u

## Summary
- add `tokio-test` dev dependency
- implement response stream parsing unit tests

## Testing
- `cargo clippy -p codex-core --tests -- -D warnings`
- `cargo test -p codex-core -- --nocapture`

------
https://chatgpt.com/codex/tasks/task_i_687163f3b2208321a6ce2adbef3fbc06

.github/actions/codex/bun.lock

@@ -8,8 +8,8 @@
         "@actions/github": "^6.0.1",
       },
       "devDependencies": {
-        "@types/bun": "^1.2.11",
-        "@types/node": "^22.15.21",
+        "@types/bun": "^1.2.18",
+        "@types/node": "^24.0.13",
         "prettier": "^3.6.2",
         "typescript": "^5.8.3",
       },
@@ -48,13 +48,17 @@
 
     "@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
 
-    "@types/bun": ["@types/bun@1.2.13", "", { "dependencies": { "bun-types": "1.2.13" } }, "sha512-u6vXep/i9VBxoJl3GjZsl/BFIsvML8DfVDO0RYLEwtSZSp981kEO1V5NwRcO1CPJ7AmvpbnDCiMKo3JvbDEjAg=="],
+    "@types/bun": ["@types/bun@1.2.18", "", { "dependencies": { "bun-types": "1.2.18" } }, "sha512-Xf6RaWVheyemaThV0kUfaAUvCNokFr+bH8Jxp+tTZfx7dAPA8z9ePnP9S9+Vspzuxxx9JRAXhnyccRj3GyCMdQ=="],
 
-    "@types/node": ["@types/node@22.15.21", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-EV/37Td6c+MgKAbkcLG6vqZ2zEYHD7bvSrzqqs2RIhbA6w3x+Dqz8MZM3sP6kGTeLrdoOgKZe+Xja7tUB2DNkQ=="],
+    "@types/node": ["@types/node@24.0.13", "", { "dependencies": { "undici-types": "~7.8.0" } }, "sha512-Qm9OYVOFHFYg3wJoTSrz80hoec5Lia/dPp84do3X7dZvLikQvM1YpmvTBEdIr/e+U8HTkFjLHLnl78K/qjf+jQ=="],
+
+    "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
 
     "before-after-hook": ["before-after-hook@2.2.3", "", {}, "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="],
 
-    "bun-types": ["bun-types@1.2.13", "", { "dependencies": { "@types/node": "*" } }, "sha512-rRjA1T6n7wto4gxhAO/ErZEtOXyEZEmnIHQfl0Dt1QQSB4QV0iP6BZ9/YB5fZaHFQ2dwHFrmPaRQ9GGMX01k9Q=="],
+    "bun-types": ["bun-types@1.2.18", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-04+Eha5NP7Z0A9YgDAzMk5PHR16ZuLVa83b26kH5+cp1qZW4F6FmAURngE7INf4tKOvCE69vYvDEwoNl1tGiWw=="],
+
+    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],
 
     "deprecation": ["deprecation@2.3.1", "", {}, "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="],
 
@@ -68,7 +72,7 @@
 
     "undici": ["undici@5.29.0", "", { "dependencies": { "@fastify/busboy": "^2.0.0" } }, "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg=="],
 
-    "undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
+    "undici-types": ["undici-types@7.8.0", "", {}, "sha512-9UJ2xGDvQ43tYyVMpuHlsgApydB8ZKfVYTsLDhXkFL/6gfkp+U8xTGdh8pMJv1SpZna0zxG1DwsKZsreLbXBxw=="],
 
     "universal-user-agent": ["universal-user-agent@6.0.1", "", {}, "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ=="],
 

.github/actions/codex/package.json

@@ -13,8 +13,8 @@
         "@actions/github": "^6.0.1"
     },
     "devDependencies": {
-        "@types/bun": "^1.2.11",
-        "@types/node": "^22.15.21",
+        "@types/bun": "^1.2.18",
+        "@types/node": "^24.0.13",
         "prettier": "^3.6.2",
         "typescript": "^5.8.3"
     }

codex-cli/scripts/README.md

@@ -0,0 +1,9 @@
+# npm releases
+
+Run the following:
+
+To build the 0.2.x or later version of the npm module, which runs the Rust version of the CLI, build it as follows:
+
+```bash
+./codex-cli/scripts/stage_rust_release.py --release-version 0.6.0
+```

codex-cli/scripts/stage_release.sh

@@ -4,10 +4,7 @@
 # -----------------------------------------------------------------------------
 # Stages an npm release for @openai/codex.
 #
-# The script used to accept a single optional positional argument that indicated
-# the temporary directory in which to stage the package.  We now support a
-# flag-based interface so that we can extend the command with further options
-# without breaking the call-site contract.
+# Usage:
 #
 #   --tmp <dir>  : Use <dir> instead of a freshly created temp directory.
 #   --native     : Bundle the pre-built Rust CLI binaries for Linux alongside
@@ -141,7 +138,8 @@ popd >/dev/null
 echo "Staged version $VERSION for release in $TMPDIR"
 
 if [[ "$INCLUDE_NATIVE" -eq 1 ]]; then
-  echo "Test Rust:"
+  echo "Verify the CLI:"
+  echo "    node ${TMPDIR}/bin/codex.js --version"
   echo "    node ${TMPDIR}/bin/codex.js --help"
 else
   echo "Test Node:"

codex-cli/src/components/chat/terminal-chat-input.tsx

@@ -10,19 +10,25 @@ import type {
 import MultilineTextEditor from "./multiline-editor";
 import { TerminalChatCommandReview } from "./terminal-chat-command-review.js";
 import TextCompletions from "./terminal-chat-completions.js";
-import { loadConfig } from "../../utils/config.js";
+import { loadConfig, type AppConfig } from "../../utils/config.js";
 import { getFileSystemSuggestions } from "../../utils/file-system-suggestions.js";
 import { expandFileTags } from "../../utils/file-tag-utils";
 import { createInputItem } from "../../utils/input-utils.js";
 import { log } from "../../utils/logger/log.js";
 import { setSessionId } from "../../utils/session.js";
 import { SLASH_COMMANDS, type SlashCommand } from "../../utils/slash-commands";
+import {
+  runSecurityReview,
+  SecurityReviewError,
+} from "../../utils/security-review.js";
+import type { SecurityReviewMode } from "../../utils/security-review.js";
 import {
   loadCommandHistory,
   addToHistory,
 } from "../../utils/storage/command-history.js";
 import { clearTerminal, onExit } from "../../utils/terminal.js";
 import { Box, Text, useApp, useInput, useStdin } from "ink";
+import path from "node:path";
 import { fileURLToPath } from "node:url";
 import React, {
   useCallback,
@@ -39,6 +45,130 @@ const suggestions = [
   "are there any bugs in my code?",
 ];
 
+const SEC_REVIEW_COMMAND = "/secreview";
+
+type SecReviewCommandOptions = {
+  mode: SecurityReviewMode;
+  includePaths: Array<string>;
+  outputPath?: string;
+  repoPath?: string;
+  modelName?: string;
+};
+
+function tokenizeCommand(input: string): Array<string> {
+  const tokens: Array<string> = [];
+  const regex = /"([^"]*)"|'([^']*)'|(\S+)/g;
+  let match: RegExpExecArray | null;
+  while ((match = regex.exec(input)) !== null) {
+    if (match[1] != null) {
+      tokens.push(match[1]);
+    } else if (match[2] != null) {
+      tokens.push(match[2]);
+    } else if (match[3] != null) {
+      tokens.push(match[3]);
+    }
+  }
+  return tokens;
+}
+
+function parseSecReviewCommand(input: string): SecReviewCommandOptions {
+  const tokens = tokenizeCommand(input).slice(1); // drop the command itself
+  let mode: SecurityReviewMode = "full";
+  const includePaths: Array<string> = [];
+  let outputPath: string | undefined;
+  let repoPath: string | undefined;
+  let modelName: string | undefined;
+
+  const parseMode = (value: string, option: string) => {
+    if (value === "bugs") {
+      mode = "bugs";
+    } else if (value === "full") {
+      mode = "full";
+    } else {
+      throw new Error(`Unknown ${option} value "${value}". Use "full" or "bugs".`);
+    }
+  };
+
+  for (let i = 0; i < tokens.length; i += 1) {
+    const token = tokens[i];
+
+    const expectValue = (label: string): string => {
+      if (i + 1 >= tokens.length) {
+        throw new Error(`Expected value after ${label}`);
+      }
+      i += 1;
+      return tokens[i];
+    };
+
+    if (token === "--") {
+      break;
+    } else if (token === "bugs" || token === "--bugs" || token === "--mode=bugs") {
+      mode = "bugs";
+    } else if (token === "full" || token === "--full" || token === "--mode=full") {
+      mode = "full";
+    } else if (token === "--mode") {
+      parseMode(expectValue("--mode"), "--mode");
+    } else if (token.startsWith("--mode=")) {
+      parseMode(token.slice("--mode=".length), "--mode");
+    } else if (token === "--path" || token === "-p") {
+      includePaths.push(expectValue(token));
+    } else if (token.startsWith("--path=")) {
+      includePaths.push(token.slice("--path=".length));
+    } else if (token.startsWith("-p=")) {
+      includePaths.push(token.slice("-p=".length));
+    } else if (
+      token === "--output" ||
+      token === "-o" ||
+      token === "--output-location"
+    ) {
+      outputPath = expectValue(token);
+    } else if (token.startsWith("--output=")) {
+      outputPath = token.slice("--output=".length);
+    } else if (token.startsWith("-o=")) {
+      outputPath = token.slice("-o=".length);
+    } else if (
+      token === "--repo" ||
+      token === "--repo-location" ||
+      token === "--repository"
+    ) {
+      repoPath = expectValue(token);
+    } else if (token.startsWith("--repo=")) {
+      repoPath = token.slice("--repo=".length);
+    } else if (token.startsWith("--repo-location=")) {
+      repoPath = token.slice("--repo-location=".length);
+    } else if (token === "--model" || token === "--model-name") {
+      modelName = expectValue(token);
+    } else if (token.startsWith("--model=")) {
+      modelName = token.slice("--model=".length);
+    } else if (token.startsWith("--model-name=")) {
+      modelName = token.slice("--model-name=".length);
+    } else if (token.length > 0) {
+      includePaths.push(token);
+    }
+  }
+
+  return {
+    mode,
+    includePaths: includePaths.filter((p) => p.length > 0),
+    outputPath,
+    repoPath,
+    modelName,
+  };
+}
+
+function trimLogOutput(logText: string, maxLines: number = 40): string {
+  const normalised = logText.replace(/\r\n/g, "\n").trimEnd();
+  if (normalised === "") {
+    return "(empty)";
+  }
+  const lines = normalised.split("\n");
+  if (lines.length <= maxLines) {
+    return normalised;
+  }
+  const tail = lines.slice(-maxLines);
+  return ["… (showing last " + maxLines + " lines)", ...tail].join("\n");
+}
+
 export default function TerminalChatInput({
   isNew,
   loading,
@@ -60,6 +190,7 @@ export default function TerminalChatInput({
   active,
   thinkingSeconds,
   items = [],
+  config,
 }: {
   isNew: boolean;
   loading: boolean;
@@ -85,6 +216,7 @@ export default function TerminalChatInput({
   thinkingSeconds: number;
   // New: current conversation items so we can include them in bug reports
   items?: Array<ResponseItem>;
+  config: AppConfig;
 }): React.ReactElement {
   // Slash command suggestion index
   const [selectedSlashSuggestion, setSelectedSlashSuggestion] =
@@ -512,6 +644,230 @@ export default function TerminalChatInput({
       } else if (inputValue.startsWith("/approval")) {
         setInput("");
         openApprovalOverlay();
+        return;
+      } else if (inputValue.startsWith(SEC_REVIEW_COMMAND)) {
+        setInput("");
+        const commandId = `secreview-${Date.now()}`;
+
+        let parsed: SecReviewCommandOptions;
+        try {
+          parsed = parseSecReviewCommand(inputValue);
+        } catch (error) {
+          const message =
+            error instanceof Error ? error.message : String(error);
+          setItems((prev) => [
+            ...prev,
+            {
+              id: `${commandId}-parse-error`,
+              type: "message",
+              role: "system",
+              content: [
+                {
+                  type: "input_text",
+                  text: `⚠️ Unable to parse ${SEC_REVIEW_COMMAND} arguments: ${message}`,
+                },
+              ],
+            },
+          ]);
+          return;
+        }
+
+        const repoPath = parsed.repoPath
+          ? path.isAbsolute(parsed.repoPath)
+            ? parsed.repoPath
+            : path.resolve(process.cwd(), parsed.repoPath)
+          : process.cwd();
+
+        const resolvedOutputPath =
+          parsed.outputPath != null
+            ? path.isAbsolute(parsed.outputPath)
+              ? parsed.outputPath
+              : path.resolve(repoPath, parsed.outputPath)
+            : undefined;
+
+        const scopeDescription =
+          parsed.includePaths.length > 0
+            ? parsed.includePaths.join(", ")
+            : "entire repository";
+
+        const introLines = [
+          `🔐 Running AppSec security review (mode: ${parsed.mode}).`,
+          `Repository: ${repoPath}`,
+          `Scope: ${scopeDescription}`,
+        ];
+
+        if (resolvedOutputPath) {
+          introLines.push(`Output: ${resolvedOutputPath}`);
+        }
+
+        if (parsed.modelName) {
+          introLines.push(`Model override: ${parsed.modelName}`);
+        }
+
+        setItems((prev) => [
+          ...prev,
+          {
+            id: `${commandId}-start`,
+            type: "message",
+            role: "system",
+            content: [
+              {
+                type: "input_text",
+                text: introLines.join("\n"),
+              },
+            ],
+          },
+        ]);
+
+        try {
+          const result = await runSecurityReview({
+            repoPath,
+            includePaths: parsed.includePaths,
+            outputPath: resolvedOutputPath,
+            modelName: parsed.modelName,
+            mode: parsed.mode,
+            config,
+          });
+
+          const summaryLines = [
+            "✅ AppSec review complete.",
+            `Artifacts: ${result.outputRoot}`,
+          ];
+          if (!result.reportContent) {
+            summaryLines.push("ℹ️ report.md not found in output.");
+          }
+          if (!result.bugsContent) {
+            summaryLines.push("ℹ️ context/bugs.md not found in output.");
+          }
+
+          setItems((prev) => [
+            ...prev,
+            {
+              id: `${commandId}-complete`,
+              type: "message",
+              role: "system",
+              content: [
+                {
+                  type: "input_text",
+                  text: summaryLines.join("\n"),
+                },
+              ],
+            },
+          ]);
+
+          if (parsed.mode === "full" && result.reportContent) {
+            setItems((prev) => [
+              ...prev,
+              {
+                id: `${commandId}-report`,
+                type: "message",
+                role: "assistant",
+                content: [
+                  {
+                    type: "output_text",
+                    text: `# AppSec Security Review Report\n\n${result.reportContent}`,
+                  },
+                ],
+              },
+            ]);
+          }
+
+          if (result.bugsContent) {
+            const heading =
+              parsed.mode === "full"
+                ? "## Bugs Summary"
+                : "# AppSec Bugs Summary";
+            setItems((prev) => [
+              ...prev,
+              {
+                id: `${commandId}-bugs`,
+                type: "message",
+                role: "assistant",
+                content: [
+                  {
+                    type: "output_text",
+                    text: `${heading}\n\n${result.bugsContent}`,
+                  },
+                ],
+              },
+            ]);
+          } else {
+            setItems((prev) => [
+              ...prev,
+              {
+                id: `${commandId}-no-bugs`,
+                type: "message",
+                role: "system",
+                content: [
+                  {
+                    type: "input_text",
+                    text:
+                      "No bug summary produced. Check the output directory for details.",
+                  },
+                ],
+              },
+            ]);
+          }
+
+          if (parsed.mode === "bugs" && result.reportContent) {
+            setItems((prev) => [
+              ...prev,
+              {
+                id: `${commandId}-report-location`,
+                type: "message",
+                role: "system",
+                content: [
+                  {
+                    type: "input_text",
+                    text: `Full report available at ${result.reportPath}`,
+                  },
+                ],
+              },
+            ]);
+          }
+          if (result.stdout.trim()) {
+            setItems((prev) => [
+              ...prev,
+              {
+                id: `${commandId}-logs`,
+                type: "message",
+                role: "system",
+                content: [
+                  {
+                    type: "input_text",
+                    text: `Logs:\n${trimLogOutput(result.stdout)}`,
+                  },
+                ],
+              },
+            ]);
+          }
+        } catch (error) {
+          const message =
+            error instanceof Error ? error.message : String(error);
+          const stderr =
+            error instanceof SecurityReviewError && error.stderr
+              ? `\n\nstderr last lines:\n${trimLogOutput(error.stderr)}`
+              : "";
+          const stdout =
+            error instanceof SecurityReviewError && error.stdout
+              ? `\n\nstdout last lines:\n${trimLogOutput(error.stdout)}`
+              : "";
+          setItems((prev) => [
+            ...prev,
+            {
+              id: `${commandId}-error`,
+              type: "message",
+              role: "system",
+              content: [
+                {
+                  type: "input_text",
+                  text: `❌ AppSec review failed: ${message}${stderr}${stdout}`,
+                },
+              ],
+            },
+          ]);
+        }
+
         return;
       } else if (["exit", "q", ":q"].includes(inputValue)) {
         setInput("");
@@ -707,13 +1063,13 @@ export default function TerminalChatInput({
       submitInput([inputItem]);
 
       // Get config for history persistence.
-      const config = loadConfig();
+      const historyConfig = loadConfig();
 
       // Add to history and update state.
       const updatedHistory = await addToHistory(value, history, {
-        maxSize: config.history?.maxSize ?? 1000,
-        saveHistory: config.history?.saveHistory ?? true,
-        sensitivePatterns: config.history?.sensitivePatterns ?? [],
+        maxSize: historyConfig.history?.maxSize ?? 1000,
+        saveHistory: historyConfig.history?.saveHistory ?? true,
+        sensitivePatterns: historyConfig.history?.sensitivePatterns ?? [],
       });
 
       setHistory(updatedHistory);
@@ -742,6 +1098,7 @@ export default function TerminalChatInput({
       onCompact,
       skipNextSubmit,
       items,
+      config,
     ],
   );
 

codex-cli/src/components/chat/terminal-chat.tsx

@@ -580,6 +580,7 @@ export default function TerminalChat({
             }}
             items={items}
             thinkingSeconds={thinkingSeconds}
+            config={config}
           />
         )}
         {overlayMode === "history" && (

codex-cli/src/components/help-overlay.tsx

@@ -56,6 +56,10 @@ export default function HelpOverlay({
           <Text color="cyan">/bug</Text> – generate a prefilled GitHub issue URL
           with session log
         </Text>
+        <Text>
+          <Text color="cyan">/secreview</Text> – run AppSec security review and
+          show the results
+        </Text>
         <Text>
           <Text color="cyan">/diff</Text> – view working tree git diff
         </Text>

codex-cli/src/utils/slash-commands.ts

@@ -24,6 +24,10 @@ export const SLASH_COMMANDS: Array<SlashCommand> = [
   { command: "/help", description: "Show list of commands" },
   { command: "/model", description: "Open model selection panel" },
   { command: "/approval", description: "Open approval mode selection panel" },
+  {
+    command: "/secreview",
+    description: "Run AppSec security review and display the generated reports",
+  },
   {
     command: "/bug",
     description: "Generate a prefilled GitHub issue URL with session log",

codex-cli/tests/clear-command.test.tsx

@@ -61,6 +61,11 @@ describe("/clear command", () => {
       active: true,
       thinkingSeconds: 0,
       items: existingItems,
+      config: {
+        model: "codex-mini-latest",
+        instructions: "",
+        provider: "openai",
+      },
     };
 
     const { stdin, flush, cleanup } = renderTui(

codex-cli/tests/multiline-history-behavior.test.tsx

@@ -66,17 +66,27 @@ function stubProps(): any {
     loading: false,
     submitInput: vi.fn(),
     confirmationPrompt: null,
+    explanation: undefined,
     submitConfirmation: vi.fn(),
     setLastResponseId: vi.fn(),
-    // Cast to any to satisfy the generic React.Dispatch signature without
-    // pulling the ResponseItem type into the test bundle.
-    setItems: (() => {}) as any,
+    setItems: vi.fn(),
     contextLeftPercent: 100,
     openOverlay: vi.fn(),
     openModelOverlay: vi.fn(),
     openHelpOverlay: vi.fn(),
+    openApprovalOverlay: vi.fn(),
+    openSessionsOverlay: vi.fn(),
+    openDiffOverlay: vi.fn(),
+    onCompact: vi.fn(),
     interruptAgent: vi.fn(),
     active: true,
+    thinkingSeconds: 0,
+    items: [],
+    config: {
+      model: "codex-mini-latest",
+      instructions: "",
+      provider: "openai",
+    },
   };
 }
 

codex-cli/tests/slash-commands.test.ts

@@ -10,6 +10,7 @@ test("SLASH_COMMANDS includes expected commands", () => {
   expect(commands).toContain("/help");
   expect(commands).toContain("/model");
   expect(commands).toContain("/approval");
+  expect(commands).toContain("/secreview");
   expect(commands).toContain("/clearhistory");
   expect(commands).toContain("/diff");
 });

codex-cli/tests/terminal-chat-input-compact.test.tsx

@@ -26,6 +26,11 @@ describe("TerminalChatInput compact command", () => {
       interruptAgent: () => {},
       active: true,
       thinkingSeconds: 0,
+      config: {
+        model: "codex-mini-latest",
+        instructions: "",
+        provider: "openai",
+      },
     };
     const { lastFrameStripped } = renderTui(<TerminalChatInput {...props} />);
     const frame = lastFrameStripped();

codex-cli/tests/terminal-chat-input-file-tag-suggestions.test.tsx

@@ -81,6 +81,11 @@ describe("TerminalChatInput file tag suggestions", () => {
     interruptAgent: vi.fn(),
     active: true,
     thinkingSeconds: 0,
+    config: {
+      model: "codex-mini-latest",
+      instructions: "",
+      provider: "openai",
+    },
   };
 
   beforeEach(() => {

codex-cli/tests/terminal-chat-input-multiline.test.tsx

@@ -47,6 +47,11 @@ describe("TerminalChatInput multiline functionality", () => {
       interruptAgent: () => {},
       active: true,
       thinkingSeconds: 0,
+      config: {
+        model: "codex-mini-latest",
+        instructions: "",
+        provider: "openai",
+      },
     };
 
     const { stdin, lastFrameStripped, flush, cleanup } = renderTui(
@@ -99,6 +104,11 @@ describe("TerminalChatInput multiline functionality", () => {
       interruptAgent: () => {},
       active: true,
       thinkingSeconds: 0,
+      config: {
+        model: "codex-mini-latest",
+        instructions: "",
+        provider: "openai",
+      },
     };
 
     const { stdin, lastFrameStripped, flush, cleanup } = renderTui(

codex-rs/Cargo.lock

@@ -250,6 +250,28 @@ dependencies = [
  "pin-project-lite",
 ]
 
+[[package]]
+name = "async-stream"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b5a71a6f37880a80d1d7f19efd781e4b5de42c88f0722cc13bcb6cc2cfe8476"
+dependencies = [
+ "async-stream-impl",
+ "futures-core",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "async-stream-impl"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c7c24de15d275a1ecfd47a380fb4d5ec9bfe0933f309ed5e705b775596a3574d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.104",
+]
+
 [[package]]
 name = "async-trait"
 version = "0.1.88"
@@ -574,6 +596,22 @@ dependencies = [
  "tree-sitter-bash",
 ]
 
+[[package]]
+name = "codex-chatgpt"
+version = "0.0.0"
+dependencies = [
+ "anyhow",
+ "clap",
+ "codex-common",
+ "codex-core",
+ "codex-login",
+ "reqwest",
+ "serde",
+ "serde_json",
+ "tempfile",
+ "tokio",
+]
+
 [[package]]
 name = "codex-cli"
 version = "0.0.0"
@@ -581,6 +619,7 @@ dependencies = [
  "anyhow",
  "clap",
  "clap_complete",
+ "codex-chatgpt",
  "codex-common",
  "codex-core",
  "codex-exec",
@@ -637,6 +676,7 @@ dependencies = [
  "thiserror 2.0.12",
  "time",
  "tokio",
+ "tokio-test",
  "tokio-util",
  "toml 0.9.1",
  "tracing",
@@ -770,6 +810,7 @@ dependencies = [
  "color-eyre",
  "crossterm",
  "image",
+ "insta",
  "lazy_static",
  "mcp-types",
  "path-clean",
@@ -777,10 +818,12 @@ dependencies = [
  "ratatui",
  "ratatui-image",
  "regex-lite",
+ "reqwest",
  "serde_json",
  "shlex",
  "strum 0.27.1",
  "strum_macros 0.27.1",
+ "time",
  "tokio",
  "tracing",
  "tracing-appender",
@@ -854,6 +897,18 @@ dependencies = [
  "crossbeam-utils",
 ]
 
+[[package]]
+name = "console"
+version = "0.15.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "054ccb5b10f9f2cbf51eb355ca1d05c2d279ce1804688d0db74b4733a5aeafd8"
+dependencies = [
+ "encode_unicode",
+ "libc",
+ "once_cell",
+ "windows-sys 0.59.0",
+]
+
 [[package]]
 name = "convert_case"
 version = "0.6.0"
@@ -1213,6 +1268,12 @@ dependencies = [
  "log",
 ]
 
+[[package]]
+name = "encode_unicode"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34aa73646ffb006b8f5147f3dc182bd4bcb190227ce861fc4a4844bf8e3cb2c0"
+
 [[package]]
 name = "encoding_rs"
 version = "0.8.35"
@@ -2093,6 +2154,17 @@ version = "2.0.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f4c7245a08504955605670dbf141fceab975f15ca21570696aebe9d2e71576bd"
 
+[[package]]
+name = "insta"
+version = "1.43.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "154934ea70c58054b556dd430b99a98c2a7ff5309ac9891597e339b5c28f4371"
+dependencies = [
+ "console",
+ "once_cell",
+ "similar",
+]
+
 [[package]]
 name = "instability"
 version = "0.3.7"
@@ -4469,6 +4541,30 @@ dependencies = [
  "tokio",
 ]
 
+[[package]]
+name = "tokio-stream"
+version = "0.1.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "eca58d7bba4a75707817a2c44174253f9236b2d5fbd055602e9d5c07c139a047"
+dependencies = [
+ "futures-core",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-test"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2468baabc3311435b55dd935f702f42cd1b8abb7e754fb7dfb16bd36aa88f9f7"
+dependencies = [
+ "async-stream",
+ "bytes",
+ "futures-core",
+ "tokio",
+ "tokio-stream",
+]
+
 [[package]]
 name = "tokio-util"
 version = "0.7.15"

codex-rs/chatgpt/Cargo.toml

@@ -0,0 +1,21 @@
+[package]
+name = "codex-chatgpt"
+version = { workspace = true }
+edition = "2024"
+
+[lints]
+workspace = true
+
+[dependencies]
+anyhow = "1"
+clap = { version = "4", features = ["derive"] }
+serde = { version = "1", features = ["derive"] }
+serde_json = "1"
+codex-common = { path = "../common", features = ["cli"] }
+codex-core = { path = "../core" }
+codex-login = { path = "../login" }
+reqwest = { version = "0.12", features = ["json", "stream"] }
+tokio = { version = "1", features = ["full"] }
+
+[dev-dependencies]
+tempfile = "3"

codex-rs/chatgpt/README.md

@@ -0,0 +1,5 @@
+# ChatGPT
+
+This crate pertains to first party ChatGPT APIs and products such as Codex agent.
+
+This crate should be primarily built and maintained by OpenAI employees. Please reach out to a maintainer before making an external contribution.

codex-rs/chatgpt/src/apply_command.rs

@@ -0,0 +1,89 @@
+use clap::Parser;
+use codex_common::CliConfigOverrides;
+use codex_core::config::Config;
+use codex_core::config::ConfigOverrides;
+
+use crate::chatgpt_token::init_chatgpt_token_from_auth;
+use crate::get_task::GetTaskResponse;
+use crate::get_task::OutputItem;
+use crate::get_task::PrOutputItem;
+use crate::get_task::get_task;
+
+/// Applies the latest diff from a Codex agent task.
+#[derive(Debug, Parser)]
+pub struct ApplyCommand {
+    pub task_id: String,
+
+    #[clap(flatten)]
+    pub config_overrides: CliConfigOverrides,
+}
+pub async fn run_apply_command(apply_cli: ApplyCommand) -> anyhow::Result<()> {
+    let config = Config::load_with_cli_overrides(
+        apply_cli
+            .config_overrides
+            .parse_overrides()
+            .map_err(anyhow::Error::msg)?,
+        ConfigOverrides::default(),
+    )?;
+
+    init_chatgpt_token_from_auth(&config.codex_home).await?;
+
+    let task_response = get_task(&config, apply_cli.task_id).await?;
+    apply_diff_from_task(task_response).await
+}
+
+pub async fn apply_diff_from_task(task_response: GetTaskResponse) -> anyhow::Result<()> {
+    let diff_turn = match task_response.current_diff_task_turn {
+        Some(turn) => turn,
+        None => anyhow::bail!("No diff turn found"),
+    };
+    let output_diff = diff_turn.output_items.iter().find_map(|item| match item {
+        OutputItem::Pr(PrOutputItem { output_diff }) => Some(output_diff),
+        _ => None,
+    });
+    match output_diff {
+        Some(output_diff) => apply_diff(&output_diff.diff).await,
+        None => anyhow::bail!("No PR output item found"),
+    }
+}
+
+async fn apply_diff(diff: &str) -> anyhow::Result<()> {
+    let toplevel_output = tokio::process::Command::new("git")
+        .args(vec!["rev-parse", "--show-toplevel"])
+        .output()
+        .await?;
+
+    if !toplevel_output.status.success() {
+        anyhow::bail!("apply must be run from a git repository.");
+    }
+
+    let repo_root = String::from_utf8(toplevel_output.stdout)?
+        .trim()
+        .to_string();
+
+    let mut git_apply_cmd = tokio::process::Command::new("git")
+        .args(vec!["apply", "--3way"])
+        .current_dir(&repo_root)
+        .stdin(std::process::Stdio::piped())
+        .stdout(std::process::Stdio::piped())
+        .stderr(std::process::Stdio::piped())
+        .spawn()?;
+
+    if let Some(mut stdin) = git_apply_cmd.stdin.take() {
+        tokio::io::AsyncWriteExt::write_all(&mut stdin, diff.as_bytes()).await?;
+        drop(stdin);
+    }
+
+    let output = git_apply_cmd.wait_with_output().await?;
+
+    if !output.status.success() {
+        anyhow::bail!(
+            "Git apply failed with status {}: {}",
+            output.status,
+            String::from_utf8_lossy(&output.stderr)
+        );
+    }
+
+    println!("Successfully applied diff");
+    Ok(())
+}

codex-rs/chatgpt/src/chatgpt_client.rs

@@ -0,0 +1,45 @@
+use codex_core::config::Config;
+
+use crate::chatgpt_token::get_chatgpt_token_data;
+use crate::chatgpt_token::init_chatgpt_token_from_auth;
+
+use anyhow::Context;
+use serde::de::DeserializeOwned;
+
+/// Make a GET request to the ChatGPT backend API.
+pub(crate) async fn chatgpt_get_request<T: DeserializeOwned>(
+    config: &Config,
+    path: String,
+) -> anyhow::Result<T> {
+    let chatgpt_base_url = &config.chatgpt_base_url;
+    init_chatgpt_token_from_auth(&config.codex_home).await?;
+
+    // Make direct HTTP request to ChatGPT backend API with the token
+    let client = reqwest::Client::new();
+    let url = format!("{chatgpt_base_url}{path}");
+
+    let token =
+        get_chatgpt_token_data().ok_or_else(|| anyhow::anyhow!("ChatGPT token not available"))?;
+
+    let response = client
+        .get(&url)
+        .bearer_auth(&token.access_token)
+        .header("chatgpt-account-id", &token.account_id)
+        .header("Content-Type", "application/json")
+        .header("User-Agent", "codex-cli")
+        .send()
+        .await
+        .context("Failed to send request")?;
+
+    if response.status().is_success() {
+        let result: T = response
+            .json()
+            .await
+            .context("Failed to parse JSON response")?;
+        Ok(result)
+    } else {
+        let status = response.status();
+        let body = response.text().await.unwrap_or_default();
+        anyhow::bail!("Request failed with status {}: {}", status, body)
+    }
+}

codex-rs/chatgpt/src/chatgpt_token.rs

@@ -0,0 +1,24 @@
+use std::path::Path;
+use std::sync::LazyLock;
+use std::sync::RwLock;
+
+use codex_login::TokenData;
+
+static CHATGPT_TOKEN: LazyLock<RwLock<Option<TokenData>>> = LazyLock::new(|| RwLock::new(None));
+
+pub fn get_chatgpt_token_data() -> Option<TokenData> {
+    CHATGPT_TOKEN.read().ok()?.clone()
+}
+
+pub fn set_chatgpt_token_data(value: TokenData) {
+    if let Ok(mut guard) = CHATGPT_TOKEN.write() {
+        *guard = Some(value);
+    }
+}
+
+/// Initialize the ChatGPT token from auth.json file
+pub async fn init_chatgpt_token_from_auth(codex_home: &Path) -> std::io::Result<()> {
+    let auth_json = codex_login::try_read_auth_json(codex_home).await?;
+    set_chatgpt_token_data(auth_json.tokens.clone());
+    Ok(())
+}

codex-rs/chatgpt/src/get_task.rs

@@ -0,0 +1,40 @@
+use codex_core::config::Config;
+use serde::Deserialize;
+
+use crate::chatgpt_client::chatgpt_get_request;
+
+#[derive(Debug, Deserialize)]
+pub struct GetTaskResponse {
+    pub current_diff_task_turn: Option<AssistantTurn>,
+}
+
+// Only relevant fields for our extraction
+#[derive(Debug, Deserialize)]
+pub struct AssistantTurn {
+    pub output_items: Vec<OutputItem>,
+}
+
+#[derive(Debug, Deserialize)]
+#[serde(tag = "type")]
+pub enum OutputItem {
+    #[serde(rename = "pr")]
+    Pr(PrOutputItem),
+
+    #[serde(other)]
+    Other,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct PrOutputItem {
+    pub output_diff: OutputDiff,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct OutputDiff {
+    pub diff: String,
+}
+
+pub(crate) async fn get_task(config: &Config, task_id: String) -> anyhow::Result<GetTaskResponse> {
+    let path = format!("/wham/tasks/{task_id}");
+    chatgpt_get_request(config, path).await
+}

codex-rs/chatgpt/src/lib.rs

@@ -0,0 +1,4 @@
+pub mod apply_command;
+mod chatgpt_client;
+mod chatgpt_token;
+pub mod get_task;

codex-rs/chatgpt/tests/apply_command_e2e.rs

@@ -0,0 +1,191 @@
+#![expect(clippy::expect_used)]
+
+use codex_chatgpt::apply_command::apply_diff_from_task;
+use codex_chatgpt::get_task::GetTaskResponse;
+use std::path::Path;
+use tempfile::TempDir;
+use tokio::process::Command;
+
+/// Creates a temporary git repository with initial commit
+async fn create_temp_git_repo() -> anyhow::Result<TempDir> {
+    let temp_dir = TempDir::new()?;
+    let repo_path = temp_dir.path();
+
+    let output = Command::new("git")
+        .args(["init"])
+        .current_dir(repo_path)
+        .output()
+        .await?;
+
+    if !output.status.success() {
+        anyhow::bail!(
+            "Failed to initialize git repo: {}",
+            String::from_utf8_lossy(&output.stderr)
+        );
+    }
+
+    Command::new("git")
+        .args(["config", "user.email", "test@example.com"])
+        .current_dir(repo_path)
+        .output()
+        .await?;
+
+    Command::new("git")
+        .args(["config", "user.name", "Test User"])
+        .current_dir(repo_path)
+        .output()
+        .await?;
+
+    std::fs::write(repo_path.join("README.md"), "# Test Repo\n")?;
+
+    Command::new("git")
+        .args(["add", "README.md"])
+        .current_dir(repo_path)
+        .output()
+        .await?;
+
+    let output = Command::new("git")
+        .args(["commit", "-m", "Initial commit"])
+        .current_dir(repo_path)
+        .output()
+        .await?;
+
+    if !output.status.success() {
+        anyhow::bail!(
+            "Failed to create initial commit: {}",
+            String::from_utf8_lossy(&output.stderr)
+        );
+    }
+
+    Ok(temp_dir)
+}
+
+async fn mock_get_task_with_fixture() -> anyhow::Result<GetTaskResponse> {
+    let fixture_path = Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/task_turn_fixture.json");
+    let fixture_content = std::fs::read_to_string(fixture_path)?;
+    let response: GetTaskResponse = serde_json::from_str(&fixture_content)?;
+    Ok(response)
+}
+
+#[tokio::test]
+async fn test_apply_command_creates_fibonacci_file() {
+    let temp_repo = create_temp_git_repo()
+        .await
+        .expect("Failed to create temp git repo");
+    let repo_path = temp_repo.path();
+
+    let task_response = mock_get_task_with_fixture()
+        .await
+        .expect("Failed to load fixture");
+
+    let original_dir = std::env::current_dir().expect("Failed to get current dir");
+    std::env::set_current_dir(repo_path).expect("Failed to change directory");
+    struct DirGuard(std::path::PathBuf);
+    impl Drop for DirGuard {
+        fn drop(&mut self) {
+            let _ = std::env::set_current_dir(&self.0);
+        }
+    }
+    let _guard = DirGuard(original_dir);
+
+    apply_diff_from_task(task_response)
+        .await
+        .expect("Failed to apply diff from task");
+
+    // Assert that fibonacci.js was created in scripts/ directory
+    let fibonacci_path = repo_path.join("scripts/fibonacci.js");
+    assert!(fibonacci_path.exists(), "fibonacci.js was not created");
+
+    // Verify the file contents match expected
+    let contents = std::fs::read_to_string(&fibonacci_path).expect("Failed to read fibonacci.js");
+    assert!(
+        contents.contains("function fibonacci(n)"),
+        "fibonacci.js doesn't contain expected function"
+    );
+    assert!(
+        contents.contains("#!/usr/bin/env node"),
+        "fibonacci.js doesn't have shebang"
+    );
+    assert!(
+        contents.contains("module.exports = fibonacci;"),
+        "fibonacci.js doesn't export function"
+    );
+
+    // Verify file has correct number of lines (31 as specified in fixture)
+    let line_count = contents.lines().count();
+    assert_eq!(
+        line_count, 31,
+        "fibonacci.js should have 31 lines, got {line_count}",
+    );
+}
+
+#[tokio::test]
+async fn test_apply_command_with_merge_conflicts() {
+    let temp_repo = create_temp_git_repo()
+        .await
+        .expect("Failed to create temp git repo");
+    let repo_path = temp_repo.path();
+
+    // Create conflicting fibonacci.js file first
+    let scripts_dir = repo_path.join("scripts");
+    std::fs::create_dir_all(&scripts_dir).expect("Failed to create scripts directory");
+
+    let conflicting_content = r#"#!/usr/bin/env node
+
+// This is a different fibonacci implementation
+function fib(num) {
+  if (num <= 1) return num;
+  return fib(num - 1) + fib(num - 2);
+}
+
+console.log("Running fibonacci...");
+console.log(fib(10));
+"#;
+
+    let fibonacci_path = scripts_dir.join("fibonacci.js");
+    std::fs::write(&fibonacci_path, conflicting_content).expect("Failed to write conflicting file");
+
+    Command::new("git")
+        .args(["add", "scripts/fibonacci.js"])
+        .current_dir(repo_path)
+        .output()
+        .await
+        .expect("Failed to add fibonacci.js");
+
+    Command::new("git")
+        .args(["commit", "-m", "Add conflicting fibonacci implementation"])
+        .current_dir(repo_path)
+        .output()
+        .await
+        .expect("Failed to commit conflicting file");
+
+    let original_dir = std::env::current_dir().expect("Failed to get current dir");
+    std::env::set_current_dir(repo_path).expect("Failed to change directory");
+    struct DirGuard(std::path::PathBuf);
+    impl Drop for DirGuard {
+        fn drop(&mut self) {
+            let _ = std::env::set_current_dir(&self.0);
+        }
+    }
+    let _guard = DirGuard(original_dir);
+
+    let task_response = mock_get_task_with_fixture()
+        .await
+        .expect("Failed to load fixture");
+
+    let apply_result = apply_diff_from_task(task_response).await;
+
+    assert!(
+        apply_result.is_err(),
+        "Expected apply to fail due to merge conflicts"
+    );
+
+    let contents = std::fs::read_to_string(&fibonacci_path).expect("Failed to read fibonacci.js");
+
+    assert!(
+        contents.contains("<<<<<<< HEAD")
+            || contents.contains("=======")
+            || contents.contains(">>>>>>> "),
+        "fibonacci.js should contain merge conflict markers, got: {contents}",
+    );
+}

codex-rs/chatgpt/tests/task_turn_fixture.json

@@ -0,0 +1,65 @@
+{
+    "current_diff_task_turn": {
+        "output_items": [
+            {
+                "type": "pr",
+                "pr_title": "Add fibonacci script",
+                "pr_message": "## Summary\n- add a basic Fibonacci script under `scripts/`\n\n## Testing\n- `node scripts/fibonacci.js 10`\n- `npm run lint` *(fails: next not found)*",
+                "output_diff": {
+                    "type": "output_diff",
+                    "repo_id": "/workspace/rddit-vercel",
+                    "base_commit_sha": "1a2e9baf2ce2fdd0c126b47b1bcfd512de2a9f7b",
+                    "diff": "diff --git a/scripts/fibonacci.js b/scripts/fibonacci.js\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..6c9fdfdbf8669b7968936411050525b995d0a9a6\n--- /dev/null\n+++ b/scripts/fibonacci.js\n@@ -0,0 +1,31 @@\n+#!/usr/bin/env node\n+\n+function fibonacci(n) {\n+  if (n < 0) {\n+    throw new Error(\"n must be non-negative\");\n+  }\n+  let a = 0;\n+  let b = 1;\n+  for (let i = 0; i < n; i++) {\n+    const next = a + b;\n+    a = b;\n+    b = next;\n+  }\n+  return a;\n+}\n+\n+function printUsage() {\n+  console.log(\"Usage: node scripts/fibonacci.js <n>\");\n+}\n+\n+if (require.main === module) {\n+  const arg = process.argv[2];\n+  if (arg === undefined || isNaN(Number(arg))) {\n+    printUsage();\n+    process.exit(1);\n+  }\n+  const n = Number(arg);\n+  console.log(fibonacci(n));\n+}\n+\n+module.exports = fibonacci;\n",
+                    "external_storage_diff": {
+                        "file_id": "file_00000000114c61f786900f8c2130ace7",
+                        "ttl": null
+                    },
+                    "files_modified": 1,
+                    "lines_added": 31,
+                    "lines_removed": 0,
+                    "commit_message": "Add fibonacci script"
+                }
+            },
+            {
+                "type": "message",
+                "role": "assistant",
+                "content": [
+                    {
+                        "content_type": "text",
+                        "text": "**Summary**\n\n- Created a command-line Fibonacci script that validates input and prints the result when executed with Node"
+                    },
+                    {
+                        "content_type": "repo_file_citation",
+                        "path": "scripts/fibonacci.js",
+                        "line_range_start": 1,
+                        "line_range_end": 31
+                    },
+                    {
+                        "content_type": "text",
+                        "text": "\n\n**Testing**\n\n- ❌ `npm run lint` (failed to run `next lint`)"
+                    },
+                    {
+                        "content_type": "terminal_chunk_citation",
+                        "terminal_chunk_id": "7dd543",
+                        "line_range_start": 1,
+                        "line_range_end": 5
+                    },
+                    {
+                        "content_type": "text",
+                        "text": "\n- ✅ `node scripts/fibonacci.js 10` produced “55”"
+                    },
+                    {
+                        "content_type": "terminal_chunk_citation",
+                        "terminal_chunk_id": "6ee559",
+                        "line_range_start": 1,
+                        "line_range_end": 3
+                    },
+                    {
+                        "content_type": "text",
+                        "text": "\n\nCodex couldn't run certain commands due to environment limitations. Consider configuring a setup script or internet access in your Codex environment to install dependencies."
+                    }
+                ]
+            }
+        ]
+    }
+}

codex-rs/cli/Cargo.toml

@@ -18,6 +18,7 @@ workspace = true
 anyhow = "1"
 clap = { version = "4", features = ["derive"] }
 clap_complete = "4"
+codex-chatgpt = { path = "../chatgpt" }
 codex-core = { path = "../core" }
 codex-common = { path = "../common", features = ["cli"] }
 codex-exec = { path = "../exec" }

codex-rs/cli/src/main.rs

@@ -2,6 +2,8 @@ use clap::CommandFactory;
 use clap::Parser;
 use clap_complete::Shell;
 use clap_complete::generate;
+use codex_chatgpt::apply_command::ApplyCommand;
+use codex_chatgpt::apply_command::run_apply_command;
 use codex_cli::LandlockCommand;
 use codex_cli::SeatbeltCommand;
 use codex_cli::login::run_login_with_chatgpt;
@@ -55,6 +57,10 @@ enum Subcommand {
 
     /// Internal debugging commands.
     Debug(DebugArgs),
+
+    /// Apply the latest diff produced by Codex agent as a `git apply` to your local working tree.
+    #[clap(visible_alias = "a")]
+    Apply(ApplyCommand),
 }
 
 #[derive(Debug, Parser)]
@@ -137,6 +143,10 @@ async fn cli_main(codex_linux_sandbox_exe: Option<PathBuf>) -> anyhow::Result<()
                 .await?;
             }
         },
+        Some(Subcommand::Apply(mut apply_cli)) => {
+            prepend_config_flags(&mut apply_cli.config_overrides, cli.config_overrides);
+            run_apply_command(apply_cli).await?;
+        }
     }
 
     Ok(())

codex-rs/core/Cargo.toml

@@ -64,4 +64,5 @@ maplit = "1.0.2"
 predicates = "3"
 pretty_assertions = "1.4.1"
 tempfile = "3"
+tokio-test = "0.4"
 wiremock = "0.6"

codex-rs/core/src/client.rs

@@ -391,3 +391,241 @@ async fn stream_from_fixture(path: impl AsRef<Path>) -> Result<ResponseStream> {
     tokio::spawn(process_sse(stream, tx_event));
     Ok(ResponseStream { rx_event })
 }
+
+#[cfg(test)]
+mod tests {
+    #![allow(clippy::expect_used, clippy::unwrap_used)]
+
+    use super::*;
+    use serde_json::json;
+    use tokio::sync::mpsc;
+    use tokio_test::io::Builder as IoBuilder;
+    use tokio_util::io::ReaderStream;
+
+    // ────────────────────────────
+    // Helpers
+    // ────────────────────────────
+
+    /// Runs the SSE parser on pre-chunked byte slices and returns every event
+    /// (including any final `Err` from a stream-closure check).
+    async fn collect_events(chunks: &[&[u8]]) -> Vec<Result<ResponseEvent>> {
+        let mut builder = IoBuilder::new();
+        for chunk in chunks {
+            builder.read(chunk);
+        }
+
+        let reader = builder.build();
+        let stream = ReaderStream::new(reader).map_err(CodexErr::Io);
+        let (tx, mut rx) = mpsc::channel::<Result<ResponseEvent>>(16);
+        tokio::spawn(process_sse(stream, tx));
+
+        let mut events = Vec::new();
+        while let Some(ev) = rx.recv().await {
+            events.push(ev);
+        }
+        events
+    }
+
+    /// Builds an in-memory SSE stream from JSON fixtures and returns only the
+    /// successfully parsed events (panics on internal channel errors).
+    async fn run_sse(events: Vec<serde_json::Value>) -> Vec<ResponseEvent> {
+        let mut body = String::new();
+        for e in events {
+            let kind = e
+                .get("type")
+                .and_then(|v| v.as_str())
+                .expect("fixture event missing type");
+            if e.as_object().map(|o| o.len() == 1).unwrap_or(false) {
+                body.push_str(&format!("event: {kind}\n\n"));
+            } else {
+                body.push_str(&format!("event: {kind}\ndata: {e}\n\n"));
+            }
+        }
+
+        let (tx, mut rx) = mpsc::channel::<Result<ResponseEvent>>(8);
+        let stream = ReaderStream::new(std::io::Cursor::new(body)).map_err(CodexErr::Io);
+        tokio::spawn(process_sse(stream, tx));
+
+        let mut out = Vec::new();
+        while let Some(ev) = rx.recv().await {
+            out.push(ev.expect("channel closed"));
+        }
+        out
+    }
+
+    // ────────────────────────────
+    // Tests from `implement-test-for-responses-api-sse-parser`
+    // ────────────────────────────
+
+    #[tokio::test]
+    async fn parses_items_and_completed() {
+        let item1 = json!({
+            "type": "response.output_item.done",
+            "item": {
+                "type": "message",
+                "role": "assistant",
+                "content": [{"type": "output_text", "text": "Hello"}]
+            }
+        })
+        .to_string();
+
+        let item2 = json!({
+            "type": "response.output_item.done",
+            "item": {
+                "type": "message",
+                "role": "assistant",
+                "content": [{"type": "output_text", "text": "World"}]
+            }
+        })
+        .to_string();
+
+        let completed = json!({
+            "type": "response.completed",
+            "response": { "id": "resp1" }
+        })
+        .to_string();
+
+        let sse1 = format!("event: response.output_item.done\ndata: {item1}\n\n");
+        let sse2 = format!("event: response.output_item.done\ndata: {item2}\n\n");
+        let sse3 = format!("event: response.completed\ndata: {completed}\n\n");
+
+        let events = collect_events(&[sse1.as_bytes(), sse2.as_bytes(), sse3.as_bytes()]).await;
+
+        assert_eq!(events.len(), 3);
+
+        matches!(
+            &events[0],
+            Ok(ResponseEvent::OutputItemDone(ResponseItem::Message { role, .. }))
+                if role == "assistant"
+        );
+
+        matches!(
+            &events[1],
+            Ok(ResponseEvent::OutputItemDone(ResponseItem::Message { role, .. }))
+                if role == "assistant"
+        );
+
+        match &events[2] {
+            Ok(ResponseEvent::Completed {
+                response_id,
+                token_usage,
+            }) => {
+                assert_eq!(response_id, "resp1");
+                assert!(token_usage.is_none());
+            }
+            other => panic!("unexpected third event: {other:?}"),
+        }
+    }
+
+    #[tokio::test]
+    async fn error_when_missing_completed() {
+        let item1 = json!({
+            "type": "response.output_item.done",
+            "item": {
+                "type": "message",
+                "role": "assistant",
+                "content": [{"type": "output_text", "text": "Hello"}]
+            }
+        })
+        .to_string();
+
+        let sse1 = format!("event: response.output_item.done\ndata: {item1}\n\n");
+
+        let events = collect_events(&[sse1.as_bytes()]).await;
+
+        assert_eq!(events.len(), 2);
+
+        matches!(events[0], Ok(ResponseEvent::OutputItemDone(_)));
+
+        match &events[1] {
+            Err(CodexErr::Stream(msg)) => {
+                assert_eq!(msg, "stream closed before response.completed")
+            }
+            other => panic!("unexpected second event: {other:?}"),
+        }
+    }
+
+    // ────────────────────────────
+    // Table-driven test from `main`
+    // ────────────────────────────
+
+    /// Verifies that the adapter produces the right `ResponseEvent` for a
+    /// variety of incoming `type` values.
+    #[tokio::test]
+    async fn table_driven_event_kinds() {
+        struct TestCase {
+            name: &'static str,
+            event: serde_json::Value,
+            expect_first: fn(&ResponseEvent) -> bool,
+            expected_len: usize,
+        }
+
+        fn is_created(ev: &ResponseEvent) -> bool {
+            matches!(ev, ResponseEvent::Created)
+        }
+        fn is_output(ev: &ResponseEvent) -> bool {
+            matches!(ev, ResponseEvent::OutputItemDone(_))
+        }
+        fn is_completed(ev: &ResponseEvent) -> bool {
+            matches!(ev, ResponseEvent::Completed { .. })
+        }
+
+        let completed = json!({
+            "type": "response.completed",
+            "response": {
+                "id": "c",
+                "usage": {
+                    "input_tokens": 0,
+                    "input_tokens_details": null,
+                    "output_tokens": 0,
+                    "output_tokens_details": null,
+                    "total_tokens": 0
+                },
+                "output": []
+            }
+        });
+
+        let cases = vec![
+            TestCase {
+                name: "created",
+                event: json!({"type": "response.created", "response": {}}),
+                expect_first: is_created,
+                expected_len: 2,
+            },
+            TestCase {
+                name: "output_item.done",
+                event: json!({
+                    "type": "response.output_item.done",
+                    "item": {
+                        "type": "message",
+                        "role": "assistant",
+                        "content": [
+                            {"type": "output_text", "text": "hi"}
+                        ]
+                    }
+                }),
+                expect_first: is_output,
+                expected_len: 2,
+            },
+            TestCase {
+                name: "unknown",
+                event: json!({"type": "response.new_tool_event"}),
+                expect_first: is_completed,
+                expected_len: 1,
+            },
+        ];
+
+        for case in cases {
+            let mut evs = vec![case.event];
+            evs.push(completed.clone());
+
+            let out = run_sse(evs).await;
+            assert_eq!(out.len(), case.expected_len, "case {}", case.name);
+            assert!(
+                (case.expect_first)(&out[0]),
+                "first event mismatch in case {}",
+                case.name
+            );
+        }
+    }
+}

codex-rs/core/src/config.rs

@@ -134,6 +134,9 @@ pub struct Config {
     /// When set to `true`, overrides the default heuristic and forces
     /// `model_supports_reasoning_summaries()` to return `true`.
     pub model_supports_reasoning_summaries: bool,
+
+    /// Base URL for requests to ChatGPT (as opposed to the OpenAI API).
+    pub chatgpt_base_url: String,
 }
 
 impl Config {
@@ -315,6 +318,9 @@ pub struct ConfigToml {
 
     /// Override to force-enable reasoning summaries for the configured model.
     pub model_supports_reasoning_summaries: Option<bool>,
+
+    /// Base URL for requests to ChatGPT (as opposed to the OpenAI API).
+    pub chatgpt_base_url: Option<String>,
 }
 
 impl ConfigToml {
@@ -483,6 +489,11 @@ impl Config {
             model_supports_reasoning_summaries: cfg
                 .model_supports_reasoning_summaries
                 .unwrap_or(false),
+
+            chatgpt_base_url: config_profile
+                .chatgpt_base_url
+                .or(cfg.chatgpt_base_url)
+                .unwrap_or("https://chatgpt.com/backend-api/".to_string()),
         };
         Ok(config)
     }
@@ -711,6 +722,7 @@ disable_response_storage = true
             query_params: None,
             http_headers: None,
             env_http_headers: None,
+            supports_temperature: true,
         };
         let model_provider_map = {
             let mut model_provider_map = built_in_model_providers();
@@ -788,6 +800,7 @@ disable_response_storage = true
                 model_reasoning_effort: ReasoningEffort::High,
                 model_reasoning_summary: ReasoningSummary::Detailed,
                 model_supports_reasoning_summaries: false,
+                chatgpt_base_url: "https://chatgpt.com/backend-api/".to_string(),
             },
             o3_profile_config
         );
@@ -833,6 +846,7 @@ disable_response_storage = true
             model_reasoning_effort: ReasoningEffort::default(),
             model_reasoning_summary: ReasoningSummary::default(),
             model_supports_reasoning_summaries: false,
+            chatgpt_base_url: "https://chatgpt.com/backend-api/".to_string(),
         };
 
         assert_eq!(expected_gpt3_profile_config, gpt3_profile_config);
@@ -893,6 +907,7 @@ disable_response_storage = true
             model_reasoning_effort: ReasoningEffort::default(),
             model_reasoning_summary: ReasoningSummary::default(),
             model_supports_reasoning_summaries: false,
+            chatgpt_base_url: "https://chatgpt.com/backend-api/".to_string(),
         };
 
         assert_eq!(expected_zdr_profile_config, zdr_profile_config);

codex-rs/core/src/config_profile.rs

@@ -16,4 +16,5 @@ pub struct ConfigProfile {
     pub disable_response_storage: Option<bool>,
     pub model_reasoning_effort: Option<ReasoningEffort>,
     pub model_reasoning_summary: Option<ReasoningSummary>,
+    pub chatgpt_base_url: Option<String>,
 }

codex-rs/core/src/model_provider_info.rs

@@ -64,6 +64,14 @@ pub struct ModelProviderInfo {
     /// value should be used. If the environment variable is not set, or the
     /// value is empty, the header will not be included in the request.
     pub env_http_headers: Option<HashMap<String, String>>,
+
+    /// Whether the provider accepts an explicit `temperature` parameter.
+    #[serde(default = "default_supports_temperature")]
+    pub supports_temperature: bool,
+}
+
+const fn default_supports_temperature() -> bool {
+    true
 }
 
 impl ModelProviderInfo {
@@ -205,6 +213,7 @@ pub fn built_in_model_providers() -> HashMap<String, ModelProviderInfo> {
                         .into_iter()
                         .collect(),
                 ),
+                supports_temperature: false,
             },
         ),
     ]
@@ -234,6 +243,7 @@ base_url = "http://localhost:11434/v1"
             query_params: None,
             http_headers: None,
             env_http_headers: None,
+            supports_temperature: true,
         };
 
         let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
@@ -259,6 +269,7 @@ query_params = { api-version = "2025-04-01-preview" }
             }),
             http_headers: None,
             env_http_headers: None,
+            supports_temperature: true,
         };
 
         let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();
@@ -287,6 +298,7 @@ env_http_headers = { "X-Example-Env-Header" = "EXAMPLE_ENV_VAR" }
             env_http_headers: Some(maplit::hashmap! {
                 "X-Example-Env-Header".to_string() => "EXAMPLE_ENV_VAR".to_string(),
             }),
+            supports_temperature: true,
         };
 
         let provider: ModelProviderInfo = toml::from_str(azure_provider_toml).unwrap();

codex-rs/core/tests/cli_responses_fixture.sse

@@ -0,0 +1,8 @@
+event: response.created
+data: {"type":"response.created","response":{"id":"resp1"}}
+
+event: response.output_item.done
+data: {"type":"response.output_item.done","item":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"fixture hello"}]}}
+
+event: response.completed
+data: {"type":"response.completed","response":{"id":"resp1","output":[]}}

codex-rs/core/tests/cli_stream.rs

@@ -0,0 +1,119 @@
+#![expect(clippy::unwrap_used)]
+
+use assert_cmd::Command as AssertCommand;
+use codex_core::exec::CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR;
+use tempfile::TempDir;
+use wiremock::Mock;
+use wiremock::MockServer;
+use wiremock::ResponseTemplate;
+use wiremock::matchers::method;
+use wiremock::matchers::path;
+
+/// Tests streaming chat completions through the CLI using a mock server.
+/// This test:
+/// 1. Sets up a mock server that simulates OpenAI's chat completions API
+/// 2. Configures codex to use this mock server via a custom provider
+/// 3. Sends a simple "hello?" prompt and verifies the streamed response
+/// 4. Ensures the response is received exactly once and contains "hi"
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn chat_mode_stream_cli() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    let server = MockServer::start().await;
+    let sse = concat!(
+        "data: {\"choices\":[{\"delta\":{\"content\":\"hi\"}}]}\n\n",
+        "data: {\"choices\":[{\"delta\":{}}]}\n\n",
+        "data: [DONE]\n\n"
+    );
+    Mock::given(method("POST"))
+        .and(path("/v1/chat/completions"))
+        .respond_with(
+            ResponseTemplate::new(200)
+                .insert_header("content-type", "text/event-stream")
+                .set_body_raw(sse, "text/event-stream"),
+        )
+        .expect(1)
+        .mount(&server)
+        .await;
+
+    let home = TempDir::new().unwrap();
+    let provider_override = format!(
+        "model_providers.mock={{ name = \"mock\", base_url = \"{}/v1\", env_key = \"PATH\", wire_api = \"chat\" }}",
+        server.uri()
+    );
+    let mut cmd = AssertCommand::new("cargo");
+    cmd.arg("run")
+        .arg("-p")
+        .arg("codex-cli")
+        .arg("--quiet")
+        .arg("--")
+        .arg("exec")
+        .arg("--skip-git-repo-check")
+        .arg("-c")
+        .arg(&provider_override)
+        .arg("-c")
+        .arg("model_provider=\"mock\"")
+        .arg("-C")
+        .arg(env!("CARGO_MANIFEST_DIR"))
+        .arg("hello?");
+    cmd.env("CODEX_HOME", home.path())
+        .env("OPENAI_API_KEY", "dummy")
+        .env("OPENAI_BASE_URL", format!("{}/v1", server.uri()));
+
+    let output = cmd.output().unwrap();
+    println!("Status: {}", output.status);
+    println!("Stdout:\n{}", String::from_utf8_lossy(&output.stdout));
+    println!("Stderr:\n{}", String::from_utf8_lossy(&output.stderr));
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(stdout.contains("hi"));
+    assert_eq!(stdout.matches("hi").count(), 1);
+
+    server.verify().await;
+}
+
+/// Tests streaming responses through the CLI using a local SSE fixture file.
+/// This test:
+/// 1. Uses a pre-recorded SSE response fixture instead of a live server
+/// 2. Configures codex to read from this fixture via CODEX_RS_SSE_FIXTURE env var
+/// 3. Sends a "hello?" prompt and verifies the response
+/// 4. Ensures the fixture content is correctly streamed through the CLI
+#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
+async fn responses_api_stream_cli() {
+    if std::env::var(CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR).is_ok() {
+        println!(
+            "Skipping test because it cannot execute when network is disabled in a Codex sandbox."
+        );
+        return;
+    }
+
+    let fixture =
+        std::path::Path::new(env!("CARGO_MANIFEST_DIR")).join("tests/cli_responses_fixture.sse");
+
+    let home = TempDir::new().unwrap();
+    let mut cmd = AssertCommand::new("cargo");
+    cmd.arg("run")
+        .arg("-p")
+        .arg("codex-cli")
+        .arg("--quiet")
+        .arg("--")
+        .arg("exec")
+        .arg("--skip-git-repo-check")
+        .arg("-C")
+        .arg(env!("CARGO_MANIFEST_DIR"))
+        .arg("hello?");
+    cmd.env("CODEX_HOME", home.path())
+        .env("OPENAI_API_KEY", "dummy")
+        .env("CODEX_RS_SSE_FIXTURE", fixture)
+        .env("OPENAI_BASE_URL", "http://unused.local");
+
+    let output = cmd.output().unwrap();
+    assert!(output.status.success());
+    let stdout = String::from_utf8_lossy(&output.stdout);
+    assert!(stdout.contains("fixture hello"));
+}

codex-rs/core/tests/fixtures/completed_template.json

@@ -0,0 +1,16 @@
+[
+  {
+    "type": "response.completed",
+    "response": {
+      "id": "__ID__",
+      "usage": {
+        "input_tokens": 0,
+        "input_tokens_details": null,
+        "output_tokens": 0,
+        "output_tokens_details": null,
+        "total_tokens": 0
+      },
+      "output": []
+    }
+  }
+]

codex-rs/core/tests/fixtures/incomplete_sse.json

@@ -0,0 +1,3 @@
+[
+  {"type": "response.output_item.done"}
+]

codex-rs/core/tests/previous_response_id.rs

@@ -11,6 +11,7 @@ mod test_support;
 use serde_json::Value;
 use tempfile::TempDir;
 use test_support::load_default_config_for_test;
+use test_support::load_sse_fixture_with_id;
 use tokio::time::timeout;
 use wiremock::Match;
 use wiremock::Mock;
@@ -42,12 +43,9 @@ impl Match for HasPrevId {
     }
 }
 
-/// Build minimal SSE stream with completed marker.
+/// Build minimal SSE stream with completed marker using the JSON fixture.
 fn sse_completed(id: &str) -> String {
-    format!(
-        "event: response.completed\n\
-data: {{\"type\":\"response.completed\",\"response\":{{\"id\":\"{id}\",\"output\":[]}}}}\n\n\n"
-    )
+    load_sse_fixture_with_id("tests/fixtures/completed_template.json", id)
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -109,6 +107,7 @@ async fn keeps_previous_response_id_between_tasks() {
         query_params: None,
         http_headers: None,
         env_http_headers: None,
+        supports_temperature: true,
     };
 
     // Init session

codex-rs/core/tests/stream_no_completed.rs

@@ -12,6 +12,8 @@ use codex_core::protocol::Op;
 mod test_support;
 use tempfile::TempDir;
 use test_support::load_default_config_for_test;
+use test_support::load_sse_fixture;
+use test_support::load_sse_fixture_with_id;
 use tokio::time::timeout;
 use wiremock::Mock;
 use wiremock::MockServer;
@@ -22,15 +24,11 @@ use wiremock::matchers::method;
 use wiremock::matchers::path;
 
 fn sse_incomplete() -> String {
-    // Only a single line; missing the completed event.
-    "event: response.output_item.done\n\n".to_string()
+    load_sse_fixture("tests/fixtures/incomplete_sse.json")
 }
 
 fn sse_completed(id: &str) -> String {
-    format!(
-        "event: response.completed\n\
-data: {{\"type\":\"response.completed\",\"response\":{{\"id\":\"{id}\",\"output\":[]}}}}\n\n\n"
-    )
+    load_sse_fixture_with_id("tests/fixtures/completed_template.json", id)
 }
 
 #[tokio::test(flavor = "multi_thread", worker_threads = 2)]
@@ -98,6 +96,7 @@ async fn retries_on_early_close() {
         query_params: None,
         http_headers: None,
         env_http_headers: None,
+        supports_temperature: true,
     };
 
     let ctrl_c = std::sync::Arc::new(tokio::sync::Notify::new());

codex-rs/core/tests/test_support.rs

@@ -21,3 +21,58 @@ pub fn load_default_config_for_test(codex_home: &TempDir) -> Config {
     )
     .expect("defaults for test should always succeed")
 }
+
+/// Builds an SSE stream body from a JSON fixture.
+///
+/// The fixture must contain an array of objects where each object represents a
+/// single SSE event with at least a `type` field matching the `event:` value.
+/// Additional fields become the JSON payload for the `data:` line. An object
+/// with only a `type` field results in an event with no `data:` section. This
+/// makes it trivial to extend the fixtures as OpenAI adds new event kinds or
+/// fields.
+#[allow(dead_code)]
+pub fn load_sse_fixture(path: impl AsRef<std::path::Path>) -> String {
+    let events: Vec<serde_json::Value> =
+        serde_json::from_reader(std::fs::File::open(path).expect("read fixture"))
+            .expect("parse JSON fixture");
+    events
+        .into_iter()
+        .map(|e| {
+            let kind = e
+                .get("type")
+                .and_then(|v| v.as_str())
+                .expect("fixture event missing type");
+            if e.as_object().map(|o| o.len() == 1).unwrap_or(false) {
+                format!("event: {kind}\n\n")
+            } else {
+                format!("event: {kind}\ndata: {e}\n\n")
+            }
+        })
+        .collect()
+}
+
+/// Same as [`load_sse_fixture`], but replaces the placeholder `__ID__` in the
+/// fixture template with the supplied identifier before parsing. This lets a
+/// single JSON template be reused by multiple tests that each need a unique
+/// `response_id`.
+#[allow(dead_code)]
+pub fn load_sse_fixture_with_id(path: impl AsRef<std::path::Path>, id: &str) -> String {
+    let raw = std::fs::read_to_string(path).expect("read fixture template");
+    let replaced = raw.replace("__ID__", id);
+    let events: Vec<serde_json::Value> =
+        serde_json::from_str(&replaced).expect("parse JSON fixture");
+    events
+        .into_iter()
+        .map(|e| {
+            let kind = e
+                .get("type")
+                .and_then(|v| v.as_str())
+                .expect("fixture event missing type");
+            if e.as_object().map(|o| o.len() == 1).unwrap_or(false) {
+                format!("event: {kind}\n\n")
+            } else {
+                format!("event: {kind}\ndata: {e}\n\n")
+            }
+        })
+        .collect()
+}

codex-rs/login/src/lib.rs

@@ -59,6 +59,13 @@ pub async fn login_with_chatgpt(
 /// Attempt to read the `OPENAI_API_KEY` from the `auth.json` file in the given
 /// `CODEX_HOME` directory, refreshing it, if necessary.
 pub async fn try_read_openai_api_key(codex_home: &Path) -> std::io::Result<String> {
+    let auth_dot_json = try_read_auth_json(codex_home).await?;
+    Ok(auth_dot_json.openai_api_key)
+}
+
+/// Attempt to read and refresh the `auth.json` file in the given `CODEX_HOME` directory.
+/// Returns the full AuthDotJson structure after refreshing if necessary.
+pub async fn try_read_auth_json(codex_home: &Path) -> std::io::Result<AuthDotJson> {
     let auth_path = codex_home.join("auth.json");
     let mut file = std::fs::File::open(&auth_path)?;
     let mut contents = String::new();
@@ -88,9 +95,9 @@ pub async fn try_read_openai_api_key(codex_home: &Path) -> std::io::Result<Strin
             file.flush()?;
         }
 
-        Ok(auth_dot_json.openai_api_key)
+        Ok(auth_dot_json)
     } else {
-        Ok(auth_dot_json.openai_api_key)
+        Ok(auth_dot_json)
     }
 }
 
@@ -146,23 +153,24 @@ struct RefreshResponse {
 
 /// Expected structure for $CODEX_HOME/auth.json.
 #[derive(Deserialize, Serialize)]
-struct AuthDotJson {
+pub struct AuthDotJson {
     #[serde(rename = "OPENAI_API_KEY")]
-    openai_api_key: String,
+    pub openai_api_key: String,
 
-    tokens: TokenData,
+    pub tokens: TokenData,
 
-    last_refresh: DateTime<Utc>,
+    pub last_refresh: DateTime<Utc>,
 }
 
-#[derive(Deserialize, Serialize)]
-struct TokenData {
+#[derive(Deserialize, Serialize, Clone)]
+pub struct TokenData {
     /// This is a JWT.
-    id_token: String,
+    pub id_token: String,
 
     /// This is a JWT.
-    #[allow(dead_code)]
-    access_token: String,
+    pub access_token: String,
 
-    refresh_token: String,
+    pub refresh_token: String,
+
+    pub account_id: String,
 }

codex-rs/login/src/login_with_chatgpt.py

@@ -51,6 +51,7 @@ class TokenData:
     id_token: str
     access_token: str
     refresh_token: str
+    account_id: str
 
 
 @dataclass
@@ -240,20 +241,26 @@ class _ApiKeyHTTPHandler(http.server.BaseHTTPRequestHandler):
             )
         ) as resp:
             payload = json.loads(resp.read().decode())
+            
+            # Extract chatgpt_account_id from id_token
+            id_token_parts = payload["id_token"].split(".")
+            if len(id_token_parts) != 3:
+                raise ValueError("Invalid ID token")
+            id_token_claims = _decode_jwt_segment(id_token_parts[1])
+            auth_claims = id_token_claims.get("https://api.openai.com/auth", {})
+            chatgpt_account_id = auth_claims.get("chatgpt_account_id", "")
+            
             token_data = TokenData(
                 id_token=payload["id_token"],
                 access_token=payload["access_token"],
                 refresh_token=payload["refresh_token"],
+                account_id=chatgpt_account_id,
             )
 
-        id_token_parts = token_data.id_token.split(".")
-        if len(id_token_parts) != 3:
-            raise ValueError("Invalid ID token")
         access_token_parts = token_data.access_token.split(".")
         if len(access_token_parts) != 3:
             raise ValueError("Invalid access token")
 
-        id_token_claims = _decode_jwt_segment(id_token_parts[1])
         access_token_claims = _decode_jwt_segment(access_token_parts[1])
 
         token_claims = id_token_claims.get("https://api.openai.com/auth", {})
@@ -375,6 +382,7 @@ def _write_auth_file(*, auth: AuthBundle, codex_home: str) -> bool:
             "id_token": auth.token_data.id_token,
             "access_token": auth.token_data.access_token,
             "refresh_token": auth.token_data.refresh_token,
+            "account_id": auth.token_data.account_id,
         },
         "last_refresh": auth.last_refresh,
     }

codex-rs/mcp-server/src/codex_tool_runner.rs

@@ -9,6 +9,7 @@ use codex_core::protocol::Event;
 use codex_core::protocol::EventMsg;
 use codex_core::protocol::InputItem;
 use codex_core::protocol::Op;
+use codex_core::protocol::Submission;
 use codex_core::protocol::TaskCompleteEvent;
 use mcp_types::CallToolResult;
 use mcp_types::CallToolResultContent;
@@ -66,14 +67,24 @@ pub async fn run_codex_tool_session(
         .send(codex_event_to_notification(&first_event))
         .await;
 
-    if let Err(e) = codex
-        .submit(Op::UserInput {
+    // Use the original MCP request ID as the `sub_id` for the Codex submission so that
+    // any events emitted for this tool-call can be correlated with the
+    // originating `tools/call` request.
+    let sub_id = match &id {
+        RequestId::String(s) => s.clone(),
+        RequestId::Integer(n) => n.to_string(),
+    };
+
+    let submission = Submission {
+        id: sub_id,
+        op: Op::UserInput {
             items: vec![InputItem::Text {
                 text: initial_prompt.clone(),
             }],
-        })
-        .await
-    {
+        },
+    };
+
+    if let Err(e) = codex.submit_with_id(submission).await {
         tracing::error!("Failed to submit initial prompt: {e}");
     }
 

codex-rs/tui/Cargo.toml

@@ -40,6 +40,7 @@ ratatui = { version = "0.29.0", features = [
 ] }
 ratatui-image = "8.0.0"
 regex-lite = "0.1"
+reqwest = { version = "0.12", features = ["json"] }
 serde_json = { version = "1", features = ["preserve_order"] }
 shlex = "1.3.0"
 strum = "0.27.1"
@@ -59,6 +60,8 @@ tui-markdown = "0.3.3"
 tui-textarea = "0.7.0"
 unicode-segmentation = "1.12.0"
 uuid = "1"
+time = { version = "0.3", features = ["formatting"] }
 
 [dev-dependencies]
+insta = "1.43.1"
 pretty_assertions = "1"

codex-rs/tui/src/app.rs

@@ -98,21 +98,7 @@ impl<'a> App<'a> {
                             scroll_event_helper.scroll_down();
                         }
                         crossterm::event::Event::Paste(pasted) => {
-                            use crossterm::event::KeyModifiers;
-
-                            for ch in pasted.chars() {
-                                let key_event = match ch {
-                                    '\n' | '\r' => {
-                                        // Represent newline as <Shift+Enter> so that the bottom
-                                        // pane treats it as a literal newline instead of a submit
-                                        // action (submission is only triggered on Enter *without*
-                                        // any modifiers).
-                                        KeyEvent::new(KeyCode::Enter, KeyModifiers::SHIFT)
-                                    }
-                                    _ => KeyEvent::new(KeyCode::Char(ch), KeyModifiers::empty()),
-                                };
-                                app_event_tx.send(AppEvent::KeyEvent(key_event));
-                            }
+                            app_event_tx.send(AppEvent::Paste(pasted));
                         }
                         _ => {
                             // Ignore any other events.
@@ -223,6 +209,9 @@ impl<'a> App<'a> {
                 AppEvent::Scroll(scroll_delta) => {
                     self.dispatch_scroll_event(scroll_delta);
                 }
+                AppEvent::Paste(text) => {
+                    self.dispatch_paste_event(text);
+                }
                 AppEvent::CodexEvent(event) => {
                     self.dispatch_codex_event(event);
                 }
@@ -277,6 +266,11 @@ impl<'a> App<'a> {
                             widget.add_diff_output(text);
                         }
                     }
+                    SlashCommand::SecurityReview => {
+                        if let AppState::Chat { widget } = &mut self.app_state {
+                            widget.start_security_review_with_defaults();
+                        }
+                    }
                 },
                 AppEvent::StartFileSearch(query) => {
                     self.file_search.on_user_query(query);
@@ -286,6 +280,11 @@ impl<'a> App<'a> {
                         widget.apply_file_search_result(query, matches);
                     }
                 }
+                AppEvent::SecurityReviewFinished { mode, outcome } => {
+                    if let AppState::Chat { widget } = &mut self.app_state {
+                        widget.handle_security_review_finished(mode, outcome);
+                    }
+                }
             }
         }
         terminal.clear()?;
@@ -343,6 +342,13 @@ impl<'a> App<'a> {
         }
     }
 
+    fn dispatch_paste_event(&mut self, pasted: String) {
+        match &mut self.app_state {
+            AppState::Chat { widget } => widget.handle_paste(pasted),
+            AppState::Login { .. } | AppState::GitWarning { .. } => {}
+        }
+    }
+
     fn dispatch_scroll_event(&mut self, scroll_delta: i32) {
         match &mut self.app_state {
             AppState::Chat { widget } => widget.handle_scroll_delta(scroll_delta),

codex-rs/tui/src/app_event.rs

@@ -2,6 +2,7 @@ use codex_core::protocol::Event;
 use codex_file_search::FileMatch;
 use crossterm::event::KeyEvent;
 
+use crate::security_review::{SecurityReviewFailure, SecurityReviewMode, SecurityReviewResult};
 use crate::slash_command::SlashCommand;
 
 #[allow(clippy::large_enum_variant)]
@@ -12,6 +13,9 @@ pub(crate) enum AppEvent {
 
     KeyEvent(KeyEvent),
 
+    /// Text pasted from the terminal clipboard.
+    Paste(String),
+
     /// Scroll event with a value representing the "scroll delta" as the net
     /// scroll up/down events within a short time window.
     Scroll(i32),
@@ -42,4 +46,10 @@ pub(crate) enum AppEvent {
         query: String,
         matches: Vec<FileMatch>,
     },
+
+    /// Completion event for a `/secreview` invocation.
+    SecurityReviewFinished {
+        mode: SecurityReviewMode,
+        outcome: Result<SecurityReviewResult, SecurityReviewFailure>,
+    },
 }

codex-rs/tui/src/bottom_pane/chat_composer.rs

@@ -28,6 +28,9 @@ const MIN_TEXTAREA_ROWS: usize = 1;
 const BORDER_LINES: u16 = 2;
 
 const BASE_PLACEHOLDER_TEXT: &str = "send a message";
+/// If the pasted content exceeds this number of characters, replace it with a
+/// placeholder in the UI.
+const LARGE_PASTE_CHAR_THRESHOLD: usize = 1000;
 
 /// Result returned when the user interacts with the text area.
 pub enum InputResult {
@@ -43,6 +46,7 @@ pub(crate) struct ChatComposer<'a> {
     ctrl_c_quit_hint: bool,
     dismissed_file_popup_token: Option<String>,
     current_file_query: Option<String>,
+    pending_pastes: Vec<(String, String)>,
 }
 
 /// Popup state – at most one can be visible at any time.
@@ -66,6 +70,7 @@ impl ChatComposer<'_> {
             ctrl_c_quit_hint: false,
             dismissed_file_popup_token: None,
             current_file_query: None,
+            pending_pastes: Vec::new(),
         };
         this.update_border(has_input_focus);
         this
@@ -126,6 +131,20 @@ impl ChatComposer<'_> {
         self.update_border(has_focus);
     }
 
+    pub fn handle_paste(&mut self, pasted: String) -> bool {
+        let char_count = pasted.chars().count();
+        if char_count > LARGE_PASTE_CHAR_THRESHOLD {
+            let placeholder = format!("[Pasted Content {char_count} chars]");
+            self.textarea.insert_str(&placeholder);
+            self.pending_pastes.push((placeholder, pasted));
+        } else {
+            self.textarea.insert_str(&pasted);
+        }
+        self.sync_command_popup();
+        self.sync_file_search_popup();
+        true
+    }
+
     /// Integrate results from an asynchronous file search.
     pub(crate) fn on_file_search_result(&mut self, query: String, matches: Vec<FileMatch>) {
         // Only apply if user is still editing a token starting with `query`.
@@ -414,10 +433,18 @@ impl ChatComposer<'_> {
                 alt: false,
                 ctrl: false,
             } => {
-                let text = self.textarea.lines().join("\n");
+                let mut text = self.textarea.lines().join("\n");
                 self.textarea.select_all();
                 self.textarea.cut();
 
+                // Replace all pending pastes in the text
+                for (placeholder, actual) in &self.pending_pastes {
+                    if text.contains(placeholder) {
+                        text = text.replace(placeholder, actual);
+                    }
+                }
+                self.pending_pastes.clear();
+
                 if text.is_empty() {
                     (InputResult::None, true)
                 } else {
@@ -443,10 +470,71 @@ impl ChatComposer<'_> {
 
     /// Handle generic Input events that modify the textarea content.
     fn handle_input_basic(&mut self, input: Input) -> (InputResult, bool) {
+        // Special handling for backspace on placeholders
+        if let Input {
+            key: Key::Backspace,
+            ..
+        } = input
+        {
+            if self.try_remove_placeholder_at_cursor() {
+                return (InputResult::None, true);
+            }
+        }
+
+        // Normal input handling
         self.textarea.input(input);
+        let text_after = self.textarea.lines().join("\n");
+
+        // Check if any placeholders were removed and remove their corresponding pending pastes
+        self.pending_pastes
+            .retain(|(placeholder, _)| text_after.contains(placeholder));
+
         (InputResult::None, true)
     }
 
+    /// Attempts to remove a placeholder if the cursor is at the end of one.
+    /// Returns true if a placeholder was removed.
+    fn try_remove_placeholder_at_cursor(&mut self) -> bool {
+        let (row, col) = self.textarea.cursor();
+        let line = self
+            .textarea
+            .lines()
+            .get(row)
+            .map(|s| s.as_str())
+            .unwrap_or("");
+
+        // Find any placeholder that ends at the cursor position
+        let placeholder_to_remove = self.pending_pastes.iter().find_map(|(ph, _)| {
+            if col < ph.len() {
+                return None;
+            }
+            let potential_ph_start = col - ph.len();
+            if line[potential_ph_start..col] == *ph {
+                Some(ph.clone())
+            } else {
+                None
+            }
+        });
+
+        if let Some(placeholder) = placeholder_to_remove {
+            // Remove the entire placeholder from the text
+            let placeholder_len = placeholder.len();
+            for _ in 0..placeholder_len {
+                self.textarea.input(Input {
+                    key: Key::Backspace,
+                    ctrl: false,
+                    alt: false,
+                    shift: false,
+                });
+            }
+            // Remove from pending pastes
+            self.pending_pastes.retain(|(ph, _)| ph != &placeholder);
+            true
+        } else {
+            false
+        }
+    }
+
     /// Synchronize `self.command_popup` with the current text in the
     /// textarea. This must be called after every modification that can change
     /// the text so the popup is shown/updated/hidden as appropriate.
@@ -624,7 +712,10 @@ impl WidgetRef for &ChatComposer<'_> {
 
 #[cfg(test)]
 mod tests {
+    use crate::bottom_pane::AppEventSender;
     use crate::bottom_pane::ChatComposer;
+    use crate::bottom_pane::InputResult;
+    use crate::bottom_pane::chat_composer::LARGE_PASTE_CHAR_THRESHOLD;
     use tui_textarea::TextArea;
 
     #[test]
@@ -770,4 +861,324 @@ mod tests {
             );
         }
     }
+
+    #[test]
+    fn handle_paste_small_inserts_text() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender);
+
+        let needs_redraw = composer.handle_paste("hello".to_string());
+        assert!(needs_redraw);
+        assert_eq!(composer.textarea.lines(), ["hello"]);
+        assert!(composer.pending_pastes.is_empty());
+
+        let (result, _) =
+            composer.handle_key_event(KeyEvent::new(KeyCode::Enter, KeyModifiers::NONE));
+        match result {
+            InputResult::Submitted(text) => assert_eq!(text, "hello"),
+            _ => panic!("expected Submitted"),
+        }
+    }
+
+    #[test]
+    fn handle_paste_large_uses_placeholder_and_replaces_on_submit() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender);
+
+        let large = "x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 10);
+        let needs_redraw = composer.handle_paste(large.clone());
+        assert!(needs_redraw);
+        let placeholder = format!("[Pasted Content {} chars]", large.chars().count());
+        assert_eq!(composer.textarea.lines(), [placeholder.as_str()]);
+        assert_eq!(composer.pending_pastes.len(), 1);
+        assert_eq!(composer.pending_pastes[0].0, placeholder);
+        assert_eq!(composer.pending_pastes[0].1, large);
+
+        let (result, _) =
+            composer.handle_key_event(KeyEvent::new(KeyCode::Enter, KeyModifiers::NONE));
+        match result {
+            InputResult::Submitted(text) => assert_eq!(text, large),
+            _ => panic!("expected Submitted"),
+        }
+        assert!(composer.pending_pastes.is_empty());
+    }
+
+    #[test]
+    fn edit_clears_pending_paste() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let large = "y".repeat(LARGE_PASTE_CHAR_THRESHOLD + 1);
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender);
+
+        composer.handle_paste(large);
+        assert_eq!(composer.pending_pastes.len(), 1);
+
+        // Any edit that removes the placeholder should clear pending_paste
+        composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
+        assert!(composer.pending_pastes.is_empty());
+    }
+
+    #[test]
+    fn ui_snapshots() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+        use insta::assert_snapshot;
+        use ratatui::Terminal;
+        use ratatui::backend::TestBackend;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut terminal = match Terminal::new(TestBackend::new(100, 10)) {
+            Ok(t) => t,
+            Err(e) => panic!("Failed to create terminal: {e}"),
+        };
+
+        let test_cases = vec![
+            ("empty", None),
+            ("small", Some("short".to_string())),
+            ("large", Some("z".repeat(LARGE_PASTE_CHAR_THRESHOLD + 5))),
+            ("multiple_pastes", None),
+            ("backspace_after_pastes", None),
+        ];
+
+        for (name, input) in test_cases {
+            // Create a fresh composer for each test case
+            let mut composer = ChatComposer::new(true, sender.clone());
+
+            if let Some(text) = input {
+                composer.handle_paste(text);
+            } else if name == "multiple_pastes" {
+                // First large paste
+                composer.handle_paste("x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 3));
+                // Second large paste
+                composer.handle_paste("y".repeat(LARGE_PASTE_CHAR_THRESHOLD + 7));
+                // Small paste
+                composer.handle_paste(" another short paste".to_string());
+            } else if name == "backspace_after_pastes" {
+                // Three large pastes
+                composer.handle_paste("a".repeat(LARGE_PASTE_CHAR_THRESHOLD + 2));
+                composer.handle_paste("b".repeat(LARGE_PASTE_CHAR_THRESHOLD + 4));
+                composer.handle_paste("c".repeat(LARGE_PASTE_CHAR_THRESHOLD + 6));
+                // Move cursor to end and press backspace
+                composer.textarea.move_cursor(tui_textarea::CursorMove::End);
+                composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
+            }
+
+            terminal
+                .draw(|f| f.render_widget_ref(&composer, f.area()))
+                .unwrap_or_else(|e| panic!("Failed to draw {name} composer: {e}"));
+
+            assert_snapshot!(name, terminal.backend());
+        }
+    }
+
+    #[test]
+    fn test_multiple_pastes_submission() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender);
+
+        // Define test cases: (paste content, is_large)
+        let test_cases = [
+            ("x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 3), true),
+            (" and ".to_string(), false),
+            ("y".repeat(LARGE_PASTE_CHAR_THRESHOLD + 7), true),
+        ];
+
+        // Expected states after each paste
+        let mut expected_text = String::new();
+        let mut expected_pending_count = 0;
+
+        // Apply all pastes and build expected state
+        let states: Vec<_> = test_cases
+            .iter()
+            .map(|(content, is_large)| {
+                composer.handle_paste(content.clone());
+                if *is_large {
+                    let placeholder = format!("[Pasted Content {} chars]", content.chars().count());
+                    expected_text.push_str(&placeholder);
+                    expected_pending_count += 1;
+                } else {
+                    expected_text.push_str(content);
+                }
+                (expected_text.clone(), expected_pending_count)
+            })
+            .collect();
+
+        // Verify all intermediate states were correct
+        assert_eq!(
+            states,
+            vec![
+                (
+                    format!("[Pasted Content {} chars]", test_cases[0].0.chars().count()),
+                    1
+                ),
+                (
+                    format!(
+                        "[Pasted Content {} chars] and ",
+                        test_cases[0].0.chars().count()
+                    ),
+                    1
+                ),
+                (
+                    format!(
+                        "[Pasted Content {} chars] and [Pasted Content {} chars]",
+                        test_cases[0].0.chars().count(),
+                        test_cases[2].0.chars().count()
+                    ),
+                    2
+                ),
+            ]
+        );
+
+        // Submit and verify final expansion
+        let (result, _) =
+            composer.handle_key_event(KeyEvent::new(KeyCode::Enter, KeyModifiers::NONE));
+        if let InputResult::Submitted(text) = result {
+            assert_eq!(text, format!("{} and {}", test_cases[0].0, test_cases[2].0));
+        } else {
+            panic!("expected Submitted");
+        }
+    }
+
+    #[test]
+    fn test_placeholder_deletion() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender);
+
+        // Define test cases: (content, is_large)
+        let test_cases = [
+            ("a".repeat(LARGE_PASTE_CHAR_THRESHOLD + 5), true),
+            (" and ".to_string(), false),
+            ("b".repeat(LARGE_PASTE_CHAR_THRESHOLD + 6), true),
+        ];
+
+        // Apply all pastes
+        let mut current_pos = 0;
+        let states: Vec<_> = test_cases
+            .iter()
+            .map(|(content, is_large)| {
+                composer.handle_paste(content.clone());
+                if *is_large {
+                    let placeholder = format!("[Pasted Content {} chars]", content.chars().count());
+                    current_pos += placeholder.len();
+                } else {
+                    current_pos += content.len();
+                }
+                (
+                    composer.textarea.lines().join("\n"),
+                    composer.pending_pastes.len(),
+                    current_pos,
+                )
+            })
+            .collect();
+
+        // Delete placeholders one by one and collect states
+        let mut deletion_states = vec![];
+
+        // First deletion
+        composer
+            .textarea
+            .move_cursor(tui_textarea::CursorMove::Jump(0, states[0].2 as u16));
+        composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
+        deletion_states.push((
+            composer.textarea.lines().join("\n"),
+            composer.pending_pastes.len(),
+        ));
+
+        // Second deletion
+        composer
+            .textarea
+            .move_cursor(tui_textarea::CursorMove::Jump(
+                0,
+                composer.textarea.lines().join("\n").len() as u16,
+            ));
+        composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
+        deletion_states.push((
+            composer.textarea.lines().join("\n"),
+            composer.pending_pastes.len(),
+        ));
+
+        // Verify all states
+        assert_eq!(
+            deletion_states,
+            vec![
+                (" and [Pasted Content 1006 chars]".to_string(), 1),
+                (" and ".to_string(), 0),
+            ]
+        );
+    }
+
+    #[test]
+    fn test_partial_placeholder_deletion() {
+        use crossterm::event::KeyCode;
+        use crossterm::event::KeyEvent;
+        use crossterm::event::KeyModifiers;
+
+        let (tx, _rx) = std::sync::mpsc::channel();
+        let sender = AppEventSender::new(tx);
+        let mut composer = ChatComposer::new(true, sender);
+
+        // Define test cases: (cursor_position_from_end, expected_pending_count)
+        let test_cases = [
+            5, // Delete from middle - should clear tracking
+            0, // Delete from end - should clear tracking
+        ];
+
+        let paste = "x".repeat(LARGE_PASTE_CHAR_THRESHOLD + 4);
+        let placeholder = format!("[Pasted Content {} chars]", paste.chars().count());
+
+        let states: Vec<_> = test_cases
+            .into_iter()
+            .map(|pos_from_end| {
+                composer.handle_paste(paste.clone());
+                composer
+                    .textarea
+                    .move_cursor(tui_textarea::CursorMove::Jump(
+                        0,
+                        (placeholder.len() - pos_from_end) as u16,
+                    ));
+                composer.handle_key_event(KeyEvent::new(KeyCode::Backspace, KeyModifiers::NONE));
+                let result = (
+                    composer.textarea.lines().join("\n").contains(&placeholder),
+                    composer.pending_pastes.len(),
+                );
+                composer.textarea.select_all();
+                composer.textarea.cut();
+                result
+            })
+            .collect();
+
+        assert_eq!(
+            states,
+            vec![
+                (false, 0), // After deleting from middle
+                (false, 0), // After deleting from end
+            ]
+        );
+    }
 }

codex-rs/tui/src/bottom_pane/mod.rs

@@ -82,6 +82,15 @@ impl BottomPane<'_> {
         }
     }
 
+    pub fn handle_paste(&mut self, pasted: String) {
+        if self.active_view.is_none() {
+            let needs_redraw = self.composer.handle_paste(pasted);
+            if needs_redraw {
+                self.request_redraw();
+            }
+        }
+    }
+
     /// Update the status indicator text (only when the `StatusIndicatorView` is
     /// active).
     pub(crate) fn update_status_text(&mut self, text: String) {

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__backspace_after_pastes.snap

@@ -0,0 +1,14 @@
+---
+source: tui/src/bottom_pane/chat_composer.rs
+expression: terminal.backend()
+---
+"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
+"│[Pasted Content 1002 chars][Pasted Content 1004 chars]                                            │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__empty.snap

@@ -0,0 +1,14 @@
+---
+source: tui/src/bottom_pane/chat_composer.rs
+expression: terminal.backend()
+---
+"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
+"│ send a message                                                                                   │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__large.snap

@@ -0,0 +1,14 @@
+---
+source: tui/src/bottom_pane/chat_composer.rs
+expression: terminal.backend()
+---
+"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
+"│[Pasted Content 1005 chars]                                                                       │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__multiple_pastes.snap

@@ -0,0 +1,14 @@
+---
+source: tui/src/bottom_pane/chat_composer.rs
+expression: terminal.backend()
+---
+"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
+"│[Pasted Content 1003 chars][Pasted Content 1007 chars] another short paste                        │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"

codex-rs/tui/src/bottom_pane/snapshots/codex_tui__bottom_pane__chat_composer__tests__small.snap

@@ -0,0 +1,14 @@
+---
+source: tui/src/bottom_pane/chat_composer.rs
+expression: terminal.backend()
+---
+"╭──────────────────────────────────────────────────────────────────────────────────────────────────╮"
+"│short                                                                                             │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"│                                                                                                  │"
+"╰───────────────────────────────────────────────Enter to send | Ctrl+D to quit | Ctrl+J for newline╯"

codex-rs/tui/src/chatwidget.rs

@@ -1,4 +1,4 @@
-use std::path::PathBuf;
+use std::path::{Path, PathBuf};
 use std::sync::Arc;
 
 use codex_core::codex_wrapper::init_codex;
@@ -29,6 +29,7 @@ use ratatui::widgets::Widget;
 use ratatui::widgets::WidgetRef;
 use tokio::sync::mpsc::UnboundedSender;
 use tokio::sync::mpsc::unbounded_channel;
+use tokio::task::JoinHandle;
 
 use crate::app_event::AppEvent;
 use crate::app_event_sender::AppEventSender;
@@ -38,7 +39,10 @@ use crate::bottom_pane::InputResult;
 use crate::conversation_history_widget::ConversationHistoryWidget;
 use crate::history_cell::PatchEventType;
 use crate::user_approval_widget::ApprovalRequest;
+use crate::security_review::{run_security_review, SecurityReviewFailure, SecurityReviewMode, SecurityReviewRequest, SecurityReviewResult};
 use codex_file_search::FileMatch;
+use path_clean::PathClean;
+use shlex;
 
 pub(crate) struct ChatWidget<'a> {
     app_event_tx: AppEventSender,
@@ -49,6 +53,8 @@ pub(crate) struct ChatWidget<'a> {
     config: Config,
     initial_user_message: Option<UserMessage>,
     token_usage: TokenUsage,
+    security_review_handle: Option<JoinHandle<()>>,
+    active_security_review_mode: Option<SecurityReviewMode>,
 }
 
 #[derive(Clone, Copy, Eq, PartialEq)]
@@ -79,6 +85,15 @@ fn create_initial_user_message(text: String, image_paths: Vec<PathBuf>) -> Optio
     }
 }
 
+#[derive(Debug, Default)]
+struct ParsedSecReviewCommand {
+    mode: SecurityReviewMode,
+    include_paths: Vec<String>,
+    output_path: Option<String>,
+    repo_path: Option<String>,
+    model_name: Option<String>,
+}
+
 impl ChatWidget<'_> {
     pub(crate) fn new(
         config: Config,
@@ -135,6 +150,8 @@ impl ChatWidget<'_> {
                 initial_images,
             ),
             token_usage: TokenUsage::default(),
+            security_review_handle: None,
+            active_security_review_mode: None,
         }
     }
 
@@ -174,8 +191,19 @@ impl ChatWidget<'_> {
         }
     }
 
+    pub(crate) fn handle_paste(&mut self, text: String) {
+        if matches!(self.input_focus, InputFocus::BottomPane) {
+            self.bottom_pane.handle_paste(text);
+        }
+    }
+
     fn submit_user_message(&mut self, user_message: UserMessage) {
         let UserMessage { text, image_paths } = user_message;
+
+        if self.try_handle_slash_command(&text) {
+            return;
+        }
+
         let mut items: Vec<InputItem> = Vec::new();
 
         if !text.is_empty() {
@@ -212,6 +240,240 @@ impl ChatWidget<'_> {
         self.conversation_history.scroll_to_bottom();
     }
 
+    fn try_handle_slash_command(&mut self, text: &str) -> bool {
+        let trimmed = text.trim();
+        if trimmed.starts_with("/secreview") {
+            match parse_security_review_command(trimmed) {
+                Ok(command) => {
+                    if let Err(err) = self.launch_security_review(command) {
+                        self.report_security_review_error(err);
+                    }
+                }
+                Err(err) => self.report_security_review_error(err),
+            }
+            return true;
+        }
+        false
+    }
+
+    pub(crate) fn start_security_review_with_defaults(&mut self) {
+        let command = ParsedSecReviewCommand::default();
+        if let Err(err) = self.launch_security_review(command) {
+            self.report_security_review_error(err);
+        }
+    }
+
+    fn launch_security_review(&mut self, command: ParsedSecReviewCommand) -> Result<(), String> {
+        let repo_candidate = if let Some(repo_override) = command.repo_path.as_ref() {
+            let candidate = Path::new(repo_override);
+            if candidate.is_absolute() {
+                candidate.to_path_buf()
+            } else {
+                self.config.cwd.join(candidate)
+            }
+        } else {
+            self.config.cwd.clone()
+        }
+        .clean();
+
+        let repo_path = match repo_candidate.canonicalize() {
+            Ok(path) => path,
+            Err(_) => repo_candidate.clone(),
+        };
+
+        if !repo_path.exists() {
+            return Err(format!(
+                "Repository path '{}' does not exist.",
+                repo_path.display()
+            ));
+        }
+        if !repo_path.is_dir() {
+            return Err(format!(
+                "Repository path '{}' is not a directory.",
+                repo_path.display()
+            ));
+        }
+
+        let mut resolved_paths: Vec<PathBuf> = Vec::new();
+        let mut display_paths: Vec<String> = Vec::new();
+
+        for include in &command.include_paths {
+            let candidate = resolve_path(&repo_path, include);
+            let canonical = match candidate.canonicalize() {
+                Ok(path) => path,
+                Err(_) => candidate.clone(),
+            };
+
+            if !canonical.exists() {
+                return Err(format!("Path '{}' does not exist.", canonical.display()));
+            }
+            if !canonical.starts_with(&repo_path) {
+                return Err(format!(
+                    "Path '{}' is outside the repository root '{}'.",
+                    canonical.display(),
+                    repo_path.display()
+                ));
+            }
+
+            let relative = canonical
+                .strip_prefix(&repo_path)
+                .unwrap_or(&canonical)
+                .display()
+                .to_string();
+            display_paths.push(relative);
+            resolved_paths.push(canonical);
+        }
+
+        let output_root = if let Some(output_override) = command.output_path.as_ref() {
+            let candidate = Path::new(output_override);
+            if candidate.is_absolute() {
+                candidate.to_path_buf()
+            } else {
+                repo_path.join(candidate)
+            }
+        } else {
+            repo_path.join("appsec_review")
+        }
+        .clean();
+
+        let model_name = command
+            .model_name
+            .clone()
+            .unwrap_or_else(|| self.config.model.clone());
+
+        if self.security_review_handle.is_some() {
+            return Err("A security review is already running. Please wait for it to finish or abort it before starting another.".to_string());
+        }
+
+        let scope_description = if resolved_paths.is_empty() {
+            "entire repository".to_string()
+        } else {
+            display_paths.join(", ")
+        };
+
+        let summary = format!(
+            "🔐 Running AppSec security review (mode: {}).\nRepository: {}\nScope: {}\nOutput: {}\nModel: {}",
+            command.mode.as_str(),
+            repo_path.display(),
+            scope_description,
+            output_root.display(),
+            model_name
+        );
+        self.conversation_history.add_background_event(summary);
+        self.conversation_history.scroll_to_bottom();
+        self.bottom_pane.set_task_running(true);
+        self.request_redraw();
+
+        let provider = self.config.model_provider.clone();
+        let request = SecurityReviewRequest {
+            repo_path: repo_path.clone(),
+            include_paths: resolved_paths,
+            output_root: output_root.clone(),
+            mode: command.mode,
+            model: model_name,
+            provider,
+            progress_sender: Some(self.app_event_tx.clone()),
+        };
+
+        let app_event_tx = self.app_event_tx.clone();
+        let mode = command.mode;
+        let handle = tokio::spawn(async move {
+            let outcome = run_security_review(request).await;
+            app_event_tx.send(AppEvent::SecurityReviewFinished { mode, outcome });
+        });
+        self.security_review_handle = Some(handle);
+        self.active_security_review_mode = Some(mode);
+
+        Ok(())
+    }
+
+    fn report_security_review_error(&mut self, message: String) {
+        self.security_review_handle = None;
+        self.active_security_review_mode = None;
+        self.bottom_pane.set_task_running(false);
+        self.conversation_history
+            .add_background_event(format!("❌ {message}"));
+        self.conversation_history.scroll_to_bottom();
+        self.request_redraw();
+    }
+
+    pub(crate) fn handle_security_review_finished(
+        &mut self,
+        mode: SecurityReviewMode,
+        outcome: Result<SecurityReviewResult, SecurityReviewFailure>,
+    ) {
+        self.security_review_handle = None;
+        self.active_security_review_mode = None;
+        self.bottom_pane.set_task_running(false);
+        match outcome {
+            Ok(result) => {
+                let SecurityReviewResult {
+                    bugs_markdown,
+                    report_markdown,
+                    bugs_path,
+                    report_path,
+                    logs,
+                } = result;
+
+                let mut summary = format!(
+                    "✅ AppSec security review complete (mode: {}).\nBugs saved to {}.",
+                    mode.as_str(),
+                    bugs_path.display()
+                );
+                if let Some(report_path) = report_path.as_ref() {
+                    summary.push_str(&format!(
+                        "\nReport saved to {}.",
+                        report_path.display()
+                    ));
+                }
+                self.conversation_history.add_background_event(summary);
+
+                if matches!(mode, SecurityReviewMode::Full) {
+                    if let Some(markdown) = report_markdown.and_then(|m| {
+                        if m.trim().is_empty() {
+                            None
+                        } else {
+                            Some(m)
+                        }
+                    }) {
+                        self.conversation_history.add_agent_message(
+                            &self.config,
+                            format!("# AppSec Security Review Report\n\n{markdown}"),
+                        );
+                    }
+                }
+
+                if !bugs_markdown.trim().is_empty() {
+                    let heading = if matches!(mode, SecurityReviewMode::Full) {
+                        "## Bugs Summary"
+                    } else {
+                        "# AppSec Bugs Summary"
+                    };
+                    self.conversation_history.add_agent_message(
+                        &self.config,
+                        format!("{heading}\n\n{bugs_markdown}"),
+                    );
+                }
+
+                if let Some(log_text) = format_security_review_logs(&logs) {
+                    self.conversation_history
+                        .add_background_event(format!("Logs:\n{log_text}"));
+                }
+            }
+            Err(error) => {
+                let SecurityReviewFailure { message, logs } = error;
+                let mut summary = format!("❌ AppSec security review failed: {message}");
+                if let Some(log_text) = format_security_review_logs(&logs) {
+                    summary.push_str(&format!("\n\nLogs:\n{log_text}"));
+                }
+                self.conversation_history.add_background_event(summary);
+            }
+        }
+
+        self.conversation_history.scroll_to_bottom();
+        self.request_redraw();
+    }
+
     pub(crate) fn handle_codex_event(&mut self, event: Event) {
         let Event { id, msg } = event;
         match msg {
@@ -414,6 +676,20 @@ impl ChatWidget<'_> {
     /// Returns true if the key press was handled, false if it was not.
     /// If the key press was not handled, the caller should handle it (likely by exiting the process).
     pub(crate) fn on_ctrl_c(&mut self) -> bool {
+        if let Some(handle) = self.security_review_handle.take() {
+            handle.abort();
+            let mode = self
+                .active_security_review_mode
+                .take()
+                .unwrap_or_else(SecurityReviewMode::default);
+            let failure = SecurityReviewFailure {
+                message: "AppSec security review aborted by user.".to_string(),
+                logs: vec!["AppSec security review aborted by user.".to_string()],
+            };
+            self.handle_security_review_finished(mode, Err(failure));
+            return true;
+        }
+
         if self.bottom_pane.is_task_running() {
             self.bottom_pane.clear_ctrl_c_quit_hint();
             self.submit_op(Op::Interrupt);
@@ -475,3 +751,137 @@ fn add_token_usage(current_usage: &TokenUsage, new_usage: &TokenUsage) -> TokenU
         total_tokens: current_usage.total_tokens + new_usage.total_tokens,
     }
 }
+
+fn parse_security_review_command(input: &str) -> Result<ParsedSecReviewCommand, String> {
+    let tokens = shlex::split(input).ok_or_else(|| "Unable to parse command arguments.".to_string())?;
+    if tokens.is_empty() {
+        return Err("Empty command.".to_string());
+    }
+
+    if tokens[0] != "/secreview" {
+        return Err("Unrecognized command.".to_string());
+    }
+
+    let mut command = ParsedSecReviewCommand::default();
+    let mut idx = 1;
+    while idx < tokens.len() {
+        let token = &tokens[idx];
+
+        if token == "--" {
+            for extra in tokens.iter().skip(idx + 1) {
+                if !extra.is_empty() {
+                    command.include_paths.push(extra.to_string());
+                }
+            }
+            break;
+        } else if matches!(
+            token.as_str(),
+            "bugs" | "--bugs" | "--mode=bugs"
+        ) {
+            command.mode = SecurityReviewMode::Bugs;
+        } else if matches!(
+            token.as_str(),
+            "full" | "--full" | "--mode=full"
+        ) {
+            command.mode = SecurityReviewMode::Full;
+        } else if token == "--mode" {
+            idx += 1;
+            if idx >= tokens.len() {
+                return Err("Expected value after --mode.".to_string());
+            }
+            command.mode = parse_mode(&tokens[idx])?;
+        } else if let Some(value) = token.strip_prefix("--mode=") {
+            command.mode = parse_mode(value)?;
+        } else if token == "--path" || token == "-p" {
+            idx += 1;
+            if idx >= tokens.len() {
+                return Err(format!("Expected value after {token}."));
+            }
+            command.include_paths.push(tokens[idx].clone());
+        } else if let Some(value) = token.strip_prefix("--path=") {
+            command.include_paths.push(value.to_string());
+        } else if let Some(value) = token.strip_prefix("-p=") {
+            command.include_paths.push(value.to_string());
+        } else if matches!(
+            token.as_str(),
+            "--output" | "-o" | "--output-location"
+        ) {
+            idx += 1;
+            if idx >= tokens.len() {
+                return Err(format!("Expected value after {token}."));
+            }
+            command.output_path = Some(tokens[idx].clone());
+        } else if let Some(value) = token.strip_prefix("--output=") {
+            command.output_path = Some(value.to_string());
+        } else if let Some(value) = token.strip_prefix("-o=") {
+            command.output_path = Some(value.to_string());
+        } else if matches!(
+            token.as_str(),
+            "--repo" | "--repo-location" | "--repository"
+        ) {
+            idx += 1;
+            if idx >= tokens.len() {
+                return Err(format!("Expected value after {token}."));
+            }
+            command.repo_path = Some(tokens[idx].clone());
+        } else if let Some(value) = token.strip_prefix("--repo=") {
+            command.repo_path = Some(value.to_string());
+        } else if let Some(value) = token.strip_prefix("--repo-location=") {
+            command.repo_path = Some(value.to_string());
+        } else if token == "--model" || token == "--model-name" {
+            idx += 1;
+            if idx >= tokens.len() {
+                return Err(format!("Expected value after {token}."));
+            }
+            command.model_name = Some(tokens[idx].clone());
+        } else if let Some(value) = token.strip_prefix("--model=") {
+            command.model_name = Some(value.to_string());
+        } else if let Some(value) = token.strip_prefix("--model-name=") {
+            command.model_name = Some(value.to_string());
+        } else if !token.is_empty() {
+            command.include_paths.push(token.clone());
+        }
+
+        idx += 1;
+    }
+
+    Ok(command)
+}
+
+fn parse_mode(value: &str) -> Result<SecurityReviewMode, String> {
+    match value.to_ascii_lowercase().as_str() {
+        "full" => Ok(SecurityReviewMode::Full),
+        "bugs" | "bugs-only" | "bugsonly" => Ok(SecurityReviewMode::Bugs),
+        other => Err(format!("Unknown mode '{other}'. Use 'full' or 'bugs'.")),
+    }
+}
+
+fn resolve_path(base: &Path, candidate: &str) -> PathBuf {
+    let path = Path::new(candidate);
+    if path.is_absolute() {
+        path.to_path_buf()
+    } else {
+        base.join(path)
+    }
+    .clean()
+}
+
+fn format_security_review_logs(logs: &[String]) -> Option<String> {
+    if logs.is_empty() {
+        return None;
+    }
+
+    let joined = logs.join("\n");
+    if joined.trim().is_empty() {
+        return None;
+    }
+
+    let lines: Vec<&str> = joined.lines().collect();
+    const MAX_LINES: usize = 40;
+    if lines.len() <= MAX_LINES {
+        Some(joined)
+    } else {
+        let tail = lines[lines.len().saturating_sub(MAX_LINES)..].join("\n");
+        Some(format!("… (showing last {MAX_LINES} lines)\n{tail}"))
+    }
+}

codex-rs/tui/src/lib.rs

@@ -20,6 +20,7 @@ use tracing_subscriber::EnvFilter;
 use tracing_subscriber::prelude::*;
 
 mod app;
+mod security_review;
 mod app_event;
 mod app_event_sender;
 mod bottom_pane;

codex-rs/tui/src/slash_command.rs

@@ -14,6 +14,8 @@ pub enum SlashCommand {
     // more frequently used commands should be listed first.
     New,
     Diff,
+    #[strum(serialize = "secreview")]
+    SecurityReview,
     Quit,
     ToggleMouseMode,
 }
@@ -30,6 +32,9 @@ impl SlashCommand {
             SlashCommand::Diff => {
                 "Show git diff of the working directory (including untracked files)"
             }
+            SlashCommand::SecurityReview => {
+                "Run AppSec security review and display the generated reports"
+            }
         }
     }