clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-06-03 03:41:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
cd911bdae3bfb358d3bfed7d37f46f674de90884
codex/codex-rs/tools
History
Michael Bolin d6748f741a feat: gate unified exec zsh fork composition (#24979) 
## Why

`shell_zsh_fork` and unified exec need to remain independently
controllable for enterprise rollouts, but we also need a third mode that
composes them. That composed mode is intended to preserve unified exec
command lifecycle support while letting the zsh fork provide more
accurate `execv(2)` interception.

Enabling `unified_exec_zsh_fork` by itself is intentionally not
sufficient. It is a composition gate, not a dependency-enabling
shortcut:

- `unified_exec` selects the PTY-backed unified exec tool.
- `shell_zsh_fork` opts into the zsh fork backend.
- `unified_exec_zsh_fork` only allows those two already-enabled modes to
be composed so local zsh unified exec commands can launch through the
zsh fork.

This separation is deliberate. Enterprises and staged rollouts must be
able to enable or disable unified exec and zsh-fork independently. If
`unified_exec_zsh_fork` implied either dependency, then enabling one
under-development composition flag would silently activate a shell
backend that the configured feature set left disabled.

This PR introduces only the configuration and planning gate for that
composition. Existing `shell_zsh_fork` behavior continues to use the
standalone shell tool unless the new composition feature is explicitly
enabled alongside both dependencies.

## What Changed

- Added the under-development feature flag `unified_exec_zsh_fork`.
- Added `UnifiedExecFeatureMode` so the three input feature flags
collapse into `Disabled`, `Direct`, or `ZshFork` mode before tool
planning.
- Updated tool selection so zsh-fork composition requires
`unified_exec`, `shell_zsh_fork`, and `unified_exec_zsh_fork`.
- Kept the existing standalone zsh-fork shell tool behavior when only
`shell_zsh_fork` is enabled.
- Updated config schema output for the new feature flag.

## Verification

- Added feature and tool-config coverage for the new gate.
- Added planner coverage proving `shell_zsh_fork` remains standalone
until composition is explicitly enabled.
- Ran focused tests for `codex-features`, `codex-tools`, and the
affected `codex-core` planner case.





---
[//]: # (BEGIN SAPLING FOOTER)
Stack created with [Sapling](https://sapling-scm.com). Best reviewed
with [ReviewStack](https://reviewstack.dev/openai/codex/pull/24979).
* #24982
* #24981
* #24980
* __->__ #24979
2026-06-01 13:01:36 -07:00
..
src
feat: gate unified exec zsh fork composition (#24979)
2026-06-01 13:01:36 -07:00
tests
Update rmcp to 1.7.0 (#24763)
2026-05-27 14:52:06 -07:00
BUILD.bazel
[codex] Move tool specs into core handlers (#21416)
2026-05-06 15:40:50 -07:00
Cargo.toml
chore: add JSON schema policy fixture coverage (#24152)
2026-05-22 16:31:33 -07:00
README.md
Remove ToolsConfig from tool planning (#22835)
2026-05-19 11:24:09 +02:00

README.md

codex-tools

codex-tools is the shared support crate for building, adapting, and executing model-visible tools outside codex-core.

Today this crate owns the host-facing tool models and helpers that no longer need to live in core/src/tools/spec.rs or core/src/client_common.rs:

  • aggregate host models such as ToolSpec, ConfiguredToolSpec, LoadableToolSpec, ResponsesApiNamespace, and ResponsesApiNamespaceTool
  • host discovery models used while assembling tool sets, including discoverable-tool models and request-plugin-install helpers
  • host adapters such as schema sanitization, MCP/dynamic conversion, code-mode augmentation, and image-detail normalization
  • shared executable-tool contracts such as ToolExecutor, ToolCall, and ToolOutput

That extraction is the first step in a longer migration. The goal is not to move all of core/src/tools into this crate in one shot. Instead, the plan is to peel off reusable pieces in reviewable increments while keeping compatibility-sensitive orchestration in codex-core until the surrounding boundaries are ready.

Vision

Over time, this crate should hold host-side tool machinery that is shared by multiple consumers, for example:

  • host-visible aggregate tool models
  • tool-set planning and discovery helpers
  • MCP and dynamic-tool adaptation into Responses API shapes
  • code-mode compatibility shims that do not depend on codex-core
  • other narrowly scoped host utilities that multiple crates need

The corresponding non-goals are just as important:

  • do not move codex-core orchestration here prematurely
  • do not pull Session / TurnContext / approval flow / runtime execution logic into this crate unless those dependencies have first been split into stable shared interfaces
  • do not turn this crate into a grab-bag for unrelated helper code

Migration approach

The expected migration shape is:

  1. Keep extension-owned executable-tool authoring in codex-extension-api.
  2. Move host-side planning/adaptation helpers here when they no longer need to stay coupled to codex-core.
  3. Leave compatibility-sensitive adapters in codex-core while downstream call sites are updated.
  4. Only extract higher-level host infrastructure after the crate boundaries are clear and independently testable.

Crate conventions

This crate should start with stricter structure than core/src/tools so it stays easy to grow:

  • src/lib.rs should remain exports-only.
  • Business logic should live in named module files such as foo.rs.
  • Unit tests for foo.rs should live in a sibling foo_tests.rs.
  • The implementation file should wire tests with:
#[cfg(test)]
#[path = "foo_tests.rs"]
mod tests;

If this crate starts accumulating code that needs runtime state from codex-core, that is a sign to revisit the extraction boundary before adding more here.

Reference in New Issue View Git Blame Copy Permalink