subagents

Co-authored-by: Gabriel Peal <gpeal@users.noreply.github.com>

.github/ISSUE_TEMPLATE/5-vs-code-extension.yml

@@ -1,50 +0,0 @@
-name: 🧑‍💻 VS Code Extension
-description: Report an issue with the VS Code extension
-labels:
-  - extension
-  - needs triage
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Before submitting a new issue, please search for existing issues to see if your issue has already been reported.
-        If it has, please add a 👍 reaction (no need to leave a comment) to the existing issue instead of creating a new one.
-
-  - type: input
-    id: version
-    attributes:
-      label: What version of the VS Code extension are you using?
-  - type: input
-    id: ide
-    attributes:
-      label: Which IDE are you using?
-      description: Like `VS Code`, `Cursor`, `Windsurf`, etc.
-  - type: input
-    id: platform
-    attributes:
-      label: What platform is your computer?
-      description: |
-        For MacOS and Linux: copy the output of `uname -mprs`
-        For Windows: copy the output of `"$([Environment]::OSVersion | ForEach-Object VersionString) $(if ([Environment]::Is64BitOperatingSystem) { "x64" } else { "x86" })"` in the PowerShell console
-  - type: textarea
-    id: steps
-    attributes:
-      label: What steps can reproduce the bug?
-      description: Explain the bug and provide a code snippet that can reproduce it.
-    validations:
-      required: true
-  - type: textarea
-    id: expected
-    attributes:
-      label: What is the expected behavior?
-      description: If possible, please provide text instead of a screenshot.
-  - type: textarea
-    id: actual
-    attributes:
-      label: What do you see instead?
-      description: If possible, please provide text instead of a screenshot.
-  - type: textarea
-    id: notes
-    attributes:
-      label: Additional information
-      description: Is there anything else you think we should know?

.github/actions/codex/.gitignore

@@ -0,0 +1 @@
+/node_modules/

.github/actions/codex/.prettierrc.toml

@@ -0,0 +1,8 @@
+printWidth = 80
+quoteProps = "consistent"
+semi = true
+tabWidth = 2
+trailingComma = "all"
+
+# Preserve existing behavior for markdown/text wrapping.
+proseWrap = "preserve"

.github/actions/codex/README.md

@@ -0,0 +1,140 @@
+# openai/codex-action
+
+`openai/codex-action` is a GitHub Action that facilitates the use of [Codex](https://github.com/openai/codex) on GitHub issues and pull requests. Using the action, associate **labels** to run Codex with the appropriate prompt for the given context. Codex will respond by posting comments or creating PRs, whichever you specify!
+
+Here is a sample workflow that uses `openai/codex-action`:
+
+```yaml
+name: Codex
+
+on:
+  issues:
+    types: [opened, labeled]
+  pull_request:
+    branches: [main]
+    types: [labeled]
+
+jobs:
+  codex:
+    if: ... # optional, but can be effective in conserving CI resources
+    runs-on: ubuntu-latest
+    # TODO(mbolin): Need to verify if/when `write` is necessary.
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      # By default, Codex runs network disabled using --full-auto, so perform
+      # any setup that requires network (such as installing dependencies)
+      # before openai/codex-action.
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run Codex
+        uses: openai/codex-action@latest
+        with:
+          openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+See sample usage in [`codex.yml`](../../workflows/codex.yml).
+
+## Triggering the Action
+
+Using the sample workflow above, we have:
+
+```yaml
+on:
+  issues:
+    types: [opened, labeled]
+  pull_request:
+    branches: [main]
+    types: [labeled]
+```
+
+which means our workflow will be triggered when any of the following events occur:
+
+- a label is added to an issue
+- a label is added to a pull request against the `main` branch
+
+### Label-Based Triggers
+
+To define a GitHub label that should trigger Codex, create a file named `.github/codex/labels/LABEL-NAME.md` in your repository where `LABEL-NAME` is the name of the label. The content of the file is the prompt template to use when the label is added (see more on [Prompt Template Variables](#prompt-template-variables) below).
+
+For example, if the file `.github/codex/labels/codex-review.md` exists, then:
+
+- Adding the `codex-review` label will trigger the workflow containing the `openai/codex-action` GitHub Action.
+- When `openai/codex-action` starts, it will replace the `codex-review` label with `codex-review-in-progress`.
+- When `openai/codex-action` is finished, it will replace the `codex-review-in-progress` label with `codex-review-completed`.
+
+If Codex sees that either `codex-review-in-progress` or `codex-review-completed` is already present, it will not perform the action.
+
+As determined by the [default config](./src/default-label-config.ts), Codex will act on the following labels by default:
+
+- Adding the `codex-review` label to a pull request will have Codex review the PR and add it to the PR as a comment.
+- Adding the `codex-triage` label to an issue will have Codex investigate the issue and report its findings as a comment.
+- Adding the `codex-issue-fix` label to an issue will have Codex attempt to fix the issue and create a PR wit the fix, if any.
+
+## Action Inputs
+
+The `openai/codex-action` GitHub Action takes the following inputs
+
+### `openai_api_key` (required)
+
+Set your `OPENAI_API_KEY` as a [repository secret](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions). See **Secrets and varaibles** then **Actions** in the settings for your GitHub repo.
+
+Note that the secret name does not have to be `OPENAI_API_KEY`. For example, you might want to name it `CODEX_OPENAI_API_KEY` and then configure it on `openai/codex-action` as follows:
+
+```yaml
+openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
+```
+
+### `github_token` (required)
+
+This is required so that Codex can post a comment or create a PR. Set this value on the action as follows:
+
+```yaml
+github_token: ${{ secrets.GITHUB_TOKEN }}
+```
+
+### `codex_args`
+
+A whitespace-delimited list of arguments to pass to Codex. Defaults to `--full-auto`, but if you want to override the default model to use `o3`:
+
+```yaml
+codex_args: "--full-auto --model o3"
+```
+
+For more complex configurations, use the `codex_home` input.
+
+### `codex_home`
+
+If set, the value to use for the `$CODEX_HOME` environment variable when running Codex. As explained [in the docs](https://github.com/openai/codex/tree/main/codex-rs#readme), this folder can contain the `config.toml` to configure Codex, custom instructions, and log files.
+
+This should be a relative path within your repo.
+
+## Prompt Template Variables
+
+As shown above, `"prompt"` and `"promptPath"` are used to define prompt templates that will be populated and passed to Codex in response to certain events. All template variables are of the form `{CODEX_ACTION_...}` and the supported values are defined below.
+
+### `CODEX_ACTION_ISSUE_TITLE`
+
+If the action was triggered on a GitHub issue, this is the issue title.
+
+Specifically it is read as the `.issue.title` from the `$GITHUB_EVENT_PATH`.
+
+### `CODEX_ACTION_ISSUE_BODY`
+
+If the action was triggered on a GitHub issue, this is the issue body.
+
+Specifically it is read as the `.issue.body` from the `$GITHUB_EVENT_PATH`.
+
+### `CODEX_ACTION_GITHUB_EVENT_PATH`
+
+The value of the `$GITHUB_EVENT_PATH` environment variable, which is the path to the file that contains the JSON payload for the event that triggered the workflow. Codex can use `jq` to read only the fields of interest from this file.
+
+### `CODEX_ACTION_PR_DIFF`
+
+If the action was triggered on a pull request, this is the diff between the base and head commits of the PR. It is the output from `git diff`.
+
+Note that the content of the diff could be quite large, so is generally safer to point Codex at `CODEX_ACTION_GITHUB_EVENT_PATH` and let it decide how it wants to explore the change.

.github/actions/codex/action.yml

@@ -0,0 +1,125 @@
+name: "Codex [reusable action]"
+description: "A reusable action that runs a Codex model."
+
+inputs:
+  openai_api_key:
+    description: "The value to use as the OPENAI_API_KEY environment variable when running Codex."
+    required: true
+  trigger_phrase:
+    description: "Text to trigger Codex from a PR/issue body or comment."
+    required: false
+    default: ""
+  github_token:
+    description: "Token so Codex can comment on the PR or issue."
+    required: true
+  codex_args:
+    description: "A whitespace-delimited list of arguments to pass to Codex. Due to limitations in YAML, arguments with spaces are not supported. For more complex configurations, use the `codex_home` input."
+    required: false
+    default: "--config hide_agent_reasoning=true --full-auto"
+  codex_home:
+    description: "Value to use as the CODEX_HOME environment variable when running Codex."
+    required: false
+  codex_release_tag:
+    description: "The release tag of the Codex model to run, e.g., 'rust-v0.3.0'. Defaults to the latest release."
+    required: false
+    default: ""
+
+runs:
+  using: "composite"
+  steps:
+    # Do this in Bash so we do not even bother to install Bun if the sender does
+    # not have write access to the repo.
+    - name: Verify user has write access to the repo.
+      env:
+        GH_TOKEN: ${{ github.token }}
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        PERMISSION=$(gh api \
+          "/repos/${GITHUB_REPOSITORY}/collaborators/${{ github.event.sender.login }}/permission" \
+          | jq -r '.permission')
+
+        if [[ "$PERMISSION" != "admin" && "$PERMISSION" != "write" ]]; then
+          exit 1
+        fi
+
+    - name: Download Codex
+      env:
+        GH_TOKEN: ${{ github.token }}
+      shell: bash
+      run: |
+        set -euo pipefail
+
+        # Determine OS/arch and corresponding Codex artifact name.
+        uname_s=$(uname -s)
+        uname_m=$(uname -m)
+
+        case "$uname_s" in
+          Linux*)   os="linux" ;;
+          Darwin*)  os="apple-darwin" ;;
+          *) echo "Unsupported operating system: $uname_s"; exit 1 ;;
+        esac
+
+        case "$uname_m" in
+          x86_64*) arch="x86_64" ;;
+          arm64*|aarch64*) arch="aarch64" ;;
+          *) echo "Unsupported architecture: $uname_m"; exit 1 ;;
+        esac
+
+        # linux builds differentiate between musl and gnu.
+        if [[ "$os" == "linux" ]]; then
+          if [[ "$arch" == "x86_64" ]]; then
+            triple="${arch}-unknown-linux-musl"
+          else
+            # Only other supported linux build is aarch64 gnu.
+            triple="${arch}-unknown-linux-gnu"
+          fi
+        else
+          # macOS
+          triple="${arch}-apple-darwin"
+        fi
+
+        # Note that if we start baking version numbers into the artifact name,
+        # we will need to update this action.yml file to match.
+        artifact="codex-${triple}.tar.gz"
+
+        TAG_ARG="${{ inputs.codex_release_tag }}"
+        # The usage is `gh release download [<tag>] [flags]`, so if TAG_ARG
+        # is empty, we do not pass it so we can default to the latest release.
+        gh release download ${TAG_ARG:+$TAG_ARG} --repo openai/codex \
+          --pattern "$artifact" --output - \
+        | tar xzO > /usr/local/bin/codex
+        chmod +x /usr/local/bin/codex
+
+        # Display Codex version to confirm binary integrity.
+        codex --version
+
+    - name: Install Bun
+      uses: oven-sh/setup-bun@v2
+      with:
+        bun-version: 1.2.11
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        cd ${{ github.action_path }}
+        bun install --production
+
+    - name: Run Codex
+      shell: bash
+      run: bun run ${{ github.action_path }}/src/main.ts
+      # Process args plus environment variables often have a max of 128 KiB,
+      # so we should fit within that limit?
+      env:
+        INPUT_CODEX_ARGS: ${{ inputs.codex_args || '' }}
+        INPUT_CODEX_HOME: ${{ inputs.codex_home || ''}}
+        INPUT_TRIGGER_PHRASE: ${{ inputs.trigger_phrase || '' }}
+        OPENAI_API_KEY: ${{ inputs.openai_api_key }}
+        GITHUB_TOKEN: ${{ inputs.github_token }}
+        GITHUB_EVENT_ACTION: ${{ github.event.action || '' }}
+        GITHUB_EVENT_LABEL_NAME: ${{ github.event.label.name || '' }}
+        GITHUB_EVENT_ISSUE_NUMBER: ${{ github.event.issue.number || '' }}
+        GITHUB_EVENT_ISSUE_BODY: ${{ github.event.issue.body || '' }}
+        GITHUB_EVENT_REVIEW_BODY: ${{ github.event.review.body || '' }}
+        GITHUB_EVENT_COMMENT_BODY: ${{ github.event.comment.body || '' }}

.github/actions/codex/bun.lock

@@ -0,0 +1,91 @@
+{
+  "lockfileVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "codex-action",
+      "dependencies": {
+        "@actions/core": "^1.11.1",
+        "@actions/github": "^6.0.1",
+      },
+      "devDependencies": {
+        "@types/bun": "^1.2.20",
+        "@types/node": "^24.3.0",
+        "prettier": "^3.6.2",
+        "typescript": "^5.9.2",
+      },
+    },
+  },
+  "packages": {
+    "@actions/core": ["@actions/core@1.11.1", "", { "dependencies": { "@actions/exec": "^1.1.1", "@actions/http-client": "^2.0.1" } }, "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A=="],
+
+    "@actions/exec": ["@actions/exec@1.1.1", "", { "dependencies": { "@actions/io": "^1.0.1" } }, "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w=="],
+
+    "@actions/github": ["@actions/github@6.0.1", "", { "dependencies": { "@actions/http-client": "^2.2.0", "@octokit/core": "^5.0.1", "@octokit/plugin-paginate-rest": "^9.2.2", "@octokit/plugin-rest-endpoint-methods": "^10.4.0", "@octokit/request": "^8.4.1", "@octokit/request-error": "^5.1.1", "undici": "^5.28.5" } }, "sha512-xbZVcaqD4XnQAe35qSQqskb3SqIAfRyLBrHMd/8TuL7hJSz2QtbDwnNM8zWx4zO5l2fnGtseNE3MbEvD7BxVMw=="],
+
+    "@actions/http-client": ["@actions/http-client@2.2.3", "", { "dependencies": { "tunnel": "^0.0.6", "undici": "^5.25.4" } }, "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA=="],
+
+    "@actions/io": ["@actions/io@1.1.3", "", {}, "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q=="],
+
+    "@fastify/busboy": ["@fastify/busboy@2.1.1", "", {}, "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA=="],
+
+    "@octokit/auth-token": ["@octokit/auth-token@4.0.0", "", {}, "sha512-tY/msAuJo6ARbK6SPIxZrPBms3xPbfwBrulZe0Wtr/DIY9lje2HeV1uoebShn6mx7SjCHif6EjMvoREj+gZ+SA=="],
+
+    "@octokit/core": ["@octokit/core@5.2.1", "", { "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", "@octokit/request": "^8.4.1", "@octokit/request-error": "^5.1.1", "@octokit/types": "^13.0.0", "before-after-hook": "^2.2.0", "universal-user-agent": "^6.0.0" } }, "sha512-dKYCMuPO1bmrpuogcjQ8z7ICCH3FP6WmxpwC03yjzGfZhj9fTJg6+bS1+UAplekbN2C+M61UNllGOOoAfGCrdQ=="],
+
+    "@octokit/endpoint": ["@octokit/endpoint@9.0.6", "", { "dependencies": { "@octokit/types": "^13.1.0", "universal-user-agent": "^6.0.0" } }, "sha512-H1fNTMA57HbkFESSt3Y9+FBICv+0jFceJFPWDePYlR/iMGrwM5ph+Dd4XRQs+8X+PUFURLQgX9ChPfhJ/1uNQw=="],
+
+    "@octokit/graphql": ["@octokit/graphql@7.1.1", "", { "dependencies": { "@octokit/request": "^8.4.1", "@octokit/types": "^13.0.0", "universal-user-agent": "^6.0.0" } }, "sha512-3mkDltSfcDUoa176nlGoA32RGjeWjl3K7F/BwHwRMJUW/IteSa4bnSV8p2ThNkcIcZU2umkZWxwETSSCJf2Q7g=="],
+
+    "@octokit/openapi-types": ["@octokit/openapi-types@24.2.0", "", {}, "sha512-9sIH3nSUttelJSXUrmGzl7QUBFul0/mB8HRYl3fOlgHbIWG+WnYDXU3v/2zMtAvuzZ/ed00Ei6on975FhBfzrg=="],
+
+    "@octokit/plugin-paginate-rest": ["@octokit/plugin-paginate-rest@9.2.2", "", { "dependencies": { "@octokit/types": "^12.6.0" }, "peerDependencies": { "@octokit/core": "5" } }, "sha512-u3KYkGF7GcZnSD/3UP0S7K5XUFT2FkOQdcfXZGZQPGv3lm4F2Xbf71lvjldr8c1H3nNbF+33cLEkWYbokGWqiQ=="],
+
+    "@octokit/plugin-rest-endpoint-methods": ["@octokit/plugin-rest-endpoint-methods@10.4.1", "", { "dependencies": { "@octokit/types": "^12.6.0" }, "peerDependencies": { "@octokit/core": "5" } }, "sha512-xV1b+ceKV9KytQe3zCVqjg+8GTGfDYwaT1ATU5isiUyVtlVAO3HNdzpS4sr4GBx4hxQ46s7ITtZrAsxG22+rVg=="],
+
+    "@octokit/request": ["@octokit/request@8.4.1", "", { "dependencies": { "@octokit/endpoint": "^9.0.6", "@octokit/request-error": "^5.1.1", "@octokit/types": "^13.1.0", "universal-user-agent": "^6.0.0" } }, "sha512-qnB2+SY3hkCmBxZsR/MPCybNmbJe4KAlfWErXq+rBKkQJlbjdJeS85VI9r8UqeLYLvnAenU8Q1okM/0MBsAGXw=="],
+
+    "@octokit/request-error": ["@octokit/request-error@5.1.1", "", { "dependencies": { "@octokit/types": "^13.1.0", "deprecation": "^2.0.0", "once": "^1.4.0" } }, "sha512-v9iyEQJH6ZntoENr9/yXxjuezh4My67CBSu9r6Ve/05Iu5gNgnisNWOsoJHTP6k0Rr0+HQIpnH+kyammu90q/g=="],
+
+    "@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
+
+    "@types/bun": ["@types/bun@1.2.20", "", { "dependencies": { "bun-types": "1.2.20" } }, "sha512-dX3RGzQ8+KgmMw7CsW4xT5ITBSCrSbfHc36SNT31EOUg/LA9JWq0VDdEXDRSe1InVWpd2yLUM1FUF/kEOyTzYA=="],
+
+    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
+
+    "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
+
+    "before-after-hook": ["before-after-hook@2.2.3", "", {}, "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="],
+
+    "bun-types": ["bun-types@1.2.20", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-pxTnQYOrKvdOwyiyd/7sMt9yFOenN004Y6O4lCcCUoKVej48FS5cvTw9geRaEcB9TsDZaJKAxPTVvi8tFsVuXA=="],
+
+    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],
+
+    "deprecation": ["deprecation@2.3.1", "", {}, "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="],
+
+    "once": ["once@1.4.0", "", { "dependencies": { "wrappy": "1" } }, "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w=="],
+
+    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
+
+    "tunnel": ["tunnel@0.0.6", "", {}, "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="],
+
+    "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
+
+    "undici": ["undici@5.29.0", "", { "dependencies": { "@fastify/busboy": "^2.0.0" } }, "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg=="],
+
+    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],
+
+    "universal-user-agent": ["universal-user-agent@6.0.1", "", {}, "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ=="],
+
+    "wrappy": ["wrappy@1.0.2", "", {}, "sha512-l4Sp/DRseor9wL6EvV2+TuQn63dMkPjZ/sp9XkghTEbV9KlPS1xUsZ3u7/IQO4wxtcFB4bgpQPRcR3QCvezPcQ=="],
+
+    "@octokit/plugin-paginate-rest/@octokit/types": ["@octokit/types@12.6.0", "", { "dependencies": { "@octokit/openapi-types": "^20.0.0" } }, "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw=="],
+
+    "@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@12.6.0", "", { "dependencies": { "@octokit/openapi-types": "^20.0.0" } }, "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw=="],
+
+    "bun-types/@types/node": ["@types/node@24.2.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-DRh5K+ka5eJic8CjH7td8QpYEV6Zo10gfRkjHCO3weqZHWDtAaSTFtl4+VMqOJ4N5jcuhZ9/l+yy8rVgw7BQeQ=="],
+
+    "@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],
+
+    "@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],
+  }
+}

.github/actions/codex/package.json

@@ -0,0 +1,21 @@
+{
+    "name": "codex-action",
+    "version": "0.0.0",
+    "private": true,
+    "scripts": {
+        "format": "prettier --check src",
+        "format:fix": "prettier --write src",
+        "test": "bun test",
+        "typecheck": "tsc"
+    },
+    "dependencies": {
+        "@actions/core": "^1.11.1",
+        "@actions/github": "^6.0.1"
+    },
+    "devDependencies": {
+        "@types/bun": "^1.2.20",
+        "@types/node": "^24.3.0",
+        "prettier": "^3.6.2",
+        "typescript": "^5.9.2"
+    }
+}

.github/actions/codex/src/add-reaction.ts

@@ -0,0 +1,85 @@
+import * as github from "@actions/github";
+import type { EnvContext } from "./env-context";
+
+/**
+ * Add an "eyes" reaction to the entity (issue, issue comment, or pull request
+ * review comment) that triggered the current Codex invocation.
+ *
+ * The purpose is to provide immediate feedback to the user – similar to the
+ * *-in-progress label flow – indicating that the bot has acknowledged the
+ * request and is working on it.
+ *
+ * We attempt to add the reaction best suited for the current GitHub event:
+ *
+ *   • issues              → POST /repos/{owner}/{repo}/issues/{issue_number}/reactions
+ *   • issue_comment       → POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions
+ *   • pull_request_review_comment → POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions
+ *
+ * If the specific target is unavailable (e.g. unexpected payload shape) we
+ * silently skip instead of failing the whole action because the reaction is
+ * merely cosmetic.
+ */
+export async function addEyesReaction(ctx: EnvContext): Promise<void> {
+  const octokit = ctx.getOctokit();
+  const { owner, repo } = github.context.repo;
+  const eventName = github.context.eventName;
+
+  try {
+    switch (eventName) {
+      case "issue_comment": {
+        const commentId = (github.context.payload as any)?.comment?.id;
+        if (commentId) {
+          await octokit.rest.reactions.createForIssueComment({
+            owner,
+            repo,
+            comment_id: commentId,
+            content: "eyes",
+          });
+          return;
+        }
+        break;
+      }
+      case "pull_request_review_comment": {
+        const commentId = (github.context.payload as any)?.comment?.id;
+        if (commentId) {
+          await octokit.rest.reactions.createForPullRequestReviewComment({
+            owner,
+            repo,
+            comment_id: commentId,
+            content: "eyes",
+          });
+          return;
+        }
+        break;
+      }
+      case "issues": {
+        const issueNumber = github.context.issue.number;
+        if (issueNumber) {
+          await octokit.rest.reactions.createForIssue({
+            owner,
+            repo,
+            issue_number: issueNumber,
+            content: "eyes",
+          });
+          return;
+        }
+        break;
+      }
+      default: {
+        // Fallback: try to react to the issue/PR if we have a number.
+        const issueNumber = github.context.issue.number;
+        if (issueNumber) {
+          await octokit.rest.reactions.createForIssue({
+            owner,
+            repo,
+            issue_number: issueNumber,
+            content: "eyes",
+          });
+        }
+      }
+    }
+  } catch (error) {
+    // Do not fail the action if reaction creation fails – log and continue.
+    console.warn(`Failed to add \"eyes\" reaction: ${error}`);
+  }
+}

.github/actions/codex/src/comment.ts

@@ -0,0 +1,53 @@
+import type { EnvContext } from "./env-context";
+import { runCodex } from "./run-codex";
+import { postComment } from "./post-comment";
+import { addEyesReaction } from "./add-reaction";
+
+/**
+ * Handle `issue_comment` and `pull_request_review_comment` events once we know
+ * the action is supported.
+ */
+export async function onComment(ctx: EnvContext): Promise<void> {
+  const triggerPhrase = ctx.tryGet("INPUT_TRIGGER_PHRASE");
+  if (!triggerPhrase) {
+    console.warn("Empty trigger phrase: skipping.");
+    return;
+  }
+
+  // Attempt to get the body of the comment from the environment. Depending on
+  // the event type either `GITHUB_EVENT_COMMENT_BODY` (issue & PR comments) or
+  // `GITHUB_EVENT_REVIEW_BODY` (PR reviews) is set.
+  const commentBody =
+    ctx.tryGetNonEmpty("GITHUB_EVENT_COMMENT_BODY") ??
+    ctx.tryGetNonEmpty("GITHUB_EVENT_REVIEW_BODY") ??
+    ctx.tryGetNonEmpty("GITHUB_EVENT_ISSUE_BODY");
+
+  if (!commentBody) {
+    console.warn("Comment body not found in environment: skipping.");
+    return;
+  }
+
+  // Check if the trigger phrase is present.
+  if (!commentBody.includes(triggerPhrase)) {
+    console.log(
+      `Trigger phrase '${triggerPhrase}' not found: nothing to do for this comment.`,
+    );
+    return;
+  }
+
+  // Derive the prompt by removing the trigger phrase. Remove only the first
+  // occurrence to keep any additional occurrences that might be meaningful.
+  const prompt = commentBody.replace(triggerPhrase, "").trim();
+
+  if (prompt.length === 0) {
+    console.warn("Prompt is empty after removing trigger phrase: skipping");
+    return;
+  }
+
+  // Provide immediate feedback that we are working on the request.
+  await addEyesReaction(ctx);
+
+  // Run Codex and post the response as a new comment.
+  const lastMessage = await runCodex(prompt, ctx);
+  await postComment(lastMessage, ctx);
+}

.github/actions/codex/src/config.ts

@@ -0,0 +1,11 @@
+import { readdirSync, statSync } from "fs";
+import * as path from "path";
+
+export interface Config {
+  labels: Record<string, LabelConfig>;
+}
+
+export interface LabelConfig {
+  /** Returns the prompt template. */
+  getPromptTemplate(): string;
+}

.github/actions/codex/src/default-label-config.ts

@@ -0,0 +1,44 @@
+import type { Config } from "./config";
+
+export function getDefaultConfig(): Config {
+  return {
+    labels: {
+      "codex-investigate-issue": {
+        getPromptTemplate: () =>
+          `
+Troubleshoot whether the reported issue is valid.
+
+Provide a concise and respectful comment summarizing the findings.
+
+### {CODEX_ACTION_ISSUE_TITLE}
+
+{CODEX_ACTION_ISSUE_BODY}
+`.trim(),
+      },
+      "codex-code-review": {
+        getPromptTemplate: () =>
+          `
+Review this PR and respond with a very concise final message, formatted in Markdown.
+
+There should be a summary of the changes (1-2 sentences) and a few bullet points if necessary.
+
+Then provide the **review** (1-2 sentences plus bullet points, friendly tone).
+
+{CODEX_ACTION_GITHUB_EVENT_PATH} contains the JSON that triggered this GitHub workflow. It contains the \`base\` and \`head\` refs that define this PR. Both refs are available locally.
+`.trim(),
+      },
+      "codex-attempt-fix": {
+        getPromptTemplate: () =>
+          `
+Attempt to solve the reported issue.
+
+If a code change is required, create a new branch, commit the fix, and open a pull-request that resolves the problem.
+
+### {CODEX_ACTION_ISSUE_TITLE}
+
+{CODEX_ACTION_ISSUE_BODY}
+`.trim(),
+      },
+    },
+  };
+}

.github/actions/codex/src/env-context.ts

@@ -0,0 +1,116 @@
+/*
+ * Centralised access to environment variables used by the Codex GitHub
+ * Action.
+ *
+ * To enable proper unit-testing we avoid reading from `process.env` at module
+ * initialisation time.  Instead a `EnvContext` object is created (usually from
+ * the real `process.env`) and passed around explicitly or – where that is not
+ * yet practical – imported as the shared `defaultContext` singleton. Tests can
+ * create their own context backed by a stubbed map of variables without having
+ * to mutate global state.
+ */
+
+import { fail } from "./fail";
+import * as github from "@actions/github";
+
+export interface EnvContext {
+  /**
+   * Return the value for a given environment variable or terminate the action
+   * via `fail` if it is missing / empty.
+   */
+  get(name: string): string;
+
+  /**
+   * Attempt to read an environment variable. Returns the value when present;
+   * otherwise returns undefined (does not call `fail`).
+   */
+  tryGet(name: string): string | undefined;
+
+  /**
+   * Attempt to read an environment variable. Returns non-empty string value or
+   * null if unset or empty string.
+   */
+  tryGetNonEmpty(name: string): string | null;
+
+  /**
+   * Return a memoised Octokit instance authenticated via the token resolved
+   * from the provided argument (when defined) or the environment variables
+   * `GITHUB_TOKEN`/`GH_TOKEN`.
+   *
+   * Subsequent calls return the same cached instance to avoid spawning
+   * multiple REST clients within a single action run.
+   */
+  getOctokit(token?: string): ReturnType<typeof github.getOctokit>;
+}
+
+/** Internal helper – *not* exported. */
+function _getRequiredEnv(
+  name: string,
+  env: Record<string, string | undefined>,
+): string | undefined {
+  const value = env[name];
+
+  // Avoid leaking secrets into logs while still logging non-secret variables.
+  if (name.endsWith("KEY") || name.endsWith("TOKEN")) {
+    if (value) {
+      console.log(`value for ${name} was found`);
+    }
+  } else {
+    console.log(`${name}=${value}`);
+  }
+
+  return value;
+}
+
+/** Create a context backed by the supplied environment map (defaults to `process.env`). */
+export function createEnvContext(
+  env: Record<string, string | undefined> = process.env,
+): EnvContext {
+  // Lazily instantiated Octokit client – shared across this context.
+  let cachedOctokit: ReturnType<typeof github.getOctokit> | null = null;
+
+  return {
+    get(name: string): string {
+      const value = _getRequiredEnv(name, env);
+      if (value == null) {
+        fail(`Missing required environment variable: ${name}`);
+      }
+      return value;
+    },
+
+    tryGet(name: string): string | undefined {
+      return _getRequiredEnv(name, env);
+    },
+
+    tryGetNonEmpty(name: string): string | null {
+      const value = _getRequiredEnv(name, env);
+      return value == null || value === "" ? null : value;
+    },
+
+    getOctokit(token?: string) {
+      if (cachedOctokit) {
+        return cachedOctokit;
+      }
+
+      // Determine the token to authenticate with.
+      const githubToken = token ?? env["GITHUB_TOKEN"] ?? env["GH_TOKEN"];
+
+      if (!githubToken) {
+        fail(
+          "Unable to locate a GitHub token. `github_token` should have been set on the action.",
+        );
+      }
+
+      cachedOctokit = github.getOctokit(githubToken!);
+      return cachedOctokit;
+    },
+  };
+}
+
+/**
+ * Shared context built from the actual `process.env`.  Production code that is
+ * not yet refactored to receive a context explicitly may import and use this
+ * singleton.  Tests should avoid the singleton and instead pass their own
+ * context to the functions they exercise.
+ */
+export const defaultContext: EnvContext = createEnvContext();

.github/actions/codex/src/fail.ts

@@ -0,0 +1,4 @@
+export function fail(message: string): never {
+  console.error(message);
+  process.exit(1);
+}

.github/actions/codex/src/git-helpers.ts

@@ -0,0 +1,149 @@
+import { spawnSync } from "child_process";
+import * as github from "@actions/github";
+import { EnvContext } from "./env-context";
+
+function runGit(args: string[], silent = true): string {
+  console.info(`Running git ${args.join(" ")}`);
+  const res = spawnSync("git", args, {
+    encoding: "utf8",
+    stdio: silent ? ["ignore", "pipe", "pipe"] : "inherit",
+  });
+  if (res.error) {
+    throw res.error;
+  }
+  if (res.status !== 0) {
+    // Return stderr so caller may handle; else throw.
+    throw new Error(
+      `git ${args.join(" ")} failed with code ${res.status}: ${res.stderr}`,
+    );
+  }
+  return res.stdout.trim();
+}
+
+function stageAllChanges() {
+  runGit(["add", "-A"]);
+}
+
+function hasStagedChanges(): boolean {
+  const res = spawnSync("git", ["diff", "--cached", "--quiet", "--exit-code"]);
+  return res.status !== 0;
+}
+
+function ensureOnBranch(
+  issueNumber: number,
+  protectedBranches: string[],
+  suggestedSlug?: string,
+): string {
+  let branch = "";
+  try {
+    branch = runGit(["symbolic-ref", "--short", "-q", "HEAD"]);
+  } catch {
+    branch = "";
+  }
+
+  // If detached HEAD or on a protected branch, create a new branch.
+  if (!branch || protectedBranches.includes(branch)) {
+    if (suggestedSlug) {
+      const safeSlug = suggestedSlug
+        .toLowerCase()
+        .replace(/[^\w\s-]/g, "")
+        .trim()
+        .replace(/\s+/g, "-");
+      branch = `codex-fix-${issueNumber}-${safeSlug}`;
+    } else {
+      branch = `codex-fix-${issueNumber}-${Date.now()}`;
+    }
+    runGit(["switch", "-c", branch]);
+  }
+  return branch;
+}
+
+function commitIfNeeded(issueNumber: number) {
+  if (hasStagedChanges()) {
+    runGit([
+      "commit",
+      "-m",
+      `fix: automated fix for #${issueNumber} via Codex`,
+    ]);
+  }
+}
+
+function pushBranch(branch: string, githubToken: string, ctx: EnvContext) {
+  const repoSlug = ctx.get("GITHUB_REPOSITORY"); // owner/repo
+  const remoteUrl = `https://x-access-token:${githubToken}@github.com/${repoSlug}.git`;
+
+  runGit(["push", "--force-with-lease", "-u", remoteUrl, `HEAD:${branch}`]);
+}
+
+/**
+ * If this returns a string, it is the URL of the created PR.
+ */
+export async function maybePublishPRForIssue(
+  issueNumber: number,
+  lastMessage: string,
+  ctx: EnvContext,
+): Promise<string | undefined> {
+  // Only proceed if GITHUB_TOKEN available.
+  const githubToken =
+    ctx.tryGetNonEmpty("GITHUB_TOKEN") ?? ctx.tryGetNonEmpty("GH_TOKEN");
+  if (!githubToken) {
+    console.warn("No GitHub token - skipping PR creation.");
+    return undefined;
+  }
+
+  // Print `git status` for debugging.
+  runGit(["status"]);
+
+  // Stage any remaining changes so they can be committed and pushed.
+  stageAllChanges();
+
+  const octokit = ctx.getOctokit(githubToken);
+
+  const { owner, repo } = github.context.repo;
+
+  // Determine default branch to treat as protected.
+  let defaultBranch = "main";
+  try {
+    const repoInfo = await octokit.rest.repos.get({ owner, repo });
+    defaultBranch = repoInfo.data.default_branch ?? "main";
+  } catch (e) {
+    console.warn(`Failed to get default branch, assuming 'main': ${e}`);
+  }
+
+  const sanitizedMessage = lastMessage.replace(/\u2022/g, "-");
+  const [summaryLine] = sanitizedMessage.split(/\r?\n/);
+  const branch = ensureOnBranch(issueNumber, [defaultBranch, "master"], summaryLine);
+  commitIfNeeded(issueNumber);
+  pushBranch(branch, githubToken, ctx);
+
+  // Try to find existing PR for this branch
+  const headParam = `${owner}:${branch}`;
+  const existing = await octokit.rest.pulls.list({
+    owner,
+    repo,
+    head: headParam,
+    state: "open",
+  });
+  if (existing.data.length > 0) {
+    return existing.data[0].html_url;
+  }
+
+  // Determine base branch (default to main)
+  let baseBranch = "main";
+  try {
+    const repoInfo = await octokit.rest.repos.get({ owner, repo });
+    baseBranch = repoInfo.data.default_branch ?? "main";
+  } catch (e) {
+    console.warn(`Failed to get default branch, assuming 'main': ${e}`);
+  }
+
+  const pr = await octokit.rest.pulls.create({
+    owner,
+    repo,
+    title: summaryLine,
+    head: branch,
+    base: baseBranch,
+    body: sanitizedMessage,
+  });
+  return pr.data.html_url;
+}

.github/actions/codex/src/git-user.ts

@@ -0,0 +1,16 @@
+export function setGitHubActionsUser(): void {
+  const commands = [
+    ["git", "config", "--global", "user.name", "github-actions[bot]"],
+    [
+      "git",
+      "config",
+      "--global",
+      "user.email",
+      "41898282+github-actions[bot]@users.noreply.github.com",
+    ],
+  ];
+
+  for (const command of commands) {
+    Bun.spawnSync(command);
+  }
+}

.github/actions/codex/src/github-workspace.ts

@@ -0,0 +1,11 @@
+import * as pathMod from "path";
+import { EnvContext } from "./env-context";
+
+export function resolveWorkspacePath(path: string, ctx: EnvContext): string {
+  if (pathMod.isAbsolute(path)) {
+    return path;
+  } else {
+    const workspace = ctx.get("GITHUB_WORKSPACE");
+    return pathMod.join(workspace, path);
+  }
+}

.github/actions/codex/src/load-config.ts

@@ -0,0 +1,56 @@
+import type { Config, LabelConfig } from "./config";
+
+import { getDefaultConfig } from "./default-label-config";
+import { readFileSync, readdirSync, statSync } from "fs";
+import * as path from "path";
+
+/**
+ * Build an in-memory configuration object by scanning the repository for
+ * Markdown templates located in `.github/codex/labels`.
+ *
+ * Each `*.md` file in that directory represents a label that can trigger the
+ * Codex GitHub Action. The filename **without** the extension is interpreted
+ * as the label name, e.g. `codex-review.md` ➜ `codex-review`.
+ *
+ * For every such label we derive the corresponding `doneLabel` by appending
+ * the suffix `-completed`.
+ */
+export function loadConfig(workspace: string): Config {
+  const labelsDir = path.join(workspace, ".github", "codex", "labels");
+
+  let entries: string[];
+  try {
+    entries = readdirSync(labelsDir);
+  } catch {
+    // If the directory is missing, return the default configuration.
+    return getDefaultConfig();
+  }
+
+  const labels: Record<string, LabelConfig> = {};
+
+  for (const entry of entries) {
+    if (!entry.endsWith(".md")) {
+      continue;
+    }
+
+    const fullPath = path.join(labelsDir, entry);
+
+    if (!statSync(fullPath).isFile()) {
+      continue;
+    }
+
+    const labelName = entry.slice(0, -3); // trim ".md"
+
+    labels[labelName] = new FileLabelConfig(fullPath);
+  }
+
+  return { labels };
+}
+
+class FileLabelConfig implements LabelConfig {
+  constructor(private readonly promptPath: string) {}
+
+  getPromptTemplate(): string {
+    return readFileSync(this.promptPath, "utf8");
+  }
+}

.github/actions/codex/src/main.ts

@@ -0,0 +1,80 @@
+#!/usr/bin/env bun
+
+import type { Config } from "./config";
+
+import { defaultContext, EnvContext } from "./env-context";
+import { loadConfig } from "./load-config";
+import { setGitHubActionsUser } from "./git-user";
+import { onLabeled } from "./process-label";
+import { ensureBaseAndHeadCommitsForPRAreAvailable } from "./prompt-template";
+import { performAdditionalValidation } from "./verify-inputs";
+import { onComment } from "./comment";
+import { onReview } from "./review";
+
+async function main(): Promise<void> {
+  const ctx: EnvContext = defaultContext;
+
+  // Build the configuration dynamically by scanning `.github/codex/labels`.
+  const GITHUB_WORKSPACE = ctx.get("GITHUB_WORKSPACE");
+  const config: Config = loadConfig(GITHUB_WORKSPACE);
+
+  // Optionally perform additional validation of prompt template files.
+  performAdditionalValidation(config, GITHUB_WORKSPACE);
+
+  const GITHUB_EVENT_NAME = ctx.get("GITHUB_EVENT_NAME");
+  const GITHUB_EVENT_ACTION = ctx.get("GITHUB_EVENT_ACTION");
+
+  // Set user.name and user.email to a bot before Codex runs, just in case it
+  // creates a commit.
+  setGitHubActionsUser();
+
+  switch (GITHUB_EVENT_NAME) {
+    case "issues": {
+      if (GITHUB_EVENT_ACTION === "labeled") {
+        await onLabeled(config, ctx);
+        return;
+      } else if (GITHUB_EVENT_ACTION === "opened") {
+        await onComment(ctx);
+        return;
+      }
+      break;
+    }
+    case "issue_comment": {
+      if (GITHUB_EVENT_ACTION === "created") {
+        await onComment(ctx);
+        return;
+      }
+      break;
+    }
+    case "pull_request": {
+      if (GITHUB_EVENT_ACTION === "labeled") {
+        await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
+        await onLabeled(config, ctx);
+        return;
+      }
+      break;
+    }
+    case "pull_request_review": {
+      await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
+      if (GITHUB_EVENT_ACTION === "submitted") {
+        await onReview(ctx);
+        return;
+      }
+      break;
+    }
+    case "pull_request_review_comment": {
+      await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
+      if (GITHUB_EVENT_ACTION === "created") {
+        await onComment(ctx);
+        return;
+      }
+      break;
+    }
+  }
+
+  console.warn(
+    `Unsupported action '${GITHUB_EVENT_ACTION}' for event '${GITHUB_EVENT_NAME}'.`,
+  );
+}
+
+main();

.github/actions/codex/src/post-comment.ts

@@ -0,0 +1,62 @@
+import { fail } from "./fail";
+import * as github from "@actions/github";
+import { EnvContext } from "./env-context";
+
+/**
+ * Post a comment to the issue / pull request currently in scope.
+ *
+ * Provide the environment context so that token lookup (inside getOctokit) does
+ * not rely on global state.
+ */
+export async function postComment(
+  commentBody: string,
+  ctx: EnvContext,
+): Promise<void> {
+  // Append a footer with a link back to the workflow run, if available.
+  const footer = buildWorkflowRunFooter(ctx);
+  const bodyWithFooter = footer ? `${commentBody}${footer}` : commentBody;
+
+  const octokit = ctx.getOctokit();
+  console.info("Got Octokit instance for posting comment");
+  const { owner, repo } = github.context.repo;
+  const issueNumber = github.context.issue.number;
+
+  if (!issueNumber) {
+    console.warn(
+      "No issue or pull_request number found in GitHub context; skipping comment creation.",
+    );
+    return;
+  }
+
+  try {
+    console.info("Calling octokit.rest.issues.createComment()");
+    await octokit.rest.issues.createComment({
+      owner,
+      repo,
+      issue_number: issueNumber,
+      body: bodyWithFooter,
+    });
+  } catch (error) {
+    fail(`Failed to create comment via GitHub API: ${error}`);
+  }
+}
+
+/**
+ * Helper to build a Markdown fragment linking back to the workflow run that
+ * generated the current comment. Returns `undefined` if required environment
+ * variables are missing – e.g. when running outside of GitHub Actions – so we
+ * can gracefully skip the footer in those cases.
+ */
+function buildWorkflowRunFooter(ctx: EnvContext): string | undefined {
+  const serverUrl =
+    ctx.tryGetNonEmpty("GITHUB_SERVER_URL") ?? "https://github.com";
+  const repository = ctx.tryGetNonEmpty("GITHUB_REPOSITORY");
+  const runId = ctx.tryGetNonEmpty("GITHUB_RUN_ID");
+
+  if (!repository || !runId) {
+    return undefined;
+  }
+
+  const url = `${serverUrl}/${repository}/actions/runs/${runId}`;
+  return `\n\n---\n*[_View workflow run_](${url})*`;
+}

.github/actions/codex/src/process-label.ts

@@ -0,0 +1,226 @@
+import { fail } from "./fail";
+import { EnvContext } from "./env-context";
+import { renderPromptTemplate } from "./prompt-template";
+
+import { postComment } from "./post-comment";
+import { runCodex } from "./run-codex";
+
+import * as github from "@actions/github";
+import { Config, LabelConfig } from "./config";
+import { maybePublishPRForIssue } from "./git-helpers";
+
+export async function onLabeled(
+  config: Config,
+  ctx: EnvContext,
+): Promise<void> {
+  const GITHUB_EVENT_LABEL_NAME = ctx.get("GITHUB_EVENT_LABEL_NAME");
+  const labelConfig = config.labels[GITHUB_EVENT_LABEL_NAME] as
+    | LabelConfig
+    | undefined;
+  if (!labelConfig) {
+    fail(
+      `Label \`${GITHUB_EVENT_LABEL_NAME}\` not found in config: ${JSON.stringify(config)}`,
+    );
+  }
+
+  await processLabelConfig(ctx, GITHUB_EVENT_LABEL_NAME, labelConfig);
+}
+
+/**
+ * Wrapper that handles `-in-progress` and `-completed` semantics around the core lint/fix/review
+ * processing. It will:
+ *
+ * - Skip execution if the `-in-progress` or `-completed` label is already present.
+ * - Mark the PR/issue as `-in-progress`.
+ * - After successful execution, mark the PR/issue as `-completed`.
+ */
+async function processLabelConfig(
+  ctx: EnvContext,
+  label: string,
+  labelConfig: LabelConfig,
+): Promise<void> {
+  const octokit = ctx.getOctokit();
+  const { owner, repo, issueNumber, labelNames } =
+    await getCurrentLabels(octokit);
+
+  const inProgressLabel = `${label}-in-progress`;
+  const completedLabel = `${label}-completed`;
+  for (const markerLabel of [inProgressLabel, completedLabel]) {
+    if (labelNames.includes(markerLabel)) {
+      console.log(
+        `Label '${markerLabel}' already present on issue/PR #${issueNumber}. Skipping Codex action.`,
+      );
+
+      // Clean up: remove the triggering label to avoid confusion and re-runs.
+      await addAndRemoveLabels(octokit, {
+        owner,
+        repo,
+        issueNumber,
+        remove: markerLabel,
+      });
+
+      return;
+    }
+  }
+
+  // Mark the PR/issue as in progress.
+  await addAndRemoveLabels(octokit, {
+    owner,
+    repo,
+    issueNumber,
+    add: inProgressLabel,
+    remove: label,
+  });
+
+  // Run the core Codex processing.
+  await processLabel(ctx, label, labelConfig);
+
+  // Mark the PR/issue as completed.
+  await addAndRemoveLabels(octokit, {
+    owner,
+    repo,
+    issueNumber,
+    add: completedLabel,
+    remove: inProgressLabel,
+  });
+}
+
+async function processLabel(
+  ctx: EnvContext,
+  label: string,
+  labelConfig: LabelConfig,
+): Promise<void> {
+  const template = labelConfig.getPromptTemplate();
+
+  // If this is a review label, prepend explicit PR-diff scoping guidance to
+  // reduce out-of-scope feedback. Do this before rendering so placeholders in
+  // the guidance (e.g., {CODEX_ACTION_GITHUB_EVENT_PATH}) are substituted.
+  const isReview = label.toLowerCase().includes("review");
+  const reviewScopeGuidance = `
+PR Diff Scope
+- Only review changes between the PR's merge-base and head; do not comment on commits or files outside this range.
+- Derive the base/head SHAs from the event JSON at {CODEX_ACTION_GITHUB_EVENT_PATH}, then compute and use the PR diff for all analysis and comments.
+
+Commands to determine scope
+- Resolve SHAs:
+  - BASE_SHA=$(jq -r '.pull_request.base.sha // .pull_request.base.ref' "{CODEX_ACTION_GITHUB_EVENT_PATH}")
+  - HEAD_SHA=$(jq -r '.pull_request.head.sha // .pull_request.head.ref' "{CODEX_ACTION_GITHUB_EVENT_PATH}")
+  - BASE_SHA=$(git rev-parse "$BASE_SHA")
+  - HEAD_SHA=$(git rev-parse "$HEAD_SHA")
+- Prefer triple-dot (merge-base) semantics for PR diffs:
+  - Changed commits: git log --oneline "$BASE_SHA...$HEAD_SHA"
+  - Changed files: git diff --name-status "$BASE_SHA...$HEAD_SHA"
+  - Review hunks: git diff -U0 "$BASE_SHA...$HEAD_SHA"
+
+Review rules
+- Anchor every comment to a file and hunk present in git diff "$BASE_SHA...$HEAD_SHA".
+- If you mention context outside the diff, label it as "Follow-up (outside this PR scope)" and keep it brief (<=2 bullets).
+- Do not critique commits or files not reachable in the PR range (merge-base(base, head) → head).
+`.trim();
+
+  const effectiveTemplate = isReview
+    ? `${reviewScopeGuidance}\n\n${template}`
+    : template;
+
+  const populatedTemplate = await renderPromptTemplate(effectiveTemplate, ctx);
+
+  // Always run Codex and post the resulting message as a comment.
+  let commentBody = await runCodex(populatedTemplate, ctx);
+
+  // Current heuristic: only try to create a PR if "attempt" or "fix" is in the
+  // label name. (Yes, we plan to evolve this.)
+  if (label.indexOf("fix") !== -1 || label.indexOf("attempt") !== -1) {
+    console.info(`label ${label} indicates we should attempt to create a PR`);
+    const prUrl = await maybeFixIssue(ctx, commentBody);
+    if (prUrl) {
+      commentBody += `\n\n---\nOpened pull request: ${prUrl}`;
+    }
+  } else {
+    console.info(
+      `label ${label} does not indicate we should attempt to create a PR`,
+    );
+  }
+
+  await postComment(commentBody, ctx);
+}
+
+async function maybeFixIssue(
+  ctx: EnvContext,
+  lastMessage: string,
+): Promise<string | undefined> {
+  // Attempt to create a PR out of any changes Codex produced.
+  const issueNumber = github.context.issue.number!; // exists for issues triggering this path
+  try {
+    return await maybePublishPRForIssue(issueNumber, lastMessage, ctx);
+  } catch (e) {
+    console.warn(`Failed to publish PR: ${e}`);
+  }
+}
+
+async function getCurrentLabels(
+  octokit: ReturnType<typeof github.getOctokit>,
+): Promise<{
+  owner: string;
+  repo: string;
+  issueNumber: number;
+  labelNames: Array<string>;
+}> {
+  const { owner, repo } = github.context.repo;
+  const issueNumber = github.context.issue.number;
+
+  if (!issueNumber) {
+    fail("No issue or pull_request number found in GitHub context.");
+  }
+
+  const { data: issueData } = await octokit.rest.issues.get({
+    owner,
+    repo,
+    issue_number: issueNumber,
+  });
+
+  const labelNames =
+    issueData.labels?.map((label: any) =>
+      typeof label === "string" ? label : label.name,
+    ) ?? [];
+
+  return { owner, repo, issueNumber, labelNames };
+}
+
+async function addAndRemoveLabels(
+  octokit: ReturnType<typeof github.getOctokit>,
+  opts: {
+    owner: string;
+    repo: string;
+    issueNumber: number;
+    add?: string;
+    remove?: string;
+  },
+): Promise<void> {
+  const { owner, repo, issueNumber, add, remove } = opts;
+
+  if (add) {
+    try {
+      await octokit.rest.issues.addLabels({
+        owner,
+        repo,
+        issue_number: issueNumber,
+        labels: [add],
+      });
+    } catch (error) {
+      console.warn(`Failed to add label '${add}': ${error}`);
+    }
+  }
+
+  if (remove) {
+    try {
+      await octokit.rest.issues.removeLabel({
+        owner,
+        repo,
+        issue_number: issueNumber,
+        name: remove,
+      });
+    } catch (error) {
+      console.warn(`Failed to remove label '${remove}': ${error}`);
+    }
+  }
+}

.github/actions/codex/src/prompt-template.ts

@@ -0,0 +1,284 @@
+/*
+ * Utilities to render Codex prompt templates.
+ *
+ * A template is a Markdown (or plain-text) file that may contain one or more
+ * placeholders of the form `{CODEX_ACTION_<NAME>}`. At runtime these
+ * placeholders are substituted with dynamically generated content. Each
+ * placeholder is resolved **exactly once** even if it appears multiple times
+ * in the same template.
+ */
+
+import { readFile } from "fs/promises";
+
+import { EnvContext } from "./env-context";
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+/**
+ * Lazily caches parsed `$GITHUB_EVENT_PATH` contents keyed by the file path so
+ * we only hit the filesystem once per unique event payload.
+ */
+const githubEventDataCache: Map<string, Promise<any>> = new Map();
+
+function getGitHubEventData(ctx: EnvContext): Promise<any> {
+  const eventPath = ctx.get("GITHUB_EVENT_PATH");
+  let cached = githubEventDataCache.get(eventPath);
+  if (!cached) {
+    cached = readFile(eventPath, "utf8").then((raw) => JSON.parse(raw));
+    githubEventDataCache.set(eventPath, cached);
+  }
+  return cached;
+}
+
+async function runCommand(args: Array<string>): Promise<string> {
+  const result = Bun.spawnSync(args, {
+    stdout: "pipe",
+    stderr: "pipe",
+  });
+
+  if (result.success) {
+    return result.stdout.toString();
+  }
+
+  console.error(`Error running ${JSON.stringify(args)}: ${result.stderr}`);
+  return "";
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+// Regex that captures the variable name without the surrounding { } braces.
+const VAR_REGEX = /\{(CODEX_ACTION_[A-Z0-9_]+)\}/g;
+
+// Cache individual placeholder values so each one is resolved at most once per
+// process even if many templates reference it.
+const placeholderCache: Map<string, Promise<string>> = new Map();
+
+/**
+ * Parse a template string, resolve all placeholders and return the rendered
+ * result.
+ */
+export async function renderPromptTemplate(
+  template: string,
+  ctx: EnvContext,
+): Promise<string> {
+  // ---------------------------------------------------------------------
+  // 1) Gather all *unique* placeholders present in the template.
+  // ---------------------------------------------------------------------
+  const variables = new Set<string>();
+  for (const match of template.matchAll(VAR_REGEX)) {
+    variables.add(match[1]);
+  }
+
+  // ---------------------------------------------------------------------
+  // 2) Kick off (or reuse) async resolution for each variable.
+  // ---------------------------------------------------------------------
+  for (const variable of variables) {
+    if (!placeholderCache.has(variable)) {
+      placeholderCache.set(variable, resolveVariable(variable, ctx));
+    }
+  }
+
+  // ---------------------------------------------------------------------
+  // 3) Await completion so we can perform a simple synchronous replace below.
+  // ---------------------------------------------------------------------
+  const resolvedEntries: [string, string][] = [];
+  for (const [key, promise] of placeholderCache.entries()) {
+    resolvedEntries.push([key, await promise]);
+  }
+  const resolvedMap = new Map<string, string>(resolvedEntries);
+
+  // ---------------------------------------------------------------------
+  // 4) Replace each occurrence.  We use replace with a callback to ensure
+  //    correct substitution even if variable names overlap (they shouldn't,
+  //    but better safe than sorry).
+  // ---------------------------------------------------------------------
+  return template.replace(VAR_REGEX, (_, varName: string) => {
+    return resolvedMap.get(varName) ?? "";
+  });
+}
+
+export async function ensureBaseAndHeadCommitsForPRAreAvailable(
+  ctx: EnvContext,
+): Promise<{ baseSha: string; headSha: string } | null> {
+  const prShas = await getPrShas(ctx);
+  if (prShas == null) {
+    console.warn("Unable to resolve PR branches");
+    return null;
+  }
+
+  const event = await getGitHubEventData(ctx);
+  const pr = event.pull_request;
+  if (!pr) {
+    console.warn("event.pull_request is not defined - unexpected");
+    return null;
+  }
+
+  const workspace = ctx.get("GITHUB_WORKSPACE");
+
+  // Refs (branch names)
+  const baseRef: string | undefined = pr.base?.ref;
+  const headRef: string | undefined = pr.head?.ref;
+
+  // Clone URLs
+  const baseRemoteUrl: string | undefined = pr.base?.repo?.clone_url;
+  const headRemoteUrl: string | undefined = pr.head?.repo?.clone_url;
+
+  if (!baseRef || !headRef || !baseRemoteUrl || !headRemoteUrl) {
+    console.warn(
+      "Missing PR ref or remote URL information - cannot fetch commits",
+    );
+    return null;
+  }
+
+  // Ensure we have the base branch.
+  await runCommand([
+    "git",
+    "-C",
+    workspace,
+    "fetch",
+    "--no-tags",
+    "origin",
+    baseRef,
+  ]);
+
+  // Ensure we have the head branch.
+  if (headRemoteUrl === baseRemoteUrl) {
+    // Same repository – the commit is available from `origin`.
+    await runCommand([
+      "git",
+      "-C",
+      workspace,
+      "fetch",
+      "--no-tags",
+      "origin",
+      headRef,
+    ]);
+  } else {
+    // Fork – make sure a `pr` remote exists that points at the fork. Attempting
+    // to add a remote that already exists causes git to error, so we swallow
+    // any non-zero exit codes from that specific command.
+    await runCommand([
+      "git",
+      "-C",
+      workspace,
+      "remote",
+      "add",
+      "pr",
+      headRemoteUrl,
+    ]);
+
+    // Whether adding succeeded or the remote already existed, attempt to fetch
+    // the head ref from the `pr` remote.
+    await runCommand([
+      "git",
+      "-C",
+      workspace,
+      "fetch",
+      "--no-tags",
+      "pr",
+      headRef,
+    ]);
+  }
+
+  return prShas;
+}
+
+// ---------------------------------------------------------------------------
+// Internal helpers – still exported for use by other modules.
+// ---------------------------------------------------------------------------
+
+export async function resolvePrDiff(ctx: EnvContext): Promise<string> {
+  const prShas = await ensureBaseAndHeadCommitsForPRAreAvailable(ctx);
+  if (prShas == null) {
+    console.warn("Unable to resolve PR branches");
+    return "";
+  }
+
+  const workspace = ctx.get("GITHUB_WORKSPACE");
+  const { baseSha, headSha } = prShas;
+  return runCommand([
+    "git",
+    "-C",
+    workspace,
+    "diff",
+    "--color=never",
+    `${baseSha}..${headSha}`,
+  ]);
+}
+
+// ---------------------------------------------------------------------------
+// Placeholder resolution
+// ---------------------------------------------------------------------------
+
+async function resolveVariable(name: string, ctx: EnvContext): Promise<string> {
+  switch (name) {
+    case "CODEX_ACTION_ISSUE_TITLE": {
+      const event = await getGitHubEventData(ctx);
+      const issue = event.issue ?? event.pull_request;
+      return issue?.title ?? "";
+    }
+
+    case "CODEX_ACTION_ISSUE_BODY": {
+      const event = await getGitHubEventData(ctx);
+      const issue = event.issue ?? event.pull_request;
+      return issue?.body ?? "";
+    }
+
+    case "CODEX_ACTION_GITHUB_EVENT_PATH": {
+      return ctx.get("GITHUB_EVENT_PATH");
+    }
+
+    case "CODEX_ACTION_BASE_REF": {
+      const event = await getGitHubEventData(ctx);
+      return event?.pull_request?.base?.ref ?? "";
+    }
+
+    case "CODEX_ACTION_HEAD_REF": {
+      const event = await getGitHubEventData(ctx);
+      return event?.pull_request?.head?.ref ?? "";
+    }
+
+    case "CODEX_ACTION_PR_DIFF": {
+      return resolvePrDiff(ctx);
+    }
+
+    // -------------------------------------------------------------------
+    // Add new template variables here.
+    // -------------------------------------------------------------------
+
+    default: {
+      // Unknown variable – leave it blank to avoid leaking placeholders to the
+      // final prompt.  The alternative would be to `fail()` here, but silently
+      // ignoring unknown placeholders is more forgiving and better matches the
+      // behaviour of typical template engines.
+      console.warn(`Unknown template variable: ${name}`);
+      return "";
+    }
+  }
+}
+
+async function getPrShas(
+  ctx: EnvContext,
+): Promise<{ baseSha: string; headSha: string } | null> {
+  const event = await getGitHubEventData(ctx);
+  const pr = event.pull_request;
+  if (!pr) {
+    console.warn("event.pull_request is not defined");
+    return null;
+  }
+
+  // Prefer explicit SHAs if available to avoid relying on local branch names.
+  const baseSha: string | undefined = pr.base?.sha;
+  const headSha: string | undefined = pr.head?.sha;
+
+  if (!baseSha || !headSha) {
+    console.warn("one of base or head is not defined on event.pull_request");
+    return null;
+  }
+
+  return { baseSha, headSha };
+}

.github/actions/codex/src/review.ts

@@ -0,0 +1,42 @@
+import type { EnvContext } from "./env-context";
+import { runCodex } from "./run-codex";
+import { postComment } from "./post-comment";
+import { addEyesReaction } from "./add-reaction";
+
+/**
+ * Handle `pull_request_review` events. We treat the review body the same way
+ * as a normal comment.
+ */
+export async function onReview(ctx: EnvContext): Promise<void> {
+  const triggerPhrase = ctx.tryGet("INPUT_TRIGGER_PHRASE");
+  if (!triggerPhrase) {
+    console.warn("Empty trigger phrase: skipping.");
+    return;
+  }
+
+  const reviewBody = ctx.tryGet("GITHUB_EVENT_REVIEW_BODY");
+
+  if (!reviewBody) {
+    console.warn("Review body not found in environment: skipping.");
+    return;
+  }
+
+  if (!reviewBody.includes(triggerPhrase)) {
+    console.log(
+      `Trigger phrase '${triggerPhrase}' not found: nothing to do for this review.`,
+    );
+    return;
+  }
+
+  const prompt = reviewBody.replace(triggerPhrase, "").trim();
+
+  if (prompt.length === 0) {
+    console.warn("Prompt is empty after removing trigger phrase: skipping.");
+    return;
+  }
+
+  await addEyesReaction(ctx);
+
+  const lastMessage = await runCodex(prompt, ctx);
+  await postComment(lastMessage, ctx);
+}

.github/actions/codex/src/run-codex.ts

@@ -0,0 +1,58 @@
+import { fail } from "./fail";
+import { EnvContext } from "./env-context";
+import { tmpdir } from "os";
+import { join } from "node:path";
+import { readFile, mkdtemp } from "fs/promises";
+import { resolveWorkspacePath } from "./github-workspace";
+
+/**
+ * Runs the Codex CLI with the provided prompt and returns the output written
+ * to the "last message" file.
+ */
+export async function runCodex(
+  prompt: string,
+  ctx: EnvContext,
+): Promise<string> {
+  const OPENAI_API_KEY = ctx.get("OPENAI_API_KEY");
+
+  const tempDirPath = await mkdtemp(join(tmpdir(), "codex-"));
+  const lastMessageOutput = join(tempDirPath, "codex-prompt.md");
+
+  // Use the unified CLI and its `exec` subcommand instead of the old
+  // standalone `codex-exec` binary.
+  const args = ["/usr/local/bin/codex", "exec"];
+
+  const inputCodexArgs = ctx.tryGet("INPUT_CODEX_ARGS")?.trim();
+  if (inputCodexArgs) {
+    args.push(...inputCodexArgs.split(/\s+/));
+  }
+
+  args.push("--output-last-message", lastMessageOutput, prompt);
+
+  const env: Record<string, string> = { ...process.env, OPENAI_API_KEY };
+  const INPUT_CODEX_HOME = ctx.tryGet("INPUT_CODEX_HOME");
+  if (INPUT_CODEX_HOME) {
+    env.CODEX_HOME = resolveWorkspacePath(INPUT_CODEX_HOME, ctx);
+  }
+
+  console.log(`Running Codex: ${JSON.stringify(args)}`);
+  const result = Bun.spawnSync(args, {
+    stdout: "inherit",
+    stderr: "inherit",
+    env,
+  });
+
+  if (!result.success) {
+    fail(`Codex failed: see above for details.`);
+  }
+
+  // Read the output generated by Codex.
+  let lastMessage: string;
+  try {
+    lastMessage = await readFile(lastMessageOutput, "utf8");
+  } catch (err) {
+    fail(`Failed to read Codex output at '${lastMessageOutput}': ${err}`);
+  }
+
+  return lastMessage;
+}

.github/actions/codex/src/verify-inputs.ts

@@ -0,0 +1,33 @@
+// Validate the inputs passed to the composite action.
+// The script currently ensures that the provided configuration file exists and
+// matches the expected schema.
+
+import type { Config } from "./config";
+
+import { existsSync } from "fs";
+import * as path from "path";
+import { fail } from "./fail";
+
+export function performAdditionalValidation(config: Config, workspace: string) {
+  // Additional validation: ensure referenced prompt files exist and are Markdown.
+  for (const [label, details] of Object.entries(config.labels)) {
+    // Determine which prompt key is present (the schema guarantees exactly one).
+    const promptPathStr =
+      (details as any).prompt ?? (details as any).promptPath;
+
+    if (promptPathStr) {
+      const promptPath = path.isAbsolute(promptPathStr)
+        ? promptPathStr
+        : path.join(workspace, promptPathStr);
+
+      if (!existsSync(promptPath)) {
+        fail(`Prompt file for label '${label}' not found: ${promptPath}`);
+      }
+      if (!promptPath.endsWith(".md")) {
+        fail(
+          `Prompt file for label '${label}' must be a .md file (got ${promptPathStr}).`,
+        );
+      }
+    }
+  }
+}

.github/actions/codex/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "ESNext",
+    "moduleDetection": "force",
+    "moduleResolution": "bundler",
+
+    "noEmit": true,
+    "strict": true,
+    "skipLibCheck": true
+  },
+
+  "include": ["src"]
+}

.github/dotslash-config.json

@@ -21,10 +21,6 @@
         "windows-x86_64": {
           "regex": "^codex-x86_64-pc-windows-msvc\\.exe\\.zst$",
           "path": "codex.exe"
-        },
-        "windows-aarch64": {
-          "regex": "^codex-aarch64-pc-windows-msvc\\.exe\\.zst$",
-          "path": "codex.exe"
         }
       }
     }

.github/pull_request_template.md

@@ -1,6 +1,6 @@
 # External (non-OpenAI) Pull Request Requirements
 
-Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed:
-https://github.com/openai/codex/blob/main/docs/contributing.md
+Before opening this Pull Request, please read the "Contributing" section of the README or your PR may be closed:
+https://github.com/openai/codex#contributing
 
 If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.

.github/workflows/ci.yml

@@ -14,39 +14,40 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5
 
-      - name: Setup pnpm
-        uses: pnpm/action-setup@v4
-        with:
-          run_install: false
-
       - name: Setup Node.js
-        uses: actions/setup-node@v5
+        uses: actions/setup-node@v4
         with:
           node-version: 22
 
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10.8.1
+          run_install: false
+
+      - name: Get pnpm store directory
+        id: pnpm-cache
+        shell: bash
+        run: |
+          echo "store_path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.pnpm-cache.outputs.store_path }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
       - name: Install dependencies
-        run: pnpm install --frozen-lockfile
+        run: pnpm install
 
-      # build_npm_package.py requires DotSlash when staging releases.
-      - uses: facebook/install-dotslash@v2
+      # Run all tasks using workspace filters
 
-      - name: Stage npm package
+      - name: Ensure staging a release works.
         env:
           GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-          CODEX_VERSION=0.40.0
-          PACK_OUTPUT="${RUNNER_TEMP}/codex-npm.tgz"
-          python3 ./codex-cli/scripts/build_npm_package.py \
-            --release-version "$CODEX_VERSION" \
-            --pack-output "$PACK_OUTPUT"
-          echo "PACK_OUTPUT=$PACK_OUTPUT" >> "$GITHUB_ENV"
-
-      - name: Upload staged npm package artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: codex-npm-staging
-          path: ${{ env.PACK_OUTPUT }}
+        run: ./codex-cli/scripts/stage_release.sh
 
       - name: Ensure root README.md contains only ASCII and certain Unicode code points
         run: ./scripts/asciicheck.py README.md

.github/workflows/codespell.yml

@@ -22,7 +22,6 @@ jobs:
       - name: Annotate locations with typos
         uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1
       - name: Codespell
-        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2.1
+        uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2
         with:
           ignore_words_file: .codespellignore
-          skip: frame*.txt

.github/workflows/codex.yml

@@ -0,0 +1,64 @@
+name: Codex
+
+on:
+  issues:
+    types: [opened, labeled]
+  pull_request:
+    branches: [main]
+    types: [labeled]
+
+jobs:
+  codex:
+    # This `if` check provides complex filtering logic to avoid running Codex
+    # on every PR. Admittedly, one thing this does not verify is whether the
+    # sender has write access to the repo: that must be done as part of a
+    # runtime step.
+    #
+    # Note the label values should match the ones in the .github/codex/labels
+    # folder.
+    if: |
+      (github.event_name == 'issues' && (
+        (github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-triage'))
+      )) ||
+      (github.event_name == 'pull_request' && github.event.action == 'labeled' && (github.event.label.name == 'codex-review' || github.event.label.name == 'codex-rust-review'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # can push or create branches
+      issues: write # for comments + labels on issues/PRs
+      pull-requests: write # for PR comments/labels
+    steps:
+      # TODO: Consider adding an optional mode (--dry-run?) to actions/codex
+      # that verifies whether Codex should actually be run for this event.
+      # (For example, it may be rejected because the sender does not have
+      # write access to the repo.) The benefit would be two-fold:
+      # 1. As the first step of this job, it gives us a chance to add a reaction
+      #    or comment to the PR/issue ASAP to "ack" the request.
+      # 2. It saves resources by skipping the clone and setup steps below if
+      #    Codex is not going to run.
+
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - uses: dtolnay/rust-toolchain@1.89
+        with:
+          targets: x86_64-unknown-linux-gnu
+          components: clippy
+
+      - uses: actions/cache@v4
+        with:
+          path: |
+            ~/.cargo/bin/
+            ~/.cargo/registry/index/
+            ~/.cargo/registry/cache/
+            ~/.cargo/git/db/
+            ${{ github.workspace }}/codex-rs/target/
+          key: cargo-ubuntu-24.04-x86_64-unknown-linux-gnu-dev-${{ hashFiles('**/Cargo.lock') }}
+
+      # Note it is possible that the `verify` step internal to Run Codex will
+      # fail, in which case the work to setup the repo was worthless :(
+      - name: Run Codex
+        uses: ./.github/actions/codex
+        with:
+          openai_api_key: ${{ secrets.CODEX_OPENAI_API_KEY }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          codex_home: ./.github/codex/home

.github/workflows/rust-ci.yml

@@ -57,31 +57,11 @@ jobs:
         working-directory: codex-rs
     steps:
       - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.90
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           components: rustfmt
       - name: cargo fmt
         run: cargo fmt -- --config imports_granularity=Item --check
-      - name: Verify codegen for mcp-types
-        run: ./mcp-types/check_lib_rs.py
-
-  cargo_shear:
-    name: cargo shear
-    runs-on: ubuntu-24.04
-    needs: changed
-    if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
-    defaults:
-      run:
-        working-directory: codex-rs
-    steps:
-      - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.90
-      - uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
-        with:
-          tool: cargo-shear
-          version: 1.5.1
-      - name: cargo shear
-        run: cargo shear
 
   # --- CI to validate on different os/targets --------------------------------
   lint_build_test:
@@ -120,30 +100,19 @@ jobs:
           - runner: windows-latest
             target: x86_64-pc-windows-msvc
             profile: dev
-          - runner: windows-11-arm
-            target: aarch64-pc-windows-msvc
-            profile: dev
 
           # Also run representative release builds on Mac and Linux because
           # there could be release-only build errors we want to catch.
-          # Hopefully this also pre-populates the build cache to speed up
-          # releases.
           - runner: macos-14
             target: aarch64-apple-darwin
             profile: release
           - runner: ubuntu-24.04
             target: x86_64-unknown-linux-musl
             profile: release
-          - runner: windows-latest
-            target: x86_64-pc-windows-msvc
-            profile: release
-          - runner: windows-11-arm
-            target: aarch64-pc-windows-msvc
-            profile: release
 
     steps:
       - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.90
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           targets: ${{ matrix.target }}
           components: clippy
@@ -165,7 +134,7 @@ jobs:
 
       - name: cargo clippy
         id: clippy
-        run: cargo clippy --target ${{ matrix.target }} --all-features --tests --profile ${{ matrix.profile }} -- -D warnings
+        run: cargo clippy --target ${{ matrix.target }} --all-features --tests -- -D warnings
 
       # Running `cargo build` from the workspace root builds the workspace using
       # the union of all features from third-party crates. This can mask errors
@@ -180,17 +149,12 @@ jobs:
           find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
             | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo check --profile ${{ matrix.profile }}'
 
-      - uses: taiki-e/install-action@0c5db7f7f897c03b771660e91d065338615679f4 # v2
-        with:
-          tool: nextest
-          version: 0.9.103
-
-      - name: tests
+      - name: cargo test
         id: test
-        # Tests take too long for release builds to run them on every PR.
+        # `cargo test` takes too long for release builds to run them on every PR
         if: ${{ matrix.profile != 'release' }}
         continue-on-error: true
-        run: cargo nextest run --all-features --no-fail-fast --target ${{ matrix.target }}
+        run: cargo test --all-features --target ${{ matrix.target }} --profile ${{ matrix.profile }}
         env:
           RUST_BACKTRACE: 1
 
@@ -207,7 +171,7 @@ jobs:
   # --- Gatherer job that you mark as the ONLY required status -----------------
   results:
     name: CI results (required)
-    needs: [changed, general, cargo_shear, lint_build_test]
+    needs: [changed, general, lint_build_test]
     if: always()
     runs-on: ubuntu-24.04
     steps:
@@ -215,7 +179,6 @@ jobs:
         shell: bash
         run: |
           echo "general: ${{ needs.general.result }}"
-          echo "shear  : ${{ needs.cargo_shear.result }}"
           echo "matrix : ${{ needs.lint_build_test.result }}"
 
           # If nothing relevant changed (PR touching only root README, etc.),
@@ -227,5 +190,4 @@ jobs:
 
           # Otherwise require the jobs to have succeeded
           [[ '${{ needs.general.result }}' == 'success' ]] || { echo 'general failed'; exit 1; }
-          [[ '${{ needs.cargo_shear.result }}' == 'success' ]] || { echo 'cargo_shear failed'; exit 1; }
           [[ '${{ needs.lint_build_test.result }}' == 'success' ]] || { echo 'matrix failed'; exit 1; }

.github/workflows/rust-release.yml

@@ -72,12 +72,10 @@ jobs:
             target: aarch64-unknown-linux-gnu
           - runner: windows-latest
             target: x86_64-pc-windows-msvc
-          - runner: windows-11-arm
-            target: aarch64-pc-windows-msvc
 
     steps:
       - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.90
+      - uses: dtolnay/rust-toolchain@1.89
         with:
           targets: ${{ matrix.target }}
 
@@ -89,7 +87,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             ${{ github.workspace }}/codex-rs/target/
-          key: cargo-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-release-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }}
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
@@ -111,11 +109,6 @@ jobs:
             cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
           fi
 
-      - if: ${{ matrix.runner == 'windows-11-arm' }}
-        name: Install zstd
-        shell: powershell
-        run: choco install -y zstandard
-
       - name: Compress artifacts
         shell: bash
         run: |
@@ -167,14 +160,6 @@ jobs:
     needs: build
     name: release
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      actions: read
-    outputs:
-      version: ${{ steps.release_name.outputs.name }}
-      tag: ${{ github.ref_name }}
-      should_publish_npm: ${{ steps.npm_publish_settings.outputs.should_publish }}
-      npm_tag: ${{ steps.npm_publish_settings.outputs.npm_tag }}
 
     steps:
       - name: Checkout repository
@@ -195,37 +180,21 @@ jobs:
           version="${GITHUB_REF_NAME#rust-v}"
           echo "name=${version}" >> $GITHUB_OUTPUT
 
-      - name: Determine npm publish settings
-        id: npm_publish_settings
-        env:
-          VERSION: ${{ steps.release_name.outputs.name }}
-        run: |
-          set -euo pipefail
-          version="${VERSION}"
-
-          if [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-            echo "should_publish=true" >> "$GITHUB_OUTPUT"
-            echo "npm_tag=" >> "$GITHUB_OUTPUT"
-          elif [[ "${version}" =~ ^[0-9]+\.[0-9]+\.[0-9]+-alpha\.[0-9]+$ ]]; then
-            echo "should_publish=true" >> "$GITHUB_OUTPUT"
-            echo "npm_tag=alpha" >> "$GITHUB_OUTPUT"
-          else
-            echo "should_publish=false" >> "$GITHUB_OUTPUT"
-            echo "npm_tag=" >> "$GITHUB_OUTPUT"
-          fi
-
-      # build_npm_package.py requires DotSlash when staging releases.
-      - uses: facebook/install-dotslash@v2
       - name: Stage npm package
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
           set -euo pipefail
           TMP_DIR="${RUNNER_TEMP}/npm-stage"
-          ./codex-cli/scripts/build_npm_package.py \
+          python3 codex-cli/scripts/stage_rust_release.py \
             --release-version "${{ steps.release_name.outputs.name }}" \
-            --staging-dir "${TMP_DIR}" \
-            --pack-output "${GITHUB_WORKSPACE}/dist/npm/codex-npm-${{ steps.release_name.outputs.name }}.tgz"
+            --tmp "${TMP_DIR}"
+          mkdir -p dist/npm
+          # Produce an npm-ready tarball using `npm pack` and store it in dist/npm.
+          # We then rename it to a stable name used by our publishing script.
+          (cd "$TMP_DIR" && npm pack --pack-destination "${GITHUB_WORKSPACE}/dist/npm")
+          mv "${GITHUB_WORKSPACE}"/dist/npm/*.tgz \
+             "${GITHUB_WORKSPACE}/dist/npm/codex-npm-${{ steps.release_name.outputs.name }}.tgz"
 
       - name: Create GitHub Release
         uses: softprops/action-gh-release@v2
@@ -243,74 +212,3 @@ jobs:
         with:
           tag: ${{ github.ref_name }}
           config: .github/dotslash-config.json
-
-  # Publish to npm using OIDC authentication.
-  # July 31, 2025: https://github.blog/changelog/2025-07-31-npm-trusted-publishing-with-oidc-is-generally-available/
-  # npm docs: https://docs.npmjs.com/trusted-publishers
-  publish-npm:
-    # Publish to npm for stable releases and alpha pre-releases with numeric suffixes.
-    if: ${{ needs.release.outputs.should_publish_npm == 'true' }}
-    name: publish-npm
-    needs: release
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write # Required for OIDC
-      contents: read
-
-    steps:
-      - name: Setup Node.js
-        uses: actions/setup-node@v5
-        with:
-          node-version: 22
-          registry-url: "https://registry.npmjs.org"
-          scope: "@openai"
-
-      # Trusted publishing requires npm CLI version 11.5.1 or later.
-      - name: Update npm
-        run: npm install -g npm@latest
-
-      - name: Download npm tarball from release
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euo pipefail
-          version="${{ needs.release.outputs.version }}"
-          tag="${{ needs.release.outputs.tag }}"
-          mkdir -p dist/npm
-          gh release download "$tag" \
-            --repo "${GITHUB_REPOSITORY}" \
-            --pattern "codex-npm-${version}.tgz" \
-            --dir dist/npm
-
-      # No NODE_AUTH_TOKEN needed because we use OIDC.
-      - name: Publish to npm
-        env:
-          VERSION: ${{ needs.release.outputs.version }}
-          NPM_TAG: ${{ needs.release.outputs.npm_tag }}
-        run: |
-          set -euo pipefail
-          tag_args=()
-          if [[ -n "${NPM_TAG}" ]]; then
-            tag_args+=(--tag "${NPM_TAG}")
-          fi
-
-          npm publish "${GITHUB_WORKSPACE}/dist/npm/codex-npm-${VERSION}.tgz" "${tag_args[@]}"
-
-  update-branch:
-    name: Update latest-alpha-cli branch
-    permissions:
-      contents: write
-    needs: release
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Update latest-alpha-cli branch
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euo pipefail
-          gh api \
-            repos/${GITHUB_REPOSITORY}/git/refs/heads/latest-alpha-cli \
-            -X PATCH \
-            -f sha="${GITHUB_SHA}" \
-            -F force=true

.vscode/extensions.json

@@ -1,11 +1,5 @@
 {
     "recommendations": [
-        "rust-lang.rust-analyzer",
         "tamasfe.even-better-toml",
-        "vadimcn.vscode-lldb",
-
-        // Useful if touching files in .github/workflows, though most
-        // contributors will not be doing that?
-        // "github.vscode-github-actions",
     ]
 }

AGENTS.md

@@ -4,15 +4,13 @@ In the codex-rs folder where the rust code lives:
 
 - Crate names are prefixed with `codex-`. For example, the `core` folder's crate is named `codex-core`
 - When using format! and you can inline variables into {}, always do that.
-- Install any commands the repo relies on (for example `just`, `rg`, or `cargo-insta`) if they aren't already available before running instructions here.
 - Never add or modify any code related to `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` or `CODEX_SANDBOX_ENV_VAR`.
   - You operate in a sandbox where `CODEX_SANDBOX_NETWORK_DISABLED=1` will be set whenever you use the `shell` tool. Any existing code that uses `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` was authored with this fact in mind. It is often used to early exit out of tests that the author knew you would not be able to run given your sandbox limitations.
   - Similarly, when you spawn a process using Seatbelt (`/usr/bin/sandbox-exec`), `CODEX_SANDBOX=seatbelt` will be set on the child process. Integration tests that want to run Seatbelt themselves cannot be run under Seatbelt, so checks for `CODEX_SANDBOX=seatbelt` are also often used to early exit out of tests, as appropriate.
 
-Run `just fmt` (in `codex-rs` directory) automatically after making Rust code changes; do not ask for approval to run it. Before finalizing a change to `codex-rs`, run `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Prefer scoping with `-p` to avoid slow workspace‑wide Clippy builds; only run `just fix` without `-p` if you changed shared crates. Additionally, run the tests:
+Before finalizing a change to `codex-rs`, run `just fmt` (in `codex-rs` directory) to format the code and `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Additionally, run the tests:
 1. Run the test for the specific project that was changed. For example, if changes were made in `codex-rs/tui`, run `cargo test -p codex-tui`.
 2. Once those pass, if any changes were made in common, core, or protocol, run the complete test suite with `cargo test --all-features`.
-When running interactively, ask the user before running `just fix` to finalize. `just fmt` does not require approval. project-specific or individual tests can be run without asking the user, but do ask the user before running the complete test suite.
 
 ## TUI style conventions
 
@@ -27,26 +25,7 @@ See `codex-rs/tui/styles.md`.
   - Example: patch summary file lines
     - Desired: vec!["  └ ".into(), "M".red(), " ".dim(), "tui/src/app.rs".dim()]
 
-### TUI Styling (ratatui)
-- Prefer Stylize helpers: use "text".dim(), .bold(), .cyan(), .italic(), .underlined() instead of manual Style where possible.
-- Prefer simple conversions: use "text".into() for spans and vec![…].into() for lines; when inference is ambiguous (e.g., Paragraph::new/Cell::from), use Line::from(spans) or Span::from(text).
-- Computed styles: if the Style is computed at runtime, using `Span::styled` is OK (`Span::from(text).set_style(style)` is also acceptable).
-- Avoid hardcoded white: do not use `.white()`; prefer the default foreground (no color).
-- Chaining: combine helpers by chaining for readability (e.g., url.cyan().underlined()).
-- Single items: prefer "text".into(); use Line::from(text) or Span::from(text) only when the target type isn’t obvious from context, or when using .into() would require extra type annotations.
-- Building lines: use vec![…].into() to construct a Line when the target type is obvious and no extra type annotations are needed; otherwise use Line::from(vec![…]).
-- Avoid churn: don’t refactor between equivalent forms (Span::styled ↔ set_style, Line::from ↔ .into()) without a clear readability or functional gain; follow file‑local conventions and do not introduce type annotations solely to satisfy .into().
-- Compactness: prefer the form that stays on one line after rustfmt; if only one of Line::from(vec![…]) or vec![…].into() avoids wrapping, choose that. If both wrap, pick the one with fewer wrapped lines.
-
-### Text wrapping
-- Always use textwrap::wrap to wrap plain strings.
-- If you have a ratatui Line and you want to wrap it, use the helpers in tui/src/wrapping.rs, e.g. word_wrap_lines / word_wrap_line.
-- If you need to indent wrapped lines, use the initial_indent / subsequent_indent options from RtOptions if you can, rather than writing custom logic.
-- If you have a list of lines and you need to prefix them all with some prefix (optionally different on the first vs subsequent lines), use the `prefix_lines` helper from line_utils.
-
-## Tests
-
-### Snapshot tests
+## Snapshot tests
 
 This repo uses snapshot tests (via `insta`), especially in `codex-rs/tui`, to validate rendered output. When UI or text output changes intentionally, update the snapshots as follows:
 
@@ -61,7 +40,3 @@ This repo uses snapshot tests (via `insta`), especially in `codex-rs/tui`, to va
 
 If you don’t have the tool:
 - `cargo install cargo-insta`
-
-### Test assertions
-
-- Tests should use pretty_assertions::assert_eq for clearer diffs. Import this at the top of the test module if it isn't already.

CHANGELOG.md

@@ -1 +1,211 @@
-The changelog can be found on the [releases page](https://github.com/openai/codex/releases)
+# Changelog
+
+You can install any of these versions: `npm install -g codex@version`
+
+## `0.1.2505172129`
+
+### 🪲 Bug Fixes
+
+- Add node version check (#1007)
+- Persist token after refresh (#1006)
+
+## `0.1.2505171619`
+
+- `codex --login` + `codex --free` (#998)
+
+## `0.1.2505161800`
+
+- Sign in with chatgpt credits (#974)
+- Add support for OpenAI tool type, local_shell (#961)
+
+## `0.1.2505161243`
+
+- Sign in with chatgpt (#963)
+- Session history viewer (#912)
+- Apply patch issue when using different cwd (#942)
+- Diff command for filenames with special characters (#954)
+
+## `0.1.2505160811`
+
+- `codex-mini-latest` (#951)
+
+## `0.1.2505140839`
+
+### 🪲 Bug Fixes
+
+- Gpt-4.1 apply_patch handling (#930)
+- Add support for fileOpener in config.json (#911)
+- Patch in #366 and #367 for marked-terminal (#916)
+- Remember to set lastIndex = 0 on shared RegExp (#918)
+- Always load version from package.json at runtime (#909)
+- Tweak the label for citations for better rendering (#919)
+- Tighten up some logic around session timestamps and ids (#922)
+- Change EventMsg enum so every variant takes a single struct (#925)
+- Reasoning default to medium, show workdir when supplied (#931)
+- Test_dev_null_write() was not using echo as intended (#923)
+
+## `0.1.2504301751`
+
+### 🚀 Features
+
+- User config api key (#569)
+- `@mention` files in codex (#701)
+- Add `--reasoning` CLI flag (#314)
+- Lower default retry wait time and increase number of tries (#720)
+- Add common package registries domains to allowed-domains list (#414)
+
+### 🪲 Bug Fixes
+
+- Insufficient quota message (#758)
+- Input keyboard shortcut opt+delete (#685)
+- `/diff` should include untracked files (#686)
+- Only allow running without sandbox if explicitly marked in safe container (#699)
+- Tighten up check for /usr/bin/sandbox-exec (#710)
+- Check if sandbox-exec is available (#696)
+- Duplicate messages in quiet mode (#680)
+
+## `0.1.2504251709`
+
+### 🚀 Features
+
+- Add openai model info configuration (#551)
+- Added provider to run quiet mode function (#571)
+- Create parent directories when creating new files (#552)
+- Print bug report URL in terminal instead of opening browser (#510) (#528)
+- Add support for custom provider configuration in the user config (#537)
+- Add support for OpenAI-Organization and OpenAI-Project headers (#626)
+- Add specific instructions for creating API keys in error msg (#581)
+- Enhance toCodePoints to prevent potential unicode 14 errors (#615)
+- More native keyboard navigation in multiline editor (#655)
+- Display error on selection of invalid model (#594)
+
+### 🪲 Bug Fixes
+
+- Model selection (#643)
+- Nits in apply patch (#640)
+- Input keyboard shortcuts (#676)
+- `apply_patch` unicode characters (#625)
+- Don't clear turn input before retries (#611)
+- More loosely match context for apply_patch (#610)
+- Update bug report template - there is no --revision flag (#614)
+- Remove outdated copy of text input and external editor feature (#670)
+- Remove unreachable "disableResponseStorage" logic flow introduced in #543 (#573)
+- Non-openai mode - fix for gemini content: null, fix 429 to throw before stream (#563)
+- Only allow going up in history when not already in history if input is empty (#654)
+- Do not grant "node" user sudo access when using run_in_container.sh (#627)
+- Update scripts/build_container.sh to use pnpm instead of npm (#631)
+- Update lint-staged config to use pnpm --filter (#582)
+- Non-openai mode - don't default temp and top_p (#572)
+- Fix error catching when checking for updates (#597)
+- Close stdin when running an exec tool call (#636)
+
+## `0.1.2504221401`
+
+### 🚀 Features
+
+- Show actionable errors when api keys are missing (#523)
+- Add CLI `--version` flag (#492)
+
+### 🪲 Bug Fixes
+
+- Agent loop for ZDR (`disableResponseStorage`) (#543)
+- Fix relative `workdir` check for `apply_patch` (#556)
+- Minimal mid-stream #429 retry loop using existing back-off (#506)
+- Inconsistent usage of base URL and API key (#507)
+- Remove requirement for api key for ollama (#546)
+- Support `[provider]_BASE_URL` (#542)
+
+## `0.1.2504220136`
+
+### 🚀 Features
+
+- Add support for ZDR orgs (#481)
+- Include fractional portion of chunk that exceeds stdout/stderr limit (#497)
+
+## `0.1.2504211509`
+
+### 🚀 Features
+
+- Support multiple providers via Responses-Completion transformation (#247)
+- Add user-defined safe commands configuration and approval logic #380 (#386)
+- Allow switching approval modes when prompted to approve an edit/command (#400)
+- Add support for `/diff` command autocomplete in TerminalChatInput (#431)
+- Auto-open model selector if user selects deprecated model (#427)
+- Read approvalMode from config file (#298)
+- `/diff` command to view git diff (#426)
+- Tab completions for file paths (#279)
+- Add /command autocomplete (#317)
+- Allow multi-line input (#438)
+
+### 🪲 Bug Fixes
+
+- `full-auto` support in quiet mode (#374)
+- Enable shell option for child process execution (#391)
+- Configure husky and lint-staged for pnpm monorepo (#384)
+- Command pipe execution by improving shell detection (#437)
+- Name of the file not matching the name of the component (#354)
+- Allow proper exit from new Switch approval mode dialog (#453)
+- Ensure /clear resets context and exclude system messages from approximateTokenUsed count (#443)
+- `/clear` now clears terminal screen and resets context left indicator (#425)
+- Correct fish completion function name in CLI script (#485)
+- Auto-open model-selector when model is not found (#448)
+- Remove unnecessary isLoggingEnabled() checks (#420)
+- Improve test reliability for `raw-exec` (#434)
+- Unintended tear down of agent loop (#483)
+- Remove extraneous type casts (#462)
+
+## `0.1.2504181820`
+
+### 🚀 Features
+
+- Add `/bug` report command (#312)
+- Notify when a newer version is available (#333)
+
+### 🪲 Bug Fixes
+
+- Update context left display logic in TerminalChatInput component (#307)
+- Improper spawn of sh on Windows Powershell (#318)
+- `/bug` report command, thinking indicator (#381)
+- Include pnpm lock file (#377)
+
+## `0.1.2504172351`
+
+### 🚀 Features
+
+- Add Nix flake for reproducible development environments (#225)
+
+### 🪲 Bug Fixes
+
+- Handle invalid commands (#304)
+- Raw-exec-process-group.test improve reliability and error handling (#280)
+- Canonicalize the writeable paths used in seatbelt policy (#275)
+
+## `0.1.2504172304`
+
+### 🚀 Features
+
+- Add shell completion subcommand (#138)
+- Add command history persistence (#152)
+- Shell command explanation option (#173)
+- Support bun fallback runtime for codex CLI (#282)
+- Add notifications for MacOS using Applescript (#160)
+- Enhance image path detection in input processing (#189)
+- `--config`/`-c` flag to open global instructions in nvim (#158)
+- Update position of cursor when navigating input history with arrow keys to the end of the text (#255)
+
+### 🪲 Bug Fixes
+
+- Correct word deletion logic for trailing spaces (Ctrl+Backspace) (#131)
+- Improve Windows compatibility for CLI commands and sandbox (#261)
+- Correct typos in thinking texts (transcendent & parroting) (#108)
+- Add empty vite config file to prevent resolving to parent (#273)
+- Update regex to better match the retry error messages (#266)
+- Add missing "as" in prompt prefix in agent loop (#186)
+- Allow continuing after interrupting assistant (#178)
+- Standardize filename to kebab-case 🐍➡️🥙 (#302)
+- Small update to bug report template (#288)
+- Duplicated message on model change (#276)
+- Typos in prompts and comments (#195)
+- Check workdir before spawn (#221)
+
+<!-- generated - do not edit -->

README.md

@@ -2,31 +2,76 @@
 
 <p align="center"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>
 
-<p align="center"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.
-</br>
-</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href="https://developers.openai.com/codex/ide">install in your IDE</a>
-</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href="https://chatgpt.com/codex">chatgpt.com/codex</a></p>
+<p align="center"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, see <a href="https://chatgpt.com/codex">chatgpt.com/codex</a>.</p>
 
 <p align="center">
-  <img src="./.github/codex-cli-splash.png" alt="Codex CLI splash" width="80%" />
+  <img src="./.github/codex-cli-splash.png" alt="Codex CLI splash" width="50%" />
   </p>
 
 ---
 
+<details>
+<summary><strong>Table of contents</strong></summary>
+
+<!-- Begin ToC -->
+
+- [Quickstart](#quickstart)
+  - [Installing and running Codex CLI](#installing-and-running-codex-cli)
+  - [Using Codex with your ChatGPT plan](#using-codex-with-your-chatgpt-plan)
+  - [Connecting on a "Headless" Machine](#connecting-on-a-headless-machine)
+    - [Authenticate locally and copy your credentials to the "headless" machine](#authenticate-locally-and-copy-your-credentials-to-the-headless-machine)
+    - [Connecting through VPS or remote](#connecting-through-vps-or-remote)
+  - [Usage-based billing alternative: Use an OpenAI API key](#usage-based-billing-alternative-use-an-openai-api-key)
+    - [Forcing a specific auth method (advanced)](#forcing-a-specific-auth-method-advanced)
+  - [Choosing Codex's level of autonomy](#choosing-codexs-level-of-autonomy)
+    - [**1. Read/write**](#1-readwrite)
+    - [**2. Read-only**](#2-read-only)
+    - [**3. Advanced configuration**](#3-advanced-configuration)
+    - [Can I run without ANY approvals?](#can-i-run-without-any-approvals)
+    - [Fine-tuning in `config.toml`](#fine-tuning-in-configtoml)
+  - [Example prompts](#example-prompts)
+- [Running with a prompt as input](#running-with-a-prompt-as-input)
+- [Using Open Source Models](#using-open-source-models)
+  - [Platform sandboxing details](#platform-sandboxing-details)
+- [Experimental technology disclaimer](#experimental-technology-disclaimer)
+- [System requirements](#system-requirements)
+- [CLI reference](#cli-reference)
+- [Memory & project docs](#memory--project-docs)
+- [Non-interactive / CI mode](#non-interactive--ci-mode)
+- [Model Context Protocol (MCP)](#model-context-protocol-mcp)
+- [Tracing / verbose logging](#tracing--verbose-logging)
+  - [DotSlash](#dotslash)
+- [Configuration](#configuration)
+- [FAQ](#faq)
+- [Zero data retention (ZDR) usage](#zero-data-retention-zdr-usage)
+- [Codex open source fund](#codex-open-source-fund)
+- [Contributing](#contributing)
+  - [Development workflow](#development-workflow)
+  - [Writing high-impact code changes](#writing-high-impact-code-changes)
+  - [Opening a pull request](#opening-a-pull-request)
+  - [Review process](#review-process)
+  - [Community values](#community-values)
+  - [Getting help](#getting-help)
+  - [Contributor license agreement (CLA)](#contributor-license-agreement-cla)
+    - [Quick fixes](#quick-fixes)
+  - [Releasing `codex`](#releasing-codex)
+- [Security & responsible AI](#security--responsible-ai)
+- [License](#license)
+
+<!-- End ToC -->
+
+</details>
+
+---
+
 ## Quickstart
 
 ### Installing and running Codex CLI
 
-Install globally with your preferred package manager. If you use npm:
+Install globally with your preferred package manager:
 
 ```shell
-npm install -g @openai/codex
-```
-
-Alternatively, if you use Homebrew:
-
-```shell
-brew install codex
+npm install -g @openai/codex  # Alternatively: `brew install codex`
 ```
 
 Then simply run `codex` to get started:
@@ -54,52 +99,607 @@ Each archive contains a single entry with the platform baked into the name (e.g.
 ### Using Codex with your ChatGPT plan
 
 <p align="center">
-  <img src="./.github/codex-cli-login.png" alt="Codex CLI login" width="80%" />
+  <img src="./.github/codex-cli-login.png" alt="Codex CLI login" width="50%" />
   </p>
 
-Run `codex` and select **Sign in with ChatGPT**. We recommend signing into your ChatGPT account to use Codex as part of your Plus, Pro, Team, Edu, or Enterprise plan. [Learn more about what's included in your ChatGPT plan](https://help.openai.com/en/articles/11369540-codex-in-chatgpt).
+Run `codex` and select **Sign in with ChatGPT**. You'll need a Plus, Pro, or Team ChatGPT account, and will get access to our latest models, including `gpt-5`, at no extra cost to your plan. (Enterprise is coming soon.)
 
-You can also use Codex with an API key, but this requires [additional setup](./docs/authentication.md#usage-based-billing-alternative-use-an-openai-api-key). If you previously used an API key for usage-based billing, see the [migration steps](./docs/authentication.md#migrating-from-usage-based-billing-api-key). If you're having trouble with login, please comment on [this issue](https://github.com/openai/codex/issues/1243).
+> Important: If you've used the Codex CLI before, follow these steps to migrate from usage-based billing with your API key:
+>
+> 1. Update the CLI and ensure `codex --version` is `0.20.0` or later
+> 2. Delete `~/.codex/auth.json` (this should be `C:\Users\USERNAME\.codex\auth.json` on Windows)
+> 3. Run `codex login` again
 
-### Model Context Protocol (MCP)
+If you encounter problems with the login flow, please comment on [this issue](https://github.com/openai/codex/issues/1243).
 
-Codex CLI supports [MCP servers](./docs/advanced.md#model-context-protocol-mcp). Enable by adding an `mcp_servers` section to your `~/.codex/config.toml`.
+### Connecting on a "Headless" Machine
 
+Today, the login process entails running a server on `localhost:1455`. If you are on a "headless" server, such as a Docker container or are `ssh`'d into a remote machine, loading `localhost:1455` in the browser on your local machine will not automatically connect to the webserver running on the _headless_ machine, so you must use one of the following workarounds:
 
-### Configuration
+#### Authenticate locally and copy your credentials to the "headless" machine
 
-Codex CLI supports a rich set of configuration options, with preferences stored in `~/.codex/config.toml`. For full configuration options, see [Configuration](./docs/config.md).
+The easiest solution is likely to run through the `codex login` process on your local machine such that `localhost:1455` _is_ accessible in your web browser. When you complete the authentication process, an `auth.json` file should be available at `$CODEX_HOME/auth.json` (on Mac/Linux, `$CODEX_HOME` defaults to `~/.codex` whereas on Windows, it defaults to `%USERPROFILE%\.codex`).
+
+Because the `auth.json` file is not tied to a specific host, once you complete the authentication flow locally, you can copy the `$CODEX_HOME/auth.json` file to the headless machine and then `codex` should "just work" on that machine. Note to copy a file to a Docker container, you can do:
+
+```shell
+# substitute MY_CONTAINER with the name or id of your Docker container:
+CONTAINER_HOME=$(docker exec MY_CONTAINER printenv HOME)
+docker exec MY_CONTAINER mkdir -p "$CONTAINER_HOME/.codex"
+docker cp auth.json MY_CONTAINER:"$CONTAINER_HOME/.codex/auth.json"
+```
+
+whereas if you are `ssh`'d into a remote machine, you likely want to use [`scp`](https://en.wikipedia.org/wiki/Secure_copy_protocol):
+
+```shell
+ssh user@remote 'mkdir -p ~/.codex'
+scp ~/.codex/auth.json user@remote:~/.codex/auth.json
+```
+
+or try this one-liner:
+
+```shell
+ssh user@remote 'mkdir -p ~/.codex && cat > ~/.codex/auth.json' < ~/.codex/auth.json
+```
+
+#### Connecting through VPS or remote
+
+If you run Codex on a remote machine (VPS/server) without a local browser, the login helper starts a server on `localhost:1455` on the remote host. To complete login in your local browser, forward that port to your machine before starting the login flow:
+
+```bash
+# From your local machine
+ssh -L 1455:localhost:1455 <user>@<remote-host>
+```
+
+Then, in that SSH session, run `codex` and select "Sign in with ChatGPT". When prompted, open the printed URL (it will be `http://localhost:1455/...`) in your local browser. The traffic will be tunneled to the remote server.
+
+### Usage-based billing alternative: Use an OpenAI API key
+
+If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API key by setting it as an environment variable:
+
+```shell
+export OPENAI_API_KEY="your-api-key-here"
+```
+
+Notes:
+
+- This command only sets the key for your current terminal session, which we recommend. To set it for all future sessions, you can also add the `export` line to your shell's configuration file (e.g., `~/.zshrc`).
+- If you have signed in with ChatGPT, Codex will default to using your ChatGPT credits. If you wish to use your API key, use the `/logout` command to clear your ChatGPT authentication.
+
+#### Forcing a specific auth method (advanced)
+
+You can explicitly choose which authentication Codex should prefer when both are available.
+
+- To always use your API key (even when ChatGPT auth exists), set:
+
+```toml
+# ~/.codex/config.toml
+preferred_auth_method = "apikey"
+```
+
+Or override ad-hoc via CLI:
+
+```bash
+codex --config preferred_auth_method="apikey"
+```
+
+- To prefer ChatGPT auth (default), set:
+
+```toml
+# ~/.codex/config.toml
+preferred_auth_method = "chatgpt"
+```
+
+Notes:
+
+- When `preferred_auth_method = "apikey"` and an API key is available, the login screen is skipped.
+- When `preferred_auth_method = "chatgpt"` (default), Codex prefers ChatGPT auth if present; if only an API key is present, it will use the API key. Certain account types may also require API-key mode.
+
+### Choosing Codex's level of autonomy
+
+We always recommend running Codex in its default sandbox that gives you strong guardrails around what the agent can do. The default sandbox prevents it from editing files outside its workspace, or from accessing the network.
+
+When you launch Codex in a new folder, it detects whether the folder is version controlled and recommends one of two levels of autonomy:
+
+#### **1. Read/write**
+
+- Codex can run commands and write files in the workspace without approval.
+- To write files in other folders, access network, update git or perform other actions protected by the sandbox, Codex will need your permission.
+- By default, the workspace includes the current directory, as well as temporary directories like `/tmp`. You can see what directories are in the workspace with the `/status` command. See the docs for how to customize this behavior.
+- Advanced: You can manually specify this configuration by running `codex --sandbox workspace-write --ask-for-approval on-request`
+- This is the recommended default for version-controlled folders.
+
+#### **2. Read-only**
+
+- Codex can run read-only commands without approval.
+- To edit files, access network, or perform other actions protected by the sandbox, Codex will need your permission.
+- Advanced: You can manually specify this configuration by running `codex --sandbox read-only --ask-for-approval on-request`
+- This is the recommended default non-version-controlled folders.
+
+#### **3. Advanced configuration**
+
+Codex gives you fine-grained control over the sandbox with the `--sandbox` option, and over when it requests approval with the `--ask-for-approval` option. Run `codex help` for more on these options.
+
+#### Can I run without ANY approvals?
+
+Yes, run codex non-interactively with `--ask-for-approval never`. This option works with all `--sandbox` options, so you still have full control over Codex's level of autonomy. It will make its best attempt with whatever contrainsts you provide. For example:
+
+- Use `codex --ask-for-approval never --sandbox read-only` when you are running many agents to answer questions in parallel in the same workspace.
+- Use `codex --ask-for-approval never --sandbox workspace-write` when you want the agent to non-interactively take time to produce the best outcome, with strong guardrails around its behavior.
+- Use `codex --ask-for-approval never --sandbox danger-full-access` to dangerously give the agent full autonomy. Because this disables important safety mechanisms, we recommend against using this unless running Codex in an isolated environment.
+
+#### Fine-tuning in `config.toml`
+
+```toml
+# approval mode
+approval_policy = "untrusted"
+sandbox_mode    = "read-only"
+
+# full-auto mode
+approval_policy = "on-request"
+sandbox_mode    = "workspace-write"
+
+# Optional: allow network in workspace-write mode
+[sandbox_workspace_write]
+network_access = true
+```
+
+You can also save presets as **profiles**:
+
+```toml
+[profiles.full_auto]
+approval_policy = "on-request"
+sandbox_mode    = "workspace-write"
+
+[profiles.readonly_quiet]
+approval_policy = "never"
+sandbox_mode    = "read-only"
+```
+
+### Example prompts
+
+Below are a few bite-size examples you can copy-paste. Replace the text in quotes with your own task. See the [prompting guide](https://github.com/openai/codex/blob/main/codex-cli/examples/prompting_guide.md) for more tips and usage patterns.
+
+| ✨  | What you type                                                                   | What happens                                                               |
+| --- | ------------------------------------------------------------------------------- | -------------------------------------------------------------------------- |
+| 1   | `codex "Refactor the Dashboard component to React Hooks"`                       | Codex rewrites the class component, runs `npm test`, and shows the diff.   |
+| 2   | `codex "Generate SQL migrations for adding a users table"`                      | Infers your ORM, creates migration files, and runs them in a sandboxed DB. |
+| 3   | `codex "Write unit tests for utils/date.ts"`                                    | Generates tests, executes them, and iterates until they pass.              |
+| 4   | `codex "Bulk-rename *.jpeg -> *.jpg with git mv"`                               | Safely renames files and updates imports/usages.                           |
+| 5   | `codex "Explain what this regex does: ^(?=.*[A-Z]).{8,}$"`                      | Outputs a step-by-step human explanation.                                  |
+| 6   | `codex "Carefully review this repo, and propose 3 high impact well-scoped PRs"` | Suggests impactful PRs in the current codebase.                            |
+| 7   | `codex "Look for vulnerabilities and create a security review report"`          | Finds and explains security bugs.                                          |
+
+## Running with a prompt as input
+
+You can also run Codex CLI with a prompt as input:
+
+```shell
+codex "explain this codebase to me"
+```
+
+```shell
+codex --full-auto "create the fanciest todo-list app"
+```
+
+That's it - Codex will scaffold a file, run it inside a sandbox, install any
+missing dependencies, and show you the live result. Approve the changes and
+they'll be committed to your working directory.
+
+## Using Open Source Models
+
+<details>
+<summary><strong>Use <code>--profile</code> to use other models</strong></summary>
+
+Codex also allows you to use other providers that support the OpenAI Chat Completions (or Responses) API.
+
+To do so, you must first define custom [providers](./config.md#model_providers) in `~/.codex/config.toml`. For example, the provider for a standard Ollama setup would be defined as follows:
+
+```toml
+[model_providers.ollama]
+name = "Ollama"
+base_url = "http://localhost:11434/v1"
+```
+
+The `base_url` will have `/chat/completions` appended to it to build the full URL for the request.
+
+For providers that also require an `Authorization` header of the form `Bearer: SECRET`, an `env_key` can be specified, which indicates the environment variable to read to use as the value of `SECRET` when making a request:
+
+```toml
+[model_providers.openrouter]
+name = "OpenRouter"
+base_url = "https://openrouter.ai/api/v1"
+env_key = "OPENROUTER_API_KEY"
+```
+
+Providers that speak the Responses API are also supported by adding `wire_api = "responses"` as part of the definition. Accessing OpenAI models via Azure is an example of such a provider, though it also requires specifying additional `query_params` that need to be appended to the request URL:
+
+```toml
+[model_providers.azure]
+name = "Azure"
+# Make sure you set the appropriate subdomain for this URL.
+base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"
+env_key = "AZURE_OPENAI_API_KEY"  # Or "OPENAI_API_KEY", whichever you use.
+# Newer versions appear to support the responses API, see https://github.com/openai/codex/pull/1321
+query_params = { api-version = "2025-04-01-preview" }
+wire_api = "responses"
+```
+
+Once you have defined a provider you wish to use, you can configure it as your default provider as follows:
+
+```toml
+model_provider = "azure"
+```
+
+> [!TIP]
+> If you find yourself experimenting with a variety of models and providers, then you likely want to invest in defining a _profile_ for each configuration like so:
+
+```toml
+[profiles.o3]
+model_provider = "azure"
+model = "o3"
+
+[profiles.mistral]
+model_provider = "ollama"
+model = "mistral"
+```
+
+This way, you can specify one command-line argument (.e.g., `--profile o3`, `--profile mistral`) to override multiple settings together.
+
+</details>
+
+Codex can run fully locally against an OpenAI-compatible OSS host (like Ollama) using the `--oss` flag:
+
+- Interactive UI:
+  - codex --oss
+- Non-interactive (programmatic) mode:
+  - echo "Refactor utils" | codex exec --oss
+
+Model selection when using `--oss`:
+
+- If you omit `-m/--model`, Codex defaults to -m gpt-oss:20b and will verify it exists locally (downloading if needed).
+- To pick a different size, pass one of:
+  - -m "gpt-oss:20b"
+  - -m "gpt-oss:120b"
+
+Point Codex at your own OSS host:
+
+- By default, `--oss` talks to http://localhost:11434/v1.
+- To use a different host, set one of these environment variables before running Codex:
+  - CODEX_OSS_BASE_URL, for example:
+    - CODEX_OSS_BASE_URL="http://my-ollama.example.com:11434/v1" codex --oss -m gpt-oss:20b
+  - or CODEX_OSS_PORT (when the host is localhost):
+    - CODEX_OSS_PORT=11434 codex --oss
+
+Advanced: you can persist this in your config instead of environment variables by overriding the built-in `oss` provider in `~/.codex/config.toml`:
+
+```toml
+[model_providers.oss]
+name = "Open Source"
+base_url = "http://my-ollama.example.com:11434/v1"
+```
 
 ---
 
-### Docs & FAQ
+### Platform sandboxing details
 
-- [**Getting started**](./docs/getting-started.md)
-  - [CLI usage](./docs/getting-started.md#cli-usage)
-  - [Running with a prompt as input](./docs/getting-started.md#running-with-a-prompt-as-input)
-  - [Example prompts](./docs/getting-started.md#example-prompts)
-  - [Memory with AGENTS.md](./docs/getting-started.md#memory-with-agentsmd)
-  - [Configuration](./docs/config.md)
-- [**Sandbox & approvals**](./docs/sandbox.md)
-- [**Authentication**](./docs/authentication.md)
-  - [Auth methods](./docs/authentication.md#forcing-a-specific-auth-method-advanced)
-  - [Login on a "Headless" machine](./docs/authentication.md#connecting-on-a-headless-machine)
-- [**Advanced**](./docs/advanced.md)
-  - [Non-interactive / CI mode](./docs/advanced.md#non-interactive--ci-mode)
-  - [Tracing / verbose logging](./docs/advanced.md#tracing--verbose-logging)
-  - [Model Context Protocol (MCP)](./docs/advanced.md#model-context-protocol-mcp)
-- [**Zero data retention (ZDR)**](./docs/zdr.md)
-- [**Contributing**](./docs/contributing.md)
-- [**Install & build**](./docs/install.md)
-  - [System Requirements](./docs/install.md#system-requirements)
-  - [DotSlash](./docs/install.md#dotslash)
-  - [Build from source](./docs/install.md#build-from-source)
-- [**FAQ**](./docs/faq.md)
-- [**Open source fund**](./docs/open-source-fund.md)
+By default, Codex CLI runs code and shell commands inside a restricted sandbox to protect your system.  
+
+> [!IMPORTANT]
+> Not all tool calls are sandboxed. Specifically, **trusted Model Context Protocol (MCP) tool calls** are executed outside of the sandbox.  
+> This is intentional: MCP tools are explicitly configured and trusted by you, and they often need to connect to **external applications or services** (e.g. issue trackers, databases, messaging systems).  
+> Running them outside the sandbox allows Codex to integrate with these external systems without being blocked by sandbox restrictions.
+
+The mechanism Codex uses to implement the sandbox policy depends on your OS:
+
+- **macOS 12+** uses **Apple Seatbelt** and runs commands using `sandbox-exec` with a profile (`-p`) that corresponds to the `--sandbox` that was specified.
+- **Linux** uses a combination of Landlock/seccomp APIs to enforce the `sandbox` configuration.
+
+Note that when running Linux in a containerized environment such as Docker, sandboxing may not work if the host/container configuration does not support the necessary Landlock/seccomp APIs. In such cases, we recommend configuring your Docker container so that it provides the sandbox guarantees you are looking for and then running `codex` with `--sandbox danger-full-access` (or, more simply, the `--dangerously-bypass-approvals-and-sandbox` flag) within your container.
+
+---
+
+## Experimental technology disclaimer
+
+Codex CLI is an experimental project under active development. It is not yet stable, may contain bugs, incomplete features, or undergo breaking changes. We're building it in the open with the community and welcome:
+
+- Bug reports
+- Feature requests
+- Pull requests
+- Good vibes
+
+Help us improve by filing issues or submitting PRs (see the section below for how to contribute)!
+
+---
+
+## System requirements
+
+| Requirement                 | Details                                                         |
+| --------------------------- | --------------------------------------------------------------- |
+| Operating systems           | macOS 12+, Ubuntu 20.04+/Debian 10+, or Windows 11 **via WSL2** |
+| Git (optional, recommended) | 2.23+ for built-in PR helpers                                   |
+| RAM                         | 4-GB minimum (8-GB recommended)                                 |
+
+---
+
+## CLI reference
+
+| Command            | Purpose                            | Example                         |
+| ------------------ | ---------------------------------- | ------------------------------- |
+| `codex`            | Interactive TUI                    | `codex`                         |
+| `codex "..."`      | Initial prompt for interactive TUI | `codex "fix lint errors"`       |
+| `codex exec "..."` | Non-interactive "automation mode"  | `codex exec "explain utils.ts"` |
+
+Key flags: `--model/-m`, `--ask-for-approval/-a`.
+
+---
+
+## Memory & project docs
+
+You can give Codex extra instructions and guidance using `AGENTS.md` files. Codex looks for `AGENTS.md` files in the following places, and merges them top-down:
+
+1. `~/.codex/AGENTS.md` - personal global guidance
+2. `AGENTS.md` at repo root - shared project notes
+3. `AGENTS.md` in the current working directory - sub-folder/feature specifics
+
+---
+
+## Non-interactive / CI mode
+
+Run Codex head-less in pipelines. Example GitHub Action step:
+
+```yaml
+- name: Update changelog via Codex
+  run: |
+    npm install -g @openai/codex
+    export OPENAI_API_KEY="${{ secrets.OPENAI_KEY }}"
+    codex exec --full-auto "update CHANGELOG for next release"
+```
+
+## Model Context Protocol (MCP)
+
+The Codex CLI can be configured to leverage MCP servers by defining an [`mcp_servers`](./codex-rs/config.md#mcp_servers) section in `~/.codex/config.toml`. It is intended to mirror how tools such as Claude and Cursor define `mcpServers` in their respective JSON config files, though the Codex format is slightly different since it uses TOML rather than JSON, e.g.:
+
+```toml
+# IMPORTANT: the top-level key is `mcp_servers` rather than `mcpServers`.
+[mcp_servers.server-name]
+command = "npx"
+args = ["-y", "mcp-server"]
+env = { "API_KEY" = "value" }
+```
+
+> [!TIP]
+> It is somewhat experimental, but the Codex CLI can also be run as an MCP _server_ via `codex mcp`. If you launch it with an MCP client such as `npx @modelcontextprotocol/inspector codex mcp` and send it a `tools/list` request, you will see that there is only one tool, `codex`, that accepts a grab-bag of inputs, including a catch-all `config` map for anything you might want to override. Feel free to play around with it and provide feedback via GitHub issues.
+
+## Tracing / verbose logging
+
+Because Codex is written in Rust, it honors the `RUST_LOG` environment variable to configure its logging behavior.
+
+The TUI defaults to `RUST_LOG=codex_core=info,codex_tui=info` and log messages are written to `~/.codex/log/codex-tui.log`, so you can leave the following running in a separate terminal to monitor log messages as they are written:
+
+```
+tail -F ~/.codex/log/codex-tui.log
+```
+
+By comparison, the non-interactive mode (`codex exec`) defaults to `RUST_LOG=error`, but messages are printed inline, so there is no need to monitor a separate file.
+
+See the Rust documentation on [`RUST_LOG`](https://docs.rs/env_logger/latest/env_logger/#enabling-logging) for more information on the configuration options.
+
+---
+
+### DotSlash
+
+The GitHub Release also contains a [DotSlash](https://dotslash-cli.com/) file for the Codex CLI named `codex`. Using a DotSlash file makes it possible to make a lightweight commit to source control to ensure all contributors use the same version of an executable, regardless of what platform they use for development.
+
+</details>
+
+<details>
+<summary><strong>Build from source</strong></summary>
+
+```bash
+# Clone the repository and navigate to the root of the Cargo workspace.
+git clone https://github.com/openai/codex.git
+cd codex/codex-rs
+
+# Install the Rust toolchain, if necessary.
+curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+source "$HOME/.cargo/env"
+rustup component add rustfmt
+rustup component add clippy
+
+# Build Codex.
+cargo build
+
+# Launch the TUI with a sample prompt.
+cargo run --bin codex -- "explain this codebase to me"
+
+# After making changes, ensure the code is clean.
+cargo fmt -- --config imports_granularity=Item
+cargo clippy --tests
+
+# Run the tests.
+cargo test
+```
+
+</details>
+
+---
+
+## Configuration
+
+Codex supports a rich set of configuration options documented in [`codex-rs/config.md`](./codex-rs/config.md).
+
+By default, Codex loads its configuration from `~/.codex/config.toml`.
+
+Though `--config` can be used to set/override ad-hoc config values for individual invocations of `codex`.
+
+---
+
+## FAQ
+
+<details>
+<summary>OpenAI released a model called Codex in 2021 - is this related?</summary>
+
+In 2021, OpenAI released Codex, an AI system designed to generate code from natural language prompts. That original Codex model was deprecated as of March 2023 and is separate from the CLI tool.
+
+</details>
+
+<details>
+<summary>Which models are supported?</summary>
+
+Any model available with [Responses API](https://platform.openai.com/docs/api-reference/responses). The default is `o4-mini`, but pass `--model gpt-4.1` or set `model: gpt-4.1` in your config file to override.
+
+</details>
+<details>
+<summary>Why does <code>o3</code> or <code>o4-mini</code> not work for me?</summary>
+
+It's possible that your [API account needs to be verified](https://help.openai.com/en/articles/10910291-api-organization-verification) in order to start streaming responses and seeing chain of thought summaries from the API. If you're still running into issues, please let us know!
+
+</details>
+
+<details>
+<summary>How do I stop Codex from editing my files?</summary>
+
+Codex runs model-generated commands in a sandbox. If a proposed command or file change doesn't look right, you can simply type **n** to deny the command or give the model feedback.
+
+</details>
+<details>
+<summary>Does it work on Windows?</summary>
+
+Not directly. It requires [Windows Subsystem for Linux (WSL2)](https://learn.microsoft.com/en-us/windows/wsl/install) - Codex has been tested on macOS and Linux with Node 22.
+
+</details>
+
+---
+
+## Zero data retention (ZDR) usage
+
+Codex CLI **does** support OpenAI organizations with [Zero Data Retention (ZDR)](https://platform.openai.com/docs/guides/your-data#zero-data-retention) enabled. If your OpenAI organization has Zero Data Retention enabled and you still encounter errors such as:
+
+```
+OpenAI rejected the request. Error details: Status: 400, Code: unsupported_parameter, Type: invalid_request_error, Message: 400 Previous response cannot be used for this organization due to Zero Data Retention.
+```
+
+Ensure you are running `codex` with `--config disable_response_storage=true` or add this line to `~/.codex/config.toml` to avoid specifying the command line option each time:
+
+```toml
+disable_response_storage = true
+```
+
+See [the configuration documentation on `disable_response_storage`](./codex-rs/config.md#disable_response_storage) for details.
+
+---
+
+## Codex open source fund
+
+We're excited to launch a **$1 million initiative** supporting open source projects that use Codex CLI and other OpenAI models.
+
+- Grants are awarded up to **$25,000** API credits.
+- Applications are reviewed **on a rolling basis**.
+
+**Interested? [Apply here](https://openai.com/form/codex-open-source-fund/).**
+
+---
+
+## Contributing
+
+This project is under active development and the code will likely change pretty significantly.
+
+**At the moment, we only plan to prioritize reviewing external contributions for bugs or security fixes.**
+
+If you want to add a new feature or change the behavior of an existing one, please open an issue proposing the feature and get approval from an OpenAI team member before spending time building it.
+
+**New contributions that don't go through this process may be closed** if they aren't aligned with our current roadmap or conflict with other priorities/upcoming features.
+
+### Development workflow
+
+- Create a _topic branch_ from `main` - e.g. `feat/interactive-prompt`.
+- Keep your changes focused. Multiple unrelated fixes should be opened as separate PRs.
+- Following the [development setup](#development-workflow) instructions above, ensure your change is free of lint warnings and test failures.
+
+### Writing high-impact code changes
+
+1. **Start with an issue.** Open a new one or comment on an existing discussion so we can agree on the solution before code is written.
+2. **Add or update tests.** Every new feature or bug-fix should come with test coverage that fails before your change and passes afterwards. 100% coverage is not required, but aim for meaningful assertions.
+3. **Document behaviour.** If your change affects user-facing behaviour, update the README, inline help (`codex --help`), or relevant example projects.
+4. **Keep commits atomic.** Each commit should compile and the tests should pass. This makes reviews and potential rollbacks easier.
+
+### Opening a pull request
+
+- Fill in the PR template (or include similar information) - **What? Why? How?**
+- Run **all** checks locally (`cargo test && cargo clippy --tests && cargo fmt -- --config imports_granularity=Item`). CI failures that could have been caught locally slow down the process.
+- Make sure your branch is up-to-date with `main` and that you have resolved merge conflicts.
+- Mark the PR as **Ready for review** only when you believe it is in a merge-able state.
+
+### Review process
+
+1. One maintainer will be assigned as a primary reviewer.
+2. If your PR adds a new feature that was not previously discussed and approved, we may choose to close your PR (see [Contributing](#contributing)).
+3. We may ask for changes - please do not take this personally. We value the work, but we also value consistency and long-term maintainability.
+5. When there is consensus that the PR meets the bar, a maintainer will squash-and-merge.
+
+### Community values
+
+- **Be kind and inclusive.** Treat others with respect; we follow the [Contributor Covenant](https://www.contributor-covenant.org/).
+- **Assume good intent.** Written communication is hard - err on the side of generosity.
+- **Teach & learn.** If you spot something confusing, open an issue or PR with improvements.
+
+### Getting help
+
+If you run into problems setting up the project, would like feedback on an idea, or just want to say _hi_ - please open a Discussion or jump into the relevant issue. We are happy to help.
+
+Together we can make Codex CLI an incredible tool. **Happy hacking!** :rocket:
+
+### Contributor license agreement (CLA)
+
+All contributors **must** accept the CLA. The process is lightweight:
+
+1. Open your pull request.
+2. Paste the following comment (or reply `recheck` if you've signed before):
+
+   ```text
+   I have read the CLA Document and I hereby sign the CLA
+   ```
+
+3. The CLA-Assistant bot records your signature in the repo and marks the status check as passed.
+
+No special Git commands, email attachments, or commit footers required.
+
+#### Quick fixes
+
+| Scenario          | Command                                          |
+| ----------------- | ------------------------------------------------ |
+| Amend last commit | `git commit --amend -s --no-edit && git push -f` |
+
+The **DCO check** blocks merges until every commit in the PR carries the footer (with squash this is just the one).
+
+### Releasing `codex`
+
+_For admins only._
+
+Make sure you are on `main` and have no local changes. Then run:
+
+```shell
+VERSION=0.2.0  # Can also be 0.2.0-alpha.1 or any valid Rust version.
+./codex-rs/scripts/create_github_release.sh "$VERSION"
+```
+
+This will make a local commit on top of `main` with `version` set to `$VERSION` in `codex-rs/Cargo.toml` (note that on `main`, we leave the version as `version = "0.0.0"`).
+
+This will push the commit using the tag `rust-v${VERSION}`, which in turn kicks off [the release workflow](.github/workflows/rust-release.yml). This will create a new GitHub Release named `$VERSION`.
+
+If everything looks good in the generated GitHub Release, uncheck the **pre-release** box so it is the latest release.
+
+Create a PR to update [`Formula/c/codex.rb`](https://github.com/Homebrew/homebrew-core/blob/main/Formula/c/codex.rb) on Homebrew.
+
+---
+
+## Security & responsible AI
+
+Have you discovered a vulnerability or have concerns about model output? Please e-mail **security@openai.com** and we will respond promptly.
 
 ---
 
 ## License
 
 This repository is licensed under the [Apache-2.0 License](LICENSE).
-

codex-cli/.gitignore

@@ -1 +1,7 @@
-/vendor/
+# Added by ./scripts/install_native_deps.sh
+/bin/codex-aarch64-apple-darwin
+/bin/codex-aarch64-unknown-linux-musl
+/bin/codex-linux-sandbox-arm64
+/bin/codex-linux-sandbox-x64
+/bin/codex-x86_64-apple-darwin
+/bin/codex-x86_64-unknown-linux-musl

codex-cli/bin/codex.js

@@ -1,7 +1,6 @@
 #!/usr/bin/env node
 // Unified entry point for the Codex CLI.
 
-import { existsSync } from "fs";
 import path from "path";
 import { fileURLToPath } from "url";
 
@@ -41,11 +40,10 @@ switch (platform) {
   case "win32":
     switch (arch) {
       case "x64":
-        targetTriple = "x86_64-pc-windows-msvc";
+        targetTriple = "x86_64-pc-windows-msvc.exe";
         break;
       case "arm64":
-        targetTriple = "aarch64-pc-windows-msvc";
-        break;
+      // We do not build this today, fall through...
       default:
         break;
     }
@@ -58,10 +56,7 @@ if (!targetTriple) {
   throw new Error(`Unsupported platform: ${platform} (${arch})`);
 }
 
-const vendorRoot = path.join(__dirname, "..", "vendor");
-const archRoot = path.join(vendorRoot, targetTriple);
-const codexBinaryName = process.platform === "win32" ? "codex.exe" : "codex";
-const binaryPath = path.join(archRoot, "codex", codexBinaryName);
+const binaryPath = path.join(__dirname, "..", "bin", `codex-${targetTriple}`);
 
 // Use an asynchronous spawn instead of spawnSync so that Node is able to
 // respond to signals (e.g. Ctrl-C / SIGINT) while the native binary is
@@ -70,6 +65,23 @@ const binaryPath = path.join(archRoot, "codex", codexBinaryName);
 // receives a fatal signal, both processes exit in a predictable manner.
 const { spawn } = await import("child_process");
 
+async function tryImport(moduleName) {
+  try {
+    // eslint-disable-next-line node/no-unsupported-features/es-syntax
+    return await import(moduleName);
+  } catch (err) {
+    return null;
+  }
+}
+
+async function resolveRgDir() {
+  const ripgrep = await tryImport("@vscode/ripgrep");
+  if (!ripgrep?.rgPath) {
+    return null;
+  }
+  return path.dirname(ripgrep.rgPath);
+}
+
 function getUpdatedPath(newDirs) {
   const pathSep = process.platform === "win32" ? ";" : ":";
   const existingPath = process.env.PATH || "";
@@ -81,9 +93,9 @@ function getUpdatedPath(newDirs) {
 }
 
 const additionalDirs = [];
-const pathDir = path.join(archRoot, "path");
-if (existsSync(pathDir)) {
-  additionalDirs.push(pathDir);
+const rgDir = await resolveRgDir();
+if (rgDir) {
+  additionalDirs.push(rgDir);
 }
 const updatedPath = getUpdatedPath(additionalDirs);
 

codex-cli/bin/rg

@@ -1,79 +0,0 @@
-#!/usr/bin/env dotslash
-
-{
-  "name": "rg",
-  "platforms": {
-    "macos-aarch64": {
-      "size": 1787248,
-      "hash": "blake3",
-      "digest": "8d9942032585ea8ee805937634238d9aee7b210069f4703c88fbe568e26fb78a",
-      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-aarch64-apple-darwin/rg",
-      "providers": [
-        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-aarch64-apple-darwin.tar.gz"
-        }
-      ]
-    },
-    "linux-aarch64": {
-      "size": 2047405,
-      "hash": "blake3",
-      "digest": "0b670b8fa0a3df2762af2fc82cc4932f684ca4c02dbd1260d4f3133fd4b2a515",
-      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-aarch64-unknown-linux-gnu/rg",
-      "providers": [
-        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-aarch64-unknown-linux-gnu.tar.gz"
-        }
-      ]
-    },
-    "macos-x86_64": {
-      "size": 2082672,
-      "hash": "blake3",
-      "digest": "e9b862fc8da3127f92791f0ff6a799504154ca9d36c98bf3e60a81c6b1f7289e",
-      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-x86_64-apple-darwin/rg",
-      "providers": [
-        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-x86_64-apple-darwin.tar.gz"
-        }
-      ]
-    },
-    "linux-x86_64": {
-      "size": 2566310,
-      "hash": "blake3",
-      "digest": "f73cca4e54d78c31f832c7f6e2c0b4db8b04fa3eaa747915727d570893dbee76",
-      "format": "tar.gz",
-      "path": "ripgrep-14.1.1-x86_64-unknown-linux-musl/rg",
-      "providers": [
-        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-x86_64-unknown-linux-musl.tar.gz"
-        }
-      ]
-    },
-    "windows-x86_64": {
-      "size": 2058893,
-      "hash": "blake3",
-      "digest": "a8ce1a6fed4f8093ee997e57f33254e94b2cd18e26358b09db599c89882eadbd",
-      "format": "zip",
-      "path": "ripgrep-14.1.1-x86_64-pc-windows-msvc/rg.exe",
-      "providers": [
-        {
-          "url": "https://github.com/BurntSushi/ripgrep/releases/download/14.1.1/ripgrep-14.1.1-x86_64-pc-windows-msvc.zip"
-        }
-      ]
-    },
-    "windows-aarch64": {
-      "size": 1667740,
-      "hash": "blake3",
-      "digest": "47b971a8c4fca1d23a4e7c19bd4d88465ebc395598458133139406d3bf85f3fa",
-      "format": "zip",
-      "path": "rg.exe",
-      "providers": [
-        {
-          "url": "https://github.com/microsoft/ripgrep-prebuilt/releases/download/v13.0.0-13/ripgrep-v13.0.0-13-aarch64-pc-windows-msvc.zip"
-        }
-      ]
-    }
-  }
-}

codex-cli/package-lock.json

@@ -2,17 +2,118 @@
   "name": "@openai/codex",
   "version": "0.0.0-dev",
   "lockfileVersion": 3,
+  "requires": true,
   "packages": {
     "": {
       "name": "@openai/codex",
       "version": "0.0.0-dev",
       "license": "Apache-2.0",
+      "dependencies": {
+        "@vscode/ripgrep": "^1.15.14"
+      },
       "bin": {
         "codex": "bin/codex.js"
       },
       "engines": {
         "node": ">=20"
       }
+    },
+    "node_modules/@vscode/ripgrep": {
+      "version": "1.15.14",
+      "resolved": "https://registry.npmjs.org/@vscode/ripgrep/-/ripgrep-1.15.14.tgz",
+      "integrity": "sha512-/G1UJPYlm+trBWQ6cMO3sv6b8D1+G16WaJH1/DSqw32JOVlzgZbLkDxRyzIpTpv30AcYGMkCf5tUqGlW6HbDWw==",
+      "hasInstallScript": true,
+      "license": "MIT",
+      "dependencies": {
+        "https-proxy-agent": "^7.0.2",
+        "proxy-from-env": "^1.1.0",
+        "yauzl": "^2.9.2"
+      }
+    },
+    "node_modules/agent-base": {
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.4.tgz",
+      "integrity": "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/buffer-crc32": {
+      "version": "0.2.13",
+      "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz",
+      "integrity": "sha512-VO9Ht/+p3SN7SKWqcrgEzjGbRSJYTx+Q1pTQC0wrWqHx0vpJraQ6GtHx8tvcg1rlK1byhU5gccxgOgj7B0TDkQ==",
+      "license": "MIT",
+      "engines": {
+        "node": "*"
+      }
+    },
+    "node_modules/debug": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.1.tgz",
+      "integrity": "sha512-KcKCqiftBJcZr++7ykoDIEwSa3XWowTfNPo92BYxjXiyYEVrUQh2aLyhxBCwww+heortUFxEJYcRzosstTEBYQ==",
+      "license": "MIT",
+      "dependencies": {
+        "ms": "^2.1.3"
+      },
+      "engines": {
+        "node": ">=6.0"
+      },
+      "peerDependenciesMeta": {
+        "supports-color": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/fd-slicer": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz",
+      "integrity": "sha512-cE1qsB/VwyQozZ+q1dGxR8LBYNZeofhEdUNGSMbQD3Gw2lAzX9Zb3uIU6Ebc/Fmyjo9AWWfnn0AUCHqtevs/8g==",
+      "license": "MIT",
+      "dependencies": {
+        "pend": "~1.2.0"
+      }
+    },
+    "node_modules/https-proxy-agent": {
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.6.tgz",
+      "integrity": "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw==",
+      "license": "MIT",
+      "dependencies": {
+        "agent-base": "^7.1.2",
+        "debug": "4"
+      },
+      "engines": {
+        "node": ">= 14"
+      }
+    },
+    "node_modules/ms": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+      "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+      "license": "MIT"
+    },
+    "node_modules/pend": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz",
+      "integrity": "sha512-F3asv42UuXchdzt+xXqfW1OGlVBe+mxa2mqI0pg5yAHZPvFmY3Y6drSf/GQ1A86WgWEN9Kzh/WrgKa6iGcHXLg==",
+      "license": "MIT"
+    },
+    "node_modules/proxy-from-env": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+      "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==",
+      "license": "MIT"
+    },
+    "node_modules/yauzl": {
+      "version": "2.10.0",
+      "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz",
+      "integrity": "sha512-p4a9I6X6nu6IhoGmBqAcbJy1mlC4j27vEPZX9F4L4/vZT3Lyq1VkFHw/V/PUcB9Buo+DG3iHkT0x3Qya58zc3g==",
+      "license": "MIT",
+      "dependencies": {
+        "buffer-crc32": "~0.2.3",
+        "fd-slicer": "~1.1.0"
+      }
     }
   }
 }

codex-cli/package.json

@@ -11,11 +11,16 @@
   },
   "files": [
     "bin",
-    "vendor"
+    "dist"
   ],
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/openai/codex.git",
-    "directory": "codex-cli"
+    "url": "git+https://github.com/openai/codex.git"
+  },
+  "dependencies": {
+    "@vscode/ripgrep": "^1.15.14"
+  },
+  "devDependencies": {
+    "prettier": "^3.3.3"
   }
 }

codex-cli/scripts/README.md

@@ -5,7 +5,5 @@ Run the following:
 To build the 0.2.x or later version of the npm module, which runs the Rust version of the CLI, build it as follows:
 
 ```bash
-./codex-cli/scripts/build_npm_package.py --release-version 0.6.0
+./codex-cli/scripts/stage_rust_release.py --release-version 0.6.0
 ```
-
-Note this will create `./codex-cli/vendor/` as a side-effect.

codex-cli/scripts/build_npm_package.py

@@ -1,269 +0,0 @@
-#!/usr/bin/env python3
-"""Stage and optionally package the @openai/codex npm module."""
-
-import argparse
-import json
-import re
-import shutil
-import subprocess
-import sys
-import tempfile
-from pathlib import Path
-
-SCRIPT_DIR = Path(__file__).resolve().parent
-CODEX_CLI_ROOT = SCRIPT_DIR.parent
-REPO_ROOT = CODEX_CLI_ROOT.parent
-GITHUB_REPO = "openai/codex"
-
-# The docs are not clear on what the expected value/format of
-# workflow/workflowName is:
-# https://cli.github.com/manual/gh_run_list
-WORKFLOW_NAME = ".github/workflows/rust-release.yml"
-
-
-def parse_args() -> argparse.Namespace:
-    parser = argparse.ArgumentParser(description="Build or stage the Codex CLI npm package.")
-    parser.add_argument(
-        "--version",
-        help="Version number to write to package.json inside the staged package.",
-    )
-    parser.add_argument(
-        "--release-version",
-        help=(
-            "Version to stage for npm release. When provided, the script also resolves the "
-            "matching rust-release workflow unless --workflow-url is supplied."
-        ),
-    )
-    parser.add_argument(
-        "--workflow-url",
-        help="Optional GitHub Actions workflow run URL used to download native binaries.",
-    )
-    parser.add_argument(
-        "--staging-dir",
-        type=Path,
-        help=(
-            "Directory to stage the package contents. Defaults to a new temporary directory "
-            "if omitted. The directory must be empty when provided."
-        ),
-    )
-    parser.add_argument(
-        "--tmp",
-        dest="staging_dir",
-        type=Path,
-        help=argparse.SUPPRESS,
-    )
-    parser.add_argument(
-        "--pack-output",
-        type=Path,
-        help="Path where the generated npm tarball should be written.",
-    )
-    return parser.parse_args()
-
-
-def main() -> int:
-    args = parse_args()
-
-    version = args.version
-    release_version = args.release_version
-    if release_version:
-        if version and version != release_version:
-            raise RuntimeError("--version and --release-version must match when both are provided.")
-        version = release_version
-
-    if not version:
-        raise RuntimeError("Must specify --version or --release-version.")
-
-    staging_dir, created_temp = prepare_staging_dir(args.staging_dir)
-
-    try:
-        stage_sources(staging_dir, version)
-
-        workflow_url = args.workflow_url
-        resolved_head_sha: str | None = None
-        if not workflow_url:
-            if release_version:
-                workflow = resolve_release_workflow(version)
-                workflow_url = workflow["url"]
-                resolved_head_sha = workflow.get("headSha")
-            else:
-                workflow_url = resolve_latest_alpha_workflow_url()
-        elif release_version:
-            try:
-                workflow = resolve_release_workflow(version)
-                resolved_head_sha = workflow.get("headSha")
-            except Exception:
-                resolved_head_sha = None
-
-        if release_version and resolved_head_sha:
-            print(f"should `git checkout {resolved_head_sha}`")
-
-        if not workflow_url:
-            raise RuntimeError("Unable to determine workflow URL for native binaries.")
-
-        install_native_binaries(staging_dir, workflow_url)
-
-        if release_version:
-            staging_dir_str = str(staging_dir)
-            print(
-                f"Staged version {version} for release in {staging_dir_str}\n\n"
-                "Verify the CLI:\n"
-                f"    node {staging_dir_str}/bin/codex.js --version\n"
-                f"    node {staging_dir_str}/bin/codex.js --help\n\n"
-            )
-        else:
-            print(f"Staged package in {staging_dir}")
-
-        if args.pack_output is not None:
-            output_path = run_npm_pack(staging_dir, args.pack_output)
-            print(f"npm pack output written to {output_path}")
-    finally:
-        if created_temp:
-            # Preserve the staging directory for further inspection.
-            pass
-
-    return 0
-
-
-def prepare_staging_dir(staging_dir: Path | None) -> tuple[Path, bool]:
-    if staging_dir is not None:
-        staging_dir = staging_dir.resolve()
-        staging_dir.mkdir(parents=True, exist_ok=True)
-        if any(staging_dir.iterdir()):
-            raise RuntimeError(f"Staging directory {staging_dir} is not empty.")
-        return staging_dir, False
-
-    temp_dir = Path(tempfile.mkdtemp(prefix="codex-npm-stage-"))
-    return temp_dir, True
-
-
-def stage_sources(staging_dir: Path, version: str) -> None:
-    bin_dir = staging_dir / "bin"
-    bin_dir.mkdir(parents=True, exist_ok=True)
-
-    shutil.copy2(CODEX_CLI_ROOT / "bin" / "codex.js", bin_dir / "codex.js")
-    rg_manifest = CODEX_CLI_ROOT / "bin" / "rg"
-    if rg_manifest.exists():
-        shutil.copy2(rg_manifest, bin_dir / "rg")
-
-    readme_src = REPO_ROOT / "README.md"
-    if readme_src.exists():
-        shutil.copy2(readme_src, staging_dir / "README.md")
-
-    with open(CODEX_CLI_ROOT / "package.json", "r", encoding="utf-8") as fh:
-        package_json = json.load(fh)
-    package_json["version"] = version
-
-    with open(staging_dir / "package.json", "w", encoding="utf-8") as out:
-        json.dump(package_json, out, indent=2)
-        out.write("\n")
-
-
-def install_native_binaries(staging_dir: Path, workflow_url: str | None) -> None:
-    cmd = ["./scripts/install_native_deps.py"]
-    if workflow_url:
-        cmd.extend(["--workflow-url", workflow_url])
-    cmd.append(str(staging_dir))
-    subprocess.check_call(cmd, cwd=CODEX_CLI_ROOT)
-
-
-def resolve_latest_alpha_workflow_url() -> str:
-    version = determine_latest_alpha_version()
-    workflow = resolve_release_workflow(version)
-    return workflow["url"]
-
-
-def determine_latest_alpha_version() -> str:
-    releases = list_releases()
-    best_key: tuple[int, int, int, int] | None = None
-    best_version: str | None = None
-    pattern = re.compile(r"^rust-v(\d+)\.(\d+)\.(\d+)-alpha\.(\d+)$")
-    for release in releases:
-        tag = release.get("tag_name", "")
-        match = pattern.match(tag)
-        if not match:
-            continue
-        key = tuple(int(match.group(i)) for i in range(1, 5))
-        if best_key is None or key > best_key:
-            best_key = key
-            best_version = (
-                f"{match.group(1)}.{match.group(2)}.{match.group(3)}-alpha.{match.group(4)}"
-            )
-
-    if best_version is None:
-        raise RuntimeError("No alpha releases found when resolving workflow URL.")
-    return best_version
-
-
-def list_releases() -> list[dict]:
-    stdout = subprocess.check_output(
-        ["gh", "api", f"/repos/{GITHUB_REPO}/releases?per_page=100"],
-        text=True,
-    )
-    try:
-        releases = json.loads(stdout or "[]")
-    except json.JSONDecodeError as exc:
-        raise RuntimeError("Unable to parse releases JSON.") from exc
-    if not isinstance(releases, list):
-        raise RuntimeError("Unexpected response when listing releases.")
-    return releases
-
-
-def resolve_release_workflow(version: str) -> dict:
-    stdout = subprocess.check_output(
-        [
-            "gh",
-            "run",
-            "list",
-            "--branch",
-            f"rust-v{version}",
-            "--json",
-            "workflowName,url,headSha",
-            "--workflow",
-            WORKFLOW_NAME,
-            "--jq",
-            "first(.[])",
-        ],
-        text=True,
-    )
-    workflow = json.loads(stdout or "[]")
-    if not workflow:
-        raise RuntimeError(f"Unable to find rust-release workflow for version {version}.")
-    return workflow
-
-
-def run_npm_pack(staging_dir: Path, output_path: Path) -> Path:
-    output_path = output_path.resolve()
-    output_path.parent.mkdir(parents=True, exist_ok=True)
-
-    with tempfile.TemporaryDirectory(prefix="codex-npm-pack-") as pack_dir_str:
-        pack_dir = Path(pack_dir_str)
-        stdout = subprocess.check_output(
-            ["npm", "pack", "--json", "--pack-destination", str(pack_dir)],
-            cwd=staging_dir,
-            text=True,
-        )
-        try:
-            pack_output = json.loads(stdout)
-        except json.JSONDecodeError as exc:
-            raise RuntimeError("Failed to parse npm pack output.") from exc
-
-        if not pack_output:
-            raise RuntimeError("npm pack did not produce an output tarball.")
-
-        tarball_name = pack_output[0].get("filename") or pack_output[0].get("name")
-        if not tarball_name:
-            raise RuntimeError("Unable to determine npm pack output filename.")
-
-        tarball_path = pack_dir / tarball_name
-        if not tarball_path.exists():
-            raise RuntimeError(f"Expected npm pack output not found: {tarball_path}")
-
-        shutil.move(str(tarball_path), output_path)
-
-    return output_path
-
-
-if __name__ == "__main__":
-    import sys
-
-    sys.exit(main())

codex-cli/scripts/install_native_deps.py

@@ -1,318 +0,0 @@
-#!/usr/bin/env python3
-"""Install Codex native binaries (Rust CLI plus ripgrep helpers)."""
-
-import argparse
-import json
-import os
-import shutil
-import subprocess
-import tarfile
-import tempfile
-import zipfile
-from concurrent.futures import ThreadPoolExecutor, as_completed
-from pathlib import Path
-from typing import Iterable, Sequence
-from urllib.parse import urlparse
-from urllib.request import urlopen
-
-SCRIPT_DIR = Path(__file__).resolve().parent
-CODEX_CLI_ROOT = SCRIPT_DIR.parent
-DEFAULT_WORKFLOW_URL = "https://github.com/openai/codex/actions/runs/17952349351"  # rust-v0.40.0
-VENDOR_DIR_NAME = "vendor"
-RG_MANIFEST = CODEX_CLI_ROOT / "bin" / "rg"
-CODEX_TARGETS = (
-    "x86_64-unknown-linux-musl",
-    "aarch64-unknown-linux-musl",
-    "x86_64-apple-darwin",
-    "aarch64-apple-darwin",
-    "x86_64-pc-windows-msvc",
-    "aarch64-pc-windows-msvc",
-)
-
-RG_TARGET_PLATFORM_PAIRS: list[tuple[str, str]] = [
-    ("x86_64-unknown-linux-musl", "linux-x86_64"),
-    ("aarch64-unknown-linux-musl", "linux-aarch64"),
-    ("x86_64-apple-darwin", "macos-x86_64"),
-    ("aarch64-apple-darwin", "macos-aarch64"),
-    ("x86_64-pc-windows-msvc", "windows-x86_64"),
-    ("aarch64-pc-windows-msvc", "windows-aarch64"),
-]
-RG_TARGET_TO_PLATFORM = {target: platform for target, platform in RG_TARGET_PLATFORM_PAIRS}
-DEFAULT_RG_TARGETS = [target for target, _ in RG_TARGET_PLATFORM_PAIRS]
-
-
-def parse_args() -> argparse.Namespace:
-    parser = argparse.ArgumentParser(description="Install native Codex binaries.")
-    parser.add_argument(
-        "--workflow-url",
-        help=(
-            "GitHub Actions workflow URL that produced the artifacts. Defaults to a "
-            "known good run when omitted."
-        ),
-    )
-    parser.add_argument(
-        "root",
-        nargs="?",
-        type=Path,
-        help=(
-            "Directory containing package.json for the staged package. If omitted, the "
-            "repository checkout is used."
-        ),
-    )
-    return parser.parse_args()
-
-
-def main() -> int:
-    args = parse_args()
-
-    codex_cli_root = (args.root or CODEX_CLI_ROOT).resolve()
-    vendor_dir = codex_cli_root / VENDOR_DIR_NAME
-    vendor_dir.mkdir(parents=True, exist_ok=True)
-
-    workflow_url = (args.workflow_url or DEFAULT_WORKFLOW_URL).strip()
-    if not workflow_url:
-        workflow_url = DEFAULT_WORKFLOW_URL
-
-    workflow_id = workflow_url.rstrip("/").split("/")[-1]
-
-    with tempfile.TemporaryDirectory(prefix="codex-native-artifacts-") as artifacts_dir_str:
-        artifacts_dir = Path(artifacts_dir_str)
-        _download_artifacts(workflow_id, artifacts_dir)
-        install_codex_binaries(artifacts_dir, vendor_dir, CODEX_TARGETS)
-
-    fetch_rg(vendor_dir, DEFAULT_RG_TARGETS, manifest_path=RG_MANIFEST)
-
-    print(f"Installed native dependencies into {vendor_dir}")
-    return 0
-
-
-def fetch_rg(
-    vendor_dir: Path,
-    targets: Sequence[str] | None = None,
-    *,
-    manifest_path: Path,
-) -> list[Path]:
-    """Download ripgrep binaries described by the DotSlash manifest."""
-
-    if targets is None:
-        targets = DEFAULT_RG_TARGETS
-
-    if not manifest_path.exists():
-        raise FileNotFoundError(f"DotSlash manifest not found: {manifest_path}")
-
-    manifest = _load_manifest(manifest_path)
-    platforms = manifest.get("platforms", {})
-
-    vendor_dir.mkdir(parents=True, exist_ok=True)
-
-    targets = list(targets)
-    if not targets:
-        return []
-
-    task_configs: list[tuple[str, str, dict]] = []
-    for target in targets:
-        platform_key = RG_TARGET_TO_PLATFORM.get(target)
-        if platform_key is None:
-            raise ValueError(f"Unsupported ripgrep target '{target}'.")
-
-        platform_info = platforms.get(platform_key)
-        if platform_info is None:
-            raise RuntimeError(f"Platform '{platform_key}' not found in manifest {manifest_path}.")
-
-        task_configs.append((target, platform_key, platform_info))
-
-    results: dict[str, Path] = {}
-    max_workers = min(len(task_configs), max(1, (os.cpu_count() or 1)))
-
-    with ThreadPoolExecutor(max_workers=max_workers) as executor:
-        future_map = {
-            executor.submit(
-                _fetch_single_rg,
-                vendor_dir,
-                target,
-                platform_key,
-                platform_info,
-                manifest_path,
-            ): target
-            for target, platform_key, platform_info in task_configs
-        }
-
-        for future in as_completed(future_map):
-            target = future_map[future]
-            results[target] = future.result()
-
-    return [results[target] for target in targets]
-
-
-def _download_artifacts(workflow_id: str, dest_dir: Path) -> None:
-    cmd = [
-        "gh",
-        "run",
-        "download",
-        "--dir",
-        str(dest_dir),
-        "--repo",
-        "openai/codex",
-        workflow_id,
-    ]
-    subprocess.check_call(cmd)
-
-
-def install_codex_binaries(
-    artifacts_dir: Path, vendor_dir: Path, targets: Iterable[str]
-) -> list[Path]:
-    targets = list(targets)
-    if not targets:
-        return []
-
-    results: dict[str, Path] = {}
-    max_workers = min(len(targets), max(1, (os.cpu_count() or 1)))
-
-    with ThreadPoolExecutor(max_workers=max_workers) as executor:
-        future_map = {
-            executor.submit(_install_single_codex_binary, artifacts_dir, vendor_dir, target): target
-            for target in targets
-        }
-
-        for future in as_completed(future_map):
-            target = future_map[future]
-            results[target] = future.result()
-
-    return [results[target] for target in targets]
-
-
-def _install_single_codex_binary(artifacts_dir: Path, vendor_dir: Path, target: str) -> Path:
-    artifact_subdir = artifacts_dir / target
-    archive_name = _archive_name_for_target(target)
-    archive_path = artifact_subdir / archive_name
-    if not archive_path.exists():
-        raise FileNotFoundError(f"Expected artifact not found: {archive_path}")
-
-    dest_dir = vendor_dir / target / "codex"
-    dest_dir.mkdir(parents=True, exist_ok=True)
-
-    binary_name = "codex.exe" if "windows" in target else "codex"
-    dest = dest_dir / binary_name
-    dest.unlink(missing_ok=True)
-    extract_archive(archive_path, "zst", None, dest)
-    if "windows" not in target:
-        dest.chmod(0o755)
-    return dest
-
-
-def _archive_name_for_target(target: str) -> str:
-    if "windows" in target:
-        return f"codex-{target}.exe.zst"
-    return f"codex-{target}.zst"
-
-
-def _fetch_single_rg(
-    vendor_dir: Path,
-    target: str,
-    platform_key: str,
-    platform_info: dict,
-    manifest_path: Path,
-) -> Path:
-    providers = platform_info.get("providers", [])
-    if not providers:
-        raise RuntimeError(f"No providers listed for platform '{platform_key}' in {manifest_path}.")
-
-    url = providers[0]["url"]
-    archive_format = platform_info.get("format", "zst")
-    archive_member = platform_info.get("path")
-
-    dest_dir = vendor_dir / target / "path"
-    dest_dir.mkdir(parents=True, exist_ok=True)
-
-    is_windows = platform_key.startswith("win")
-    binary_name = "rg.exe" if is_windows else "rg"
-    dest = dest_dir / binary_name
-
-    with tempfile.TemporaryDirectory() as tmp_dir_str:
-        tmp_dir = Path(tmp_dir_str)
-        archive_filename = os.path.basename(urlparse(url).path)
-        download_path = tmp_dir / archive_filename
-        _download_file(url, download_path)
-
-        dest.unlink(missing_ok=True)
-        extract_archive(download_path, archive_format, archive_member, dest)
-
-    if not is_windows:
-        dest.chmod(0o755)
-
-    return dest
-
-
-def _download_file(url: str, dest: Path) -> None:
-    dest.parent.mkdir(parents=True, exist_ok=True)
-    with urlopen(url) as response, open(dest, "wb") as out:
-        shutil.copyfileobj(response, out)
-
-
-def extract_archive(
-    archive_path: Path,
-    archive_format: str,
-    archive_member: str | None,
-    dest: Path,
-) -> None:
-    dest.parent.mkdir(parents=True, exist_ok=True)
-
-    if archive_format == "zst":
-        output_path = archive_path.parent / dest.name
-        subprocess.check_call(
-            ["zstd", "-f", "-d", str(archive_path), "-o", str(output_path)]
-        )
-        shutil.move(str(output_path), dest)
-        return
-
-    if archive_format == "tar.gz":
-        if not archive_member:
-            raise RuntimeError("Missing 'path' for tar.gz archive in DotSlash manifest.")
-        with tarfile.open(archive_path, "r:gz") as tar:
-            try:
-                member = tar.getmember(archive_member)
-            except KeyError as exc:
-                raise RuntimeError(
-                    f"Entry '{archive_member}' not found in archive {archive_path}."
-                ) from exc
-            tar.extract(member, path=archive_path.parent, filter="data")
-        extracted = archive_path.parent / archive_member
-        shutil.move(str(extracted), dest)
-        return
-
-    if archive_format == "zip":
-        if not archive_member:
-            raise RuntimeError("Missing 'path' for zip archive in DotSlash manifest.")
-        with zipfile.ZipFile(archive_path) as archive:
-            try:
-                with archive.open(archive_member) as src, open(dest, "wb") as out:
-                    shutil.copyfileobj(src, out)
-            except KeyError as exc:
-                raise RuntimeError(
-                    f"Entry '{archive_member}' not found in archive {archive_path}."
-                ) from exc
-        return
-
-    raise RuntimeError(f"Unsupported archive format '{archive_format}'.")
-
-
-def _load_manifest(manifest_path: Path) -> dict:
-    cmd = ["dotslash", "--", "parse", str(manifest_path)]
-    stdout = subprocess.check_output(cmd, text=True)
-    try:
-        manifest = json.loads(stdout)
-    except json.JSONDecodeError as exc:
-        raise RuntimeError(f"Invalid DotSlash manifest output from {manifest_path}.") from exc
-
-    if not isinstance(manifest, dict):
-        raise RuntimeError(
-            f"Unexpected DotSlash manifest structure for {manifest_path}: {type(manifest)!r}"
-        )
-
-    return manifest
-
-
-if __name__ == "__main__":
-    import sys
-
-    sys.exit(main())

codex-cli/scripts/install_native_deps.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+
+# Install native runtime dependencies for codex-cli.
+#
+# Usage
+#   install_native_deps.sh [--workflow-url URL] [CODEX_CLI_ROOT]
+#
+# The optional RELEASE_ROOT is the path that contains package.json.  Omitting
+# it installs the binaries into the repository's own bin/ folder to support
+# local development.
+
+set -euo pipefail
+
+# ------------------
+# Parse arguments
+# ------------------
+
+CODEX_CLI_ROOT=""
+
+# Until we start publishing stable GitHub releases, we have to grab the binaries
+# from the GitHub Action that created them. Update the URL below to point to the
+# appropriate workflow run:
+WORKFLOW_URL="https://github.com/openai/codex/actions/runs/16840150768" # rust-v0.20.0-alpha.2
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --workflow-url)
+      shift || { echo "--workflow-url requires an argument"; exit 1; }
+      if [ -n "$1" ]; then
+        WORKFLOW_URL="$1"
+      fi
+      ;;
+    *)
+      if [[ -z "$CODEX_CLI_ROOT" ]]; then
+        CODEX_CLI_ROOT="$1"
+      else
+        echo "Unexpected argument: $1" >&2
+        exit 1
+      fi
+      ;;
+  esac
+  shift
+done
+
+# ----------------------------------------------------------------------------
+# Determine where the binaries should be installed.
+# ----------------------------------------------------------------------------
+
+if [ -n "$CODEX_CLI_ROOT" ]; then
+  # The caller supplied a release root directory.
+  BIN_DIR="$CODEX_CLI_ROOT/bin"
+else
+  # No argument; fall back to the repo’s own bin directory.
+  # Resolve the path of this script, then walk up to the repo root.
+  SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+  CODEX_CLI_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+  BIN_DIR="$CODEX_CLI_ROOT/bin"
+fi
+
+# Make sure the destination directory exists.
+mkdir -p "$BIN_DIR"
+
+# ----------------------------------------------------------------------------
+# Download and decompress the artifacts from the GitHub Actions workflow.
+# ----------------------------------------------------------------------------
+
+WORKFLOW_ID="${WORKFLOW_URL##*/}"
+
+ARTIFACTS_DIR="$(mktemp -d)"
+trap 'rm -rf "$ARTIFACTS_DIR"' EXIT
+
+# NB: The GitHub CLI `gh` must be installed and authenticated.
+gh run download --dir "$ARTIFACTS_DIR" --repo openai/codex "$WORKFLOW_ID"
+
+# x64 Linux
+zstd -d "$ARTIFACTS_DIR/x86_64-unknown-linux-musl/codex-x86_64-unknown-linux-musl.zst" \
+    -o "$BIN_DIR/codex-x86_64-unknown-linux-musl"
+# ARM64 Linux
+zstd -d "$ARTIFACTS_DIR/aarch64-unknown-linux-musl/codex-aarch64-unknown-linux-musl.zst" \
+    -o "$BIN_DIR/codex-aarch64-unknown-linux-musl"
+# x64 macOS
+zstd -d "$ARTIFACTS_DIR/x86_64-apple-darwin/codex-x86_64-apple-darwin.zst" \
+    -o "$BIN_DIR/codex-x86_64-apple-darwin"
+# ARM64 macOS
+zstd -d "$ARTIFACTS_DIR/aarch64-apple-darwin/codex-aarch64-apple-darwin.zst" \
+    -o "$BIN_DIR/codex-aarch64-apple-darwin"
+# x64 Windows
+zstd -d "$ARTIFACTS_DIR/x86_64-pc-windows-msvc/codex-x86_64-pc-windows-msvc.exe.zst" \
+    -o "$BIN_DIR/codex-x86_64-pc-windows-msvc.exe"
+
+echo "Installed native dependencies into $BIN_DIR"

codex-cli/scripts/stage_release.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# -----------------------------------------------------------------------------
+# stage_release.sh
+# -----------------------------------------------------------------------------
+# Stages an npm release for @openai/codex.
+#
+# Usage:
+#
+#   --tmp <dir>  : Use <dir> instead of a freshly created temp directory.
+#   -h|--help    : Print usage.
+#
+# -----------------------------------------------------------------------------
+
+set -euo pipefail
+
+# Helper - usage / flag parsing
+
+usage() {
+  cat <<EOF
+Usage: $(basename "$0") [--tmp DIR] [--version VERSION]
+
+Options
+  --tmp DIR   Use DIR to stage the release (defaults to a fresh mktemp dir)
+  --version   Specify the version to release (defaults to a timestamp-based version)
+  -h, --help  Show this help
+
+Legacy positional argument: the first non-flag argument is still interpreted
+as the temporary directory (for backwards compatibility) but is deprecated.
+EOF
+  exit "${1:-0}"
+}
+
+TMPDIR=""
+# Default to a timestamp-based version (keep same scheme as before)
+VERSION="$(printf '0.1.%d' "$(date +%y%m%d%H%M)")"
+WORKFLOW_URL=""
+
+# Manual flag parser - Bash getopts does not handle GNU long options well.
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    --tmp)
+      shift || { echo "--tmp requires an argument"; usage 1; }
+      TMPDIR="$1"
+      ;;
+    --tmp=*)
+      TMPDIR="${1#*=}"
+      ;;
+    --version)
+      shift || { echo "--version requires an argument"; usage 1; }
+      VERSION="$1"
+      ;;
+    --workflow-url)
+      shift || { echo "--workflow-url requires an argument"; exit 1; }
+      WORKFLOW_URL="$1"
+      ;;
+    -h|--help)
+      usage 0
+      ;;
+    --*)
+      echo "Unknown option: $1" >&2
+      usage 1
+      ;;
+    *)
+      echo "Unexpected extra argument: $1" >&2
+      usage 1
+      ;;
+  esac
+  shift
+done
+
+# Fallback when the caller did not specify a directory.
+# If no directory was specified create a fresh temporary one.
+if [[ -z "$TMPDIR" ]]; then
+  TMPDIR="$(mktemp -d)"
+fi
+
+# Ensure the directory exists, then resolve to an absolute path.
+mkdir -p "$TMPDIR"
+TMPDIR="$(cd "$TMPDIR" && pwd)"
+
+# Main build logic
+
+echo "Staging release in $TMPDIR"
+
+# The script lives in codex-cli/scripts/ - change into codex-cli root so that
+# relative paths keep working.
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+CODEX_CLI_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+pushd "$CODEX_CLI_ROOT" >/dev/null
+
+# 1. Build the JS artifacts ---------------------------------------------------
+
+# Paths inside the staged package
+mkdir -p "$TMPDIR/bin"
+
+cp -r bin/codex.js "$TMPDIR/bin/codex.js"
+cp ../README.md "$TMPDIR" || true # README is one level up - ignore if missing
+
+# Modify package.json - bump version and optionally add the native directory to
+# the files array so that the binaries are published to npm.
+
+jq --arg version "$VERSION" \
+    '.version = $version' \
+    package.json > "$TMPDIR/package.json"
+
+# 2. Native runtime deps (sandbox plus optional Rust binaries)
+
+./scripts/install_native_deps.sh --workflow-url "$WORKFLOW_URL" "$TMPDIR"
+
+popd >/dev/null
+
+echo "Staged version $VERSION for release in $TMPDIR"
+
+echo "Verify the CLI:"
+echo "    node ${TMPDIR}/bin/codex.js --version"
+echo "    node ${TMPDIR}/bin/codex.js --help"
+
+# Print final hint for convenience
+echo "Next:  cd \"$TMPDIR\" && npm publish"

codex-cli/scripts/stage_rust_release.py

@@ -0,0 +1,70 @@
+#!/usr/bin/env python3
+
+import json
+import subprocess
+import sys
+import argparse
+from pathlib import Path
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(
+        description="""Stage a release for the npm module.
+
+Run this after the GitHub Release has been created and use
+`--release-version` to specify the version to release.
+
+Optionally pass `--tmp` to control the temporary staging directory that will be
+forwarded to stage_release.sh.
+"""
+    )
+    parser.add_argument(
+        "--release-version", required=True, help="Version to release, e.g., 0.3.0"
+    )
+    parser.add_argument(
+        "--tmp",
+        help="Optional path to stage the npm package; forwarded to stage_release.sh",
+    )
+    args = parser.parse_args()
+    version = args.release_version
+
+    gh_run = subprocess.run(
+        [
+            "gh",
+            "run",
+            "list",
+            "--branch",
+            f"rust-v{version}",
+            "--json",
+            "workflowName,url,headSha",
+            "--jq",
+            'first(.[] | select(.workflowName == "rust-release"))',
+        ],
+        stdout=subprocess.PIPE,
+        check=True,
+    )
+    gh_run.check_returncode()
+    workflow = json.loads(gh_run.stdout)
+    sha = workflow["headSha"]
+
+    print(f"should `git checkout {sha}`")
+
+    current_dir = Path(__file__).parent.resolve()
+    cmd = [
+        str(current_dir / "stage_release.sh"),
+        "--version",
+        version,
+        "--workflow-url",
+        workflow["url"],
+    ]
+    if args.tmp:
+        cmd.extend(["--tmp", args.tmp])
+
+    stage_release = subprocess.run(cmd)
+    stage_release.check_returncode()
+
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

codex-rs/Cargo.toml

@@ -1,6 +1,5 @@
 [workspace]
 members = [
-    "agent",
     "ansi-escape",
     "apply-patch",
     "arg0",
@@ -10,7 +9,6 @@ members = [
     "exec",
     "execpolicy",
     "file-search",
-    "git-tooling",
     "linux-sandbox",
     "login",
     "mcp-client",
@@ -20,7 +18,6 @@ members = [
     "protocol",
     "protocol-ts",
     "tui",
-    "utils/readiness",
 ]
 resolver = "2"
 
@@ -32,172 +29,13 @@ version = "0.0.0"
 # edition.
 edition = "2024"
 
-[workspace.dependencies]
-# Internal
-codex-agent = { path = "agent" }
-codex-ansi-escape = { path = "ansi-escape" }
-codex-apply-patch = { path = "apply-patch" }
-codex-arg0 = { path = "arg0" }
-codex-chatgpt = { path = "chatgpt" }
-codex-common = { path = "common" }
-codex-core = { path = "core" }
-codex-exec = { path = "exec" }
-codex-file-search = { path = "file-search" }
-codex-git-tooling = { path = "git-tooling" }
-codex-linux-sandbox = { path = "linux-sandbox" }
-codex-login = { path = "login" }
-codex-mcp-client = { path = "mcp-client" }
-codex-mcp-server = { path = "mcp-server" }
-codex-ollama = { path = "ollama" }
-codex-protocol = { path = "protocol" }
-codex-protocol-ts = { path = "protocol-ts" }
-codex-tui = { path = "tui" }
-codex-utils-readiness = { path = "utils/readiness" }
-core_test_support = { path = "core/tests/common" }
-mcp-types = { path = "mcp-types" }
-mcp_test_support = { path = "mcp-server/tests/common" }
-
-# External
-allocative = "0.3.3"
-ansi-to-tui = "7.0.0"
-anyhow = "1"
-arboard = "3"
-askama = "0.12"
-assert_cmd = "2"
-async-channel = "2.3.1"
-async-stream = "0.3.6"
-async-trait = "0.1.89"
-base64 = "0.22.1"
-bytes = "1.10.1"
-chrono = "0.4.42"
-clap = "4"
-clap_complete = "4"
-color-eyre = "0.6.3"
-crossterm = "0.28.1"
-ctor = "0.5.0"
-derive_more = "2"
-diffy = "0.4.2"
-dirs = "6"
-dotenvy = "0.15.7"
-env-flags = "0.1.1"
-env_logger = "0.11.5"
-eventsource-stream = "0.2.3"
-futures = "0.3"
-icu_decimal = "2.0.0"
-icu_locale_core = "2.0.0"
-ignore = "0.4.23"
-image = { version = "^0.25.8", default-features = false }
-indexmap = "2.6.0"
-insta = "1.43.2"
-itertools = "0.14.0"
-landlock = "0.4.1"
-lazy_static = "1"
-libc = "0.2.175"
-log = "0.4"
-maplit = "1.0.2"
-mime_guess = "2.0.5"
-multimap = "0.10.0"
-nucleo-matcher = "0.3.1"
-openssl-sys = "*"
-os_info = "3.12.0"
-owo-colors = "4.2.0"
-path-absolutize = "3.1.1"
-path-clean = "1.0.1"
-pathdiff = "0.2"
-portable-pty = "0.9.0"
-predicates = "3"
-pretty_assertions = "1.4.1"
-pulldown-cmark = "0.10"
-rand = "0.9"
-ratatui = "0.29.0"
-regex-lite = "0.1.7"
-reqwest = "0.12"
-schemars = "0.8.22"
-seccompiler = "0.5.0"
-serde = "1"
-serde_json = "1"
-serde_with = "3.14"
-sha1 = "0.10.6"
-sha2 = "0.10"
-shlex = "1.3.0"
-similar = "2.7.0"
-starlark = "0.13.0"
-strum = "0.27.2"
-strum_macros = "0.27.2"
-supports-color = "3.0.2"
-sys-locale = "0.3.2"
-tempfile = "3.23.0"
-textwrap = "0.16.2"
-thiserror = "2.0.16"
-time = "0.3"
-tiny_http = "0.12"
-tokio = "1"
-tokio-stream = "0.1.17"
-tokio-test = "0.4"
-tokio-util = "0.7.16"
-toml = "0.9.5"
-toml_edit = "0.23.4"
-tracing = "0.1.41"
-tracing-appender = "0.2.3"
-tracing-subscriber = "0.3.20"
-tree-sitter = "0.25.9"
-tree-sitter-bash = "0.25.0"
-ts-rs = "11"
-unicode-segmentation = "1.12.0"
-unicode-width = "0.2"
-url = "2"
-urlencoding = "2.1"
-uuid = "1"
-vt100 = "0.16.2"
-walkdir = "2.5.0"
-webbrowser = "1.0"
-which = "6"
-wildmatch = "2.5.0"
-wiremock = "0.6"
-
 [workspace.lints]
 rust = {}
 
 [workspace.lints.clippy]
 expect_used = "deny"
-identity_op = "deny"
-manual_clamp = "deny"
-manual_filter = "deny"
-manual_find = "deny"
-manual_flatten = "deny"
-manual_map = "deny"
-manual_memcpy = "deny"
-manual_non_exhaustive = "deny"
-manual_ok_or = "deny"
-manual_range_contains = "deny"
-manual_retain = "deny"
-manual_strip = "deny"
-manual_try_fold = "deny"
-manual_unwrap_or = "deny"
-needless_borrow = "deny"
-needless_borrowed_reference = "deny"
-needless_collect = "deny"
-needless_late_init = "deny"
-needless_option_as_deref = "deny"
-needless_question_mark = "deny"
-needless_update = "deny"
-redundant_clone = "deny"
-redundant_closure = "deny"
-redundant_closure_for_method_calls = "deny"
-redundant_static_lifetimes = "deny"
-trivially_copy_pass_by_ref = "deny"
-uninlined_format_args = "deny"
-unnecessary_filter_map = "deny"
-unnecessary_lazy_evaluations = "deny"
-unnecessary_sort_by = "deny"
-unnecessary_to_owned = "deny"
 unwrap_used = "deny"
 
-# cargo-shear cannot see the platform-specific openssl-sys usage, so we
-# silence the false positive here instead of deleting a real dependency.
-[workspace.metadata.cargo-shear]
-ignored = ["openssl-sys", "codex-utils-readiness"]
-
 [profile.release]
 lto = "fat"
 # Because we bundle some of these executables with the TypeScript CLI, we

codex-rs/README.md

@@ -19,11 +19,11 @@ While we are [working to close the gap between the TypeScript and Rust implement
 
 ### Config
 
-Codex supports a rich set of configuration options. Note that the Rust CLI uses `config.toml` instead of `config.json`. See [`docs/config.md`](../docs/config.md) for details.
+Codex supports a rich set of configuration options. Note that the Rust CLI uses `config.toml` instead of `config.json`. See [`config.md`](./config.md) for details.
 
 ### Model Context Protocol Support
 
-Codex CLI functions as an MCP client that can connect to MCP servers on startup. See the [`mcp_servers`](../docs/config.md#mcp_servers) section in the configuration documentation for details.
+Codex CLI functions as an MCP client that can connect to MCP servers on startup. See the [`mcp_servers`](./config.md#mcp_servers) section in the configuration documentation for details.
 
 It is still experimental, but you can also launch Codex as an MCP _server_ by running `codex mcp`. Use the [`@modelcontextprotocol/inspector`](https://github.com/modelcontextprotocol/inspector) to try it out:
 
@@ -33,9 +33,9 @@ npx @modelcontextprotocol/inspector codex mcp
 
 ### Notifications
 
-You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The [notify documentation](../docs/config.md#notify) includes a detailed example that explains how to get desktop notifications via [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS.
+You can enable notifications by configuring a script that is run whenever the agent finishes a turn. The [notify documentation](./config.md#notify) includes a detailed example that explains how to get desktop notifications via [terminal-notifier](https://github.com/julienXX/terminal-notifier) on macOS.
 
-### `codex exec` to run Codex programmatically/non-interactively
+### `codex exec` to run Codex programmatially/non-interactively
 
 To run Codex non-interactively, run `codex exec PROMPT` (you can also pass the prompt via `stdin`) and Codex will work on your task until it decides that it is done and exits. Output is printed to the terminal directly. You can set the `RUST_LOG` environment variable to see more about what's going on.
 
@@ -43,12 +43,6 @@ To run Codex non-interactively, run `codex exec PROMPT` (you can also pass the p
 
 Typing `@` triggers a fuzzy-filename search over the workspace root. Use up/down to select among the results and Tab or Enter to replace the `@` with the selected path. You can use Esc to cancel the search.
 
-### Esc–Esc to edit a previous message
-
-When the chat composer is empty, press Esc to prime “backtrack” mode. Press Esc again to open a transcript preview highlighting the last user message; press Esc repeatedly to step to older user messages. Press Enter to confirm and Codex will fork the conversation from that point, trim the visible transcript accordingly, and pre‑fill the composer with the selected user message so you can edit and resubmit it.
-
-In the transcript preview, the footer shows an `Esc edit prev` hint while editing is active.
-
 ### `--cd`/`-C` flag
 
 Sometimes it is not convenient to `cd` to the directory you want Codex to use as the "working root" before running Codex. Fortunately, `codex` supports a `--cd` option so you can specify whatever folder you want. You can confirm that Codex is honoring `--cd` by double-checking the **workdir** it reports in the TUI at the start of a new session.
@@ -97,7 +91,6 @@ The same setting can be persisted in `~/.codex/config.toml` via the top-level `s
 This folder is the root of a Cargo workspace. It contains quite a bit of experimental code, but here are the key crates:
 
 - [`core/`](./core) contains the business logic for Codex. Ultimately, we hope this to be a library crate that is generally useful for building other Rust/native applications that use Codex.
-- [`docs/agent_runtime_baseline.md`](./docs/agent_runtime_baseline.md) documents the current agent runtime interfaces (`Codex`, `Session`, `SessionTask`) and links to the ongoing refactor plan in `agent_refactor.md`.
 - [`exec/`](./exec) "headless" CLI for use in automation.
 - [`tui/`](./tui) CLI that launches a fullscreen TUI built with [Ratatui](https://ratatui.rs/).
 - [`cli/`](./cli) CLI multitool that provides the aforementioned CLIs via subcommands.

codex-rs/agent/Cargo.toml

@@ -1,37 +0,0 @@
-[package]
-name = "codex-agent"
-version.workspace = true
-edition.workspace = true
-
-[dependencies]
-anyhow = { workspace = true }
-async-trait = { workspace = true }
-codex-protocol = { workspace = true }
-codex-apply-patch = { workspace = true }
-mcp-types = { workspace = true }
-base64 = { workspace = true }
-serde_json = { workspace = true }
-libc = { workspace = true }
-portable-pty = { workspace = true }
-serde = { workspace = true, features = ["derive"] }
-sha1 = { workspace = true }
-shlex = { workspace = true }
-similar = { workspace = true }
-thiserror = { workspace = true }
-tokio = { workspace = true, features = ["macros", "process", "rt-multi-thread", "sync", "time"] }
-uuid = { workspace = true, features = ["serde", "v4"] }
-which = { workspace = true }
-wildmatch = { workspace = true }
-codex-file-search = { workspace = true }
-time = { workspace = true, features = ["formatting", "parsing", "local-offset", "macros"] }
-tracing = { workspace = true }
-tree-sitter = { workspace = true }
-tree-sitter-bash = { workspace = true }
-
-[dev-dependencies]
-core_test_support = { workspace = true }
-tempfile = { workspace = true }
-pretty_assertions = { workspace = true }
-
-[lints]
-workspace = true

codex-rs/agent/src/command_safety/is_dangerous_command.rs

@@ -1,99 +0,0 @@
-use crate::bash::parse_bash_lc_plain_commands;
-
-pub fn command_might_be_dangerous(command: &[String]) -> bool {
-    if is_dangerous_to_call_with_exec(command) {
-        return true;
-    }
-
-    // Support `bash -lc "<script>"` where the any part of the script might contain a dangerous command.
-    if let Some(all_commands) = parse_bash_lc_plain_commands(command)
-        && all_commands
-            .iter()
-            .any(|cmd| is_dangerous_to_call_with_exec(cmd))
-    {
-        return true;
-    }
-
-    false
-}
-
-fn is_dangerous_to_call_with_exec(command: &[String]) -> bool {
-    let cmd0 = command.first().map(String::as_str);
-
-    match cmd0 {
-        Some(cmd) if cmd.ends_with("git") || cmd.ends_with("/git") => {
-            matches!(command.get(1).map(String::as_str), Some("reset" | "rm"))
-        }
-
-        Some("rm") => matches!(command.get(1).map(String::as_str), Some("-f" | "-rf")),
-
-        // for sudo <cmd> simply do the check for <cmd>
-        Some("sudo") => is_dangerous_to_call_with_exec(&command[1..]),
-
-        // ── anything else ─────────────────────────────────────────────────
-        _ => false,
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-
-    fn vec_str(items: &[&str]) -> Vec<String> {
-        items.iter().map(std::string::ToString::to_string).collect()
-    }
-
-    #[test]
-    fn git_reset_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&["git", "reset"])));
-    }
-
-    #[test]
-    fn bash_git_reset_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&[
-            "bash",
-            "-lc",
-            "git reset --hard"
-        ])));
-    }
-
-    #[test]
-    fn git_status_is_not_dangerous() {
-        assert!(!command_might_be_dangerous(&vec_str(&["git", "status"])));
-    }
-
-    #[test]
-    fn bash_git_status_is_not_dangerous() {
-        assert!(!command_might_be_dangerous(&vec_str(&[
-            "bash",
-            "-lc",
-            "git status"
-        ])));
-    }
-
-    #[test]
-    fn sudo_git_reset_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&[
-            "sudo", "git", "reset", "--hard"
-        ])));
-    }
-
-    #[test]
-    fn usr_bin_git_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&[
-            "/usr/bin/git",
-            "reset",
-            "--hard"
-        ])));
-    }
-
-    #[test]
-    fn rm_rf_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&["rm", "-rf", "/"])));
-    }
-
-    #[test]
-    fn rm_f_is_dangerous() {
-        assert!(command_might_be_dangerous(&vec_str(&["rm", "-f", "/"])));
-    }
-}

codex-rs/agent/src/command_safety/mod.rs

@@ -1,4 +0,0 @@
-pub mod is_dangerous_command;
-pub mod is_safe_command;
-#[cfg(target_os = "windows")]
-pub mod windows_safe_commands;

codex-rs/agent/src/command_safety/windows_safe_commands.rs

@@ -1,25 +0,0 @@
-// This is a WIP. This will eventually contain a real list of common safe Windows commands.
-pub fn is_safe_command_windows(_command: &[String]) -> bool {
-    false
-}
-
-#[cfg(test)]
-mod tests {
-    use super::is_safe_command_windows;
-
-    fn vec_str(args: &[&str]) -> Vec<String> {
-        args.iter().map(ToString::to_string).collect()
-    }
-
-    #[test]
-    fn everything_is_unsafe() {
-        for cmd in [
-            vec_str(&["powershell.exe", "-NoLogo", "-Command", "echo hello"]),
-            vec_str(&["copy", "foo", "bar"]),
-            vec_str(&["del", "file.txt"]),
-            vec_str(&["powershell.exe", "Get-ChildItem"]),
-        ] {
-            assert!(!is_safe_command_windows(&cmd));
-        }
-    }
-}

codex-rs/agent/src/config_types.rs

@@ -1,305 +0,0 @@
-//! Shared configuration data structures for Codex runtime and hosts.
-//
-// This module intentionally focuses on simple data containers without
-// business logic so they can be reused across crates.
-
-use std::collections::HashMap;
-use std::path::PathBuf;
-use std::time::Duration;
-use wildmatch::WildMatchPattern;
-
-use serde::Deserialize;
-use serde::Deserializer;
-use serde::Serialize;
-use serde::de::Error as SerdeError;
-
-#[derive(Serialize, Debug, Clone, PartialEq)]
-pub struct McpServerConfig {
-    pub command: String,
-
-    #[serde(default)]
-    pub args: Vec<String>,
-
-    #[serde(default)]
-    pub env: Option<HashMap<String, String>>,
-
-    /// Startup timeout in seconds for initializing MCP server & initially listing tools.
-    #[serde(
-        default,
-        with = "option_duration_secs",
-        skip_serializing_if = "Option::is_none"
-    )]
-    pub startup_timeout_sec: Option<Duration>,
-
-    /// Default timeout for MCP tool calls initiated via this server.
-    #[serde(default, with = "option_duration_secs")]
-    pub tool_timeout_sec: Option<Duration>,
-}
-
-impl<'de> Deserialize<'de> for McpServerConfig {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: Deserializer<'de>,
-    {
-        #[derive(Deserialize)]
-        struct RawMcpServerConfig {
-            command: String,
-            #[serde(default)]
-            args: Vec<String>,
-            #[serde(default)]
-            env: Option<HashMap<String, String>>,
-            #[serde(default)]
-            startup_timeout_sec: Option<f64>,
-            #[serde(default)]
-            startup_timeout_ms: Option<u64>,
-            #[serde(default, with = "option_duration_secs")]
-            tool_timeout_sec: Option<Duration>,
-        }
-
-        let raw = RawMcpServerConfig::deserialize(deserializer)?;
-
-        let startup_timeout_sec = match (raw.startup_timeout_sec, raw.startup_timeout_ms) {
-            (Some(sec), _) => {
-                let duration = Duration::try_from_secs_f64(sec).map_err(SerdeError::custom)?;
-                Some(duration)
-            }
-            (None, Some(ms)) => Some(Duration::from_millis(ms)),
-            (None, None) => None,
-        };
-
-        Ok(Self {
-            command: raw.command,
-            args: raw.args,
-            env: raw.env,
-            startup_timeout_sec,
-            tool_timeout_sec: raw.tool_timeout_sec,
-        })
-    }
-}
-
-mod option_duration_secs {
-    use serde::Deserialize;
-    use serde::Deserializer;
-    use serde::Serializer;
-    use std::time::Duration;
-
-    pub fn serialize<S>(value: &Option<Duration>, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: Serializer,
-    {
-        match value {
-            Some(duration) => serializer.serialize_some(&duration.as_secs_f64()),
-            None => serializer.serialize_none(),
-        }
-    }
-
-    pub fn deserialize<'de, D>(deserializer: D) -> Result<Option<Duration>, D::Error>
-    where
-        D: Deserializer<'de>,
-    {
-        let secs = Option::<f64>::deserialize(deserializer)?;
-        secs.map(|secs| Duration::try_from_secs_f64(secs).map_err(serde::de::Error::custom))
-            .transpose()
-    }
-}
-
-#[derive(Deserialize, Debug, Copy, Clone, PartialEq)]
-pub enum UriBasedFileOpener {
-    #[serde(rename = "vscode")]
-    VsCode,
-
-    #[serde(rename = "vscode-insiders")]
-    VsCodeInsiders,
-
-    #[serde(rename = "windsurf")]
-    Windsurf,
-
-    #[serde(rename = "cursor")]
-    Cursor,
-
-    /// Option to disable the URI-based file opener.
-    #[serde(rename = "none")]
-    None,
-}
-
-impl UriBasedFileOpener {
-    pub fn get_scheme(&self) -> Option<&str> {
-        match self {
-            UriBasedFileOpener::VsCode => Some("vscode"),
-            UriBasedFileOpener::VsCodeInsiders => Some("vscode-insiders"),
-            UriBasedFileOpener::Windsurf => Some("windsurf"),
-            UriBasedFileOpener::Cursor => Some("cursor"),
-            UriBasedFileOpener::None => None,
-        }
-    }
-}
-
-/// Settings that govern if and what will be written to `~/.codex/history.jsonl`.
-#[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-pub struct History {
-    /// If true, history entries will not be written to disk.
-    pub persistence: HistoryPersistence,
-
-    /// If set, the maximum size of the history file in bytes.
-    /// TODO(mbolin): Not currently honored.
-    pub max_bytes: Option<usize>,
-}
-
-#[derive(Deserialize, Debug, Copy, Clone, PartialEq, Default)]
-#[serde(rename_all = "kebab-case")]
-pub enum HistoryPersistence {
-    /// Save all history entries to disk.
-    #[default]
-    SaveAll,
-    /// Do not write history to disk.
-    None,
-}
-
-#[derive(Debug, Clone, PartialEq, Eq, Deserialize)]
-#[serde(untagged)]
-pub enum Notifications {
-    Enabled(bool),
-    Custom(Vec<String>),
-}
-
-impl Default for Notifications {
-    fn default() -> Self {
-        Self::Enabled(false)
-    }
-}
-
-/// Collection of settings that are specific to the TUI.
-#[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-pub struct Tui {
-    /// Enable desktop notifications from the TUI when the terminal is unfocused.
-    /// Defaults to `false`.
-    #[serde(default)]
-    pub notifications: Notifications,
-}
-
-#[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-pub struct SandboxWorkspaceWrite {
-    #[serde(default)]
-    pub writable_roots: Vec<PathBuf>,
-    #[serde(default)]
-    pub network_access: bool,
-    #[serde(default)]
-    pub exclude_tmpdir_env_var: bool,
-    #[serde(default)]
-    pub exclude_slash_tmp: bool,
-}
-
-impl From<SandboxWorkspaceWrite> for codex_protocol::mcp_protocol::SandboxSettings {
-    fn from(sandbox_workspace_write: SandboxWorkspaceWrite) -> Self {
-        Self {
-            writable_roots: sandbox_workspace_write.writable_roots,
-            network_access: Some(sandbox_workspace_write.network_access),
-            exclude_tmpdir_env_var: Some(sandbox_workspace_write.exclude_tmpdir_env_var),
-            exclude_slash_tmp: Some(sandbox_workspace_write.exclude_slash_tmp),
-        }
-    }
-}
-
-#[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-#[serde(rename_all = "kebab-case")]
-pub enum ShellEnvironmentPolicyInherit {
-    /// "Core" environment variables for the platform. On UNIX, this would
-    /// include HOME, LOGNAME, PATH, SHELL, and USER, among others.
-    Core,
-
-    /// Inherits the full environment from the parent process.
-    #[default]
-    All,
-
-    /// Do not inherit any environment variables from the parent process.
-    None,
-}
-
-/// Policy for building the `env` when spawning a process via either the
-/// `shell` or `local_shell` tool.
-#[derive(Deserialize, Debug, Clone, PartialEq, Default)]
-pub struct ShellEnvironmentPolicyToml {
-    pub inherit: Option<ShellEnvironmentPolicyInherit>,
-
-    pub ignore_default_excludes: Option<bool>,
-
-    /// List of regular expressions.
-    pub exclude: Option<Vec<String>>,
-
-    pub r#set: Option<HashMap<String, String>>,
-
-    /// List of regular expressions.
-    pub include_only: Option<Vec<String>>,
-
-    pub experimental_use_profile: Option<bool>,
-}
-
-pub type EnvironmentVariablePattern = WildMatchPattern<'*', '?'>;
-
-/// Deriving the `env` based on this policy works as follows:
-/// 1. Create an initial map based on the `inherit` policy.
-/// 2. If `ignore_default_excludes` is false, filter the map using the default
-///    exclude pattern(s), which are: `"*KEY*"` and `"*TOKEN*"`.
-/// 3. If `exclude` is not empty, filter the map using the provided patterns.
-/// 4. Insert any entries from `r#set` into the map.
-/// 5. If non-empty, filter the map using the `include_only` patterns.
-#[derive(Debug, Clone, PartialEq, Default)]
-pub struct ShellEnvironmentPolicy {
-    /// Starting point when building the environment.
-    pub inherit: ShellEnvironmentPolicyInherit,
-
-    /// True to skip the check to exclude default environment variables that
-    /// contain "KEY" or "TOKEN" in their name.
-    pub ignore_default_excludes: bool,
-
-    /// Environment variable names to exclude from the environment.
-    pub exclude: Vec<EnvironmentVariablePattern>,
-
-    /// (key, value) pairs to insert in the environment.
-    pub r#set: HashMap<String, String>,
-
-    /// Environment variable names to retain in the environment.
-    pub include_only: Vec<EnvironmentVariablePattern>,
-
-    /// If true, the shell profile will be used to run the command.
-    pub use_profile: bool,
-}
-
-impl From<ShellEnvironmentPolicyToml> for ShellEnvironmentPolicy {
-    fn from(toml: ShellEnvironmentPolicyToml) -> Self {
-        // Default to inheriting the full environment when not specified.
-        let inherit = toml.inherit.unwrap_or(ShellEnvironmentPolicyInherit::All);
-        let ignore_default_excludes = toml.ignore_default_excludes.unwrap_or(false);
-        let exclude = toml
-            .exclude
-            .unwrap_or_default()
-            .into_iter()
-            .map(|s| EnvironmentVariablePattern::new_case_insensitive(&s))
-            .collect();
-        let r#set = toml.r#set.unwrap_or_default();
-        let include_only = toml
-            .include_only
-            .unwrap_or_default()
-            .into_iter()
-            .map(|s| EnvironmentVariablePattern::new_case_insensitive(&s))
-            .collect();
-        let use_profile = toml.experimental_use_profile.unwrap_or(false);
-
-        Self {
-            inherit,
-            ignore_default_excludes,
-            exclude,
-            r#set,
-            include_only,
-            use_profile,
-        }
-    }
-}
-
-#[derive(Deserialize, Debug, Clone, PartialEq, Eq, Default, Hash)]
-#[serde(rename_all = "kebab-case")]
-pub enum ReasoningSummaryFormat {
-    #[default]
-    None,
-    Experimental,
-}

codex-rs/agent/src/conversation_history.rs

@@ -1,117 +0,0 @@
-use codex_protocol::models::ResponseItem;
-
-/// Transcript of conversation history shared across agent hosts.
-#[derive(Debug, Clone, Default)]
-pub struct ConversationHistory {
-    /// Oldest items appear at the start of the vector.
-    items: Vec<ResponseItem>,
-}
-
-impl ConversationHistory {
-    pub fn new() -> Self {
-        Self { items: Vec::new() }
-    }
-
-    /// Returns a clone of the stored transcript.
-    pub fn contents(&self) -> Vec<ResponseItem> {
-        self.items.clone()
-    }
-
-    /// Records additional response items, filtering out non-API messages.
-    pub fn record_items<I>(&mut self, items: I)
-    where
-        I: IntoIterator,
-        I::Item: std::ops::Deref<Target = ResponseItem>,
-    {
-        for item in items {
-            if !is_api_message(&item) {
-                continue;
-            }
-
-            self.items.push(item.clone());
-        }
-    }
-
-    pub fn replace(&mut self, items: Vec<ResponseItem>) {
-        self.items = items;
-    }
-}
-
-/// Detects whether the given message should be persisted to history.
-fn is_api_message(message: &ResponseItem) -> bool {
-    match message {
-        ResponseItem::Message { role, .. } => role.as_str() != "system",
-        ResponseItem::FunctionCallOutput { .. }
-        | ResponseItem::FunctionCall { .. }
-        | ResponseItem::CustomToolCall { .. }
-        | ResponseItem::CustomToolCallOutput { .. }
-        | ResponseItem::LocalShellCall { .. }
-        | ResponseItem::Reasoning { .. }
-        | ResponseItem::WebSearchCall { .. } => true,
-        ResponseItem::Other => false,
-    }
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use codex_protocol::models::ContentItem;
-
-    fn assistant_msg(text: &str) -> ResponseItem {
-        ResponseItem::Message {
-            id: None,
-            role: "assistant".to_string(),
-            content: vec![ContentItem::OutputText {
-                text: text.to_string(),
-            }],
-        }
-    }
-
-    fn user_msg(text: &str) -> ResponseItem {
-        ResponseItem::Message {
-            id: None,
-            role: "user".to_string(),
-            content: vec![ContentItem::OutputText {
-                text: text.to_string(),
-            }],
-        }
-    }
-
-    #[test]
-    fn filters_non_api_messages() {
-        let mut h = ConversationHistory::default();
-        let system = ResponseItem::Message {
-            id: None,
-            role: "system".to_string(),
-            content: vec![ContentItem::OutputText {
-                text: "ignored".to_string(),
-            }],
-        };
-        h.record_items([&system, &ResponseItem::Other]);
-
-        let u = user_msg("hi");
-        let a = assistant_msg("hello");
-        h.record_items([&u, &a]);
-
-        let items = h.contents();
-        assert_eq!(
-            items,
-            vec![
-                ResponseItem::Message {
-                    id: None,
-                    role: "user".to_string(),
-                    content: vec![ContentItem::OutputText {
-                        text: "hi".to_string()
-                    }]
-                },
-                ResponseItem::Message {
-                    id: None,
-                    role: "assistant".to_string(),
-                    content: vec![ContentItem::OutputText {
-                        text: "hello".to_string()
-                    }]
-                }
-            ]
-        );
-    }
-}

codex-rs/agent/src/exec_command/exec_command_params.rs

@@ -1,57 +0,0 @@
-use serde::Deserialize;
-use serde::Serialize;
-
-use crate::exec_command::session_id::SessionId;
-
-#[derive(Debug, Clone, Deserialize)]
-pub struct ExecCommandParams {
-    pub(crate) cmd: String,
-
-    #[serde(default = "default_yield_time")]
-    pub(crate) yield_time_ms: u64,
-
-    #[serde(default = "max_output_tokens")]
-    pub(crate) max_output_tokens: u64,
-
-    #[serde(default = "default_shell")]
-    pub(crate) shell: String,
-
-    #[serde(default = "default_login")]
-    pub(crate) login: bool,
-}
-
-fn default_yield_time() -> u64 {
-    10_000
-}
-
-fn max_output_tokens() -> u64 {
-    10_000
-}
-
-fn default_login() -> bool {
-    true
-}
-
-fn default_shell() -> String {
-    "/bin/bash".to_string()
-}
-
-#[derive(Debug, Deserialize, Serialize)]
-pub struct WriteStdinParams {
-    pub(crate) session_id: SessionId,
-    pub(crate) chars: String,
-
-    #[serde(default = "write_stdin_default_yield_time_ms")]
-    pub(crate) yield_time_ms: u64,
-
-    #[serde(default = "write_stdin_default_max_output_tokens")]
-    pub(crate) max_output_tokens: u64,
-}
-
-fn write_stdin_default_yield_time_ms() -> u64 {
-    250
-}
-
-fn write_stdin_default_max_output_tokens() -> u64 {
-    10_000
-}

codex-rs/agent/src/exec_command/exec_command_session.rs

@@ -1,98 +0,0 @@
-use std::sync::Mutex as StdMutex;
-
-use tokio::sync::broadcast;
-use tokio::sync::mpsc;
-use tokio::task::JoinHandle;
-
-#[derive(Debug)]
-#[allow(dead_code)]
-pub struct ExecCommandSession {
-    /// Queue for writing bytes to the process stdin (PTY master write side).
-    writer_tx: mpsc::Sender<Vec<u8>>,
-    /// Broadcast stream of output chunks read from the PTY. New subscribers
-    /// receive only chunks emitted after they subscribe.
-    output_tx: broadcast::Sender<Vec<u8>>,
-
-    /// Child killer handle for termination on drop (can signal independently
-    /// of a thread blocked in `.wait()`).
-    killer: StdMutex<Option<Box<dyn portable_pty::ChildKiller + Send + Sync>>>,
-
-    /// JoinHandle for the blocking PTY reader task.
-    reader_handle: StdMutex<Option<JoinHandle<()>>>,
-
-    /// JoinHandle for the stdin writer task.
-    writer_handle: StdMutex<Option<JoinHandle<()>>>,
-
-    /// JoinHandle for the child wait task.
-    wait_handle: StdMutex<Option<JoinHandle<()>>>,
-
-    /// Tracks whether the underlying process has exited.
-    exit_status: std::sync::Arc<std::sync::atomic::AtomicBool>,
-}
-
-#[allow(dead_code)]
-impl ExecCommandSession {
-    pub fn new(
-        writer_tx: mpsc::Sender<Vec<u8>>,
-        output_tx: broadcast::Sender<Vec<u8>>,
-        killer: Box<dyn portable_pty::ChildKiller + Send + Sync>,
-        reader_handle: JoinHandle<()>,
-        writer_handle: JoinHandle<()>,
-        wait_handle: JoinHandle<()>,
-        exit_status: std::sync::Arc<std::sync::atomic::AtomicBool>,
-    ) -> (Self, broadcast::Receiver<Vec<u8>>) {
-        let initial_output_rx = output_tx.subscribe();
-        (
-            Self {
-                writer_tx,
-                output_tx,
-                killer: StdMutex::new(Some(killer)),
-                reader_handle: StdMutex::new(Some(reader_handle)),
-                writer_handle: StdMutex::new(Some(writer_handle)),
-                wait_handle: StdMutex::new(Some(wait_handle)),
-                exit_status,
-            },
-            initial_output_rx,
-        )
-    }
-
-    pub fn writer_sender(&self) -> mpsc::Sender<Vec<u8>> {
-        self.writer_tx.clone()
-    }
-
-    pub(crate) fn output_receiver(&self) -> broadcast::Receiver<Vec<u8>> {
-        self.output_tx.subscribe()
-    }
-
-    pub fn has_exited(&self) -> bool {
-        self.exit_status.load(std::sync::atomic::Ordering::SeqCst)
-    }
-}
-
-impl Drop for ExecCommandSession {
-    fn drop(&mut self) {
-        // Best-effort: terminate child first so blocking tasks can complete.
-        if let Ok(mut killer_opt) = self.killer.lock()
-            && let Some(mut killer) = killer_opt.take()
-        {
-            let _ = killer.kill();
-        }
-
-        // Abort background tasks; they may already have exited after kill.
-        if let Ok(mut h) = self.reader_handle.lock()
-            && let Some(handle) = h.take()
-        {
-            handle.abort();
-        }
-        if let Ok(mut h) = self.writer_handle.lock()
-            && let Some(handle) = h.take()
-        {
-            handle.abort();
-        }
-        if let Ok(mut h) = self.wait_handle.lock()
-            && let Some(handle) = h.take()
-        {
-            handle.abort();
-        }
-    }
-}

codex-rs/agent/src/exec_command/mod.rs

@@ -1,11 +0,0 @@
-mod exec_command_params;
-mod exec_command_session;
-mod session_id;
-mod session_manager;
-
-pub use exec_command_params::ExecCommandParams;
-pub use exec_command_params::WriteStdinParams;
-pub use exec_command_session::ExecCommandSession;
-pub use session_id::SessionId;
-pub use session_manager::ExecCommandOutput;
-pub use session_manager::SessionManager as ExecSessionManager;

codex-rs/agent/src/exec_command/session_id.rs

@@ -1,5 +0,0 @@
-use serde::Deserialize;
-use serde::Serialize;
-
-#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize)]
-pub struct SessionId(pub u32);

codex-rs/agent/src/exec_command/session_manager.rs

@@ -1,513 +0,0 @@
-use std::collections::HashMap;
-use std::io::ErrorKind;
-use std::io::Read;
-use std::sync::Arc;
-use std::sync::Mutex as StdMutex;
-use std::sync::atomic::AtomicBool;
-use std::sync::atomic::AtomicU32;
-use std::vec::Vec;
-
-use portable_pty::CommandBuilder;
-use portable_pty::PtySize;
-use portable_pty::native_pty_system;
-use tokio::sync::Mutex;
-use tokio::sync::mpsc;
-use tokio::sync::oneshot;
-use tokio::time::Duration;
-use tokio::time::Instant;
-use tokio::time::timeout;
-
-use crate::exec_command::exec_command_params::ExecCommandParams;
-use crate::exec_command::exec_command_params::WriteStdinParams;
-use crate::exec_command::exec_command_session::ExecCommandSession;
-use crate::exec_command::session_id::SessionId;
-use crate::truncate::truncate_middle;
-
-#[derive(Debug, Default)]
-pub struct SessionManager {
-    next_session_id: AtomicU32,
-    sessions: Mutex<HashMap<SessionId, ExecCommandSession>>,
-}
-
-#[allow(dead_code)]
-#[derive(Debug)]
-pub struct ExecCommandOutput {
-    wall_time: Duration,
-    exit_status: ExitStatus,
-    original_token_count: Option<u64>,
-    output: String,
-}
-
-impl ExecCommandOutput {
-    pub fn to_text_output(&self) -> String {
-        let wall_time_secs = self.wall_time.as_secs_f32();
-        let termination_status = match self.exit_status {
-            ExitStatus::Exited(code) => format!("Process exited with code {code}"),
-            ExitStatus::Ongoing(session_id) => {
-                format!("Process running with session ID {}", session_id.0)
-            }
-        };
-        let truncation_status = match self.original_token_count {
-            Some(tokens) => {
-                format!("\nWarning: truncated output (original token count: {tokens})")
-            }
-            None => "".to_string(),
-        };
-        format!(
-            r#"Wall time: {wall_time_secs:.3} seconds
-{termination_status}{truncation_status}
-Output:
-{output}"#,
-            output = self.output
-        )
-    }
-}
-
-#[allow(dead_code)]
-#[derive(Debug)]
-pub enum ExitStatus {
-    Exited(i32),
-    Ongoing(SessionId),
-}
-
-impl SessionManager {
-    /// Processes the request and is required to send a response via `outgoing`.
-    pub async fn handle_exec_command_request(
-        &self,
-        params: ExecCommandParams,
-    ) -> Result<ExecCommandOutput, String> {
-        // Allocate a session id.
-        let session_id = SessionId(
-            self.next_session_id
-                .fetch_add(1, std::sync::atomic::Ordering::SeqCst),
-        );
-
-        let (session, mut output_rx, mut exit_rx): (
-            ExecCommandSession,
-            tokio::sync::broadcast::Receiver<Vec<u8>>,
-            tokio::sync::oneshot::Receiver<i32>,
-        ) = create_exec_command_session(params.clone())
-            .await
-            .map_err(|err| {
-                format!(
-                    "failed to create exec command session for session id {}: {err}",
-                    session_id.0
-                )
-            })?;
-
-        // Insert into session map.
-        self.sessions.lock().await.insert(session_id, session);
-
-        // Collect output until either timeout expires or process exits.
-        // Do not cap during collection; truncate at the end if needed.
-        // Use a modest initial capacity to avoid large preallocation.
-        let cap_bytes_u64 = params.max_output_tokens.saturating_mul(4);
-        let cap_bytes: usize = cap_bytes_u64.min(usize::MAX as u64) as usize;
-        let mut collected: Vec<u8> = Vec::with_capacity(4096);
-
-        let start_time = Instant::now();
-        let deadline = start_time + Duration::from_millis(params.yield_time_ms);
-        let mut exit_code: Option<i32> = None;
-
-        loop {
-            if Instant::now() >= deadline {
-                break;
-            }
-            let remaining = deadline.saturating_duration_since(Instant::now());
-            tokio::select! {
-                biased;
-                exit = &mut exit_rx => {
-                    exit_code = exit.ok();
-                    // Small grace period to pull remaining buffered output
-                    let grace_deadline = Instant::now() + Duration::from_millis(25);
-                    while Instant::now() < grace_deadline {
-                        match timeout(Duration::from_millis(1), output_rx.recv()).await {
-                            Ok(Ok(chunk)) => {
-                                collected.extend_from_slice(&chunk);
-                            }
-                            Ok(Err(tokio::sync::broadcast::error::RecvError::Lagged(_))) => {
-                                // Skip missed messages; keep trying within grace period.
-                                continue;
-                            }
-                            Ok(Err(tokio::sync::broadcast::error::RecvError::Closed)) => break,
-                            Err(_) => break,
-                        }
-                    }
-                    break;
-                }
-                chunk = timeout(remaining, output_rx.recv()) => {
-                    match chunk {
-                        Ok(Ok(chunk)) => {
-                            collected.extend_from_slice(&chunk);
-                        }
-                        Ok(Err(tokio::sync::broadcast::error::RecvError::Lagged(_))) => {
-                            // Skip missed messages; continue collecting fresh output.
-                        }
-                        Ok(Err(tokio::sync::broadcast::error::RecvError::Closed)) => { break; }
-                        Err(_) => { break; }
-                    }
-                }
-            }
-        }
-
-        let output = String::from_utf8_lossy(&collected).to_string();
-
-        let exit_status = if let Some(code) = exit_code {
-            ExitStatus::Exited(code)
-        } else {
-            ExitStatus::Ongoing(session_id)
-        };
-
-        // If output exceeds cap, truncate the middle and record original token estimate.
-        let (output, original_token_count) = truncate_middle(&output, cap_bytes);
-        Ok(ExecCommandOutput {
-            wall_time: Instant::now().duration_since(start_time),
-            exit_status,
-            original_token_count,
-            output,
-        })
-    }
-
-    /// Write characters to a session's stdin and collect combined output for up to `yield_time_ms`.
-    pub async fn handle_write_stdin_request(
-        &self,
-        params: WriteStdinParams,
-    ) -> Result<ExecCommandOutput, String> {
-        let WriteStdinParams {
-            session_id,
-            chars,
-            yield_time_ms,
-            max_output_tokens,
-        } = params;
-
-        // Grab handles without holding the sessions lock across await points.
-        let (writer_tx, mut output_rx) = {
-            let sessions = self.sessions.lock().await;
-            match sessions.get(&session_id) {
-                Some(session) => (session.writer_sender(), session.output_receiver()),
-                None => {
-                    return Err(format!("unknown session id {}", session_id.0));
-                }
-            }
-        };
-
-        // Write stdin if provided.
-        if !chars.is_empty() && writer_tx.send(chars.into_bytes()).await.is_err() {
-            return Err("failed to write to stdin".to_string());
-        }
-
-        // Collect output up to yield_time_ms, truncating to max_output_tokens bytes.
-        let mut collected: Vec<u8> = Vec::with_capacity(4096);
-        let start_time = Instant::now();
-        let deadline = start_time + Duration::from_millis(yield_time_ms);
-        loop {
-            let now = Instant::now();
-            if now >= deadline {
-                break;
-            }
-            let remaining = deadline - now;
-            match timeout(remaining, output_rx.recv()).await {
-                Ok(Ok(chunk)) => {
-                    // Collect all output within the time budget; truncate at the end.
-                    collected.extend_from_slice(&chunk);
-                }
-                Ok(Err(tokio::sync::broadcast::error::RecvError::Lagged(_))) => {
-                    // Skip missed messages; continue collecting fresh output.
-                }
-                Ok(Err(tokio::sync::broadcast::error::RecvError::Closed)) => break,
-                Err(_) => break, // timeout
-            }
-        }
-
-        // Return structured output, truncating middle if over cap.
-        let output = String::from_utf8_lossy(&collected).to_string();
-        let cap_bytes_u64 = max_output_tokens.saturating_mul(4);
-        let cap_bytes: usize = cap_bytes_u64.min(usize::MAX as u64) as usize;
-        let (output, original_token_count) = truncate_middle(&output, cap_bytes);
-        Ok(ExecCommandOutput {
-            wall_time: Instant::now().duration_since(start_time),
-            exit_status: ExitStatus::Ongoing(session_id),
-            original_token_count,
-            output,
-        })
-    }
-}
-
-/// Spawn PTY and child process per spawn_exec_command_session logic.
-async fn create_exec_command_session(
-    params: ExecCommandParams,
-) -> anyhow::Result<(
-    ExecCommandSession,
-    tokio::sync::broadcast::Receiver<Vec<u8>>,
-    oneshot::Receiver<i32>,
-)> {
-    let ExecCommandParams {
-        cmd,
-        yield_time_ms: _,
-        max_output_tokens: _,
-        shell,
-        login,
-    } = params;
-
-    // Use the native pty implementation for the system
-    let pty_system = native_pty_system();
-
-    // Create a new pty
-    let pair = pty_system.openpty(PtySize {
-        rows: 24,
-        cols: 80,
-        pixel_width: 0,
-        pixel_height: 0,
-    })?;
-
-    // Spawn a shell into the pty
-    let mut command_builder = CommandBuilder::new(shell);
-    let shell_mode_opt = if login { "-lc" } else { "-c" };
-    command_builder.arg(shell_mode_opt);
-    command_builder.arg(cmd);
-
-    let mut child = pair.slave.spawn_command(command_builder)?;
-    // Obtain a killer that can signal the process independently of `.wait()`.
-    let killer = child.clone_killer();
-
-    // Channel to forward write requests to the PTY writer.
-    let (writer_tx, mut writer_rx) = mpsc::channel::<Vec<u8>>(128);
-    // Broadcast for streaming PTY output to readers: subscribers receive from subscription time.
-    let (output_tx, _) = tokio::sync::broadcast::channel::<Vec<u8>>(256);
-    // Reader task: drain PTY and forward chunks to output channel.
-    let mut reader = pair.master.try_clone_reader()?;
-    let output_tx_clone = output_tx.clone();
-    let reader_handle = tokio::task::spawn_blocking(move || {
-        let mut buf = [0u8; 8192];
-        loop {
-            match reader.read(&mut buf) {
-                Ok(0) => break, // EOF
-                Ok(n) => {
-                    // Forward to broadcast; best-effort if there are subscribers.
-                    let _ = output_tx_clone.send(buf[..n].to_vec());
-                }
-                Err(ref e) if e.kind() == ErrorKind::Interrupted => {
-                    // Retry on EINTR
-                    continue;
-                }
-                Err(ref e) if e.kind() == ErrorKind::WouldBlock => {
-                    // We're in a blocking thread; back off briefly and retry.
-                    std::thread::sleep(Duration::from_millis(5));
-                    continue;
-                }
-                Err(_) => break,
-            }
-        }
-    });
-
-    // Writer task: apply stdin writes to the PTY writer.
-    let writer = pair.master.take_writer()?;
-    let writer = Arc::new(StdMutex::new(writer));
-    let writer_handle = tokio::spawn({
-        let writer = writer.clone();
-        async move {
-            while let Some(bytes) = writer_rx.recv().await {
-                let writer = writer.clone();
-                // Perform blocking write on a blocking thread.
-                let _ = tokio::task::spawn_blocking(move || {
-                    if let Ok(mut guard) = writer.lock() {
-                        use std::io::Write;
-                        let _ = guard.write_all(&bytes);
-                        let _ = guard.flush();
-                    }
-                })
-                .await;
-            }
-        }
-    });
-
-    // Keep the child alive until it exits, then signal exit code.
-    let (exit_tx, exit_rx) = oneshot::channel::<i32>();
-    let exit_status = Arc::new(AtomicBool::new(false));
-    let wait_exit_status = exit_status.clone();
-    let wait_handle = tokio::task::spawn_blocking(move || {
-        let code = match child.wait() {
-            Ok(status) => status.exit_code() as i32,
-            Err(_) => -1,
-        };
-        wait_exit_status.store(true, std::sync::atomic::Ordering::SeqCst);
-        let _ = exit_tx.send(code);
-    });
-
-    // Create and store the session with channels.
-    let (session, initial_output_rx) = ExecCommandSession::new(
-        writer_tx,
-        output_tx,
-        killer,
-        reader_handle,
-        writer_handle,
-        wait_handle,
-        exit_status,
-    );
-    Ok((session, initial_output_rx, exit_rx))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use crate::exec_command::session_id::SessionId;
-
-    /// Test that verifies that [`SessionManager::handle_exec_command_request()`]
-    /// and [`SessionManager::handle_write_stdin_request()`] work as expected
-    /// in the presence of a process that never terminates (but produces
-    /// output continuously).
-    #[cfg(unix)]
-    #[allow(clippy::print_stderr)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 4)]
-    async fn session_manager_streams_and_truncates_from_now() {
-        use crate::exec_command::exec_command_params::ExecCommandParams;
-        use crate::exec_command::exec_command_params::WriteStdinParams;
-        use tokio::time::sleep;
-
-        let session_manager = SessionManager::default();
-        // Long-running loop that prints an increasing counter every ~100ms.
-        // Use Python for a portable, reliable sleep across shells/PTYs.
-        let cmd = r#"python3 - <<'PY'
-import sys, time
-count = 0
-while True:
-    print(count)
-    sys.stdout.flush()
-    count += 100
-    time.sleep(0.1)
-PY"#
-        .to_string();
-
-        // Start the session and collect ~3s of output.
-        let params = ExecCommandParams {
-            cmd,
-            yield_time_ms: 3_000,
-            max_output_tokens: 1_000, // large enough to avoid truncation here
-            shell: "/bin/bash".to_string(),
-            login: false,
-        };
-        let initial_output = match session_manager
-            .handle_exec_command_request(params.clone())
-            .await
-        {
-            Ok(v) => v,
-            Err(e) => {
-                // PTY may be restricted in some sandboxes; skip in that case.
-                if e.contains("openpty") || e.contains("Operation not permitted") {
-                    eprintln!("skipping test due to restricted PTY: {e}");
-                    return;
-                }
-                panic!("exec request failed unexpectedly: {e}");
-            }
-        };
-        eprintln!("initial output: {initial_output:?}");
-
-        // Should be ongoing (we launched a never-ending loop).
-        let session_id = match initial_output.exit_status {
-            ExitStatus::Ongoing(id) => id,
-            _ => panic!("expected ongoing session"),
-        };
-
-        // Parse the numeric lines and get the max observed value in the first window.
-        let first_nums = extract_monotonic_numbers(&initial_output.output);
-        assert!(
-            !first_nums.is_empty(),
-            "expected some output from first window"
-        );
-        let first_max = *first_nums.iter().max().unwrap();
-
-        // Wait ~4s so counters progress while we're not reading.
-        sleep(Duration::from_millis(4_000)).await;
-
-        // Now read ~3s of output "from now" only.
-        // Use a small token cap so truncation occurs and we test middle truncation.
-        let write_params = WriteStdinParams {
-            session_id,
-            chars: String::new(),
-            yield_time_ms: 3_000,
-            max_output_tokens: 16, // 16 tokens ~= 64 bytes -> likely truncation
-        };
-        let second = session_manager
-            .handle_write_stdin_request(write_params)
-            .await
-            .expect("write stdin should succeed");
-
-        // Verify truncation metadata and size bound (cap is tokens*4 bytes).
-        assert!(second.original_token_count.is_some());
-        let cap_bytes = (16u64 * 4) as usize;
-        assert!(second.output.len() <= cap_bytes);
-        // New middle marker should be present.
-        assert!(
-            second.output.contains("tokens truncated") && second.output.contains('…'),
-            "expected truncation marker in output, got: {}",
-            second.output
-        );
-
-        // Minimal freshness check: the earliest number we see in the second window
-        // should be significantly larger than the last from the first window.
-        let second_nums = extract_monotonic_numbers(&second.output);
-        assert!(
-            !second_nums.is_empty(),
-            "expected some numeric output from second window"
-        );
-        let second_min = *second_nums.iter().min().unwrap();
-
-        // We slept 4 seconds (~40 ticks at 100ms/tick, each +100), so expect
-        // an increase of roughly 4000 or more. Allow a generous margin.
-        assert!(
-            second_min >= first_max + 2000,
-            "second_min={second_min} first_max={first_max}",
-        );
-    }
-
-    #[cfg(unix)]
-    fn extract_monotonic_numbers(s: &str) -> Vec<i64> {
-        s.lines()
-            .filter_map(|line| {
-                if !line.is_empty()
-                    && line.chars().all(|c| c.is_ascii_digit())
-                    && let Ok(n) = line.parse::<i64>()
-                {
-                    // Our generator increments by 100; ignore spurious fragments.
-                    if n % 100 == 0 {
-                        return Some(n);
-                    }
-                }
-                None
-            })
-            .collect()
-    }
-
-    #[test]
-    fn to_text_output_exited_no_truncation() {
-        let out = ExecCommandOutput {
-            wall_time: Duration::from_millis(1234),
-            exit_status: ExitStatus::Exited(0),
-            original_token_count: None,
-            output: "hello".to_string(),
-        };
-        let text = out.to_text_output();
-        let expected = r#"Wall time: 1.234 seconds
-Process exited with code 0
-Output:
-hello"#;
-        assert_eq!(expected, text);
-    }
-
-    #[test]
-    fn to_text_output_ongoing_with_truncation() {
-        let out = ExecCommandOutput {
-            wall_time: Duration::from_millis(500),
-            exit_status: ExitStatus::Ongoing(SessionId(42)),
-            original_token_count: Some(1000),
-            output: "abc".to_string(),
-        };
-        let text = out.to_text_output();
-        let expected = r#"Wall time: 0.500 seconds
-Process running with session ID 42
-Warning: truncated output (original token count: 1000)
-Output:
-abc"#;
-        assert_eq!(expected, text);
-    }
-}

codex-rs/agent/src/function_tool.rs

@@ -1,7 +0,0 @@
-use thiserror::Error;
-
-#[derive(Debug, Error, PartialEq)]
-pub enum FunctionCallError {
-    #[error("{0}")]
-    RespondToModel(String),
-}

codex-rs/agent/src/lib.rs

@@ -1,48 +0,0 @@
-pub mod apply_patch;
-pub mod bash;
-pub mod command_safety;
-pub mod config_types;
-pub mod conversation_history;
-pub mod exec_command;
-pub mod function_tool;
-pub mod model_family;
-pub mod model_provider;
-pub mod notifications;
-pub mod rollout;
-pub mod runtime;
-pub mod runtime_config;
-pub mod safety;
-pub mod sandbox;
-pub mod services;
-pub mod session_services;
-pub mod session_state;
-pub mod shell;
-pub mod token_data;
-pub mod tooling;
-pub mod truncate;
-pub mod turn_diff_tracker;
-pub mod unified_exec;
-
-pub use apply_patch::*;
-pub use bash::*;
-pub use command_safety::*;
-pub use config_types::*;
-pub use conversation_history::*;
-pub use function_tool::*;
-pub use model_family::*;
-pub use model_provider::*;
-pub use notifications::*;
-pub use rollout::*;
-pub use runtime::*;
-pub use runtime_config::*;
-pub use safety::*;
-pub use sandbox::*;
-pub use services::*;
-pub use session_services::*;
-pub use session_state::*;
-pub use shell::*;
-pub use token_data::*;
-pub use tooling::*;
-pub use truncate::*;
-pub use turn_diff_tracker::*;
-pub use unified_exec::*;

codex-rs/agent/src/model_family.rs

@@ -1,15 +0,0 @@
-use crate::config_types::ReasoningSummaryFormat;
-use crate::tooling::ApplyPatchToolType;
-
-/// Metadata describing consistent behaviour across a family of models.
-#[derive(Debug, Clone, PartialEq, Eq, Hash)]
-pub struct ModelFamily {
-    pub slug: String,
-    pub family: String,
-    pub needs_special_apply_patch_instructions: bool,
-    pub supports_reasoning_summaries: bool,
-    pub reasoning_summary_format: ReasoningSummaryFormat,
-    pub uses_local_shell_tool: bool,
-    pub apply_patch_tool_type: Option<ApplyPatchToolType>,
-    pub base_instructions: String,
-}

codex-rs/agent/src/model_provider.rs

@@ -1,54 +0,0 @@
-use std::collections::HashMap;
-
-use codex_protocol::mcp_protocol::AuthMode;
-use serde::Deserialize;
-use serde::Serialize;
-
-/// Wire protocol variants supported by model providers.
-#[derive(Debug, Clone, Copy, Default, PartialEq, Eq, Serialize, Deserialize)]
-#[serde(rename_all = "lowercase")]
-pub enum WireApi {
-    Responses,
-    #[default]
-    Chat,
-}
-
-/// Serializable representation of a provider definition shared across hosts.
-#[derive(Debug, Clone, Deserialize, Serialize, PartialEq)]
-pub struct ModelProviderInfo {
-    pub name: String,
-    pub base_url: Option<String>,
-    pub env_key: Option<String>,
-    pub env_key_instructions: Option<String>,
-    #[serde(default)]
-    pub wire_api: WireApi,
-    pub query_params: Option<HashMap<String, String>>,
-    pub http_headers: Option<HashMap<String, String>>,
-    pub env_http_headers: Option<HashMap<String, String>>,
-    pub request_max_retries: Option<u64>,
-    pub stream_max_retries: Option<u64>,
-    pub stream_idle_timeout_ms: Option<u64>,
-    #[serde(default)]
-    pub requires_openai_auth: bool,
-}
-
-impl ModelProviderInfo {
-    pub fn wire_api(&self) -> WireApi {
-        self.wire_api
-    }
-
-    pub fn requires_auth(&self) -> bool {
-        self.requires_openai_auth
-    }
-
-    pub fn base_url(&self, auth_mode: AuthMode) -> String {
-        let fallback = if auth_mode == AuthMode::ChatGPT {
-            "https://chatgpt.com/backend-api/codex"
-        } else {
-            "https://api.openai.com/v1"
-        };
-        self.base_url
-            .clone()
-            .unwrap_or_else(|| fallback.to_string())
-    }
-}

codex-rs/agent/src/notifications.rs

@@ -1,15 +0,0 @@
-use serde::Serialize;
-
-/// Cross-host notification payloads emitted by the agent runtime.
-#[derive(Debug, Clone, PartialEq, Serialize)]
-#[serde(tag = "type", rename_all = "kebab-case")]
-pub enum UserNotification {
-    #[serde(rename_all = "kebab-case")]
-    AgentTurnComplete {
-        turn_id: String,
-        /// Messages submitted by the user to start the turn.
-        input_messages: Vec<String>,
-        /// Final assistant message emitted at turn completion.
-        last_assistant_message: Option<String>,
-    },
-}

codex-rs/agent/src/rollout/list.rs

@@ -1,330 +0,0 @@
-use std::cmp::Reverse;
-use std::io;
-use std::path::Path;
-use std::path::PathBuf;
-
-use codex_file_search as file_search;
-use codex_protocol::protocol::EventMsg;
-use codex_protocol::protocol::RolloutItem;
-use codex_protocol::protocol::RolloutLine;
-use serde_json::Value;
-use std::num::NonZero;
-use std::sync::Arc;
-use std::sync::atomic::AtomicBool;
-use time::OffsetDateTime;
-use time::PrimitiveDateTime;
-use time::format_description::FormatItem;
-use time::macros::format_description;
-use tokio::fs;
-use tokio::io::AsyncBufReadExt;
-use uuid::Uuid;
-
-use super::SESSIONS_SUBDIR;
-
-#[derive(Debug, Default, PartialEq)]
-pub struct ConversationsPage {
-    pub items: Vec<ConversationItem>,
-    pub next_cursor: Option<Cursor>,
-    pub num_scanned_files: usize,
-    pub reached_scan_cap: bool,
-}
-
-#[derive(Debug, PartialEq)]
-pub struct ConversationItem {
-    pub path: PathBuf,
-    pub head: Vec<Value>,
-}
-
-const MAX_SCAN_FILES: usize = 100;
-const HEAD_RECORD_LIMIT: usize = 10;
-
-#[derive(Debug, Clone, PartialEq, Eq)]
-pub struct Cursor {
-    ts: OffsetDateTime,
-    id: Uuid,
-}
-
-impl Cursor {
-    fn new(ts: OffsetDateTime, id: Uuid) -> Self {
-        Self { ts, id }
-    }
-}
-
-impl serde::Serialize for Cursor {
-    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
-    where
-        S: serde::Serializer,
-    {
-        let ts_str = self
-            .ts
-            .format(&format_description!(
-                "[year]-[month]-[day]T[hour]-[minute]-[second]"
-            ))
-            .map_err(|e| serde::ser::Error::custom(format!("format error: {e}")))?;
-        serializer.serialize_str(&format!("{ts_str}|{}", self.id))
-    }
-}
-
-impl<'de> serde::Deserialize<'de> for Cursor {
-    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
-    where
-        D: serde::Deserializer<'de>,
-    {
-        let s = String::deserialize(deserializer)?;
-        parse_cursor(&s).ok_or_else(|| serde::de::Error::custom("invalid cursor"))
-    }
-}
-
-pub async fn get_conversations(
-    codex_home: &Path,
-    page_size: usize,
-    cursor: Option<&Cursor>,
-) -> io::Result<ConversationsPage> {
-    let mut root = codex_home.to_path_buf();
-    root.push(SESSIONS_SUBDIR);
-
-    if !root.exists() {
-        return Ok(ConversationsPage::default());
-    }
-
-    let anchor = cursor.cloned();
-
-    traverse_directories_for_paths(root, page_size, anchor).await
-}
-
-pub async fn get_conversation(path: &Path) -> io::Result<String> {
-    fs::read_to_string(path).await
-}
-
-pub async fn find_conversation_path_by_id_str(
-    codex_home: &Path,
-    id_str: &str,
-) -> io::Result<Option<PathBuf>> {
-    if Uuid::parse_str(id_str).is_err() {
-        return Ok(None);
-    }
-
-    let mut root = codex_home.to_path_buf();
-    root.push(SESSIONS_SUBDIR);
-    if !root.exists() {
-        return Ok(None);
-    }
-
-    let limit = NonZero::new(1).ok_or_else(|| io::Error::other("search limit must be non-zero"))?;
-    let threads =
-        NonZero::new(2).ok_or_else(|| io::Error::other("thread pool size must be non-zero"))?;
-    let cancel = Arc::new(AtomicBool::new(false));
-    let exclude: Vec<String> = Vec::new();
-    let compute_indices = false;
-
-    let results = file_search::run(
-        id_str,
-        limit,
-        &root,
-        exclude,
-        threads,
-        cancel,
-        compute_indices,
-    )
-    .map_err(|e| io::Error::other(format!("file search failed: {e}")))?;
-
-    Ok(results
-        .matches
-        .into_iter()
-        .next()
-        .map(|m| root.join(m.path)))
-}
-
-async fn traverse_directories_for_paths(
-    root: PathBuf,
-    page_size: usize,
-    anchor: Option<Cursor>,
-) -> io::Result<ConversationsPage> {
-    let mut items: Vec<ConversationItem> = Vec::with_capacity(page_size);
-    let mut scanned_files = 0usize;
-    let mut anchor_passed = anchor.is_none();
-    let (anchor_ts, anchor_id) = match anchor {
-        Some(c) => (c.ts, c.id),
-        None => (OffsetDateTime::UNIX_EPOCH, Uuid::nil()),
-    };
-
-    let year_dirs = collect_dirs_desc(&root, |s| s.parse::<u16>().ok()).await?;
-
-    'outer: for (_year, year_path) in year_dirs.iter() {
-        if scanned_files >= MAX_SCAN_FILES {
-            break;
-        }
-        let month_dirs = collect_dirs_desc(year_path, |s| s.parse::<u8>().ok()).await?;
-        for (_month, month_path) in month_dirs.iter() {
-            if scanned_files >= MAX_SCAN_FILES {
-                break 'outer;
-            }
-            let day_dirs = collect_dirs_desc(month_path, |s| s.parse::<u8>().ok()).await?;
-            for (_day, day_path) in day_dirs.iter() {
-                if scanned_files >= MAX_SCAN_FILES {
-                    break 'outer;
-                }
-                let mut day_files = collect_files(day_path, |name_str, path| {
-                    if !name_str.starts_with("rollout-") || !name_str.ends_with(".jsonl") {
-                        return None;
-                    }
-
-                    parse_timestamp_uuid_from_filename(name_str)
-                        .map(|(ts, id)| (ts, id, name_str.to_string(), path.to_path_buf()))
-                })
-                .await?;
-                day_files.sort_by_key(|(ts, sid, _, _)| (Reverse(*ts), Reverse(*sid)));
-                for (ts, sid, _name_str, path) in day_files.into_iter() {
-                    scanned_files += 1;
-                    if scanned_files >= MAX_SCAN_FILES && items.len() >= page_size {
-                        break 'outer;
-                    }
-                    if !anchor_passed {
-                        if ts < anchor_ts || (ts == anchor_ts && sid < anchor_id) {
-                            anchor_passed = true;
-                        } else {
-                            continue;
-                        }
-                    }
-                    if items.len() == page_size {
-                        break 'outer;
-                    }
-                    let (head, saw_session_meta, saw_user_event) =
-                        read_head_and_flags(&path, HEAD_RECORD_LIMIT)
-                            .await
-                            .unwrap_or((Vec::new(), false, false));
-                    if saw_session_meta && saw_user_event {
-                        items.push(ConversationItem { path, head });
-                    }
-                }
-            }
-        }
-    }
-
-    let next = build_next_cursor(&items);
-    Ok(ConversationsPage {
-        items,
-        next_cursor: next,
-        num_scanned_files: scanned_files,
-        reached_scan_cap: scanned_files >= MAX_SCAN_FILES,
-    })
-}
-
-fn build_next_cursor(items: &[ConversationItem]) -> Option<Cursor> {
-    let last = items.last()?;
-    let file_name = last.path.file_name()?.to_string_lossy();
-    let (ts, id) = parse_timestamp_uuid_from_filename(&file_name)?;
-    Some(Cursor::new(ts, id))
-}
-
-async fn collect_dirs_desc<T, F>(parent: &Path, parse: F) -> io::Result<Vec<(T, PathBuf)>>
-where
-    T: Ord + Copy,
-    F: Fn(&str) -> Option<T>,
-{
-    let mut dir = fs::read_dir(parent).await?;
-    let mut vec: Vec<(T, PathBuf)> = Vec::new();
-    while let Some(entry) = dir.next_entry().await? {
-        if entry
-            .file_type()
-            .await
-            .map(|ft| ft.is_dir())
-            .unwrap_or(false)
-            && let Some(s) = entry.file_name().to_str()
-            && let Some(v) = parse(s)
-        {
-            vec.push((v, entry.path()));
-        }
-    }
-    vec.sort_by_key(|(v, _)| Reverse(*v));
-    Ok(vec)
-}
-
-async fn collect_files<T, F>(parent: &Path, parse: F) -> io::Result<Vec<T>>
-where
-    F: Fn(&str, &Path) -> Option<T>,
-{
-    let mut dir = fs::read_dir(parent).await?;
-    let mut collected: Vec<T> = Vec::new();
-    while let Some(entry) = dir.next_entry().await? {
-        if entry
-            .file_type()
-            .await
-            .map(|ft| ft.is_file())
-            .unwrap_or(false)
-            && let Some(s) = entry.file_name().to_str()
-            && let Some(v) = parse(s, &entry.path())
-        {
-            collected.push(v);
-        }
-    }
-    Ok(collected)
-}
-
-fn parse_timestamp_uuid_from_filename(name: &str) -> Option<(OffsetDateTime, Uuid)> {
-    let core = name.strip_prefix("rollout-")?.strip_suffix(".jsonl")?;
-    let (sep_idx, uuid) = core
-        .match_indices('-')
-        .rev()
-        .find_map(|(i, _)| Uuid::parse_str(&core[i + 1..]).ok().map(|u| (i, u)))?;
-    let ts_str = &core[..sep_idx];
-    let format: &[FormatItem] =
-        format_description!("[year]-[month]-[day]T[hour]-[minute]-[second]");
-    let ts = PrimitiveDateTime::parse(ts_str, format).ok()?.assume_utc();
-    Some((ts, uuid))
-}
-
-fn parse_cursor(token: &str) -> Option<Cursor> {
-    let (file_ts, uuid_str) = token.split_once('|')?;
-    let uuid = Uuid::parse_str(uuid_str).ok()?;
-    let format: &[FormatItem] =
-        format_description!("[year]-[month]-[day]T[hour]-[minute]-[second]");
-    let ts = PrimitiveDateTime::parse(file_ts, format).ok()?.assume_utc();
-    Some(Cursor::new(ts, uuid))
-}
-
-async fn read_head_and_flags(
-    path: &Path,
-    max_records: usize,
-) -> io::Result<(Vec<Value>, bool, bool)> {
-    let file = tokio::fs::File::open(path).await?;
-    let reader = tokio::io::BufReader::new(file);
-    let mut lines = reader.lines();
-    let mut head: Vec<Value> = Vec::new();
-    let mut saw_session_meta = false;
-    let mut saw_user_event = false;
-
-    while head.len() < max_records {
-        let line_opt = lines.next_line().await?;
-        let Some(line) = line_opt else { break };
-        let trimmed = line.trim();
-        if trimmed.is_empty() {
-            continue;
-        }
-
-        let parsed: Result<RolloutLine, _> = serde_json::from_str(trimmed);
-        let Ok(rollout_line) = parsed else { continue };
-
-        match rollout_line.item {
-            RolloutItem::SessionMeta(session_meta_line) => {
-                if let Ok(val) = serde_json::to_value(session_meta_line) {
-                    head.push(val);
-                    saw_session_meta = true;
-                }
-            }
-            RolloutItem::ResponseItem(item) => {
-                if let Ok(val) = serde_json::to_value(item) {
-                    head.push(val);
-                }
-            }
-            RolloutItem::TurnContext(_) | RolloutItem::Compacted(_) => {}
-            RolloutItem::EventMsg(ev) => {
-                if matches!(ev, EventMsg::UserMessage(_)) {
-                    saw_user_event = true;
-                }
-            }
-        }
-    }
-
-    Ok((head, saw_session_meta, saw_user_event))
-}

codex-rs/agent/src/rollout/mod.rs

@@ -1,11 +0,0 @@
-pub const SESSIONS_SUBDIR: &str = "sessions";
-pub const ARCHIVED_SESSIONS_SUBDIR: &str = "archived_sessions";
-
-pub mod list;
-pub mod policy;
-pub mod recorder;
-
-pub use recorder::GitInfoCollector;
-pub use recorder::RolloutConfig;
-pub use recorder::RolloutRecorder;
-pub use recorder::RolloutRecorderParams;

codex-rs/agent/src/rollout/policy.rs

@@ -1,74 +0,0 @@
-use codex_protocol::models::ResponseItem;
-use codex_protocol::protocol::EventMsg;
-use codex_protocol::protocol::RolloutItem;
-
-/// Whether a rollout `item` should be persisted in rollout files.
-#[inline]
-pub fn is_persisted_response_item(item: &RolloutItem) -> bool {
-    match item {
-        RolloutItem::ResponseItem(item) => should_persist_response_item(item),
-        RolloutItem::EventMsg(ev) => should_persist_event_msg(ev),
-        RolloutItem::Compacted(_) | RolloutItem::TurnContext(_) | RolloutItem::SessionMeta(_) => {
-            true
-        }
-    }
-}
-
-/// Whether a `ResponseItem` should be persisted in rollout files.
-#[inline]
-pub fn should_persist_response_item(item: &ResponseItem) -> bool {
-    match item {
-        ResponseItem::Message { .. }
-        | ResponseItem::Reasoning { .. }
-        | ResponseItem::LocalShellCall { .. }
-        | ResponseItem::FunctionCall { .. }
-        | ResponseItem::FunctionCallOutput { .. }
-        | ResponseItem::CustomToolCall { .. }
-        | ResponseItem::CustomToolCallOutput { .. }
-        | ResponseItem::WebSearchCall { .. } => true,
-        ResponseItem::Other => false,
-    }
-}
-
-/// Whether an `EventMsg` should be persisted in rollout files.
-#[inline]
-pub fn should_persist_event_msg(ev: &EventMsg) -> bool {
-    match ev {
-        EventMsg::UserMessage(_)
-        | EventMsg::AgentMessage(_)
-        | EventMsg::AgentReasoning(_)
-        | EventMsg::AgentReasoningRawContent(_)
-        | EventMsg::TokenCount(_)
-        | EventMsg::EnteredReviewMode(_)
-        | EventMsg::ExitedReviewMode(_)
-        | EventMsg::TurnAborted(_) => true,
-        EventMsg::Error(_)
-        | EventMsg::TaskStarted(_)
-        | EventMsg::TaskComplete(_)
-        | EventMsg::AgentMessageDelta(_)
-        | EventMsg::AgentReasoningDelta(_)
-        | EventMsg::AgentReasoningRawContentDelta(_)
-        | EventMsg::AgentReasoningSectionBreak(_)
-        | EventMsg::SessionConfigured(_)
-        | EventMsg::McpToolCallBegin(_)
-        | EventMsg::McpToolCallEnd(_)
-        | EventMsg::WebSearchBegin(_)
-        | EventMsg::WebSearchEnd(_)
-        | EventMsg::ExecCommandBegin(_)
-        | EventMsg::ExecCommandOutputDelta(_)
-        | EventMsg::ExecCommandEnd(_)
-        | EventMsg::ExecApprovalRequest(_)
-        | EventMsg::ApplyPatchApprovalRequest(_)
-        | EventMsg::BackgroundEvent(_)
-        | EventMsg::StreamError(_)
-        | EventMsg::PatchApplyBegin(_)
-        | EventMsg::PatchApplyEnd(_)
-        | EventMsg::TurnDiff(_)
-        | EventMsg::GetHistoryEntryResponse(_)
-        | EventMsg::McpListToolsResponse(_)
-        | EventMsg::ListCustomPromptsResponse(_)
-        | EventMsg::PlanUpdate(_)
-        | EventMsg::ShutdownComplete
-        | EventMsg::ConversationPath(_) => false,
-    }
-}

codex-rs/agent/src/rollout/recorder.rs

@@ -1,374 +0,0 @@
-use std::fs;
-use std::fs::File;
-use std::io::Error as IoError;
-use std::path::Path;
-use std::path::PathBuf;
-use std::sync::Arc;
-
-use async_trait::async_trait;
-use codex_protocol::mcp_protocol::ConversationId;
-use codex_protocol::protocol::GitInfo;
-use codex_protocol::protocol::InitialHistory;
-use codex_protocol::protocol::ResumedHistory;
-use codex_protocol::protocol::RolloutItem;
-use codex_protocol::protocol::RolloutLine;
-use codex_protocol::protocol::SessionMeta;
-use codex_protocol::protocol::SessionMetaLine;
-use serde_json::Value;
-use time::OffsetDateTime;
-use time::format_description::FormatItem;
-use time::macros::format_description;
-use tokio::io::AsyncWriteExt;
-use tokio::sync::mpsc;
-use tokio::sync::mpsc::Sender;
-use tokio::sync::oneshot;
-use tracing::info;
-use tracing::warn;
-
-use super::SESSIONS_SUBDIR;
-use super::list::ConversationsPage;
-use super::list::Cursor;
-use super::list::get_conversations;
-use super::policy::is_persisted_response_item;
-
-#[async_trait]
-pub trait GitInfoCollector: Send + Sync {
-    async fn collect(&self, cwd: &Path) -> Option<GitInfo>;
-}
-
-#[derive(Clone)]
-pub struct RolloutConfig {
-    pub codex_home: PathBuf,
-    pub originator: String,
-    pub cli_version: String,
-    pub git_info_collector: Option<Arc<dyn GitInfoCollector>>,
-}
-
-#[derive(Clone)]
-pub struct RolloutRecorder {
-    tx: Sender<RolloutCmd>,
-    rollout_path: PathBuf,
-}
-
-#[derive(Clone)]
-pub enum RolloutRecorderParams {
-    Create {
-        conversation_id: ConversationId,
-        cwd: PathBuf,
-        instructions: Option<String>,
-    },
-    Resume {
-        path: PathBuf,
-    },
-}
-
-enum RolloutCmd {
-    AddItems(Vec<RolloutItem>),
-    Flush { ack: oneshot::Sender<()> },
-    Shutdown { ack: oneshot::Sender<()> },
-}
-
-impl RolloutRecorderParams {
-    pub fn new(
-        conversation_id: ConversationId,
-        cwd: PathBuf,
-        instructions: Option<String>,
-    ) -> Self {
-        Self::Create {
-            conversation_id,
-            cwd,
-            instructions,
-        }
-    }
-
-    pub fn resume(path: PathBuf) -> Self {
-        Self::Resume { path }
-    }
-}
-
-impl RolloutRecorder {
-    pub async fn list_conversations(
-        codex_home: &Path,
-        page_size: usize,
-        cursor: Option<&Cursor>,
-    ) -> std::io::Result<ConversationsPage> {
-        get_conversations(codex_home, page_size, cursor).await
-    }
-
-    pub async fn new(
-        config: &RolloutConfig,
-        params: RolloutRecorderParams,
-    ) -> std::io::Result<Self> {
-        let (file, rollout_path, meta, cwd) = match params {
-            RolloutRecorderParams::Create {
-                conversation_id,
-                cwd,
-                instructions,
-            } => {
-                let LogFileInfo {
-                    file,
-                    path,
-                    conversation_id: session_id,
-                    timestamp,
-                } = create_log_file(&config.codex_home, conversation_id)?;
-
-                let timestamp_format: &[FormatItem] = format_description!(
-                    "[year]-[month]-[day]T[hour]:[minute]:[second].[subsecond digits:3]Z"
-                );
-                let timestamp = timestamp
-                    .to_offset(time::UtcOffset::UTC)
-                    .format(timestamp_format)
-                    .map_err(|e| IoError::other(format!("failed to format timestamp: {e}")))?;
-
-                let meta = SessionMeta {
-                    id: session_id,
-                    timestamp,
-                    cwd: cwd.clone(),
-                    originator: config.originator.clone(),
-                    cli_version: config.cli_version.clone(),
-                    instructions,
-                };
-
-                (tokio::fs::File::from_std(file), path, Some(meta), Some(cwd))
-            }
-            RolloutRecorderParams::Resume { path } => (
-                tokio::fs::OpenOptions::new()
-                    .append(true)
-                    .open(&path)
-                    .await?,
-                path,
-                None,
-                None,
-            ),
-        };
-
-        let (tx, rx) = mpsc::channel::<RolloutCmd>(256);
-        let collector = config.git_info_collector.clone();
-
-        tokio::task::spawn(rollout_writer(file, rx, meta, cwd, collector));
-
-        Ok(Self { tx, rollout_path })
-    }
-
-    pub async fn record_items(&self, items: &[RolloutItem]) -> std::io::Result<()> {
-        let mut filtered = Vec::new();
-        for item in items {
-            if is_persisted_response_item(item) {
-                filtered.push(item.clone());
-            }
-        }
-        if filtered.is_empty() {
-            return Ok(());
-        }
-        self.tx
-            .send(RolloutCmd::AddItems(filtered))
-            .await
-            .map_err(|e| IoError::other(format!("failed to queue rollout items: {e}")))
-    }
-
-    pub async fn flush(&self) -> std::io::Result<()> {
-        let (tx, rx) = oneshot::channel();
-        self.tx
-            .send(RolloutCmd::Flush { ack: tx })
-            .await
-            .map_err(|e| IoError::other(format!("failed to queue rollout flush: {e}")))?;
-        rx.await
-            .map_err(|e| IoError::other(format!("failed waiting for rollout flush: {e}")))
-    }
-
-    pub async fn shutdown(&self) -> std::io::Result<()> {
-        let (tx_done, rx_done) = oneshot::channel();
-        match self.tx.send(RolloutCmd::Shutdown { ack: tx_done }).await {
-            Ok(_) => rx_done
-                .await
-                .map_err(|e| IoError::other(format!("failed waiting for rollout shutdown: {e}"))),
-            Err(e) => {
-                warn!("failed to send rollout shutdown command: {e}");
-                Err(IoError::other(format!(
-                    "failed to send rollout shutdown command: {e}"
-                )))
-            }
-        }
-    }
-
-    pub fn get_rollout_path(&self) -> PathBuf {
-        self.rollout_path.clone()
-    }
-
-    pub async fn get_rollout_history(path: &Path) -> std::io::Result<InitialHistory> {
-        info!("Resuming rollout from {path:?}");
-        let text = tokio::fs::read_to_string(path).await?;
-        if text.trim().is_empty() {
-            return Err(IoError::other("empty session file"));
-        }
-
-        let mut items: Vec<RolloutItem> = Vec::new();
-        let mut conversation_id: Option<ConversationId> = None;
-        for line in text.lines() {
-            if line.trim().is_empty() {
-                continue;
-            }
-            let v: Value = match serde_json::from_str(line) {
-                Ok(v) => v,
-                Err(e) => {
-                    warn!("failed to parse line as JSON: {line:?}, error: {e}");
-                    continue;
-                }
-            };
-
-            match serde_json::from_value::<RolloutLine>(v.clone()) {
-                Ok(rollout_line) => match rollout_line.item {
-                    RolloutItem::SessionMeta(session_meta_line) => {
-                        if conversation_id.is_none() {
-                            conversation_id = Some(session_meta_line.meta.id);
-                        }
-                        items.push(RolloutItem::SessionMeta(session_meta_line));
-                    }
-                    other => items.push(other),
-                },
-                Err(e) => warn!("failed to parse rollout line: {v:?}, error: {e}"),
-            }
-        }
-
-        info!(
-            "Resumed rollout with {} items, conversation ID: {:?}",
-            items.len(),
-            conversation_id
-        );
-        let conversation_id = conversation_id
-            .ok_or_else(|| IoError::other("failed to parse conversation ID from rollout file"))?;
-
-        if items.is_empty() {
-            return Ok(InitialHistory::New);
-        }
-
-        info!("Resumed rollout successfully from {path:?}");
-        Ok(InitialHistory::Resumed(ResumedHistory {
-            conversation_id,
-            history: items,
-            rollout_path: path.to_path_buf(),
-        }))
-    }
-}
-
-struct LogFileInfo {
-    file: File,
-    path: PathBuf,
-    conversation_id: ConversationId,
-    timestamp: OffsetDateTime,
-}
-
-fn create_log_file(
-    codex_home: &Path,
-    conversation_id: ConversationId,
-) -> std::io::Result<LogFileInfo> {
-    let timestamp = OffsetDateTime::now_local()
-        .map_err(|e| IoError::other(format!("failed to get local time: {e}")))?;
-    let mut dir = codex_home.to_path_buf();
-    dir.push(SESSIONS_SUBDIR);
-    dir.push(timestamp.year().to_string());
-    dir.push(format!("{:02}", u8::from(timestamp.month())));
-    dir.push(format!("{:02}", timestamp.day()));
-    fs::create_dir_all(&dir)?;
-
-    let format: &[FormatItem] =
-        format_description!("[year]-[month]-[day]T[hour]-[minute]-[second]");
-    let date_str = timestamp
-        .format(format)
-        .map_err(|e| IoError::other(format!("failed to format timestamp: {e}")))?;
-
-    let filename = format!("rollout-{date_str}-{conversation_id}.jsonl");
-    let path = dir.join(filename);
-    let file = std::fs::OpenOptions::new()
-        .append(true)
-        .create(true)
-        .open(&path)?;
-
-    Ok(LogFileInfo {
-        file,
-        path,
-        conversation_id,
-        timestamp,
-    })
-}
-
-async fn rollout_writer(
-    file: tokio::fs::File,
-    mut rx: mpsc::Receiver<RolloutCmd>,
-    mut meta: Option<SessionMeta>,
-    cwd: Option<PathBuf>,
-    git_info_collector: Option<Arc<dyn GitInfoCollector>>,
-) -> std::io::Result<()> {
-    let mut writer = JsonlWriter { file };
-
-    if let Some(session_meta) = meta.take() {
-        let git_info =
-            if let (Some(provider), Some(cwd)) = (git_info_collector.as_ref(), cwd.as_ref()) {
-                provider.collect(cwd.as_path()).await
-            } else {
-                None
-            };
-        let session_meta_line = SessionMetaLine {
-            meta: session_meta,
-            git: git_info,
-        };
-        writer
-            .write_rollout_item(RolloutItem::SessionMeta(session_meta_line))
-            .await?;
-    }
-
-    while let Some(cmd) = rx.recv().await {
-        match cmd {
-            RolloutCmd::AddItems(items) => {
-                for item in items {
-                    if is_persisted_response_item(&item) {
-                        writer.write_rollout_item(item).await?;
-                    }
-                }
-            }
-            RolloutCmd::Flush { ack } => {
-                if let Err(e) = writer.file.flush().await {
-                    let _ = ack.send(());
-                    return Err(e);
-                }
-                let _ = ack.send(());
-            }
-            RolloutCmd::Shutdown { ack } => {
-                let _ = ack.send(());
-            }
-        }
-    }
-
-    Ok(())
-}
-
-struct JsonlWriter {
-    file: tokio::fs::File,
-}
-
-impl JsonlWriter {
-    async fn write_rollout_item(&mut self, rollout_item: RolloutItem) -> std::io::Result<()> {
-        let timestamp_format: &[FormatItem] = format_description!(
-            "[year]-[month]-[day]T[hour]:[minute]:[second].[subsecond digits:3]Z"
-        );
-        let timestamp = OffsetDateTime::now_utc()
-            .format(timestamp_format)
-            .map_err(|e| IoError::other(format!("failed to format timestamp: {e}")))?;
-
-        let line = RolloutLine {
-            timestamp,
-            item: rollout_item,
-        };
-        self.write_line(&line).await
-    }
-
-    async fn write_line(&mut self, item: &impl serde::Serialize) -> std::io::Result<()> {
-        let mut buf = serde_json::to_vec(item)
-            .map_err(|e| IoError::other(format!("failed to serialise rollout line: {e}")))?;
-        buf.push(b'\n');
-        self.file
-            .write_all(&buf)
-            .await
-            .map_err(|e| IoError::other(format!("failed to write rollout line: {e}")))
-    }
-}

codex-rs/agent/src/runtime.rs

@@ -1,16 +0,0 @@
-use async_trait::async_trait;
-use codex_protocol::protocol::Event;
-use codex_protocol::protocol::Op;
-use codex_protocol::protocol::Submission;
-
-/// Minimal async interface for interacting with an agent runtime.
-#[async_trait]
-pub trait AgentRuntime: Send + Sync {
-    type Error: std::error::Error + Send + Sync + 'static;
-
-    async fn submit(&self, op: Op) -> Result<String, Self::Error>;
-
-    async fn submit_with_id(&self, submission: Submission) -> Result<(), Self::Error>;
-
-    async fn next_event(&self) -> Result<Event, Self::Error>;
-}

codex-rs/agent/src/runtime_config.rs

@@ -1,46 +0,0 @@
-use std::collections::HashMap;
-use std::path::PathBuf;
-
-use crate::config_types::History;
-use crate::config_types::McpServerConfig;
-use crate::config_types::ShellEnvironmentPolicy;
-use crate::model_family::ModelFamily;
-use crate::model_provider::ModelProviderInfo;
-use codex_protocol::config_types::ReasoningEffort;
-use codex_protocol::config_types::ReasoningSummary;
-use codex_protocol::config_types::Verbosity;
-use codex_protocol::protocol::AskForApproval;
-use codex_protocol::protocol::SandboxPolicy;
-
-/// Configuration surface consumed by the agent runtime regardless of host.
-#[derive(Debug, Clone, PartialEq)]
-pub struct AgentConfig {
-    pub model: String,
-    pub review_model: String,
-    pub model_family: ModelFamily,
-    pub model_context_window: Option<u64>,
-    pub model_auto_compact_token_limit: Option<i64>,
-    pub model_reasoning_effort: Option<ReasoningEffort>,
-    pub model_reasoning_summary: ReasoningSummary,
-    pub model_verbosity: Option<Verbosity>,
-    pub model_provider: ModelProviderInfo,
-    pub approval_policy: AskForApproval,
-    pub sandbox_policy: SandboxPolicy,
-    pub shell_environment_policy: ShellEnvironmentPolicy,
-    pub user_instructions: Option<String>,
-    pub base_instructions: Option<String>,
-    pub notify: Option<Vec<String>>,
-    pub cwd: PathBuf,
-    pub codex_home: PathBuf,
-    pub history: History,
-    pub mcp_servers: HashMap<String, McpServerConfig>,
-    pub include_plan_tool: bool,
-    pub include_apply_patch_tool: bool,
-    pub include_view_image_tool: bool,
-    pub tools_web_search_request: bool,
-    pub use_experimental_streamable_shell_tool: bool,
-    pub use_experimental_unified_exec_tool: bool,
-    pub show_raw_agent_reasoning: bool,
-    pub codex_linux_sandbox_exe: Option<PathBuf>,
-    pub project_doc_max_bytes: usize,
-}

codex-rs/agent/src/sandbox/mod.rs

@@ -1,3 +0,0 @@
-pub mod types;
-
-pub use types::SandboxType;

codex-rs/agent/src/sandbox/types.rs

@@ -1,10 +0,0 @@
-#[derive(Clone, Copy, Debug, PartialEq)]
-pub enum SandboxType {
-    None,
-
-    /// Only available on macOS.
-    MacosSeatbelt,
-
-    /// Only available on Linux.
-    LinuxSeccomp,
-}

codex-rs/agent/src/services.rs

@@ -1,138 +0,0 @@
-use std::collections::HashMap;
-use std::path::PathBuf;
-
-use async_trait::async_trait;
-use codex_apply_patch::ApplyPatchAction;
-use codex_protocol::mcp_protocol::AuthMode;
-use codex_protocol::protocol::ReviewDecision;
-use codex_protocol::protocol::RolloutItem;
-use mcp_types::Tool;
-use serde_json::Value;
-
-use crate::exec_command::ExecCommandOutput;
-use crate::exec_command::ExecCommandParams;
-use crate::exec_command::WriteStdinParams;
-use crate::notifications::UserNotification;
-use crate::rollout::RolloutRecorder;
-use crate::token_data::PlanType;
-use crate::unified_exec::UnifiedExecError;
-use crate::unified_exec::UnifiedExecRequest;
-use crate::unified_exec::UnifiedExecResult;
-
-/// Authentication context made available to the provider layer.
-#[async_trait]
-pub trait ProviderAuth: Send + Sync {
-    fn mode(&self) -> AuthMode;
-
-    async fn access_token(&self) -> std::io::Result<String>;
-
-    fn account_id(&self) -> Option<String>;
-
-    fn plan_type(&self) -> Option<PlanType>;
-}
-
-/// Provides access to credentials required when talking to model providers.
-#[async_trait]
-pub trait CredentialsProvider: Send + Sync {
-    fn auth(&self) -> Option<std::sync::Arc<dyn ProviderAuth>>;
-
-    async fn refresh_token(&self) -> std::io::Result<Option<String>>;
-}
-
-/// Emits user-facing notifications for turn completion or other events.
-pub trait Notifier: Send + Sync {
-    fn notify(&self, notification: &UserNotification);
-}
-
-/// Runtime callbacks for user approval workflows.
-#[async_trait]
-pub trait ApprovalCoordinator: Send + Sync {
-    async fn request_patch_approval(
-        &self,
-        sub_id: String,
-        call_id: String,
-        action: &ApplyPatchAction,
-        reason: Option<String>,
-        grant_root: Option<PathBuf>,
-    ) -> ReviewDecision;
-
-    async fn request_command_approval(
-        &self,
-        sub_id: String,
-        call_id: String,
-        command: Vec<String>,
-        cwd: PathBuf,
-        reason: Option<String>,
-    ) -> ReviewDecision;
-
-    async fn add_approved_command(&self, command: Vec<String>);
-}
-
-/// Aggregates and dispatches MCP tool calls across configured servers.
-#[async_trait]
-pub trait McpInterface: Send + Sync {
-    fn list_all_tools(&self) -> HashMap<String, Tool>;
-
-    fn parse_tool_name(&self, tool_name: &str) -> Option<(String, String)>;
-
-    async fn call_tool(
-        &self,
-        server: &str,
-        tool: &str,
-        arguments: Option<Value>,
-    ) -> anyhow::Result<mcp_types::CallToolResult>;
-}
-
-/// Persists rollout events for later inspection or replay.
-#[async_trait]
-pub trait RolloutSink: Send + Sync {
-    async fn record_items(&self, items: &[RolloutItem]) -> std::io::Result<()>;
-
-    async fn flush(&self) -> std::io::Result<()>;
-
-    async fn shutdown(&self) -> std::io::Result<()>;
-
-    fn get_rollout_path(&self) -> PathBuf;
-}
-
-#[async_trait]
-impl RolloutSink for RolloutRecorder {
-    async fn record_items(&self, items: &[RolloutItem]) -> std::io::Result<()> {
-        RolloutRecorder::record_items(self, items).await
-    }
-
-    async fn flush(&self) -> std::io::Result<()> {
-        RolloutRecorder::flush(self).await
-    }
-
-    async fn shutdown(&self) -> std::io::Result<()> {
-        RolloutRecorder::shutdown(self).await
-    }
-
-    fn get_rollout_path(&self) -> PathBuf {
-        RolloutRecorder::get_rollout_path(self)
-    }
-}
-
-/// Handles sandboxed exec orchestration, including long-running sessions.
-#[async_trait]
-pub trait SandboxManager: Send + Sync {
-    async fn handle_exec_command_request(
-        &self,
-        params: ExecCommandParams,
-    ) -> Result<ExecCommandOutput, String>;
-
-    async fn handle_write_stdin_request(
-        &self,
-        params: WriteStdinParams,
-    ) -> Result<ExecCommandOutput, String>;
-
-    async fn handle_unified_exec_request(
-        &self,
-        request: UnifiedExecRequest<'_>,
-    ) -> Result<UnifiedExecResult, UnifiedExecError>;
-
-    fn codex_linux_sandbox_exe(&self) -> &Option<PathBuf>;
-
-    fn user_shell(&self) -> &crate::shell::Shell;
-}

codex-rs/agent/src/session_services.rs

@@ -1,18 +0,0 @@
-use std::sync::Arc;
-
-use tokio::sync::Mutex;
-
-use crate::services::McpInterface;
-use crate::services::Notifier;
-use crate::services::RolloutSink;
-use crate::services::SandboxManager;
-
-/// Aggregated services that back a running agent session. Hosts provide
-/// implementations for these traits and hand them to the runtime at spawn.
-pub struct SessionServices {
-    pub mcp: Arc<dyn McpInterface>,
-    pub notifier: Arc<dyn Notifier>,
-    pub sandbox: Arc<dyn SandboxManager>,
-    pub rollout: Mutex<Option<Arc<dyn RolloutSink>>>,
-    pub show_raw_agent_reasoning: bool,
-}

codex-rs/agent/src/session_state.rs

@@ -1,76 +0,0 @@
-use std::collections::HashSet;
-
-use codex_protocol::models::ResponseItem;
-use codex_protocol::protocol::RateLimitSnapshot;
-use codex_protocol::protocol::TokenUsage;
-use codex_protocol::protocol::TokenUsageInfo;
-
-use crate::conversation_history::ConversationHistory;
-
-/// Persistent, session-scoped state previously stored directly on `Session`.
-#[derive(Default)]
-pub struct SessionState {
-    approved_commands: HashSet<Vec<String>>,
-    history: ConversationHistory,
-    token_info: Option<TokenUsageInfo>,
-    latest_rate_limits: Option<RateLimitSnapshot>,
-}
-
-impl SessionState {
-    /// Create a new session state mirroring previous `State::default()` semantics.
-    pub fn new() -> Self {
-        Self {
-            history: ConversationHistory::new(),
-            ..Default::default()
-        }
-    }
-
-    // History helpers
-    pub fn record_items<I>(&mut self, items: I)
-    where
-        I: IntoIterator,
-        I::Item: std::ops::Deref<Target = ResponseItem>,
-    {
-        self.history.record_items(items)
-    }
-
-    pub fn history_snapshot(&self) -> Vec<ResponseItem> {
-        self.history.contents()
-    }
-
-    pub fn replace_history(&mut self, items: Vec<ResponseItem>) {
-        self.history.replace(items);
-    }
-
-    // Approved command helpers
-    pub fn add_approved_command(&mut self, cmd: Vec<String>) {
-        self.approved_commands.insert(cmd);
-    }
-
-    pub fn approved_commands_ref(&self) -> &HashSet<Vec<String>> {
-        &self.approved_commands
-    }
-
-    // Token/rate limit helpers
-    pub fn update_token_info_from_usage(
-        &mut self,
-        usage: &TokenUsage,
-        model_context_window: Option<u64>,
-    ) {
-        self.token_info = TokenUsageInfo::new_or_append(
-            &self.token_info,
-            &Some(usage.clone()),
-            model_context_window,
-        );
-    }
-
-    pub fn set_rate_limits(&mut self, snapshot: RateLimitSnapshot) {
-        self.latest_rate_limits = Some(snapshot);
-    }
-
-    pub fn token_info_and_rate_limits(
-        &self,
-    ) -> (Option<TokenUsageInfo>, Option<RateLimitSnapshot>) {
-        (self.token_info.clone(), self.latest_rate_limits.clone())
-    }
-}

codex-rs/agent/src/shell.rs

@@ -1,271 +0,0 @@
-use serde::Deserialize;
-use serde::Serialize;
-use shlex;
-use std::path::PathBuf;
-
-#[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
-pub struct ZshShell {
-    pub(crate) shell_path: String,
-    pub(crate) zshrc_path: String,
-}
-
-impl ZshShell {
-    pub fn new(shell_path: impl Into<String>, zshrc_path: impl Into<String>) -> Self {
-        Self {
-            shell_path: shell_path.into(),
-            zshrc_path: zshrc_path.into(),
-        }
-    }
-
-    pub fn shell_path(&self) -> &str {
-        &self.shell_path
-    }
-
-    pub fn zshrc_path(&self) -> &str {
-        &self.zshrc_path
-    }
-}
-
-#[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
-pub struct BashShell {
-    pub(crate) shell_path: String,
-    pub(crate) bashrc_path: String,
-}
-
-impl BashShell {
-    pub fn new(shell_path: impl Into<String>, bashrc_path: impl Into<String>) -> Self {
-        Self {
-            shell_path: shell_path.into(),
-            bashrc_path: bashrc_path.into(),
-        }
-    }
-
-    pub fn shell_path(&self) -> &str {
-        &self.shell_path
-    }
-
-    pub fn bashrc_path(&self) -> &str {
-        &self.bashrc_path
-    }
-}
-
-#[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
-pub struct PowerShellConfig {
-    pub(crate) exe: String, // Executable name or path, e.g. "pwsh" or "powershell.exe".
-    pub(crate) bash_exe_fallback: Option<PathBuf>, // In case the model generates a bash command.
-}
-
-impl PowerShellConfig {
-    pub fn new(exe: impl Into<String>, bash_exe_fallback: Option<PathBuf>) -> Self {
-        Self {
-            exe: exe.into(),
-            bash_exe_fallback,
-        }
-    }
-
-    pub fn exe(&self) -> &str {
-        &self.exe
-    }
-
-    pub fn bash_exe_fallback(&self) -> Option<&PathBuf> {
-        self.bash_exe_fallback.as_ref()
-    }
-}
-
-#[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
-pub enum Shell {
-    Zsh(ZshShell),
-    Bash(BashShell),
-    PowerShell(PowerShellConfig),
-    Unknown,
-}
-
-impl Shell {
-    pub fn format_default_shell_invocation(&self, command: Vec<String>) -> Option<Vec<String>> {
-        match self {
-            Shell::Zsh(zsh) => format_shell_invocation_with_rc(
-                command.as_slice(),
-                &zsh.shell_path,
-                &zsh.zshrc_path,
-            ),
-            Shell::Bash(bash) => format_shell_invocation_with_rc(
-                command.as_slice(),
-                &bash.shell_path,
-                &bash.bashrc_path,
-            ),
-            Shell::PowerShell(ps) => {
-                // If model generated a bash command, prefer a detected bash fallback
-                if let Some(script) = strip_bash_lc(command.as_slice()) {
-                    return match &ps.bash_exe_fallback {
-                        Some(bash) => Some(vec![
-                            bash.to_string_lossy().to_string(),
-                            "-lc".to_string(),
-                            script,
-                        ]),
-
-                        // No bash fallback → run the script under PowerShell.
-                        // It will likely fail (except for some simple commands), but the error
-                        // should give a clue to the model to fix upon retry that it's running under PowerShell.
-                        None => Some(vec![
-                            ps.exe.clone(),
-                            "-NoProfile".to_string(),
-                            "-Command".to_string(),
-                            script,
-                        ]),
-                    };
-                }
-
-                // Not a bash command. If model did not generate a PowerShell command,
-                // turn it into a PowerShell command.
-                let first = command.first().map(String::as_str);
-                if first != Some(ps.exe.as_str()) {
-                    // TODO (CODEX_2900): Handle escaping newlines.
-                    if command.iter().any(|a| a.contains('\n') || a.contains('\r')) {
-                        return Some(command);
-                    }
-
-                    let joined = shlex::try_join(command.iter().map(String::as_str)).ok();
-                    return joined.map(|arg| {
-                        vec![
-                            ps.exe.clone(),
-                            "-NoProfile".to_string(),
-                            "-Command".to_string(),
-                            arg,
-                        ]
-                    });
-                }
-
-                // Model generated a PowerShell command. Run it.
-                Some(command)
-            }
-            Shell::Unknown => None,
-        }
-    }
-
-    pub fn name(&self) -> Option<String> {
-        match self {
-            Shell::Zsh(zsh) => std::path::Path::new(&zsh.shell_path)
-                .file_name()
-                .map(|s| s.to_string_lossy().to_string()),
-            Shell::Bash(bash) => std::path::Path::new(&bash.shell_path)
-                .file_name()
-                .map(|s| s.to_string_lossy().to_string()),
-            Shell::PowerShell(ps) => Some(ps.exe.clone()),
-            Shell::Unknown => None,
-        }
-    }
-}
-
-fn format_shell_invocation_with_rc(
-    command: &[String],
-    shell_path: &str,
-    rc_path: &str,
-) -> Option<Vec<String>> {
-    let joined = strip_bash_lc(command)
-        .or_else(|| shlex::try_join(command.iter().map(String::as_str)).ok())?;
-
-    let rc_command = if std::path::Path::new(rc_path).exists() {
-        format!("source {rc_path} && ({joined})")
-    } else {
-        joined
-    };
-
-    Some(vec![shell_path.to_string(), "-lc".to_string(), rc_command])
-}
-
-fn strip_bash_lc(command: &[String]) -> Option<String> {
-    match command {
-        // exactly three items
-        [first, second, third]
-            // first two must be "bash", "-lc"
-            if first == "bash" && second == "-lc" =>
-        {
-            Some(third.clone())
-        }
-        _ => None,
-    }
-}
-
-#[cfg(unix)]
-fn detect_default_user_shell() -> Shell {
-    use libc::getpwuid;
-    use libc::getuid;
-    use std::ffi::CStr;
-
-    unsafe {
-        let uid = getuid();
-        let pw = getpwuid(uid);
-
-        if !pw.is_null() {
-            let shell_path = CStr::from_ptr((*pw).pw_shell)
-                .to_string_lossy()
-                .into_owned();
-            let home_path = CStr::from_ptr((*pw).pw_dir).to_string_lossy().into_owned();
-
-            if shell_path.ends_with("/zsh") {
-                return Shell::Zsh(ZshShell {
-                    shell_path,
-                    zshrc_path: format!("{home_path}/.zshrc"),
-                });
-            }
-
-            if shell_path.ends_with("/bash") {
-                return Shell::Bash(BashShell {
-                    shell_path,
-                    bashrc_path: format!("{home_path}/.bashrc"),
-                });
-            }
-        }
-    }
-    Shell::Unknown
-}
-
-#[cfg(unix)]
-pub async fn default_user_shell() -> Shell {
-    detect_default_user_shell()
-}
-
-#[cfg(target_os = "windows")]
-pub async fn default_user_shell() -> Shell {
-    use tokio::process::Command;
-
-    // Prefer PowerShell 7+ (`pwsh`) if available, otherwise fall back to Windows PowerShell.
-    let has_pwsh = Command::new("pwsh")
-        .arg("-NoLogo")
-        .arg("-NoProfile")
-        .arg("-Command")
-        .arg("$PSVersionTable.PSVersion.Major")
-        .output()
-        .await
-        .map(|o| o.status.success())
-        .unwrap_or(false);
-    let bash_exe = if Command::new("bash.exe")
-        .arg("--version")
-        .output()
-        .await
-        .ok()
-        .map(|o| o.status.success())
-        .unwrap_or(false)
-    {
-        which::which("bash.exe").ok()
-    } else {
-        None
-    };
-
-    if has_pwsh {
-        Shell::PowerShell(PowerShellConfig {
-            exe: "pwsh.exe".to_string(),
-            bash_exe_fallback: bash_exe,
-        })
-    } else {
-        Shell::PowerShell(PowerShellConfig {
-            exe: "powershell.exe".to_string(),
-            bash_exe_fallback: bash_exe,
-        })
-    }
-}
-
-#[cfg(all(not(target_os = "windows"), not(unix)))]
-pub async fn default_user_shell() -> Shell {
-    Shell::Unknown
-}

codex-rs/agent/src/tooling.rs

@@ -1,10 +0,0 @@
-use serde::Deserialize;
-use serde::Serialize;
-
-/// Represents which apply_patch tool variant a model expects.
-#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
-#[serde(rename_all = "snake_case")]
-pub enum ApplyPatchToolType {
-    Freeform,
-    Function,
-}

codex-rs/agent/src/truncate.rs

@@ -1,180 +0,0 @@
-//! Utilities for truncating large chunks of output while preserving a prefix
-//! and suffix on UTF-8 boundaries.
-
-/// Truncate the middle of a UTF-8 string to at most `max_bytes` bytes,
-/// preserving the beginning and the end. Returns the possibly truncated
-/// string and `Some(original_token_count)` (estimated at 4 bytes/token)
-/// if truncation occurred; otherwise returns the original string and `None`.
-pub fn truncate_middle(s: &str, max_bytes: usize) -> (String, Option<u64>) {
-    if s.len() <= max_bytes {
-        return (s.to_string(), None);
-    }
-
-    let est_tokens = (s.len() as u64).div_ceil(4);
-    if max_bytes == 0 {
-        return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
-    }
-
-    fn truncate_on_boundary(input: &str, max_len: usize) -> &str {
-        if input.len() <= max_len {
-            return input;
-        }
-        let mut end = max_len;
-        while end > 0 && !input.is_char_boundary(end) {
-            end -= 1;
-        }
-        &input[..end]
-    }
-
-    fn pick_prefix_end(s: &str, left_budget: usize) -> usize {
-        if let Some(head) = s.get(..left_budget)
-            && let Some(i) = head.rfind('\n')
-        {
-            return i + 1;
-        }
-        truncate_on_boundary(s, left_budget).len()
-    }
-
-    fn pick_suffix_start(s: &str, right_budget: usize) -> usize {
-        let start_tail = s.len().saturating_sub(right_budget);
-        if let Some(tail) = s.get(start_tail..)
-            && let Some(i) = tail.find('\n')
-        {
-            return start_tail + i + 1;
-        }
-
-        let mut idx = start_tail.min(s.len());
-        while idx < s.len() && !s.is_char_boundary(idx) {
-            idx += 1;
-        }
-        idx
-    }
-
-    let mut guess_tokens = est_tokens;
-    for _ in 0..4 {
-        let marker = format!("…{guess_tokens} tokens truncated…");
-        let marker_len = marker.len();
-        let keep_budget = max_bytes.saturating_sub(marker_len);
-        if keep_budget == 0 {
-            return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
-        }
-
-        let left_budget = keep_budget / 2;
-        let right_budget = keep_budget - left_budget;
-        let prefix_end = pick_prefix_end(s, left_budget);
-        let mut suffix_start = pick_suffix_start(s, right_budget);
-        if suffix_start < prefix_end {
-            suffix_start = prefix_end;
-        }
-
-        let kept_content_bytes = prefix_end + (s.len() - suffix_start);
-        let truncated_content_bytes = s.len().saturating_sub(kept_content_bytes);
-        let new_tokens = (truncated_content_bytes as u64).div_ceil(4);
-
-        if new_tokens == guess_tokens {
-            let mut out = String::with_capacity(marker_len + kept_content_bytes + 1);
-            out.push_str(&s[..prefix_end]);
-            out.push_str(&marker);
-            out.push('\n');
-            out.push_str(&s[suffix_start..]);
-            return (out, Some(est_tokens));
-        }
-
-        guess_tokens = new_tokens;
-    }
-
-    let marker = format!("…{guess_tokens} tokens truncated…");
-    let marker_len = marker.len();
-    let keep_budget = max_bytes.saturating_sub(marker_len);
-    if keep_budget == 0 {
-        return (format!("…{est_tokens} tokens truncated…"), Some(est_tokens));
-    }
-
-    let left_budget = keep_budget / 2;
-    let right_budget = keep_budget - left_budget;
-    let prefix_end = pick_prefix_end(s, left_budget);
-    let suffix_start = pick_suffix_start(s, right_budget);
-
-    let mut out = String::with_capacity(marker_len + prefix_end + (s.len() - suffix_start) + 1);
-    out.push_str(&s[..prefix_end]);
-    out.push_str(&marker);
-    out.push('\n');
-    out.push_str(&s[suffix_start..]);
-    (out, Some(est_tokens))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::truncate_middle;
-
-    #[test]
-    fn truncate_middle_no_newlines_fallback() {
-        let s = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ*";
-        let max_bytes = 32;
-        let (out, original) = truncate_middle(s, max_bytes);
-        assert!(out.starts_with("abc"));
-        assert!(out.contains("tokens truncated"));
-        assert!(out.ends_with("XYZ*"));
-        assert_eq!(original, Some((s.len() as u64).div_ceil(4)));
-    }
-
-    #[test]
-    fn truncate_middle_prefers_newline_boundaries() {
-        let mut s = String::new();
-        for i in 1..=20 {
-            s.push_str(&format!("{i:03}\n"));
-        }
-        assert_eq!(s.len(), 80);
-
-        let max_bytes = 64;
-        let (out, tokens) = truncate_middle(&s, max_bytes);
-        assert!(out.starts_with("001\n002\n003\n004\n"));
-        assert!(out.contains("tokens truncated"));
-        assert!(out.ends_with("017\n018\n019\n020\n"));
-        assert_eq!(tokens, Some(20));
-    }
-
-    #[test]
-    fn truncate_middle_handles_utf8_content() {
-        let s = "😀😀😀😀😀😀😀😀😀😀\nsecond line with ascii text\n";
-        let max_bytes = 32;
-        let (out, tokens) = truncate_middle(s, max_bytes);
-
-        assert!(out.contains("tokens truncated"));
-        assert!(!out.contains('\u{fffd}'));
-        assert_eq!(tokens, Some((s.len() as u64).div_ceil(4)));
-    }
-
-    #[test]
-    fn truncate_middle_prefers_newline_boundaries_2() {
-        // Build a multi-line string of 20 numbered lines (each "NNN\n").
-        let mut s = String::new();
-        for i in 1..=20 {
-            s.push_str(&format!("{i:03}\n"));
-        }
-        // Total length: 20 lines * 4 bytes per line = 80 bytes.
-        assert_eq!(s.len(), 80);
-
-        // Choose a cap that forces truncation while leaving room for
-        // a few lines on each side after accounting for the marker.
-        let max_bytes = 64;
-        // Expect exact output: first 4 lines, marker, last 4 lines, and correct token estimate (80/4 = 20).
-        assert_eq!(
-            truncate_middle(&s, max_bytes),
-            (
-                r#"001
-002
-003
-004
-…12 tokens truncated…
-017
-018
-019
-020
-"#
-                .to_string(),
-                Some(20)
-            )
-        );
-    }
-}

codex-rs/agent/src/turn_diff_tracker.rs

@@ -1,896 +0,0 @@
-use std::collections::HashMap;
-use std::fs;
-use std::path::Path;
-use std::path::PathBuf;
-use std::process::Command;
-
-use anyhow::Context;
-use anyhow::Result;
-use anyhow::anyhow;
-use sha1::digest::Output;
-use uuid::Uuid;
-
-use codex_protocol::protocol::FileChange;
-
-const ZERO_OID: &str = "0000000000000000000000000000000000000000";
-const DEV_NULL: &str = "/dev/null";
-
-struct BaselineFileInfo {
-    path: PathBuf,
-    content: Vec<u8>,
-    mode: FileMode,
-    oid: String,
-}
-
-/// Tracks sets of changes to files and exposes the overall unified diff.
-/// Internally, the way this works is now:
-/// 1. Maintain an in-memory baseline snapshot of files when they are first seen.
-///    For new additions, do not create a baseline so that diffs are shown as proper additions (using /dev/null).
-/// 2. Keep a stable internal filename (uuid) per external path for rename tracking.
-/// 3. To compute the aggregated unified diff, compare each baseline snapshot to the current file on disk entirely in-memory
-///    using the `similar` crate and emit unified diffs with rewritten external paths.
-#[derive(Default)]
-pub struct TurnDiffTracker {
-    /// Map external path -> internal filename (uuid).
-    external_to_temp_name: HashMap<PathBuf, String>,
-    /// Internal filename -> baseline file info.
-    baseline_file_info: HashMap<String, BaselineFileInfo>,
-    /// Internal filename -> external path as of current accumulated state (after applying all changes).
-    /// This is where renames are tracked.
-    temp_name_to_current_path: HashMap<String, PathBuf>,
-    /// Cache of known git worktree roots to avoid repeated filesystem walks.
-    git_root_cache: Vec<PathBuf>,
-}
-
-impl TurnDiffTracker {
-    pub fn new() -> Self {
-        Self::default()
-    }
-
-    /// Front-run apply patch calls to track the starting contents of any modified files.
-    /// - Creates an in-memory baseline snapshot for files that already exist on disk when first seen.
-    /// - For additions, we intentionally do not create a baseline snapshot so that diffs are proper additions.
-    /// - Also updates internal mappings for move/rename events.
-    pub fn on_patch_begin(&mut self, changes: &HashMap<PathBuf, FileChange>) {
-        for (path, change) in changes.iter() {
-            // Ensure a stable internal filename exists for this external path.
-            if !self.external_to_temp_name.contains_key(path.as_path()) {
-                let internal = Uuid::new_v4().to_string();
-                self.external_to_temp_name
-                    .insert(path.clone(), internal.clone());
-                self.temp_name_to_current_path
-                    .insert(internal.clone(), path.clone());
-
-                // If the file exists on disk now, snapshot as baseline; else leave missing to represent /dev/null.
-                let baseline_file_info = if path.exists() {
-                    let mode = file_mode_for_path(path);
-                    let mode_val = mode.unwrap_or(FileMode::Regular);
-                    let content = blob_bytes(path, mode_val).unwrap_or_default();
-                    let oid = if mode == Some(FileMode::Symlink) {
-                        format!("{:x}", git_blob_sha1_hex_bytes(&content))
-                    } else {
-                        self.git_blob_oid_for_path(path)
-                            .unwrap_or_else(|| format!("{:x}", git_blob_sha1_hex_bytes(&content)))
-                    };
-                    Some(BaselineFileInfo {
-                        path: path.clone(),
-                        content,
-                        mode: mode_val,
-                        oid,
-                    })
-                } else {
-                    Some(BaselineFileInfo {
-                        path: path.clone(),
-                        content: vec![],
-                        mode: FileMode::Regular,
-                        oid: ZERO_OID.to_string(),
-                    })
-                };
-
-                if let Some(baseline_file_info) = baseline_file_info {
-                    self.baseline_file_info
-                        .insert(internal.clone(), baseline_file_info);
-                }
-            }
-
-            // Track rename/move in current mapping if provided in an Update.
-            if let FileChange::Update {
-                move_path: Some(dest),
-                ..
-            } = change
-            {
-                let uuid_filename = match self.external_to_temp_name.get(path.as_path()) {
-                    Some(i) => i.clone(),
-                    None => {
-                        // This should be rare, but if we haven't mapped the source, create it with no baseline.
-                        let i = Uuid::new_v4().to_string();
-                        self.baseline_file_info.insert(
-                            i.clone(),
-                            BaselineFileInfo {
-                                path: path.clone(),
-                                content: vec![],
-                                mode: FileMode::Regular,
-                                oid: ZERO_OID.to_string(),
-                            },
-                        );
-                        i
-                    }
-                };
-                // Update current external mapping for temp file name.
-                self.temp_name_to_current_path
-                    .insert(uuid_filename.clone(), dest.clone());
-                // Update forward file_mapping: external current -> internal name.
-                self.external_to_temp_name.remove(path);
-                self.external_to_temp_name
-                    .insert(dest.clone(), uuid_filename);
-            };
-        }
-    }
-
-    fn get_path_for_internal(&self, internal: &str) -> Option<PathBuf> {
-        self.temp_name_to_current_path
-            .get(internal)
-            .cloned()
-            .or_else(|| {
-                self.baseline_file_info
-                    .get(internal)
-                    .map(|info| info.path.clone())
-            })
-    }
-
-    /// Find the git worktree root for a file/directory by walking up to the first ancestor containing a `.git` entry.
-    /// Uses a simple cache of known roots and avoids negative-result caching for simplicity.
-    fn find_git_root_cached(&mut self, start: &Path) -> Option<PathBuf> {
-        let dir = if start.is_dir() {
-            start
-        } else {
-            start.parent()?
-        };
-
-        // Fast path: if any cached root is an ancestor of this path, use it.
-        if let Some(root) = self
-            .git_root_cache
-            .iter()
-            .find(|r| dir.starts_with(r))
-            .cloned()
-        {
-            return Some(root);
-        }
-
-        // Walk up to find a `.git` marker.
-        let mut cur = dir.to_path_buf();
-        loop {
-            let git_marker = cur.join(".git");
-            if git_marker.is_dir() || git_marker.is_file() {
-                if !self.git_root_cache.iter().any(|r| r == &cur) {
-                    self.git_root_cache.push(cur.clone());
-                }
-                return Some(cur);
-            }
-
-            // On Windows, avoid walking above the drive or UNC share root.
-            #[cfg(windows)]
-            {
-                if is_windows_drive_or_unc_root(&cur) {
-                    return None;
-                }
-            }
-
-            if let Some(parent) = cur.parent() {
-                cur = parent.to_path_buf();
-            } else {
-                return None;
-            }
-        }
-    }
-
-    /// Return a display string for `path` relative to its git root if found, else absolute.
-    fn relative_to_git_root_str(&mut self, path: &Path) -> String {
-        let s = if let Some(root) = self.find_git_root_cached(path) {
-            if let Ok(rel) = path.strip_prefix(&root) {
-                rel.display().to_string()
-            } else {
-                path.display().to_string()
-            }
-        } else {
-            path.display().to_string()
-        };
-        s.replace('\\', "/")
-    }
-
-    /// Ask git to compute the blob SHA-1 for the file at `path` within its repository.
-    /// Returns None if no repository is found or git invocation fails.
-    fn git_blob_oid_for_path(&mut self, path: &Path) -> Option<String> {
-        let root = self.find_git_root_cached(path)?;
-        // Compute a path relative to the repo root for better portability across platforms.
-        let rel = path.strip_prefix(&root).unwrap_or(path);
-        let output = Command::new("git")
-            .arg("-C")
-            .arg(&root)
-            .arg("hash-object")
-            .arg("--")
-            .arg(rel)
-            .output()
-            .ok()?;
-        if !output.status.success() {
-            return None;
-        }
-        let s = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        if s.len() == 40 { Some(s) } else { None }
-    }
-
-    /// Recompute the aggregated unified diff by comparing all of the in-memory snapshots that were
-    /// collected before the first time they were touched by apply_patch during this turn with
-    /// the current repo state.
-    pub fn get_unified_diff(&mut self) -> Result<Option<String>> {
-        let mut aggregated = String::new();
-
-        // Compute diffs per tracked internal file in a stable order by external path.
-        let mut baseline_file_names: Vec<String> =
-            self.baseline_file_info.keys().cloned().collect();
-        // Sort lexicographically by full repo-relative path to match git behavior.
-        baseline_file_names.sort_by_key(|internal| {
-            self.get_path_for_internal(internal)
-                .map(|p| self.relative_to_git_root_str(&p))
-                .unwrap_or_default()
-        });
-
-        for internal in baseline_file_names {
-            aggregated.push_str(self.get_file_diff(&internal).as_str());
-            if !aggregated.ends_with('\n') {
-                aggregated.push('\n');
-            }
-        }
-
-        if aggregated.trim().is_empty() {
-            Ok(None)
-        } else {
-            Ok(Some(aggregated))
-        }
-    }
-
-    fn get_file_diff(&mut self, internal_file_name: &str) -> String {
-        let mut aggregated = String::new();
-
-        // Snapshot lightweight fields only.
-        let (baseline_external_path, baseline_mode, left_oid) = {
-            if let Some(info) = self.baseline_file_info.get(internal_file_name) {
-                (info.path.clone(), info.mode, info.oid.clone())
-            } else {
-                (PathBuf::new(), FileMode::Regular, ZERO_OID.to_string())
-            }
-        };
-        let current_external_path = match self.get_path_for_internal(internal_file_name) {
-            Some(p) => p,
-            None => return aggregated,
-        };
-
-        let current_mode = file_mode_for_path(&current_external_path).unwrap_or(FileMode::Regular);
-        let right_bytes = blob_bytes(&current_external_path, current_mode);
-
-        // Compute displays with &mut self before borrowing any baseline content.
-        let left_display = self.relative_to_git_root_str(&baseline_external_path);
-        let right_display = self.relative_to_git_root_str(&current_external_path);
-
-        // Compute right oid before borrowing baseline content.
-        let right_oid = if let Some(b) = right_bytes.as_ref() {
-            if current_mode == FileMode::Symlink {
-                format!("{:x}", git_blob_sha1_hex_bytes(b))
-            } else {
-                self.git_blob_oid_for_path(&current_external_path)
-                    .unwrap_or_else(|| format!("{:x}", git_blob_sha1_hex_bytes(b)))
-            }
-        } else {
-            ZERO_OID.to_string()
-        };
-
-        // Borrow baseline content only after all &mut self uses are done.
-        let left_present = left_oid.as_str() != ZERO_OID;
-        let left_bytes: Option<&[u8]> = if left_present {
-            self.baseline_file_info
-                .get(internal_file_name)
-                .map(|i| i.content.as_slice())
-        } else {
-            None
-        };
-
-        // Fast path: identical bytes or both missing.
-        if left_bytes == right_bytes.as_deref() {
-            return aggregated;
-        }
-
-        aggregated.push_str(&format!("diff --git a/{left_display} b/{right_display}\n"));
-
-        let is_add = !left_present && right_bytes.is_some();
-        let is_delete = left_present && right_bytes.is_none();
-
-        if is_add {
-            aggregated.push_str(&format!("new file mode {current_mode}\n"));
-        } else if is_delete {
-            aggregated.push_str(&format!("deleted file mode {baseline_mode}\n"));
-        } else if baseline_mode != current_mode {
-            aggregated.push_str(&format!("old mode {baseline_mode}\n"));
-            aggregated.push_str(&format!("new mode {current_mode}\n"));
-        }
-
-        let left_text = left_bytes.and_then(|b| std::str::from_utf8(b).ok());
-        let right_text = right_bytes
-            .as_deref()
-            .and_then(|b| std::str::from_utf8(b).ok());
-
-        let can_text_diff = matches!(
-            (left_text, right_text, is_add, is_delete),
-            (Some(_), Some(_), _, _) | (_, Some(_), true, _) | (Some(_), _, _, true)
-        );
-
-        if can_text_diff {
-            let l = left_text.unwrap_or("");
-            let r = right_text.unwrap_or("");
-
-            aggregated.push_str(&format!("index {left_oid}..{right_oid}\n"));
-
-            let old_header = if left_present {
-                format!("a/{left_display}")
-            } else {
-                DEV_NULL.to_string()
-            };
-            let new_header = if right_bytes.is_some() {
-                format!("b/{right_display}")
-            } else {
-                DEV_NULL.to_string()
-            };
-
-            let diff = similar::TextDiff::from_lines(l, r);
-            let unified = diff
-                .unified_diff()
-                .context_radius(3)
-                .header(&old_header, &new_header)
-                .to_string();
-
-            aggregated.push_str(&unified);
-        } else {
-            aggregated.push_str(&format!("index {left_oid}..{right_oid}\n"));
-            let old_header = if left_present {
-                format!("a/{left_display}")
-            } else {
-                DEV_NULL.to_string()
-            };
-            let new_header = if right_bytes.is_some() {
-                format!("b/{right_display}")
-            } else {
-                DEV_NULL.to_string()
-            };
-            aggregated.push_str(&format!("--- {old_header}\n"));
-            aggregated.push_str(&format!("+++ {new_header}\n"));
-            aggregated.push_str("Binary files differ\n");
-        }
-        aggregated
-    }
-}
-
-/// Compute the Git SHA-1 blob object ID for the given content (bytes).
-fn git_blob_sha1_hex_bytes(data: &[u8]) -> Output<sha1::Sha1> {
-    // Git blob hash is sha1 of: "blob <len>\0<data>"
-    let header = format!("blob {}\0", data.len());
-    use sha1::Digest;
-    let mut hasher = sha1::Sha1::new();
-    hasher.update(header.as_bytes());
-    hasher.update(data);
-    hasher.finalize()
-}
-
-#[derive(Clone, Copy, Debug, PartialEq, Eq)]
-enum FileMode {
-    Regular,
-    #[cfg(unix)]
-    Executable,
-    Symlink,
-}
-
-impl FileMode {
-    fn as_str(self) -> &'static str {
-        match self {
-            FileMode::Regular => "100644",
-            #[cfg(unix)]
-            FileMode::Executable => "100755",
-            FileMode::Symlink => "120000",
-        }
-    }
-}
-
-impl std::fmt::Display for FileMode {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        f.write_str(self.as_str())
-    }
-}
-
-#[cfg(unix)]
-fn file_mode_for_path(path: &Path) -> Option<FileMode> {
-    use std::os::unix::fs::PermissionsExt;
-    let meta = fs::symlink_metadata(path).ok()?;
-    let ft = meta.file_type();
-    if ft.is_symlink() {
-        return Some(FileMode::Symlink);
-    }
-    let mode = meta.permissions().mode();
-    let is_exec = (mode & 0o111) != 0;
-    Some(if is_exec {
-        FileMode::Executable
-    } else {
-        FileMode::Regular
-    })
-}
-
-#[cfg(not(unix))]
-fn file_mode_for_path(_path: &Path) -> Option<FileMode> {
-    // Default to non-executable on non-unix.
-    Some(FileMode::Regular)
-}
-
-fn blob_bytes(path: &Path, mode: FileMode) -> Option<Vec<u8>> {
-    if path.exists() {
-        let contents = if mode == FileMode::Symlink {
-            symlink_blob_bytes(path)
-                .ok_or_else(|| anyhow!("failed to read symlink target for {}", path.display()))
-        } else {
-            fs::read(path)
-                .with_context(|| format!("failed to read current file for diff {}", path.display()))
-        };
-        contents.ok()
-    } else {
-        None
-    }
-}
-
-#[cfg(unix)]
-fn symlink_blob_bytes(path: &Path) -> Option<Vec<u8>> {
-    use std::os::unix::ffi::OsStrExt;
-    let target = std::fs::read_link(path).ok()?;
-    Some(target.as_os_str().as_bytes().to_vec())
-}
-
-#[cfg(not(unix))]
-fn symlink_blob_bytes(_path: &Path) -> Option<Vec<u8>> {
-    None
-}
-
-#[cfg(windows)]
-fn is_windows_drive_or_unc_root(p: &std::path::Path) -> bool {
-    use std::path::Component;
-    let mut comps = p.components();
-    matches!(
-        (comps.next(), comps.next(), comps.next()),
-        (Some(Component::Prefix(_)), Some(Component::RootDir), None)
-    )
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use pretty_assertions::assert_eq;
-    use tempfile::tempdir;
-
-    /// Compute the Git SHA-1 blob object ID for the given content (string).
-    /// This delegates to the bytes version to avoid UTF-8 lossy conversions here.
-    fn git_blob_sha1_hex(data: &str) -> String {
-        format!("{:x}", git_blob_sha1_hex_bytes(data.as_bytes()))
-    }
-
-    fn normalize_diff_for_test(input: &str, root: &Path) -> String {
-        let root_str = root.display().to_string().replace('\\', "/");
-        let replaced = input.replace(&root_str, "<TMP>");
-        // Split into blocks on lines starting with "diff --git ", sort blocks for determinism, and rejoin
-        let mut blocks: Vec<String> = Vec::new();
-        let mut current = String::new();
-        for line in replaced.lines() {
-            if line.starts_with("diff --git ") && !current.is_empty() {
-                blocks.push(current);
-                current = String::new();
-            }
-            if !current.is_empty() {
-                current.push('\n');
-            }
-            current.push_str(line);
-        }
-        if !current.is_empty() {
-            blocks.push(current);
-        }
-        blocks.sort();
-        let mut out = blocks.join("\n");
-        if !out.ends_with('\n') {
-            out.push('\n');
-        }
-        out
-    }
-
-    #[test]
-    fn accumulates_add_and_update() {
-        let mut acc = TurnDiffTracker::new();
-
-        let dir = tempdir().unwrap();
-        let file = dir.path().join("a.txt");
-
-        // First patch: add file (baseline should be /dev/null).
-        let add_changes = HashMap::from([(
-            file.clone(),
-            FileChange::Add {
-                content: "foo\n".to_string(),
-            },
-        )]);
-        acc.on_patch_begin(&add_changes);
-
-        // Simulate apply: create the file on disk.
-        fs::write(&file, "foo\n").unwrap();
-        let first = acc.get_unified_diff().unwrap().unwrap();
-        let first = normalize_diff_for_test(&first, dir.path());
-        let expected_first = {
-            let mode = file_mode_for_path(&file).unwrap_or(FileMode::Regular);
-            let right_oid = git_blob_sha1_hex("foo\n");
-            format!(
-                r#"diff --git a/<TMP>/a.txt b/<TMP>/a.txt
-new file mode {mode}
-index {ZERO_OID}..{right_oid}
---- {DEV_NULL}
-+++ b/<TMP>/a.txt
-@@ -0,0 +1 @@
-+foo
-"#,
-            )
-        };
-        assert_eq!(first, expected_first);
-
-        // Second patch: update the file on disk.
-        let update_changes = HashMap::from([(
-            file.clone(),
-            FileChange::Update {
-                unified_diff: "".to_owned(),
-                move_path: None,
-            },
-        )]);
-        acc.on_patch_begin(&update_changes);
-
-        // Simulate apply: append a new line.
-        fs::write(&file, "foo\nbar\n").unwrap();
-        let combined = acc.get_unified_diff().unwrap().unwrap();
-        let combined = normalize_diff_for_test(&combined, dir.path());
-        let expected_combined = {
-            let mode = file_mode_for_path(&file).unwrap_or(FileMode::Regular);
-            let right_oid = git_blob_sha1_hex("foo\nbar\n");
-            format!(
-                r#"diff --git a/<TMP>/a.txt b/<TMP>/a.txt
-new file mode {mode}
-index {ZERO_OID}..{right_oid}
---- {DEV_NULL}
-+++ b/<TMP>/a.txt
-@@ -0,0 +1,2 @@
-+foo
-+bar
-"#,
-            )
-        };
-        assert_eq!(combined, expected_combined);
-    }
-
-    #[test]
-    fn accumulates_delete() {
-        let dir = tempdir().unwrap();
-        let file = dir.path().join("b.txt");
-        fs::write(&file, "x\n").unwrap();
-
-        let mut acc = TurnDiffTracker::new();
-        let del_changes = HashMap::from([(
-            file.clone(),
-            FileChange::Delete {
-                content: "x\n".to_string(),
-            },
-        )]);
-        acc.on_patch_begin(&del_changes);
-
-        // Simulate apply: delete the file from disk.
-        let baseline_mode = file_mode_for_path(&file).unwrap_or(FileMode::Regular);
-        fs::remove_file(&file).unwrap();
-        let diff = acc.get_unified_diff().unwrap().unwrap();
-        let diff = normalize_diff_for_test(&diff, dir.path());
-        let expected = {
-            let left_oid = git_blob_sha1_hex("x\n");
-            format!(
-                r#"diff --git a/<TMP>/b.txt b/<TMP>/b.txt
-deleted file mode {baseline_mode}
-index {left_oid}..{ZERO_OID}
---- a/<TMP>/b.txt
-+++ {DEV_NULL}
-@@ -1 +0,0 @@
--x
-"#,
-            )
-        };
-        assert_eq!(diff, expected);
-    }
-
-    #[test]
-    fn accumulates_move_and_update() {
-        let dir = tempdir().unwrap();
-        let src = dir.path().join("src.txt");
-        let dest = dir.path().join("dst.txt");
-        fs::write(&src, "line\n").unwrap();
-
-        let mut acc = TurnDiffTracker::new();
-        let mv_changes = HashMap::from([(
-            src.clone(),
-            FileChange::Update {
-                unified_diff: "".to_owned(),
-                move_path: Some(dest.clone()),
-            },
-        )]);
-        acc.on_patch_begin(&mv_changes);
-
-        // Simulate apply: move and update content.
-        fs::rename(&src, &dest).unwrap();
-        fs::write(&dest, "line2\n").unwrap();
-
-        let out = acc.get_unified_diff().unwrap().unwrap();
-        let out = normalize_diff_for_test(&out, dir.path());
-        let expected = {
-            let left_oid = git_blob_sha1_hex("line\n");
-            let right_oid = git_blob_sha1_hex("line2\n");
-            format!(
-                r#"diff --git a/<TMP>/src.txt b/<TMP>/dst.txt
-index {left_oid}..{right_oid}
---- a/<TMP>/src.txt
-+++ b/<TMP>/dst.txt
-@@ -1 +1 @@
--line
-+line2
-"#
-            )
-        };
-        assert_eq!(out, expected);
-    }
-
-    #[test]
-    fn move_without_1change_yields_no_diff() {
-        let dir = tempdir().unwrap();
-        let src = dir.path().join("moved.txt");
-        let dest = dir.path().join("renamed.txt");
-        fs::write(&src, "same\n").unwrap();
-
-        let mut acc = TurnDiffTracker::new();
-        let mv_changes = HashMap::from([(
-            src.clone(),
-            FileChange::Update {
-                unified_diff: "".to_owned(),
-                move_path: Some(dest.clone()),
-            },
-        )]);
-        acc.on_patch_begin(&mv_changes);
-
-        // Simulate apply: move only, no content change.
-        fs::rename(&src, &dest).unwrap();
-
-        let diff = acc.get_unified_diff().unwrap();
-        assert_eq!(diff, None);
-    }
-
-    #[test]
-    fn move_declared_but_file_only_appears_at_dest_is_add() {
-        let dir = tempdir().unwrap();
-        let src = dir.path().join("src.txt");
-        let dest = dir.path().join("dest.txt");
-        let mut acc = TurnDiffTracker::new();
-        let mv = HashMap::from([(
-            src,
-            FileChange::Update {
-                unified_diff: "".into(),
-                move_path: Some(dest.clone()),
-            },
-        )]);
-        acc.on_patch_begin(&mv);
-        // No file existed initially; create only dest
-        fs::write(&dest, "hello\n").unwrap();
-        let diff = acc.get_unified_diff().unwrap().unwrap();
-        let diff = normalize_diff_for_test(&diff, dir.path());
-        let expected = {
-            let mode = file_mode_for_path(&dest).unwrap_or(FileMode::Regular);
-            let right_oid = git_blob_sha1_hex("hello\n");
-            format!(
-                r#"diff --git a/<TMP>/src.txt b/<TMP>/dest.txt
-new file mode {mode}
-index {ZERO_OID}..{right_oid}
---- {DEV_NULL}
-+++ b/<TMP>/dest.txt
-@@ -0,0 +1 @@
-+hello
-"#,
-            )
-        };
-        assert_eq!(diff, expected);
-    }
-
-    #[test]
-    fn update_persists_across_new_baseline_for_new_file() {
-        let dir = tempdir().unwrap();
-        let a = dir.path().join("a.txt");
-        let b = dir.path().join("b.txt");
-        fs::write(&a, "foo\n").unwrap();
-        fs::write(&b, "z\n").unwrap();
-
-        let mut acc = TurnDiffTracker::new();
-
-        // First: update existing a.txt (baseline snapshot is created for a).
-        let update_a = HashMap::from([(
-            a.clone(),
-            FileChange::Update {
-                unified_diff: "".to_owned(),
-                move_path: None,
-            },
-        )]);
-        acc.on_patch_begin(&update_a);
-        // Simulate apply: modify a.txt on disk.
-        fs::write(&a, "foo\nbar\n").unwrap();
-        let first = acc.get_unified_diff().unwrap().unwrap();
-        let first = normalize_diff_for_test(&first, dir.path());
-        let expected_first = {
-            let left_oid = git_blob_sha1_hex("foo\n");
-            let right_oid = git_blob_sha1_hex("foo\nbar\n");
-            format!(
-                r#"diff --git a/<TMP>/a.txt b/<TMP>/a.txt
-index {left_oid}..{right_oid}
---- a/<TMP>/a.txt
-+++ b/<TMP>/a.txt
-@@ -1 +1,2 @@
- foo
-+bar
-"#
-            )
-        };
-        assert_eq!(first, expected_first);
-
-        // Next: introduce a brand-new path b.txt into baseline snapshots via a delete change.
-        let del_b = HashMap::from([(
-            b.clone(),
-            FileChange::Delete {
-                content: "z\n".to_string(),
-            },
-        )]);
-        acc.on_patch_begin(&del_b);
-        // Simulate apply: delete b.txt.
-        let baseline_mode = file_mode_for_path(&b).unwrap_or(FileMode::Regular);
-        fs::remove_file(&b).unwrap();
-
-        let combined = acc.get_unified_diff().unwrap().unwrap();
-        let combined = normalize_diff_for_test(&combined, dir.path());
-        let expected = {
-            let left_oid_a = git_blob_sha1_hex("foo\n");
-            let right_oid_a = git_blob_sha1_hex("foo\nbar\n");
-            let left_oid_b = git_blob_sha1_hex("z\n");
-            format!(
-                r#"diff --git a/<TMP>/a.txt b/<TMP>/a.txt
-index {left_oid_a}..{right_oid_a}
---- a/<TMP>/a.txt
-+++ b/<TMP>/a.txt
-@@ -1 +1,2 @@
- foo
-+bar
-diff --git a/<TMP>/b.txt b/<TMP>/b.txt
-deleted file mode {baseline_mode}
-index {left_oid_b}..{ZERO_OID}
---- a/<TMP>/b.txt
-+++ {DEV_NULL}
-@@ -1 +0,0 @@
--z
-"#,
-            )
-        };
-        assert_eq!(combined, expected);
-    }
-
-    #[test]
-    fn binary_files_differ_update() {
-        let dir = tempdir().unwrap();
-        let file = dir.path().join("bin.dat");
-
-        // Initial non-UTF8 bytes
-        let left_bytes: Vec<u8> = vec![0xff, 0xfe, 0xfd, 0x00];
-        // Updated non-UTF8 bytes
-        let right_bytes: Vec<u8> = vec![0x01, 0x02, 0x03, 0x00];
-
-        fs::write(&file, &left_bytes).unwrap();
-
-        let mut acc = TurnDiffTracker::new();
-        let update_changes = HashMap::from([(
-            file.clone(),
-            FileChange::Update {
-                unified_diff: "".to_owned(),
-                move_path: None,
-            },
-        )]);
-        acc.on_patch_begin(&update_changes);
-
-        // Apply update on disk
-        fs::write(&file, &right_bytes).unwrap();
-
-        let diff = acc.get_unified_diff().unwrap().unwrap();
-        let diff = normalize_diff_for_test(&diff, dir.path());
-        let expected = {
-            let left_oid = format!("{:x}", git_blob_sha1_hex_bytes(&left_bytes));
-            let right_oid = format!("{:x}", git_blob_sha1_hex_bytes(&right_bytes));
-            format!(
-                r#"diff --git a/<TMP>/bin.dat b/<TMP>/bin.dat
-index {left_oid}..{right_oid}
---- a/<TMP>/bin.dat
-+++ b/<TMP>/bin.dat
-Binary files differ
-"#
-            )
-        };
-        assert_eq!(diff, expected);
-    }
-
-    #[test]
-    fn filenames_with_spaces_add_and_update() {
-        let mut acc = TurnDiffTracker::new();
-
-        let dir = tempdir().unwrap();
-        let file = dir.path().join("name with spaces.txt");
-
-        // First patch: add file (baseline should be /dev/null).
-        let add_changes = HashMap::from([(
-            file.clone(),
-            FileChange::Add {
-                content: "foo\n".to_string(),
-            },
-        )]);
-        acc.on_patch_begin(&add_changes);
-
-        // Simulate apply: create the file on disk.
-        fs::write(&file, "foo\n").unwrap();
-        let first = acc.get_unified_diff().unwrap().unwrap();
-        let first = normalize_diff_for_test(&first, dir.path());
-        let expected_first = {
-            let mode = file_mode_for_path(&file).unwrap_or(FileMode::Regular);
-            let right_oid = git_blob_sha1_hex("foo\n");
-            format!(
-                r#"diff --git a/<TMP>/name with spaces.txt b/<TMP>/name with spaces.txt
-new file mode {mode}
-index {ZERO_OID}..{right_oid}
---- {DEV_NULL}
-+++ b/<TMP>/name with spaces.txt
-@@ -0,0 +1 @@
-+foo
-"#,
-            )
-        };
-        assert_eq!(first, expected_first);
-
-        // Second patch: update the file on disk.
-        let update_changes = HashMap::from([(
-            file.clone(),
-            FileChange::Update {
-                unified_diff: "".to_owned(),
-                move_path: None,
-            },
-        )]);
-        acc.on_patch_begin(&update_changes);
-
-        // Simulate apply: append a new line with a space.
-        fs::write(&file, "foo\nbar baz\n").unwrap();
-        let combined = acc.get_unified_diff().unwrap().unwrap();
-        let combined = normalize_diff_for_test(&combined, dir.path());
-        let expected_combined = {
-            let mode = file_mode_for_path(&file).unwrap_or(FileMode::Regular);
-            let right_oid = git_blob_sha1_hex("foo\nbar baz\n");
-            format!(
-                r#"diff --git a/<TMP>/name with spaces.txt b/<TMP>/name with spaces.txt
-new file mode {mode}
-index {ZERO_OID}..{right_oid}
---- {DEV_NULL}
-+++ b/<TMP>/name with spaces.txt
-@@ -0,0 +1,2 @@
-+foo
-+bar baz
-"#,
-            )
-        };
-        assert_eq!(combined, expected_combined);
-    }
-}

codex-rs/agent/src/unified_exec/errors.rs

@@ -1,22 +0,0 @@
-use thiserror::Error;
-
-#[derive(Debug, Error)]
-pub enum UnifiedExecError {
-    #[error("Failed to create unified exec session: {pty_error}")]
-    CreateSession {
-        #[source]
-        pty_error: anyhow::Error,
-    },
-    #[error("Unknown session id {session_id}")]
-    UnknownSessionId { session_id: i32 },
-    #[error("failed to write to stdin")]
-    WriteToStdin,
-    #[error("missing command line for unified exec request")]
-    MissingCommandLine,
-}
-
-impl UnifiedExecError {
-    pub(crate) fn create_session(error: anyhow::Error) -> Self {
-        Self::CreateSession { pty_error: error }
-    }
-}

codex-rs/agent/src/unified_exec/mod.rs

@@ -1,655 +0,0 @@
-use portable_pty::CommandBuilder;
-use portable_pty::PtySize;
-use portable_pty::native_pty_system;
-use std::collections::HashMap;
-use std::collections::VecDeque;
-use std::io::ErrorKind;
-use std::io::Read;
-use std::sync::Arc;
-use std::sync::Mutex as StdMutex;
-use std::sync::atomic::AtomicBool;
-use std::sync::atomic::AtomicI32;
-use std::sync::atomic::Ordering;
-use tokio::sync::Mutex;
-use tokio::sync::Notify;
-use tokio::sync::mpsc;
-use tokio::task::JoinHandle;
-use tokio::time::Duration;
-use tokio::time::Instant;
-
-use crate::exec_command::ExecCommandSession;
-use crate::truncate::truncate_middle;
-
-mod errors;
-
-pub use errors::UnifiedExecError;
-
-const DEFAULT_TIMEOUT_MS: u64 = 1_000;
-const MAX_TIMEOUT_MS: u64 = 60_000;
-const UNIFIED_EXEC_OUTPUT_MAX_BYTES: usize = 128 * 1024; // 128 KiB
-
-#[derive(Debug)]
-pub struct UnifiedExecRequest<'a> {
-    pub session_id: Option<i32>,
-    pub input_chunks: &'a [String],
-    pub timeout_ms: Option<u64>,
-}
-
-#[derive(Debug, Clone, PartialEq)]
-pub struct UnifiedExecResult {
-    pub session_id: Option<i32>,
-    pub output: String,
-}
-
-#[derive(Debug, Default)]
-pub struct UnifiedExecSessionManager {
-    next_session_id: AtomicI32,
-    sessions: Mutex<HashMap<i32, ManagedUnifiedExecSession>>,
-}
-
-#[derive(Debug)]
-struct ManagedUnifiedExecSession {
-    session: ExecCommandSession,
-    output_buffer: OutputBuffer,
-    /// Notifies waiters whenever new output has been appended to
-    /// `output_buffer`, allowing clients to poll for fresh data.
-    output_notify: Arc<Notify>,
-    output_task: JoinHandle<()>,
-}
-
-#[derive(Debug, Default)]
-struct OutputBufferState {
-    chunks: VecDeque<Vec<u8>>,
-    total_bytes: usize,
-}
-
-impl OutputBufferState {
-    fn push_chunk(&mut self, chunk: Vec<u8>) {
-        self.total_bytes = self.total_bytes.saturating_add(chunk.len());
-        self.chunks.push_back(chunk);
-
-        let mut excess = self
-            .total_bytes
-            .saturating_sub(UNIFIED_EXEC_OUTPUT_MAX_BYTES);
-
-        while excess > 0 {
-            match self.chunks.front_mut() {
-                Some(front) if excess >= front.len() => {
-                    excess -= front.len();
-                    self.total_bytes = self.total_bytes.saturating_sub(front.len());
-                    self.chunks.pop_front();
-                }
-                Some(front) => {
-                    front.drain(..excess);
-                    self.total_bytes = self.total_bytes.saturating_sub(excess);
-                    break;
-                }
-                None => break,
-            }
-        }
-    }
-
-    fn drain(&mut self) -> Vec<Vec<u8>> {
-        let drained: Vec<Vec<u8>> = self.chunks.drain(..).collect();
-        self.total_bytes = 0;
-        drained
-    }
-}
-
-type OutputBuffer = Arc<Mutex<OutputBufferState>>;
-type OutputHandles = (OutputBuffer, Arc<Notify>);
-
-impl ManagedUnifiedExecSession {
-    fn new(
-        session: ExecCommandSession,
-        initial_output_rx: tokio::sync::broadcast::Receiver<Vec<u8>>,
-    ) -> Self {
-        let output_buffer = Arc::new(Mutex::new(OutputBufferState::default()));
-        let output_notify = Arc::new(Notify::new());
-        let mut receiver = initial_output_rx;
-        let buffer_clone = Arc::clone(&output_buffer);
-        let notify_clone = Arc::clone(&output_notify);
-        let output_task = tokio::spawn(async move {
-            while let Ok(chunk) = receiver.recv().await {
-                let mut guard = buffer_clone.lock().await;
-                guard.push_chunk(chunk);
-                drop(guard);
-                notify_clone.notify_waiters();
-            }
-        });
-
-        Self {
-            session,
-            output_buffer,
-            output_notify,
-            output_task,
-        }
-    }
-
-    fn writer_sender(&self) -> mpsc::Sender<Vec<u8>> {
-        self.session.writer_sender()
-    }
-
-    fn output_handles(&self) -> OutputHandles {
-        (
-            Arc::clone(&self.output_buffer),
-            Arc::clone(&self.output_notify),
-        )
-    }
-
-    fn has_exited(&self) -> bool {
-        self.session.has_exited()
-    }
-}
-
-impl Drop for ManagedUnifiedExecSession {
-    fn drop(&mut self) {
-        self.output_task.abort();
-    }
-}
-
-impl UnifiedExecSessionManager {
-    pub async fn handle_request(
-        &self,
-        request: UnifiedExecRequest<'_>,
-    ) -> Result<UnifiedExecResult, UnifiedExecError> {
-        let (timeout_ms, timeout_warning) = match request.timeout_ms {
-            Some(requested) if requested > MAX_TIMEOUT_MS => (
-                MAX_TIMEOUT_MS,
-                Some(format!(
-                    "Warning: requested timeout {requested}ms exceeds maximum of {MAX_TIMEOUT_MS}ms; clamping to {MAX_TIMEOUT_MS}ms.\n"
-                )),
-            ),
-            Some(requested) => (requested, None),
-            None => (DEFAULT_TIMEOUT_MS, None),
-        };
-
-        let mut new_session: Option<ManagedUnifiedExecSession> = None;
-        let session_id;
-        let writer_tx;
-        let output_buffer;
-        let output_notify;
-
-        if let Some(existing_id) = request.session_id {
-            let mut sessions = self.sessions.lock().await;
-            match sessions.get(&existing_id) {
-                Some(session) => {
-                    if session.has_exited() {
-                        sessions.remove(&existing_id);
-                        return Err(UnifiedExecError::UnknownSessionId {
-                            session_id: existing_id,
-                        });
-                    }
-                    let (buffer, notify) = session.output_handles();
-                    session_id = existing_id;
-                    writer_tx = session.writer_sender();
-                    output_buffer = buffer;
-                    output_notify = notify;
-                }
-                None => {
-                    return Err(UnifiedExecError::UnknownSessionId {
-                        session_id: existing_id,
-                    });
-                }
-            }
-            drop(sessions);
-        } else {
-            let command = request.input_chunks.to_vec();
-            let new_id = self.next_session_id.fetch_add(1, Ordering::SeqCst);
-            let (session, initial_output_rx) = create_unified_exec_session(&command).await?;
-            let managed_session = ManagedUnifiedExecSession::new(session, initial_output_rx);
-            let (buffer, notify) = managed_session.output_handles();
-            writer_tx = managed_session.writer_sender();
-            output_buffer = buffer;
-            output_notify = notify;
-            session_id = new_id;
-            new_session = Some(managed_session);
-        };
-
-        if request.session_id.is_some() {
-            let joined_input = request.input_chunks.join(" ");
-            if !joined_input.is_empty() && writer_tx.send(joined_input.into_bytes()).await.is_err()
-            {
-                return Err(UnifiedExecError::WriteToStdin);
-            }
-        }
-
-        let mut collected: Vec<u8> = Vec::with_capacity(4096);
-        let start = Instant::now();
-        let deadline = start + Duration::from_millis(timeout_ms);
-
-        loop {
-            let drained_chunks;
-            let mut wait_for_output = None;
-            {
-                let mut guard = output_buffer.lock().await;
-                drained_chunks = guard.drain();
-                if drained_chunks.is_empty() {
-                    wait_for_output = Some(output_notify.notified());
-                }
-            }
-
-            if drained_chunks.is_empty() {
-                let remaining = deadline.saturating_duration_since(Instant::now());
-                if remaining == Duration::ZERO {
-                    break;
-                }
-
-                let notified = wait_for_output.unwrap_or_else(|| output_notify.notified());
-                tokio::pin!(notified);
-                tokio::select! {
-                    _ = &mut notified => {}
-                    _ = tokio::time::sleep(remaining) => break,
-                }
-                continue;
-            }
-
-            for chunk in drained_chunks {
-                collected.extend_from_slice(&chunk);
-            }
-
-            if Instant::now() >= deadline {
-                break;
-            }
-        }
-
-        let (output, _maybe_tokens) = truncate_middle(
-            &String::from_utf8_lossy(&collected),
-            UNIFIED_EXEC_OUTPUT_MAX_BYTES,
-        );
-        let output = if let Some(warning) = timeout_warning {
-            format!("{warning}{output}")
-        } else {
-            output
-        };
-
-        let should_store_session = if let Some(session) = new_session.as_ref() {
-            !session.has_exited()
-        } else if request.session_id.is_some() {
-            let mut sessions = self.sessions.lock().await;
-            if let Some(existing) = sessions.get(&session_id) {
-                if existing.has_exited() {
-                    sessions.remove(&session_id);
-                    false
-                } else {
-                    true
-                }
-            } else {
-                false
-            }
-        } else {
-            true
-        };
-
-        if should_store_session {
-            if let Some(session) = new_session {
-                self.sessions.lock().await.insert(session_id, session);
-            }
-            Ok(UnifiedExecResult {
-                session_id: Some(session_id),
-                output,
-            })
-        } else {
-            Ok(UnifiedExecResult {
-                session_id: None,
-                output,
-            })
-        }
-    }
-}
-
-async fn create_unified_exec_session(
-    command: &[String],
-) -> Result<
-    (
-        ExecCommandSession,
-        tokio::sync::broadcast::Receiver<Vec<u8>>,
-    ),
-    UnifiedExecError,
-> {
-    if command.is_empty() {
-        return Err(UnifiedExecError::MissingCommandLine);
-    }
-
-    let pty_system = native_pty_system();
-
-    let pair = pty_system
-        .openpty(PtySize {
-            rows: 24,
-            cols: 80,
-            pixel_width: 0,
-            pixel_height: 0,
-        })
-        .map_err(UnifiedExecError::create_session)?;
-
-    // Safe thanks to the check at the top of the function.
-    let mut command_builder = CommandBuilder::new(command[0].clone());
-    for arg in &command[1..] {
-        command_builder.arg(arg);
-    }
-
-    let mut child = pair
-        .slave
-        .spawn_command(command_builder)
-        .map_err(UnifiedExecError::create_session)?;
-    let killer = child.clone_killer();
-
-    let (writer_tx, mut writer_rx) = mpsc::channel::<Vec<u8>>(128);
-    let (output_tx, _) = tokio::sync::broadcast::channel::<Vec<u8>>(256);
-
-    let mut reader = pair
-        .master
-        .try_clone_reader()
-        .map_err(UnifiedExecError::create_session)?;
-    let output_tx_clone = output_tx.clone();
-    let reader_handle = tokio::task::spawn_blocking(move || {
-        let mut buf = [0u8; 8192];
-        loop {
-            match reader.read(&mut buf) {
-                Ok(0) => break,
-                Ok(n) => {
-                    let _ = output_tx_clone.send(buf[..n].to_vec());
-                }
-                Err(ref e) if e.kind() == ErrorKind::Interrupted => continue,
-                Err(ref e) if e.kind() == ErrorKind::WouldBlock => {
-                    std::thread::sleep(Duration::from_millis(5));
-                    continue;
-                }
-                Err(_) => break,
-            }
-        }
-    });
-
-    let writer = pair
-        .master
-        .take_writer()
-        .map_err(UnifiedExecError::create_session)?;
-    let writer = Arc::new(StdMutex::new(writer));
-    let writer_handle = tokio::spawn({
-        let writer = writer.clone();
-        async move {
-            while let Some(bytes) = writer_rx.recv().await {
-                let writer = writer.clone();
-                let _ = tokio::task::spawn_blocking(move || {
-                    if let Ok(mut guard) = writer.lock() {
-                        use std::io::Write;
-                        let _ = guard.write_all(&bytes);
-                        let _ = guard.flush();
-                    }
-                })
-                .await;
-            }
-        }
-    });
-
-    let exit_status = Arc::new(AtomicBool::new(false));
-    let wait_exit_status = Arc::clone(&exit_status);
-    let wait_handle = tokio::task::spawn_blocking(move || {
-        let _ = child.wait();
-        wait_exit_status.store(true, Ordering::SeqCst);
-    });
-
-    let (session, initial_output_rx) = ExecCommandSession::new(
-        writer_tx,
-        output_tx,
-        killer,
-        reader_handle,
-        writer_handle,
-        wait_handle,
-        exit_status,
-    );
-    Ok((session, initial_output_rx))
-}
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    #[cfg(unix)]
-    use core_test_support::skip_if_sandbox;
-
-    #[test]
-    fn push_chunk_trims_only_excess_bytes() {
-        let mut buffer = OutputBufferState::default();
-        buffer.push_chunk(vec![b'a'; UNIFIED_EXEC_OUTPUT_MAX_BYTES]);
-        buffer.push_chunk(vec![b'b']);
-        buffer.push_chunk(vec![b'c']);
-
-        assert_eq!(buffer.total_bytes, UNIFIED_EXEC_OUTPUT_MAX_BYTES);
-        assert_eq!(buffer.chunks.len(), 3);
-        assert_eq!(
-            buffer.chunks.front().unwrap().len(),
-            UNIFIED_EXEC_OUTPUT_MAX_BYTES - 2
-        );
-        assert_eq!(buffer.chunks.pop_back().unwrap(), vec![b'c']);
-        assert_eq!(buffer.chunks.pop_back().unwrap(), vec![b'b']);
-    }
-
-    #[cfg(unix)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn unified_exec_persists_across_requests_jif() -> Result<(), UnifiedExecError> {
-        skip_if_sandbox!(Ok(()));
-
-        let manager = UnifiedExecSessionManager::default();
-
-        let open_shell = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        let session_id = open_shell.session_id.expect("expected session_id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &[
-                    "export".to_string(),
-                    "CODEX_INTERACTIVE_SHELL_VAR=codex\n".to_string(),
-                ],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-
-        let out_2 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &["echo $CODEX_INTERACTIVE_SHELL_VAR\n".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        assert!(out_2.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn multi_unified_exec_sessions() -> Result<(), UnifiedExecError> {
-        skip_if_sandbox!(Ok(()));
-
-        let manager = UnifiedExecSessionManager::default();
-
-        let shell_a = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["/bin/bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        let session_a = shell_a.session_id.expect("expected session id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_a),
-                input_chunks: &["export CODEX_INTERACTIVE_SHELL_VAR=codex\n".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-
-        let out_2 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &[
-                    "echo".to_string(),
-                    "$CODEX_INTERACTIVE_SHELL_VAR\n".to_string(),
-                ],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        assert!(!out_2.output.contains("codex"));
-
-        let out_3 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_a),
-                input_chunks: &["echo $CODEX_INTERACTIVE_SHELL_VAR\n".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        assert!(out_3.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    async fn unified_exec_timeouts() -> Result<(), UnifiedExecError> {
-        skip_if_sandbox!(Ok(()));
-
-        let manager = UnifiedExecSessionManager::default();
-
-        let open_shell = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        let session_id = open_shell.session_id.expect("expected session id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &[
-                    "export".to_string(),
-                    "CODEX_INTERACTIVE_SHELL_VAR=codex\n".to_string(),
-                ],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-
-        let out_2 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &["sleep 5 && echo $CODEX_INTERACTIVE_SHELL_VAR\n".to_string()],
-                timeout_ms: Some(10),
-            })
-            .await?;
-        assert!(!out_2.output.contains("codex"));
-
-        tokio::time::sleep(Duration::from_secs(7)).await;
-
-        let empty = Vec::new();
-        let out_3 = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &empty,
-                timeout_ms: Some(100),
-            })
-            .await?;
-
-        assert!(out_3.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    #[ignore] // Ignored while we have a better way to test this.
-    async fn requests_with_large_timeout_are_capped() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-
-        let result = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["echo".to_string(), "codex".to_string()],
-                timeout_ms: Some(120_000),
-            })
-            .await?;
-
-        assert!(result.output.starts_with(
-            "Warning: requested timeout 120000ms exceeds maximum of 60000ms; clamping to 60000ms.\n"
-        ));
-        assert!(result.output.contains("codex"));
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test]
-    #[ignore] // Ignored while we have a better way to test this.
-    async fn completed_commands_do_not_persist_sessions() -> Result<(), UnifiedExecError> {
-        let manager = UnifiedExecSessionManager::default();
-        let result = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["/bin/echo".to_string(), "codex".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-
-        assert!(result.session_id.is_none());
-        assert!(result.output.contains("codex"));
-
-        assert!(manager.sessions.lock().await.is_empty());
-
-        Ok(())
-    }
-
-    #[cfg(unix)]
-    #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
-    async fn reusing_completed_session_returns_unknown_session() -> Result<(), UnifiedExecError> {
-        skip_if_sandbox!(Ok(()));
-
-        let manager = UnifiedExecSessionManager::default();
-
-        let open_shell = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: None,
-                input_chunks: &["/bin/bash".to_string(), "-i".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-        let session_id = open_shell.session_id.expect("expected session id");
-
-        manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &["exit\n".to_string()],
-                timeout_ms: Some(2_500),
-            })
-            .await?;
-
-        tokio::time::sleep(Duration::from_millis(200)).await;
-
-        let err = manager
-            .handle_request(UnifiedExecRequest {
-                session_id: Some(session_id),
-                input_chunks: &[],
-                timeout_ms: Some(100),
-            })
-            .await
-            .expect_err("expected unknown session error");
-
-        match err {
-            UnifiedExecError::UnknownSessionId { session_id: err_id } => {
-                assert_eq!(err_id, session_id);
-            }
-            other => panic!("expected UnknownSessionId, got {other:?}"),
-        }
-
-        assert!(!manager.sessions.lock().await.contains_key(&session_id));
-
-        Ok(())
-    }
-}

codex-rs/agent_refactor.md

@@ -1,112 +0,0 @@
-# Agent Runtime Refactor
-
-## Goals
-- Decouple the Codex agent loop from CLI-specific wiring so it can run as a reusable library or standalone binary.
-- Preserve the current behaviour of `codex-core` (tooling, approvals, sandboxing, MCP integration) while providing a cleaner embedding surface.
-- Enable specialised hosts—CLI, training harnesses, response API bridges—to share the same runtime with minimal glue code.
-
-## Proposed Architecture
-### 1. `codex-agent` crate (new)
-- Owns the session runtime: `AgentRuntime`, `AgentHandle`, the states, and the task runners now under `core/src/tasks`.
-- Exposes a queue-like API: `AgentHandle::submit(Op/Submission)` and `AgentHandle::next_event()` mirroring today’s behaviour.
-- Re-exports protocol types from `codex-protocol` so consumers do not depend on the entire `codex-core` tree.
-- Houses the agent loop (`run_task`, `run_turn`, exec/safety plumbing) together with the sandbox planner (`ExecPlan`, `PreparedExec`, etc.).
-
-### 2. Shared configuration surface
-- Introduce `AgentConfig` as the minimal runtime configuration (model, provider, approvals, sandbox defaults, cwd, user/base instructions, feature flags relevant to the loop).
-- Provide `From<&Config>` for CLI compatibility; training/other hosts construct `AgentConfig` directly.
-- CLI-only concerns (logging, auth prompts, workspace presets) stay inside `codex-core` and are translated before spawning the runtime.
-
-### 3. Service abstraction layer
-- Define traits that the runtime depends on instead of concrete CLI structs:
-  - `CredentialsProvider` (wraps `AuthManager`).
-  - `Notifier` (reuses `UserNotifier` contract).
-  - `McpInterface` (start/list tools, dispatch tool calls).
-  - `SandboxManager` (wraps `BackendRegistry`/`prepare_exec_invocation` wiring).
-  - `RolloutSink` (write/flush rollout items; default no-op).
-- Provide default implementations in `codex-core` that simply wrap the existing services (`SessionServices`).
-
-### 4. Task subsystem consolidation
-- Keep the new `SessionTask` trait and concrete tasks (`RegularTask`, `ReviewTask`, `CompactTask`) inside `codex-agent` so custom hosts can opt into additional tasks without touching CLI crates.
-- Ensure task lifecycle management (`spawn_task`, `abort_all_tasks`, `ActiveTurn`) stays encapsulated in the runtime and surfaces only high-level signals (events, cancellation APIs).
-
-### 5. Sandbox execution layer
-- Move the recently created `core/src/sandbox` module into `codex-agent` (or re-export) so runtime owns exec planning.
-- Runtime exposes an injectable `SandboxRuntimeConfig` (paths, seatbelt binary, stdout streaming choice) and calls into `SandboxManager` to execute plans.
-- Respect existing environment variables and approval policies; no semantic changes to seatbelt handling.
-
-### 6. Host integrations
-- CLI crate: replaces direct usage of `Codex::spawn` with `AgentRuntime::spawn`, adapting CLI config/auth providers to runtime traits. Behaviour remains identical.
-- Training binary (`codex-agent-bin`): thin crate that parses CLI flags (Response API URL, auth token, optional instructions) and bridges remote Ops/Events to the runtime via chosen transport (MCP channel, HTTP/WebSocket bridge).
-- Additional hosts can embed the runtime by implementing the service traits and providing transport glue.
-
-### 7. Transport adapters
-- Internally keep `async_channel` for runtime queues.
-- Provide helper adapters (`AgentTransport` trait) so callers can hook streams (local channel, TCP bridge, etc.) while keeping backpressure and graceful shutdown semantics consistent.
-
-## Guidelines
-- **Config boundary**: new code must depend on `AgentConfig`; only CLI/front-ends may use the broader `Config` struct. Avoid adding CLI-specific fields to the runtime config.
-- **Trait-based services**: any runtime dependency that could vary across hosts (MCP, rollout persistence, sandbox execution, notifications) should be expressed as a trait with a default implementation living in `codex-core`.
-- **Task authoring**: additional tasks must implement `SessionTask`; tasks are responsible for calling `run_task`/`exit_review_mode` helpers and returning final assistant output for `TaskComplete` events.
-- **Sandbox safety**: all exec/patch calls must flow through `plan_exec`/`plan_apply_patch` (now under `codex-agent::sandbox`) to preserve approval semantics. Never bypass `SandboxManager`.
-- **MCP usage**: runtime talks only through `McpInterface`; hosts provide concrete connectors (existing CLI manager, lightweight training stub, etc.).
-- **Rollout handling**: default `RolloutSink` should no-op; hosts that require persistence (CLI, evaluation harness) supply an implementation that wraps existing recorder.
-- **Transport/backpressure**: treat the runtime queue as bounded and handle cancellations; adapters must propagate `Op::Shutdown` promptly.
-- **Observability**: keep tracing instrumentation intact; new modules should use existing `tracing` spans for start/end of tasks, exec calls, and MCP interactions.
-- **Code quality**: write minimalist idiomatic code. Leverage the capacity of Rust 
-
-## Current Scope Snapshot
-- `codex-agent` owns the execution/runtime surface: conversation history, rollout recording, function tool plumbing, sandbox planning, command/apply_patch safety, and the new `ApprovalCoordinator` trait that abstracts user approvals. Host-agnostic helpers such as shell formatting, bash parsing, and command safety now live here.
-- `codex-core` focuses on CLI integration: loading user configuration, wiring concrete services (auth, MCP, sandbox manager), translating CLI policies into runtime configs, and exposing the embedded runtime to front-ends. It re-exports runtime modules needed by existing callers but should avoid hosting new agent logic.
-- Session bootstrap now flows through a host-provided `prepare_session_bootstrap` helper: the CLI constructs rollout/MCP/sandbox services, builds the new `codex_agent::SessionServices` + `SessionState`, pre-builds the initial `TurnContext` (model client + tool config), and hands them to `Session::new` instead of constructing them inline.
-
-
-## Implementation Plan
-1. **Baseline & documentation**
-   - Capture current interfaces (`Codex`, `Session`, `SessionTask`) and update developer docs to reference this refactor plan.
-   - Add smoke tests covering multi-task scenarios (regular + review + compact) to guard against regressions during extraction.
-
-2. **Introduce `AgentConfig`**
-   - Define struct + conversion helpers inside `codex-core`.
-   - Refactor internal `Session::new` / `TurnContext` builders to accept `AgentConfig` without changing external behaviour.
-
-3. **Service trait extraction**
-   - Carve out trait definitions (`CredentialsProvider`, `McpInterface`, `SandboxManager`, `RolloutSink`, `Notifier`).
-   - Provide adapters backed by existing `SessionServices`.
-   - Update `Session` and helper modules to depend on traits rather than concrete structs.
-
-4. **Create `codex-agent` crate**
-   - Scaffold crate, move runtime modules (`codex.rs`, `state`, `tasks`, `sandbox`) while keeping module paths stable via `pub use` re-exports.
-   - Resolve module imports to reference trait abstractions / helper crates (e.g., `codex_protocol`, `codex-apply-patch`).
-   - Ensure crate exposes `AgentRuntime`, `AgentHandle`, and service traits.
-
-5. **Adapt `codex-core`**
-   - Replace `Codex::spawn` with thin wrapper that constructs `AgentConfig`, runtime service adapters, and delegates to `codex-agent`.
-   - Update public API to re-export runtime types if downstream crates expect them.
-   - Confirm unit tests continue to pass.
-
-6. **Update front-ends**
-   - CLI crate: switch to new runtime API; verify login/auth flows, approvals, and sandbox invocations.
-   - Other binaries (`chatgpt`, etc.) migrate similarly, adjusting imports/config conversions.
-
-7. **Add training binary**
-   - Implement new `codex-agent-bin` crate providing CLI for Response API URL + auth.
-   - Reuse existing MCP client logic where possible; otherwise, provide minimal HTTP bridge translating Ops/Events.
-   - Add integration tests using mocked Response API.
-
-8. **Refine transport adapters**
-   - Add optional helper module offering channel/TCP/WebSocket adapters along with graceful shutdown behaviour.
-   - Document how hosts select or implement transports.
-
-9. **Finalize rollout persistence strategy**
-   - Implement `RolloutSink` adapters (file-based, in-memory, disabled).
-   - Ensure CLI wires existing recorder; training binary can opt in/out via flags.
-
-10. **Docs & polish**
-    - Update repository documentation (`README`, architecture docs) to reference the new crates and APIs.
-    - Record migration notes for downstream consumers.
-    - Run `just fmt`, scoped `just fix -p`, and targeted tests for touched crates before merging.
-
-11. **Validation**
-    - Execute `cargo test -p codex-agent`, `cargo test -p codex-core`, and full suite (`cargo test --all-features`) once shared crates change.
-    - Perform manual verification: CLI session, review task, training binary against mock Response API, ensuring approvals and sandboxing behave identically.

codex-rs/ansi-escape/Cargo.toml

@@ -8,9 +8,9 @@ name = "codex_ansi_escape"
 path = "src/lib.rs"
 
 [dependencies]
-ansi-to-tui = { workspace = true }
-ratatui = { workspace = true, features = [
+ansi-to-tui = "7.0.0"
+ratatui = { version = "0.29.0", features = [
     "unstable-rendered-line-info",
     "unstable-widget-ref",
 ] }
-tracing = { workspace = true, features = ["log"] }
+tracing = { version = "0.1.41", features = ["log"] }

codex-rs/ansi-escape/src/lib.rs

@@ -9,7 +9,7 @@ use ratatui::text::Text;
 pub fn ansi_escape_line(s: &str) -> Line<'static> {
     let text = ansi_escape(s);
     match text.lines.as_slice() {
-        [] => "".into(),
+        [] => Line::from(""),
         [only] => only.clone(),
         [first, rest @ ..] => {
             tracing::warn!("ansi_escape_line: expected a single line, got {first:?} and {rest:?}");

codex-rs/apply-patch/Cargo.toml

@@ -7,21 +7,16 @@ version = { workspace = true }
 name = "codex_apply_patch"
 path = "src/lib.rs"
 
-[[bin]]
-name = "apply_patch"
-path = "src/main.rs"
-
 [lints]
 workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-similar = { workspace = true }
-thiserror = { workspace = true }
-tree-sitter = { workspace = true }
-tree-sitter-bash = { workspace = true }
+anyhow = "1"
+similar = "2.7.0"
+thiserror = "2.0.12"
+tree-sitter = "0.25.8"
+tree-sitter-bash = "0.25.0"
 
 [dev-dependencies]
-assert_cmd = { workspace = true }
-pretty_assertions = { workspace = true }
-tempfile = { workspace = true }
+pretty_assertions = "1.4.1"
+tempfile = "3.13.0"

codex-rs/apply-patch/src/lib.rs

@@ -1,12 +1,10 @@
 mod parser;
 mod seek_sequence;
-mod standalone_executable;
 
 use std::collections::HashMap;
 use std::path::Path;
 use std::path::PathBuf;
 use std::str::Utf8Error;
-use std::sync::LazyLock;
 
 use anyhow::Context;
 use anyhow::Result;
@@ -19,13 +17,8 @@ use similar::TextDiff;
 use thiserror::Error;
 use tree_sitter::LanguageError;
 use tree_sitter::Parser;
-use tree_sitter::Query;
-use tree_sitter::QueryCursor;
-use tree_sitter::StreamingIterator;
 use tree_sitter_bash::LANGUAGE as BASH;
 
-pub use standalone_executable::main;
-
 /// Detailed instructions for gpt-4.1 on how to use the `apply_patch` tool.
 pub const APPLY_PATCH_TOOL_INSTRUCTIONS: &str = include_str!("../apply_patch_tool_instructions.md");
 
@@ -40,11 +33,6 @@ pub enum ApplyPatchError {
     /// Error that occurs while computing replacements when applying patch chunks
     #[error("{0}")]
     ComputeReplacements(String),
-    /// A raw patch body was provided without an explicit `apply_patch` invocation.
-    #[error(
-        "patch detected without explicit call to apply_patch. Rerun as [\"apply_patch\", \"<patch>\"]"
-    )]
-    ImplicitInvocation,
 }
 
 impl From<std::io::Error> for ApplyPatchError {
@@ -93,29 +81,26 @@ pub enum MaybeApplyPatch {
 pub struct ApplyPatchArgs {
     pub patch: String,
     pub hunks: Vec<Hunk>,
-    pub workdir: Option<String>,
 }
 
 pub fn maybe_parse_apply_patch(argv: &[String]) -> MaybeApplyPatch {
     match argv {
-        // Direct invocation: apply_patch <patch>
         [cmd, body] if APPLY_PATCH_COMMANDS.contains(&cmd.as_str()) => match parse_patch(body) {
             Ok(source) => MaybeApplyPatch::Body(source),
             Err(e) => MaybeApplyPatch::PatchParseError(e),
         },
-        // Bash heredoc form: (optional `cd <path> &&`) apply_patch <<'EOF' ...
-        [bash, flag, script] if bash == "bash" && flag == "-lc" => {
-            match extract_apply_patch_from_bash(script) {
-                Ok((body, workdir)) => match parse_patch(&body) {
-                    Ok(mut source) => {
-                        source.workdir = workdir;
-                        MaybeApplyPatch::Body(source)
-                    }
+        [bash, flag, script]
+            if bash == "bash"
+                && flag == "-lc"
+                && APPLY_PATCH_COMMANDS
+                    .iter()
+                    .any(|cmd| script.trim_start().starts_with(cmd)) =>
+        {
+            match extract_heredoc_body_from_apply_patch_command(script) {
+                Ok(body) => match parse_patch(&body) {
+                    Ok(source) => MaybeApplyPatch::Body(source),
                     Err(e) => MaybeApplyPatch::PatchParseError(e),
                 },
-                Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch) => {
-                    MaybeApplyPatch::NotApplyPatch
-                }
                 Err(e) => MaybeApplyPatch::ShellParseError(e),
             }
         }
@@ -128,9 +113,7 @@ pub enum ApplyPatchFileChange {
     Add {
         content: String,
     },
-    Delete {
-        content: String,
-    },
+    Delete,
     Update {
         unified_diff: String,
         move_path: Option<PathBuf>,
@@ -214,63 +197,17 @@ impl ApplyPatchAction {
 /// cwd must be an absolute path so that we can resolve relative paths in the
 /// patch.
 pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApplyPatchVerified {
-    // Detect a raw patch body passed directly as the command or as the body of a bash -lc
-    // script. In these cases, report an explicit error rather than applying the patch.
-    match argv {
-        [body] => {
-            if parse_patch(body).is_ok() {
-                return MaybeApplyPatchVerified::CorrectnessError(
-                    ApplyPatchError::ImplicitInvocation,
-                );
-            }
-        }
-        [bash, flag, script] if bash == "bash" && flag == "-lc" => {
-            if parse_patch(script).is_ok() {
-                return MaybeApplyPatchVerified::CorrectnessError(
-                    ApplyPatchError::ImplicitInvocation,
-                );
-            }
-        }
-        _ => {}
-    }
-
     match maybe_parse_apply_patch(argv) {
-        MaybeApplyPatch::Body(ApplyPatchArgs {
-            patch,
-            hunks,
-            workdir,
-        }) => {
-            let effective_cwd = workdir
-                .as_ref()
-                .map(|dir| {
-                    let path = Path::new(dir);
-                    if path.is_absolute() {
-                        path.to_path_buf()
-                    } else {
-                        cwd.join(path)
-                    }
-                })
-                .unwrap_or_else(|| cwd.to_path_buf());
+        MaybeApplyPatch::Body(ApplyPatchArgs { patch, hunks }) => {
             let mut changes = HashMap::new();
             for hunk in hunks {
-                let path = hunk.resolve_path(&effective_cwd);
+                let path = hunk.resolve_path(cwd);
                 match hunk {
                     Hunk::AddFile { contents, .. } => {
                         changes.insert(path, ApplyPatchFileChange::Add { content: contents });
                     }
                     Hunk::DeleteFile { .. } => {
-                        let content = match std::fs::read_to_string(&path) {
-                            Ok(content) => content,
-                            Err(e) => {
-                                return MaybeApplyPatchVerified::CorrectnessError(
-                                    ApplyPatchError::IoError(IoError {
-                                        context: format!("Failed to read {}", path.display()),
-                                        source: e,
-                                    }),
-                                );
-                            }
-                        };
-                        changes.insert(path, ApplyPatchFileChange::Delete { content });
+                        changes.insert(path, ApplyPatchFileChange::Delete);
                     }
                     Hunk::UpdateFile {
                         move_path, chunks, ..
@@ -298,7 +235,7 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
             MaybeApplyPatchVerified::Body(ApplyPatchAction {
                 changes,
                 patch,
-                cwd: effective_cwd,
+                cwd: cwd.to_path_buf(),
             })
         }
         MaybeApplyPatch::ShellParseError(e) => MaybeApplyPatchVerified::ShellParseError(e),
@@ -307,96 +244,33 @@ pub fn maybe_parse_apply_patch_verified(argv: &[String], cwd: &Path) -> MaybeApp
     }
 }
 
-/// Extract the heredoc body (and optional `cd` workdir) from a `bash -lc` script
-/// that invokes the apply_patch tool using a heredoc.
+/// Attempts to extract a heredoc_body object from a string bash command like:
+/// Optimistically
 ///
-/// Supported top‑level forms (must be the only top‑level statement):
-/// - `apply_patch <<'EOF'\n...\nEOF`
-/// - `cd <path> && apply_patch <<'EOF'\n...\nEOF`
+/// ```bash
+/// bash -lc 'apply_patch <<EOF\n***Begin Patch\n...EOF'
+/// ```
 ///
-/// Notes about matching:
-/// - Parsed with Tree‑sitter Bash and a strict query that uses anchors so the
-///   heredoc‑redirected statement is the only top‑level statement.
-/// - The connector between `cd` and `apply_patch` must be `&&` (not `|` or `||`).
-/// - Exactly one positional `word` argument is allowed for `cd` (no flags, no quoted
-///   strings, no second argument).
-/// - The apply command is validated in‑query via `#any-of?` to allow `apply_patch`
-///   or `applypatch`.
-/// - Preceding or trailing commands (e.g., `echo ...;` or `... && echo done`) do not match.
+/// # Arguments
 ///
-/// Returns `(heredoc_body, Some(path))` when the `cd` variant matches, or
-/// `(heredoc_body, None)` for the direct form. Errors are returned if the script
-/// cannot be parsed or does not match the allowed patterns.
-fn extract_apply_patch_from_bash(
+/// * `src` - A string slice that holds the full command
+///
+/// # Returns
+///
+/// This function returns a `Result` which is:
+///
+/// * `Ok(String)` - The heredoc body if the extraction is successful.
+/// * `Err(anyhow::Error)` - An error if the extraction fails.
+///
+fn extract_heredoc_body_from_apply_patch_command(
     src: &str,
-) -> std::result::Result<(String, Option<String>), ExtractHeredocError> {
-    // This function uses a Tree-sitter query to recognize one of two
-    // whole-script forms, each expressed as a single top-level statement:
-    //
-    // 1. apply_patch <<'EOF'\n...\nEOF
-    // 2. cd <path> && apply_patch <<'EOF'\n...\nEOF
-    //
-    // Key ideas when reading the query:
-    // - dots (`.`) between named nodes enforces adjacency among named children and
-    //   anchor to the start/end of the expression.
-    // - we match a single redirected_statement directly under program with leading
-    //   and trailing anchors (`.`). This ensures it is the only top-level statement
-    //   (so prefixes like `echo ...;` or suffixes like `... && echo done` do not match).
-    //
-    // Overall, we want to be conservative and only match the intended forms, as other
-    // forms are likely to be model errors, or incorrectly interpreted by later code.
-    //
-    // If you're editing this query, it's helpful to start by creating a debugging binary
-    // which will let you see the AST of an arbitrary bash script passed in, and optionally
-    // also run an arbitrary query against the AST. This is useful for understanding
-    // how tree-sitter parses the script and whether the query syntax is correct. Be sure
-    // to test both positive and negative cases.
-    static APPLY_PATCH_QUERY: LazyLock<Query> = LazyLock::new(|| {
-        let language = BASH.into();
-        #[expect(clippy::expect_used)]
-        Query::new(
-            &language,
-            r#"
-            (
-              program
-                . (redirected_statement
-                    body: (command
-                            name: (command_name (word) @apply_name) .)
-                    (#any-of? @apply_name "apply_patch" "applypatch")
-                    redirect: (heredoc_redirect
-                                . (heredoc_start)
-                                . (heredoc_body) @heredoc
-                                . (heredoc_end)
-                                .))
-                .)
-
-            (
-              program
-                . (redirected_statement
-                    body: (list
-                            . (command
-                                name: (command_name (word) @cd_name) .
-                                argument: [
-                                  (word) @cd_path
-                                  (string (string_content) @cd_path)
-                                  (raw_string) @cd_raw_string
-                                ] .)
-                            "&&"
-                            . (command
-                                name: (command_name (word) @apply_name))
-                            .)
-                    (#eq? @cd_name "cd")
-                    (#any-of? @apply_name "apply_patch" "applypatch")
-                    redirect: (heredoc_redirect
-                                . (heredoc_start)
-                                . (heredoc_body) @heredoc
-                                . (heredoc_end)
-                                .))
-                .)
-            "#,
-        )
-        .expect("valid bash query")
-    });
+) -> std::result::Result<String, ExtractHeredocError> {
+    if !APPLY_PATCH_COMMANDS
+        .iter()
+        .any(|cmd| src.trim_start().starts_with(cmd))
+    {
+        return Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch);
+    }
 
     let lang = BASH.into();
     let mut parser = Parser::new();
@@ -408,55 +282,26 @@ fn extract_apply_patch_from_bash(
         .ok_or(ExtractHeredocError::FailedToParsePatchIntoAst)?;
 
     let bytes = src.as_bytes();
-    let root = tree.root_node();
+    let mut c = tree.root_node().walk();
 
-    let mut cursor = QueryCursor::new();
-    let mut matches = cursor.matches(&APPLY_PATCH_QUERY, root, bytes);
-    while let Some(m) = matches.next() {
-        let mut heredoc_text: Option<String> = None;
-        let mut cd_path: Option<String> = None;
+    loop {
+        let node = c.node();
+        if node.kind() == "heredoc_body" {
+            let text = node
+                .utf8_text(bytes)
+                .map_err(ExtractHeredocError::HeredocNotUtf8)?;
+            return Ok(text.trim_end_matches('\n').to_owned());
+        }
 
-        for capture in m.captures.iter() {
-            let name = APPLY_PATCH_QUERY.capture_names()[capture.index as usize];
-            match name {
-                "heredoc" => {
-                    let text = capture
-                        .node
-                        .utf8_text(bytes)
-                        .map_err(ExtractHeredocError::HeredocNotUtf8)?
-                        .trim_end_matches('\n')
-                        .to_string();
-                    heredoc_text = Some(text);
-                }
-                "cd_path" => {
-                    let text = capture
-                        .node
-                        .utf8_text(bytes)
-                        .map_err(ExtractHeredocError::HeredocNotUtf8)?
-                        .to_string();
-                    cd_path = Some(text);
-                }
-                "cd_raw_string" => {
-                    let raw = capture
-                        .node
-                        .utf8_text(bytes)
-                        .map_err(ExtractHeredocError::HeredocNotUtf8)?;
-                    let trimmed = raw
-                        .strip_prefix('\'')
-                        .and_then(|s| s.strip_suffix('\''))
-                        .unwrap_or(raw);
-                    cd_path = Some(trimmed.to_string());
-                }
-                _ => {}
+        if c.goto_first_child() {
+            continue;
+        }
+        while !c.goto_next_sibling() {
+            if !c.goto_parent() {
+                return Err(ExtractHeredocError::FailedToFindHeredocBody);
             }
         }
-
-        if let Some(heredoc) = heredoc_text {
-            return Ok((heredoc, cd_path));
-        }
     }
-
-    Err(ExtractHeredocError::CommandDidNotStartWithApplyPatch)
 }
 
 #[derive(Debug, PartialEq)]
@@ -648,18 +493,21 @@ fn derive_new_contents_from_chunks(
         }
     };
 
-    let mut original_lines: Vec<String> = original_contents.split('\n').map(String::from).collect();
+    let mut original_lines: Vec<String> = original_contents
+        .split('\n')
+        .map(|s| s.to_string())
+        .collect();
 
     // Drop the trailing empty element that results from the final newline so
     // that line counts match the behaviour of standard `diff`.
-    if original_lines.last().is_some_and(String::is_empty) {
+    if original_lines.last().is_some_and(|s| s.is_empty()) {
         original_lines.pop();
     }
 
     let replacements = compute_replacements(&original_lines, path, chunks)?;
     let new_lines = apply_replacements(original_lines, &replacements);
     let mut new_lines = new_lines;
-    if !new_lines.last().is_some_and(String::is_empty) {
+    if !new_lines.last().is_some_and(|s| s.is_empty()) {
         new_lines.push(String::new());
     }
     let new_contents = new_lines.join("\n");
@@ -703,7 +551,7 @@ fn compute_replacements(
         if chunk.old_lines.is_empty() {
             // Pure addition (no old lines). We'll add them at the end or just
             // before the final empty line if one exists.
-            let insertion_idx = if original_lines.last().is_some_and(String::is_empty) {
+            let insertion_idx = if original_lines.last().is_some_and(|s| s.is_empty()) {
                 original_lines.len() - 1
             } else {
                 original_lines.len()
@@ -729,11 +577,11 @@ fn compute_replacements(
 
         let mut new_slice: &[String] = &chunk.new_lines;
 
-        if found.is_none() && pattern.last().is_some_and(String::is_empty) {
+        if found.is_none() && pattern.last().is_some_and(|s| s.is_empty()) {
             // Retry without the trailing empty line which represents the final
             // newline in the file.
             pattern = &pattern[..pattern.len() - 1];
-            if new_slice.last().is_some_and(String::is_empty) {
+            if new_slice.last().is_some_and(|s| s.is_empty()) {
                 new_slice = &new_slice[..new_slice.len() - 1];
             }
 
@@ -750,15 +598,13 @@ fn compute_replacements(
             line_index = start_idx + pattern.len();
         } else {
             return Err(ApplyPatchError::ComputeReplacements(format!(
-                "Failed to find expected lines in {}:\n{}",
-                path.display(),
-                chunk.old_lines.join("\n"),
+                "Failed to find expected lines {:?} in {}",
+                chunk.old_lines,
+                path.display()
             )));
         }
     }
 
-    replacements.sort_by(|(lhs_idx, _, _), (rhs_idx, _, _)| lhs_idx.cmp(rhs_idx));
-
     Ok(replacements)
 }
 
@@ -845,7 +691,6 @@ mod tests {
     use super::*;
     use pretty_assertions::assert_eq;
     use std::fs;
-    use std::string::ToString;
     use tempfile::tempdir;
 
     /// Helper to construct a patch with the given body.
@@ -854,72 +699,7 @@ mod tests {
     }
 
     fn strs_to_strings(strs: &[&str]) -> Vec<String> {
-        strs.iter().map(ToString::to_string).collect()
-    }
-
-    // Test helpers to reduce repetition when building bash -lc heredoc scripts
-    fn args_bash(script: &str) -> Vec<String> {
-        strs_to_strings(&["bash", "-lc", script])
-    }
-
-    fn heredoc_script(prefix: &str) -> String {
-        format!(
-            "{prefix}apply_patch <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH"
-        )
-    }
-
-    fn heredoc_script_ps(prefix: &str, suffix: &str) -> String {
-        format!(
-            "{prefix}apply_patch <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH{suffix}"
-        )
-    }
-
-    fn expected_single_add() -> Vec<Hunk> {
-        vec![Hunk::AddFile {
-            path: PathBuf::from("foo"),
-            contents: "hi\n".to_string(),
-        }]
-    }
-
-    fn assert_match(script: &str, expected_workdir: Option<&str>) {
-        let args = args_bash(script);
-        match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, workdir, .. }) => {
-                assert_eq!(workdir.as_deref(), expected_workdir);
-                assert_eq!(hunks, expected_single_add());
-            }
-            result => panic!("expected MaybeApplyPatch::Body got {result:?}"),
-        }
-    }
-
-    fn assert_not_match(script: &str) {
-        let args = args_bash(script);
-        assert!(matches!(
-            maybe_parse_apply_patch(&args),
-            MaybeApplyPatch::NotApplyPatch
-        ));
-    }
-
-    #[test]
-    fn test_implicit_patch_single_arg_is_error() {
-        let patch = "*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch".to_string();
-        let args = vec![patch];
-        let dir = tempdir().unwrap();
-        assert!(matches!(
-            maybe_parse_apply_patch_verified(&args, dir.path()),
-            MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation)
-        ));
-    }
-
-    #[test]
-    fn test_implicit_patch_bash_script_is_error() {
-        let script = "*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch";
-        let args = args_bash(script);
-        let dir = tempdir().unwrap();
-        assert!(matches!(
-            maybe_parse_apply_patch_verified(&args, dir.path()),
-            MaybeApplyPatchVerified::CorrectnessError(ApplyPatchError::ImplicitInvocation)
-        ));
+        strs.iter().map(|s| s.to_string()).collect()
     }
 
     #[test]
@@ -934,7 +714,7 @@ mod tests {
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, .. }) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -959,7 +739,7 @@ mod tests {
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, .. }) => {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -974,7 +754,29 @@ mod tests {
 
     #[test]
     fn test_heredoc() {
-        assert_match(&heredoc_script(""), None);
+        let args = strs_to_strings(&[
+            "bash",
+            "-lc",
+            r#"apply_patch <<'PATCH'
+*** Begin Patch
+*** Add File: foo
++hi
+*** End Patch
+PATCH"#,
+        ]);
+
+        match maybe_parse_apply_patch(&args) {
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
+                assert_eq!(
+                    hunks,
+                    vec![Hunk::AddFile {
+                        path: PathBuf::from("foo"),
+                        contents: "hi\n".to_string()
+                    }]
+                );
+            }
+            result => panic!("expected MaybeApplyPatch::Body got {result:?}"),
+        }
     }
 
     #[test]
@@ -991,8 +793,7 @@ PATCH"#,
         ]);
 
         match maybe_parse_apply_patch(&args) {
-            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, workdir, .. }) => {
-                assert_eq!(workdir, None);
+            MaybeApplyPatch::Body(ApplyPatchArgs { hunks, patch: _ }) => {
                 assert_eq!(
                     hunks,
                     vec![Hunk::AddFile {
@@ -1005,69 +806,6 @@ PATCH"#,
         }
     }
 
-    #[test]
-    fn test_heredoc_with_leading_cd() {
-        assert_match(&heredoc_script("cd foo && "), Some("foo"));
-    }
-
-    #[test]
-    fn test_cd_with_semicolon_is_ignored() {
-        assert_not_match(&heredoc_script("cd foo; "));
-    }
-
-    #[test]
-    fn test_cd_or_apply_patch_is_ignored() {
-        assert_not_match(&heredoc_script("cd bar || "));
-    }
-
-    #[test]
-    fn test_cd_pipe_apply_patch_is_ignored() {
-        assert_not_match(&heredoc_script("cd bar | "));
-    }
-
-    #[test]
-    fn test_cd_single_quoted_path_with_spaces() {
-        assert_match(&heredoc_script("cd 'foo bar' && "), Some("foo bar"));
-    }
-
-    #[test]
-    fn test_cd_double_quoted_path_with_spaces() {
-        assert_match(&heredoc_script("cd \"foo bar\" && "), Some("foo bar"));
-    }
-
-    #[test]
-    fn test_echo_and_apply_patch_is_ignored() {
-        assert_not_match(&heredoc_script("echo foo && "));
-    }
-
-    #[test]
-    fn test_apply_patch_with_arg_is_ignored() {
-        let script = "apply_patch foo <<'PATCH'\n*** Begin Patch\n*** Add File: foo\n+hi\n*** End Patch\nPATCH";
-        assert_not_match(script);
-    }
-
-    #[test]
-    fn test_double_cd_then_apply_patch_is_ignored() {
-        assert_not_match(&heredoc_script("cd foo && cd bar && "));
-    }
-
-    #[test]
-    fn test_cd_two_args_is_ignored() {
-        assert_not_match(&heredoc_script("cd foo bar && "));
-    }
-
-    #[test]
-    fn test_cd_then_apply_patch_then_extra_is_ignored() {
-        let script = heredoc_script_ps("cd bar && ", " && echo done");
-        assert_not_match(&script);
-    }
-
-    #[test]
-    fn test_echo_then_cd_and_apply_patch_is_ignored() {
-        // Ensure preceding commands before the `cd && apply_patch <<...` sequence do not match.
-        assert_not_match(&heredoc_script("echo foo; cd bar && "));
-    }
-
     #[test]
     fn test_add_file_hunk_creates_file_with_contents() {
         let dir = tempdir().unwrap();
@@ -1265,33 +1003,6 @@ PATCH"#,
         assert_eq!(contents, "a\nB\nc\nd\nE\nf\ng\n");
     }
 
-    #[test]
-    fn test_pure_addition_chunk_followed_by_removal() {
-        let dir = tempdir().unwrap();
-        let path = dir.path().join("panic.txt");
-        fs::write(&path, "line1\nline2\nline3\n").unwrap();
-        let patch = wrap_patch(&format!(
-            r#"*** Update File: {}
-@@
-+after-context
-+second-line
-@@
- line1
--line2
--line3
-+line2-replacement"#,
-            path.display()
-        ));
-        let mut stdout = Vec::new();
-        let mut stderr = Vec::new();
-        apply_patch(&patch, &mut stdout, &mut stderr).unwrap();
-        let contents = fs::read_to_string(path).unwrap();
-        assert_eq!(
-            contents,
-            "line1\nline2-replacement\nafter-context\nsecond-line\n"
-        );
-    }
-
     /// Ensure that patches authored with ASCII characters can update lines that
     /// contain typographic Unicode punctuation (e.g. EN DASH, NON-BREAKING
     /// HYPHEN). Historically `git apply` succeeds in such scenarios but our

codex-rs/apply-patch/src/main.rs

@@ -1,3 +0,0 @@
-pub fn main() -> ! {
-    codex_apply_patch::main()
-}

codex-rs/apply-patch/src/parser.rs

@@ -175,11 +175,7 @@ fn parse_patch_text(patch: &str, mode: ParseMode) -> Result<ApplyPatchArgs, Pars
         remaining_lines = &remaining_lines[hunk_lines..]
     }
     let patch = lines.join("\n");
-    Ok(ApplyPatchArgs {
-        hunks,
-        patch,
-        workdir: None,
-    })
+    Ok(ApplyPatchArgs { hunks, patch })
 }
 
 /// Checks the start and end lines of the patch text for `apply_patch`,
@@ -590,8 +586,7 @@ fn test_parse_patch_lenient() {
         parse_patch_text(&patch_text_in_heredoc, ParseMode::Lenient),
         Ok(ApplyPatchArgs {
             hunks: expected_patch.clone(),
-            patch: patch_text.to_string(),
-            workdir: None,
+            patch: patch_text.to_string()
         })
     );
 
@@ -604,8 +599,7 @@ fn test_parse_patch_lenient() {
         parse_patch_text(&patch_text_in_single_quoted_heredoc, ParseMode::Lenient),
         Ok(ApplyPatchArgs {
             hunks: expected_patch.clone(),
-            patch: patch_text.to_string(),
-            workdir: None,
+            patch: patch_text.to_string()
         })
     );
 
@@ -617,9 +611,8 @@ fn test_parse_patch_lenient() {
     assert_eq!(
         parse_patch_text(&patch_text_in_double_quoted_heredoc, ParseMode::Lenient),
         Ok(ApplyPatchArgs {
-            hunks: expected_patch,
-            patch: patch_text.to_string(),
-            workdir: None,
+            hunks: expected_patch.clone(),
+            patch: patch_text.to_string()
         })
     );
 
@@ -637,7 +630,7 @@ fn test_parse_patch_lenient() {
         "<<EOF\n*** Begin Patch\n*** Update File: file2.py\nEOF\n".to_string();
     assert_eq!(
         parse_patch_text(&patch_text_with_missing_closing_heredoc, ParseMode::Strict),
-        Err(expected_error)
+        Err(expected_error.clone())
     );
     assert_eq!(
         parse_patch_text(&patch_text_with_missing_closing_heredoc, ParseMode::Lenient),

codex-rs/apply-patch/src/seek_sequence.rs

@@ -112,10 +112,9 @@ pub(crate) fn seek_sequence(
 #[cfg(test)]
 mod tests {
     use super::seek_sequence;
-    use std::string::ToString;
 
     fn to_vec(strings: &[&str]) -> Vec<String> {
-        strings.iter().map(ToString::to_string).collect()
+        strings.iter().map(|s| s.to_string()).collect()
     }
 
     #[test]

codex-rs/apply-patch/src/standalone_executable.rs

@@ -1,59 +0,0 @@
-use std::io::Read;
-use std::io::Write;
-
-pub fn main() -> ! {
-    let exit_code = run_main();
-    std::process::exit(exit_code);
-}
-
-/// We would prefer to return `std::process::ExitCode`, but its `exit_process()`
-/// method is still a nightly API and we want main() to return !.
-pub fn run_main() -> i32 {
-    // Expect either one argument (the full apply_patch payload) or read it from stdin.
-    let mut args = std::env::args_os();
-    let _argv0 = args.next();
-
-    let patch_arg = match args.next() {
-        Some(arg) => match arg.into_string() {
-            Ok(s) => s,
-            Err(_) => {
-                eprintln!("Error: apply_patch requires a UTF-8 PATCH argument.");
-                return 1;
-            }
-        },
-        None => {
-            // No argument provided; attempt to read the patch from stdin.
-            let mut buf = String::new();
-            match std::io::stdin().read_to_string(&mut buf) {
-                Ok(_) => {
-                    if buf.is_empty() {
-                        eprintln!("Usage: apply_patch 'PATCH'\n       echo 'PATCH' | apply-patch");
-                        return 2;
-                    }
-                    buf
-                }
-                Err(err) => {
-                    eprintln!("Error: Failed to read PATCH from stdin.\n{err}");
-                    return 1;
-                }
-            }
-        }
-    };
-
-    // Refuse extra args to avoid ambiguity.
-    if args.next().is_some() {
-        eprintln!("Error: apply_patch accepts exactly one argument.");
-        return 2;
-    }
-
-    let mut stdout = std::io::stdout();
-    let mut stderr = std::io::stderr();
-    match crate::apply_patch(&patch_arg, &mut stdout, &mut stderr) {
-        Ok(()) => {
-            // Flush to ensure output ordering when used in pipelines.
-            let _ = stdout.flush();
-            0
-        }
-        Err(_) => 1,
-    }
-}

codex-rs/apply-patch/tests/all.rs

@@ -1,3 +0,0 @@
-// Single integration test binary that aggregates all test modules.
-// The submodules live in `tests/suite/`.
-mod suite;

codex-rs/apply-patch/tests/suite/cli.rs

@@ -1,90 +0,0 @@
-use assert_cmd::prelude::*;
-use std::fs;
-use std::process::Command;
-use tempfile::tempdir;
-
-#[test]
-fn test_apply_patch_cli_add_and_update() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let file = "cli_test.txt";
-    let absolute_path = tmp.path().join(file);
-
-    // 1) Add a file
-    let add_patch = format!(
-        r#"*** Begin Patch
-*** Add File: {file}
-+hello
-*** End Patch"#
-    );
-    Command::cargo_bin("apply_patch")
-        .expect("should find apply_patch binary")
-        .arg(add_patch)
-        .current_dir(tmp.path())
-        .assert()
-        .success()
-        .stdout(format!("Success. Updated the following files:\nA {file}\n"));
-    assert_eq!(fs::read_to_string(&absolute_path)?, "hello\n");
-
-    // 2) Update the file
-    let update_patch = format!(
-        r#"*** Begin Patch
-*** Update File: {file}
-@@
--hello
-+world
-*** End Patch"#
-    );
-    Command::cargo_bin("apply_patch")
-        .expect("should find apply_patch binary")
-        .arg(update_patch)
-        .current_dir(tmp.path())
-        .assert()
-        .success()
-        .stdout(format!("Success. Updated the following files:\nM {file}\n"));
-    assert_eq!(fs::read_to_string(&absolute_path)?, "world\n");
-
-    Ok(())
-}
-
-#[test]
-fn test_apply_patch_cli_stdin_add_and_update() -> anyhow::Result<()> {
-    let tmp = tempdir()?;
-    let file = "cli_test_stdin.txt";
-    let absolute_path = tmp.path().join(file);
-
-    // 1) Add a file via stdin
-    let add_patch = format!(
-        r#"*** Begin Patch
-*** Add File: {file}
-+hello
-*** End Patch"#
-    );
-    let mut cmd =
-        assert_cmd::Command::cargo_bin("apply_patch").expect("should find apply_patch binary");
-    cmd.current_dir(tmp.path());
-    cmd.write_stdin(add_patch)
-        .assert()
-        .success()
-        .stdout(format!("Success. Updated the following files:\nA {file}\n"));
-    assert_eq!(fs::read_to_string(&absolute_path)?, "hello\n");
-
-    // 2) Update the file via stdin
-    let update_patch = format!(
-        r#"*** Begin Patch
-*** Update File: {file}
-@@
--hello
-+world
-*** End Patch"#
-    );
-    let mut cmd =
-        assert_cmd::Command::cargo_bin("apply_patch").expect("should find apply_patch binary");
-    cmd.current_dir(tmp.path());
-    cmd.write_stdin(update_patch)
-        .assert()
-        .success()
-        .stdout(format!("Success. Updated the following files:\nM {file}\n"));
-    assert_eq!(fs::read_to_string(&absolute_path)?, "world\n");
-
-    Ok(())
-}

codex-rs/apply-patch/tests/suite/mod.rs

@@ -1 +0,0 @@
-mod cli;

codex-rs/arg0/Cargo.toml

@@ -11,10 +11,9 @@ path = "src/lib.rs"
 workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-codex-apply-patch = { workspace = true }
-codex-core = { workspace = true }
-codex-linux-sandbox = { workspace = true }
-dotenvy = { workspace = true }
-tempfile = { workspace = true }
-tokio = { workspace = true, features = ["rt-multi-thread"] }
+anyhow = "1"
+codex-apply-patch = { path = "../apply-patch" }
+codex-core = { path = "../core" }
+codex-linux-sandbox = { path = "../linux-sandbox" }
+dotenvy = "0.15.7"
+tokio = { version = "1", features = ["rt-multi-thread"] }

codex-rs/arg0/src/lib.rs

@@ -3,13 +3,6 @@ use std::path::Path;
 use std::path::PathBuf;
 
 use codex_core::CODEX_APPLY_PATCH_ARG1;
-#[cfg(unix)]
-use std::os::unix::fs::symlink;
-use tempfile::TempDir;
-
-const LINUX_SANDBOX_ARG0: &str = "codex-linux-sandbox";
-const APPLY_PATCH_ARG0: &str = "apply_patch";
-const MISSPELLED_APPLY_PATCH_ARG0: &str = "applypatch";
 
 /// While we want to deploy the Codex CLI as a single executable for simplicity,
 /// we also want to expose some of its functionality as distinct CLIs, so we use
@@ -21,7 +14,8 @@ const MISSPELLED_APPLY_PATCH_ARG0: &str = "applypatch";
 /// `codex-linux-sandbox` we *directly* execute
 /// [`codex_linux_sandbox::run_main`] (which never returns). Otherwise we:
 ///
-/// 1.  Load `.env` values from `~/.codex/.env` before creating any threads.
+/// 1.  Use [`dotenvy::from_path`] and [`dotenvy::dotenv`] to modify the
+///     environment before creating any threads.
 /// 2.  Construct a Tokio multi-thread runtime.
 /// 3.  Derive the path to the current executable (so children can re-invoke the
 ///     sandbox) when running on Linux.
@@ -45,16 +39,14 @@ where
         .and_then(|s| s.to_str())
         .unwrap_or("");
 
-    if exe_name == LINUX_SANDBOX_ARG0 {
+    if exe_name == "codex-linux-sandbox" {
         // Safety: [`run_main`] never returns.
         codex_linux_sandbox::run_main();
-    } else if exe_name == APPLY_PATCH_ARG0 || exe_name == MISSPELLED_APPLY_PATCH_ARG0 {
-        codex_apply_patch::main();
     }
 
     let argv1 = args.next().unwrap_or_default();
     if argv1 == CODEX_APPLY_PATCH_ARG1 {
-        let patch_arg = args.next().and_then(|s| s.to_str().map(str::to_owned));
+        let patch_arg = args.next().and_then(|s| s.to_str().map(|s| s.to_owned()));
         let exit_code = match patch_arg {
             Some(patch_arg) => {
                 let mut stdout = std::io::stdout();
@@ -76,19 +68,6 @@ where
     // before creating any threads/the Tokio runtime.
     load_dotenv();
 
-    // Retain the TempDir so it exists for the lifetime of the invocation of
-    // this executable. Admittedly, we could invoke `keep()` on it, but it
-    // would be nice to avoid leaving temporary directories behind, if possible.
-    let _path_entry = match prepend_path_entry_for_apply_patch() {
-        Ok(path_entry) => Some(path_entry),
-        Err(err) => {
-            // It is possible that Codex will proceed successfully even if
-            // updating the PATH fails, so warn the user and move on.
-            eprintln!("WARNING: proceeding, even though we could not update PATH: {err}");
-            None
-        }
-    };
-
     // Regular invocation – create a Tokio runtime and execute the provided
     // async entry-point.
     let runtime = tokio::runtime::Runtime::new()?;
@@ -105,7 +84,7 @@ where
 
 const ILLEGAL_ENV_VAR_PREFIX: &str = "CODEX_";
 
-/// Load env vars from ~/.codex/.env.
+/// Load env vars from ~/.codex/.env and `$(pwd)/.env`.
 ///
 /// Security: Do not allow `.env` files to create or modify any variables
 /// with names starting with `CODEX_`.
@@ -115,6 +94,10 @@ fn load_dotenv() {
     {
         set_filtered(iter);
     }
+
+    if let Ok(iter) = dotenvy::dotenv_iter() {
+        set_filtered(iter);
+    }
 }
 
 /// Helper to set vars from a dotenvy iterator while filtering out `CODEX_` keys.
@@ -130,67 +113,3 @@ where
         }
     }
 }
-
-/// Creates a temporary directory with either:
-///
-/// - UNIX: `apply_patch` symlink to the current executable
-/// - WINDOWS: `apply_patch.bat` batch script to invoke the current executable
-///   with the "secret" --codex-run-as-apply-patch flag.
-///
-/// This temporary directory is prepended to the PATH environment variable so
-/// that `apply_patch` can be on the PATH without requiring the user to
-/// install a separate `apply_patch` executable, simplifying the deployment of
-/// Codex CLI.
-///
-/// IMPORTANT: This function modifies the PATH environment variable, so it MUST
-/// be called before multiple threads are spawned.
-fn prepend_path_entry_for_apply_patch() -> std::io::Result<TempDir> {
-    let temp_dir = TempDir::new()?;
-    let path = temp_dir.path();
-
-    for filename in &[APPLY_PATCH_ARG0, MISSPELLED_APPLY_PATCH_ARG0] {
-        let exe = std::env::current_exe()?;
-
-        #[cfg(unix)]
-        {
-            let link = path.join(filename);
-            symlink(&exe, &link)?;
-        }
-
-        #[cfg(windows)]
-        {
-            let batch_script = path.join(format!("{filename}.bat"));
-            std::fs::write(
-                &batch_script,
-                format!(
-                    r#"@echo off
-"{}" {CODEX_APPLY_PATCH_ARG1} %*
-"#,
-                    exe.display()
-                ),
-            )?;
-        }
-    }
-
-    #[cfg(unix)]
-    const PATH_SEPARATOR: &str = ":";
-
-    #[cfg(windows)]
-    const PATH_SEPARATOR: &str = ";";
-
-    let path_element = path.display();
-    let updated_path_env_var = match std::env::var("PATH") {
-        Ok(existing_path) => {
-            format!("{path_element}{PATH_SEPARATOR}{existing_path}")
-        }
-        Err(_) => {
-            format!("{path_element}")
-        }
-    };
-
-    unsafe {
-        std::env::set_var("PATH", updated_path_env_var);
-    }
-
-    Ok(temp_dir)
-}

codex-rs/chatgpt/Cargo.toml

@@ -7,13 +7,15 @@ version = { workspace = true }
 workspace = true
 
 [dependencies]
-anyhow = { workspace = true }
-clap = { workspace = true, features = ["derive"] }
-codex-common = { workspace = true, features = ["cli"] }
-codex-core = { workspace = true }
-serde = { workspace = true, features = ["derive"] }
-serde_json = { workspace = true }
-tokio = { workspace = true, features = ["full"] }
+anyhow = "1"
+clap = { version = "4", features = ["derive"] }
+codex-common = { path = "../common", features = ["cli"] }
+codex-core = { path = "../core" }
+codex-login = { path = "../login" }
+reqwest = { version = "0.12", features = ["json", "stream"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+tokio = { version = "1", features = ["full"] }
 
 [dev-dependencies]
-tempfile = { workspace = true }
+tempfile = "3"