created\n"
-    );
-    assert_eq!(fs::read_to_string(&modify_path)?, "line1\nchanged\n");
-    assert!(!delete_path.exists());
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_applies_multiple_chunks() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let target_path = tmp.path().join("multi.txt");
-    fs::write(&target_path, "line1\nline2\nline3\nline4\n")?;
-
-    let patch = "*** Begin Patch\n*** Update File: multi.txt\n@@\n-line2\n+changed2\n@@\n-line4\n+changed4\n*** End Patch";
-
-    run_apply_patch_in_dir(tmp.path(), patch)?
-        .success()
-        .stdout("Success. Updated the following files:\nM multi.txt\n");
-
-    assert_eq!(
-        fs::read_to_string(&target_path)?,
-        "line1\nchanged2\nline3\nchanged4\n"
-    );
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_moves_file_to_new_directory() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let original_path = tmp.path().join("old/name.txt");
-    let new_path = tmp.path().join("renamed/dir/name.txt");
-    fs::create_dir_all(original_path.parent().expect("parent should exist"))?;
-    fs::write(&original_path, "old content\n")?;
-
-    let patch = "*** Begin Patch\n*** Update File: old/name.txt\n*** Move to: renamed/dir/name.txt\n@@\n-old content\n+new content\n*** End Patch";
-
-    run_apply_patch_in_dir(tmp.path(), patch)?
-        .success()
-        .stdout("Success. Updated the following files:\nM renamed/dir/name.txt\n");
-
-    assert!(!original_path.exists());
-    assert_eq!(fs::read_to_string(&new_path)?, "new content\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_rejects_empty_patch() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr("No files were modified.\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_reports_missing_context() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let target_path = tmp.path().join("modify.txt");
-    fs::write(&target_path, "line1\nline2\n")?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Update File: modify.txt\n@@\n-missing\n+changed\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr("Failed to find expected lines in modify.txt:\nmissing\n");
-    assert_eq!(fs::read_to_string(&target_path)?, "line1\nline2\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_rejects_missing_file_delete() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Delete File: missing.txt\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr("Failed to delete file missing.txt\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_rejects_empty_update_hunk() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Update File: foo.txt\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr("Invalid patch hunk on line 2: Update file hunk for path 'foo.txt' is empty\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_requires_existing_file_for_update() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Update File: missing.txt\n@@\n-old\n+new\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr(
-            "Failed to read file to update missing.txt: No such file or directory (os error 2)\n",
-        );
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_move_overwrites_existing_destination() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let original_path = tmp.path().join("old/name.txt");
-    let destination = tmp.path().join("renamed/dir/name.txt");
-    fs::create_dir_all(original_path.parent().expect("parent should exist"))?;
-    fs::create_dir_all(destination.parent().expect("parent should exist"))?;
-    fs::write(&original_path, "from\n")?;
-    fs::write(&destination, "existing\n")?;
-
-    run_apply_patch_in_dir(
-        tmp.path(),
-        "*** Begin Patch\n*** Update File: old/name.txt\n*** Move to: renamed/dir/name.txt\n@@\n-from\n+new\n*** End Patch",
-    )?
-    .success()
-    .stdout("Success. Updated the following files:\nM renamed/dir/name.txt\n");
-
-    assert!(!original_path.exists());
-    assert_eq!(fs::read_to_string(&destination)?, "new\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_add_overwrites_existing_file() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let path = tmp.path().join("duplicate.txt");
-    fs::write(&path, "old content\n")?;
-
-    run_apply_patch_in_dir(
-        tmp.path(),
-        "*** Begin Patch\n*** Add File: duplicate.txt\n+new content\n*** End Patch",
-    )?
-    .success()
-    .stdout("Success. Updated the following files:\nA duplicate.txt\n");
-
-    assert_eq!(fs::read_to_string(&path)?, "new content\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_delete_directory_fails() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    fs::create_dir(tmp.path().join("dir"))?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Delete File: dir\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr("Failed to delete file dir\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_rejects_invalid_hunk_header() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Frobnicate File: foo\n*** End Patch")
-        .assert()
-        .failure()
-        .stderr("Invalid patch hunk on line 2: '*** Frobnicate File: foo' is not a valid hunk header. Valid hunk headers: '*** Add File: {path}', '*** Delete File: {path}', '*** Update File: {path}'\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_updates_file_appends_trailing_newline() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let target_path = tmp.path().join("no_newline.txt");
-    fs::write(&target_path, "no newline at end")?;
-
-    run_apply_patch_in_dir(
-        tmp.path(),
-        "*** Begin Patch\n*** Update File: no_newline.txt\n@@\n-no newline at end\n+first line\n+second line\n*** End Patch",
-    )?
-    .success()
-    .stdout("Success. Updated the following files:\nM no_newline.txt\n");
-
-    let contents = fs::read_to_string(&target_path)?;
-    assert!(contents.ends_with('\n'));
-    assert_eq!(contents, "first line\nsecond line\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_failure_after_partial_success_leaves_changes() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let new_file = tmp.path().join("created.txt");
-
-    apply_patch_command(tmp.path())?
-        .arg("*** Begin Patch\n*** Add File: created.txt\n+hello\n*** Update File: missing.txt\n@@\n-old\n+new\n*** End Patch")
-        .assert()
-        .failure()
-        .stdout("")
-        .stderr("Failed to read file to update missing.txt: No such file or directory (os error 2)\n");
-
-    assert_eq!(fs::read_to_string(&new_file)?, "hello\n");
-
-    Ok(())
-}

codex-rs/async-utils/Cargo.toml

@@ -1,15 +0,0 @@
-[package]
-edition.workspace = true
-name = "codex-async-utils"
-version.workspace = true
-
-[lints]
-workspace = true
-
-[dependencies]
-async-trait.workspace = true
-tokio = { workspace = true, features = ["macros", "rt", "rt-multi-thread", "time"] }
-tokio-util.workspace = true
-
-[dev-dependencies]
-pretty_assertions.workspace = true

codex-rs/async-utils/src/lib.rs

@@ -1,86 +0,0 @@
-use async_trait::async_trait;
-use std::future::Future;
-use tokio_util::sync::CancellationToken;
-
-#[derive(Debug, PartialEq, Eq)]
-pub enum CancelErr {
-    Cancelled,
-}
-
-#[async_trait]
-pub trait OrCancelExt: Sized {
-    type Output;
-
-    async fn or_cancel(self, token: &CancellationToken) -> Result<Self::Output, CancelErr>;
-}
-
-#[async_trait]
-impl<F> OrCancelExt for F
-where
-    F: Future + Send,
-    F::Output: Send,
-{
-    type Output = F::Output;
-
-    async fn or_cancel(self, token: &CancellationToken) -> Result<Self::Output, CancelErr> {
-        tokio::select! {
-            _ = token.cancelled() => Err(CancelErr::Cancelled),
-            res = self => Ok(res),
-        }
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use std::time::Duration;
-    use tokio::task;
-    use tokio::time::sleep;
-
-    #[tokio::test]
-    async fn returns_ok_when_future_completes_first() {
-        let token = CancellationToken::new();
-        let value = async { 42 };
-
-        let result = value.or_cancel(&token).await;
-
-        assert_eq!(Ok(42), result);
-    }
-
-    #[tokio::test]
-    async fn returns_err_when_token_cancelled_first() {
-        let token = CancellationToken::new();
-        let token_clone = token.clone();
-
-        let cancel_handle = task::spawn(async move {
-            sleep(Duration::from_millis(10)).await;
-            token_clone.cancel();
-        });
-
-        let result = async {
-            sleep(Duration::from_millis(100)).await;
-            7
-        }
-        .or_cancel(&token)
-        .await;
-
-        cancel_handle.await.expect("cancel task panicked");
-        assert_eq!(Err(CancelErr::Cancelled), result);
-    }
-
-    #[tokio::test]
-    async fn returns_err_when_token_already_cancelled() {
-        let token = CancellationToken::new();
-        token.cancel();
-
-        let result = async {
-            sleep(Duration::from_millis(50)).await;
-            5
-        }
-        .or_cancel(&token)
-        .await;
-
-        assert_eq!(Err(CancelErr::Cancelled), result);
-    }
-}

codex-rs/backend-client/Cargo.toml

@@ -13,8 +13,6 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
 codex-backend-openapi-models = { path = "../codex-backend-openapi-models" }
-codex-protocol = { workspace = true }
-codex-core = { workspace = true }
 
 [dev-dependencies]
 pretty_assertions = "1"

codex-rs/backend-client/src/client.rs

@@ -1,13 +1,7 @@
 use crate::types::CodeTaskDetailsResponse;
 use crate::types::PaginatedListTaskListItem;
-use crate::types::RateLimitStatusPayload;
-use crate::types::RateLimitWindowSnapshot;
 use crate::types::TurnAttemptsSiblingTurnsResponse;
 use anyhow::Result;
-use codex_core::auth::CodexAuth;
-use codex_core::default_client::get_codex_user_agent;
-use codex_protocol::protocol::RateLimitSnapshot;
-use codex_protocol::protocol::RateLimitWindow;
 use reqwest::header::AUTHORIZATION;
 use reqwest::header::CONTENT_TYPE;
 use reqwest::header::HeaderMap;
@@ -70,17 +64,6 @@ impl Client {
         })
     }
 
-    pub async fn from_auth(base_url: impl Into<String>, auth: &CodexAuth) -> Result<Self> {
-        let token = auth.get_token().await.map_err(anyhow::Error::from)?;
-        let mut client = Self::new(base_url)?
-            .with_user_agent(get_codex_user_agent())
-            .with_bearer_token(token);
-        if let Some(account_id) = auth.get_account_id() {
-            client = client.with_chatgpt_account_id(account_id);
-        }
-        Ok(client)
-    }
-
     pub fn with_bearer_token(mut self, token: impl Into<String>) -> Self {
         self.bearer_token = Some(token.into());
         self
@@ -155,17 +138,6 @@ impl Client {
         }
     }
 
-    pub async fn get_rate_limits(&self) -> Result<RateLimitSnapshot> {
-        let url = match self.path_style {
-            PathStyle::CodexApi => format!("{}/api/codex/usage", self.base_url),
-            PathStyle::ChatGptApi => format!("{}/wham/usage", self.base_url),
-        };
-        let req = self.http.get(&url).headers(self.headers());
-        let (body, ct) = self.exec_request(req, "GET", &url).await?;
-        let payload: RateLimitStatusPayload = self.decode_json(&url, &ct, &body)?;
-        Ok(Self::rate_limit_snapshot_from_payload(payload))
-    }
-
     pub async fn list_tasks(
         &self,
         limit: Option<i32>,
@@ -269,49 +241,4 @@ impl Client {
             Err(e) => anyhow::bail!("Decode error for {url}: {e}; content-type={ct}; body={body}"),
         }
     }
-
-    // rate limit helpers
-    fn rate_limit_snapshot_from_payload(payload: RateLimitStatusPayload) -> RateLimitSnapshot {
-        let Some(details) = payload
-            .rate_limit
-            .and_then(|inner| inner.map(|boxed| *boxed))
-        else {
-            return RateLimitSnapshot {
-                primary: None,
-                secondary: None,
-            };
-        };
-
-        RateLimitSnapshot {
-            primary: Self::map_rate_limit_window(details.primary_window),
-            secondary: Self::map_rate_limit_window(details.secondary_window),
-        }
-    }
-
-    fn map_rate_limit_window(
-        window: Option<Option<Box<RateLimitWindowSnapshot>>>,
-    ) -> Option<RateLimitWindow> {
-        let snapshot = match window {
-            Some(Some(snapshot)) => *snapshot,
-            _ => return None,
-        };
-
-        let used_percent = f64::from(snapshot.used_percent);
-        let window_minutes = Self::window_minutes_from_seconds(snapshot.limit_window_seconds);
-        let resets_at = Some(i64::from(snapshot.reset_at));
-        Some(RateLimitWindow {
-            used_percent,
-            window_minutes,
-            resets_at,
-        })
-    }
-
-    fn window_minutes_from_seconds(seconds: i32) -> Option<i64> {
-        if seconds <= 0 {
-            return None;
-        }
-
-        let seconds_i64 = i64::from(seconds);
-        Some((seconds_i64 + 59) / 60)
-    }
 }

codex-rs/backend-client/src/types.rs

@@ -1,8 +1,4 @@
 pub use codex_backend_openapi_models::models::PaginatedListTaskListItem;
-pub use codex_backend_openapi_models::models::PlanType;
-pub use codex_backend_openapi_models::models::RateLimitStatusDetails;
-pub use codex_backend_openapi_models::models::RateLimitStatusPayload;
-pub use codex_backend_openapi_models::models::RateLimitWindowSnapshot;
 pub use codex_backend_openapi_models::models::TaskListItem;
 
 use serde::Deserialize;

codex-rs/chatgpt/Cargo.toml

@@ -14,7 +14,7 @@ codex-core = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 tokio = { workspace = true, features = ["full"] }
-codex-git = { workspace = true }
+codex-git-apply = { path = "../git-apply" }
 
 [dev-dependencies]
 tempfile = { workspace = true }

codex-rs/chatgpt/src/apply_command.rs

@@ -32,8 +32,7 @@ pub async fn run_apply_command(
     )
     .await?;
 
-    init_chatgpt_token_from_auth(&config.codex_home, config.cli_auth_credentials_store_mode)
-        .await?;
+    init_chatgpt_token_from_auth(&config.codex_home).await?;
 
     let task_response = get_task(&config, apply_cli.task_id).await?;
     apply_diff_from_task(task_response, cwd).await
@@ -59,13 +58,13 @@ pub async fn apply_diff_from_task(
 
 async fn apply_diff(diff: &str, cwd: Option<PathBuf>) -> anyhow::Result<()> {
     let cwd = cwd.unwrap_or(std::env::current_dir().unwrap_or_else(|_| std::env::temp_dir()));
-    let req = codex_git::ApplyGitRequest {
+    let req = codex_git_apply::ApplyGitRequest {
         cwd,
         diff: diff.to_string(),
         revert: false,
         preflight: false,
     };
-    let res = codex_git::apply_git_patch(&req)?;
+    let res = codex_git_apply::apply_git_patch(&req)?;
     if res.exit_code != 0 {
         anyhow::bail!(
             "Git apply failed (applied={}, skipped={}, conflicts={})\nstdout:\n{}\nstderr:\n{}",

codex-rs/chatgpt/src/chatgpt_client.rs

@@ -13,8 +13,7 @@ pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
     path: String,
 ) -> anyhow::Result<T> {
     let chatgpt_base_url = &config.chatgpt_base_url;
-    init_chatgpt_token_from_auth(&config.codex_home, config.cli_auth_credentials_store_mode)
-        .await?;
+    init_chatgpt_token_from_auth(&config.codex_home).await?;
 
     // Make direct HTTP request to ChatGPT backend API with the token
     let client = create_client();

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -3,7 +3,6 @@ use std::path::Path;
 use std::sync::LazyLock;
 use std::sync::RwLock;
 
-use codex_core::auth::AuthCredentialsStoreMode;
 use codex_core::token_data::TokenData;
 
 static CHATGPT_TOKEN: LazyLock<RwLock<Option<TokenData>>> = LazyLock::new(|| RwLock::new(None));
@@ -19,11 +18,8 @@ pub fn set_chatgpt_token_data(value: TokenData) {
 }
 
 /// Initialize the ChatGPT token from auth.json file
-pub async fn init_chatgpt_token_from_auth(
-    codex_home: &Path,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<()> {
-    let auth = CodexAuth::from_auth_storage(codex_home, auth_credentials_store_mode)?;
+pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
+    let auth = CodexAuth::from_codex_home(codex_home)?;
     if let Some(auth) = auth {
         let token_data = auth.get_token_data().await?;
         set_chatgpt_token_data(token_data);

codex-rs/cli/Cargo.toml

@@ -19,10 +19,8 @@ anyhow = { workspace = true }
 clap = { workspace = true, features = ["derive"] }
 clap_complete = { workspace = true }
 codex-app-server = { workspace = true }
-codex-app-server-protocol = { workspace = true }
 codex-arg0 = { workspace = true }
 codex-chatgpt = { workspace = true }
-codex-cloud-tasks = { path = "../cloud-tasks" }
 codex-common = { workspace = true, features = ["cli"] }
 codex-core = { workspace = true }
 codex-exec = { workspace = true }
@@ -30,11 +28,12 @@ codex-login = { workspace = true }
 codex-mcp-server = { workspace = true }
 codex-process-hardening = { workspace = true }
 codex-protocol = { workspace = true }
+codex-app-server-protocol = { workspace = true }
 codex-protocol-ts = { workspace = true }
 codex-responses-api-proxy = { workspace = true }
-codex-rmcp-client = { workspace = true }
-codex-stdio-to-uds = { workspace = true }
 codex-tui = { workspace = true }
+codex-rmcp-client = { workspace = true }
+codex-cloud-tasks = { path = "../cloud-tasks" }
 ctor = { workspace = true }
 owo-colors = { workspace = true }
 serde_json = { workspace = true }
@@ -48,8 +47,8 @@ tokio = { workspace = true, features = [
 ] }
 
 [dev-dependencies]
-assert_cmd = { workspace = true }
 assert_matches = { workspace = true }
+assert_cmd = { workspace = true }
 predicates = { workspace = true }
 pretty_assertions = { workspace = true }
 tempfile = { workspace = true }

codex-rs/cli/src/login.rs

@@ -1,7 +1,6 @@
 use codex_app_server_protocol::AuthMode;
 use codex_common::CliConfigOverrides;
 use codex_core::CodexAuth;
-use codex_core::auth::AuthCredentialsStoreMode;
 use codex_core::auth::CLIENT_ID;
 use codex_core::auth::login_with_api_key;
 use codex_core::auth::logout;
@@ -10,22 +9,12 @@ use codex_core::config::ConfigOverrides;
 use codex_login::ServerOptions;
 use codex_login::run_device_code_login;
 use codex_login::run_login_server;
-use codex_protocol::config_types::ForcedLoginMethod;
 use std::io::IsTerminal;
 use std::io::Read;
 use std::path::PathBuf;
 
-pub async fn login_with_chatgpt(
-    codex_home: PathBuf,
-    forced_chatgpt_workspace_id: Option<String>,
-    cli_auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<()> {
-    let opts = ServerOptions::new(
-        codex_home,
-        CLIENT_ID.to_string(),
-        forced_chatgpt_workspace_id,
-        cli_auth_credentials_store_mode,
-    );
+pub async fn login_with_chatgpt(codex_home: PathBuf) -> std::io::Result<()> {
+    let opts = ServerOptions::new(codex_home, CLIENT_ID.to_string());
     let server = run_login_server(opts)?;
 
     eprintln!(
@@ -39,20 +28,7 @@ pub async fn login_with_chatgpt(
 pub async fn run_login_with_chatgpt(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides).await;
 
-    if matches!(config.forced_login_method, Some(ForcedLoginMethod::Api)) {
-        eprintln!("ChatGPT login is disabled. Use API key login instead.");
-        std::process::exit(1);
-    }
-
-    let forced_chatgpt_workspace_id = config.forced_chatgpt_workspace_id.clone();
-
-    match login_with_chatgpt(
-        config.codex_home,
-        forced_chatgpt_workspace_id,
-        config.cli_auth_credentials_store_mode,
-    )
-    .await
-    {
+    match login_with_chatgpt(config.codex_home).await {
         Ok(_) => {
             eprintln!("Successfully logged in");
             std::process::exit(0);
@@ -70,16 +46,7 @@ pub async fn run_login_with_api_key(
 ) -> ! {
     let config = load_config_or_exit(cli_config_overrides).await;
 
-    if matches!(config.forced_login_method, Some(ForcedLoginMethod::Chatgpt)) {
-        eprintln!("API key login is disabled. Use ChatGPT login instead.");
-        std::process::exit(1);
-    }
-
-    match login_with_api_key(
-        &config.codex_home,
-        &api_key,
-        config.cli_auth_credentials_store_mode,
-    ) {
+    match login_with_api_key(&config.codex_home, &api_key) {
         Ok(_) => {
             eprintln!("Successfully logged in");
             std::process::exit(0);
@@ -125,16 +92,9 @@ pub async fn run_login_with_device_code(
     client_id: Option<String>,
 ) -> ! {
     let config = load_config_or_exit(cli_config_overrides).await;
-    if matches!(config.forced_login_method, Some(ForcedLoginMethod::Api)) {
-        eprintln!("ChatGPT login is disabled. Use API key login instead.");
-        std::process::exit(1);
-    }
-    let forced_chatgpt_workspace_id = config.forced_chatgpt_workspace_id.clone();
     let mut opts = ServerOptions::new(
         config.codex_home,
         client_id.unwrap_or(CLIENT_ID.to_string()),
-        forced_chatgpt_workspace_id,
-        config.cli_auth_credentials_store_mode,
     );
     if let Some(iss) = issuer_base_url {
         opts.issuer = iss;
@@ -154,7 +114,7 @@ pub async fn run_login_with_device_code(
 pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides).await;
 
-    match CodexAuth::from_auth_storage(&config.codex_home, config.cli_auth_credentials_store_mode) {
+    match CodexAuth::from_codex_home(&config.codex_home) {
         Ok(Some(auth)) => match auth.mode {
             AuthMode::ApiKey => match auth.get_token().await {
                 Ok(api_key) => {
@@ -185,7 +145,7 @@ pub async fn run_login_status(cli_config_overrides: CliConfigOverrides) -> ! {
 pub async fn run_logout(cli_config_overrides: CliConfigOverrides) -> ! {
     let config = load_config_or_exit(cli_config_overrides).await;
 
-    match logout(&config.codex_home, config.cli_auth_credentials_store_mode) {
+    match logout(&config.codex_home) {
         Ok(true) => {
             eprintln!("Successfully logged out");
             std::process::exit(0);

codex-rs/cli/src/main.rs

@@ -19,7 +19,6 @@ use codex_exec::Cli as ExecCli;
 use codex_responses_api_proxy::Args as ResponsesApiProxyArgs;
 use codex_tui::AppExitInfo;
 use codex_tui::Cli as TuiCli;
-use codex_tui::updates::UpdateAction;
 use owo_colors::OwoColorize;
 use std::path::PathBuf;
 use supports_color::Stream;
@@ -29,7 +28,6 @@ mod mcp_cmd;
 use crate::mcp_cmd::McpCli;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
-use codex_core::features::is_known_feature_key;
 
 /// Codex CLI
 ///
@@ -43,8 +41,7 @@ use codex_core::features::is_known_feature_key;
     // The executable is sometimes invoked via a platform‑specific name like
     // `codex-x86_64-unknown-linux-musl`, but the help output should always use
     // the generic `codex` command name that users run.
-    bin_name = "codex",
-    override_usage = "codex [OPTIONS] [PROMPT]\n       codex [OPTIONS] <COMMAND> [ARGS]"
+    bin_name = "codex"
 )]
 struct MultitoolCli {
     #[clap(flatten)]
@@ -106,10 +103,6 @@ enum Subcommand {
     #[clap(hide = true)]
     ResponsesApiProxy(ResponsesApiProxyArgs),
 
-    /// Internal: relay stdio to a Unix domain socket.
-    #[clap(hide = true, name = "stdio-to-uds")]
-    StdioToUds(StdioToUdsCommand),
-
     /// Inspect feature flags.
     Features(FeaturesCli),
 }
@@ -211,18 +204,10 @@ struct GenerateTsCommand {
     prettier: Option<PathBuf>,
 }
 
-#[derive(Debug, Parser)]
-struct StdioToUdsCommand {
-    /// Path to the Unix domain socket to connect to.
-    #[arg(value_name = "SOCKET_PATH")]
-    socket_path: PathBuf,
-}
-
 fn format_exit_messages(exit_info: AppExitInfo, color_enabled: bool) -> Vec<String> {
     let AppExitInfo {
         token_usage,
         conversation_id,
-        ..
     } = exit_info;
 
     if token_usage.is_zero() {
@@ -247,32 +232,11 @@ fn format_exit_messages(exit_info: AppExitInfo, color_enabled: bool) -> Vec<Stri
     lines
 }
 
-/// Handle the app exit and print the results. Optionally run the update action.
-fn handle_app_exit(exit_info: AppExitInfo) -> anyhow::Result<()> {
-    let update_action = exit_info.update_action;
+fn print_exit_messages(exit_info: AppExitInfo) {
     let color_enabled = supports_color::on(Stream::Stdout).is_some();
     for line in format_exit_messages(exit_info, color_enabled) {
         println!("{line}");
     }
-    if let Some(action) = update_action {
-        run_update_action(action)?;
-    }
-    Ok(())
-}
-
-/// Run the update action and print the result.
-fn run_update_action(action: UpdateAction) -> anyhow::Result<()> {
-    println!();
-    let (cmd, args) = action.command_args();
-    let cmd_str = action.command_str();
-    println!("Updating Codex via `{cmd_str}`...");
-    let status = std::process::Command::new(cmd).args(args).status()?;
-    if !status.success() {
-        anyhow::bail!("`{cmd_str}` failed with status {status}");
-    }
-    println!();
-    println!("🎉 Update ran successfully! Please restart Codex.");
-    Ok(())
 }
 
 #[derive(Debug, Default, Parser, Clone)]
@@ -287,25 +251,15 @@ struct FeatureToggles {
 }
 
 impl FeatureToggles {
-    fn to_overrides(&self) -> anyhow::Result<Vec<String>> {
+    fn to_overrides(&self) -> Vec<String> {
         let mut v = Vec::new();
-        for feature in &self.enable {
-            Self::validate_feature(feature)?;
-            v.push(format!("features.{feature}=true"));
+        for k in &self.enable {
+            v.push(format!("features.{k}=true"));
         }
-        for feature in &self.disable {
-            Self::validate_feature(feature)?;
-            v.push(format!("features.{feature}=false"));
-        }
-        Ok(v)
-    }
-
-    fn validate_feature(feature: &str) -> anyhow::Result<()> {
-        if is_known_feature_key(feature) {
-            Ok(())
-        } else {
-            anyhow::bail!("Unknown feature flag: {feature}")
+        for k in &self.disable {
+            v.push(format!("features.{k}=false"));
         }
+        v
     }
 }
 
@@ -356,8 +310,9 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
     } = MultitoolCli::parse();
 
     // Fold --enable/--disable into config overrides so they flow to all subcommands.
-    let toggle_overrides = feature_toggles.to_overrides()?;
-    root_config_overrides.raw_overrides.extend(toggle_overrides);
+    root_config_overrides
+        .raw_overrides
+        .extend(feature_toggles.to_overrides());
 
     match subcommand {
         None => {
@@ -366,7 +321,7 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                 root_config_overrides.clone(),
             );
             let exit_info = codex_tui::run_main(interactive, codex_linux_sandbox_exe).await?;
-            handle_app_exit(exit_info)?;
+            print_exit_messages(exit_info);
         }
         Some(Subcommand::Exec(mut exec_cli)) => {
             prepend_config_flags(
@@ -399,7 +354,7 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                 config_overrides,
             );
             let exit_info = codex_tui::run_main(interactive, codex_linux_sandbox_exe).await?;
-            handle_app_exit(exit_info)?;
+            print_exit_messages(exit_info);
         }
         Some(Subcommand::Login(mut login_cli)) => {
             prepend_config_flags(
@@ -484,11 +439,6 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
             tokio::task::spawn_blocking(move || codex_responses_api_proxy::run_main(args))
                 .await??;
         }
-        Some(Subcommand::StdioToUds(cmd)) => {
-            let socket_path = cmd.socket_path;
-            tokio::task::spawn_blocking(move || codex_stdio_to_uds::run(socket_path.as_path()))
-                .await??;
-        }
         Some(Subcommand::GenerateTs(gen_cli)) => {
             codex_protocol_ts::generate_ts(&gen_cli.out_dir, gen_cli.prettier.as_deref())?;
         }
@@ -590,9 +540,6 @@ fn merge_resume_cli_flags(interactive: &mut TuiCli, resume_cli: TuiCli) {
     if !resume_cli.images.is_empty() {
         interactive.images = resume_cli.images;
     }
-    if !resume_cli.add_dir.is_empty() {
-        interactive.add_dir.extend(resume_cli.add_dir);
-    }
     if let Some(prompt) = resume_cli.prompt {
         interactive.prompt = Some(prompt);
     }
@@ -615,7 +562,6 @@ mod tests {
     use assert_matches::assert_matches;
     use codex_core::protocol::TokenUsage;
     use codex_protocol::ConversationId;
-    use pretty_assertions::assert_eq;
 
     fn finalize_from_args(args: &[&str]) -> TuiCli {
         let cli = MultitoolCli::try_parse_from(args).expect("parse");
@@ -649,7 +595,6 @@ mod tests {
             conversation_id: conversation
                 .map(ConversationId::from_string)
                 .map(Result::unwrap),
-            update_action: None,
         }
     }
 
@@ -658,7 +603,6 @@ mod tests {
         let exit_info = AppExitInfo {
             token_usage: TokenUsage::default(),
             conversation_id: None,
-            update_action: None,
         };
         let lines = format_exit_messages(exit_info, false);
         assert!(lines.is_empty());
@@ -792,32 +736,4 @@ mod tests {
         assert!(!interactive.resume_last);
         assert_eq!(interactive.resume_session_id, None);
     }
-
-    #[test]
-    fn feature_toggles_known_features_generate_overrides() {
-        let toggles = FeatureToggles {
-            enable: vec!["web_search_request".to_string()],
-            disable: vec!["unified_exec".to_string()],
-        };
-        let overrides = toggles.to_overrides().expect("valid features");
-        assert_eq!(
-            overrides,
-            vec![
-                "features.web_search_request=true".to_string(),
-                "features.unified_exec=false".to_string(),
-            ]
-        );
-    }
-
-    #[test]
-    fn feature_toggles_unknown_feature_errors() {
-        let toggles = FeatureToggles {
-            enable: vec!["does_not_exist".to_string()],
-            disable: Vec::new(),
-        };
-        let err = toggles
-            .to_overrides()
-            .expect_err("feature should be rejected");
-        assert_eq!(err.to_string(), "Unknown feature flag: does_not_exist");
-    }
 }

codex-rs/cli/src/mcp_cmd.rs

@@ -6,14 +6,13 @@ use anyhow::anyhow;
 use anyhow::bail;
 use clap::ArgGroup;
 use codex_common::CliConfigOverrides;
-use codex_common::format_env_display::format_env_display;
 use codex_core::config::Config;
 use codex_core::config::ConfigOverrides;
-use codex_core::config::edit::ConfigEditsBuilder;
 use codex_core::config::find_codex_home;
 use codex_core::config::load_global_mcp_servers;
-use codex_core::config::types::McpServerConfig;
-use codex_core::config::types::McpServerTransportConfig;
+use codex_core::config::write_global_mcp_servers;
+use codex_core::config_types::McpServerConfig;
+use codex_core::config_types::McpServerTransportConfig;
 use codex_core::features::Feature;
 use codex_core::mcp::auth::compute_auth_statuses;
 use codex_core::protocol::McpAuthStatus;
@@ -150,10 +149,6 @@ pub struct RemoveArgs {
 pub struct LoginArgs {
     /// Name of the MCP server to authenticate with oauth.
     pub name: String,
-
-    /// Comma-separated list of OAuth scopes to request.
-    #[arg(long, value_delimiter = ',', value_name = "SCOPE,SCOPE")]
-    pub scopes: Vec<String>,
 }
 
 #[derive(Debug, clap::Parser)]
@@ -232,8 +227,6 @@ async fn run_add(config_overrides: &CliConfigOverrides, add_args: AddArgs) -> Re
                 command: command_bin,
                 args: command_args,
                 env: env_map,
-                env_vars: Vec::new(),
-                cwd: None,
             }
         }
         AddMcpTransportArgs {
@@ -246,8 +239,6 @@ async fn run_add(config_overrides: &CliConfigOverrides, add_args: AddArgs) -> Re
         } => McpServerTransportConfig::StreamableHttp {
             url,
             bearer_token_env_var,
-            http_headers: None,
-            env_http_headers: None,
         },
         AddMcpTransportArgs { .. } => bail!("exactly one of --command or --url must be provided"),
     };
@@ -257,16 +248,11 @@ async fn run_add(config_overrides: &CliConfigOverrides, add_args: AddArgs) -> Re
         enabled: true,
         startup_timeout_sec: None,
         tool_timeout_sec: None,
-        enabled_tools: None,
-        disabled_tools: None,
     };
 
     servers.insert(name.clone(), new_entry);
 
-    ConfigEditsBuilder::new(&codex_home)
-        .replace_mcp_servers(&servers)
-        .apply()
-        .await
+    write_global_mcp_servers(&codex_home, &servers)
         .with_context(|| format!("failed to write MCP servers to {}", codex_home.display()))?;
 
     println!("Added global MCP server '{name}'.");
@@ -274,36 +260,12 @@ async fn run_add(config_overrides: &CliConfigOverrides, add_args: AddArgs) -> Re
     if let McpServerTransportConfig::StreamableHttp {
         url,
         bearer_token_env_var: None,
-        http_headers,
-        env_http_headers,
     } = transport
+        && matches!(supports_oauth_login(&url).await, Ok(true))
     {
-        match supports_oauth_login(&url).await {
-            Ok(true) => {
-                if !config.features.enabled(Feature::RmcpClient) {
-                    println!(
-                        "MCP server supports login. Add `experimental_use_rmcp_client = true` \
-                         to your config.toml and run `codex mcp login {name}` to login."
-                    );
-                } else {
-                    println!("Detected OAuth support. Starting OAuth flow…");
-                    perform_oauth_login(
-                        &name,
-                        &url,
-                        config.mcp_oauth_credentials_store_mode,
-                        http_headers.clone(),
-                        env_http_headers.clone(),
-                        &Vec::new(),
-                    )
-                    .await?;
-                    println!("Successfully logged in.");
-                }
-            }
-            Ok(false) => {}
-            Err(_) => println!(
-                "MCP server may or may not require login. Run `codex mcp login {name}` to login."
-            ),
-        }
+        println!("Detected OAuth support. Starting OAuth flow…");
+        perform_oauth_login(&name, &url, config.mcp_oauth_credentials_store_mode).await?;
+        println!("Successfully logged in.");
     }
 
     Ok(())
@@ -324,10 +286,7 @@ async fn run_remove(config_overrides: &CliConfigOverrides, remove_args: RemoveAr
     let removed = servers.remove(&name).is_some();
 
     if removed {
-        ConfigEditsBuilder::new(&codex_home)
-            .replace_mcp_servers(&servers)
-            .apply()
-            .await
+        write_global_mcp_servers(&codex_home, &servers)
             .with_context(|| format!("failed to write MCP servers to {}", codex_home.display()))?;
     }
 
@@ -347,34 +306,23 @@ async fn run_login(config_overrides: &CliConfigOverrides, login_args: LoginArgs)
         .context("failed to load configuration")?;
 
     if !config.features.enabled(Feature::RmcpClient) {
-        bail!("OAuth login is only supported when [feature].rmcp_client is true in config.toml.");
+        bail!(
+            "OAuth login is only supported when experimental_use_rmcp_client is true in config.toml."
+        );
     }
 
-    let LoginArgs { name, scopes } = login_args;
+    let LoginArgs { name } = login_args;
 
     let Some(server) = config.mcp_servers.get(&name) else {
         bail!("No MCP server named '{name}' found.");
     };
 
-    let (url, http_headers, env_http_headers) = match &server.transport {
-        McpServerTransportConfig::StreamableHttp {
-            url,
-            http_headers,
-            env_http_headers,
-            ..
-        } => (url.clone(), http_headers.clone(), env_http_headers.clone()),
+    let url = match &server.transport {
+        McpServerTransportConfig::StreamableHttp { url, .. } => url.clone(),
         _ => bail!("OAuth login is only supported for streamable HTTP servers."),
     };
 
-    perform_oauth_login(
-        &name,
-        &url,
-        config.mcp_oauth_credentials_store_mode,
-        http_headers,
-        env_http_headers,
-        &scopes,
-    )
-    .await?;
+    perform_oauth_login(&name, &url, config.mcp_oauth_credentials_store_mode).await?;
     println!("Successfully logged in to MCP server '{name}'.");
     Ok(())
 }
@@ -426,35 +374,23 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
             .map(|(name, cfg)| {
                 let auth_status = auth_statuses
                     .get(name.as_str())
-                    .map(|entry| entry.auth_status)
+                    .copied()
                     .unwrap_or(McpAuthStatus::Unsupported);
                 let transport = match &cfg.transport {
-                    McpServerTransportConfig::Stdio {
-                        command,
-                        args,
-                        env,
-                        env_vars,
-                        cwd,
-                    } => serde_json::json!({
+                    McpServerTransportConfig::Stdio { command, args, env } => serde_json::json!({
                         "type": "stdio",
                         "command": command,
                         "args": args,
                         "env": env,
-                        "env_vars": env_vars,
-                        "cwd": cwd,
                     }),
                     McpServerTransportConfig::StreamableHttp {
                         url,
                         bearer_token_env_var,
-                        http_headers,
-                        env_http_headers,
                     } => {
                         serde_json::json!({
                             "type": "streamable_http",
                             "url": url,
                             "bearer_token_env_var": bearer_token_env_var,
-                            "http_headers": http_headers,
-                            "env_http_headers": env_http_headers,
                         })
                     }
                 };
@@ -483,29 +419,30 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
         return Ok(());
     }
 
-    let mut stdio_rows: Vec<[String; 7]> = Vec::new();
+    let mut stdio_rows: Vec<[String; 6]> = Vec::new();
     let mut http_rows: Vec<[String; 5]> = Vec::new();
 
     for (name, cfg) in entries {
         match &cfg.transport {
-            McpServerTransportConfig::Stdio {
-                command,
-                args,
-                env,
-                env_vars,
-                cwd,
-            } => {
+            McpServerTransportConfig::Stdio { command, args, env } => {
                 let args_display = if args.is_empty() {
                     "-".to_string()
                 } else {
                     args.join(" ")
                 };
-                let env_display = format_env_display(env.as_ref(), env_vars);
-                let cwd_display = cwd
-                    .as_ref()
-                    .map(|path| path.display().to_string())
-                    .filter(|value| !value.is_empty())
-                    .unwrap_or_else(|| "-".to_string());
+                let env_display = match env.as_ref() {
+                    None => "-".to_string(),
+                    Some(map) if map.is_empty() => "-".to_string(),
+                    Some(map) => {
+                        let mut pairs: Vec<_> = map.iter().collect();
+                        pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
+                        pairs
+                            .into_iter()
+                            .map(|(k, v)| format!("{k}={v}"))
+                            .collect::<Vec<_>>()
+                            .join(", ")
+                    }
+                };
                 let status = if cfg.enabled {
                     "enabled".to_string()
                 } else {
@@ -513,7 +450,7 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
                 };
                 let auth_status = auth_statuses
                     .get(name.as_str())
-                    .map(|entry| entry.auth_status)
+                    .copied()
                     .unwrap_or(McpAuthStatus::Unsupported)
                     .to_string();
                 stdio_rows.push([
@@ -521,7 +458,6 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
                     command.clone(),
                     args_display,
                     env_display,
-                    cwd_display,
                     status,
                     auth_status,
                 ]);
@@ -529,7 +465,6 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
             McpServerTransportConfig::StreamableHttp {
                 url,
                 bearer_token_env_var,
-                ..
             } => {
                 let status = if cfg.enabled {
                     "enabled".to_string()
@@ -538,15 +473,13 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
                 };
                 let auth_status = auth_statuses
                     .get(name.as_str())
-                    .map(|entry| entry.auth_status)
+                    .copied()
                     .unwrap_or(McpAuthStatus::Unsupported)
                     .to_string();
-                let bearer_token_display =
-                    bearer_token_env_var.as_deref().unwrap_or("-").to_string();
                 http_rows.push([
                     name.clone(),
                     url.clone(),
-                    bearer_token_display,
+                    bearer_token_env_var.clone().unwrap_or("-".to_string()),
                     status,
                     auth_status,
                 ]);
@@ -560,7 +493,6 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
             "Command".len(),
             "Args".len(),
             "Env".len(),
-            "Cwd".len(),
             "Status".len(),
             "Auth".len(),
         ];
@@ -571,40 +503,36 @@ async fn run_list(config_overrides: &CliConfigOverrides, list_args: ListArgs) ->
         }
 
         println!(
-            "{name:<name_w$}  {command:<cmd_w$}  {args:<args_w$}  {env:<env_w$}  {cwd:<cwd_w$}  {status:<status_w$}  {auth:<auth_w$}",
+            "{name:<name_w$}  {command:<cmd_w$}  {args:<args_w$}  {env:<env_w$}  {status:<status_w$}  {auth:<auth_w$}",
             name = "Name",
             command = "Command",
             args = "Args",
             env = "Env",
-            cwd = "Cwd",
             status = "Status",
             auth = "Auth",
             name_w = widths[0],
             cmd_w = widths[1],
             args_w = widths[2],
             env_w = widths[3],
-            cwd_w = widths[4],
-            status_w = widths[5],
-            auth_w = widths[6],
+            status_w = widths[4],
+            auth_w = widths[5],
         );
 
         for row in &stdio_rows {
             println!(
-                "{name:<name_w$}  {command:<cmd_w$}  {args:<args_w$}  {env:<env_w$}  {cwd:<cwd_w$}  {status:<status_w$}  {auth:<auth_w$}",
+                "{name:<name_w$}  {command:<cmd_w$}  {args:<args_w$}  {env:<env_w$}  {status:<status_w$}  {auth:<auth_w$}",
                 name = row[0].as_str(),
                 command = row[1].as_str(),
                 args = row[2].as_str(),
                 env = row[3].as_str(),
-                cwd = row[4].as_str(),
-                status = row[5].as_str(),
-                auth = row[6].as_str(),
+                status = row[4].as_str(),
+                auth = row[5].as_str(),
                 name_w = widths[0],
                 cmd_w = widths[1],
                 args_w = widths[2],
                 env_w = widths[3],
-                cwd_w = widths[4],
-                status_w = widths[5],
-                auth_w = widths[6],
+                status_w = widths[4],
+                auth_w = widths[5],
             );
         }
     }
@@ -673,39 +601,25 @@ async fn run_get(config_overrides: &CliConfigOverrides, get_args: GetArgs) -> Re
 
     if get_args.json {
         let transport = match &server.transport {
-            McpServerTransportConfig::Stdio {
-                command,
-                args,
-                env,
-                env_vars,
-                cwd,
-            } => serde_json::json!({
+            McpServerTransportConfig::Stdio { command, args, env } => serde_json::json!({
                 "type": "stdio",
                 "command": command,
                 "args": args,
                 "env": env,
-                "env_vars": env_vars,
-                "cwd": cwd,
             }),
             McpServerTransportConfig::StreamableHttp {
                 url,
                 bearer_token_env_var,
-                http_headers,
-                env_http_headers,
             } => serde_json::json!({
                 "type": "streamable_http",
                 "url": url,
                 "bearer_token_env_var": bearer_token_env_var,
-                "http_headers": http_headers,
-                "env_http_headers": env_http_headers,
             }),
         };
         let output = serde_json::to_string_pretty(&serde_json::json!({
             "name": get_args.name,
             "enabled": server.enabled,
             "transport": transport,
-            "enabled_tools": server.enabled_tools.clone(),
-            "disabled_tools": server.disabled_tools.clone(),
             "startup_timeout_sec": server
                 .startup_timeout_sec
                 .map(|timeout| timeout.as_secs_f64()),
@@ -717,36 +631,10 @@ async fn run_get(config_overrides: &CliConfigOverrides, get_args: GetArgs) -> Re
         return Ok(());
     }
 
-    if !server.enabled {
-        println!("{} (disabled)", get_args.name);
-        return Ok(());
-    }
-
     println!("{}", get_args.name);
     println!("  enabled: {}", server.enabled);
-    let format_tool_list = |tools: &Option<Vec<String>>| -> String {
-        match tools {
-            Some(list) if list.is_empty() => "[]".to_string(),
-            Some(list) => list.join(", "),
-            None => "-".to_string(),
-        }
-    };
-    if server.enabled_tools.is_some() {
-        let enabled_tools_display = format_tool_list(&server.enabled_tools);
-        println!("  enabled_tools: {enabled_tools_display}");
-    }
-    if server.disabled_tools.is_some() {
-        let disabled_tools_display = format_tool_list(&server.disabled_tools);
-        println!("  disabled_tools: {disabled_tools_display}");
-    }
     match &server.transport {
-        McpServerTransportConfig::Stdio {
-            command,
-            args,
-            env,
-            env_vars,
-            cwd,
-        } => {
+        McpServerTransportConfig::Stdio { command, args, env } => {
             println!("  transport: stdio");
             println!("  command: {command}");
             let args_display = if args.is_empty() {
@@ -755,51 +643,29 @@ async fn run_get(config_overrides: &CliConfigOverrides, get_args: GetArgs) -> Re
                 args.join(" ")
             };
             println!("  args: {args_display}");
-            let cwd_display = cwd
-                .as_ref()
-                .map(|path| path.display().to_string())
-                .filter(|value| !value.is_empty())
-                .unwrap_or_else(|| "-".to_string());
-            println!("  cwd: {cwd_display}");
-            let env_display = format_env_display(env.as_ref(), env_vars);
+            let env_display = match env.as_ref() {
+                None => "-".to_string(),
+                Some(map) if map.is_empty() => "-".to_string(),
+                Some(map) => {
+                    let mut pairs: Vec<_> = map.iter().collect();
+                    pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
+                    pairs
+                        .into_iter()
+                        .map(|(k, v)| format!("{k}={v}"))
+                        .collect::<Vec<_>>()
+                        .join(", ")
+                }
+            };
             println!("  env: {env_display}");
         }
         McpServerTransportConfig::StreamableHttp {
             url,
             bearer_token_env_var,
-            http_headers,
-            env_http_headers,
         } => {
             println!("  transport: streamable_http");
             println!("  url: {url}");
-            let bearer_token_display = bearer_token_env_var.as_deref().unwrap_or("-");
-            println!("  bearer_token_env_var: {bearer_token_display}");
-            let headers_display = match http_headers {
-                Some(map) if !map.is_empty() => {
-                    let mut pairs: Vec<_> = map.iter().collect();
-                    pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
-                    pairs
-                        .into_iter()
-                        .map(|(k, _)| format!("{k}=*****"))
-                        .collect::<Vec<_>>()
-                        .join(", ")
-                }
-                _ => "-".to_string(),
-            };
-            println!("  http_headers: {headers_display}");
-            let env_headers_display = match env_http_headers {
-                Some(map) if !map.is_empty() => {
-                    let mut pairs: Vec<_> = map.iter().collect();
-                    pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
-                    pairs
-                        .into_iter()
-                        .map(|(k, var)| format!("{k}={var}"))
-                        .collect::<Vec<_>>()
-                        .join(", ")
-                }
-                _ => "-".to_string(),
-            };
-            println!("  env_http_headers: {env_headers_display}");
+            let env_var = bearer_token_env_var.as_deref().unwrap_or("-");
+            println!("  bearer_token_env_var: {env_var}");
         }
     }
     if let Some(timeout) = server.startup_timeout_sec {

codex-rs/cli/tests/mcp_add_remove.rs

@@ -2,7 +2,7 @@ use std::path::Path;
 
 use anyhow::Result;
 use codex_core::config::load_global_mcp_servers;
-use codex_core::config::types::McpServerTransportConfig;
+use codex_core::config_types::McpServerTransportConfig;
 use predicates::str::contains;
 use pretty_assertions::assert_eq;
 use tempfile::TempDir;
@@ -28,18 +28,10 @@ async fn add_and_remove_server_updates_global_config() -> Result<()> {
     assert_eq!(servers.len(), 1);
     let docs = servers.get("docs").expect("server should exist");
     match &docs.transport {
-        McpServerTransportConfig::Stdio {
-            command,
-            args,
-            env,
-            env_vars,
-            cwd,
-        } => {
+        McpServerTransportConfig::Stdio { command, args, env } => {
             assert_eq!(command, "echo");
             assert_eq!(args, &vec!["hello".to_string()]);
             assert!(env.is_none());
-            assert!(env_vars.is_empty());
-            assert!(cwd.is_none());
         }
         other => panic!("unexpected transport: {other:?}"),
     }
@@ -120,13 +112,9 @@ async fn add_streamable_http_without_manual_token() -> Result<()> {
         McpServerTransportConfig::StreamableHttp {
             url,
             bearer_token_env_var,
-            http_headers,
-            env_http_headers,
         } => {
             assert_eq!(url, "https://example.com/mcp");
             assert!(bearer_token_env_var.is_none());
-            assert!(http_headers.is_none());
-            assert!(env_http_headers.is_none());
         }
         other => panic!("unexpected transport: {other:?}"),
     }
@@ -162,13 +150,9 @@ async fn add_streamable_http_with_custom_env_var() -> Result<()> {
         McpServerTransportConfig::StreamableHttp {
             url,
             bearer_token_env_var,
-            http_headers,
-            env_http_headers,
         } => {
             assert_eq!(url, "https://example.com/issues");
             assert_eq!(bearer_token_env_var.as_deref(), Some("GITHUB_TOKEN"));
-            assert!(http_headers.is_none());
-            assert!(env_http_headers.is_none());
         }
         other => panic!("unexpected transport: {other:?}"),
     }

codex-rs/cli/tests/mcp_list.rs

@@ -1,9 +1,6 @@
 use std::path::Path;
 
 use anyhow::Result;
-use codex_core::config::edit::ConfigEditsBuilder;
-use codex_core::config::load_global_mcp_servers;
-use codex_core::config::types::McpServerTransportConfig;
 use predicates::prelude::PredicateBooleanExt;
 use predicates::str::contains;
 use pretty_assertions::assert_eq;
@@ -30,8 +27,8 @@ fn list_shows_empty_state() -> Result<()> {
     Ok(())
 }
 
-#[tokio::test]
-async fn list_and_get_render_expected_output() -> Result<()> {
+#[test]
+fn list_and_get_render_expected_output() -> Result<()> {
     let codex_home = TempDir::new()?;
 
     let mut add = codex_command(codex_home.path())?;
@@ -49,20 +46,6 @@ async fn list_and_get_render_expected_output() -> Result<()> {
     .assert()
     .success();
 
-    let mut servers = load_global_mcp_servers(codex_home.path()).await?;
-    let docs_entry = servers
-        .get_mut("docs")
-        .expect("docs server should exist after add");
-    match &mut docs_entry.transport {
-        McpServerTransportConfig::Stdio { env_vars, .. } => {
-            *env_vars = vec!["APP_TOKEN".to_string(), "WORKSPACE_ID".to_string()];
-        }
-        other => panic!("unexpected transport: {other:?}"),
-    }
-    ConfigEditsBuilder::new(codex_home.path())
-        .replace_mcp_servers(&servers)
-        .apply_blocking()?;
-
     let mut list_cmd = codex_command(codex_home.path())?;
     let list_output = list_cmd.args(["mcp", "list"]).output()?;
     assert!(list_output.status.success());
@@ -70,9 +53,7 @@ async fn list_and_get_render_expected_output() -> Result<()> {
     assert!(stdout.contains("Name"));
     assert!(stdout.contains("docs"));
     assert!(stdout.contains("docs-server"));
-    assert!(stdout.contains("TOKEN=*****"));
-    assert!(stdout.contains("APP_TOKEN=*****"));
-    assert!(stdout.contains("WORKSPACE_ID=*****"));
+    assert!(stdout.contains("TOKEN=secret"));
     assert!(stdout.contains("Status"));
     assert!(stdout.contains("Auth"));
     assert!(stdout.contains("enabled"));
@@ -98,12 +79,7 @@ async fn list_and_get_render_expected_output() -> Result<()> {
               ],
               "env": {
                 "TOKEN": "secret"
-              },
-              "env_vars": [
-                "APP_TOKEN",
-                "WORKSPACE_ID"
-              ],
-              "cwd": null
+              }
             },
             "startup_timeout_sec": null,
             "tool_timeout_sec": null,
@@ -121,9 +97,7 @@ async fn list_and_get_render_expected_output() -> Result<()> {
     assert!(stdout.contains("transport: stdio"));
     assert!(stdout.contains("command: docs-server"));
     assert!(stdout.contains("args: --port 4000"));
-    assert!(stdout.contains("env: TOKEN=*****"));
-    assert!(stdout.contains("APP_TOKEN=*****"));
-    assert!(stdout.contains("WORKSPACE_ID=*****"));
+    assert!(stdout.contains("env: TOKEN=secret"));
     assert!(stdout.contains("enabled: true"));
     assert!(stdout.contains("remove: codex mcp remove docs"));
 
@@ -136,30 +110,3 @@ async fn list_and_get_render_expected_output() -> Result<()> {
 
     Ok(())
 }
-
-#[tokio::test]
-async fn get_disabled_server_shows_single_line() -> Result<()> {
-    let codex_home = TempDir::new()?;
-
-    let mut add = codex_command(codex_home.path())?;
-    add.args(["mcp", "add", "docs", "--", "docs-server"])
-        .assert()
-        .success();
-
-    let mut servers = load_global_mcp_servers(codex_home.path()).await?;
-    let docs = servers
-        .get_mut("docs")
-        .expect("docs server should exist after add");
-    docs.enabled = false;
-    ConfigEditsBuilder::new(codex_home.path())
-        .replace_mcp_servers(&servers)
-        .apply_blocking()?;
-
-    let mut get_cmd = codex_command(codex_home.path())?;
-    let get_output = get_cmd.args(["mcp", "get", "docs"]).output()?;
-    assert!(get_output.status.success());
-    let stdout = String::from_utf8(get_output.stdout)?;
-    assert_eq!(stdout.trim_end(), "docs (disabled)");
-
-    Ok(())
-}

codex-rs/clippy.toml

@@ -7,7 +7,3 @@ disallowed-methods = [
     { path = "ratatui::style::Stylize::black", reason = "Avoid hardcoding black; prefer default fg or dim/bold. Exception: Disable this rule if rendering over a hardcoded ANSI background." },
     { path = "ratatui::style::Stylize::yellow", reason = "Avoid yellow; prefer other colors in `tui/styles.md`." },
 ]
-
-# Increase the size threshold for result_large_err to accommodate
-# richer error variants.
-large-error-threshold = 256

codex-rs/cloud-tasks-client/Cargo.toml

@@ -24,4 +24,4 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 thiserror = "2.0.12"
 codex-backend-client = { path = "../backend-client", optional = true }
-codex-git = { workspace = true }
+codex-git-apply = { path = "../git-apply" }

codex-rs/cloud-tasks-client/src/http.rs

@@ -362,13 +362,13 @@ mod api {
                 });
             }
 
-            let req = codex_git::ApplyGitRequest {
+            let req = codex_git_apply::ApplyGitRequest {
                 cwd: std::env::current_dir().unwrap_or_else(|_| std::env::temp_dir()),
                 diff: diff.clone(),
                 revert: false,
                 preflight,
             };
-            let r = codex_git::apply_git_patch(&req)
+            let r = codex_git_apply::apply_git_patch(&req)
                 .map_err(|e| CloudTaskError::Io(format!("git apply failed to run: {e}")))?;
 
             let status = if r.exit_code == 0 {

codex-rs/cloud-tasks-client/src/lib.rs

@@ -26,4 +26,4 @@ pub use mock::MockClient;
 #[cfg(feature = "online")]
 pub use http::HttpClient;
 
-// Reusable apply engine now lives in the shared crate `codex-git`.
+// Reusable apply engine now lives in the shared crate `codex-git-apply`.

codex-rs/cloud-tasks/src/lib.rs

@@ -58,16 +58,7 @@ async fn init_backend(user_agent_suffix: &str) -> anyhow::Result<BackendContext>
 
     let auth = match codex_core::config::find_codex_home()
         .ok()
-        .map(|home| {
-            let store_mode = codex_core::config::Config::load_from_base_config_with_overrides(
-                codex_core::config::ConfigToml::default(),
-                codex_core::config::ConfigOverrides::default(),
-                home.clone(),
-            )
-            .map(|cfg| cfg.cli_auth_credentials_store_mode)
-            .unwrap_or_default();
-            codex_login::AuthManager::new(home, false, store_mode)
-        })
+        .map(|home| codex_login::AuthManager::new(home, false))
         .and_then(|am| am.auth())
     {
         Some(auth) => auth,
@@ -1095,19 +1086,7 @@ pub async fn run_main(cli: Cli, _codex_linux_sandbox_exe: Option<PathBuf>) -> an
                                                 let backend = Arc::clone(&backend);
                                                 let best_of_n = page.best_of_n;
                                                 tokio::spawn(async move {
-                                                    let git_ref = if let Ok(cwd) = std::env::current_dir() {
-                                                        if let Some(branch) = codex_core::git_info::default_branch_name(&cwd).await {
-                                                            branch
-                                                        } else if let Some(branch) = codex_core::git_info::current_branch_name(&cwd).await {
-                                                            branch
-                                                        } else {
-                                                            "main".to_string()
-                                                        }
-                                                    } else {
-                                                        "main".to_string()
-                                                    };
-
-                                                    let result = codex_cloud_tasks_client::CloudBackend::create_task(&*backend, &env, &text, &git_ref, false, best_of_n).await;
+                                                    let result = codex_cloud_tasks_client::CloudBackend::create_task(&*backend, &env, &text, "main", false, best_of_n).await;
                                                     let evt = match result {
                                                         Ok(ok) => app::AppEvent::NewTaskSubmitted(Ok(ok)),
                                                         Err(e) => app::AppEvent::NewTaskSubmitted(Err(format!("{e}"))),

codex-rs/cloud-tasks/src/util.rs

@@ -70,14 +70,7 @@ pub async fn build_chatgpt_headers() -> HeaderMap {
         HeaderValue::from_str(&ua).unwrap_or(HeaderValue::from_static("codex-cli")),
     );
     if let Ok(home) = codex_core::config::find_codex_home() {
-        let store_mode = codex_core::config::Config::load_from_base_config_with_overrides(
-            codex_core::config::ConfigToml::default(),
-            codex_core::config::ConfigOverrides::default(),
-            home.clone(),
-        )
-        .map(|cfg| cfg.cli_auth_credentials_store_mode)
-        .unwrap_or_default();
-        let am = codex_login::AuthManager::new(home, false, store_mode);
+        let am = codex_login::AuthManager::new(home, false);
         if let Some(auth) = am.auth()
             && let Ok(tok) = auth.get_token().await
             && !tok.is_empty()

codex-rs/codex-backend-openapi-models/Cargo.toml

@@ -15,7 +15,3 @@ path = "src/lib.rs"
 [dependencies]
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
-serde_with = "3"
-
-[package.metadata.cargo-shear]
-ignored = ["serde_with"]

codex-rs/codex-backend-openapi-models/src/models/mod.rs

@@ -3,7 +3,6 @@
 // Currently export only the types referenced by the workspace
 // The process for this will change
 
-// Cloud Tasks
 pub mod code_task_details_response;
 pub use self::code_task_details_response::CodeTaskDetailsResponse;
 
@@ -21,14 +20,3 @@ pub use self::task_list_item::TaskListItem;
 
 pub mod paginated_list_task_list_item_;
 pub use self::paginated_list_task_list_item_::PaginatedListTaskListItem;
-
-// Rate Limits
-pub mod rate_limit_status_payload;
-pub use self::rate_limit_status_payload::PlanType;
-pub use self::rate_limit_status_payload::RateLimitStatusPayload;
-
-pub mod rate_limit_status_details;
-pub use self::rate_limit_status_details::RateLimitStatusDetails;
-
-pub mod rate_limit_window_snapshot;
-pub use self::rate_limit_window_snapshot::RateLimitWindowSnapshot;

codex-rs/codex-backend-openapi-models/src/models/rate_limit_status_details.rs

@@ -1,46 +0,0 @@
-/*
- * codex-backend
- *
- * codex-backend
- *
- * The version of the OpenAPI document: 0.0.1
- *
- * Generated by: https://openapi-generator.tech
- */
-
-use crate::models;
-use serde::Deserialize;
-use serde::Serialize;
-
-#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
-pub struct RateLimitStatusDetails {
-    #[serde(rename = "allowed")]
-    pub allowed: bool,
-    #[serde(rename = "limit_reached")]
-    pub limit_reached: bool,
-    #[serde(
-        rename = "primary_window",
-        default,
-        with = "::serde_with::rust::double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
-    pub primary_window: Option<Option<Box<models::RateLimitWindowSnapshot>>>,
-    #[serde(
-        rename = "secondary_window",
-        default,
-        with = "::serde_with::rust::double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
-    pub secondary_window: Option<Option<Box<models::RateLimitWindowSnapshot>>>,
-}
-
-impl RateLimitStatusDetails {
-    pub fn new(allowed: bool, limit_reached: bool) -> RateLimitStatusDetails {
-        RateLimitStatusDetails {
-            allowed,
-            limit_reached,
-            primary_window: None,
-            secondary_window: None,
-        }
-    }
-}

codex-rs/codex-backend-openapi-models/src/models/rate_limit_status_payload.rs

@@ -1,65 +0,0 @@
-/*
- * codex-backend
- *
- * codex-backend
- *
- * The version of the OpenAPI document: 0.0.1
- *
- * Generated by: https://openapi-generator.tech
- */
-
-use crate::models;
-use serde::Deserialize;
-use serde::Serialize;
-
-#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
-pub struct RateLimitStatusPayload {
-    #[serde(rename = "plan_type")]
-    pub plan_type: PlanType,
-    #[serde(
-        rename = "rate_limit",
-        default,
-        with = "::serde_with::rust::double_option",
-        skip_serializing_if = "Option::is_none"
-    )]
-    pub rate_limit: Option<Option<Box<models::RateLimitStatusDetails>>>,
-}
-
-impl RateLimitStatusPayload {
-    pub fn new(plan_type: PlanType) -> RateLimitStatusPayload {
-        RateLimitStatusPayload {
-            plan_type,
-            rate_limit: None,
-        }
-    }
-}
-
-#[derive(Clone, Copy, Debug, Eq, PartialEq, Ord, PartialOrd, Hash, Serialize, Deserialize)]
-pub enum PlanType {
-    #[serde(rename = "free")]
-    Free,
-    #[serde(rename = "go")]
-    Go,
-    #[serde(rename = "plus")]
-    Plus,
-    #[serde(rename = "pro")]
-    Pro,
-    #[serde(rename = "team")]
-    Team,
-    #[serde(rename = "business")]
-    Business,
-    #[serde(rename = "education")]
-    Education,
-    #[serde(rename = "quorum")]
-    Quorum,
-    #[serde(rename = "enterprise")]
-    Enterprise,
-    #[serde(rename = "edu")]
-    Edu,
-}
-
-impl Default for PlanType {
-    fn default() -> PlanType {
-        Self::Free
-    }
-}

codex-rs/codex-backend-openapi-models/src/models/rate_limit_window_snapshot.rs

@@ -1,40 +0,0 @@
-/*
- * codex-backend
- *
- * codex-backend
- *
- * The version of the OpenAPI document: 0.0.1
- *
- * Generated by: https://openapi-generator.tech
- */
-
-use serde::Deserialize;
-use serde::Serialize;
-
-#[derive(Clone, Default, Debug, PartialEq, Serialize, Deserialize)]
-pub struct RateLimitWindowSnapshot {
-    #[serde(rename = "used_percent")]
-    pub used_percent: i32,
-    #[serde(rename = "limit_window_seconds")]
-    pub limit_window_seconds: i32,
-    #[serde(rename = "reset_after_seconds")]
-    pub reset_after_seconds: i32,
-    #[serde(rename = "reset_at")]
-    pub reset_at: i32,
-}
-
-impl RateLimitWindowSnapshot {
-    pub fn new(
-        used_percent: i32,
-        limit_window_seconds: i32,
-        reset_after_seconds: i32,
-        reset_at: i32,
-    ) -> RateLimitWindowSnapshot {
-        RateLimitWindowSnapshot {
-            used_percent,
-            limit_window_seconds,
-            reset_after_seconds,
-            reset_at,
-        }
-    }
-}

codex-rs/common/src/approval_presets.rs

@@ -24,21 +24,21 @@ pub fn builtin_approval_presets() -> Vec<ApprovalPreset> {
         ApprovalPreset {
             id: "read-only",
             label: "Read Only",
-            description: "Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network.",
+            description: "Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network",
             approval: AskForApproval::OnRequest,
             sandbox: SandboxPolicy::ReadOnly,
         },
         ApprovalPreset {
             id: "auto",
             label: "Auto",
-            description: "Codex can read files, make edits, and run commands in the workspace. Codex requires approval to work outside the workspace or access network.",
+            description: "Codex can read files, make edits, and run commands in the workspace. Codex requires approval to work outside the workspace or access network",
             approval: AskForApproval::OnRequest,
             sandbox: SandboxPolicy::new_workspace_write_policy(),
         },
         ApprovalPreset {
             id: "full-access",
             label: "Full Access",
-            description: "Codex can read files, make edits, and run commands with network access, without approval. Exercise caution.",
+            description: "Codex can read files, make edits, and run commands with network access, without approval. Exercise caution",
             approval: AskForApproval::Never,
             sandbox: SandboxPolicy::DangerFullAccess,
         },

codex-rs/common/src/format_env_display.rs

@@ -1,62 +0,0 @@
-use std::collections::HashMap;
-
-pub fn format_env_display(env: Option<&HashMap<String, String>>, env_vars: &[String]) -> String {
-    let mut parts: Vec<String> = Vec::new();
-
-    if let Some(map) = env {
-        let mut pairs: Vec<_> = map.iter().collect();
-        pairs.sort_by(|(a, _), (b, _)| a.cmp(b));
-        parts.extend(pairs.into_iter().map(|(key, _)| format!("{key}=*****")));
-    }
-
-    if !env_vars.is_empty() {
-        parts.extend(env_vars.iter().map(|var| format!("{var}=*****")));
-    }
-
-    if parts.is_empty() {
-        "-".to_string()
-    } else {
-        parts.join(", ")
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn returns_dash_when_empty() {
-        assert_eq!(format_env_display(None, &[]), "-");
-
-        let empty_map = HashMap::new();
-        assert_eq!(format_env_display(Some(&empty_map), &[]), "-");
-    }
-
-    #[test]
-    fn formats_sorted_env_pairs() {
-        let mut env = HashMap::new();
-        env.insert("B".to_string(), "two".to_string());
-        env.insert("A".to_string(), "one".to_string());
-
-        assert_eq!(format_env_display(Some(&env), &[]), "A=*****, B=*****");
-    }
-
-    #[test]
-    fn formats_env_vars_with_dollar_prefix() {
-        let vars = vec!["TOKEN".to_string(), "PATH".to_string()];
-
-        assert_eq!(format_env_display(None, &vars), "TOKEN=*****, PATH=*****");
-    }
-
-    #[test]
-    fn combines_env_pairs_and_vars() {
-        let mut env = HashMap::new();
-        env.insert("HOME".to_string(), "/tmp".to_string());
-        let vars = vec!["TOKEN".to_string()];
-
-        assert_eq!(
-            format_env_display(Some(&env), &vars),
-            "HOME=*****, TOKEN=*****"
-        );
-    }
-}

codex-rs/common/src/lib.rs

@@ -13,9 +13,6 @@ mod sandbox_mode_cli_arg;
 #[cfg(feature = "cli")]
 pub use sandbox_mode_cli_arg::SandboxModeCliArg;
 
-#[cfg(feature = "cli")]
-pub mod format_env_display;
-
 #[cfg(any(feature = "cli", test))]
 mod config_override;
 

codex-rs/common/src/model_presets.rs

@@ -1,96 +1,73 @@
 use codex_app_server_protocol::AuthMode;
 use codex_core::protocol_config_types::ReasoningEffort;
 
-/// A reasoning effort option that can be surfaced for a model.
-#[derive(Debug, Clone, Copy)]
-pub struct ReasoningEffortPreset {
-    /// Effort level that the model supports.
-    pub effort: ReasoningEffort,
-    /// Short human description shown next to the effort in UIs.
-    pub description: &'static str,
-}
-
-/// Metadata describing a Codex-supported model.
+/// A simple preset pairing a model slug with a reasoning effort.
 #[derive(Debug, Clone, Copy)]
 pub struct ModelPreset {
     /// Stable identifier for the preset.
     pub id: &'static str,
+    /// Display label shown in UIs.
+    pub label: &'static str,
+    /// Short human description shown next to the label in UIs.
+    pub description: &'static str,
     /// Model slug (e.g., "gpt-5").
     pub model: &'static str,
-    /// Display name shown in UIs.
-    pub display_name: &'static str,
-    /// Short human description shown in UIs.
-    pub description: &'static str,
-    /// Reasoning effort applied when none is explicitly chosen.
-    pub default_reasoning_effort: ReasoningEffort,
-    /// Supported reasoning effort options.
-    pub supported_reasoning_efforts: &'static [ReasoningEffortPreset],
-    /// Whether this is the default model for new users.
-    pub is_default: bool,
+    /// Reasoning effort to apply for this preset.
+    pub effort: Option<ReasoningEffort>,
 }
 
 const PRESETS: &[ModelPreset] = &[
     ModelPreset {
-        id: "gpt-5-codex",
+        id: "gpt-5-codex-low",
+        label: "gpt-5-codex low",
+        description: "Fastest responses with limited reasoning",
         model: "gpt-5-codex",
-        display_name: "gpt-5-codex",
-        description: "Optimized for coding tasks with many tools.",
-        default_reasoning_effort: ReasoningEffort::Medium,
-        supported_reasoning_efforts: &[
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::Low,
-                description: "Fastest responses with limited reasoning",
-            },
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::Medium,
-                description: "Dynamically adjusts reasoning based on the task",
-            },
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::High,
-                description: "Maximizes reasoning depth for complex or ambiguous problems",
-            },
-        ],
-        is_default: true,
+        effort: Some(ReasoningEffort::Low),
     },
     ModelPreset {
-        id: "gpt-5",
+        id: "gpt-5-codex-medium",
+        label: "gpt-5-codex medium",
+        description: "Dynamically adjusts reasoning based on the task",
+        model: "gpt-5-codex",
+        effort: Some(ReasoningEffort::Medium),
+    },
+    ModelPreset {
+        id: "gpt-5-codex-high",
+        label: "gpt-5-codex high",
+        description: "Maximizes reasoning depth for complex or ambiguous problems",
+        model: "gpt-5-codex",
+        effort: Some(ReasoningEffort::High),
+    },
+    ModelPreset {
+        id: "gpt-5-minimal",
+        label: "gpt-5 minimal",
+        description: "Fastest responses with little reasoning",
         model: "gpt-5",
-        display_name: "gpt-5",
-        description: "Broad world knowledge with strong general reasoning.",
-        default_reasoning_effort: ReasoningEffort::Medium,
-        supported_reasoning_efforts: &[
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::Minimal,
-                description: "Fastest responses with little reasoning",
-            },
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::Low,
-                description: "Balances speed with some reasoning; useful for straightforward queries and short explanations",
-            },
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::Medium,
-                description: "Provides a solid balance of reasoning depth and latency for general-purpose tasks",
-            },
-            ReasoningEffortPreset {
-                effort: ReasoningEffort::High,
-                description: "Maximizes reasoning depth for complex or ambiguous problems",
-            },
-        ],
-        is_default: false,
+        effort: Some(ReasoningEffort::Minimal),
+    },
+    ModelPreset {
+        id: "gpt-5-low",
+        label: "gpt-5 low",
+        description: "Balances speed with some reasoning; useful for straightforward queries and short explanations",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::Low),
+    },
+    ModelPreset {
+        id: "gpt-5-medium",
+        label: "gpt-5 medium",
+        description: "Provides a solid balance of reasoning depth and latency for general-purpose tasks",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::Medium),
+    },
+    ModelPreset {
+        id: "gpt-5-high",
+        label: "gpt-5 high",
+        description: "Maximizes reasoning depth for complex or ambiguous problems",
+        model: "gpt-5",
+        effort: Some(ReasoningEffort::High),
     },
 ];
 
 pub fn builtin_model_presets(_auth_mode: Option<AuthMode>) -> Vec<ModelPreset> {
     PRESETS.to_vec()
 }
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    #[test]
-    fn only_one_default_model_is_configured() {
-        let default_models = PRESETS.iter().filter(|preset| preset.is_default).count();
-        assert!(default_models == 1);
-    }
-}

codex-rs/config.md

@@ -3,4 +3,4 @@
 This file has moved. Please see the latest configuration documentation here:
 
 - Full config docs: [docs/config.md](../docs/config.md)
-- MCP servers section: [docs/config.md#connecting-to-mcp-servers](../docs/config.md#connecting-to-mcp-servers)
+- MCP servers section: [docs/config.md#mcp_servers](../docs/config.md#mcp_servers) 

codex-rs/core/Cargo.toml

@@ -21,33 +21,23 @@ bytes = { workspace = true }
 chrono = { workspace = true, features = ["serde"] }
 codex-app-server-protocol = { workspace = true }
 codex-apply-patch = { workspace = true }
-codex-async-utils = { workspace = true }
 codex-file-search = { workspace = true }
-codex-git = { workspace = true }
-codex-keyring-store = { workspace = true }
+codex-mcp-client = { workspace = true }
 codex-otel = { workspace = true, features = ["otel"] }
 codex-protocol = { workspace = true }
 codex-rmcp-client = { workspace = true }
-codex-utils-pty = { workspace = true }
-codex-utils-readiness = { workspace = true }
 codex-utils-string = { workspace = true }
-codex-utils-tokenizer = { workspace = true }
 dirs = { workspace = true }
 dunce = { workspace = true }
 env-flags = { workspace = true }
 eventsource-stream = { workspace = true }
 futures = { workspace = true }
-http = { workspace = true }
 indexmap = { workspace = true }
-keyring = { workspace = true, features = [
-    "apple-native",
-    "crypto-rust",
-    "linux-native-async-persistent",
-    "windows-native",
-] }
+ignore = { workspace = true }
 libc = { workspace = true }
 mcp-types = { workspace = true }
 os_info = { workspace = true }
+portable-pty = { workspace = true }
 rand = { workspace = true }
 regex-lite = { workspace = true }
 reqwest = { workspace = true, features = ["json", "stream"] }
@@ -59,7 +49,6 @@ shlex = { workspace = true }
 similar = { workspace = true }
 strum_macros = { workspace = true }
 tempfile = { workspace = true }
-test-log = { workspace = true }
 thiserror = { workspace = true }
 time = { workspace = true, features = [
     "formatting",
@@ -105,7 +94,6 @@ assert_cmd = { workspace = true }
 assert_matches = { workspace = true }
 core_test_support = { workspace = true }
 escargot = { workspace = true }
-image = { workspace = true, features = ["jpeg", "png"] }
 maplit = { workspace = true }
 predicates = { workspace = true }
 pretty_assertions = { workspace = true }

codex-rs/core/README.md

@@ -4,7 +4,7 @@ This crate implements the business logic for Codex. It is designed to be used by
 
 ## Dependencies
 
-Note that `codex-core` makes some assumptions about certain helper utilities being available in the environment. Currently, this support matrix is:
+Note that `codex-core` makes some assumptions about certain helper utilities being available in the environment. Currently, this
 
 ### macOS
 

codex-rs/core/src/apply_patch.rs

@@ -36,6 +36,7 @@ pub(crate) struct ApplyPatchExec {
 pub(crate) async fn apply_patch(
     sess: &Session,
     turn_context: &TurnContext,
+    sub_id: &str,
     call_id: &str,
     action: ApplyPatchAction,
 ) -> InternalApplyPatchInvocation {
@@ -61,13 +62,7 @@ pub(crate) async fn apply_patch(
             // that similar patches can be auto-approved in the future during
             // this session.
             let rx_approve = sess
-                .request_patch_approval(
-                    turn_context,
-                    call_id.to_owned(),
-                    convert_apply_patch_to_protocol(&action),
-                    None,
-                    None,
-                )
+                .request_patch_approval(sub_id.to_owned(), call_id.to_owned(), &action, None, None)
                 .await;
             match rx_approve.await.unwrap_or_default() {
                 ReviewDecision::Approved | ReviewDecision::ApprovedForSession => {

codex-rs/core/src/auth.rs

@@ -1,12 +1,14 @@
-mod storage;
-
+use chrono::DateTime;
 use chrono::Utc;
 use serde::Deserialize;
 use serde::Serialize;
-#[cfg(test)]
-use serial_test::serial;
 use std::env;
-use std::fmt::Debug;
+use std::fs::File;
+use std::fs::OpenOptions;
+use std::io::Read;
+use std::io::Write;
+#[cfg(unix)]
+use std::os::unix::fs::OpenOptionsExt;
 use std::path::Path;
 use std::path::PathBuf;
 use std::sync::Arc;
@@ -14,18 +16,10 @@ use std::sync::Mutex;
 use std::time::Duration;
 
 use codex_app_server_protocol::AuthMode;
-use codex_protocol::config_types::ForcedLoginMethod;
 
-pub use crate::auth::storage::AuthCredentialsStoreMode;
-pub use crate::auth::storage::AuthDotJson;
-use crate::auth::storage::AuthStorageBackend;
-use crate::auth::storage::create_auth_storage;
-use crate::config::Config;
-use crate::default_client::CodexHttpClient;
 use crate::token_data::PlanType;
 use crate::token_data::TokenData;
 use crate::token_data::parse_id_token;
-use crate::util::try_parse_error_message;
 
 #[derive(Debug, Clone)]
 pub struct CodexAuth {
@@ -33,8 +27,8 @@ pub struct CodexAuth {
 
     pub(crate) api_key: Option<String>,
     pub(crate) auth_dot_json: Arc<Mutex<Option<AuthDotJson>>>,
-    storage: Arc<dyn AuthStorageBackend>,
-    pub(crate) client: CodexHttpClient,
+    pub(crate) auth_file: PathBuf,
+    pub(crate) client: reqwest::Client,
 }
 
 impl PartialEq for CodexAuth {
@@ -43,13 +37,8 @@ impl PartialEq for CodexAuth {
     }
 }
 
-// TODO(pakrym): use token exp field to check for expiration instead
-const TOKEN_REFRESH_INTERVAL: i64 = 8;
-
 impl CodexAuth {
     pub async fn refresh_token(&self) -> Result<String, std::io::Error> {
-        tracing::info!("Refreshing token");
-
         let token_data = self
             .get_current_token_data()
             .ok_or(std::io::Error::other("Token data is not available."))?;
@@ -60,7 +49,7 @@ impl CodexAuth {
             .map_err(std::io::Error::other)?;
 
         let updated = update_tokens(
-            &self.storage,
+            &self.auth_file,
             refresh_response.id_token,
             refresh_response.access_token,
             refresh_response.refresh_token,
@@ -82,12 +71,9 @@ impl CodexAuth {
         Ok(access)
     }
 
-    /// Loads the available auth information from auth storage.
-    pub fn from_auth_storage(
-        codex_home: &Path,
-        auth_credentials_store_mode: AuthCredentialsStoreMode,
-    ) -> std::io::Result<Option<CodexAuth>> {
-        load_auth(codex_home, false, auth_credentials_store_mode)
+    /// Loads the available auth information from the auth.json.
+    pub fn from_codex_home(codex_home: &Path) -> std::io::Result<Option<CodexAuth>> {
+        load_auth(codex_home, false)
     }
 
     pub async fn get_token_data(&self) -> Result<TokenData, std::io::Error> {
@@ -98,7 +84,7 @@ impl CodexAuth {
                 last_refresh: Some(last_refresh),
                 ..
             }) => {
-                if last_refresh < Utc::now() - chrono::Duration::days(TOKEN_REFRESH_INTERVAL) {
+                if last_refresh < Utc::now() - chrono::Duration::days(28) {
                     let refresh_response = tokio::time::timeout(
                         Duration::from_secs(60),
                         try_refresh_token(tokens.refresh_token.clone(), &self.client),
@@ -110,7 +96,7 @@ impl CodexAuth {
                     .map_err(std::io::Error::other)?;
 
                     let updated_auth_dot_json = update_tokens(
-                        &self.storage,
+                        &self.auth_file,
                         refresh_response.id_token,
                         refresh_response.access_token,
                         refresh_response.refresh_token,
@@ -149,10 +135,6 @@ impl CodexAuth {
         self.get_current_token_data().and_then(|t| t.account_id)
     }
 
-    pub fn get_account_email(&self) -> Option<String> {
-        self.get_current_token_data().and_then(|t| t.id_token.email)
-    }
-
     pub(crate) fn get_plan_type(&self) -> Option<PlanType> {
         self.get_current_token_data()
             .and_then(|t| t.id_token.chatgpt_plan_type)
@@ -184,17 +166,17 @@ impl CodexAuth {
         Self {
             api_key: None,
             mode: AuthMode::ChatGPT,
-            storage: create_auth_storage(PathBuf::new(), AuthCredentialsStoreMode::File),
+            auth_file: PathBuf::new(),
             auth_dot_json,
             client: crate::default_client::create_client(),
         }
     }
 
-    fn from_api_key_with_client(api_key: &str, client: CodexHttpClient) -> Self {
+    fn from_api_key_with_client(api_key: &str, client: reqwest::Client) -> Self {
         Self {
             api_key: Some(api_key.to_owned()),
             mode: AuthMode::ApiKey,
-            storage: create_auth_storage(PathBuf::new(), AuthCredentialsStoreMode::File),
+            auth_file: PathBuf::new(),
             auth_dot_json: Arc::new(Mutex::new(None)),
             client,
         }
@@ -222,140 +204,34 @@ pub fn read_codex_api_key_from_env() -> Option<String> {
         .filter(|value| !value.is_empty())
 }
 
+pub fn get_auth_file(codex_home: &Path) -> PathBuf {
+    codex_home.join("auth.json")
+}
+
 /// Delete the auth.json file inside `codex_home` if it exists. Returns `Ok(true)`
 /// if a file was removed, `Ok(false)` if no auth file was present.
-pub fn logout(
-    codex_home: &Path,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<bool> {
-    let storage = create_auth_storage(codex_home.to_path_buf(), auth_credentials_store_mode);
-    storage.delete()
+pub fn logout(codex_home: &Path) -> std::io::Result<bool> {
+    let auth_file = get_auth_file(codex_home);
+    match std::fs::remove_file(&auth_file) {
+        Ok(_) => Ok(true),
+        Err(err) if err.kind() == std::io::ErrorKind::NotFound => Ok(false),
+        Err(err) => Err(err),
+    }
 }
 
 /// Writes an `auth.json` that contains only the API key.
-pub fn login_with_api_key(
-    codex_home: &Path,
-    api_key: &str,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<()> {
+pub fn login_with_api_key(codex_home: &Path, api_key: &str) -> std::io::Result<()> {
     let auth_dot_json = AuthDotJson {
         openai_api_key: Some(api_key.to_string()),
         tokens: None,
         last_refresh: None,
     };
-    save_auth(codex_home, &auth_dot_json, auth_credentials_store_mode)
-}
-
-/// Persist the provided auth payload using the specified backend.
-pub fn save_auth(
-    codex_home: &Path,
-    auth: &AuthDotJson,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<()> {
-    let storage = create_auth_storage(codex_home.to_path_buf(), auth_credentials_store_mode);
-    storage.save(auth)
-}
-
-/// Load CLI auth data using the configured credential store backend.
-/// Returns `None` when no credentials are stored.
-pub fn load_auth_dot_json(
-    codex_home: &Path,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<Option<AuthDotJson>> {
-    let storage = create_auth_storage(codex_home.to_path_buf(), auth_credentials_store_mode);
-    storage.load()
-}
-
-pub async fn enforce_login_restrictions(config: &Config) -> std::io::Result<()> {
-    let Some(auth) = load_auth(
-        &config.codex_home,
-        true,
-        config.cli_auth_credentials_store_mode,
-    )?
-    else {
-        return Ok(());
-    };
-
-    if let Some(required_method) = config.forced_login_method {
-        let method_violation = match (required_method, auth.mode) {
-            (ForcedLoginMethod::Api, AuthMode::ApiKey) => None,
-            (ForcedLoginMethod::Chatgpt, AuthMode::ChatGPT) => None,
-            (ForcedLoginMethod::Api, AuthMode::ChatGPT) => Some(
-                "API key login is required, but ChatGPT is currently being used. Logging out."
-                    .to_string(),
-            ),
-            (ForcedLoginMethod::Chatgpt, AuthMode::ApiKey) => Some(
-                "ChatGPT login is required, but an API key is currently being used. Logging out."
-                    .to_string(),
-            ),
-        };
-
-        if let Some(message) = method_violation {
-            return logout_with_message(
-                &config.codex_home,
-                message,
-                config.cli_auth_credentials_store_mode,
-            );
-        }
-    }
-
-    if let Some(expected_account_id) = config.forced_chatgpt_workspace_id.as_deref() {
-        if auth.mode != AuthMode::ChatGPT {
-            return Ok(());
-        }
-
-        let token_data = match auth.get_token_data().await {
-            Ok(data) => data,
-            Err(err) => {
-                return logout_with_message(
-                    &config.codex_home,
-                    format!(
-                        "Failed to load ChatGPT credentials while enforcing workspace restrictions: {err}. Logging out."
-                    ),
-                    config.cli_auth_credentials_store_mode,
-                );
-            }
-        };
-
-        // workspace is the external identifier for account id.
-        let chatgpt_account_id = token_data.id_token.chatgpt_account_id.as_deref();
-        if chatgpt_account_id != Some(expected_account_id) {
-            let message = match chatgpt_account_id {
-                Some(actual) => format!(
-                    "Login is restricted to workspace {expected_account_id}, but current credentials belong to {actual}. Logging out."
-                ),
-                None => format!(
-                    "Login is restricted to workspace {expected_account_id}, but current credentials lack a workspace identifier. Logging out."
-                ),
-            };
-            return logout_with_message(
-                &config.codex_home,
-                message,
-                config.cli_auth_credentials_store_mode,
-            );
-        }
-    }
-
-    Ok(())
-}
-
-fn logout_with_message(
-    codex_home: &Path,
-    message: String,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
-) -> std::io::Result<()> {
-    match logout(codex_home, auth_credentials_store_mode) {
-        Ok(_) => Err(std::io::Error::other(message)),
-        Err(err) => Err(std::io::Error::other(format!(
-            "{message}. Failed to remove auth.json: {err}"
-        ))),
-    }
+    write_auth_json(&get_auth_file(codex_home), &auth_dot_json)
 }
 
 fn load_auth(
     codex_home: &Path,
     enable_codex_api_key_env: bool,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
 ) -> std::io::Result<Option<CodexAuth>> {
     if enable_codex_api_key_env && let Some(api_key) = read_codex_api_key_from_env() {
         let client = crate::default_client::create_client();
@@ -365,12 +241,13 @@ fn load_auth(
         )));
     }
 
-    let storage = create_auth_storage(codex_home.to_path_buf(), auth_credentials_store_mode);
-
+    let auth_file = get_auth_file(codex_home);
     let client = crate::default_client::create_client();
-    let auth_dot_json = match storage.load()? {
-        Some(auth) => auth,
-        None => return Ok(None),
+    let auth_dot_json = match try_read_auth_json(&auth_file) {
+        Ok(auth) => auth,
+        Err(e) => {
+            return Err(e);
+        }
     };
 
     let AuthDotJson {
@@ -387,7 +264,7 @@ fn load_auth(
     Ok(Some(CodexAuth {
         api_key: None,
         mode: AuthMode::ChatGPT,
-        storage: storage.clone(),
+        auth_file,
         auth_dot_json: Arc::new(Mutex::new(Some(AuthDotJson {
             openai_api_key: None,
             tokens,
@@ -397,20 +274,44 @@ fn load_auth(
     }))
 }
 
+/// Attempt to read and refresh the `auth.json` file in the given `CODEX_HOME` directory.
+/// Returns the full AuthDotJson structure after refreshing if necessary.
+pub fn try_read_auth_json(auth_file: &Path) -> std::io::Result<AuthDotJson> {
+    let mut file = File::open(auth_file)?;
+    let mut contents = String::new();
+    file.read_to_string(&mut contents)?;
+    let auth_dot_json: AuthDotJson = serde_json::from_str(&contents)?;
+
+    Ok(auth_dot_json)
+}
+
+pub fn write_auth_json(auth_file: &Path, auth_dot_json: &AuthDotJson) -> std::io::Result<()> {
+    if let Some(parent) = auth_file.parent() {
+        std::fs::create_dir_all(parent)?;
+    }
+    let json_data = serde_json::to_string_pretty(auth_dot_json)?;
+    let mut options = OpenOptions::new();
+    options.truncate(true).write(true).create(true);
+    #[cfg(unix)]
+    {
+        options.mode(0o600);
+    }
+    let mut file = options.open(auth_file)?;
+    file.write_all(json_data.as_bytes())?;
+    file.flush()?;
+    Ok(())
+}
+
 async fn update_tokens(
-    storage: &Arc<dyn AuthStorageBackend>,
-    id_token: Option<String>,
+    auth_file: &Path,
+    id_token: String,
     access_token: Option<String>,
     refresh_token: Option<String>,
 ) -> std::io::Result<AuthDotJson> {
-    let mut auth_dot_json = storage
-        .load()?
-        .ok_or(std::io::Error::other("Token data is not available."))?;
+    let mut auth_dot_json = try_read_auth_json(auth_file)?;
 
     let tokens = auth_dot_json.tokens.get_or_insert_with(TokenData::default);
-    if let Some(id_token) = id_token {
-        tokens.id_token = parse_id_token(&id_token).map_err(std::io::Error::other)?;
-    }
+    tokens.id_token = parse_id_token(&id_token).map_err(std::io::Error::other)?;
     if let Some(access_token) = access_token {
         tokens.access_token = access_token;
     }
@@ -418,13 +319,13 @@ async fn update_tokens(
         tokens.refresh_token = refresh_token;
     }
     auth_dot_json.last_refresh = Some(Utc::now());
-    storage.save(&auth_dot_json)?;
+    write_auth_json(auth_file, &auth_dot_json)?;
     Ok(auth_dot_json)
 }
 
 async fn try_refresh_token(
     refresh_token: String,
-    client: &CodexHttpClient,
+    client: &reqwest::Client,
 ) -> std::io::Result<RefreshResponse> {
     let refresh_request = RefreshRequest {
         client_id: CLIENT_ID,
@@ -450,9 +351,8 @@ async fn try_refresh_token(
         Ok(refresh_response)
     } else {
         Err(std::io::Error::other(format!(
-            "Failed to refresh token: {}: {}",
-            response.status(),
-            try_parse_error_message(&response.text().await.unwrap_or_default()),
+            "Failed to refresh token: {}",
+            response.status()
         )))
     }
 }
@@ -467,11 +367,24 @@ struct RefreshRequest {
 
 #[derive(Deserialize, Clone)]
 struct RefreshResponse {
-    id_token: Option<String>,
+    id_token: String,
     access_token: Option<String>,
     refresh_token: Option<String>,
 }
 
+/// Expected structure for $CODEX_HOME/auth.json.
+#[derive(Deserialize, Serialize, Clone, Debug, PartialEq)]
+pub struct AuthDotJson {
+    #[serde(rename = "OPENAI_API_KEY")]
+    pub openai_api_key: Option<String>,
+
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub tokens: Option<TokenData>,
+
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub last_refresh: Option<DateTime<Utc>>,
+}
+
 // Shared constant for token refresh (client id used for oauth token refresh flow)
 pub const CLIENT_ID: &str = "app_EMoamEEZ73f0CkXaXp7hrann";
 
@@ -486,52 +399,35 @@ struct CachedAuth {
 #[cfg(test)]
 mod tests {
     use super::*;
-    use crate::auth::storage::FileAuthStorage;
-    use crate::auth::storage::get_auth_file;
-    use crate::config::Config;
-    use crate::config::ConfigOverrides;
-    use crate::config::ConfigToml;
     use crate::token_data::IdTokenInfo;
     use crate::token_data::KnownPlan;
     use crate::token_data::PlanType;
-
     use base64::Engine;
-    use codex_protocol::config_types::ForcedLoginMethod;
     use pretty_assertions::assert_eq;
     use serde::Serialize;
     use serde_json::json;
     use tempfile::tempdir;
 
+    const LAST_REFRESH: &str = "2025-08-06T20:41:36.232376Z";
+
     #[tokio::test]
-    async fn refresh_without_id_token() {
+    async fn roundtrip_auth_dot_json() {
         let codex_home = tempdir().unwrap();
-        let fake_jwt = write_auth_file(
+        let _ = write_auth_file(
             AuthFileParams {
                 openai_api_key: None,
                 chatgpt_plan_type: "pro".to_string(),
-                chatgpt_account_id: None,
             },
             codex_home.path(),
         )
         .expect("failed to write auth file");
 
-        let storage = create_auth_storage(
-            codex_home.path().to_path_buf(),
-            AuthCredentialsStoreMode::File,
-        );
-        let updated = super::update_tokens(
-            &storage,
-            None,
-            Some("new-access-token".to_string()),
-            Some("new-refresh-token".to_string()),
-        )
-        .await
-        .expect("update_tokens should succeed");
+        let file = get_auth_file(codex_home.path());
+        let auth_dot_json = try_read_auth_json(&file).unwrap();
+        write_auth_json(&file, &auth_dot_json).unwrap();
 
-        let tokens = updated.tokens.expect("tokens should exist");
-        assert_eq!(tokens.id_token.raw_jwt, fake_jwt);
-        assert_eq!(tokens.access_token, "new-access-token");
-        assert_eq!(tokens.refresh_token, "new-refresh-token");
+        let same_auth_dot_json = try_read_auth_json(&file).unwrap();
+        assert_eq!(auth_dot_json, same_auth_dot_json);
     }
 
     #[test]
@@ -553,34 +449,20 @@ mod tests {
         )
         .unwrap();
 
-        super::login_with_api_key(dir.path(), "sk-new", AuthCredentialsStoreMode::File)
-            .expect("login_with_api_key should succeed");
+        super::login_with_api_key(dir.path(), "sk-new").expect("login_with_api_key should succeed");
 
-        let storage = FileAuthStorage::new(dir.path().to_path_buf());
-        let auth = storage
-            .try_read_auth_json(&auth_path)
-            .expect("auth.json should parse");
+        let auth = super::try_read_auth_json(&auth_path).expect("auth.json should parse");
         assert_eq!(auth.openai_api_key.as_deref(), Some("sk-new"));
         assert!(auth.tokens.is_none(), "tokens should be cleared");
     }
 
-    #[test]
-    fn missing_auth_json_returns_none() {
-        let dir = tempdir().unwrap();
-        let auth = CodexAuth::from_auth_storage(dir.path(), AuthCredentialsStoreMode::File)
-            .expect("call should succeed");
-        assert_eq!(auth, None);
-    }
-
     #[tokio::test]
-    #[serial(codex_api_key)]
     async fn pro_account_with_no_api_key_uses_chatgpt_auth() {
         let codex_home = tempdir().unwrap();
         let fake_jwt = write_auth_file(
             AuthFileParams {
                 openai_api_key: None,
                 chatgpt_plan_type: "pro".to_string(),
-                chatgpt_account_id: None,
             },
             codex_home.path(),
         )
@@ -590,20 +472,14 @@ mod tests {
             api_key,
             mode,
             auth_dot_json,
-            storage: _,
+            auth_file: _,
             ..
-        } = super::load_auth(codex_home.path(), false, AuthCredentialsStoreMode::File)
-            .unwrap()
-            .unwrap();
+        } = super::load_auth(codex_home.path(), false).unwrap().unwrap();
         assert_eq!(None, api_key);
         assert_eq!(AuthMode::ChatGPT, mode);
 
         let guard = auth_dot_json.lock().unwrap();
         let auth_dot_json = guard.as_ref().expect("AuthDotJson should exist");
-        let last_refresh = auth_dot_json
-            .last_refresh
-            .expect("last_refresh should be recorded");
-
         assert_eq!(
             &AuthDotJson {
                 openai_api_key: None,
@@ -611,21 +487,23 @@ mod tests {
                     id_token: IdTokenInfo {
                         email: Some("user@example.com".to_string()),
                         chatgpt_plan_type: Some(PlanType::Known(KnownPlan::Pro)),
-                        chatgpt_account_id: None,
                         raw_jwt: fake_jwt,
                     },
                     access_token: "test-access-token".to_string(),
                     refresh_token: "test-refresh-token".to_string(),
                     account_id: None,
                 }),
-                last_refresh: Some(last_refresh),
+                last_refresh: Some(
+                    DateTime::parse_from_rfc3339(LAST_REFRESH)
+                        .unwrap()
+                        .with_timezone(&Utc)
+                ),
             },
             auth_dot_json
-        );
+        )
     }
 
     #[tokio::test]
-    #[serial(codex_api_key)]
     async fn loads_api_key_from_auth_json() {
         let dir = tempdir().unwrap();
         let auth_file = dir.path().join("auth.json");
@@ -635,9 +513,7 @@ mod tests {
         )
         .unwrap();
 
-        let auth = super::load_auth(dir.path(), false, AuthCredentialsStoreMode::File)
-            .unwrap()
-            .unwrap();
+        let auth = super::load_auth(dir.path(), false).unwrap().unwrap();
         assert_eq!(auth.mode, AuthMode::ApiKey);
         assert_eq!(auth.api_key, Some("sk-test-key".to_string()));
 
@@ -652,18 +528,17 @@ mod tests {
             tokens: None,
             last_refresh: None,
         };
-        super::save_auth(dir.path(), &auth_dot_json, AuthCredentialsStoreMode::File)?;
-        let auth_file = get_auth_file(dir.path());
-        assert!(auth_file.exists());
-        assert!(logout(dir.path(), AuthCredentialsStoreMode::File)?);
-        assert!(!auth_file.exists());
+        write_auth_json(&get_auth_file(dir.path()), &auth_dot_json)?;
+        assert!(dir.path().join("auth.json").exists());
+        let removed = logout(dir.path())?;
+        assert!(removed);
+        assert!(!dir.path().join("auth.json").exists());
         Ok(())
     }
 
     struct AuthFileParams {
         openai_api_key: Option<String>,
         chatgpt_plan_type: String,
-        chatgpt_account_id: Option<String>,
     }
 
     fn write_auth_file(params: AuthFileParams, codex_home: &Path) -> std::io::Result<String> {
@@ -678,21 +553,15 @@ mod tests {
             alg: "none",
             typ: "JWT",
         };
-        let mut auth_payload = serde_json::json!({
-            "chatgpt_plan_type": params.chatgpt_plan_type,
-            "chatgpt_user_id": "user-12345",
-            "user_id": "user-12345",
-        });
-
-        if let Some(chatgpt_account_id) = params.chatgpt_account_id {
-            let org_value = serde_json::Value::String(chatgpt_account_id);
-            auth_payload["chatgpt_account_id"] = org_value;
-        }
-
         let payload = serde_json::json!({
             "email": "user@example.com",
             "email_verified": true,
-            "https://api.openai.com/auth": auth_payload,
+            "https://api.openai.com/auth": {
+                "chatgpt_account_id": "bc3618e3-489d-4d49-9362-1561dc53ba53",
+                "chatgpt_plan_type": params.chatgpt_plan_type,
+                "chatgpt_user_id": "user-12345",
+                "user_id": "user-12345",
+            }
         });
         let b64 = |b: &[u8]| base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(b);
         let header_b64 = b64(&serde_json::to_vec(&header)?);
@@ -707,163 +576,12 @@ mod tests {
                 "access_token": "test-access-token",
                 "refresh_token": "test-refresh-token"
             },
-            "last_refresh": Utc::now(),
+            "last_refresh": LAST_REFRESH,
         });
         let auth_json = serde_json::to_string_pretty(&auth_json_data)?;
         std::fs::write(auth_file, auth_json)?;
         Ok(fake_jwt)
     }
-
-    fn build_config(
-        codex_home: &Path,
-        forced_login_method: Option<ForcedLoginMethod>,
-        forced_chatgpt_workspace_id: Option<String>,
-    ) -> Config {
-        let mut config = Config::load_from_base_config_with_overrides(
-            ConfigToml::default(),
-            ConfigOverrides::default(),
-            codex_home.to_path_buf(),
-        )
-        .expect("config should load");
-        config.forced_login_method = forced_login_method;
-        config.forced_chatgpt_workspace_id = forced_chatgpt_workspace_id;
-        config
-    }
-
-    /// Use sparingly.
-    /// TODO (gpeal): replace this with an injectable env var provider.
-    #[cfg(test)]
-    struct EnvVarGuard {
-        key: &'static str,
-        original: Option<std::ffi::OsString>,
-    }
-
-    #[cfg(test)]
-    impl EnvVarGuard {
-        fn set(key: &'static str, value: &str) -> Self {
-            let original = env::var_os(key);
-            unsafe {
-                env::set_var(key, value);
-            }
-            Self { key, original }
-        }
-    }
-
-    #[cfg(test)]
-    impl Drop for EnvVarGuard {
-        fn drop(&mut self) {
-            unsafe {
-                match &self.original {
-                    Some(value) => env::set_var(self.key, value),
-                    None => env::remove_var(self.key),
-                }
-            }
-        }
-    }
-
-    #[tokio::test]
-    async fn enforce_login_restrictions_logs_out_for_method_mismatch() {
-        let codex_home = tempdir().unwrap();
-        login_with_api_key(codex_home.path(), "sk-test", AuthCredentialsStoreMode::File)
-            .expect("seed api key");
-
-        let config = build_config(codex_home.path(), Some(ForcedLoginMethod::Chatgpt), None);
-
-        let err = super::enforce_login_restrictions(&config)
-            .await
-            .expect_err("expected method mismatch to error");
-        assert!(err.to_string().contains("ChatGPT login is required"));
-        assert!(
-            !codex_home.path().join("auth.json").exists(),
-            "auth.json should be removed on mismatch"
-        );
-    }
-
-    #[tokio::test]
-    #[serial(codex_api_key)]
-    async fn enforce_login_restrictions_logs_out_for_workspace_mismatch() {
-        let codex_home = tempdir().unwrap();
-        let _jwt = write_auth_file(
-            AuthFileParams {
-                openai_api_key: None,
-                chatgpt_plan_type: "pro".to_string(),
-                chatgpt_account_id: Some("org_another_org".to_string()),
-            },
-            codex_home.path(),
-        )
-        .expect("failed to write auth file");
-
-        let config = build_config(codex_home.path(), None, Some("org_mine".to_string()));
-
-        let err = super::enforce_login_restrictions(&config)
-            .await
-            .expect_err("expected workspace mismatch to error");
-        assert!(err.to_string().contains("workspace org_mine"));
-        assert!(
-            !codex_home.path().join("auth.json").exists(),
-            "auth.json should be removed on mismatch"
-        );
-    }
-
-    #[tokio::test]
-    #[serial(codex_api_key)]
-    async fn enforce_login_restrictions_allows_matching_workspace() {
-        let codex_home = tempdir().unwrap();
-        let _jwt = write_auth_file(
-            AuthFileParams {
-                openai_api_key: None,
-                chatgpt_plan_type: "pro".to_string(),
-                chatgpt_account_id: Some("org_mine".to_string()),
-            },
-            codex_home.path(),
-        )
-        .expect("failed to write auth file");
-
-        let config = build_config(codex_home.path(), None, Some("org_mine".to_string()));
-
-        super::enforce_login_restrictions(&config)
-            .await
-            .expect("matching workspace should succeed");
-        assert!(
-            codex_home.path().join("auth.json").exists(),
-            "auth.json should remain when restrictions pass"
-        );
-    }
-
-    #[tokio::test]
-    async fn enforce_login_restrictions_allows_api_key_if_login_method_not_set_but_forced_chatgpt_workspace_id_is_set()
-     {
-        let codex_home = tempdir().unwrap();
-        login_with_api_key(codex_home.path(), "sk-test", AuthCredentialsStoreMode::File)
-            .expect("seed api key");
-
-        let config = build_config(codex_home.path(), None, Some("org_mine".to_string()));
-
-        super::enforce_login_restrictions(&config)
-            .await
-            .expect("matching workspace should succeed");
-        assert!(
-            codex_home.path().join("auth.json").exists(),
-            "auth.json should remain when restrictions pass"
-        );
-    }
-
-    #[tokio::test]
-    #[serial(codex_api_key)]
-    async fn enforce_login_restrictions_blocks_env_api_key_when_chatgpt_required() {
-        let _guard = EnvVarGuard::set(CODEX_API_KEY_ENV_VAR, "sk-env");
-        let codex_home = tempdir().unwrap();
-
-        let config = build_config(codex_home.path(), Some(ForcedLoginMethod::Chatgpt), None);
-
-        let err = super::enforce_login_restrictions(&config)
-            .await
-            .expect_err("environment API key should not satisfy forced ChatGPT login");
-        assert!(
-            err.to_string()
-                .contains("ChatGPT login is required, but an API key is currently being used.")
-        );
-    }
 }
 
 /// Central manager providing a single source of truth for auth.json derived
@@ -879,7 +597,6 @@ pub struct AuthManager {
     codex_home: PathBuf,
     inner: RwLock<CachedAuth>,
     enable_codex_api_key_env: bool,
-    auth_credentials_store_mode: AuthCredentialsStoreMode,
 }
 
 impl AuthManager {
@@ -887,23 +604,14 @@ impl AuthManager {
     /// preferred auth method. Errors loading auth are swallowed; `auth()` will
     /// simply return `None` in that case so callers can treat it as an
     /// unauthenticated state.
-    pub fn new(
-        codex_home: PathBuf,
-        enable_codex_api_key_env: bool,
-        auth_credentials_store_mode: AuthCredentialsStoreMode,
-    ) -> Self {
-        let auth = load_auth(
-            &codex_home,
-            enable_codex_api_key_env,
-            auth_credentials_store_mode,
-        )
-        .ok()
-        .flatten();
+    pub fn new(codex_home: PathBuf, enable_codex_api_key_env: bool) -> Self {
+        let auth = load_auth(&codex_home, enable_codex_api_key_env)
+            .ok()
+            .flatten();
         Self {
             codex_home,
             inner: RwLock::new(CachedAuth { auth }),
             enable_codex_api_key_env,
-            auth_credentials_store_mode,
         }
     }
 
@@ -914,7 +622,6 @@ impl AuthManager {
             codex_home: PathBuf::new(),
             inner: RwLock::new(cached),
             enable_codex_api_key_env: false,
-            auth_credentials_store_mode: AuthCredentialsStoreMode::File,
         })
     }
 
@@ -926,13 +633,9 @@ impl AuthManager {
     /// Force a reload of the auth information from auth.json. Returns
     /// whether the auth value changed.
     pub fn reload(&self) -> bool {
-        let new_auth = load_auth(
-            &self.codex_home,
-            self.enable_codex_api_key_env,
-            self.auth_credentials_store_mode,
-        )
-        .ok()
-        .flatten();
+        let new_auth = load_auth(&self.codex_home, self.enable_codex_api_key_env)
+            .ok()
+            .flatten();
         if let Ok(mut guard) = self.inner.write() {
             let changed = !AuthManager::auths_equal(&guard.auth, &new_auth);
             guard.auth = new_auth;
@@ -951,16 +654,8 @@ impl AuthManager {
     }
 
     /// Convenience constructor returning an `Arc` wrapper.
-    pub fn shared(
-        codex_home: PathBuf,
-        enable_codex_api_key_env: bool,
-        auth_credentials_store_mode: AuthCredentialsStoreMode,
-    ) -> Arc<Self> {
-        Arc::new(Self::new(
-            codex_home,
-            enable_codex_api_key_env,
-            auth_credentials_store_mode,
-        ))
+    pub fn shared(codex_home: PathBuf, enable_codex_api_key_env: bool) -> Arc<Self> {
+        Arc::new(Self::new(codex_home, enable_codex_api_key_env))
     }
 
     /// Attempt to refresh the current auth token (if any). On success, reload
@@ -976,10 +671,7 @@ impl AuthManager {
                 self.reload();
                 Ok(Some(token))
             }
-            Err(e) => {
-                tracing::error!("Failed to refresh token: {}", e);
-                Err(e)
-            }
+            Err(e) => Err(e),
         }
     }
 
@@ -988,7 +680,7 @@ impl AuthManager {
     /// reloads the in‑memory auth cache so callers immediately observe the
     /// unauthenticated state.
     pub fn logout(&self) -> std::io::Result<bool> {
-        let removed = super::auth::logout(&self.codex_home, self.auth_credentials_store_mode)?;
+        let removed = super::auth::logout(&self.codex_home)?;
         // Always reload to clear any cached auth (even if file absent).
         self.reload();
         Ok(removed)

codex-rs/core/src/auth/storage.rs

@@ -1,672 +0,0 @@
-use chrono::DateTime;
-use chrono::Utc;
-use serde::Deserialize;
-use serde::Serialize;
-use sha2::Digest;
-use sha2::Sha256;
-use std::fmt::Debug;
-use std::fs::File;
-use std::fs::OpenOptions;
-use std::io::Read;
-use std::io::Write;
-#[cfg(unix)]
-use std::os::unix::fs::OpenOptionsExt;
-use std::path::Path;
-use std::path::PathBuf;
-use std::sync::Arc;
-use tracing::warn;
-
-use crate::token_data::TokenData;
-use codex_keyring_store::DefaultKeyringStore;
-use codex_keyring_store::KeyringStore;
-
-/// Determine where Codex should store CLI auth credentials.
-#[derive(Debug, Default, Copy, Clone, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(rename_all = "lowercase")]
-pub enum AuthCredentialsStoreMode {
-    #[default]
-    /// Persist credentials in CODEX_HOME/auth.json.
-    File,
-    /// Persist credentials in the keyring. Fail if unavailable.
-    Keyring,
-    /// Use keyring when available; otherwise, fall back to a file in CODEX_HOME.
-    Auto,
-}
-
-/// Expected structure for $CODEX_HOME/auth.json.
-#[derive(Deserialize, Serialize, Clone, Debug, PartialEq)]
-pub struct AuthDotJson {
-    #[serde(rename = "OPENAI_API_KEY")]
-    pub openai_api_key: Option<String>,
-
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub tokens: Option<TokenData>,
-
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub last_refresh: Option<DateTime<Utc>>,
-}
-
-pub(super) fn get_auth_file(codex_home: &Path) -> PathBuf {
-    codex_home.join("auth.json")
-}
-
-pub(super) fn delete_file_if_exists(codex_home: &Path) -> std::io::Result<bool> {
-    let auth_file = get_auth_file(codex_home);
-    match std::fs::remove_file(&auth_file) {
-        Ok(()) => Ok(true),
-        Err(err) if err.kind() == std::io::ErrorKind::NotFound => Ok(false),
-        Err(err) => Err(err),
-    }
-}
-
-pub(super) trait AuthStorageBackend: Debug + Send + Sync {
-    fn load(&self) -> std::io::Result<Option<AuthDotJson>>;
-    fn save(&self, auth: &AuthDotJson) -> std::io::Result<()>;
-    fn delete(&self) -> std::io::Result<bool>;
-}
-
-#[derive(Clone, Debug)]
-pub(super) struct FileAuthStorage {
-    codex_home: PathBuf,
-}
-
-impl FileAuthStorage {
-    pub(super) fn new(codex_home: PathBuf) -> Self {
-        Self { codex_home }
-    }
-
-    /// Attempt to read and refresh the `auth.json` file in the given `CODEX_HOME` directory.
-    /// Returns the full AuthDotJson structure after refreshing if necessary.
-    pub(super) fn try_read_auth_json(&self, auth_file: &Path) -> std::io::Result<AuthDotJson> {
-        let mut file = File::open(auth_file)?;
-        let mut contents = String::new();
-        file.read_to_string(&mut contents)?;
-        let auth_dot_json: AuthDotJson = serde_json::from_str(&contents)?;
-
-        Ok(auth_dot_json)
-    }
-}
-
-impl AuthStorageBackend for FileAuthStorage {
-    fn load(&self) -> std::io::Result<Option<AuthDotJson>> {
-        let auth_file = get_auth_file(&self.codex_home);
-        let auth_dot_json = match self.try_read_auth_json(&auth_file) {
-            Ok(auth) => auth,
-            Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(None),
-            Err(err) => return Err(err),
-        };
-        Ok(Some(auth_dot_json))
-    }
-
-    fn save(&self, auth_dot_json: &AuthDotJson) -> std::io::Result<()> {
-        let auth_file = get_auth_file(&self.codex_home);
-
-        if let Some(parent) = auth_file.parent() {
-            std::fs::create_dir_all(parent)?;
-        }
-        let json_data = serde_json::to_string_pretty(auth_dot_json)?;
-        let mut options = OpenOptions::new();
-        options.truncate(true).write(true).create(true);
-        #[cfg(unix)]
-        {
-            options.mode(0o600);
-        }
-        let mut file = options.open(auth_file)?;
-        file.write_all(json_data.as_bytes())?;
-        file.flush()?;
-        Ok(())
-    }
-
-    fn delete(&self) -> std::io::Result<bool> {
-        delete_file_if_exists(&self.codex_home)
-    }
-}
-
-const KEYRING_SERVICE: &str = "Codex Auth";
-
-// turns codex_home path into a stable, short key string
-fn compute_store_key(codex_home: &Path) -> std::io::Result<String> {
-    let canonical = codex_home
-        .canonicalize()
-        .unwrap_or_else(|_| codex_home.to_path_buf());
-    let path_str = canonical.to_string_lossy();
-    let mut hasher = Sha256::new();
-    hasher.update(path_str.as_bytes());
-    let digest = hasher.finalize();
-    let hex = format!("{digest:x}");
-    let truncated = hex.get(..16).unwrap_or(&hex);
-    Ok(format!("cli|{truncated}"))
-}
-
-#[derive(Clone, Debug)]
-struct KeyringAuthStorage {
-    codex_home: PathBuf,
-    keyring_store: Arc<dyn KeyringStore>,
-}
-
-impl KeyringAuthStorage {
-    fn new(codex_home: PathBuf, keyring_store: Arc<dyn KeyringStore>) -> Self {
-        Self {
-            codex_home,
-            keyring_store,
-        }
-    }
-
-    fn load_from_keyring(&self, key: &str) -> std::io::Result<Option<AuthDotJson>> {
-        match self.keyring_store.load(KEYRING_SERVICE, key) {
-            Ok(Some(serialized)) => serde_json::from_str(&serialized).map(Some).map_err(|err| {
-                std::io::Error::other(format!(
-                    "failed to deserialize CLI auth from keyring: {err}"
-                ))
-            }),
-            Ok(None) => Ok(None),
-            Err(error) => Err(std::io::Error::other(format!(
-                "failed to load CLI auth from keyring: {}",
-                error.message()
-            ))),
-        }
-    }
-
-    fn save_to_keyring(&self, key: &str, value: &str) -> std::io::Result<()> {
-        match self.keyring_store.save(KEYRING_SERVICE, key, value) {
-            Ok(()) => Ok(()),
-            Err(error) => {
-                let message = format!(
-                    "failed to write OAuth tokens to keyring: {}",
-                    error.message()
-                );
-                warn!("{message}");
-                Err(std::io::Error::other(message))
-            }
-        }
-    }
-}
-
-impl AuthStorageBackend for KeyringAuthStorage {
-    fn load(&self) -> std::io::Result<Option<AuthDotJson>> {
-        let key = compute_store_key(&self.codex_home)?;
-        self.load_from_keyring(&key)
-    }
-
-    fn save(&self, auth: &AuthDotJson) -> std::io::Result<()> {
-        let key = compute_store_key(&self.codex_home)?;
-        // Simpler error mapping per style: prefer method reference over closure
-        let serialized = serde_json::to_string(auth).map_err(std::io::Error::other)?;
-        self.save_to_keyring(&key, &serialized)?;
-        if let Err(err) = delete_file_if_exists(&self.codex_home) {
-            warn!("failed to remove CLI auth fallback file: {err}");
-        }
-        Ok(())
-    }
-
-    fn delete(&self) -> std::io::Result<bool> {
-        let key = compute_store_key(&self.codex_home)?;
-        let keyring_removed = self
-            .keyring_store
-            .delete(KEYRING_SERVICE, &key)
-            .map_err(|err| {
-                std::io::Error::other(format!("failed to delete auth from keyring: {err}"))
-            })?;
-        let file_removed = delete_file_if_exists(&self.codex_home)?;
-        Ok(keyring_removed || file_removed)
-    }
-}
-
-#[derive(Clone, Debug)]
-struct AutoAuthStorage {
-    keyring_storage: Arc<KeyringAuthStorage>,
-    file_storage: Arc<FileAuthStorage>,
-}
-
-impl AutoAuthStorage {
-    fn new(codex_home: PathBuf, keyring_store: Arc<dyn KeyringStore>) -> Self {
-        Self {
-            keyring_storage: Arc::new(KeyringAuthStorage::new(codex_home.clone(), keyring_store)),
-            file_storage: Arc::new(FileAuthStorage::new(codex_home)),
-        }
-    }
-}
-
-impl AuthStorageBackend for AutoAuthStorage {
-    fn load(&self) -> std::io::Result<Option<AuthDotJson>> {
-        match self.keyring_storage.load() {
-            Ok(Some(auth)) => Ok(Some(auth)),
-            Ok(None) => self.file_storage.load(),
-            Err(err) => {
-                warn!("failed to load CLI auth from keyring, falling back to file storage: {err}");
-                self.file_storage.load()
-            }
-        }
-    }
-
-    fn save(&self, auth: &AuthDotJson) -> std::io::Result<()> {
-        match self.keyring_storage.save(auth) {
-            Ok(()) => Ok(()),
-            Err(err) => {
-                warn!("failed to save auth to keyring, falling back to file storage: {err}");
-                self.file_storage.save(auth)
-            }
-        }
-    }
-
-    fn delete(&self) -> std::io::Result<bool> {
-        // Keyring storage will delete from disk as well
-        self.keyring_storage.delete()
-    }
-}
-
-pub(super) fn create_auth_storage(
-    codex_home: PathBuf,
-    mode: AuthCredentialsStoreMode,
-) -> Arc<dyn AuthStorageBackend> {
-    let keyring_store: Arc<dyn KeyringStore> = Arc::new(DefaultKeyringStore);
-    create_auth_storage_with_keyring_store(codex_home, mode, keyring_store)
-}
-
-fn create_auth_storage_with_keyring_store(
-    codex_home: PathBuf,
-    mode: AuthCredentialsStoreMode,
-    keyring_store: Arc<dyn KeyringStore>,
-) -> Arc<dyn AuthStorageBackend> {
-    match mode {
-        AuthCredentialsStoreMode::File => Arc::new(FileAuthStorage::new(codex_home)),
-        AuthCredentialsStoreMode::Keyring => {
-            Arc::new(KeyringAuthStorage::new(codex_home, keyring_store))
-        }
-        AuthCredentialsStoreMode::Auto => Arc::new(AutoAuthStorage::new(codex_home, keyring_store)),
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::token_data::IdTokenInfo;
-    use anyhow::Context;
-    use base64::Engine;
-    use pretty_assertions::assert_eq;
-    use serde_json::json;
-    use tempfile::tempdir;
-
-    use codex_keyring_store::tests::MockKeyringStore;
-    use keyring::Error as KeyringError;
-
-    #[tokio::test]
-    async fn file_storage_load_returns_auth_dot_json() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let storage = FileAuthStorage::new(codex_home.path().to_path_buf());
-        let auth_dot_json = AuthDotJson {
-            openai_api_key: Some("test-key".to_string()),
-            tokens: None,
-            last_refresh: Some(Utc::now()),
-        };
-
-        storage
-            .save(&auth_dot_json)
-            .context("failed to save auth file")?;
-
-        let loaded = storage.load().context("failed to load auth file")?;
-        assert_eq!(Some(auth_dot_json), loaded);
-        Ok(())
-    }
-
-    #[tokio::test]
-    async fn file_storage_save_persists_auth_dot_json() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let storage = FileAuthStorage::new(codex_home.path().to_path_buf());
-        let auth_dot_json = AuthDotJson {
-            openai_api_key: Some("test-key".to_string()),
-            tokens: None,
-            last_refresh: Some(Utc::now()),
-        };
-
-        let file = get_auth_file(codex_home.path());
-        storage
-            .save(&auth_dot_json)
-            .context("failed to save auth file")?;
-
-        let same_auth_dot_json = storage
-            .try_read_auth_json(&file)
-            .context("failed to read auth file after save")?;
-        assert_eq!(auth_dot_json, same_auth_dot_json);
-        Ok(())
-    }
-
-    #[test]
-    fn file_storage_delete_removes_auth_file() -> anyhow::Result<()> {
-        let dir = tempdir()?;
-        let auth_dot_json = AuthDotJson {
-            openai_api_key: Some("sk-test-key".to_string()),
-            tokens: None,
-            last_refresh: None,
-        };
-        let storage = create_auth_storage(dir.path().to_path_buf(), AuthCredentialsStoreMode::File);
-        storage.save(&auth_dot_json)?;
-        assert!(dir.path().join("auth.json").exists());
-        let storage = FileAuthStorage::new(dir.path().to_path_buf());
-        let removed = storage.delete()?;
-        assert!(removed);
-        assert!(!dir.path().join("auth.json").exists());
-        Ok(())
-    }
-
-    fn seed_keyring_and_fallback_auth_file_for_delete<F>(
-        mock_keyring: &MockKeyringStore,
-        codex_home: &Path,
-        compute_key: F,
-    ) -> anyhow::Result<(String, PathBuf)>
-    where
-        F: FnOnce() -> std::io::Result<String>,
-    {
-        let key = compute_key()?;
-        mock_keyring.save(KEYRING_SERVICE, &key, "{}")?;
-        let auth_file = get_auth_file(codex_home);
-        std::fs::write(&auth_file, "stale")?;
-        Ok((key, auth_file))
-    }
-
-    fn seed_keyring_with_auth<F>(
-        mock_keyring: &MockKeyringStore,
-        compute_key: F,
-        auth: &AuthDotJson,
-    ) -> anyhow::Result<()>
-    where
-        F: FnOnce() -> std::io::Result<String>,
-    {
-        let key = compute_key()?;
-        let serialized = serde_json::to_string(auth)?;
-        mock_keyring.save(KEYRING_SERVICE, &key, &serialized)?;
-        Ok(())
-    }
-
-    fn assert_keyring_saved_auth_and_removed_fallback(
-        mock_keyring: &MockKeyringStore,
-        key: &str,
-        codex_home: &Path,
-        expected: &AuthDotJson,
-    ) {
-        let saved_value = mock_keyring
-            .saved_value(key)
-            .expect("keyring entry should exist");
-        let expected_serialized = serde_json::to_string(expected).expect("serialize expected auth");
-        assert_eq!(saved_value, expected_serialized);
-        let auth_file = get_auth_file(codex_home);
-        assert!(
-            !auth_file.exists(),
-            "fallback auth.json should be removed after keyring save"
-        );
-    }
-
-    fn id_token_with_prefix(prefix: &str) -> IdTokenInfo {
-        #[derive(Serialize)]
-        struct Header {
-            alg: &'static str,
-            typ: &'static str,
-        }
-
-        let header = Header {
-            alg: "none",
-            typ: "JWT",
-        };
-        let payload = json!({
-            "email": format!("{prefix}@example.com"),
-            "https://api.openai.com/auth": {
-                "chatgpt_account_id": format!("{prefix}-account"),
-            },
-        });
-        let encode = |bytes: &[u8]| base64::engine::general_purpose::URL_SAFE_NO_PAD.encode(bytes);
-        let header_b64 = encode(&serde_json::to_vec(&header).expect("serialize header"));
-        let payload_b64 = encode(&serde_json::to_vec(&payload).expect("serialize payload"));
-        let signature_b64 = encode(b"sig");
-        let fake_jwt = format!("{header_b64}.{payload_b64}.{signature_b64}");
-
-        crate::token_data::parse_id_token(&fake_jwt).expect("fake JWT should parse")
-    }
-
-    fn auth_with_prefix(prefix: &str) -> AuthDotJson {
-        AuthDotJson {
-            openai_api_key: Some(format!("{prefix}-api-key")),
-            tokens: Some(TokenData {
-                id_token: id_token_with_prefix(prefix),
-                access_token: format!("{prefix}-access"),
-                refresh_token: format!("{prefix}-refresh"),
-                account_id: Some(format!("{prefix}-account-id")),
-            }),
-            last_refresh: None,
-        }
-    }
-
-    #[test]
-    fn keyring_auth_storage_load_returns_deserialized_auth() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = KeyringAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let expected = AuthDotJson {
-            openai_api_key: Some("sk-test".to_string()),
-            tokens: None,
-            last_refresh: None,
-        };
-        seed_keyring_with_auth(
-            &mock_keyring,
-            || compute_store_key(codex_home.path()),
-            &expected,
-        )?;
-
-        let loaded = storage.load()?;
-        assert_eq!(Some(expected), loaded);
-        Ok(())
-    }
-
-    #[test]
-    fn keyring_auth_storage_compute_store_key_for_home_directory() -> anyhow::Result<()> {
-        let codex_home = PathBuf::from("~/.codex");
-
-        let key = compute_store_key(codex_home.as_path())?;
-
-        assert_eq!(key, "cli|940db7b1d0e4eb40");
-        Ok(())
-    }
-
-    #[test]
-    fn keyring_auth_storage_save_persists_and_removes_fallback_file() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = KeyringAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let auth_file = get_auth_file(codex_home.path());
-        std::fs::write(&auth_file, "stale")?;
-        let auth = AuthDotJson {
-            openai_api_key: None,
-            tokens: Some(TokenData {
-                id_token: Default::default(),
-                access_token: "access".to_string(),
-                refresh_token: "refresh".to_string(),
-                account_id: Some("account".to_string()),
-            }),
-            last_refresh: Some(Utc::now()),
-        };
-
-        storage.save(&auth)?;
-
-        let key = compute_store_key(codex_home.path())?;
-        assert_keyring_saved_auth_and_removed_fallback(
-            &mock_keyring,
-            &key,
-            codex_home.path(),
-            &auth,
-        );
-        Ok(())
-    }
-
-    #[test]
-    fn keyring_auth_storage_delete_removes_keyring_and_file() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = KeyringAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let (key, auth_file) = seed_keyring_and_fallback_auth_file_for_delete(
-            &mock_keyring,
-            codex_home.path(),
-            || compute_store_key(codex_home.path()),
-        )?;
-
-        let removed = storage.delete()?;
-
-        assert!(removed, "delete should report removal");
-        assert!(
-            !mock_keyring.contains(&key),
-            "keyring entry should be removed"
-        );
-        assert!(
-            !auth_file.exists(),
-            "fallback auth.json should be removed after keyring delete"
-        );
-        Ok(())
-    }
-
-    #[test]
-    fn auto_auth_storage_load_prefers_keyring_value() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = AutoAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let keyring_auth = auth_with_prefix("keyring");
-        seed_keyring_with_auth(
-            &mock_keyring,
-            || compute_store_key(codex_home.path()),
-            &keyring_auth,
-        )?;
-
-        let file_auth = auth_with_prefix("file");
-        storage.file_storage.save(&file_auth)?;
-
-        let loaded = storage.load()?;
-        assert_eq!(loaded, Some(keyring_auth));
-        Ok(())
-    }
-
-    #[test]
-    fn auto_auth_storage_load_uses_file_when_keyring_empty() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = AutoAuthStorage::new(codex_home.path().to_path_buf(), Arc::new(mock_keyring));
-
-        let expected = auth_with_prefix("file-only");
-        storage.file_storage.save(&expected)?;
-
-        let loaded = storage.load()?;
-        assert_eq!(loaded, Some(expected));
-        Ok(())
-    }
-
-    #[test]
-    fn auto_auth_storage_load_falls_back_when_keyring_errors() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = AutoAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let key = compute_store_key(codex_home.path())?;
-        mock_keyring.set_error(&key, KeyringError::Invalid("error".into(), "load".into()));
-
-        let expected = auth_with_prefix("fallback");
-        storage.file_storage.save(&expected)?;
-
-        let loaded = storage.load()?;
-        assert_eq!(loaded, Some(expected));
-        Ok(())
-    }
-
-    #[test]
-    fn auto_auth_storage_save_prefers_keyring() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = AutoAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let key = compute_store_key(codex_home.path())?;
-
-        let stale = auth_with_prefix("stale");
-        storage.file_storage.save(&stale)?;
-
-        let expected = auth_with_prefix("to-save");
-        storage.save(&expected)?;
-
-        assert_keyring_saved_auth_and_removed_fallback(
-            &mock_keyring,
-            &key,
-            codex_home.path(),
-            &expected,
-        );
-        Ok(())
-    }
-
-    #[test]
-    fn auto_auth_storage_save_falls_back_when_keyring_errors() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = AutoAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let key = compute_store_key(codex_home.path())?;
-        mock_keyring.set_error(&key, KeyringError::Invalid("error".into(), "save".into()));
-
-        let auth = auth_with_prefix("fallback");
-        storage.save(&auth)?;
-
-        let auth_file = get_auth_file(codex_home.path());
-        assert!(
-            auth_file.exists(),
-            "fallback auth.json should be created when keyring save fails"
-        );
-        let saved = storage
-            .file_storage
-            .load()?
-            .context("fallback auth should exist")?;
-        assert_eq!(saved, auth);
-        assert!(
-            mock_keyring.saved_value(&key).is_none(),
-            "keyring should not contain value when save fails"
-        );
-        Ok(())
-    }
-
-    #[test]
-    fn auto_auth_storage_delete_removes_keyring_and_file() -> anyhow::Result<()> {
-        let codex_home = tempdir()?;
-        let mock_keyring = MockKeyringStore::default();
-        let storage = AutoAuthStorage::new(
-            codex_home.path().to_path_buf(),
-            Arc::new(mock_keyring.clone()),
-        );
-        let (key, auth_file) = seed_keyring_and_fallback_auth_file_for_delete(
-            &mock_keyring,
-            codex_home.path(),
-            || compute_store_key(codex_home.path()),
-        )?;
-
-        let removed = storage.delete()?;
-
-        assert!(removed, "delete should report removal");
-        assert!(
-            !mock_keyring.contains(&key),
-            "keyring entry should be removed"
-        );
-        assert!(
-            !auth_file.exists(),
-            "fallback auth.json should be removed after delete"
-        );
-        Ok(())
-    }
-}

codex-rs/core/src/bash.rs

@@ -5,13 +5,13 @@ use tree_sitter_bash::LANGUAGE as BASH;
 
 /// Parse the provided bash source using tree-sitter-bash, returning a Tree on
 /// success or None if parsing failed.
-pub fn try_parse_shell(shell_lc_arg: &str) -> Option<Tree> {
+pub fn try_parse_bash(bash_lc_arg: &str) -> Option<Tree> {
     let lang = BASH.into();
     let mut parser = Parser::new();
     #[expect(clippy::expect_used)]
     parser.set_language(&lang).expect("load bash grammar");
     let old_tree: Option<&Tree> = None;
-    parser.parse(shell_lc_arg, old_tree)
+    parser.parse(bash_lc_arg, old_tree)
 }
 
 /// Parse a script which may contain multiple simple commands joined only by
@@ -88,19 +88,18 @@ pub fn try_parse_word_only_commands_sequence(tree: &Tree, src: &str) -> Option<V
     Some(commands)
 }
 
-/// Returns the sequence of plain commands within a `bash -lc "..."` or
-/// `zsh -lc "..."` invocation when the script only contains word-only commands
-/// joined by safe operators.
-pub fn parse_shell_lc_plain_commands(command: &[String]) -> Option<Vec<Vec<String>>> {
-    let [shell, flag, script] = command else {
+/// Returns the sequence of plain commands within a `bash -lc "..."` invocation
+/// when the script only contains word-only commands joined by safe operators.
+pub fn parse_bash_lc_plain_commands(command: &[String]) -> Option<Vec<Vec<String>>> {
+    let [bash, flag, script] = command else {
         return None;
     };
 
-    if flag != "-lc" || !(shell == "bash" || shell == "zsh") {
+    if bash != "bash" || flag != "-lc" {
         return None;
     }
 
-    let tree = try_parse_shell(script)?;
+    let tree = try_parse_bash(script)?;
     try_parse_word_only_commands_sequence(&tree, script)
 }
 
@@ -155,7 +154,7 @@ mod tests {
     use super::*;
 
     fn parse_seq(src: &str) -> Option<Vec<Vec<String>>> {
-        let tree = try_parse_shell(src)?;
+        let tree = try_parse_bash(src)?;
         try_parse_word_only_commands_sequence(&tree, src)
     }
 
@@ -235,11 +234,4 @@ mod tests {
     fn rejects_trailing_operator_parse_error() {
         assert!(parse_seq("ls &&").is_none());
     }
-
-    #[test]
-    fn parse_zsh_lc_plain_commands() {
-        let command = vec!["zsh".to_string(), "-lc".to_string(), "ls".to_string()];
-        let parsed = parse_shell_lc_plain_commands(&command).unwrap();
-        assert_eq!(parsed, vec![vec!["ls".to_string()]]);
-    }
 }

codex-rs/core/src/chat_completions.rs

@@ -4,24 +4,18 @@ use crate::ModelProviderInfo;
 use crate::client_common::Prompt;
 use crate::client_common::ResponseEvent;
 use crate::client_common::ResponseStream;
-use crate::default_client::CodexHttpClient;
 use crate::error::CodexErr;
-use crate::error::ConnectionFailedError;
-use crate::error::ResponseStreamFailed;
 use crate::error::Result;
 use crate::error::RetryLimitReachedError;
 use crate::error::UnexpectedResponseError;
 use crate::model_family::ModelFamily;
-use crate::tools::spec::create_tools_json_for_chat_completions_api;
+use crate::openai_tools::create_tools_json_for_chat_completions_api;
 use crate::util::backoff;
 use bytes::Bytes;
 use codex_otel::otel_event_manager::OtelEventManager;
 use codex_protocol::models::ContentItem;
-use codex_protocol::models::FunctionCallOutputContentItem;
 use codex_protocol::models::ReasoningItemContent;
 use codex_protocol::models::ResponseItem;
-use codex_protocol::protocol::SessionSource;
-use codex_protocol::protocol::SubAgentSource;
 use eventsource_stream::Eventsource;
 use futures::Stream;
 use futures::StreamExt;
@@ -40,10 +34,9 @@ use tracing::trace;
 pub(crate) async fn stream_chat_completions(
     prompt: &Prompt,
     model_family: &ModelFamily,
-    client: &CodexHttpClient,
+    client: &reqwest::Client,
     provider: &ModelProviderInfo,
     otel_event_manager: &OtelEventManager,
-    session_source: &SessionSource,
 ) -> Result<ResponseStream> {
     if prompt.output_schema.is_some() {
         return Err(CodexErr::UnsupportedOperation(
@@ -80,7 +73,6 @@ pub(crate) async fn stream_chat_completions(
             ResponseItem::CustomToolCall { .. } => {}
             ResponseItem::CustomToolCallOutput { .. } => {}
             ResponseItem::WebSearchCall { .. } => {}
-            ResponseItem::GhostSnapshot { .. } => {}
         }
     }
 
@@ -110,10 +102,10 @@ pub(crate) async fn stream_chat_completions(
             } = item
             {
                 let mut text = String::new();
-                for entry in items {
-                    match entry {
-                        ReasoningItemContent::ReasoningText { text: segment }
-                        | ReasoningItemContent::Text { text: segment } => text.push_str(segment),
+                for c in items {
+                    match c {
+                        ReasoningItemContent::ReasoningText { text: t }
+                        | ReasoningItemContent::Text { text: t } => text.push_str(t),
                     }
                 }
                 if text.trim().is_empty() {
@@ -163,26 +155,16 @@ pub(crate) async fn stream_chat_completions(
     for (idx, item) in input.iter().enumerate() {
         match item {
             ResponseItem::Message { role, content, .. } => {
-                // Build content either as a plain string (typical for assistant text)
-                // or as an array of content items when images are present (user/tool multimodal).
                 let mut text = String::new();
-                let mut items: Vec<serde_json::Value> = Vec::new();
-                let mut saw_image = false;
-
                 for c in content {
                     match c {
                         ContentItem::InputText { text: t }
                         | ContentItem::OutputText { text: t } => {
                             text.push_str(t);
-                            items.push(json!({"type":"text","text": t}));
-                        }
-                        ContentItem::InputImage { image_url } => {
-                            saw_image = true;
-                            items.push(json!({"type":"image_url","image_url": {"url": image_url}}));
                         }
+                        _ => {}
                     }
                 }
-
                 // Skip exact-duplicate assistant messages.
                 if role == "assistant" {
                     if let Some(prev) = &last_assistant_text
@@ -193,17 +175,7 @@ pub(crate) async fn stream_chat_completions(
                     last_assistant_text = Some(text.clone());
                 }
 
-                // For assistant messages, always send a plain string for compatibility.
-                // For user messages, if an image is present, send an array of content items.
-                let content_value = if role == "assistant" {
-                    json!(text)
-                } else if saw_image {
-                    json!(items)
-                } else {
-                    json!(text)
-                };
-
-                let mut msg = json!({"role": role, "content": content_value});
+                let mut msg = json!({"role": role, "content": text});
                 if role == "assistant"
                     && let Some(reasoning) = reasoning_by_anchor_index.get(&idx)
                     && let Some(obj) = msg.as_object_mut()
@@ -262,29 +234,10 @@ pub(crate) async fn stream_chat_completions(
                 messages.push(msg);
             }
             ResponseItem::FunctionCallOutput { call_id, output } => {
-                // Prefer structured content items when available (e.g., images)
-                // otherwise fall back to the legacy plain-string content.
-                let content_value = if let Some(items) = &output.content_items {
-                    let mapped: Vec<serde_json::Value> = items
-                        .iter()
-                        .map(|it| match it {
-                            FunctionCallOutputContentItem::InputText { text } => {
-                                json!({"type":"text","text": text})
-                            }
-                            FunctionCallOutputContentItem::InputImage { image_url } => {
-                                json!({"type":"image_url","image_url": {"url": image_url}})
-                            }
-                        })
-                        .collect();
-                    json!(mapped)
-                } else {
-                    json!(output.content)
-                };
-
                 messages.push(json!({
                     "role": "tool",
                     "tool_call_id": call_id,
-                    "content": content_value,
+                    "content": output.content,
                 }));
             }
             ResponseItem::CustomToolCall {
@@ -314,10 +267,6 @@ pub(crate) async fn stream_chat_completions(
                     "content": output,
                 }));
             }
-            ResponseItem::GhostSnapshot { .. } => {
-                // Ghost snapshots annotate history but are not sent to the model.
-                continue;
-            }
             ResponseItem::Reasoning { .. }
             | ResponseItem::WebSearchCall { .. }
             | ResponseItem::Other => {
@@ -346,20 +295,7 @@ pub(crate) async fn stream_chat_completions(
     loop {
         attempt += 1;
 
-        let mut req_builder = provider.create_request_builder(client, &None).await?;
-
-        // Include subagent header only for subagent sessions.
-        if let SessionSource::SubAgent(sub) = session_source.clone() {
-            let subagent = if let SubAgentSource::Other(label) = sub {
-                label
-            } else {
-                serde_json::to_value(&sub)
-                    .ok()
-                    .and_then(|v| v.as_str().map(std::string::ToString::to_string))
-                    .unwrap_or_else(|| "other".to_string())
-            };
-            req_builder = req_builder.header("x-openai-subagent", subagent);
-        }
+        let req_builder = provider.create_request_builder(client, &None).await?;
 
         let res = otel_event_manager
             .log_request(attempt, || {
@@ -373,12 +309,7 @@ pub(crate) async fn stream_chat_completions(
         match res {
             Ok(resp) if resp.status().is_success() => {
                 let (tx_event, rx_event) = mpsc::channel::<Result<ResponseEvent>>(1600);
-                let stream = resp.bytes_stream().map_err(|e| {
-                    CodexErr::ResponseStreamFailed(ResponseStreamFailed {
-                        source: e,
-                        request_id: None,
-                    })
-                });
+                let stream = resp.bytes_stream().map_err(CodexErr::Reqwest);
                 tokio::spawn(process_chat_sse(
                     stream,
                     tx_event,
@@ -418,9 +349,7 @@ pub(crate) async fn stream_chat_completions(
             }
             Err(e) => {
                 if attempt > max_retries {
-                    return Err(CodexErr::ConnectionFailed(ConnectionFailedError {
-                        source: e,
-                    }));
+                    return Err(e.into());
                 }
                 let delay = backoff(attempt);
                 tokio::time::sleep(delay).await;
@@ -429,61 +358,6 @@ pub(crate) async fn stream_chat_completions(
     }
 }
 
-async fn append_assistant_text(
-    tx_event: &mpsc::Sender<Result<ResponseEvent>>,
-    assistant_item: &mut Option<ResponseItem>,
-    text: String,
-) {
-    if assistant_item.is_none() {
-        let item = ResponseItem::Message {
-            id: None,
-            role: "assistant".to_string(),
-            content: vec![],
-        };
-        *assistant_item = Some(item.clone());
-        let _ = tx_event
-            .send(Ok(ResponseEvent::OutputItemAdded(item)))
-            .await;
-    }
-
-    if let Some(ResponseItem::Message { content, .. }) = assistant_item {
-        content.push(ContentItem::OutputText { text: text.clone() });
-        let _ = tx_event
-            .send(Ok(ResponseEvent::OutputTextDelta(text.clone())))
-            .await;
-    }
-}
-
-async fn append_reasoning_text(
-    tx_event: &mpsc::Sender<Result<ResponseEvent>>,
-    reasoning_item: &mut Option<ResponseItem>,
-    text: String,
-) {
-    if reasoning_item.is_none() {
-        let item = ResponseItem::Reasoning {
-            id: String::new(),
-            summary: Vec::new(),
-            content: Some(vec![]),
-            encrypted_content: None,
-        };
-        *reasoning_item = Some(item.clone());
-        let _ = tx_event
-            .send(Ok(ResponseEvent::OutputItemAdded(item)))
-            .await;
-    }
-
-    if let Some(ResponseItem::Reasoning {
-        content: Some(content),
-        ..
-    }) = reasoning_item
-    {
-        content.push(ReasoningItemContent::ReasoningText { text: text.clone() });
-
-        let _ = tx_event
-            .send(Ok(ResponseEvent::ReasoningContentDelta(text.clone())))
-            .await;
-    }
-}
 /// Lightweight SSE processor for the Chat Completions streaming format. The
 /// output is mapped onto Codex's internal [`ResponseEvent`] so that the rest
 /// of the pipeline can stay agnostic of the underlying wire format.
@@ -511,8 +385,8 @@ async fn process_chat_sse<S>(
     }
 
     let mut fn_call_state = FunctionCallState::default();
-    let mut assistant_item: Option<ResponseItem> = None;
-    let mut reasoning_item: Option<ResponseItem> = None;
+    let mut assistant_text = String::new();
+    let mut reasoning_text = String::new();
 
     loop {
         let start = std::time::Instant::now();
@@ -553,11 +427,26 @@ async fn process_chat_sse<S>(
         if sse.data.trim() == "[DONE]" {
             // Emit any finalized items before closing so downstream consumers receive
             // terminal events for both assistant content and raw reasoning.
-            if let Some(item) = assistant_item {
+            if !assistant_text.is_empty() {
+                let item = ResponseItem::Message {
+                    role: "assistant".to_string(),
+                    content: vec![ContentItem::OutputText {
+                        text: std::mem::take(&mut assistant_text),
+                    }],
+                    id: None,
+                };
                 let _ = tx_event.send(Ok(ResponseEvent::OutputItemDone(item))).await;
             }
 
-            if let Some(item) = reasoning_item {
+            if !reasoning_text.is_empty() {
+                let item = ResponseItem::Reasoning {
+                    id: String::new(),
+                    summary: Vec::new(),
+                    content: Some(vec![ReasoningItemContent::ReasoningText {
+                        text: std::mem::take(&mut reasoning_text),
+                    }]),
+                    encrypted_content: None,
+                };
                 let _ = tx_event.send(Ok(ResponseEvent::OutputItemDone(item))).await;
             }
 
@@ -587,7 +476,10 @@ async fn process_chat_sse<S>(
                 .and_then(|c| c.as_str())
                 && !content.is_empty()
             {
-                append_assistant_text(&tx_event, &mut assistant_item, content.to_string()).await;
+                assistant_text.push_str(content);
+                let _ = tx_event
+                    .send(Ok(ResponseEvent::OutputTextDelta(content.to_string())))
+                    .await;
             }
 
             // Forward any reasoning/thinking deltas if present.
@@ -617,7 +509,10 @@ async fn process_chat_sse<S>(
 
                 if let Some(reasoning) = maybe_text {
                     // Accumulate so we can emit a terminal Reasoning item at the end.
-                    append_reasoning_text(&tx_event, &mut reasoning_item, reasoning).await;
+                    reasoning_text.push_str(&reasoning);
+                    let _ = tx_event
+                        .send(Ok(ResponseEvent::ReasoningContentDelta(reasoning)))
+                        .await;
                 }
             }
 
@@ -627,7 +522,10 @@ async fn process_chat_sse<S>(
                 // Accept either a plain string or an object with { text | content }
                 if let Some(s) = message_reasoning.as_str() {
                     if !s.is_empty() {
-                        append_reasoning_text(&tx_event, &mut reasoning_item, s.to_string()).await;
+                        reasoning_text.push_str(s);
+                        let _ = tx_event
+                            .send(Ok(ResponseEvent::ReasoningContentDelta(s.to_string())))
+                            .await;
                     }
                 } else if let Some(obj) = message_reasoning.as_object()
                     && let Some(s) = obj
@@ -636,7 +534,10 @@ async fn process_chat_sse<S>(
                         .or_else(|| obj.get("content").and_then(|v| v.as_str()))
                     && !s.is_empty()
                 {
-                    append_reasoning_text(&tx_event, &mut reasoning_item, s.to_string()).await;
+                    reasoning_text.push_str(s);
+                    let _ = tx_event
+                        .send(Ok(ResponseEvent::ReasoningContentDelta(s.to_string())))
+                        .await;
                 }
             }
 
@@ -674,7 +575,15 @@ async fn process_chat_sse<S>(
                     "tool_calls" if fn_call_state.active => {
                         // First, flush the terminal raw reasoning so UIs can finalize
                         // the reasoning stream before any exec/tool events begin.
-                        if let Some(item) = reasoning_item.take() {
+                        if !reasoning_text.is_empty() {
+                            let item = ResponseItem::Reasoning {
+                                id: String::new(),
+                                summary: Vec::new(),
+                                content: Some(vec![ReasoningItemContent::ReasoningText {
+                                    text: std::mem::take(&mut reasoning_text),
+                                }]),
+                                encrypted_content: None,
+                            };
                             let _ = tx_event.send(Ok(ResponseEvent::OutputItemDone(item))).await;
                         }
 
@@ -691,11 +600,26 @@ async fn process_chat_sse<S>(
                     "stop" => {
                         // Regular turn without tool-call. Emit the final assistant message
                         // as a single OutputItemDone so non-delta consumers see the result.
-                        if let Some(item) = assistant_item.take() {
+                        if !assistant_text.is_empty() {
+                            let item = ResponseItem::Message {
+                                role: "assistant".to_string(),
+                                content: vec![ContentItem::OutputText {
+                                    text: std::mem::take(&mut assistant_text),
+                                }],
+                                id: None,
+                            };
                             let _ = tx_event.send(Ok(ResponseEvent::OutputItemDone(item))).await;
                         }
                         // Also emit a terminal Reasoning item so UIs can finalize raw reasoning.
-                        if let Some(item) = reasoning_item.take() {
+                        if !reasoning_text.is_empty() {
+                            let item = ResponseItem::Reasoning {
+                                id: String::new(),
+                                summary: Vec::new(),
+                                content: Some(vec![ReasoningItemContent::ReasoningText {
+                                    text: std::mem::take(&mut reasoning_text),
+                                }]),
+                                encrypted_content: None,
+                            };
                             let _ = tx_event.send(Ok(ResponseEvent::OutputItemDone(item))).await;
                         }
                     }
@@ -914,8 +838,8 @@ where
                 Poll::Ready(Some(Ok(ResponseEvent::ReasoningSummaryPartAdded))) => {
                     continue;
                 }
-                Poll::Ready(Some(Ok(ResponseEvent::OutputItemAdded(item)))) => {
-                    return Poll::Ready(Some(Ok(ResponseEvent::OutputItemAdded(item))));
+                Poll::Ready(Some(Ok(ResponseEvent::WebSearchCallBegin { call_id }))) => {
+                    return Poll::Ready(Some(Ok(ResponseEvent::WebSearchCallBegin { call_id })));
                 }
             }
         }

codex-rs/core/src/client.rs

@@ -1,19 +1,15 @@
 use std::io::BufRead;
 use std::path::Path;
-use std::sync::Arc;
 use std::sync::OnceLock;
 use std::time::Duration;
 
+use crate::AuthManager;
+use crate::auth::CodexAuth;
+use crate::error::RetryLimitReachedError;
+use crate::error::UnexpectedResponseError;
 use bytes::Bytes;
-use chrono::DateTime;
-use chrono::Utc;
 use codex_app_server_protocol::AuthMode;
-use codex_otel::otel_event_manager::OtelEventManager;
 use codex_protocol::ConversationId;
-use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
-use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
-use codex_protocol::models::ResponseItem;
-use codex_protocol::protocol::SessionSource;
 use eventsource_stream::Eventsource;
 use futures::prelude::*;
 use regex_lite::Regex;
@@ -29,8 +25,6 @@ use tracing::debug;
 use tracing::trace;
 use tracing::warn;
 
-use crate::AuthManager;
-use crate::auth::CodexAuth;
 use crate::chat_completions::AggregateStreamExt;
 use crate::chat_completions::stream_chat_completions;
 use crate::client_common::Prompt;
@@ -40,26 +34,27 @@ use crate::client_common::ResponsesApiRequest;
 use crate::client_common::create_reasoning_param_for_request;
 use crate::client_common::create_text_param_for_request;
 use crate::config::Config;
-use crate::default_client::CodexHttpClient;
 use crate::default_client::create_client;
 use crate::error::CodexErr;
-use crate::error::ConnectionFailedError;
-use crate::error::ResponseStreamFailed;
 use crate::error::Result;
-use crate::error::RetryLimitReachedError;
-use crate::error::UnexpectedResponseError;
 use crate::error::UsageLimitReachedError;
 use crate::flags::CODEX_RS_SSE_FIXTURE;
 use crate::model_family::ModelFamily;
 use crate::model_provider_info::ModelProviderInfo;
 use crate::model_provider_info::WireApi;
 use crate::openai_model_info::get_model_info;
+use crate::openai_tools::create_tools_json_for_responses_api;
 use crate::protocol::RateLimitSnapshot;
 use crate::protocol::RateLimitWindow;
 use crate::protocol::TokenUsage;
+use crate::state::TaskKind;
 use crate::token_data::PlanType;
-use crate::tools::spec::create_tools_json_for_responses_api;
 use crate::util::backoff;
+use codex_otel::otel_event_manager::OtelEventManager;
+use codex_protocol::config_types::ReasoningEffort as ReasoningEffortConfig;
+use codex_protocol::config_types::ReasoningSummary as ReasoningSummaryConfig;
+use codex_protocol::models::ResponseItem;
+use std::sync::Arc;
 
 #[derive(Debug, Deserialize)]
 struct ErrorResponse {
@@ -74,7 +69,7 @@ struct Error {
 
     // Optional fields available on "usage_limit_reached" and "usage_not_included" errors
     plan_type: Option<PlanType>,
-    resets_at: Option<i64>,
+    resets_in_seconds: Option<u64>,
 }
 
 #[derive(Debug, Clone)]
@@ -82,15 +77,13 @@ pub struct ModelClient {
     config: Arc<Config>,
     auth_manager: Option<Arc<AuthManager>>,
     otel_event_manager: OtelEventManager,
-    client: CodexHttpClient,
+    client: reqwest::Client,
     provider: ModelProviderInfo,
     conversation_id: ConversationId,
     effort: Option<ReasoningEffortConfig>,
     summary: ReasoningSummaryConfig,
-    session_source: SessionSource,
 }
 
-#[allow(clippy::too_many_arguments)]
 impl ModelClient {
     pub fn new(
         config: Arc<Config>,
@@ -100,7 +93,6 @@ impl ModelClient {
         effort: Option<ReasoningEffortConfig>,
         summary: ReasoningSummaryConfig,
         conversation_id: ConversationId,
-        session_source: SessionSource,
     ) -> Self {
         let client = create_client();
 
@@ -113,16 +105,13 @@ impl ModelClient {
             conversation_id,
             effort,
             summary,
-            session_source,
         }
     }
 
-    pub fn get_model_context_window(&self) -> Option<i64> {
-        let pct = self.config.model_family.effective_context_window_percent;
+    pub fn get_model_context_window(&self) -> Option<u64> {
         self.config
             .model_context_window
             .or_else(|| get_model_info(&self.config.model_family).map(|info| info.context_window))
-            .map(|w| w.saturating_mul(pct) / 100)
     }
 
     pub fn get_auto_compact_token_limit(&self) -> Option<i64> {
@@ -131,17 +120,20 @@ impl ModelClient {
         })
     }
 
-    pub fn config(&self) -> Arc<Config> {
-        Arc::clone(&self.config)
-    }
-
-    pub fn provider(&self) -> &ModelProviderInfo {
-        &self.provider
-    }
-
+    /// Dispatches to either the Responses or Chat implementation depending on
+    /// the provider config.  Public callers always invoke `stream()` – the
+    /// specialised helpers are private to avoid accidental misuse.
     pub async fn stream(&self, prompt: &Prompt) -> Result<ResponseStream> {
+        self.stream_with_task_kind(prompt, TaskKind::Regular).await
+    }
+
+    pub(crate) async fn stream_with_task_kind(
+        &self,
+        prompt: &Prompt,
+        task_kind: TaskKind,
+    ) -> Result<ResponseStream> {
         match self.provider.wire_api {
-            WireApi::Responses => self.stream_responses(prompt).await,
+            WireApi::Responses => self.stream_responses(prompt, task_kind).await,
             WireApi::Chat => {
                 // Create the raw streaming connection first.
                 let response_stream = stream_chat_completions(
@@ -150,7 +142,6 @@ impl ModelClient {
                     &self.client,
                     &self.provider,
                     &self.otel_event_manager,
-                    &self.session_source,
                 )
                 .await?;
 
@@ -183,7 +174,11 @@ impl ModelClient {
     }
 
     /// Implementation for the OpenAI *Responses* experimental API.
-    async fn stream_responses(&self, prompt: &Prompt) -> Result<ResponseStream> {
+    async fn stream_responses(
+        &self,
+        prompt: &Prompt,
+        task_kind: TaskKind,
+    ) -> Result<ResponseStream> {
         if let Some(path) = &*CODEX_RS_SSE_FIXTURE {
             // short circuit for tests
             warn!(path, "Streaming from fixture");
@@ -213,14 +208,18 @@ impl ModelClient {
 
         let input_with_instructions = prompt.get_formatted_input();
 
-        let verbosity = if self.config.model_family.support_verbosity {
-            self.config.model_verbosity
-        } else {
-            warn!(
-                "model_verbosity is set but ignored as the model does not support verbosity: {}",
-                self.config.model_family.family
-            );
-            None
+        let verbosity = match &self.config.model_family.family {
+            family if family == "gpt-5" => self.config.model_verbosity,
+            _ => {
+                if self.config.model_verbosity.is_some() {
+                    warn!(
+                        "model_verbosity is set but ignored for non-gpt-5 model family: {}",
+                        self.config.model_family.family
+                    );
+                }
+
+                None
+            }
         };
 
         // Only include `text.verbosity` for GPT-5 family models
@@ -258,7 +257,7 @@ impl ModelClient {
         let max_attempts = self.provider.request_max_retries();
         for attempt in 0..=max_attempts {
             match self
-                .attempt_stream_responses(attempt, &payload_json, &auth_manager)
+                .attempt_stream_responses(attempt, &payload_json, &auth_manager, task_kind)
                 .await
             {
                 Ok(stream) => {
@@ -286,6 +285,7 @@ impl ModelClient {
         attempt: u64,
         payload_json: &Value,
         auth_manager: &Option<Arc<AuthManager>>,
+        task_kind: TaskKind,
     ) -> std::result::Result<ResponseStream, StreamAttemptError> {
         // Always fetch the latest auth in case a prior attempt refreshed the token.
         let auth = auth_manager.as_ref().and_then(|m| m.auth());
@@ -294,7 +294,6 @@ impl ModelClient {
             "POST to {}: {:?}",
             self.provider.get_full_url(&auth),
             serde_json::to_string(payload_json)
-                .unwrap_or("<unable to serialize payload>".to_string())
         );
 
         let mut req_builder = self
@@ -303,24 +302,13 @@ impl ModelClient {
             .await
             .map_err(StreamAttemptError::Fatal)?;
 
-        // Include subagent header only for subagent sessions.
-        if let SessionSource::SubAgent(sub) = &self.session_source {
-            let subagent = if let crate::protocol::SubAgentSource::Other(label) = sub {
-                label.clone()
-            } else {
-                serde_json::to_value(sub)
-                    .ok()
-                    .and_then(|v| v.as_str().map(std::string::ToString::to_string))
-                    .unwrap_or_else(|| "other".to_string())
-            };
-            req_builder = req_builder.header("x-openai-subagent", subagent);
-        }
-
         req_builder = req_builder
+            .header("OpenAI-Beta", "responses=experimental")
             // Send session_id for compatibility.
             .header("conversation_id", self.conversation_id.to_string())
             .header("session_id", self.conversation_id.to_string())
             .header(reqwest::header::ACCEPT, "text/event-stream")
+            .header("Codex-Task-Type", task_kind.header_value())
             .json(payload_json);
 
         if let Some(auth) = auth.as_ref()
@@ -341,6 +329,12 @@ impl ModelClient {
                 .headers()
                 .get("cf-ray")
                 .map(|v| v.to_str().unwrap_or_default().to_string());
+
+            trace!(
+                "Response status: {}, cf-ray: {:?}",
+                resp.status(),
+                request_id
+            );
         }
 
         match res {
@@ -357,12 +351,7 @@ impl ModelClient {
                 }
 
                 // spawn task to process SSE
-                let stream = resp.bytes_stream().map_err(move |e| {
-                    CodexErr::ResponseStreamFailed(ResponseStreamFailed {
-                        source: e,
-                        request_id: request_id.clone(),
-                    })
-                });
+                let stream = resp.bytes_stream().map_err(CodexErr::Reqwest);
                 tokio::spawn(process_sse(
                     stream,
                     tx_event,
@@ -385,14 +374,9 @@ impl ModelClient {
 
                 if status == StatusCode::UNAUTHORIZED
                     && let Some(manager) = auth_manager.as_ref()
-                    && let Some(auth) = auth.as_ref()
-                    && auth.mode == AuthMode::ChatGPT
+                    && manager.auth().is_some()
                 {
-                    manager.refresh_token().await.map_err(|err| {
-                        StreamAttemptError::Fatal(CodexErr::Fatal(format!(
-                            "Failed to refresh ChatGPT credentials: {err}"
-                        )))
-                    })?;
+                    let _ = manager.refresh_token().await;
                 }
 
                 // The OpenAI Responses endpoint returns structured JSON bodies even for 4xx/5xx
@@ -428,12 +412,10 @@ impl ModelClient {
                             let plan_type = error
                                 .plan_type
                                 .or_else(|| auth.as_ref().and_then(CodexAuth::get_plan_type));
-                            let resets_at = error
-                                .resets_at
-                                .and_then(|seconds| DateTime::<Utc>::from_timestamp(seconds, 0));
+                            let resets_in_seconds = error.resets_in_seconds;
                             let codex_err = CodexErr::UsageLimitReached(UsageLimitReachedError {
                                 plan_type,
-                                resets_at,
+                                resets_in_seconds,
                                 rate_limits: rate_limit_snapshot,
                             });
                             return Err(StreamAttemptError::Fatal(codex_err));
@@ -449,9 +431,7 @@ impl ModelClient {
                     request_id,
                 })
             }
-            Err(e) => Err(StreamAttemptError::RetryableTransportError(
-                CodexErr::ConnectionFailed(ConnectionFailedError { source: e }),
-            )),
+            Err(e) => Err(StreamAttemptError::RetryableTransportError(e.into())),
         }
     }
 
@@ -463,10 +443,6 @@ impl ModelClient {
         self.otel_event_manager.clone()
     }
 
-    pub fn get_session_source(&self) -> SessionSource {
-        self.session_source.clone()
-    }
-
     /// Returns the currently configured model slug.
     pub fn get_model(&self) -> String {
         self.config.model.clone()
@@ -553,11 +529,11 @@ struct ResponseCompleted {
 
 #[derive(Debug, Deserialize)]
 struct ResponseCompletedUsage {
-    input_tokens: i64,
+    input_tokens: u64,
     input_tokens_details: Option<ResponseCompletedInputTokensDetails>,
-    output_tokens: i64,
+    output_tokens: u64,
     output_tokens_details: Option<ResponseCompletedOutputTokensDetails>,
-    total_tokens: i64,
+    total_tokens: u64,
 }
 
 impl From<ResponseCompletedUsage> for TokenUsage {
@@ -580,12 +556,12 @@ impl From<ResponseCompletedUsage> for TokenUsage {
 
 #[derive(Debug, Deserialize)]
 struct ResponseCompletedInputTokensDetails {
-    cached_tokens: i64,
+    cached_tokens: u64,
 }
 
 #[derive(Debug, Deserialize)]
 struct ResponseCompletedOutputTokensDetails {
-    reasoning_tokens: i64,
+    reasoning_tokens: u64,
 }
 
 fn attach_item_ids(payload_json: &mut Value, original_items: &[ResponseItem]) {
@@ -620,14 +596,14 @@ fn parse_rate_limit_snapshot(headers: &HeaderMap) -> Option<RateLimitSnapshot> {
         headers,
         "x-codex-primary-used-percent",
         "x-codex-primary-window-minutes",
-        "x-codex-primary-reset-at",
+        "x-codex-primary-reset-after-seconds",
     );
 
     let secondary = parse_rate_limit_window(
         headers,
         "x-codex-secondary-used-percent",
         "x-codex-secondary-window-minutes",
-        "x-codex-secondary-reset-at",
+        "x-codex-secondary-reset-after-seconds",
     );
 
     Some(RateLimitSnapshot { primary, secondary })
@@ -637,22 +613,22 @@ fn parse_rate_limit_window(
     headers: &HeaderMap,
     used_percent_header: &str,
     window_minutes_header: &str,
-    resets_at_header: &str,
+    resets_header: &str,
 ) -> Option<RateLimitWindow> {
     let used_percent: Option<f64> = parse_header_f64(headers, used_percent_header);
 
     used_percent.and_then(|used_percent| {
-        let window_minutes = parse_header_i64(headers, window_minutes_header);
-        let resets_at = parse_header_i64(headers, resets_at_header);
+        let window_minutes = parse_header_u64(headers, window_minutes_header);
+        let resets_in_seconds = parse_header_u64(headers, resets_header);
 
         let has_data = used_percent != 0.0
             || window_minutes.is_some_and(|minutes| minutes != 0)
-            || resets_at.is_some();
+            || resets_in_seconds.is_some_and(|seconds| seconds != 0);
 
         has_data.then_some(RateLimitWindow {
             used_percent,
             window_minutes,
-            resets_at,
+            resets_in_seconds,
         })
     })
 }
@@ -664,8 +640,8 @@ fn parse_header_f64(headers: &HeaderMap, name: &str) -> Option<f64> {
         .filter(|v| v.is_finite())
 }
 
-fn parse_header_i64(headers: &HeaderMap, name: &str) -> Option<i64> {
-    parse_header_str(headers, name)?.parse::<i64>().ok()
+fn parse_header_u64(headers: &HeaderMap, name: &str) -> Option<u64> {
+    parse_header_str(headers, name)?.parse::<u64>().ok()
 }
 
 fn parse_header_str<'a>(headers: &'a HeaderMap, name: &str) -> Option<&'a str> {
@@ -874,15 +850,21 @@ async fn process_sse<S>(
             | "response.in_progress"
             | "response.output_text.done" => {}
             "response.output_item.added" => {
-                let Some(item_val) = event.item else { continue };
-                let Ok(item) = serde_json::from_value::<ResponseItem>(item_val) else {
-                    debug!("failed to parse ResponseItem from output_item.done");
-                    continue;
-                };
-
-                let event = ResponseEvent::OutputItemAdded(item);
-                if tx_event.send(Ok(event)).await.is_err() {
-                    return;
+                if let Some(item) = event.item.as_ref() {
+                    // Detect web_search_call begin and forward a synthetic event upstream.
+                    if let Some(ty) = item.get("type").and_then(|v| v.as_str())
+                        && ty == "web_search_call"
+                    {
+                        let call_id = item
+                            .get("id")
+                            .and_then(|v| v.as_str())
+                            .unwrap_or("")
+                            .to_string();
+                        let ev = ResponseEvent::WebSearchCallBegin { call_id };
+                        if tx_event.send(Ok(ev)).await.is_err() {
+                            return;
+                        }
+                    }
                 }
             }
             "response.reasoning_summary_part.added" => {
@@ -1048,7 +1030,6 @@ mod tests {
             "test",
             "test",
             None,
-            Some("test@test.com".to_string()),
             Some(AuthMode::ChatGPT),
             false,
             "test".to_string(),
@@ -1096,7 +1077,6 @@ mod tests {
             base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
-            experimental_bearer_token: None,
             wire_api: WireApi::Responses,
             query_params: None,
             http_headers: None,
@@ -1160,7 +1140,6 @@ mod tests {
             base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
-            experimental_bearer_token: None,
             wire_api: WireApi::Responses,
             query_params: None,
             http_headers: None,
@@ -1197,7 +1176,6 @@ mod tests {
             base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
-            experimental_bearer_token: None,
             wire_api: WireApi::Responses,
             query_params: None,
             http_headers: None,
@@ -1236,7 +1214,6 @@ mod tests {
             base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
-            experimental_bearer_token: None,
             wire_api: WireApi::Responses,
             query_params: None,
             http_headers: None,
@@ -1271,7 +1248,6 @@ mod tests {
             base_url: Some("https://test.com".to_string()),
             env_key: Some("TEST_API_KEY".to_string()),
             env_key_instructions: None,
-            experimental_bearer_token: None,
             wire_api: WireApi::Responses,
             query_params: None,
             http_headers: None,
@@ -1375,7 +1351,6 @@ mod tests {
                 base_url: Some("https://test.com".to_string()),
                 env_key: Some("TEST_API_KEY".to_string()),
                 env_key_instructions: None,
-                experimental_bearer_token: None,
                 wire_api: WireApi::Responses,
                 query_params: None,
                 http_headers: None,
@@ -1405,7 +1380,7 @@ mod tests {
             message: Some("Rate limit reached for gpt-5 in organization org- on tokens per min (TPM): Limit 1, Used 1, Requested 19304. Please try again in 28ms. Visit https://platform.openai.com/account/rate-limits to learn more.".to_string()),
             code: Some("rate_limit_exceeded".to_string()),
             plan_type: None,
-            resets_at: None
+            resets_in_seconds: None
         };
 
         let delay = try_parse_retry_after(&err);
@@ -1419,20 +1394,20 @@ mod tests {
             message: Some("Rate limit reached for gpt-5 in organization <ORG> on tokens per min (TPM): Limit 30000, Used 6899, Requested 24050. Please try again in 1.898s. Visit https://platform.openai.com/account/rate-limits to learn more.".to_string()),
             code: Some("rate_limit_exceeded".to_string()),
             plan_type: None,
-            resets_at: None
+            resets_in_seconds: None
         };
         let delay = try_parse_retry_after(&err);
         assert_eq!(delay, Some(Duration::from_secs_f64(1.898)));
     }
 
     #[test]
-    fn error_response_deserializes_schema_known_plan_type_and_serializes_back() {
+    fn error_response_deserializes_old_schema_known_plan_type_and_serializes_back() {
         use crate::token_data::KnownPlan;
         use crate::token_data::PlanType;
 
-        let json =
-            r#"{"error":{"type":"usage_limit_reached","plan_type":"pro","resets_at":1704067200}}"#;
-        let resp: ErrorResponse = serde_json::from_str(json).expect("should deserialize schema");
+        let json = r#"{"error":{"type":"usage_limit_reached","plan_type":"pro","resets_in_seconds":3600}}"#;
+        let resp: ErrorResponse =
+            serde_json::from_str(json).expect("should deserialize old schema");
 
         assert_matches!(resp.error.plan_type, Some(PlanType::Known(KnownPlan::Pro)));
 
@@ -1441,12 +1416,13 @@ mod tests {
     }
 
     #[test]
-    fn error_response_deserializes_schema_unknown_plan_type_and_serializes_back() {
+    fn error_response_deserializes_old_schema_unknown_plan_type_and_serializes_back() {
         use crate::token_data::PlanType;
 
         let json =
-            r#"{"error":{"type":"usage_limit_reached","plan_type":"vip","resets_at":1704067260}}"#;
-        let resp: ErrorResponse = serde_json::from_str(json).expect("should deserialize schema");
+            r#"{"error":{"type":"usage_limit_reached","plan_type":"vip","resets_in_seconds":60}}"#;
+        let resp: ErrorResponse =
+            serde_json::from_str(json).expect("should deserialize old schema");
 
         assert_matches!(resp.error.plan_type, Some(PlanType::Unknown(ref s)) if s == "vip");
 

codex-rs/core/src/client_common.rs

@@ -23,11 +23,6 @@ use tokio::sync::mpsc;
 /// Review thread system prompt. Edit `core/src/review_prompt.md` to customize.
 pub const REVIEW_PROMPT: &str = include_str!("../review_prompt.md");
 
-// Centralized templates for review-related user messages
-pub const REVIEW_EXIT_SUCCESS_TMPL: &str = include_str!("../templates/review/exit_success.xml");
-pub const REVIEW_EXIT_INTERRUPTED_TMPL: &str =
-    include_str!("../templates/review/exit_interrupted.xml");
-
 /// API request payload for a single model turn
 #[derive(Default, Debug, Clone)]
 pub struct Prompt {
@@ -197,7 +192,6 @@ fn strip_total_output_header(output: &str) -> Option<&str> {
 pub enum ResponseEvent {
     Created,
     OutputItemDone(ResponseItem),
-    OutputItemAdded(ResponseItem),
     Completed {
         response_id: String,
         token_usage: Option<TokenUsage>,
@@ -206,6 +200,9 @@ pub enum ResponseEvent {
     ReasoningSummaryDelta(String),
     ReasoningContentDelta(String),
     ReasoningSummaryPartAdded,
+    WebSearchCallBegin {
+        call_id: String,
+    },
     RateLimits(RateLimitSnapshot),
 }
 
@@ -284,7 +281,7 @@ pub(crate) struct ResponsesApiRequest<'a> {
 }
 
 pub(crate) mod tools {
-    use crate::tools::spec::JsonSchema;
+    use crate::openai_tools::JsonSchema;
     use serde::Deserialize;
     use serde::Serialize;
 

codex-rs/core/src/codebase_change_notice.rs

@@ -0,0 +1,168 @@
+use std::fmt::Write;
+
+use codex_protocol::models::ContentItem;
+use codex_protocol::models::ResponseItem;
+
+use crate::codebase_snapshot::SnapshotDiff;
+
+pub(crate) const CODEBASE_CHANGE_NOTICE_MAX_PATHS: usize = 40;
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub(crate) struct CodebaseChangeNotice {
+    added: Vec<String>,
+    removed: Vec<String>,
+    modified: Vec<String>,
+    truncated: bool,
+}
+
+impl CodebaseChangeNotice {
+    pub(crate) fn new(diff: SnapshotDiff, limit: usize) -> Self {
+        let mut remaining = limit;
+        let mut truncated = false;
+
+        let added = take_paths(diff.added, &mut remaining, &mut truncated);
+        let removed = take_paths(diff.removed, &mut remaining, &mut truncated);
+        let modified = take_paths(diff.modified, &mut remaining, &mut truncated);
+
+        Self {
+            added,
+            removed,
+            modified,
+            truncated,
+        }
+    }
+
+    pub(crate) fn is_empty(&self) -> bool {
+        self.added.is_empty() && self.removed.is_empty() && self.modified.is_empty()
+    }
+
+    pub(crate) fn serialize_to_xml(&self) -> String {
+        let mut output = String::new();
+        if self.truncated {
+            let _ = writeln!(output, "<codebase_changes truncated=\"true\">");
+        } else {
+            let _ = writeln!(output, "<codebase_changes>");
+        }
+
+        let mut summary_parts = Vec::new();
+        if !self.added.is_empty() {
+            summary_parts.push(format!("added {}", self.added.len()));
+        }
+        if !self.removed.is_empty() {
+            summary_parts.push(format!("removed {}", self.removed.len()));
+        }
+        if !self.modified.is_empty() {
+            summary_parts.push(format!("modified {}", self.modified.len()));
+        }
+
+        if summary_parts.is_empty() {
+            let _ = writeln!(output, "  <summary>no changes</summary>");
+        } else {
+            let summary = summary_parts.join(", ");
+            let _ = writeln!(output, "  <summary>{summary}</summary>");
+        }
+
+        serialize_section(&mut output, "added", &self.added);
+        serialize_section(&mut output, "removed", &self.removed);
+        serialize_section(&mut output, "modified", &self.modified);
+        if self.truncated {
+            let _ = writeln!(output, "  <note>additional paths omitted</note>");
+        }
+
+        let _ = writeln!(output, "</codebase_changes>");
+        output
+    }
+}
+
+fn take_paths(mut paths: Vec<String>, remaining: &mut usize, truncated: &mut bool) -> Vec<String> {
+    if *remaining == 0 {
+        if !paths.is_empty() {
+            *truncated = true;
+        }
+        return Vec::new();
+    }
+
+    if paths.len() > *remaining {
+        paths.truncate(*remaining);
+        *truncated = true;
+    }
+
+    *remaining -= paths.len();
+    paths
+}
+
+fn serialize_section(output: &mut String, tag: &str, paths: &[String]) {
+    if paths.is_empty() {
+        return;
+    }
+
+    let _ = writeln!(output, "  <{tag}>");
+    for path in paths {
+        let _ = writeln!(output, "    <path>{}</path>", escape_xml(path));
+    }
+    let _ = writeln!(output, "  </{tag}>");
+}
+
+fn escape_xml(value: &str) -> String {
+    let mut escaped = String::with_capacity(value.len());
+    for ch in value.chars() {
+        match ch {
+            '&' => escaped.push_str("&amp;"),
+            '<' => escaped.push_str("&lt;"),
+            '>' => escaped.push_str("&gt;"),
+            '"' => escaped.push_str("&quot;"),
+            '\'' => escaped.push_str("&apos;"),
+            other => escaped.push(other),
+        }
+    }
+    escaped
+}
+
+impl From<CodebaseChangeNotice> for ResponseItem {
+    fn from(notice: CodebaseChangeNotice) -> Self {
+        ResponseItem::Message {
+            id: None,
+            role: "user".to_string(),
+            content: vec![ContentItem::InputText {
+                text: notice.serialize_to_xml(),
+            }],
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+
+    #[test]
+    fn constructs_notice_with_limit() {
+        let diff = SnapshotDiff {
+            added: vec!["a.rs".to_string(), "b.rs".to_string()],
+            removed: vec!["c.rs".to_string()],
+            modified: vec!["d.rs".to_string(), "e.rs".to_string()],
+        };
+
+        let notice = CodebaseChangeNotice::new(diff, 3);
+        assert!(notice.truncated);
+        assert_eq!(
+            notice.added.len() + notice.removed.len() + notice.modified.len(),
+            3
+        );
+    }
+
+    #[test]
+    fn serializes_notice() {
+        let diff = SnapshotDiff {
+            added: vec!["src/lib.rs".to_string()],
+            removed: Vec::new(),
+            modified: vec!["src/main.rs".to_string()],
+        };
+        let notice = CodebaseChangeNotice::new(diff, CODEBASE_CHANGE_NOTICE_MAX_PATHS);
+        let xml = notice.serialize_to_xml();
+        assert!(xml.contains("<added>"));
+        assert!(xml.contains("<modified>"));
+        assert!(xml.contains("src/lib.rs"));
+        assert!(xml.contains("src/main.rs"));
+    }
+}

codex-rs/core/src/codebase_snapshot.rs

@@ -0,0 +1,278 @@
+use std::borrow::Cow;
+use std::collections::BTreeMap;
+use std::fs::File;
+use std::io::Read;
+use std::path::Path;
+use std::path::PathBuf;
+use std::time::SystemTime;
+
+use anyhow::Context;
+use anyhow::Result;
+use ignore::WalkBuilder;
+use sha2::Digest;
+use sha2::Sha256;
+use tokio::task;
+use tracing::warn;
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub(crate) struct CodebaseSnapshot {
+    root: PathBuf,
+    entries: BTreeMap<String, EntryFingerprint>,
+    root_digest: DigestBytes,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub(crate) struct EntryFingerprint {
+    pub kind: EntryKind,
+    pub digest: DigestBytes,
+    pub size: u64,
+    pub modified_millis: Option<u128>,
+}
+
+#[derive(Clone, Copy, Debug, PartialEq, Eq)]
+#[repr(u8)]
+pub(crate) enum EntryKind {
+    File,
+    Symlink,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq, Default)]
+pub(crate) struct SnapshotDiff {
+    pub added: Vec<String>,
+    pub removed: Vec<String>,
+    pub modified: Vec<String>,
+}
+
+impl SnapshotDiff {
+    pub fn is_empty(&self) -> bool {
+        self.added.is_empty() && self.removed.is_empty() && self.modified.is_empty()
+    }
+}
+
+pub(crate) type DigestBytes = [u8; 32];
+
+impl CodebaseSnapshot {
+    pub(crate) async fn capture(root: PathBuf) -> Result<Self> {
+        task::spawn_blocking(move || Self::from_disk(&root))
+            .await
+            .map_err(|e| anyhow::anyhow!("codebase snapshot task failed: {e}"))?
+    }
+
+    pub(crate) fn from_disk(root: &Path) -> Result<Self> {
+        if !root.exists() {
+            return Ok(Self::empty(root));
+        }
+
+        let mut entries: BTreeMap<String, EntryFingerprint> = BTreeMap::new();
+
+        let mut walker = WalkBuilder::new(root);
+        walker
+            .hidden(false)
+            .git_ignore(true)
+            .git_exclude(true)
+            .parents(true)
+            .ignore(true)
+            .follow_links(false);
+
+        for result in walker.build() {
+            let entry = match result {
+                Ok(entry) => entry,
+                Err(err) => {
+                    warn!("codebase snapshot failed to read entry: {err}");
+                    continue;
+                }
+            };
+
+            let path = entry.path();
+            if entry.depth() == 0 {
+                continue;
+            }
+
+            let relative = match path.strip_prefix(root) {
+                Ok(rel) => rel,
+                Err(_) => continue,
+            };
+            if relative.as_os_str().is_empty() {
+                continue;
+            }
+            let rel_string = normalize_rel_path(relative);
+
+            let file_type = match entry.file_type() {
+                Some(file_type) => file_type,
+                None => continue,
+            };
+
+            if file_type.is_dir() {
+                continue;
+            }
+
+            if file_type.is_file() {
+                match fingerprint_file(path) {
+                    Ok(fp) => {
+                        entries.insert(rel_string, fp);
+                    }
+                    Err(err) => {
+                        warn!(
+                            "codebase snapshot failed to hash file {}: {err}",
+                            path.display()
+                        );
+                    }
+                }
+                continue;
+            }
+
+            if file_type.is_symlink() {
+                match fingerprint_symlink(path) {
+                    Ok(fp) => {
+                        entries.insert(rel_string, fp);
+                    }
+                    Err(err) => {
+                        warn!(
+                            "codebase snapshot failed to hash symlink {}: {err}",
+                            path.display()
+                        );
+                    }
+                }
+                continue;
+            }
+        }
+
+        let root_digest = compute_root_digest(&entries);
+
+        Ok(Self {
+            root: root.to_path_buf(),
+            entries,
+            root_digest,
+        })
+    }
+
+    pub(crate) fn diff(&self, newer: &CodebaseSnapshot) -> SnapshotDiff {
+        let mut diff = SnapshotDiff::default();
+
+        for (path, fingerprint) in &newer.entries {
+            match self.entries.get(path) {
+                None => diff.added.push(path.clone()),
+                Some(existing) if existing != fingerprint => diff.modified.push(path.clone()),
+                _ => {}
+            }
+        }
+
+        for path in self.entries.keys() {
+            if !newer.entries.contains_key(path) {
+                diff.removed.push(path.clone());
+            }
+        }
+
+        diff
+    }
+
+    pub(crate) fn root(&self) -> &Path {
+        &self.root
+    }
+
+    fn empty(root: &Path) -> Self {
+        Self {
+            root: root.to_path_buf(),
+            entries: BTreeMap::new(),
+            root_digest: Sha256::digest(b"").into(),
+        }
+    }
+}
+
+fn fingerprint_file(path: &Path) -> Result<EntryFingerprint> {
+    let metadata = path
+        .metadata()
+        .with_context(|| format!("metadata {}", path.display()))?;
+    let mut file = File::open(path).with_context(|| format!("open {}", path.display()))?;
+
+    let mut hasher = Sha256::new();
+    let mut buf = [0u8; 64 * 1024];
+    loop {
+        let read = file.read(&mut buf)?;
+        if read == 0 {
+            break;
+        }
+        hasher.update(&buf[..read]);
+    }
+
+    Ok(EntryFingerprint {
+        kind: EntryKind::File,
+        digest: hasher.finalize().into(),
+        size: metadata.len(),
+        modified_millis: metadata.modified().ok().and_then(system_time_to_millis),
+    })
+}
+
+fn fingerprint_symlink(path: &Path) -> Result<EntryFingerprint> {
+    let target =
+        std::fs::read_link(path).with_context(|| format!("read_link {}", path.display()))?;
+    let mut hasher = Sha256::new();
+    let target_str = normalize_rel_path(&target);
+    hasher.update(target_str.as_bytes());
+    Ok(EntryFingerprint {
+        kind: EntryKind::Symlink,
+        digest: hasher.finalize().into(),
+        size: 0,
+        modified_millis: None,
+    })
+}
+
+fn compute_root_digest(entries: &BTreeMap<String, EntryFingerprint>) -> DigestBytes {
+    let mut hasher = Sha256::new();
+    for (path, fingerprint) in entries {
+        hasher.update(path.as_bytes());
+        hasher.update(fingerprint.digest);
+        hasher.update([fingerprint.kind as u8]);
+        hasher.update(fingerprint.size.to_le_bytes());
+        if let Some(modified) = fingerprint.modified_millis {
+            hasher.update(modified.to_le_bytes());
+        }
+    }
+    hasher.finalize().into()
+}
+
+fn normalize_rel_path(path: &Path) -> String {
+    let s = path_to_cow(path);
+    if s.is_empty() {
+        String::new()
+    } else {
+        s.replace('\\', "/")
+    }
+}
+
+fn path_to_cow(path: &Path) -> Cow<'_, str> {
+    path.to_string_lossy()
+}
+
+fn system_time_to_millis(ts: SystemTime) -> Option<u128> {
+    ts.duration_since(SystemTime::UNIX_EPOCH)
+        .map(|duration| duration.as_millis())
+        .ok()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use tempfile::tempdir;
+
+    #[test]
+    fn diff_tracks_added_modified_removed() {
+        let dir = tempdir().unwrap();
+        let root = dir.path();
+
+        std::fs::write(root.join("file_a.txt"), "alpha").unwrap();
+        std::fs::write(root.join("file_b.txt"), "bravo").unwrap();
+        let snapshot_one = CodebaseSnapshot::from_disk(root).unwrap();
+
+        std::fs::write(root.join("file_a.txt"), "alpha-updated").unwrap();
+        std::fs::remove_file(root.join("file_b.txt")).unwrap();
+        std::fs::write(root.join("file_c.txt"), "charlie").unwrap();
+        let snapshot_two = CodebaseSnapshot::from_disk(root).unwrap();
+
+        let diff = snapshot_one.diff(&snapshot_two);
+        assert_eq!(diff.added, vec!["file_c.txt".to_string()]);
+        assert_eq!(diff.modified, vec!["file_a.txt".to_string()]);
+        assert_eq!(diff.removed, vec!["file_b.txt".to_string()]);
+    }
+}

codex-rs/core/src/codex/compact.rs

@@ -10,20 +10,21 @@ use crate::error::Result as CodexResult;
 use crate::protocol::AgentMessageEvent;
 use crate::protocol::CompactedItem;
 use crate::protocol::ErrorEvent;
+use crate::protocol::Event;
 use crate::protocol::EventMsg;
+use crate::protocol::InputItem;
+use crate::protocol::InputMessageKind;
 use crate::protocol::TaskStartedEvent;
 use crate::protocol::TurnContextItem;
+use crate::state::TaskKind;
 use crate::truncate::truncate_middle;
 use crate::util::backoff;
 use askama::Template;
-use codex_protocol::items::TurnItem;
 use codex_protocol::models::ContentItem;
 use codex_protocol::models::ResponseInputItem;
 use codex_protocol::models::ResponseItem;
 use codex_protocol::protocol::RolloutItem;
-use codex_protocol::user_input::UserInput;
 use futures::prelude::*;
-use tracing::error;
 
 pub const SUMMARIZATION_PROMPT: &str = include_str!("../../templates/compact/prompt.md");
 const COMPACT_USER_MESSAGE_MAX_TOKENS: usize = 20_000;
@@ -39,34 +40,40 @@ pub(crate) async fn run_inline_auto_compact_task(
     sess: Arc<Session>,
     turn_context: Arc<TurnContext>,
 ) {
-    let prompt = turn_context.compact_prompt().to_string();
-    let input = vec![UserInput::Text { text: prompt }];
-    run_compact_task_inner(sess, turn_context, input).await;
+    let sub_id = sess.next_internal_sub_id();
+    let input = vec![InputItem::Text {
+        text: SUMMARIZATION_PROMPT.to_string(),
+    }];
+    run_compact_task_inner(sess, turn_context, sub_id, input).await;
 }
 
 pub(crate) async fn run_compact_task(
     sess: Arc<Session>,
     turn_context: Arc<TurnContext>,
-    input: Vec<UserInput>,
+    sub_id: String,
+    input: Vec<InputItem>,
 ) -> Option<String> {
-    let start_event = EventMsg::TaskStarted(TaskStartedEvent {
-        model_context_window: turn_context.client.get_model_context_window(),
-    });
-    sess.send_event(&turn_context, start_event).await;
-    run_compact_task_inner(sess.clone(), turn_context, input).await;
+    let start_event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::TaskStarted(TaskStartedEvent {
+            model_context_window: turn_context.client.get_model_context_window(),
+        }),
+    };
+    sess.send_event(start_event).await;
+    run_compact_task_inner(sess.clone(), turn_context, sub_id.clone(), input).await;
     None
 }
 
 async fn run_compact_task_inner(
     sess: Arc<Session>,
     turn_context: Arc<TurnContext>,
-    input: Vec<UserInput>,
+    sub_id: String,
+    input: Vec<InputItem>,
 ) {
     let initial_input_for_turn: ResponseInputItem = ResponseInputItem::from(input);
-
-    let mut history = sess.clone_history().await;
-    history.record_items(&[initial_input_for_turn.into()]);
-
+    let mut turn_input = sess
+        .turn_input_with_history(vec![initial_input_for_turn.clone().into()])
+        .await;
     let mut truncated_count = 0usize;
 
     let max_retries = turn_context.client.get_provider().stream_max_retries();
@@ -83,18 +90,18 @@ async fn run_compact_task_inner(
     sess.persist_rollout_items(&[rollout_item]).await;
 
     loop {
-        let turn_input = history.get_history_for_prompt();
         let prompt = Prompt {
             input: turn_input.clone(),
             ..Default::default()
         };
-        let attempt_result = drain_to_completed(&sess, turn_context.as_ref(), &prompt).await;
+        let attempt_result =
+            drain_to_completed(&sess, turn_context.as_ref(), &sub_id, &prompt).await;
 
         match attempt_result {
             Ok(()) => {
                 if truncated_count > 0 {
                     sess.notify_background_event(
-                        turn_context.as_ref(),
+                        &sub_id,
                         format!(
                             "Trimmed {truncated_count} older conversation item(s) before compacting so the prompt fits the model context window."
                         ),
@@ -108,20 +115,20 @@ async fn run_compact_task_inner(
             }
             Err(e @ CodexErr::ContextWindowExceeded) => {
                 if turn_input.len() > 1 {
-                    // Trim from the beginning to preserve cache (prefix-based) and keep recent messages intact.
-                    error!(
-                        "Context window exceeded while compacting; removing oldest history item. Error: {e}"
-                    );
-                    history.remove_first_item();
+                    turn_input.remove(0);
                     truncated_count += 1;
                     retries = 0;
                     continue;
                 }
-                sess.set_total_tokens_full(turn_context.as_ref()).await;
-                let event = EventMsg::Error(ErrorEvent {
-                    message: e.to_string(),
-                });
-                sess.send_event(&turn_context, event).await;
+                sess.set_total_tokens_full(&sub_id, turn_context.as_ref())
+                    .await;
+                let event = Event {
+                    id: sub_id.clone(),
+                    msg: EventMsg::Error(ErrorEvent {
+                        message: e.to_string(),
+                    }),
+                };
+                sess.send_event(event).await;
                 return;
             }
             Err(e) => {
@@ -129,34 +136,31 @@ async fn run_compact_task_inner(
                     retries += 1;
                     let delay = backoff(retries);
                     sess.notify_stream_error(
-                        turn_context.as_ref(),
-                        format!("Reconnecting... {retries}/{max_retries}"),
+                        &sub_id,
+                        format!("Re-connecting... {retries}/{max_retries}"),
                     )
                     .await;
                     tokio::time::sleep(delay).await;
                     continue;
                 } else {
-                    let event = EventMsg::Error(ErrorEvent {
-                        message: e.to_string(),
-                    });
-                    sess.send_event(&turn_context, event).await;
+                    let event = Event {
+                        id: sub_id.clone(),
+                        msg: EventMsg::Error(ErrorEvent {
+                            message: e.to_string(),
+                        }),
+                    };
+                    sess.send_event(event).await;
                     return;
                 }
             }
         }
     }
 
-    let history_snapshot = sess.clone_history().await.get_history();
+    let history_snapshot = sess.history_snapshot().await;
     let summary_text = get_last_assistant_message_from_turn(&history_snapshot).unwrap_or_default();
     let user_messages = collect_user_messages(&history_snapshot);
     let initial_context = sess.build_initial_context(turn_context.as_ref());
-    let mut new_history = build_compacted_history(initial_context, &user_messages, &summary_text);
-    let ghost_snapshots: Vec<ResponseItem> = history_snapshot
-        .iter()
-        .filter(|item| matches!(item, ResponseItem::GhostSnapshot { .. }))
-        .cloned()
-        .collect();
-    new_history.extend(ghost_snapshots);
+    let new_history = build_compacted_history(initial_context, &user_messages, &summary_text);
     sess.replace_history(new_history).await;
 
     let rollout_item = RolloutItem::Compacted(CompactedItem {
@@ -164,10 +168,13 @@ async fn run_compact_task_inner(
     });
     sess.persist_rollout_items(&[rollout_item]).await;
 
-    let event = EventMsg::AgentMessage(AgentMessageEvent {
-        message: "Compact task completed".to_string(),
-    });
-    sess.send_event(&turn_context, event).await;
+    let event = Event {
+        id: sub_id.clone(),
+        msg: EventMsg::AgentMessage(AgentMessageEvent {
+            message: "Compact task completed".to_string(),
+        }),
+    };
+    sess.send_event(event).await;
 }
 
 pub fn content_items_to_text(content: &[ContentItem]) -> Option<String> {
@@ -192,32 +199,29 @@ pub fn content_items_to_text(content: &[ContentItem]) -> Option<String> {
 pub(crate) fn collect_user_messages(items: &[ResponseItem]) -> Vec<String> {
     items
         .iter()
-        .filter_map(|item| match crate::event_mapping::parse_turn_item(item) {
-            Some(TurnItem::UserMessage(user)) => Some(user.message()),
+        .filter_map(|item| match item {
+            ResponseItem::Message { role, content, .. } if role == "user" => {
+                content_items_to_text(content)
+            }
             _ => None,
         })
+        .filter(|text| !is_session_prefix_message(text))
         .collect()
 }
 
+pub fn is_session_prefix_message(text: &str) -> bool {
+    matches!(
+        InputMessageKind::from(("user", text)),
+        InputMessageKind::UserInstructions | InputMessageKind::EnvironmentContext
+    )
+}
+
 pub(crate) fn build_compacted_history(
     initial_context: Vec<ResponseItem>,
     user_messages: &[String],
     summary_text: &str,
 ) -> Vec<ResponseItem> {
-    build_compacted_history_with_limit(
-        initial_context,
-        user_messages,
-        summary_text,
-        COMPACT_USER_MESSAGE_MAX_TOKENS * 4,
-    )
-}
-
-fn build_compacted_history_with_limit(
-    mut history: Vec<ResponseItem>,
-    user_messages: &[String],
-    summary_text: &str,
-    max_bytes: usize,
-) -> Vec<ResponseItem> {
+    let mut history = initial_context;
     let mut user_messages_text = if user_messages.is_empty() {
         "(none)".to_string()
     } else {
@@ -225,6 +229,7 @@ fn build_compacted_history_with_limit(
     };
     // Truncate the concatenated prior user messages so the bridge message
     // stays well under the context window (approx. 4 bytes/token).
+    let max_bytes = COMPACT_USER_MESSAGE_MAX_TOKENS * 4;
     if user_messages_text.len() > max_bytes {
         user_messages_text = truncate_middle(&user_messages_text, max_bytes).0;
     }
@@ -251,9 +256,14 @@ fn build_compacted_history_with_limit(
 async fn drain_to_completed(
     sess: &Session,
     turn_context: &TurnContext,
+    sub_id: &str,
     prompt: &Prompt,
 ) -> CodexResult<()> {
-    let mut stream = turn_context.client.clone().stream(prompt).await?;
+    let mut stream = turn_context
+        .client
+        .clone()
+        .stream_with_task_kind(prompt, TaskKind::Compact)
+        .await?;
     loop {
         let maybe_event = stream.next().await;
         let Some(event) = maybe_event else {
@@ -267,10 +277,10 @@ async fn drain_to_completed(
                 sess.record_into_history(std::slice::from_ref(&item)).await;
             }
             Ok(ResponseEvent::RateLimits(snapshot)) => {
-                sess.update_rate_limits(turn_context, snapshot).await;
+                sess.update_rate_limits(sub_id, snapshot).await;
             }
             Ok(ResponseEvent::Completed { token_usage, .. }) => {
-                sess.update_token_usage_info(turn_context, token_usage.as_ref())
+                sess.update_token_usage_info(sub_id, turn_context, token_usage.as_ref())
                     .await;
                 return Ok(());
             }
@@ -328,16 +338,21 @@ mod tests {
             ResponseItem::Message {
                 id: Some("user".to_string()),
                 role: "user".to_string(),
-                content: vec![ContentItem::InputText {
-                    text: "first".to_string(),
-                }],
+                content: vec![
+                    ContentItem::InputText {
+                        text: "first".to_string(),
+                    },
+                    ContentItem::OutputText {
+                        text: "second".to_string(),
+                    },
+                ],
             },
             ResponseItem::Other,
         ];
 
         let collected = collect_user_messages(&items);
 
-        assert_eq!(vec!["first".to_string()], collected);
+        assert_eq!(vec!["first\nsecond".to_string()], collected);
     }
 
     #[test]
@@ -373,16 +388,11 @@ mod tests {
 
     #[test]
     fn build_compacted_history_truncates_overlong_user_messages() {
-        // Use a small truncation limit so the test remains fast while still validating
-        // that oversized user content is truncated.
-        let max_bytes = 128;
-        let big = "X".repeat(max_bytes + 50);
-        let history = super::build_compacted_history_with_limit(
-            Vec::new(),
-            std::slice::from_ref(&big),
-            "SUMMARY",
-            max_bytes,
-        );
+        // Prepare a very large prior user message so the aggregated
+        // `user_messages_text` exceeds the truncation threshold used by
+        // `build_compacted_history` (80k bytes).
+        let big = "X".repeat(200_000);
+        let history = build_compacted_history(Vec::new(), std::slice::from_ref(&big), "SUMMARY");
 
         // Expect exactly one bridge message added to history (plus any initial context we provided, which is none).
         assert_eq!(history.len(), 1);

codex-rs/core/src/codex_conversation.rs

@@ -3,21 +3,16 @@ use crate::error::Result as CodexResult;
 use crate::protocol::Event;
 use crate::protocol::Op;
 use crate::protocol::Submission;
-use std::path::PathBuf;
 
 pub struct CodexConversation {
     codex: Codex,
-    rollout_path: PathBuf,
 }
 
 /// Conduit for the bidirectional stream of messages that compose a conversation
 /// in Codex.
 impl CodexConversation {
-    pub(crate) fn new(codex: Codex, rollout_path: PathBuf) -> Self {
-        Self {
-            codex,
-            rollout_path,
-        }
+    pub(crate) fn new(codex: Codex) -> Self {
+        Self { codex }
     }
 
     pub async fn submit(&self, op: Op) -> CodexResult<String> {
@@ -32,8 +27,4 @@ impl CodexConversation {
     pub async fn next_event(&self) -> CodexResult<Event> {
         self.codex.next_event().await
     }
-
-    pub fn rollout_path(&self) -> PathBuf {
-        self.rollout_path.clone()
-    }
 }

codex-rs/core/src/codex_delegate.rs

@@ -1,295 +0,0 @@
-use std::sync::Arc;
-use std::sync::atomic::AtomicU64;
-
-use async_channel::Receiver;
-use async_channel::Sender;
-use codex_async_utils::OrCancelExt;
-use codex_protocol::protocol::ApplyPatchApprovalRequestEvent;
-use codex_protocol::protocol::Event;
-use codex_protocol::protocol::EventMsg;
-use codex_protocol::protocol::ExecApprovalRequestEvent;
-use codex_protocol::protocol::Op;
-use codex_protocol::protocol::SessionSource;
-use codex_protocol::protocol::SubAgentSource;
-use codex_protocol::protocol::Submission;
-use codex_protocol::user_input::UserInput;
-use tokio_util::sync::CancellationToken;
-
-use crate::AuthManager;
-use crate::codex::Codex;
-use crate::codex::CodexSpawnOk;
-use crate::codex::SUBMISSION_CHANNEL_CAPACITY;
-use crate::codex::Session;
-use crate::codex::TurnContext;
-use crate::config::Config;
-use crate::error::CodexErr;
-use codex_protocol::protocol::InitialHistory;
-
-/// Start an interactive sub-Codex conversation and return IO channels.
-///
-/// The returned `events_rx` yields non-approval events emitted by the sub-agent.
-/// Approval requests are handled via `parent_session` and are not surfaced.
-/// The returned `ops_tx` allows the caller to submit additional `Op`s to the sub-agent.
-pub(crate) async fn run_codex_conversation_interactive(
-    config: Config,
-    auth_manager: Arc<AuthManager>,
-    parent_session: Arc<Session>,
-    parent_ctx: Arc<TurnContext>,
-    cancel_token: CancellationToken,
-    initial_history: Option<InitialHistory>,
-) -> Result<Codex, CodexErr> {
-    let (tx_sub, rx_sub) = async_channel::bounded(SUBMISSION_CHANNEL_CAPACITY);
-    let (tx_ops, rx_ops) = async_channel::bounded(SUBMISSION_CHANNEL_CAPACITY);
-
-    let CodexSpawnOk { codex, .. } = Codex::spawn(
-        config,
-        auth_manager,
-        initial_history.unwrap_or(InitialHistory::New),
-        SessionSource::SubAgent(SubAgentSource::Review),
-    )
-    .await?;
-    let codex = Arc::new(codex);
-
-    // Use a child token so parent cancel cascades but we can scope it to this task
-    let cancel_token_events = cancel_token.child_token();
-    let cancel_token_ops = cancel_token.child_token();
-
-    // Forward events from the sub-agent to the consumer, filtering approvals and
-    // routing them to the parent session for decisions.
-    let parent_session_clone = Arc::clone(&parent_session);
-    let parent_ctx_clone = Arc::clone(&parent_ctx);
-    let codex_for_events = Arc::clone(&codex);
-    tokio::spawn(async move {
-        let _ = forward_events(
-            codex_for_events,
-            tx_sub,
-            parent_session_clone,
-            parent_ctx_clone,
-            cancel_token_events.clone(),
-        )
-        .or_cancel(&cancel_token_events)
-        .await;
-    });
-
-    // Forward ops from the caller to the sub-agent.
-    let codex_for_ops = Arc::clone(&codex);
-    tokio::spawn(async move {
-        forward_ops(codex_for_ops, rx_ops, cancel_token_ops).await;
-    });
-
-    Ok(Codex {
-        next_id: AtomicU64::new(0),
-        tx_sub: tx_ops,
-        rx_event: rx_sub,
-    })
-}
-
-/// Convenience wrapper for one-time use with an initial prompt.
-///
-/// Internally calls the interactive variant, then immediately submits the provided input.
-pub(crate) async fn run_codex_conversation_one_shot(
-    config: Config,
-    auth_manager: Arc<AuthManager>,
-    input: Vec<UserInput>,
-    parent_session: Arc<Session>,
-    parent_ctx: Arc<TurnContext>,
-    cancel_token: CancellationToken,
-    initial_history: Option<InitialHistory>,
-) -> Result<Codex, CodexErr> {
-    // Use a child token so we can stop the delegate after completion without
-    // requiring the caller to cancel the parent token.
-    let child_cancel = cancel_token.child_token();
-    let io = run_codex_conversation_interactive(
-        config,
-        auth_manager,
-        parent_session,
-        parent_ctx,
-        child_cancel.clone(),
-        initial_history,
-    )
-    .await?;
-
-    // Send the initial input to kick off the one-shot turn.
-    io.submit(Op::UserInput { items: input }).await?;
-
-    // Bridge events so we can observe completion and shut down automatically.
-    let (tx_bridge, rx_bridge) = async_channel::bounded(SUBMISSION_CHANNEL_CAPACITY);
-    let ops_tx = io.tx_sub.clone();
-    let io_for_bridge = io;
-    tokio::spawn(async move {
-        while let Ok(event) = io_for_bridge.next_event().await {
-            let should_shutdown = matches!(
-                event.msg,
-                EventMsg::TaskComplete(_) | EventMsg::TurnAborted(_)
-            );
-            let _ = tx_bridge.send(event).await;
-            if should_shutdown {
-                let _ = ops_tx
-                    .send(Submission {
-                        id: "shutdown".to_string(),
-                        op: Op::Shutdown {},
-                    })
-                    .await;
-                child_cancel.cancel();
-                break;
-            }
-        }
-    });
-
-    // For one-shot usage, return a closed `tx_sub` so callers cannot submit
-    // additional ops after the initial request. Create a channel and drop the
-    // receiver to close it immediately.
-    let (tx_closed, rx_closed) = async_channel::bounded(SUBMISSION_CHANNEL_CAPACITY);
-    drop(rx_closed);
-
-    Ok(Codex {
-        next_id: AtomicU64::new(0),
-        rx_event: rx_bridge,
-        tx_sub: tx_closed,
-    })
-}
-
-async fn forward_events(
-    codex: Arc<Codex>,
-    tx_sub: Sender<Event>,
-    parent_session: Arc<Session>,
-    parent_ctx: Arc<TurnContext>,
-    cancel_token: CancellationToken,
-) {
-    while let Ok(event) = codex.next_event().await {
-        match event {
-            Event {
-                id: _,
-                msg: EventMsg::SessionConfigured(_),
-            } => continue,
-            Event {
-                id,
-                msg: EventMsg::ExecApprovalRequest(event),
-            } => {
-                // Initiate approval via parent session; do not surface to consumer.
-                handle_exec_approval(
-                    &codex,
-                    id,
-                    &parent_session,
-                    &parent_ctx,
-                    event,
-                    &cancel_token,
-                )
-                .await;
-            }
-            Event {
-                id,
-                msg: EventMsg::ApplyPatchApprovalRequest(event),
-            } => {
-                handle_patch_approval(
-                    &codex,
-                    id,
-                    &parent_session,
-                    &parent_ctx,
-                    event,
-                    &cancel_token,
-                )
-                .await;
-            }
-            other => {
-                let _ = tx_sub.send(other).await;
-            }
-        }
-    }
-}
-
-/// Forward ops from a caller to a sub-agent, respecting cancellation.
-async fn forward_ops(
-    codex: Arc<Codex>,
-    rx_ops: Receiver<Submission>,
-    cancel_token_ops: CancellationToken,
-) {
-    loop {
-        let op: Op = match rx_ops.recv().or_cancel(&cancel_token_ops).await {
-            Ok(Ok(Submission { id: _, op })) => op,
-            Ok(Err(_)) | Err(_) => break,
-        };
-        let _ = codex.submit(op).await;
-    }
-}
-
-/// Handle an ExecApprovalRequest by consulting the parent session and replying.
-async fn handle_exec_approval(
-    codex: &Codex,
-    id: String,
-    parent_session: &Session,
-    parent_ctx: &TurnContext,
-    event: ExecApprovalRequestEvent,
-    cancel_token: &CancellationToken,
-) {
-    // Race approval with cancellation and timeout to avoid hangs.
-    let approval_fut = parent_session.request_command_approval(
-        parent_ctx,
-        parent_ctx.sub_id.clone(),
-        event.command,
-        event.cwd,
-        event.reason,
-        event.risk,
-    );
-    let decision = await_approval_with_cancel(
-        approval_fut,
-        parent_session,
-        &parent_ctx.sub_id,
-        cancel_token,
-    )
-    .await;
-
-    let _ = codex.submit(Op::ExecApproval { id, decision }).await;
-}
-
-/// Handle an ApplyPatchApprovalRequest by consulting the parent session and replying.
-async fn handle_patch_approval(
-    codex: &Codex,
-    id: String,
-    parent_session: &Session,
-    parent_ctx: &TurnContext,
-    event: ApplyPatchApprovalRequestEvent,
-    cancel_token: &CancellationToken,
-) {
-    let decision_rx = parent_session
-        .request_patch_approval(
-            parent_ctx,
-            parent_ctx.sub_id.clone(),
-            event.changes,
-            event.reason,
-            event.grant_root,
-        )
-        .await;
-    let decision = await_approval_with_cancel(
-        async move { decision_rx.await.unwrap_or_default() },
-        parent_session,
-        &parent_ctx.sub_id,
-        cancel_token,
-    )
-    .await;
-    let _ = codex.submit(Op::PatchApproval { id, decision }).await;
-}
-
-/// Await an approval decision, aborting on cancellation.
-async fn await_approval_with_cancel<F>(
-    fut: F,
-    parent_session: &Session,
-    sub_id: &str,
-    cancel_token: &CancellationToken,
-) -> codex_protocol::protocol::ReviewDecision
-where
-    F: core::future::Future<Output = codex_protocol::protocol::ReviewDecision>,
-{
-    tokio::select! {
-        biased;
-        _ = cancel_token.cancelled() => {
-            parent_session
-                .notify_approval(sub_id, codex_protocol::protocol::ReviewDecision::Abort)
-                .await;
-            codex_protocol::protocol::ReviewDecision::Abort
-        }
-        decision = fut => {
-            decision
-        }
-    }
-}

codex-rs/core/src/command_safety/is_dangerous_command.rs

@@ -1,4 +1,4 @@
-use crate::bash::parse_shell_lc_plain_commands;
+use crate::bash::parse_bash_lc_plain_commands;
 
 pub fn command_might_be_dangerous(command: &[String]) -> bool {
     if is_dangerous_to_call_with_exec(command) {
@@ -6,7 +6,7 @@ pub fn command_might_be_dangerous(command: &[String]) -> bool {
     }
 
     // Support `bash -lc "<script>"` where the any part of the script might contain a dangerous command.
-    if let Some(all_commands) = parse_shell_lc_plain_commands(command)
+    if let Some(all_commands) = parse_bash_lc_plain_commands(command)
         && all_commands
             .iter()
             .any(|cmd| is_dangerous_to_call_with_exec(cmd))
@@ -57,15 +57,6 @@ mod tests {
         ])));
     }
 
-    #[test]
-    fn zsh_git_reset_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&[
-            "zsh",
-            "-lc",
-            "git reset --hard"
-        ])));
-    }
-
     #[test]
     fn git_status_is_not_dangerous() {
         assert!(!command_might_be_dangerous(&vec_str(&["git", "status"])));

codex-rs/core/src/command_safety/is_safe_command.rs

@@ -1,25 +1,15 @@
-use crate::bash::parse_shell_lc_plain_commands;
+use crate::bash::parse_bash_lc_plain_commands;
 
 pub fn is_known_safe_command(command: &[String]) -> bool {
-    let command: Vec<String> = command
-        .iter()
-        .map(|s| {
-            if s == "zsh" {
-                "bash".to_string()
-            } else {
-                s.clone()
-            }
-        })
-        .collect();
     #[cfg(target_os = "windows")]
     {
         use super::windows_safe_commands::is_safe_command_windows;
-        if is_safe_command_windows(&command) {
+        if is_safe_command_windows(command) {
             return true;
         }
     }
 
-    if is_safe_to_call_with_exec(&command) {
+    if is_safe_to_call_with_exec(command) {
         return true;
     }
 
@@ -29,7 +19,7 @@ pub fn is_known_safe_command(command: &[String]) -> bool {
     // introduce side effects ( "&&", "||", ";", and "|" ). If every
     // individual command in the script is itself a known‑safe command, then
     // the composite expression is considered safe.
-    if let Some(all_commands) = parse_shell_lc_plain_commands(&command)
+    if let Some(all_commands) = parse_bash_lc_plain_commands(command)
         && !all_commands.is_empty()
         && all_commands
             .iter()
@@ -41,14 +31,9 @@ pub fn is_known_safe_command(command: &[String]) -> bool {
 }
 
 fn is_safe_to_call_with_exec(command: &[String]) -> bool {
-    let Some(cmd0) = command.first().map(String::as_str) else {
-        return false;
-    };
+    let cmd0 = command.first().map(String::as_str);
 
-    match std::path::Path::new(&cmd0)
-        .file_name()
-        .and_then(|osstr| osstr.to_str())
-    {
+    match cmd0 {
         #[rustfmt::skip]
         Some(
             "cat" |
@@ -118,12 +103,13 @@ fn is_safe_to_call_with_exec(command: &[String]) -> bool {
         // Rust
         Some("cargo") if command.get(1).map(String::as_str) == Some("check") => true,
 
-        // Special-case `sed -n {N|M,N}p`
+        // Special-case `sed -n {N|M,N}p FILE`
         Some("sed")
             if {
-                command.len() <= 4
+                command.len() == 4
                     && command.get(1).map(String::as_str) == Some("-n")
                     && is_valid_sed_n_arg(command.get(2).map(String::as_str))
+                    && command.get(3).map(String::is_empty) == Some(false)
             } =>
         {
             true
@@ -201,11 +187,6 @@ mod tests {
         ])));
     }
 
-    #[test]
-    fn zsh_lc_safe_command_sequence() {
-        assert!(is_known_safe_command(&vec_str(&["zsh", "-lc", "ls"])));
-    }
-
     #[test]
     fn unknown_or_partial() {
         assert!(!is_safe_to_call_with_exec(&vec_str(&["foo"])));

codex-rs/core/src/config/edit.rs

@@ -1,954 +0,0 @@
-use crate::config::CONFIG_TOML_FILE;
-use crate::config::types::McpServerConfig;
-use crate::config::types::Notice;
-use anyhow::Context;
-use codex_protocol::config_types::ReasoningEffort;
-use std::collections::BTreeMap;
-use std::path::Path;
-use std::path::PathBuf;
-use tempfile::NamedTempFile;
-use tokio::task;
-use toml_edit::DocumentMut;
-use toml_edit::Item as TomlItem;
-use toml_edit::Table as TomlTable;
-use toml_edit::value;
-
-/// Discrete config mutations supported by the persistence engine.
-#[derive(Clone, Debug)]
-pub enum ConfigEdit {
-    /// Update the active (or default) model selection and optional reasoning effort.
-    SetModel {
-        model: Option<String>,
-        effort: Option<ReasoningEffort>,
-    },
-    /// Toggle the acknowledgement flag under `[notice]`.
-    SetNoticeHideFullAccessWarning(bool),
-    /// Toggle the Windows onboarding acknowledgement flag.
-    SetWindowsWslSetupAcknowledged(bool),
-    /// Replace the entire `[mcp_servers]` table.
-    ReplaceMcpServers(BTreeMap<String, McpServerConfig>),
-    /// Set trust_level = "trusted" under `[projects."<path>"]`,
-    /// migrating inline tables to explicit tables.
-    SetProjectTrusted(PathBuf),
-    /// Set the value stored at the exact dotted path.
-    SetPath {
-        segments: Vec<String>,
-        value: TomlItem,
-    },
-    /// Remove the value stored at the exact dotted path.
-    ClearPath { segments: Vec<String> },
-}
-
-// TODO(jif) move to a dedicated file
-mod document_helpers {
-    use crate::config::types::McpServerConfig;
-    use crate::config::types::McpServerTransportConfig;
-    use toml_edit::Array as TomlArray;
-    use toml_edit::InlineTable;
-    use toml_edit::Item as TomlItem;
-    use toml_edit::Table as TomlTable;
-    use toml_edit::value;
-
-    pub(super) fn ensure_table_for_write(item: &mut TomlItem) -> Option<&mut TomlTable> {
-        match item {
-            TomlItem::Table(table) => Some(table),
-            TomlItem::Value(value) => {
-                if let Some(inline) = value.as_inline_table() {
-                    *item = TomlItem::Table(table_from_inline(inline));
-                    item.as_table_mut()
-                } else {
-                    *item = TomlItem::Table(new_implicit_table());
-                    item.as_table_mut()
-                }
-            }
-            TomlItem::None => {
-                *item = TomlItem::Table(new_implicit_table());
-                item.as_table_mut()
-            }
-            _ => None,
-        }
-    }
-
-    pub(super) fn ensure_table_for_read(item: &mut TomlItem) -> Option<&mut TomlTable> {
-        match item {
-            TomlItem::Table(table) => Some(table),
-            TomlItem::Value(value) => {
-                let inline = value.as_inline_table()?;
-                *item = TomlItem::Table(table_from_inline(inline));
-                item.as_table_mut()
-            }
-            _ => None,
-        }
-    }
-
-    pub(super) fn serialize_mcp_server(config: &McpServerConfig) -> TomlItem {
-        let mut entry = TomlTable::new();
-        entry.set_implicit(false);
-
-        match &config.transport {
-            McpServerTransportConfig::Stdio {
-                command,
-                args,
-                env,
-                env_vars,
-                cwd,
-            } => {
-                entry["command"] = value(command.clone());
-                if !args.is_empty() {
-                    entry["args"] = array_from_iter(args.iter().cloned());
-                }
-                if let Some(env) = env
-                    && !env.is_empty()
-                {
-                    entry["env"] = table_from_pairs(env.iter());
-                }
-                if !env_vars.is_empty() {
-                    entry["env_vars"] = array_from_iter(env_vars.iter().cloned());
-                }
-                if let Some(cwd) = cwd {
-                    entry["cwd"] = value(cwd.to_string_lossy().to_string());
-                }
-            }
-            McpServerTransportConfig::StreamableHttp {
-                url,
-                bearer_token_env_var,
-                http_headers,
-                env_http_headers,
-            } => {
-                entry["url"] = value(url.clone());
-                if let Some(env_var) = bearer_token_env_var {
-                    entry["bearer_token_env_var"] = value(env_var.clone());
-                }
-                if let Some(headers) = http_headers
-                    && !headers.is_empty()
-                {
-                    entry["http_headers"] = table_from_pairs(headers.iter());
-                }
-                if let Some(headers) = env_http_headers
-                    && !headers.is_empty()
-                {
-                    entry["env_http_headers"] = table_from_pairs(headers.iter());
-                }
-            }
-        }
-
-        if !config.enabled {
-            entry["enabled"] = value(false);
-        }
-        if let Some(timeout) = config.startup_timeout_sec {
-            entry["startup_timeout_sec"] = value(timeout.as_secs_f64());
-        }
-        if let Some(timeout) = config.tool_timeout_sec {
-            entry["tool_timeout_sec"] = value(timeout.as_secs_f64());
-        }
-        if let Some(enabled_tools) = &config.enabled_tools
-            && !enabled_tools.is_empty()
-        {
-            entry["enabled_tools"] = array_from_iter(enabled_tools.iter().cloned());
-        }
-        if let Some(disabled_tools) = &config.disabled_tools
-            && !disabled_tools.is_empty()
-        {
-            entry["disabled_tools"] = array_from_iter(disabled_tools.iter().cloned());
-        }
-
-        TomlItem::Table(entry)
-    }
-
-    fn table_from_inline(inline: &InlineTable) -> TomlTable {
-        let mut table = new_implicit_table();
-        for (key, value) in inline.iter() {
-            let mut value = value.clone();
-            let decor = value.decor_mut();
-            decor.set_suffix("");
-            table.insert(key, TomlItem::Value(value));
-        }
-        table
-    }
-
-    pub(super) fn new_implicit_table() -> TomlTable {
-        let mut table = TomlTable::new();
-        table.set_implicit(true);
-        table
-    }
-
-    fn array_from_iter<I>(iter: I) -> TomlItem
-    where
-        I: Iterator<Item = String>,
-    {
-        let mut array = TomlArray::new();
-        for value in iter {
-            array.push(value);
-        }
-        TomlItem::Value(array.into())
-    }
-
-    fn table_from_pairs<'a, I>(pairs: I) -> TomlItem
-    where
-        I: IntoIterator<Item = (&'a String, &'a String)>,
-    {
-        let mut entries: Vec<_> = pairs.into_iter().collect();
-        entries.sort_by(|(a, _), (b, _)| a.cmp(b));
-        let mut table = TomlTable::new();
-        table.set_implicit(false);
-        for (key, val) in entries {
-            table.insert(key, value(val.clone()));
-        }
-        TomlItem::Table(table)
-    }
-}
-
-struct ConfigDocument {
-    doc: DocumentMut,
-    profile: Option<String>,
-}
-
-#[derive(Copy, Clone)]
-enum Scope {
-    Global,
-    Profile,
-}
-
-#[derive(Copy, Clone)]
-enum TraversalMode {
-    Create,
-    Existing,
-}
-
-impl ConfigDocument {
-    fn new(doc: DocumentMut, profile: Option<String>) -> Self {
-        Self { doc, profile }
-    }
-
-    fn apply(&mut self, edit: &ConfigEdit) -> anyhow::Result<bool> {
-        match edit {
-            ConfigEdit::SetModel { model, effort } => Ok({
-                let mut mutated = false;
-                mutated |= self.write_profile_value(
-                    &["model"],
-                    model.as_ref().map(|model_value| value(model_value.clone())),
-                );
-                mutated |= self.write_profile_value(
-                    &["model_reasoning_effort"],
-                    effort.map(|effort| value(effort.to_string())),
-                );
-                mutated
-            }),
-            ConfigEdit::SetNoticeHideFullAccessWarning(acknowledged) => Ok(self.write_value(
-                Scope::Global,
-                &[Notice::TABLE_KEY, "hide_full_access_warning"],
-                value(*acknowledged),
-            )),
-            ConfigEdit::SetWindowsWslSetupAcknowledged(acknowledged) => Ok(self.write_value(
-                Scope::Global,
-                &["windows_wsl_setup_acknowledged"],
-                value(*acknowledged),
-            )),
-            ConfigEdit::ReplaceMcpServers(servers) => Ok(self.replace_mcp_servers(servers)),
-            ConfigEdit::SetPath { segments, value } => Ok(self.insert(segments, value.clone())),
-            ConfigEdit::ClearPath { segments } => Ok(self.clear_owned(segments)),
-            ConfigEdit::SetProjectTrusted(project_path) => {
-                // Delegate to the existing, tested logic in config.rs to
-                // ensure tables are explicit and migration is preserved.
-                crate::config::set_project_trusted_inner(&mut self.doc, project_path.as_path())?;
-                Ok(true)
-            }
-        }
-    }
-
-    fn write_profile_value(&mut self, segments: &[&str], value: Option<TomlItem>) -> bool {
-        match value {
-            Some(item) => self.write_value(Scope::Profile, segments, item),
-            None => self.clear(Scope::Profile, segments),
-        }
-    }
-
-    fn write_value(&mut self, scope: Scope, segments: &[&str], value: TomlItem) -> bool {
-        let resolved = self.scoped_segments(scope, segments);
-        self.insert(&resolved, value)
-    }
-
-    fn clear(&mut self, scope: Scope, segments: &[&str]) -> bool {
-        let resolved = self.scoped_segments(scope, segments);
-        self.remove(&resolved)
-    }
-
-    fn clear_owned(&mut self, segments: &[String]) -> bool {
-        self.remove(segments)
-    }
-
-    fn replace_mcp_servers(&mut self, servers: &BTreeMap<String, McpServerConfig>) -> bool {
-        if servers.is_empty() {
-            return self.clear(Scope::Global, &["mcp_servers"]);
-        }
-
-        let mut table = TomlTable::new();
-        table.set_implicit(true);
-
-        for (name, config) in servers {
-            table.insert(name, document_helpers::serialize_mcp_server(config));
-        }
-
-        let item = TomlItem::Table(table);
-        self.write_value(Scope::Global, &["mcp_servers"], item)
-    }
-
-    fn scoped_segments(&self, scope: Scope, segments: &[&str]) -> Vec<String> {
-        let resolved: Vec<String> = segments
-            .iter()
-            .map(|segment| (*segment).to_string())
-            .collect();
-
-        if matches!(scope, Scope::Profile)
-            && resolved.first().is_none_or(|segment| segment != "profiles")
-            && let Some(profile) = self.profile.as_deref()
-        {
-            let mut scoped = Vec::with_capacity(resolved.len() + 2);
-            scoped.push("profiles".to_string());
-            scoped.push(profile.to_string());
-            scoped.extend(resolved);
-            return scoped;
-        }
-
-        resolved
-    }
-
-    fn insert(&mut self, segments: &[String], value: TomlItem) -> bool {
-        let Some((last, parents)) = segments.split_last() else {
-            return false;
-        };
-
-        let Some(parent) = self.descend(parents, TraversalMode::Create) else {
-            return false;
-        };
-
-        parent[last] = value;
-        true
-    }
-
-    fn remove(&mut self, segments: &[String]) -> bool {
-        let Some((last, parents)) = segments.split_last() else {
-            return false;
-        };
-
-        let Some(parent) = self.descend(parents, TraversalMode::Existing) else {
-            return false;
-        };
-
-        parent.remove(last).is_some()
-    }
-
-    fn descend(&mut self, segments: &[String], mode: TraversalMode) -> Option<&mut TomlTable> {
-        let mut current = self.doc.as_table_mut();
-
-        for segment in segments {
-            match mode {
-                TraversalMode::Create => {
-                    if !current.contains_key(segment.as_str()) {
-                        current.insert(
-                            segment.as_str(),
-                            TomlItem::Table(document_helpers::new_implicit_table()),
-                        );
-                    }
-
-                    let item = current.get_mut(segment.as_str())?;
-                    current = document_helpers::ensure_table_for_write(item)?;
-                }
-                TraversalMode::Existing => {
-                    let item = current.get_mut(segment.as_str())?;
-                    current = document_helpers::ensure_table_for_read(item)?;
-                }
-            }
-        }
-
-        Some(current)
-    }
-}
-
-/// Persist edits using a blocking strategy.
-pub fn apply_blocking(
-    codex_home: &Path,
-    profile: Option<&str>,
-    edits: &[ConfigEdit],
-) -> anyhow::Result<()> {
-    if edits.is_empty() {
-        return Ok(());
-    }
-
-    let config_path = codex_home.join(CONFIG_TOML_FILE);
-    let serialized = match std::fs::read_to_string(&config_path) {
-        Ok(contents) => contents,
-        Err(err) if err.kind() == std::io::ErrorKind::NotFound => String::new(),
-        Err(err) => return Err(err.into()),
-    };
-
-    let doc = if serialized.is_empty() {
-        DocumentMut::new()
-    } else {
-        serialized.parse::<DocumentMut>()?
-    };
-
-    let profile = profile.map(ToOwned::to_owned).or_else(|| {
-        doc.get("profile")
-            .and_then(|item| item.as_str())
-            .map(ToOwned::to_owned)
-    });
-
-    let mut document = ConfigDocument::new(doc, profile);
-    let mut mutated = false;
-
-    for edit in edits {
-        mutated |= document.apply(edit)?;
-    }
-
-    if !mutated {
-        return Ok(());
-    }
-
-    std::fs::create_dir_all(codex_home).with_context(|| {
-        format!(
-            "failed to create Codex home directory at {}",
-            codex_home.display()
-        )
-    })?;
-
-    let tmp = NamedTempFile::new_in(codex_home)?;
-    std::fs::write(tmp.path(), document.doc.to_string()).with_context(|| {
-        format!(
-            "failed to write temporary config file at {}",
-            tmp.path().display()
-        )
-    })?;
-    tmp.persist(config_path)?;
-
-    Ok(())
-}
-
-/// Persist edits asynchronously by offloading the blocking writer.
-pub async fn apply(
-    codex_home: &Path,
-    profile: Option<&str>,
-    edits: Vec<ConfigEdit>,
-) -> anyhow::Result<()> {
-    let codex_home = codex_home.to_path_buf();
-    let profile = profile.map(ToOwned::to_owned);
-    task::spawn_blocking(move || apply_blocking(&codex_home, profile.as_deref(), &edits))
-        .await
-        .context("config persistence task panicked")?
-}
-
-/// Fluent builder to batch config edits and apply them atomically.
-#[derive(Default)]
-pub struct ConfigEditsBuilder {
-    codex_home: PathBuf,
-    profile: Option<String>,
-    edits: Vec<ConfigEdit>,
-}
-
-impl ConfigEditsBuilder {
-    pub fn new(codex_home: &Path) -> Self {
-        Self {
-            codex_home: codex_home.to_path_buf(),
-            profile: None,
-            edits: Vec::new(),
-        }
-    }
-
-    pub fn with_profile(mut self, profile: Option<&str>) -> Self {
-        self.profile = profile.map(ToOwned::to_owned);
-        self
-    }
-
-    pub fn set_model(mut self, model: Option<&str>, effort: Option<ReasoningEffort>) -> Self {
-        self.edits.push(ConfigEdit::SetModel {
-            model: model.map(ToOwned::to_owned),
-            effort,
-        });
-        self
-    }
-
-    pub fn set_hide_full_access_warning(mut self, acknowledged: bool) -> Self {
-        self.edits
-            .push(ConfigEdit::SetNoticeHideFullAccessWarning(acknowledged));
-        self
-    }
-
-    pub fn set_windows_wsl_setup_acknowledged(mut self, acknowledged: bool) -> Self {
-        self.edits
-            .push(ConfigEdit::SetWindowsWslSetupAcknowledged(acknowledged));
-        self
-    }
-
-    pub fn replace_mcp_servers(mut self, servers: &BTreeMap<String, McpServerConfig>) -> Self {
-        self.edits
-            .push(ConfigEdit::ReplaceMcpServers(servers.clone()));
-        self
-    }
-
-    pub fn set_project_trusted<P: Into<PathBuf>>(mut self, project_path: P) -> Self {
-        self.edits
-            .push(ConfigEdit::SetProjectTrusted(project_path.into()));
-        self
-    }
-
-    /// Apply edits on a blocking thread.
-    pub fn apply_blocking(self) -> anyhow::Result<()> {
-        apply_blocking(&self.codex_home, self.profile.as_deref(), &self.edits)
-    }
-
-    /// Apply edits asynchronously via a blocking offload.
-    pub async fn apply(self) -> anyhow::Result<()> {
-        task::spawn_blocking(move || {
-            apply_blocking(&self.codex_home, self.profile.as_deref(), &self.edits)
-        })
-        .await
-        .context("config persistence task panicked")?
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::config::types::McpServerTransportConfig;
-    use codex_protocol::config_types::ReasoningEffort;
-    use pretty_assertions::assert_eq;
-    use tempfile::tempdir;
-    use tokio::runtime::Builder;
-    use toml::Value as TomlValue;
-
-    #[test]
-    fn blocking_set_model_top_level() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::SetModel {
-                model: Some("gpt-5-codex".to_string()),
-                effort: Some(ReasoningEffort::High),
-            }],
-        )
-        .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = r#"model = "gpt-5-codex"
-model_reasoning_effort = "high"
-"#;
-        assert_eq!(contents, expected);
-    }
-
-    #[test]
-    fn blocking_set_model_preserves_inline_table_contents() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        // Seed with inline tables for profiles to simulate common user config.
-        std::fs::write(
-            codex_home.join(CONFIG_TOML_FILE),
-            r#"profile = "fast"
-
-profiles = { fast = { model = "gpt-4o", sandbox_mode = "strict" } }
-"#,
-        )
-        .expect("seed");
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::SetModel {
-                model: Some("o4-mini".to_string()),
-                effort: None,
-            }],
-        )
-        .expect("persist");
-
-        let raw = std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let value: TomlValue = toml::from_str(&raw).expect("parse config");
-
-        // Ensure sandbox_mode is preserved under profiles.fast and model updated.
-        let profiles_tbl = value
-            .get("profiles")
-            .and_then(|v| v.as_table())
-            .expect("profiles table");
-        let fast_tbl = profiles_tbl
-            .get("fast")
-            .and_then(|v| v.as_table())
-            .expect("fast table");
-        assert_eq!(
-            fast_tbl.get("sandbox_mode").and_then(|v| v.as_str()),
-            Some("strict")
-        );
-        assert_eq!(
-            fast_tbl.get("model").and_then(|v| v.as_str()),
-            Some("o4-mini")
-        );
-    }
-
-    #[test]
-    fn blocking_clear_model_removes_inline_table_entry() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        std::fs::write(
-            codex_home.join(CONFIG_TOML_FILE),
-            r#"profile = "fast"
-
-profiles = { fast = { model = "gpt-4o", sandbox_mode = "strict" } }
-"#,
-        )
-        .expect("seed");
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::SetModel {
-                model: None,
-                effort: Some(ReasoningEffort::High),
-            }],
-        )
-        .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = r#"profile = "fast"
-
-[profiles.fast]
-sandbox_mode = "strict"
-model_reasoning_effort = "high"
-"#;
-        assert_eq!(contents, expected);
-    }
-
-    #[test]
-    fn blocking_set_model_scopes_to_active_profile() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-        std::fs::write(
-            codex_home.join(CONFIG_TOML_FILE),
-            r#"profile = "team"
-
-[profiles.team]
-model_reasoning_effort = "low"
-"#,
-        )
-        .expect("seed");
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::SetModel {
-                model: Some("o5-preview".to_string()),
-                effort: Some(ReasoningEffort::Minimal),
-            }],
-        )
-        .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = r#"profile = "team"
-
-[profiles.team]
-model_reasoning_effort = "minimal"
-model = "o5-preview"
-"#;
-        assert_eq!(contents, expected);
-    }
-
-    #[test]
-    fn blocking_set_model_with_explicit_profile() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-        std::fs::write(
-            codex_home.join(CONFIG_TOML_FILE),
-            r#"[profiles."team a"]
-model = "gpt-5-codex"
-"#,
-        )
-        .expect("seed");
-
-        apply_blocking(
-            codex_home,
-            Some("team a"),
-            &[ConfigEdit::SetModel {
-                model: Some("o4-mini".to_string()),
-                effort: None,
-            }],
-        )
-        .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = r#"[profiles."team a"]
-model = "o4-mini"
-"#;
-        assert_eq!(contents, expected);
-    }
-
-    #[test]
-    fn blocking_set_hide_full_access_warning_preserves_table() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-        std::fs::write(
-            codex_home.join(CONFIG_TOML_FILE),
-            r#"# Global comment
-
-[notice]
-# keep me
-existing = "value"
-"#,
-        )
-        .expect("seed");
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::SetNoticeHideFullAccessWarning(true)],
-        )
-        .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = r#"# Global comment
-
-[notice]
-# keep me
-existing = "value"
-hide_full_access_warning = true
-"#;
-        assert_eq!(contents, expected);
-    }
-
-    #[test]
-    fn blocking_replace_mcp_servers_round_trips() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        let mut servers = BTreeMap::new();
-        servers.insert(
-            "stdio".to_string(),
-            McpServerConfig {
-                transport: McpServerTransportConfig::Stdio {
-                    command: "cmd".to_string(),
-                    args: vec!["--flag".to_string()],
-                    env: Some(
-                        [
-                            ("B".to_string(), "2".to_string()),
-                            ("A".to_string(), "1".to_string()),
-                        ]
-                        .into_iter()
-                        .collect(),
-                    ),
-                    env_vars: vec!["FOO".to_string()],
-                    cwd: None,
-                },
-                enabled: true,
-                startup_timeout_sec: None,
-                tool_timeout_sec: None,
-                enabled_tools: Some(vec!["one".to_string(), "two".to_string()]),
-                disabled_tools: None,
-            },
-        );
-
-        servers.insert(
-            "http".to_string(),
-            McpServerConfig {
-                transport: McpServerTransportConfig::StreamableHttp {
-                    url: "https://example.com".to_string(),
-                    bearer_token_env_var: Some("TOKEN".to_string()),
-                    http_headers: Some(
-                        [("Z-Header".to_string(), "z".to_string())]
-                            .into_iter()
-                            .collect(),
-                    ),
-                    env_http_headers: None,
-                },
-                enabled: false,
-                startup_timeout_sec: Some(std::time::Duration::from_secs(5)),
-                tool_timeout_sec: None,
-                enabled_tools: None,
-                disabled_tools: Some(vec!["forbidden".to_string()]),
-            },
-        );
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::ReplaceMcpServers(servers.clone())],
-        )
-        .expect("persist");
-
-        let raw = std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = "\
-[mcp_servers.http]
-url = \"https://example.com\"
-bearer_token_env_var = \"TOKEN\"
-enabled = false
-startup_timeout_sec = 5.0
-disabled_tools = [\"forbidden\"]
-
-[mcp_servers.http.http_headers]
-Z-Header = \"z\"
-
-[mcp_servers.stdio]
-command = \"cmd\"
-args = [\"--flag\"]
-env_vars = [\"FOO\"]
-enabled_tools = [\"one\", \"two\"]
-
-[mcp_servers.stdio.env]
-A = \"1\"
-B = \"2\"
-";
-        assert_eq!(raw, expected);
-    }
-
-    #[test]
-    fn blocking_clear_path_noop_when_missing() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::ClearPath {
-                segments: vec!["missing".to_string()],
-            }],
-        )
-        .expect("apply");
-
-        assert!(
-            !codex_home.join(CONFIG_TOML_FILE).exists(),
-            "config.toml should not be created on noop"
-        );
-    }
-
-    #[test]
-    fn blocking_set_path_updates_notifications() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        let item = value(false);
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::SetPath {
-                segments: vec!["tui".to_string(), "notifications".to_string()],
-                value: item,
-            }],
-        )
-        .expect("apply");
-
-        let raw = std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let config: TomlValue = toml::from_str(&raw).expect("parse config");
-        let notifications = config
-            .get("tui")
-            .and_then(|item| item.as_table())
-            .and_then(|tbl| tbl.get("notifications"))
-            .and_then(toml::Value::as_bool);
-        assert_eq!(notifications, Some(false));
-    }
-
-    #[tokio::test]
-    async fn async_builder_set_model_persists() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path().to_path_buf();
-
-        ConfigEditsBuilder::new(&codex_home)
-            .set_model(Some("gpt-5-codex"), Some(ReasoningEffort::High))
-            .apply()
-            .await
-            .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let expected = r#"model = "gpt-5-codex"
-model_reasoning_effort = "high"
-"#;
-        assert_eq!(contents, expected);
-    }
-
-    #[test]
-    fn blocking_builder_set_model_round_trips_back_and_forth() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-
-        let initial_expected = r#"model = "o4-mini"
-model_reasoning_effort = "low"
-"#;
-        ConfigEditsBuilder::new(codex_home)
-            .set_model(Some("o4-mini"), Some(ReasoningEffort::Low))
-            .apply_blocking()
-            .expect("persist initial");
-        let mut contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        assert_eq!(contents, initial_expected);
-
-        let updated_expected = r#"model = "gpt-5-codex"
-model_reasoning_effort = "high"
-"#;
-        ConfigEditsBuilder::new(codex_home)
-            .set_model(Some("gpt-5-codex"), Some(ReasoningEffort::High))
-            .apply_blocking()
-            .expect("persist update");
-        contents = std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        assert_eq!(contents, updated_expected);
-
-        ConfigEditsBuilder::new(codex_home)
-            .set_model(Some("o4-mini"), Some(ReasoningEffort::Low))
-            .apply_blocking()
-            .expect("persist revert");
-        contents = std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        assert_eq!(contents, initial_expected);
-    }
-
-    #[test]
-    fn blocking_set_asynchronous_helpers_available() {
-        let rt = Builder::new_current_thread()
-            .enable_all()
-            .build()
-            .expect("runtime");
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path().to_path_buf();
-
-        rt.block_on(async {
-            ConfigEditsBuilder::new(&codex_home)
-                .set_hide_full_access_warning(true)
-                .apply()
-                .await
-                .expect("persist");
-        });
-
-        let raw = std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        let notice = toml::from_str::<TomlValue>(&raw)
-            .expect("parse config")
-            .get("notice")
-            .and_then(|item| item.as_table())
-            .and_then(|tbl| tbl.get("hide_full_access_warning"))
-            .and_then(toml::Value::as_bool);
-        assert_eq!(notice, Some(true));
-    }
-
-    #[test]
-    fn replace_mcp_servers_blocking_clears_table_when_empty() {
-        let tmp = tempdir().expect("tmpdir");
-        let codex_home = tmp.path();
-        std::fs::write(
-            codex_home.join(CONFIG_TOML_FILE),
-            "[mcp_servers]\nfoo = { command = \"cmd\" }\n",
-        )
-        .expect("seed");
-
-        apply_blocking(
-            codex_home,
-            None,
-            &[ConfigEdit::ReplaceMcpServers(BTreeMap::new())],
-        )
-        .expect("persist");
-
-        let contents =
-            std::fs::read_to_string(codex_home.join(CONFIG_TOML_FILE)).expect("read config");
-        assert!(!contents.contains("mcp_servers"));
-    }
-}

codex-rs/core/src/config_edit.rs

@@ -0,0 +1,748 @@
+use crate::config::CONFIG_TOML_FILE;
+use anyhow::Result;
+use std::path::Path;
+use tempfile::NamedTempFile;
+use toml_edit::DocumentMut;
+
+pub const CONFIG_KEY_MODEL: &str = "model";
+pub const CONFIG_KEY_EFFORT: &str = "model_reasoning_effort";
+
+#[derive(Copy, Clone)]
+enum NoneBehavior {
+    Skip,
+    Remove,
+}
+
+/// Persist overrides into `config.toml` using explicit key segments per
+/// override. This avoids ambiguity with keys that contain dots or spaces.
+pub async fn persist_overrides(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], &str)],
+) -> Result<()> {
+    let with_options: Vec<(&[&str], Option<&str>)> = overrides
+        .iter()
+        .map(|(segments, value)| (*segments, Some(*value)))
+        .collect();
+
+    persist_overrides_with_behavior(codex_home, profile, &with_options, NoneBehavior::Skip).await
+}
+
+/// Persist overrides where values may be optional. Any entries with `None`
+/// values are skipped. If all values are `None`, this becomes a no-op and
+/// returns `Ok(())` without touching the file.
+pub async fn persist_non_null_overrides(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], Option<&str>)],
+) -> Result<()> {
+    persist_overrides_with_behavior(codex_home, profile, overrides, NoneBehavior::Skip).await
+}
+
+/// Persist overrides where `None` values clear any existing values from the
+/// configuration file.
+pub async fn persist_overrides_and_clear_if_none(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], Option<&str>)],
+) -> Result<()> {
+    persist_overrides_with_behavior(codex_home, profile, overrides, NoneBehavior::Remove).await
+}
+
+/// Apply a single override onto a `toml_edit` document while preserving
+/// existing formatting/comments.
+/// The key is expressed as explicit segments to correctly handle keys that
+/// contain dots or spaces.
+fn apply_toml_edit_override_segments(
+    doc: &mut DocumentMut,
+    segments: &[&str],
+    value: toml_edit::Item,
+) {
+    use toml_edit::Item;
+
+    if segments.is_empty() {
+        return;
+    }
+
+    let mut current = doc.as_table_mut();
+    for seg in &segments[..segments.len() - 1] {
+        if !current.contains_key(seg) {
+            current[*seg] = Item::Table(toml_edit::Table::new());
+            if let Some(t) = current[*seg].as_table_mut() {
+                t.set_implicit(true);
+            }
+        }
+
+        let maybe_item = current.get_mut(seg);
+        let Some(item) = maybe_item else { return };
+
+        if !item.is_table() {
+            *item = Item::Table(toml_edit::Table::new());
+            if let Some(t) = item.as_table_mut() {
+                t.set_implicit(true);
+            }
+        }
+
+        let Some(tbl) = item.as_table_mut() else {
+            return;
+        };
+        current = tbl;
+    }
+
+    let last = segments[segments.len() - 1];
+    current[last] = value;
+}
+
+async fn persist_overrides_with_behavior(
+    codex_home: &Path,
+    profile: Option<&str>,
+    overrides: &[(&[&str], Option<&str>)],
+    none_behavior: NoneBehavior,
+) -> Result<()> {
+    if overrides.is_empty() {
+        return Ok(());
+    }
+
+    let should_skip = match none_behavior {
+        NoneBehavior::Skip => overrides.iter().all(|(_, value)| value.is_none()),
+        NoneBehavior::Remove => false,
+    };
+
+    if should_skip {
+        return Ok(());
+    }
+
+    let config_path = codex_home.join(CONFIG_TOML_FILE);
+
+    let read_result = tokio::fs::read_to_string(&config_path).await;
+    let mut doc = match read_result {
+        Ok(contents) => contents.parse::<DocumentMut>()?,
+        Err(e) if e.kind() == std::io::ErrorKind::NotFound => {
+            if overrides
+                .iter()
+                .all(|(_, value)| value.is_none() && matches!(none_behavior, NoneBehavior::Remove))
+            {
+                return Ok(());
+            }
+
+            tokio::fs::create_dir_all(codex_home).await?;
+            DocumentMut::new()
+        }
+        Err(e) => return Err(e.into()),
+    };
+
+    let effective_profile = if let Some(p) = profile {
+        Some(p.to_owned())
+    } else {
+        doc.get("profile")
+            .and_then(|i| i.as_str())
+            .map(str::to_string)
+    };
+
+    let mut mutated = false;
+
+    for (segments, value) in overrides.iter().copied() {
+        let mut seg_buf: Vec<&str> = Vec::new();
+        let segments_to_apply: &[&str];
+
+        if let Some(ref name) = effective_profile {
+            if segments.first().copied() == Some("profiles") {
+                segments_to_apply = segments;
+            } else {
+                seg_buf.reserve(2 + segments.len());
+                seg_buf.push("profiles");
+                seg_buf.push(name.as_str());
+                seg_buf.extend_from_slice(segments);
+                segments_to_apply = seg_buf.as_slice();
+            }
+        } else {
+            segments_to_apply = segments;
+        }
+
+        match value {
+            Some(v) => {
+                let item_value = toml_edit::value(v);
+                apply_toml_edit_override_segments(&mut doc, segments_to_apply, item_value);
+                mutated = true;
+            }
+            None => {
+                if matches!(none_behavior, NoneBehavior::Remove)
+                    && remove_toml_edit_segments(&mut doc, segments_to_apply)
+                {
+                    mutated = true;
+                }
+            }
+        }
+    }
+
+    if !mutated {
+        return Ok(());
+    }
+
+    let tmp_file = NamedTempFile::new_in(codex_home)?;
+    tokio::fs::write(tmp_file.path(), doc.to_string()).await?;
+    tmp_file.persist(config_path)?;
+
+    Ok(())
+}
+
+fn remove_toml_edit_segments(doc: &mut DocumentMut, segments: &[&str]) -> bool {
+    use toml_edit::Item;
+
+    if segments.is_empty() {
+        return false;
+    }
+
+    let mut current = doc.as_table_mut();
+    for seg in &segments[..segments.len() - 1] {
+        let Some(item) = current.get_mut(seg) else {
+            return false;
+        };
+
+        match item {
+            Item::Table(table) => {
+                current = table;
+            }
+            _ => {
+                return false;
+            }
+        }
+    }
+
+    current.remove(segments[segments.len() - 1]).is_some()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use pretty_assertions::assert_eq;
+    use tempfile::tempdir;
+
+    /// Verifies model and effort are written at top-level when no profile is set.
+    #[tokio::test]
+    async fn set_default_model_and_effort_top_level_when_no_profile() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "gpt-5-codex"),
+                (&[CONFIG_KEY_EFFORT], "high"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"model = "gpt-5-codex"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies values are written under the active profile when `profile` is set.
+    #[tokio::test]
+    async fn set_defaults_update_profile_when_profile_set() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed config with a profile selection but without profiles table
+        let seed = "profile = \"o3\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "o3"),
+                (&[CONFIG_KEY_EFFORT], "minimal"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "o3"
+
+[profiles.o3]
+model = "o3"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies profile names with dots/spaces are preserved via explicit segments.
+    #[tokio::test]
+    async fn set_defaults_update_profile_with_dot_and_space() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed config with a profile name that contains a dot and a space
+        let seed = "profile = \"my.team name\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "o3"),
+                (&[CONFIG_KEY_EFFORT], "minimal"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "my.team name"
+
+[profiles."my.team name"]
+model = "o3"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies explicit profile override writes under that profile even without active profile.
+    #[tokio::test]
+    async fn set_defaults_update_when_profile_override_supplied() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // No profile key in config.toml
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), "")
+            .await
+            .expect("seed write");
+
+        // Persist with an explicit profile override
+        persist_overrides(
+            codex_home,
+            Some("o3"),
+            &[(&[CONFIG_KEY_MODEL], "o3"), (&[CONFIG_KEY_EFFORT], "high")],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[profiles.o3]
+model = "o3"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies nested tables are created as needed when applying overrides.
+    #[tokio::test]
+    async fn persist_overrides_creates_nested_tables() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&["a", "b", "c"], "v"),
+                (&["x"], "y"),
+                (&["profiles", "p1", CONFIG_KEY_MODEL], "gpt-5-codex"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"x = "y"
+
+[a.b]
+c = "v"
+
+[profiles.p1]
+model = "gpt-5-codex"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies a scalar key becomes a table when nested keys are written.
+    #[tokio::test]
+    async fn persist_overrides_replaces_scalar_with_table() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+        let seed = "foo = \"bar\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(codex_home, None, &[(&["foo", "bar", "baz"], "ok")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[foo.bar]
+baz = "ok"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies comments and spacing are preserved when writing under active profile.
+    #[tokio::test]
+    async fn set_defaults_preserve_comments() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed a config with comments and spacing we expect to preserve
+        let seed = r#"# Global comment
+# Another line
+
+profile = "o3"
+
+# Profile settings
+[profiles.o3]
+# keep me
+existing = "keep"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Apply defaults; since profile is set, it should write under [profiles.o3]
+        persist_overrides(
+            codex_home,
+            None,
+            &[(&[CONFIG_KEY_MODEL], "o3"), (&[CONFIG_KEY_EFFORT], "high")],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"# Global comment
+# Another line
+
+profile = "o3"
+
+# Profile settings
+[profiles.o3]
+# keep me
+existing = "keep"
+model = "o3"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies comments and spacing are preserved when writing at top level.
+    #[tokio::test]
+    async fn set_defaults_preserve_global_comments() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed a config WITHOUT a profile, containing comments and spacing
+        let seed = r#"# Top-level comments
+# should be preserved
+
+existing = "keep"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Since there is no profile, the defaults should be written at top-level
+        persist_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], "gpt-5-codex"),
+                (&[CONFIG_KEY_EFFORT], "minimal"),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"# Top-level comments
+# should be preserved
+
+existing = "keep"
+model = "gpt-5-codex"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies errors on invalid TOML propagate and file is not clobbered.
+    #[tokio::test]
+    async fn persist_overrides_errors_on_parse_failure() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Write an intentionally invalid TOML file
+        let invalid = "invalid = [unclosed";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), invalid)
+            .await
+            .expect("seed write");
+
+        // Attempting to persist should return an error and must not clobber the file.
+        let res = persist_overrides(codex_home, None, &[(&["x"], "y")]).await;
+        assert!(res.is_err(), "expected parse error to propagate");
+
+        // File should be unchanged
+        let contents = read_config(codex_home).await;
+        assert_eq!(contents, invalid);
+    }
+
+    /// Verifies changing model only preserves existing effort at top-level.
+    #[tokio::test]
+    async fn changing_only_model_preserves_existing_effort_top_level() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed with an effort value only
+        let seed = "model_reasoning_effort = \"minimal\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Change only the model
+        persist_overrides(codex_home, None, &[(&[CONFIG_KEY_MODEL], "o3")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"model_reasoning_effort = "minimal"
+model = "o3"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies changing effort only preserves existing model at top-level.
+    #[tokio::test]
+    async fn changing_only_effort_preserves_existing_model_top_level() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed with a model value only
+        let seed = "model = \"gpt-5-codex\"\n";
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        // Change only the effort
+        persist_overrides(codex_home, None, &[(&[CONFIG_KEY_EFFORT], "high")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"model = "gpt-5-codex"
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies changing model only preserves existing effort in active profile.
+    #[tokio::test]
+    async fn changing_only_model_preserves_effort_in_active_profile() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // Seed with an active profile and an existing effort under that profile
+        let seed = r#"profile = "p1"
+
+[profiles.p1]
+model_reasoning_effort = "low"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(codex_home, None, &[(&[CONFIG_KEY_MODEL], "o4-mini")])
+            .await
+            .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "p1"
+
+[profiles.p1]
+model_reasoning_effort = "low"
+model = "o4-mini"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies changing effort only preserves existing model in a profile override.
+    #[tokio::test]
+    async fn changing_only_effort_preserves_model_in_profile_override() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        // No active profile key; we'll target an explicit override
+        let seed = r#"[profiles.team]
+model = "gpt-5-codex"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides(
+            codex_home,
+            Some("team"),
+            &[(&[CONFIG_KEY_EFFORT], "minimal")],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[profiles.team]
+model = "gpt-5-codex"
+model_reasoning_effort = "minimal"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies `persist_non_null_overrides` skips `None` entries and writes only present values at top-level.
+    #[tokio::test]
+    async fn persist_non_null_skips_none_top_level() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_non_null_overrides(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], Some("gpt-5-codex")),
+                (&[CONFIG_KEY_EFFORT], None),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = "model = \"gpt-5-codex\"\n";
+        assert_eq!(contents, expected);
+    }
+
+    /// Verifies no-op behavior when all provided overrides are `None` (no file created/modified).
+    #[tokio::test]
+    async fn persist_non_null_noop_when_all_none() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_non_null_overrides(
+            codex_home,
+            None,
+            &[(&["a"], None), (&["profiles", "p", "x"], None)],
+        )
+        .await
+        .expect("persist");
+
+        // Should not create config.toml on a pure no-op
+        assert!(!codex_home.join(CONFIG_TOML_FILE).exists());
+    }
+
+    /// Verifies entries are written under the specified profile and `None` entries are skipped.
+    #[tokio::test]
+    async fn persist_non_null_respects_profile_override() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_non_null_overrides(
+            codex_home,
+            Some("team"),
+            &[
+                (&[CONFIG_KEY_MODEL], Some("o3")),
+                (&[CONFIG_KEY_EFFORT], None),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"[profiles.team]
+model = "o3"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    #[tokio::test]
+    async fn persist_clear_none_removes_top_level_value() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        let seed = r#"model = "gpt-5-codex"
+model_reasoning_effort = "medium"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides_and_clear_if_none(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], None),
+                (&[CONFIG_KEY_EFFORT], Some("high")),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = "model_reasoning_effort = \"high\"\n";
+        assert_eq!(contents, expected);
+    }
+
+    #[tokio::test]
+    async fn persist_clear_none_respects_active_profile() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        let seed = r#"profile = "team"
+
+[profiles.team]
+model = "gpt-4"
+model_reasoning_effort = "minimal"
+"#;
+        tokio::fs::write(codex_home.join(CONFIG_TOML_FILE), seed)
+            .await
+            .expect("seed write");
+
+        persist_overrides_and_clear_if_none(
+            codex_home,
+            None,
+            &[
+                (&[CONFIG_KEY_MODEL], None),
+                (&[CONFIG_KEY_EFFORT], Some("high")),
+            ],
+        )
+        .await
+        .expect("persist");
+
+        let contents = read_config(codex_home).await;
+        let expected = r#"profile = "team"
+
+[profiles.team]
+model_reasoning_effort = "high"
+"#;
+        assert_eq!(contents, expected);
+    }
+
+    #[tokio::test]
+    async fn persist_clear_none_noop_when_file_missing() {
+        let tmpdir = tempdir().expect("tmp");
+        let codex_home = tmpdir.path();
+
+        persist_overrides_and_clear_if_none(codex_home, None, &[(&[CONFIG_KEY_MODEL], None)])
+            .await
+            .expect("persist");
+
+        assert!(!codex_home.join(CONFIG_TOML_FILE).exists());
+    }
+
+    // Test helper moved to bottom per review guidance.
+    async fn read_config(codex_home: &Path) -> String {
+        let p = codex_home.join(CONFIG_TOML_FILE);
+        tokio::fs::read_to_string(p).await.unwrap_or_default()
+    }
+}

codex-rs/core/src/config_profile.rs

@@ -4,7 +4,6 @@ use std::path::PathBuf;
 use crate::protocol::AskForApproval;
 use codex_protocol::config_types::ReasoningEffort;
 use codex_protocol::config_types::ReasoningSummary;
-use codex_protocol::config_types::SandboxMode;
 use codex_protocol::config_types::Verbosity;
 
 /// Collection of common configuration options that a user can define as a unit
@@ -16,19 +15,18 @@ pub struct ConfigProfile {
     /// [`ModelProviderInfo`] to use.
     pub model_provider: Option<String>,
     pub approval_policy: Option<AskForApproval>,
-    pub sandbox_mode: Option<SandboxMode>,
     pub model_reasoning_effort: Option<ReasoningEffort>,
     pub model_reasoning_summary: Option<ReasoningSummary>,
     pub model_verbosity: Option<Verbosity>,
     pub chatgpt_base_url: Option<String>,
     pub experimental_instructions_file: Option<PathBuf>,
-    pub experimental_compact_prompt_file: Option<PathBuf>,
+    pub include_plan_tool: Option<bool>,
     pub include_apply_patch_tool: Option<bool>,
+    pub include_view_image_tool: Option<bool>,
     pub experimental_use_unified_exec_tool: Option<bool>,
     pub experimental_use_exec_command_tool: Option<bool>,
     pub experimental_use_rmcp_client: Option<bool>,
     pub experimental_use_freeform_apply_patch: Option<bool>,
-    pub experimental_sandbox_command_assessment: Option<bool>,
     pub tools_web_search: Option<bool>,
     pub tools_view_image: Option<bool>,
     /// Optional feature toggles scoped to this profile.

codex-rs/core/src/config_types.rs

@@ -35,14 +35,6 @@ pub struct McpServerConfig {
     /// Default timeout for MCP tool calls initiated via this server.
     #[serde(default, with = "option_duration_secs")]
     pub tool_timeout_sec: Option<Duration>,
-
-    /// Explicit allow-list of tools exposed from this server. When set, only these tools will be registered.
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub enabled_tools: Option<Vec<String>>,
-
-    /// Explicit deny-list of tools. These tools will be removed after applying `enabled_tools`.
-    #[serde(default, skip_serializing_if = "Option::is_none")]
-    pub disabled_tools: Option<Vec<String>>,
 }
 
 impl<'de> Deserialize<'de> for McpServerConfig {
@@ -50,28 +42,18 @@ impl<'de> Deserialize<'de> for McpServerConfig {
     where
         D: Deserializer<'de>,
     {
-        #[derive(Deserialize, Clone)]
+        #[derive(Deserialize)]
         struct RawMcpServerConfig {
-            // stdio
             command: Option<String>,
             #[serde(default)]
             args: Option<Vec<String>>,
             #[serde(default)]
             env: Option<HashMap<String, String>>,
-            #[serde(default)]
-            env_vars: Option<Vec<String>>,
-            #[serde(default)]
-            cwd: Option<PathBuf>,
-            http_headers: Option<HashMap<String, String>>,
-            #[serde(default)]
-            env_http_headers: Option<HashMap<String, String>>,
 
-            // streamable_http
             url: Option<String>,
             bearer_token: Option<String>,
             bearer_token_env_var: Option<String>,
 
-            // shared
             #[serde(default)]
             startup_timeout_sec: Option<f64>,
             #[serde(default)]
@@ -80,13 +62,9 @@ impl<'de> Deserialize<'de> for McpServerConfig {
             tool_timeout_sec: Option<Duration>,
             #[serde(default)]
             enabled: Option<bool>,
-            #[serde(default)]
-            enabled_tools: Option<Vec<String>>,
-            #[serde(default)]
-            disabled_tools: Option<Vec<String>>,
         }
 
-        let mut raw = RawMcpServerConfig::deserialize(deserializer)?;
+        let raw = RawMcpServerConfig::deserialize(deserializer)?;
 
         let startup_timeout_sec = match (raw.startup_timeout_sec, raw.startup_timeout_ms) {
             (Some(sec), _) => {
@@ -96,10 +74,6 @@ impl<'de> Deserialize<'de> for McpServerConfig {
             (None, Some(ms)) => Some(Duration::from_millis(ms)),
             (None, None) => None,
         };
-        let tool_timeout_sec = raw.tool_timeout_sec;
-        let enabled = raw.enabled.unwrap_or_else(default_enabled);
-        let enabled_tools = raw.enabled_tools.clone();
-        let disabled_tools = raw.disabled_tools.clone();
 
         fn throw_if_set<E, T>(transport: &str, field: &str, value: Option<&T>) -> Result<(), E>
         where
@@ -113,46 +87,53 @@ impl<'de> Deserialize<'de> for McpServerConfig {
             )))
         }
 
-        let transport = if let Some(command) = raw.command.clone() {
-            throw_if_set("stdio", "url", raw.url.as_ref())?;
-            throw_if_set(
-                "stdio",
-                "bearer_token_env_var",
-                raw.bearer_token_env_var.as_ref(),
-            )?;
-            throw_if_set("stdio", "bearer_token", raw.bearer_token.as_ref())?;
-            throw_if_set("stdio", "http_headers", raw.http_headers.as_ref())?;
-            throw_if_set("stdio", "env_http_headers", raw.env_http_headers.as_ref())?;
-            McpServerTransportConfig::Stdio {
-                command,
-                args: raw.args.clone().unwrap_or_default(),
-                env: raw.env.clone(),
-                env_vars: raw.env_vars.clone().unwrap_or_default(),
-                cwd: raw.cwd.take(),
-            }
-        } else if let Some(url) = raw.url.clone() {
-            throw_if_set("streamable_http", "args", raw.args.as_ref())?;
-            throw_if_set("streamable_http", "env", raw.env.as_ref())?;
-            throw_if_set("streamable_http", "env_vars", raw.env_vars.as_ref())?;
-            throw_if_set("streamable_http", "cwd", raw.cwd.as_ref())?;
-            throw_if_set("streamable_http", "bearer_token", raw.bearer_token.as_ref())?;
-            McpServerTransportConfig::StreamableHttp {
+        let transport = match raw {
+            RawMcpServerConfig {
+                command: Some(command),
+                args,
+                env,
                 url,
-                bearer_token_env_var: raw.bearer_token_env_var.clone(),
-                http_headers: raw.http_headers.clone(),
-                env_http_headers: raw.env_http_headers.take(),
+                bearer_token_env_var,
+                ..
+            } => {
+                throw_if_set("stdio", "url", url.as_ref())?;
+                throw_if_set(
+                    "stdio",
+                    "bearer_token_env_var",
+                    bearer_token_env_var.as_ref(),
+                )?;
+                McpServerTransportConfig::Stdio {
+                    command,
+                    args: args.unwrap_or_default(),
+                    env,
+                }
             }
-        } else {
-            return Err(SerdeError::custom("invalid transport"));
+            RawMcpServerConfig {
+                url: Some(url),
+                bearer_token,
+                bearer_token_env_var,
+                command,
+                args,
+                env,
+                ..
+            } => {
+                throw_if_set("streamable_http", "command", command.as_ref())?;
+                throw_if_set("streamable_http", "args", args.as_ref())?;
+                throw_if_set("streamable_http", "env", env.as_ref())?;
+                throw_if_set("streamable_http", "bearer_token", bearer_token.as_ref())?;
+                McpServerTransportConfig::StreamableHttp {
+                    url,
+                    bearer_token_env_var,
+                }
+            }
+            _ => return Err(SerdeError::custom("invalid transport")),
         };
 
         Ok(Self {
             transport,
             startup_timeout_sec,
-            tool_timeout_sec,
-            enabled,
-            enabled_tools,
-            disabled_tools,
+            tool_timeout_sec: raw.tool_timeout_sec,
+            enabled: raw.enabled.unwrap_or_else(default_enabled),
         })
     }
 }
@@ -171,10 +152,6 @@ pub enum McpServerTransportConfig {
         args: Vec<String>,
         #[serde(default, skip_serializing_if = "Option::is_none")]
         env: Option<HashMap<String, String>>,
-        #[serde(default, skip_serializing_if = "Vec::is_empty")]
-        env_vars: Vec<String>,
-        #[serde(default, skip_serializing_if = "Option::is_none")]
-        cwd: Option<PathBuf>,
     },
     /// https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#streamable-http
     StreamableHttp {
@@ -184,12 +161,6 @@ pub enum McpServerTransportConfig {
         /// The actual secret value must be provided via the environment.
         #[serde(default, skip_serializing_if = "Option::is_none")]
         bearer_token_env_var: Option<String>,
-        /// Additional HTTP headers to include in requests to this server.
-        #[serde(default, skip_serializing_if = "Option::is_none")]
-        http_headers: Option<HashMap<String, String>>,
-        /// HTTP headers where the value is sourced from an environment variable.
-        #[serde(default, skip_serializing_if = "Option::is_none")]
-        env_http_headers: Option<HashMap<String, String>>,
     },
 }
 
@@ -351,20 +322,6 @@ pub struct Tui {
     pub notifications: Notifications,
 }
 
-/// Settings for notices we display to users via the tui and app-server clients
-/// (primarily the Codex IDE extension). NOTE: these are different from
-/// notifications - notices are warnings, NUX screens, acknowledgements, etc.
-#[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-pub struct Notice {
-    /// Tracks whether the user has acknowledged the full access warning prompt.
-    pub hide_full_access_warning: Option<bool>,
-}
-
-impl Notice {
-    /// referenced by config_edit helpers when writing notice flags
-    pub(crate) const TABLE_KEY: &'static str = "notice";
-}
-
 #[derive(Deserialize, Debug, Clone, PartialEq, Default)]
 pub struct SandboxWorkspaceWrite {
     #[serde(default)]
@@ -511,14 +468,10 @@ mod tests {
             McpServerTransportConfig::Stdio {
                 command: "echo".to_string(),
                 args: vec![],
-                env: None,
-                env_vars: Vec::new(),
-                cwd: None,
+                env: None
             }
         );
         assert!(cfg.enabled);
-        assert!(cfg.enabled_tools.is_none());
-        assert!(cfg.disabled_tools.is_none());
     }
 
     #[test]
@@ -536,9 +489,7 @@ mod tests {
             McpServerTransportConfig::Stdio {
                 command: "echo".to_string(),
                 args: vec!["hello".to_string(), "world".to_string()],
-                env: None,
-                env_vars: Vec::new(),
-                cwd: None,
+                env: None
             }
         );
         assert!(cfg.enabled);
@@ -560,58 +511,12 @@ mod tests {
             McpServerTransportConfig::Stdio {
                 command: "echo".to_string(),
                 args: vec!["hello".to_string(), "world".to_string()],
-                env: Some(HashMap::from([("FOO".to_string(), "BAR".to_string())])),
-                env_vars: Vec::new(),
-                cwd: None,
+                env: Some(HashMap::from([("FOO".to_string(), "BAR".to_string())]))
             }
         );
         assert!(cfg.enabled);
     }
 
-    #[test]
-    fn deserialize_stdio_command_server_config_with_env_vars() {
-        let cfg: McpServerConfig = toml::from_str(
-            r#"
-            command = "echo"
-            env_vars = ["FOO", "BAR"]
-        "#,
-        )
-        .expect("should deserialize command config with env_vars");
-
-        assert_eq!(
-            cfg.transport,
-            McpServerTransportConfig::Stdio {
-                command: "echo".to_string(),
-                args: vec![],
-                env: None,
-                env_vars: vec!["FOO".to_string(), "BAR".to_string()],
-                cwd: None,
-            }
-        );
-    }
-
-    #[test]
-    fn deserialize_stdio_command_server_config_with_cwd() {
-        let cfg: McpServerConfig = toml::from_str(
-            r#"
-            command = "echo"
-            cwd = "/tmp"
-        "#,
-        )
-        .expect("should deserialize command config with cwd");
-
-        assert_eq!(
-            cfg.transport,
-            McpServerTransportConfig::Stdio {
-                command: "echo".to_string(),
-                args: vec![],
-                env: None,
-                env_vars: Vec::new(),
-                cwd: Some(PathBuf::from("/tmp")),
-            }
-        );
-    }
-
     #[test]
     fn deserialize_disabled_server_config() {
         let cfg: McpServerConfig = toml::from_str(
@@ -638,9 +543,7 @@ mod tests {
             cfg.transport,
             McpServerTransportConfig::StreamableHttp {
                 url: "https://example.com/mcp".to_string(),
-                bearer_token_env_var: None,
-                http_headers: None,
-                env_http_headers: None,
+                bearer_token_env_var: None
             }
         );
         assert!(cfg.enabled);
@@ -660,54 +563,12 @@ mod tests {
             cfg.transport,
             McpServerTransportConfig::StreamableHttp {
                 url: "https://example.com/mcp".to_string(),
-                bearer_token_env_var: Some("GITHUB_TOKEN".to_string()),
-                http_headers: None,
-                env_http_headers: None,
+                bearer_token_env_var: Some("GITHUB_TOKEN".to_string())
             }
         );
         assert!(cfg.enabled);
     }
 
-    #[test]
-    fn deserialize_streamable_http_server_config_with_headers() {
-        let cfg: McpServerConfig = toml::from_str(
-            r#"
-            url = "https://example.com/mcp"
-            http_headers = { "X-Foo" = "bar" }
-            env_http_headers = { "X-Token" = "TOKEN_ENV" }
-        "#,
-        )
-        .expect("should deserialize http config with headers");
-
-        assert_eq!(
-            cfg.transport,
-            McpServerTransportConfig::StreamableHttp {
-                url: "https://example.com/mcp".to_string(),
-                bearer_token_env_var: None,
-                http_headers: Some(HashMap::from([("X-Foo".to_string(), "bar".to_string())])),
-                env_http_headers: Some(HashMap::from([(
-                    "X-Token".to_string(),
-                    "TOKEN_ENV".to_string()
-                )])),
-            }
-        );
-    }
-
-    #[test]
-    fn deserialize_server_config_with_tool_filters() {
-        let cfg: McpServerConfig = toml::from_str(
-            r#"
-            command = "echo"
-            enabled_tools = ["allowed"]
-            disabled_tools = ["blocked"]
-        "#,
-        )
-        .expect("should deserialize tool filters");
-
-        assert_eq!(cfg.enabled_tools, Some(vec!["allowed".to_string()]));
-        assert_eq!(cfg.disabled_tools, Some(vec!["blocked".to_string()]));
-    }
-
     #[test]
     fn deserialize_rejects_command_and_url() {
         toml::from_str::<McpServerConfig>(
@@ -730,25 +591,6 @@ mod tests {
         .expect_err("should reject env for http transport");
     }
 
-    #[test]
-    fn deserialize_rejects_headers_for_stdio() {
-        toml::from_str::<McpServerConfig>(
-            r#"
-            command = "echo"
-            http_headers = { "X-Foo" = "bar" }
-        "#,
-        )
-        .expect_err("should reject http_headers for stdio transport");
-
-        toml::from_str::<McpServerConfig>(
-            r#"
-            command = "echo"
-            env_http_headers = { "X-Foo" = "BAR_ENV" }
-        "#,
-        )
-        .expect_err("should reject env_http_headers for stdio transport");
-    }
-
     #[test]
     fn deserialize_rejects_inline_bearer_token_field() {
         let err = toml::from_str::<McpServerConfig>(