wip

- Extend SlashCommand and AppEvent with InspectEnv variants
- Dispatch and handle AppEvent::InlineInspectEnv to invoke codex inspect-env in background
- Add InspectEnvView and wire into BottomPane and ChatWidget
- Add tests for SlashCommand, command popup filter, and InspectEnvView rendering
- Update task 35 status to Done and record implementation details

.codespellrc

@@ -1,6 +1,6 @@
 [codespell]
 # Ref: https://github.com/codespell-project/codespell#using-a-config-file
-skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts,*.jsonl
+skip = .git*,vendor,*-lock.yaml,*.lock,.codespellrc,*test.ts
 check-hidden = true
 ignore-regex = ^\s*"image/\S+": ".*|\b(afterAll)\b
 ignore-words-list = ratatui,ser

.devcontainer/Dockerfile

@@ -1,4 +1,4 @@
-FROM ubuntu:24.04
+FROM ubuntu:22.04
 
 ARG DEBIAN_FRONTEND=noninteractive
 # enable 'universe' because musl-tools & clang live there
@@ -11,17 +11,19 @@ RUN apt-get update && \
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
     build-essential curl git ca-certificates \
-    pkg-config clang musl-tools libssl-dev just && \
+    pkg-config clang musl-tools libssl-dev && \
     rm -rf /var/lib/apt/lists/*
 
-# Ubuntu 24.04 ships with user 'ubuntu' already created with UID 1000.
-USER ubuntu
+# non-root dev user
+ARG USER=dev
+ARG UID=1000
+RUN useradd -m -u $UID $USER
+USER $USER
 
 # install Rust + musl target as dev user
 RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal && \
-    ~/.cargo/bin/rustup target add aarch64-unknown-linux-musl && \
-    ~/.cargo/bin/rustup component add clippy rustfmt
+    ~/.cargo/bin/rustup target add aarch64-unknown-linux-musl
 
-ENV PATH="/home/ubuntu/.cargo/bin:${PATH}"
+ENV PATH="/home/${USER}/.cargo/bin:${PATH}"
 
 WORKDIR /workspace

.devcontainer/devcontainer.json

@@ -15,13 +15,15 @@
     "CARGO_TARGET_DIR": "${containerWorkspaceFolder}/codex-rs/target-arm64"
   },
 
-  "remoteUser": "ubuntu",
+  "remoteUser": "dev",
   "customizations": {
     "vscode": {
       "settings": {
-        "terminal.integrated.defaultProfile.linux": "bash"
+          "terminal.integrated.defaultProfile.linux": "bash"
       },
-      "extensions": ["rust-lang.rust-analyzer", "tamasfe.even-better-toml"]
+      "extensions": [
+          "rust-lang.rust-analyzer"
+      ],
     }
   }
 }

.github/ISSUE_TEMPLATE/4-feature-request.yml

@@ -1,31 +0,0 @@
-name: 🎁 Feature Request
-description: Propose a new feature for Codex
-labels:
-  - enhancement
-  - needs triage
-body:
-  - type: markdown
-    attributes:
-      value: |
-        Is Codex missing a feature that you'd like to see? Feel free to propose it here.
-
-        Before you submit a feature:
-        1. Search existing issues for similar features. If you find one, 👍 it rather than opening a new one.
-        2. The Codex team will try to balance the varying needs of the community when prioritizing or rejecting new features. Not all features will be accepted. See [Contributing](https://github.com/openai/codex#contributing) for more details.
-
-  - type: textarea
-    id: feature
-    attributes:
-      label: What feature would you like to see?
-    validations:
-      required: true
-  - type: textarea
-    id: author
-    attributes:
-      label: Are you interested in implementing this feature?
-      description: Please wait for acknowledgement before implementing or opening a PR.
-  - type: textarea
-    id: notes
-    attributes:
-      label: Additional information
-      description: Is there anything else you think we should know?

.github/actions/codex/action.yml

@@ -20,9 +20,9 @@ inputs:
     description: "Value to use as the CODEX_HOME environment variable when running Codex."
     required: false
   codex_release_tag:
-    description: "The release tag of the Codex model to run, e.g., 'rust-v0.3.0'. Defaults to the latest release."
+    description: "The release tag of the Codex model to run."
     required: false
-    default: ""
+    default: "codex-rs-ca8e97fcbcb991e542b8689f2d4eab9d30c399d6-1-rust-v0.0.2505302325"
 
 runs:
   using: "composite"
@@ -82,18 +82,17 @@ runs:
 
         # Note that if we start baking version numbers into the artifact name,
         # we will need to update this action.yml file to match.
-        artifact="codex-${triple}.tar.gz"
+        artifact="codex-exec-${triple}.tar.gz"
 
-        TAG_ARG="${{ inputs.codex_release_tag }}"
-        # The usage is `gh release download [<tag>] [flags]`, so if TAG_ARG
-        # is empty, we do not pass it so we can default to the latest release.
-        gh release download ${TAG_ARG:+$TAG_ARG} --repo openai/codex \
+        gh release download ${{ inputs.codex_release_tag }} --repo openai/codex \
           --pattern "$artifact" --output - \
-        | tar xzO > /usr/local/bin/codex
-        chmod +x /usr/local/bin/codex
+        | tar xzO > /usr/local/bin/codex-exec
+        chmod +x /usr/local/bin/codex-exec
 
-        # Display Codex version to confirm binary integrity.
-        codex --version
+        # Display Codex version to confirm binary integrity; ensure we point it
+        # at the checked-out repository via --cd so that any subsequent commands
+        # use the correct working directory.
+        codex-exec --cd "$GITHUB_WORKSPACE" --version
 
     - name: Install Bun
       uses: oven-sh/setup-bun@v2

.github/actions/codex/bun.lock

@@ -8,10 +8,10 @@
         "@actions/github": "^6.0.1",
       },
       "devDependencies": {
-        "@types/bun": "^1.2.20",
-        "@types/node": "^24.3.0",
-        "prettier": "^3.6.2",
-        "typescript": "^5.9.2",
+        "@types/bun": "^1.2.11",
+        "@types/node": "^22.15.21",
+        "prettier": "^3.5.3",
+        "typescript": "^5.8.3",
       },
     },
   },
@@ -48,31 +48,27 @@
 
     "@octokit/types": ["@octokit/types@13.10.0", "", { "dependencies": { "@octokit/openapi-types": "^24.2.0" } }, "sha512-ifLaO34EbbPj0Xgro4G5lP5asESjwHracYJvVaPIyXMuiuXLlhic3S47cBdTb+jfODkTE5YtGCLt3Ay3+J97sA=="],
 
-    "@types/bun": ["@types/bun@1.2.20", "", { "dependencies": { "bun-types": "1.2.20" } }, "sha512-dX3RGzQ8+KgmMw7CsW4xT5ITBSCrSbfHc36SNT31EOUg/LA9JWq0VDdEXDRSe1InVWpd2yLUM1FUF/kEOyTzYA=="],
+    "@types/bun": ["@types/bun@1.2.13", "", { "dependencies": { "bun-types": "1.2.13" } }, "sha512-u6vXep/i9VBxoJl3GjZsl/BFIsvML8DfVDO0RYLEwtSZSp981kEO1V5NwRcO1CPJ7AmvpbnDCiMKo3JvbDEjAg=="],
 
-    "@types/node": ["@types/node@24.3.0", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow=="],
-
-    "@types/react": ["@types/react@19.1.8", "", { "dependencies": { "csstype": "^3.0.2" } }, "sha512-AwAfQ2Wa5bCx9WP8nZL2uMZWod7J7/JSplxbTmBQ5ms6QpqNYm672H0Vu9ZVKVngQ+ii4R/byguVEUZQyeg44g=="],
+    "@types/node": ["@types/node@22.15.21", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-EV/37Td6c+MgKAbkcLG6vqZ2zEYHD7bvSrzqqs2RIhbA6w3x+Dqz8MZM3sP6kGTeLrdoOgKZe+Xja7tUB2DNkQ=="],
 
     "before-after-hook": ["before-after-hook@2.2.3", "", {}, "sha512-NzUnlZexiaH/46WDhANlyR2bXRopNg4F/zuSA3OpZnllCUgRaOF2znDioDWrmbNVsuZk6l9pMquQB38cfBZwkQ=="],
 
-    "bun-types": ["bun-types@1.2.20", "", { "dependencies": { "@types/node": "*" }, "peerDependencies": { "@types/react": "^19" } }, "sha512-pxTnQYOrKvdOwyiyd/7sMt9yFOenN004Y6O4lCcCUoKVej48FS5cvTw9geRaEcB9TsDZaJKAxPTVvi8tFsVuXA=="],
-
-    "csstype": ["csstype@3.1.3", "", {}, "sha512-M1uQkMl8rQK/szD0LNhtqxIPLpimGm8sOBwU7lLnCpSbTyY3yeU1Vc7l4KT5zT4s/yOxHH5O7tIuuLOCnLADRw=="],
+    "bun-types": ["bun-types@1.2.13", "", { "dependencies": { "@types/node": "*" } }, "sha512-rRjA1T6n7wto4gxhAO/ErZEtOXyEZEmnIHQfl0Dt1QQSB4QV0iP6BZ9/YB5fZaHFQ2dwHFrmPaRQ9GGMX01k9Q=="],
 
     "deprecation": ["deprecation@2.3.1", "", {}, "sha512-xmHIy4F3scKVwMsQ4WnVaS8bHOx0DmVwRywosKhaILI0ywMDWPtBSku2HNxRvF7jtwDRsoEwYQSfbxj8b7RlJQ=="],
 
     "once": ["once@1.4.0", "", { "dependencies": { "wrappy": "1" } }, "sha512-lNaJgI+2Q5URQBkccEKHTQOPaXdUxnZZElQTZY0MFUAuaEqe1E+Nyvgdz/aIyNi6Z9MzO5dv1H8n58/GELp3+w=="],
 
-    "prettier": ["prettier@3.6.2", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-I7AIg5boAr5R0FFtJ6rCfD+LFsWHp81dolrFD8S79U9tb8Az2nGrJncnMSnys+bpQJfRUzqs9hnA81OAA3hCuQ=="],
+    "prettier": ["prettier@3.5.3", "", { "bin": { "prettier": "bin/prettier.cjs" } }, "sha512-QQtaxnoDJeAkDvDKWCLiwIXkTgRhwYDEQCghU9Z6q03iyek/rxRh/2lC3HB7P8sWT2xC/y5JDctPLBIGzHKbhw=="],
 
     "tunnel": ["tunnel@0.0.6", "", {}, "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="],
 
-    "typescript": ["typescript@5.9.2", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A=="],
+    "typescript": ["typescript@5.8.3", "", { "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" } }, "sha512-p1diW6TqL9L07nNxvRMM7hMMw4c5XOo/1ibL4aAIGmSAt9slTE1Xgw5KWuof2uTOvCg9BY7ZRi+GaF+7sfgPeQ=="],
 
     "undici": ["undici@5.29.0", "", { "dependencies": { "@fastify/busboy": "^2.0.0" } }, "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg=="],
 
-    "undici-types": ["undici-types@7.10.0", "", {}, "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag=="],
+    "undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
 
     "universal-user-agent": ["universal-user-agent@6.0.1", "", {}, "sha512-yCzhz6FN2wU1NiiQRogkTQszlQSlpWaw8SvVegAc+bDxbzHgh1vX8uIe8OYyMH6DwH+sdTJsgMl36+mSMdRJIQ=="],
 
@@ -82,8 +78,6 @@
 
     "@octokit/plugin-rest-endpoint-methods/@octokit/types": ["@octokit/types@12.6.0", "", { "dependencies": { "@octokit/openapi-types": "^20.0.0" } }, "sha512-1rhSOfRa6H9w4YwK0yrf5faDaDTb+yLyBUKOCV4xtCDB5VmIPqd/v9yr9o6SAzOAlRxMiRiCic6JVM1/kunVkw=="],
 
-    "bun-types/@types/node": ["@types/node@24.2.1", "", { "dependencies": { "undici-types": "~7.10.0" } }, "sha512-DRh5K+ka5eJic8CjH7td8QpYEV6Zo10gfRkjHCO3weqZHWDtAaSTFtl4+VMqOJ4N5jcuhZ9/l+yy8rVgw7BQeQ=="],
-
     "@octokit/plugin-paginate-rest/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],
 
     "@octokit/plugin-rest-endpoint-methods/@octokit/types/@octokit/openapi-types": ["@octokit/openapi-types@20.0.0", "", {}, "sha512-EtqRBEjp1dL/15V7WiX5LJMIxxkdiGJnabzYx5Apx4FkQIFgAfKumXeYAqqJCj1s+BMX4cPFIFC4OLCR6stlnA=="],

.github/actions/codex/package.json

@@ -13,9 +13,9 @@
         "@actions/github": "^6.0.1"
     },
     "devDependencies": {
-        "@types/bun": "^1.2.20",
-        "@types/node": "^24.3.0",
-        "prettier": "^3.6.2",
-        "typescript": "^5.9.2"
+        "@types/bun": "^1.2.11",
+        "@types/node": "^22.15.21",
+        "prettier": "^3.5.3",
+        "typescript": "^5.8.3"
     }
 }

.github/actions/codex/src/process-label.ts

@@ -91,38 +91,7 @@ async function processLabel(
   labelConfig: LabelConfig,
 ): Promise<void> {
   const template = labelConfig.getPromptTemplate();
-
-  // If this is a review label, prepend explicit PR-diff scoping guidance to
-  // reduce out-of-scope feedback. Do this before rendering so placeholders in
-  // the guidance (e.g., {CODEX_ACTION_GITHUB_EVENT_PATH}) are substituted.
-  const isReview = label.toLowerCase().includes("review");
-  const reviewScopeGuidance = `
-PR Diff Scope
-- Only review changes between the PR's merge-base and head; do not comment on commits or files outside this range.
-- Derive the base/head SHAs from the event JSON at {CODEX_ACTION_GITHUB_EVENT_PATH}, then compute and use the PR diff for all analysis and comments.
-
-Commands to determine scope
-- Resolve SHAs:
-  - BASE_SHA=$(jq -r '.pull_request.base.sha // .pull_request.base.ref' "{CODEX_ACTION_GITHUB_EVENT_PATH}")
-  - HEAD_SHA=$(jq -r '.pull_request.head.sha // .pull_request.head.ref' "{CODEX_ACTION_GITHUB_EVENT_PATH}")
-  - BASE_SHA=$(git rev-parse "$BASE_SHA")
-  - HEAD_SHA=$(git rev-parse "$HEAD_SHA")
-- Prefer triple-dot (merge-base) semantics for PR diffs:
-  - Changed commits: git log --oneline "$BASE_SHA...$HEAD_SHA"
-  - Changed files: git diff --name-status "$BASE_SHA...$HEAD_SHA"
-  - Review hunks: git diff -U0 "$BASE_SHA...$HEAD_SHA"
-
-Review rules
-- Anchor every comment to a file and hunk present in git diff "$BASE_SHA...$HEAD_SHA".
-- If you mention context outside the diff, label it as "Follow-up (outside this PR scope)" and keep it brief (<=2 bullets).
-- Do not critique commits or files not reachable in the PR range (merge-base(base, head) → head).
-`.trim();
-
-  const effectiveTemplate = isReview
-    ? `${reviewScopeGuidance}\n\n${template}`
-    : template;
-
-  const populatedTemplate = await renderPromptTemplate(effectiveTemplate, ctx);
+  const populatedTemplate = await renderPromptTemplate(template, ctx);
 
   // Always run Codex and post the resulting message as a comment.
   let commentBody = await runCodex(populatedTemplate, ctx);

.github/actions/codex/src/run-codex.ts

@@ -18,9 +18,7 @@ export async function runCodex(
   const tempDirPath = await mkdtemp(join(tmpdir(), "codex-"));
   const lastMessageOutput = join(tempDirPath, "codex-prompt.md");
 
-  // Use the unified CLI and its `exec` subcommand instead of the old
-  // standalone `codex-exec` binary.
-  const args = ["/usr/local/bin/codex", "exec"];
+  const args = ["/usr/local/bin/codex-exec"];
 
   const inputCodexArgs = ctx.tryGet("INPUT_CODEX_ARGS")?.trim();
   if (inputCodexArgs) {

.github/codex/home/config.toml

@@ -1,3 +1,3 @@
-model = "gpt-5"
+model = "o3"
 
 # Consider setting [mcp_servers] here!

.github/codex/labels/codex-rust-review.md

@@ -1,139 +0,0 @@
-Review this PR and respond with a very concise final message, formatted in Markdown.
-
-There should be a summary of the changes (1-2 sentences) and a few bullet points if necessary.
-
-Then provide the **review** (1-2 sentences plus bullet points, friendly tone).
-
-Things to look out for when doing the review:
-
-## General Principles
-
-- **Make sure the pull request body explains the motivation behind the change.** If the author has failed to do this, call it out, and if you think you can deduce the motivation behind the change, propose copy.
-- Ideally, the PR body also contains a small summary of the change. For small changes, the PR title may be sufficient.
-- Each PR should ideally do one conceptual thing. For example, if a PR does a refactoring as well as introducing a new feature, push back and suggest the refactoring be done in a separate PR. This makes things easier for the reviewer, as refactoring changes can often be far-reaching, yet quick to review.
-- When introducing new code, be on the lookout for code that duplicates existing code. When found, propose a way to refactor the existing code such that it should be reused.
-
-## Code Organization
-
-- Each create in the Cargo workspace in `codex-rs` has a specific purpose: make a note if you believe new code is not introduced in the correct crate.
-- When possible, try to keep the `core` crate as small as possible. Non-core but shared logic is often a good candidate for `codex-rs/common`.
-- Be wary of large files and offer suggestions for how to break things into more reasonably-sized files.
-- Rust files should generally be organized such that the public parts of the API appear near the top of the file and helper functions go below. This is analagous to the "inverted pyramid" structure that is favored in journalism.
-
-## Assertions in Tests
-
-Assert the equality of the entire objects instead of doing "piecemeal comparisons," performing `assert_eq!()` on individual fields.
-
-Note that unit tests also function as "executable documentation." As shown in the following example, "piecemeal comparisons" are often more verbose, provide less coverage, and are not as useful as executable documentation.
-
-For example, suppose you have the following enum:
-
-```rust
-#[derive(Debug, PartialEq)]
-enum Message {
-    Request {
-        id: String,
-        method: String,
-        params: Option<serde_json::Value>,
-    },
-    Notification {
-        method: String,
-        params: Option<serde_json::Value>,
-    },
-}
-```
-
-This is an example of a _piecemeal_ comparison:
-
-```rust
-// BAD: Piecemeal Comparison
-
-#[test]
-fn test_get_latest_messages() {
-    let messages = get_latest_messages();
-    assert_eq!(messages.len(), 2);
-
-    let m0 = &messages[0];
-    match m0 {
-        Message::Request { id, method, params } => {
-            assert_eq!(id, "123");
-            assert_eq!(method, "subscribe");
-            assert_eq!(
-                *params,
-                Some(json!({
-                    "conversation_id": "x42z86"
-                }))
-            )
-        }
-        Message::Notification { .. } => {
-            panic!("expected Request");
-        }
-    }
-
-    let m1 = &messages[1];
-    match m1 {
-        Message::Request { .. } => {
-            panic!("expected Notification");
-        }
-        Message::Notification { method, params } => {
-            assert_eq!(method, "log");
-            assert_eq!(
-                *params,
-                Some(json!({
-                    "level": "info",
-                    "message": "subscribed"
-                }))
-            )
-        }
-    }
-}
-```
-
-This is a _deep_ comparison:
-
-```rust
-// GOOD: Verify the entire structure with a single assert_eq!().
-
-use pretty_assertions::assert_eq;
-
-#[test]
-fn test_get_latest_messages() {
-    let messages = get_latest_messages();
-
-    assert_eq!(
-        vec![
-            Message::Request {
-                id: "123".to_string(),
-                method: "subscribe".to_string(),
-                params: Some(json!({
-                    "conversation_id": "x42z86"
-                })),
-            },
-            Message::Notification {
-                method: "log".to_string(),
-                params: Some(json!({
-                    "level": "info",
-                    "message": "subscribed"
-                })),
-            },
-        ],
-        messages,
-    );
-}
-```
-
-## More Tactical Rust Things To Look Out For
-
-- Do not use `unsafe` (unless you have a really, really good reason like using an operating system API directly and no safe wrapper exists). For example, there are cases where it is tempting to use `unsafe` in order to use `std::env::set_var()`, but this indeed `unsafe` and has led to race conditions on multiple occasions. (When this happens, find a mechanism other than environment variables to use for configuration.)
-- Encourage the use of small enums or the newtype pattern in Rust if it helps readability without adding significant cognitive load or lines of code.
-- If you see opportunities for the changes in a diff to use more idiomatic Rust, please make specific recommendations. For example, favor the use of expressions over `return`.
-- When modifying a `Cargo.toml` file, make sure that dependency lists stay alphabetically sorted. Also consider whether a new dependency is added to the appropriate place (e.g., `[dependencies]` versus `[dev-dependencies]`)
-
-## Pull Request Body
-
-- If the nature of the change seems to have a visual component (which is often the case for changes to `codex-rs/tui`), recommend including a screenshot or video to demonstrate the change, if appropriate.
-- References to existing GitHub issues and PRs are encouraged, where appropriate, though you likely do not have network access, so may not be able to help here.
-
-# PR Information
-
-{CODEX_ACTION_GITHUB_EVENT_PATH} contains the JSON that triggered this GitHub workflow. It contains the `base` and `head` refs that define this PR. Both refs are available locally.

.github/dependabot.yaml

@@ -1,30 +0,0 @@
-# https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference#package-ecosystem-
-
-version: 2
-updates:
-  - package-ecosystem: bun
-    directory: .github/actions/codex
-    schedule:
-      interval: weekly
-  - package-ecosystem: cargo
-    directories:
-      - codex-rs
-      - codex-rs/*
-    schedule:
-      interval: weekly
-  - package-ecosystem: devcontainers
-    directory: /
-    schedule:
-      interval: weekly
-  - package-ecosystem: docker
-    directory: codex-cli
-    schedule:
-      interval: weekly
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: weekly
-  - package-ecosystem: rust-toolchain
-    directory: codex-rs
-    schedule:
-      interval: weekly

.github/dotslash-config.json

@@ -1,27 +1,27 @@
 {
   "outputs": {
+    "codex-exec": {
+      "platforms": {
+        "macos-aarch64":  { "regex": "^codex-exec-aarch64-apple-darwin\\.zst$",          "path": "codex-exec" },
+        "macos-x86_64":   { "regex": "^codex-exec-x86_64-apple-darwin\\.zst$",           "path": "codex-exec" },
+        "linux-x86_64":   { "regex": "^codex-exec-x86_64-unknown-linux-musl\\.zst$",     "path": "codex-exec" },
+        "linux-aarch64":  { "regex": "^codex-exec-aarch64-unknown-linux-musl\\.zst$",     "path": "codex-exec" }
+      }
+    },
+
     "codex": {
       "platforms": {
-        "macos-aarch64": {
-          "regex": "^codex-aarch64-apple-darwin\\.zst$",
-          "path": "codex"
-        },
-        "macos-x86_64": {
-          "regex": "^codex-x86_64-apple-darwin\\.zst$",
-          "path": "codex"
-        },
-        "linux-x86_64": {
-          "regex": "^codex-x86_64-unknown-linux-musl\\.zst$",
-          "path": "codex"
-        },
-        "linux-aarch64": {
-          "regex": "^codex-aarch64-unknown-linux-musl\\.zst$",
-          "path": "codex"
-        },
-        "windows-x86_64": {
-          "regex": "^codex-x86_64-pc-windows-msvc\\.exe\\.zst$",
-          "path": "codex.exe"
-        }
+        "macos-aarch64":  { "regex": "^codex-aarch64-apple-darwin\\.zst$",          "path": "codex" },
+        "macos-x86_64":   { "regex": "^codex-x86_64-apple-darwin\\.zst$",           "path": "codex" },
+        "linux-x86_64":   { "regex": "^codex-x86_64-unknown-linux-musl\\.zst$",     "path": "codex" },
+        "linux-aarch64":  { "regex": "^codex-aarch64-unknown-linux-musl\\.zst$",     "path": "codex" }
+      }
+    },
+
+    "codex-linux-sandbox": {
+      "platforms": {
+        "linux-x86_64":   { "regex": "^codex-linux-sandbox-x86_64-unknown-linux-musl\\.zst$",     "path": "codex-linux-sandbox" },
+        "linux-aarch64":  { "regex": "^codex-linux-sandbox-aarch64-unknown-linux-musl\\.zst$",     "path": "codex-linux-sandbox" }
       }
     }
   }

.github/pull_request_template.md

@@ -1,6 +0,0 @@
-# External (non-OpenAI) Pull Request Requirements
-
-Before opening this Pull Request, please read the "Contributing" section of the README or your PR may be closed:
-https://github.com/openai/codex#contributing
-
-If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.

.github/workflows/ci.yml

@@ -12,7 +12,7 @@ jobs:
       NODE_OPTIONS: --max-old-space-size=4096
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
       - name: Setup Node.js
         uses: actions/setup-node@v4
@@ -44,17 +44,37 @@ jobs:
 
       # Run all tasks using workspace filters
 
+      - name: Check TypeScript code formatting
+        working-directory: codex-cli
+        run: pnpm run format
+
+      - name: Check Markdown and config file formatting
+        run: pnpm run format
+
+      - name: Run tests
+        run: pnpm run test
+
+      - name: Lint
+        run: |
+          pnpm --filter @openai/codex exec -- eslint src tests --ext ts --ext tsx \
+            --report-unused-disable-directives \
+            --rule "no-console:error" \
+            --rule "no-debugger:error" \
+            --max-warnings=-1
+
+      - name: Type-check
+        run: pnpm run typecheck
+
+      - name: Build
+        run: pnpm run build
+
       - name: Ensure staging a release works.
+        working-directory: codex-cli
         env:
           GH_TOKEN: ${{ github.token }}
-        run: ./codex-cli/scripts/stage_release.sh
+        run: pnpm stage-release
 
-      - name: Ensure root README.md contains only ASCII and certain Unicode code points
+      - name: Ensure README.md contains only ASCII and certain Unicode code points
         run: ./scripts/asciicheck.py README.md
-      - name: Check root README ToC
+      - name: Check README ToC
         run: python3 scripts/readme_toc.py README.md
-
-      - name: Ensure codex-cli/README.md contains only ASCII and certain Unicode code points
-        run: ./scripts/asciicheck.py codex-cli/README.md
-      - name: Check codex-cli/README ToC
-        run: python3 scripts/readme_toc.py codex-cli/README.md

.github/workflows/codespell.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       - name: Annotate locations with typos
         uses: codespell-project/codespell-problem-matcher@b80729f885d32f78a716c2f107b4db1025001c42 # v1
       - name: Codespell

.github/workflows/codex.yml

@@ -20,7 +20,7 @@ jobs:
       (github.event_name == 'issues' && (
         (github.event.action == 'labeled' && (github.event.label.name == 'codex-attempt' || github.event.label.name == 'codex-triage'))
       )) ||
-      (github.event_name == 'pull_request' && github.event.action == 'labeled' && (github.event.label.name == 'codex-review' || github.event.label.name == 'codex-rust-review'))
+      (github.event_name == 'pull_request' && github.event.action == 'labeled' && github.event.label.name == 'codex-review')
     runs-on: ubuntu-latest
     permissions:
       contents: write # can push or create branches
@@ -37,9 +37,40 @@ jobs:
       #    Codex is not going to run.
 
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
 
-      - uses: dtolnay/rust-toolchain@1.89
+      # We install the dependencies like we would for an ordinary CI job,
+      # particularly because Codex will not have network access to install
+      # these dependencies.
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+        with:
+          version: 10.8.1
+          run_install: false
+
+      - name: Get pnpm store directory
+        id: pnpm-cache
+        shell: bash
+        run: |
+          echo "store_path=$(pnpm store path --silent)" >> $GITHUB_OUTPUT
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ steps.pnpm-cache.outputs.store_path }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Install dependencies
+        run: pnpm install
+
+      - uses: dtolnay/rust-toolchain@1.87
         with:
           targets: x86_64-unknown-linux-gnu
           components: clippy
@@ -52,7 +83,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             ${{ github.workspace }}/codex-rs/target/
-          key: cargo-ubuntu-24.04-x86_64-unknown-linux-gnu-dev-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-ubuntu-24.04-x86_64-unknown-linux-gnu-${{ hashFiles('**/Cargo.lock') }}
 
       # Note it is possible that the `verify` step internal to Run Codex will
       # fail, in which case the work to setup the repo was worthless :(

.github/workflows/rust-ci.yml

@@ -1,76 +1,42 @@
 name: rust-ci
 on:
-  pull_request: {}
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "codex-rs/**"
+      - ".github/**"
   push:
     branches:
       - main
+
   workflow_dispatch:
 
-# CI builds in debug (dev) for faster signal.
+# For CI, we build in debug (`--profile dev`) rather than release mode so we
+# get signal faster.
 
 jobs:
-  # --- Detect what changed (always runs) -------------------------------------
-  changed:
-    name: Detect changed areas
-    runs-on: ubuntu-24.04
-    outputs:
-      codex: ${{ steps.detect.outputs.codex }}
-      workflows: ${{ steps.detect.outputs.workflows }}
-    steps:
-      - uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-      - name: Detect changed paths (no external action)
-        id: detect
-        shell: bash
-        run: |
-          set -euo pipefail
-
-          if [[ "${{ github.event_name }}" == "pull_request" ]]; then
-            BASE_SHA='${{ github.event.pull_request.base.sha }}'
-            echo "Base SHA: $BASE_SHA"
-            # List files changed between base and current HEAD (merge-base aware)
-            mapfile -t files < <(git diff --name-only --no-renames "$BASE_SHA"...HEAD)
-          else
-            # On push / manual runs, default to running everything
-            files=("codex-rs/force" ".github/force")
-          fi
-
-          codex=false
-          workflows=false
-          for f in "${files[@]}"; do
-            [[ $f == codex-rs/* ]] && codex=true
-            [[ $f == .github/* ]] && workflows=true
-          done
-
-          echo "codex=$codex" >> "$GITHUB_OUTPUT"
-          echo "workflows=$workflows" >> "$GITHUB_OUTPUT"
-
-  # --- CI that doesn't need specific targets ---------------------------------
+  # CI that don't need specific targets
   general:
     name: Format / etc
     runs-on: ubuntu-24.04
-    needs: changed
-    if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
     defaults:
       run:
         working-directory: codex-rs
+
     steps:
-      - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.89
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.87
         with:
           components: rustfmt
       - name: cargo fmt
         run: cargo fmt -- --config imports_granularity=Item --check
 
-  # --- CI to validate on different os/targets --------------------------------
+  # CI to validate on different os/targets
   lint_build_test:
-    name: ${{ matrix.runner }} - ${{ matrix.target }}${{ matrix.profile == 'release' && ' (release)' || '' }}
+    name: ${{ matrix.runner }} - ${{ matrix.target }}
     runs-on: ${{ matrix.runner }}
     timeout-minutes: 30
-    needs: changed
-    # Keep job-level if to avoid spinning up runners when not needed
-    if: ${{ needs.changed.outputs.codex == 'true' || needs.changed.outputs.workflows == 'true' || github.event_name == 'push' }}
     defaults:
       run:
         working-directory: codex-rs
@@ -78,41 +44,27 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        # Note: While Codex CLI does not support Windows today, we include
+        # Windows in CI to ensure the code at least builds there.
         include:
           - runner: macos-14
             target: aarch64-apple-darwin
-            profile: dev
           - runner: macos-14
             target: x86_64-apple-darwin
-            profile: dev
           - runner: ubuntu-24.04
             target: x86_64-unknown-linux-musl
-            profile: dev
           - runner: ubuntu-24.04
             target: x86_64-unknown-linux-gnu
-            profile: dev
           - runner: ubuntu-24.04-arm
             target: aarch64-unknown-linux-musl
-            profile: dev
           - runner: ubuntu-24.04-arm
             target: aarch64-unknown-linux-gnu
-            profile: dev
           - runner: windows-latest
             target: x86_64-pc-windows-msvc
-            profile: dev
-
-          # Also run representative release builds on Mac and Linux because
-          # there could be release-only build errors we want to catch.
-          - runner: macos-14
-            target: aarch64-apple-darwin
-            profile: release
-          - runner: ubuntu-24.04
-            target: x86_64-unknown-linux-musl
-            profile: release
 
     steps:
-      - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.89
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.87
         with:
           targets: ${{ matrix.target }}
           components: clippy
@@ -125,36 +77,33 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             ${{ github.workspace }}/codex-rs/target/
-          key: cargo-${{ matrix.runner }}-${{ matrix.target }}-${{ matrix.profile }}-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-${{ matrix.runner }}-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
         run: |
-          sudo apt install -y musl-tools pkg-config && sudo rm -rf /var/lib/apt/lists/*
+          sudo apt install -y musl-tools pkg-config
 
       - name: cargo clippy
         id: clippy
+        continue-on-error: true
         run: cargo clippy --target ${{ matrix.target }} --all-features --tests -- -D warnings
 
       # Running `cargo build` from the workspace root builds the workspace using
       # the union of all features from third-party crates. This can mask errors
       # where individual crates have underspecified features. To avoid this, we
-      # run `cargo check` for each crate individually, though because this is
+      # run `cargo build` for each crate individually, though because this is
       # slower, we only do this for the x86_64-unknown-linux-gnu target.
-      - name: cargo check individual crates
-        id: cargo_check_all_crates
-        if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' && matrix.profile != 'release' }}
+      - name: cargo build individual crates
+        id: build
+        if: ${{ matrix.target == 'x86_64-unknown-linux-gnu' }}
         continue-on-error: true
-        run: |
-          find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 \
-            | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo check --profile ${{ matrix.profile }}'
+        run: find . -name Cargo.toml -mindepth 2 -maxdepth 2 -print0 | xargs -0 -n1 -I{} bash -c 'cd "$(dirname "{}")" && cargo build'
 
       - name: cargo test
         id: test
-        # `cargo test` takes too long for release builds to run them on every PR
-        if: ${{ matrix.profile != 'release' }}
         continue-on-error: true
-        run: cargo test --all-features --target ${{ matrix.target }} --profile ${{ matrix.profile }}
+        run: cargo test --all-features --target ${{ matrix.target }}
         env:
           RUST_BACKTRACE: 1
 
@@ -162,32 +111,8 @@ jobs:
       - name: verify all steps passed
         if: |
           steps.clippy.outcome == 'failure' ||
-          steps.cargo_check_all_crates.outcome == 'failure' ||
+          steps.build.outcome == 'failure' ||
           steps.test.outcome == 'failure'
         run: |
-          echo "One or more checks failed (clippy, cargo_check_all_crates, or test). See logs for details."
+          echo "One or more checks failed (clippy, build, or test). See logs for details."
           exit 1
-
-  # --- Gatherer job that you mark as the ONLY required status -----------------
-  results:
-    name: CI results (required)
-    needs: [changed, general, lint_build_test]
-    if: always()
-    runs-on: ubuntu-24.04
-    steps:
-      - name: Summarize
-        shell: bash
-        run: |
-          echo "general: ${{ needs.general.result }}"
-          echo "matrix : ${{ needs.lint_build_test.result }}"
-
-          # If nothing relevant changed (PR touching only root README, etc.),
-          # declare success regardless of other jobs.
-          if [[ '${{ needs.changed.outputs.codex }}' != 'true' && '${{ needs.changed.outputs.workflows }}' != 'true' && '${{ github.event_name }}' != 'push' ]]; then
-            echo 'No relevant changes -> CI not required.'
-            exit 0
-          fi
-
-          # Otherwise require the jobs to have succeeded
-          [[ '${{ needs.general.result }}' == 'success' ]] || { echo 'general failed'; exit 1; }
-          [[ '${{ needs.lint_build_test.result }}' == 'success' ]] || { echo 'matrix failed'; exit 1; }

.github/workflows/rust-release.yml

@@ -15,11 +15,14 @@ concurrency:
   group: ${{ github.workflow }}
   cancel-in-progress: true
 
+env:
+  TAG_REGEX: '^rust-v[0-9]+\.[0-9]+\.[0-9]+$'
+
 jobs:
   tag-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v4
 
       - name: Validate tag matches Cargo.toml version
         shell: bash
@@ -30,8 +33,8 @@ jobs:
           # 1. Must be a tag and match the regex
           [[ "${GITHUB_REF_TYPE}" == "tag" ]] \
             || { echo "❌  Not a tag push"; exit 1; }
-          [[ "${GITHUB_REF_NAME}" =~ ^rust-v[0-9]+\.[0-9]+\.[0-9]+(-(alpha|beta)(\.[0-9]+)?)?$ ]] \
-            || { echo "❌  Tag '${GITHUB_REF_NAME}' doesn't match expected format"; exit 1; }
+          [[ "${GITHUB_REF_NAME}" =~ ${TAG_REGEX} ]] \
+            || { echo "❌  Tag '${GITHUB_REF_NAME}' != ${TAG_REGEX}"; exit 1; }
 
           # 2. Extract versions
           tag_ver="${GITHUB_REF_NAME#rust-v}"
@@ -70,12 +73,10 @@ jobs:
             target: aarch64-unknown-linux-musl
           - runner: ubuntu-24.04-arm
             target: aarch64-unknown-linux-gnu
-          - runner: windows-latest
-            target: x86_64-pc-windows-msvc
 
     steps:
-      - uses: actions/checkout@v5
-      - uses: dtolnay/rust-toolchain@1.89
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@1.87
         with:
           targets: ${{ matrix.target }}
 
@@ -87,7 +88,7 @@ jobs:
             ~/.cargo/registry/cache/
             ~/.cargo/git/db/
             ${{ github.workspace }}/codex-rs/target/
-          key: cargo-release-${{ matrix.runner }}-${{ matrix.target }}-release-${{ hashFiles('**/Cargo.lock') }}
+          key: cargo-release-${{ matrix.runner }}-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
 
       - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'aarch64-unknown-linux-musl'}}
         name: Install musl build tools
@@ -95,7 +96,7 @@ jobs:
           sudo apt install -y musl-tools pkg-config
 
       - name: Cargo build
-        run: cargo build --target ${{ matrix.target }} --release --bin codex
+        run: cargo build --target ${{ matrix.target }} --release --all-targets --all-features
 
       - name: Stage artifacts
         shell: bash
@@ -103,11 +104,18 @@ jobs:
           dest="dist/${{ matrix.target }}"
           mkdir -p "$dest"
 
-          if [[ "${{ matrix.runner }}" == windows* ]]; then
-            cp target/${{ matrix.target }}/release/codex.exe "$dest/codex-${{ matrix.target }}.exe"
-          else
-            cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
-          fi
+          cp target/${{ matrix.target }}/release/codex-exec "$dest/codex-exec-${{ matrix.target }}"
+          cp target/${{ matrix.target }}/release/codex "$dest/codex-${{ matrix.target }}"
+
+        # After https://github.com/openai/codex/pull/1228 is merged and a new
+        # release is cut with an artifacts built after that PR, the `-gnu`
+        # variants can go away as we will only use the `-musl` variants.
+      - if: ${{ matrix.target == 'x86_64-unknown-linux-musl' || matrix.target == 'x86_64-unknown-linux-gnu' || matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'aarch64-unknown-linux-musl' }}
+        name: Stage Linux-only artifacts
+        shell: bash
+        run: |
+          dest="dist/${{ matrix.target }}"
+          cp target/${{ matrix.target }}/release/codex-linux-sandbox "$dest/codex-linux-sandbox-${{ matrix.target }}"
 
       - name: Compress artifacts
         shell: bash
@@ -117,11 +125,11 @@ jobs:
           dest="dist/${{ matrix.target }}"
 
           # For compatibility with environments that lack the `zstd` tool we
-          # additionally create a `.tar.gz` for all platforms and `.zip` for
-          # Windows alongside every single binary that we publish. The end result is:
+          # additionally create a `.tar.gz` alongside every single binary that
+          # we publish. The end result is:
           #   codex-<target>.zst          (existing)
           #   codex-<target>.tar.gz       (new)
-          #   codex-<target>.zip          (only for Windows)
+          #   ...same naming for codex-exec-* and codex-linux-sandbox-*
 
           # 1. Produce a .tar.gz for every file in the directory *before* we
           #    run `zstd --rm`, because that flag deletes the original files.
@@ -129,20 +137,13 @@ jobs:
             base="$(basename "$f")"
             # Skip files that are already archives (shouldn't happen, but be
             # safe).
-            if [[ "$base" == *.tar.gz || "$base" == *.zip ]]; then
+            if [[ "$base" == *.tar.gz ]]; then
               continue
             fi
 
             # Create per-binary tar.gz
             tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
 
-            # Create zip archive for Windows binaries
-            # Must run from inside the dest dir so 7z won't
-            # embed the directory path inside the zip.
-            if [[ "${{ matrix.runner }}" == windows* ]]; then
-              (cd "$dest" && 7z a "${base}.zip" "$base")
-            fi
-
             # Also create .zst (existing behaviour) *and* remove the original
             # uncompressed binary to keep the directory small.
             zstd -T0 -19 --rm "$dest/$base"
@@ -159,12 +160,11 @@ jobs:
   release:
     needs: build
     name: release
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    env:
+      RELEASE_TAG: codex-rs-${{ github.sha }}-${{ github.run_attempt }}-${{ github.ref_name }}
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-
       - uses: actions/download-artifact@v4
         with:
           path: dist
@@ -172,43 +172,17 @@ jobs:
       - name: List
         run: ls -R dist/
 
-      - name: Define release name
-        id: release_name
-        run: |
-          # Extract the version from the tag name, which is in the format
-          # "rust-v0.1.0".
-          version="${GITHUB_REF_NAME#rust-v}"
-          echo "name=${version}" >> $GITHUB_OUTPUT
-
-      - name: Stage npm package
-        env:
-          GH_TOKEN: ${{ github.token }}
-        run: |
-          set -euo pipefail
-          TMP_DIR="${RUNNER_TEMP}/npm-stage"
-          python3 codex-cli/scripts/stage_rust_release.py \
-            --release-version "${{ steps.release_name.outputs.name }}" \
-            --tmp "${TMP_DIR}"
-          mkdir -p dist/npm
-          # Produce an npm-ready tarball using `npm pack` and store it in dist/npm.
-          # We then rename it to a stable name used by our publishing script.
-          (cd "$TMP_DIR" && npm pack --pack-destination "${GITHUB_WORKSPACE}/dist/npm")
-          mv "${GITHUB_WORKSPACE}"/dist/npm/*.tgz \
-             "${GITHUB_WORKSPACE}/dist/npm/codex-npm-${{ steps.release_name.outputs.name }}.tgz"
-
-      - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+      - uses: softprops/action-gh-release@v2
         with:
-          name: ${{ steps.release_name.outputs.name }}
-          tag_name: ${{ github.ref_name }}
+          tag_name: ${{ env.RELEASE_TAG }}
           files: dist/**
-          # Mark as prerelease only when the version has a suffix after x.y.z
-          # (e.g. -alpha, -beta). Otherwise publish a normal release.
-          prerelease: ${{ contains(steps.release_name.outputs.name, '-') }}
+          # For now, tag releases as "prerelease" because we are not claiming
+          # the Rust CLI is stable yet.
+          prerelease: true
 
       - uses: facebook/dotslash-publish-release@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag: ${{ github.ref_name }}
+          tag: ${{ env.RELEASE_TAG }}
           config: .github/dotslash-config.json

.gitignore

@@ -48,6 +48,12 @@ yarn-error.log*
 
 # env
 .env*
+
+# oaipkg import cache
+oaipkg/
+ 
+# Ignore task worktree directories created by create-task-worktree.sh
+agentydragon/tasks/.worktrees/
 !.env.example
 
 # package
@@ -81,3 +87,7 @@ CHANGELOG.ignore.md
 # nix related
 .direnv
 .envrc
+
+__pycache__
+
+codex-rs/target

.husky/pre-commit

@@ -0,0 +1 @@
+pnpm lint-staged

.pre-commit-config.yaml

@@ -0,0 +1,15 @@
+repos:
+-   repo: local
+    hooks:
+      - id: check-tasks
+        name: Run all task-directory validation checks
+        entry: python3 agentydragon/tools/check_tasks.py
+        language: python
+        additional_dependencies: [PyYAML, toml, pydantic]
+        files: ^agentydragon/tasks/.*
+      - id: cargo-build
+        name: Check Rust workspace and linux-sandbox compile
+        entry: bash -lc 'cd codex-rs && RUSTFLAGS="-D warnings" cargo build --workspace --locked --all-targets && cargo build -p codex-linux-sandbox --locked --all-targets'
+        language: system
+        pass_filenames: false
+        require_serial: true

.prettierignore

@@ -1,7 +1,3 @@
 /codex-cli/dist
 /codex-cli/node_modules
 pnpm-lock.yaml
-
-prompt.md
-*_prompt.md
-*_instructions.md

.vscode/extensions.json

@@ -1,5 +0,0 @@
-{
-    "recommendations": [
-        "tamasfe.even-better-toml",
-    ]
-}

.vscode/launch.json

@@ -1,22 +0,0 @@
-{
-  "version": "0.2.0",
-  "configurations": [
-    {
-      "type": "lldb",
-      "request": "launch",
-      "name": "Cargo launch",
-      "cargo": {
-        "cwd": "${workspaceFolder}/codex-rs",
-        "args": ["build", "--bin=codex-tui"]
-      },
-      "args": []
-    },
-    {
-      "type": "lldb",
-      "request": "attach",
-      "name": "Attach to running codex CLI",
-      "pid": "${command:pickProcess}",
-      "sourceLanguages": ["rust"]
-    }
-  ]
-}

.vscode/settings.json

@@ -1,18 +0,0 @@
-{
-    "rust-analyzer.checkOnSave": true,
-    "rust-analyzer.check.command": "clippy",
-    "rust-analyzer.check.extraArgs": ["--all-features", "--tests"],
-    "rust-analyzer.rustfmt.extraArgs": ["--config", "imports_granularity=Item"],
-    "[rust]": {
-        "editor.defaultFormatter": "rust-lang.rust-analyzer",
-        "editor.formatOnSave": true,
-    },
-    "[toml]": {
-        "editor.defaultFormatter": "tamasfe.even-better-toml",
-        "editor.formatOnSave": true,
-    },
-    // Array order for options in ~/.codex/config.toml such as `notify` and the
-    // `args` for an MCP server is significant, so we disable reordering.
-    "evenBetterToml.formatter.reorderArrays": false,
-    "evenBetterToml.formatter.reorderKeys": true,
-}

AGENTS.md

@@ -1,42 +1,31 @@
-# Rust/codex-rs
+# AGENTS.md
 
-In the codex-rs folder where the rust code lives:
+This file provides guidance to OpenAI Codex (openai.com/codex) when working with
+code in this repository.
 
-- Crate names are prefixed with `codex-`. For example, the `core` folder's crate is named `codex-core`
-- When using format! and you can inline variables into {}, always do that.
-- Never add or modify any code related to `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` or `CODEX_SANDBOX_ENV_VAR`.
-  - You operate in a sandbox where `CODEX_SANDBOX_NETWORK_DISABLED=1` will be set whenever you use the `shell` tool. Any existing code that uses `CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR` was authored with this fact in mind. It is often used to early exit out of tests that the author knew you would not be able to run given your sandbox limitations.
-  - Similarly, when you spawn a process using Seatbelt (`/usr/bin/sandbox-exec`), `CODEX_SANDBOX=seatbelt` will be set on the child process. Integration tests that want to run Seatbelt themselves cannot be run under Seatbelt, so checks for `CODEX_SANDBOX=seatbelt` are also often used to early exit out of tests, as appropriate.
+## Build, Lint & Test
 
-Before finalizing a change to `codex-rs`, run `just fmt` (in `codex-rs` directory) to format the code and `just fix -p <project>` (in `codex-rs` directory) to fix any linter issues in the code. Additionally, run the tests:
-1. Run the test for the specific project that was changed. For example, if changes were made in `codex-rs/tui`, run `cargo test -p codex-tui`.
-2. Once those pass, if any changes were made in common, core, or protocol, run the complete test suite with `cargo test --all-features`.
+### JavaScript/TypeScript
+- Install dependencies: `pnpm install`
+- Run all tests: `pnpm test`
+- Run a single test: `pnpm test -- -t <pattern>` or `pnpm test -- path/to/file.spec.ts`
+- Watch tests: `pnpm test:watch`
+- Lint: `pnpm lint && pnpm lint:fix`
+- Type-check: `pnpm typecheck`
+- Format: `pnpm format:fix`
+- Build: `pnpm build`
 
-## TUI style conventions
+### Rust (codex-rs workspace)
+- Build: `cargo build --workspace --locked`
+- Test all: `cargo test --workspace`
+- Test crate: `cargo test -p <crate>`
+- Single test: `cargo test -p <crate> -- <test_name>`
+- Format & check: `cargo fmt --all -- --check`
+- Lint: `cargo clippy --all-targets --all-features -- -D warnings`
 
-See `codex-rs/tui/styles.md`.
+## Code Style Guidelines
 
-## TUI code conventions
-
-- Use concise styling helpers from ratatui’s Stylize trait.
-  - Basic spans: use "text".into()
-  - Styled spans: use "text".red(), "text".green(), "text".magenta(), "text".dim(), etc.
-  - Prefer these over constructing styles with `Span::styled` and `Style` directly.
-  - Example: patch summary file lines
-    - Desired: vec!["  └ ".into(), "M".red(), " ".dim(), "tui/src/app.rs".dim()]
-
-## Snapshot tests
-
-This repo uses snapshot tests (via `insta`), especially in `codex-rs/tui`, to validate rendered output. When UI or text output changes intentionally, update the snapshots as follows:
-
-- Run tests to generate any updated snapshots:
-  - `cargo test -p codex-tui`
-- Check what’s pending:
-  - `cargo insta pending-snapshots -p codex-tui`
-- Review changes by reading the generated `*.snap.new` files directly in the repo, or preview a specific file:
-  - `cargo insta show -p codex-tui path/to/file.snap.new`
-- Only if you intend to accept all new snapshots in this crate, run:
-  - `cargo insta accept -p codex-tui`
-
-If you don’t have the tool:
-- `cargo install cargo-insta`
+- JS/TS: ESLint + Prettier; group imports; camelCase vars & funcs; PascalCase types/components; catch specific errors
+- Rust: rustfmt & Clippy (see `codex-rs/rustfmt.toml`); snake_case vars & funcs; PascalCase types; prefer early return; avoid `unwrap()` in prod
+- General: Do not swallow exceptions; use DRY; generate/validate ASCII art programmatically
+- Include any Cursor rules from `.cursor/rules/` or Copilot rules from `.github/copilot-instructions.md` if present

NOTICE

@@ -1,6 +1,2 @@
 OpenAI Codex
 Copyright 2025 OpenAI
-
-This project includes code derived from [Ratatui](https://github.com/ratatui/ratatui), licensed under the MIT license.
-Copyright (c) 2016-2022 Florian Dehau
-Copyright (c) 2023-2025 The Ratatui Developers

agentydragon/CHANGES.md

@@ -0,0 +1,174 @@
+# codex-rs: Changes between HEAD and main
+
+This document summarizes new and removed features, configuration options,
+and behavioral changes in the `codex-rs` workspace between the `main`
+branch and the current `HEAD`. Only additions/deletions (not unmodified
+code) are listed, with examples of usage and configuration.
+
+---
+
+## CLI Enhancements
+
+### Build & Install from Source
+
+```shell
+cargo install --path cli --locked
+# install system-wide:
+sudo cargo install --path cli --locked --root /usr/local
+```
+
+### New `codex config` Subcommand
+
+Manage your `~/.codex/config.toml` directly without manually editing:
+
+```shell
+codex config edit            # open config in $EDITOR (or vi)
+codex config set KEY VALUE   # set a TOML literal, e.g. tui.auto_mount_repo true
+```
+
+### New `codex inspect-env` Command
+
+Inspect the sandbox/container environment (mounts, permissions, network):
+
+```shell
+codex inspect-env --full-auto
+codex inspect-env -s network=disable -s mount=/mydir=rw
+```
+
+### Resume TUI Sessions by UUID
+
+```shell
+codex session <SESSION_UUID>
+```
+
+### MCP Server (JSON‑RPC) Support
+
+Launch Codex as an MCP _server_ over stdin/stdout and speak the
+Model Context Protocol (JSON-RPC):
+
+```shell
+npx @modelcontextprotocol/inspector codex mcp
+```
+
+#### Sample JSON‑RPC Interaction
+
+```jsonc
+// ListTools request
+{ "jsonrpc": "2.0", "id": 1, "method": "tools/list", "params": {} }
+
+// CallTool request
+{ "jsonrpc": "2.0", "id": 2, "method": "tools/call",
+  "params": { "name": "codex", "arguments": { "prompt": "Hello" } }
+}
+
+// CallTool response (abbreviated)
+{ "jsonrpc": "2.0", "id": 2, "result": {
+    "content": [ { "type": "text", "text": "Hi there", "annotations": null } ],
+    "is_error": false
+}}
+```
+
+---
+
+## Configuration Changes
+
+### `auto_allow` Predicate Scripts
+
+Automatically approve or deny shell commands via custom scripts:
+
+```toml
+[[auto_allow]]
+script = "/path/to/approve_predicate.sh"
+[[auto_allow]]
+script = "my_predicate --flag"
+```
+
+Vote resolution:
+- A `deny` vote aborts execution.
+- An `allow` vote auto-approves.
+- Otherwise falls back to manual approval prompt.
+
+### `base_instructions_override`
+
+Override or disable the built-in system prompt (`prompt.md`):
+
+```bash
+export CODEX_BASE_INSTRUCTIONS_FILE=custom_prompt.md   # use custom prompt
+export CODEX_BASE_INSTRUCTIONS_FILE=""             # disable base prompt
+```
+
+### TUI Configuration Options
+
+In `~/.codex/config.toml`, under the `[tui]` table:
+
+```toml
+editor          = "${VISUAL:-${EDITOR:-nvim}}"  # external editor for prompt
+message_spacing = true                           # insert blank line between messages
+sender_break_line = true                         # sender label on its own line
+```
+
+---
+
+## Core Library Updates
+
+### System Prompt Composition Customization
+
+System messages now combine:
+1. Built-in prompt (`prompt.md`),
+2. User instructions (`AGENTS.md`/`instructions.md`),
+3. `apply-patch` tool instructions (for GPT-4.1),
+4. User command/prompt.
+
+Controlled via `CODEX_BASE_INSTRUCTIONS_FILE`.
+
+### Chat Completions Tool Call Buffering
+
+User turns emitted during an in-flight tool invocation are buffered
+and flushed after the tool result, preventing interleaved messages.
+
+### SandboxPolicy API Extensions
+
+```rust
+policy.allow_disk_write_folder("/path/to/folder".into());
+policy.revoke_disk_write_folder("/path/to/folder");
+```
+
+### Auto‑Approval Predicate Engine
+
+```rust
+use codex_core::safety::{evaluate_auto_allow_predicates, AutoAllowVote};
+let vote = evaluate_auto_allow_predicates(&cmd, &config.auto_allow);
+match vote {
+    AutoAllowVote::Allow => /* auto-approve */, 
+    AutoAllowVote::Deny => /* reject */, 
+    AutoAllowVote::NoOpinion => /* prompt user */, 
+}
+```
+
+---
+
+## TUI Improvements
+
+### Double Ctrl+D Exit Confirmation
+
+Prevent accidental exits by requiring two Ctrl+D within a timeout:
+
+```rust
+use codex_tui::confirm_ctrl_d::ConfirmCtrlD;
+let mut confirm = ConfirmCtrlD::new(require_double, timeout_secs);
+// confirm.handle(now) returns true to exit, false to prompt confirmation
+```
+
+### Markdown & Header Compact Rendering
+
+New rendering options (code-level) for more compact chat layout:
+- `markdown_compact`
+- `header_compact`
+
+---
+
+## Documentation & Tests
+
+- `codex-rs/config.md`, `codex-rs/README.md`, `core/README.md` updated with examples.
+- New `core/init.md` guidance for generating `AGENTS.md` templates.
+- Added tests for `codex config`, `ConfirmCtrlD`, and `evaluate_auto_allow_predicates`.

agentydragon/README.md

@@ -0,0 +1,87 @@
+# agentydragon
+
+This file documents the changes introduced on the `agentydragon` branch
+(off the `main` branch) of the codex repository.
+
+## codex-rs: session resume and playback
+- Added `session` subcommand to the CLI (`codex session <UUID>`) to resume TUI sessions by UUID.
+- Integrated the `uuid` crate for session identifiers.
+- Updated TUI (`codex-rs/tui`) to respect and replay previous session transcripts:
+  - Methods: `set_session_id`, `session_id`, `replay_items`.
+  - Load rollouts from `sessions/rollout-<UUID>.jsonl`.
+- Printed resume command on exit: `codex session <UUID>`.
+
+## codex-core enhancements
+- Exposed core model types: `ContentItem`, `ReasoningItemReasoningSummary`, `ResponseItem`.
+- Added `composer_max_rows` setting (with serde default) to TUI configuration.
+
+## Dependency updates
+- Added `uuid` crate to `codex-rs/cli` and `codex-rs/tui`.
+
+## Pre-commit config changes
+- Configured Rust build hook in `.pre-commit-config.yaml` to fail on warnings by setting `RUSTFLAGS="-D warnings"`.
+
+## codex-rs/tui: Undo feedback decision with Esc key
+- Pressing `Esc` in feedback-entry mode now cancels feedback entry and returns to the select menu, preserving the partially entered feedback text.
+- Added a unit test for the ESC cancellation behavior in `tui/src/user_approval_widget.rs`.
+
+## codex-rs/tui: restore inline mount DSL and slash-command dispatch
+- Reintroduced logic in `ChatComposer` to dispatch `AppEvent::InlineMountAdd` and `AppEvent::InlineMountRemove` when `/mount-add` or `/mount-remove` is entered with inline arguments.
+- Restored dispatch of `AppEvent::DispatchCommand` for slash commands selected via the command popup, including proper cleanup of the composer input.
+
+## codex-rs/tui: slash-command `/edit-prompt` opens external editor
+- Fixed slash-command `/edit-prompt` to invoke the configured external editor for prompt drafting (in addition to Ctrl+E).
+
+## codex-rs/tui: display context remaining percentage
+  - Added module `tui/src/context.rs` with heuristics (`approximate_tokens_used`, `max_tokens_for_model`, `calculate_context_percent_remaining`).
+  - Updated `ChatWidget` and `ChatComposer::render_ref` to track history items and render `<N>% context left` indicator with color thresholds.
+  - Added unit tests in `tui/tests/context_percent.rs` for token counting and percent formatting boundary conditions.
+
+## codex-rs/tui: compact Markdown rendering option
+  - Added `markdown_compact` config flag under UI settings to collapse heading-content spacing when enabled.
+  - When enabled, headings render immediately adjacent to content with no blank line between them.
+  - Updated Markdown rendering in chat UI and logs to honor compact mode globally (diffs, docs, help messages).
+  - Added unit tests covering H1–H6 heading spacing for both compact and default modes.
+## codex-rs: document MCP servers example in README
+- Added an inline TOML snippet under “Model Context Protocol Support” in `codex-rs/README.md` showing how to configure external `mcp_servers` entries in `~/.codex/config.toml`.
+- Documented `codex mcp` behavior: JSON-RPC over stdin/stdout, optional sandbox, no ephemeral container, default `codex` tool schema, and example ListTools/CallTool schema.
+
+## Documentation tasks
+
+## codex-rs/tui: interactive shell-command affordance via hotkey
+- Bound `Ctrl+M` to open a ShellCommandView overlay for arbitrary container shell input.
+- Toggled shell-command mode with `Ctrl+M` to enter or exit prompt, with styled border in shell mode.
+- Executed commands asynchronously (`sh -c`) and recorded outputs inline in conversation history.
+- Added unit tests for ShellCommandView event emission and shell-mode toggling behavior.
+
+Tasks live under `agentydragon/tasks/` as individual Markdown files. Please update each task’s **Status** and **Implementation** sections in place rather than maintaining a static list here.
+
+### Branch & Worktree Workflow
+
+- **Branch convention**: work on each task in its own branch named `agentydragon-<task-id>-<task-slug>`, to avoid refname conflicts.
+- **Worktree helper**: in `agentydragon/tasks/`, run:
+-
+-   ```sh
+-   # Accept a full slug (NN-slug) or two-digit task ID (NN), optionally multiple; --tmux opens each in its own tmux pane and auto-commits each task as its Developer agent finishes:
+-   agentydragon/tools/create_task_worktree.py [--agent] [--tmux] [--interactive] [--shell] [--skip-presubmit] <task-slug|NN> [<task-slug|NN>...]
+-   ```
+-
+-  Without `--agent`, this creates or reuses a worktree at
+-  `agentydragon/tasks/.worktrees/<task-id>-<task-slug>` off the `agentydragon` branch.
+-  Internally, the helper uses CoW hydration instead of a normal checkout: it registers the worktree with `git worktree add --no-checkout`, then performs a filesystem-level reflink
+-  of all files (macOS: `cp -cRp`; Linux: `cp --reflink=auto`), falling back to `rsync` if reflinks aren’t supported. This makes new worktrees appear nearly instantly on supported filesystems while
+-  preserving untracked files.
+  -  With `--agent`, after setting up a new worktree it runs presubmit pre-commit checks (aborting with a clear message on failure unless `--skip-presubmit` is passed), then launches the Developer Codex agent (using `prompts/developer.md` and the task file).
+  -  After the Developer agent exits, if the task’s **Status** is set to `Done`, it automatically runs the Commit agent helper to stage fixes and commit the work.
+**Commit agent helper**: in `agentydragon/tasks/`, run:
+
+```sh
+# Generate and apply commit(s) for completed task(s) in their worktrees:
+agentydragon/tools/launch_commit_agent.py <task-slug|NN> [<task-slug|NN>...]
+```
+
+After the Developer agent finishes and updates the task file, the Commit agent will write the commit message to a temporary file and then commit using that file (`git commit -F`). An external orchestrator can then stage files and run pre-commit hooks as usual. You do not need to run `git commit` manually.
+
+---
+
+*This README was autogenerated to summarize changes on the `agentydragon` branch.*

agentydragon/WORKFLOW.md

@@ -0,0 +1,38 @@
+ # Agent Handoff Workflow
+
+ This document explains the multi-agent handoff pattern used for task development and commits
+ in the `agentydragon` workspace. It consolidates shared guidance so individual agent prompts
+ do not need to repeat these details.
+
+ ## 1. Developer Agent
+ - **Scope**: Runs inside a sandboxed git worktree for a single task branch (`agentydragon-<ID>-<slug>`).
+- **Actions**:
+  1. If the task’s **Status** is `Needs input`, stop immediately and await further instructions; do **not** implement code changes or run pre-commit hooks.
+  2. Update the task Markdown file’s **Status** to `Done` when implementation is complete.
+  3. Implement the code changes for the task.
+  4. Run `pre-commit run --files $(git diff --name-only)` to apply and stage any autofix changes.
+  5. **Do not** run `git commit`.
+
+ ## 2. Commit Agent
+ - **Scope**: Runs in the sandbox (read-only `.git`) or equivalent environment.
+ - **Actions**:
+   1. Emit exactly one line to stdout: the commit message prefixed `agentydragon(tasks): `
+      summarizing the task’s **Implementation** section.
+   2. Stop immediately.
+
+ ## 3. Orchestrator
+ - **Scope**: Outside the sandbox with full Git permissions.
+ - **Actions**:
+   1. Stage all changes: `git add -u`.
+   2. Run `pre-commit run --files $(git diff --name-only --cached)`.
+   3. Read the commit message and run `git commit -m "$MSG"`.
+
+ ## 4. Status & Launch
+ - Use `agentydragon_task.py status` to view tasks (including those in `.done/`).
+ - Summaries:
+   - **Merged:** tasks with no branch/worktree.
+   - **Ready to merge:** tasks marked Done with branch commits ahead.
+   - **Unblocked:** tasks with no outstanding dependencies.
+- The script also prints a `agentydragon/tools/create_task_worktree.py --agent --tmux <IDs>` command for all unblocked tasks.
+
+This guide centralizes the handoff workflow for all agents.

agentydragon/prompts/commit.md

@@ -0,0 +1,16 @@
+## Commit Agent Prompt
+
+Refer to `agentydragon/WORKFLOW.md` for the overall Developer→Commit→Orchestrator handoff workflow.
+
+You are the **Commit** Codex agent for the `codex` repository. Your job is to stage and commit the changes made by the Developer agent.
+Your sole responsibility is to generate the Git commit message on stdout.
+Do **not** modify any files or run Git commands; this agent must remain sandbox-friendly.
+
+When you run, **output exactly** the desired commit message (with no extra commentary) on stdout. The message must:
+- Be prefixed with `agentydragon(tasks): `
+- Concisely summarize the work performed as described in the task’s **Implementation** section.
+
+Stop immediately after emitting the commit message. An external orchestrator will stage, run hooks, and commit using this message.
+
+Below, you will get the task description the agent got. But still verify that the agent actually did what it was supposed to, and adjust the commit message according to what is actually implemented, DO NOT just copy what's in the task file.
+

agentydragon/prompts/developer.md

@@ -0,0 +1,24 @@
+## Developer Agent Prompt
+
+Refer to `agentydragon/WORKFLOW.md` for the overall Developer→Commit→Orchestrator handoff workflow.
+
+You are the **Developer** Codex agent for the `codex` repository. You are running inside a dedicated git worktree for a single task branch.
+Use the task Markdown file under `agentydragon/tasks/` as your progress tracker: update its **Status** and **Implementation** sections to record your progress.
+
+Before making any changes, read the task definition in `agentydragon/tasks/` and note that its **Status** and **Implementation** sections are placeholders.
+
+After reviewing, update the task’s **Status** to "In progress" and fill in the **Implementation** section with your planned approach.
+If the **Implementation** section is blank or does not describe your intended design and steps, populate it with a concise high‑level plan before proceeding.
+Then proceed directly to implement the full functionality in the codebase as a single atomic unit—regardless of how many components are involved, do not split the work into separate sub-steps or pause to ask whether to decompose it.
+
+Do not pause to seek user confirmation after editing the Markdown;
+only ask clarifying questions if you encounter genuine ambiguities in the requirements.
+
+At any point, you may set the task’s **Status** to any valid state (e.g. Not started, In progress, Needs input, Needs manual review, Done, Cancelled) as appropriate. Use **Needs input** to request further clarification or resources before proceeding.
+
+When you have finished working on the task file:
+- If the task’s **Status** is "Needs input", stop immediately and await further instructions; do **not** run pre-commit hooks or invoke the Commit agent.
+- Otherwise, set the task’s **Status** to "Done".
+  - Run the repository’s pre-commit hooks on all changed files (e.g. `pre-commit run --files <changed-files>`), and stage any autofix changes.
+  - Do **not** stage or commit beyond hook-driven fixes. Instead, stop and await the Commit agent to record your updates.
+Then stop and await further instructions.

agentydragon/prompts/manager.md

@@ -0,0 +1,54 @@
+# Project Manager Agent Prompt
+
+You are the **Project Manager** Codex agent for the `codex` repository.
+Refer to `agentydragon/WORKFLOW.md` for the standard Developer→Commit→Orchestrator handoff workflow.
+Your responsibilities include:
+
+- **Reading documentation**: Load and understand all relevant docs in this repo (especially those defining task, worktree, and branch conventions, as well as each task file and top‑level README files).
+- **Task orchestration**: Maintain the list of tasks, statuses, and dependencies; plan waves of work; and generate commands to launch work in parallel using `agentydragon/tools/create_task_worktree.py` (or the legacy `agentydragon/tools/create-task-worktree.sh`) with `--agent` and `--tmux`.
+- **Task creation**: When creating a new task stub, review the descriptions of all existing tasks; set the `dependencies` front-matter field to list the tasks that must be completed before work on this task can begin; and include a brief rationale as a Markdown comment (e.g., `<!-- rationale: depends on tasks X and Y because ... -->`) explaining why these dependencies are required and why other tasks are not.
+- **Live coordination**: Continuously monitor and report progress, adjust the plan as tasks complete or new ones appear, and surface any blockers.
+
+- **Worktree monitoring**: Check each task’s worktree for uncommitted changes or dirty state to detect agents still working or potential crashes, and report their status as in-progress or needing attention.
+-   When displaying the task-status table, highlight dirty worktrees in red and tasks marked Done or Merged in green; exclude tasks that are Merged with no branch and no worktree from the main table (they should instead be listed in a green “Done & merged:” summary at the bottom), and filter such merged tasks out of other tasks’ dependency lists.
+
+- **Background polling**: On user request, enter a sleep‑and‑scan loop (e.g. 5 min interval) to detect tasks marked “Done” in their Markdown; for each completed task, review its branch worktree, check for merge conflicts, propose merging cleanly mergeable branches, and suggest conflict‑resolution steps for any that aren’t cleanly mergeable.
+- **Manager utilities**: Create and maintain utility scripts under `agentydragon/tools/manager_utils/` to support your work (e.g., branch scanning, conflict checking, merge proposals, polling loops). Include clear documentation (header comments or docstrings with usage examples) in each script, and invoke these scripts in your workflow.
+- **Merge orchestration**: When proposing merges of completed task branches into the integration branch, consider both single-branch and octopus (multi-branch) merges. Detect and report conflicts between branches as well as with the integration branch, and recommend resolution steps or merge ordering to avoid or resolve conflicts.
+
+### First Actions
+
+1. For each task branch (named `agentydragon-<task-id>-<task-slug>`), **without changing the current working directory’s Git HEAD or modifying its status**, create or open a dedicated worktree for that branch (e.g. via `agentydragon/tools/create_task_worktree.py <task-slug>`) and read the task’s Markdown copy in that worktree to extract and list the task number, title, live **Status**, and dependencies.  *(Always read the **Status** and dependencies from the copy of the task file in the branch’s worktree, never from master/HEAD.)*
+2. Produce a one‑line tmux launch command to spin up only those tasks whose dependencies are satisfied and can actually run in parallel, following the conventions defined in repository documentation.
+3. Describe the high‑level wave‑by‑wave plan and explain which tasks can run in parallel.
+
+### Usage Examples
+
+```bash
+# Parallel worktree launch
+agentydragon/tools/create_task_worktree.py --agent --tmux 02 04 07
+
+# Wave-by-wave plan
+# Wave 1: tasks 02,04 (no unmet deps)
+# Wave 2: task 07 (depends on 02,04)
+
+# Background polling loop (every 5 min)
+while true; do
+  python3 agentydragon/tools/check_tasks.py && \
+    python3 agentydragon/tools/launch_commit_agent.py $(python3 agentydragon/tools/find_done_tasks.py)
+  sleep 300
+done
+
+# Dispose a task worktree
+python3 agentydragon/tools/manager_utils/agentydragon_task.py dispose 07
+```
+
+More functionality and refinements will be added later.  Begin by executing these steps and await further instructions.
+
+*If instructed, enter a background polling loop (sleep for a configured interval, e.g. 5 minutes) to watch for tasks whose Markdown status is updated to “Done” and then prepare review/merge steps for only those branches.*
+
+Once a task branch is merged cleanly into the integration branch, dispose of its worktree and delete its Git branch.  To record that merge, use:
+
+    python3 agentydragon/tools/manager_utils/agentydragon_task.py set-status <task-id> Merged
+
+Use `python3 agentydragon/tools/manager_utils/agentydragon_task.py dispose <task-id>` to remove the worktree and branch without changing the status (e.g. for cancelled tasks).

agentydragon/prompts/master-diff.md

@@ -0,0 +1,5 @@
+Read the full diff between HEAD and main and produce a list of everything that was added/removed.
+Include examples of how to use the features, how to configure them, etc.
+Use Markdown format. Write into $(git rev-parse --show-toplevel)/agentydragon/CHANGES.md. Delete it if it already exists.
+Only document changes under codex-rs.
+Do not include things that already exist on main branch - only what was changed.

agentydragon/prompts/redepend.md

@@ -0,0 +1,4 @@
+read the description of all tasks in agentydragon/tasks/*.md and relevant context in codex-rs. for every task: disregard existing dependecy declarations in the frontmatter. think long about
+why and how they might depend on each other and if there's any way they might conflict and whether the overall picturen of how they fit toether makes sense. for each, *REGENERATE* the
+dependency list in frontmatter to the list of tasks the muast be done before each gvien taks becomes unblocked. no need to populate this for already merged tasks. also no need to list
+merged tasks inside any dependency list.

agentydragon/prompts/scaffolding-setup.md

@@ -0,0 +1,66 @@
+You are the AI “Scaffolding Assistant” for the `codex` monorepo. Your mission is to generate, in separate commits, all of the initial scaffolding needed for the
+tydragon-driven task workflow:
+
+1. **Task stubs**
+   - Create `agentydragon/tasks/task-template.md`.
+   - Create numbered task stubs (`01-*.md`, `02-*.md`, …) for each planned feature (mounting, approval predicates, live‑reload, editor integration, etc.), filling in
+e, “Status”, “Goal”, and sections for “Acceptance Criteria”, “Implementation”, and “Notes”.
+
+2. **Worktree launcher**
+   - Implement `agentydragon/tools/create_task_worktree.py` with:
+     - `--agent` mode to spin up a Codex agent in the worktree,
+     - `--tmux` to tile panes for multiple tasks in a single tmux session,
+     - two‑digit or slug ID resolution.
+   - Ensure usage, help text, and numeric/slug handling are correct.
+
+3. **Helper scripts**
+   - Add `agentydragon/tasks/review-unmerged-task-branches.sh` to review and merge task branches.
+   - Add `agentydragon/tools/launch-project-manager.sh` to invoke the Project Manager agent prompt.
+
+4. **Project‑manager prompts**
+   - Create `agentydragon/prompts/manager.md` containing the following Project Manager agent prompt:
+
+     ```
+     # Project Manager Agent Prompt
+
+     You are the **Project Manager** Codex agent for the `codex` repository.  Your responsibilities include:
+
+     - **Reading documentation**: Load and understand all relevant docs in this repo (especially those defining task, worktree, and branch conventions, as well as each task file and top‑level README files).
+     - **Task orchestration**: Maintain the list of tasks, statuses, and dependencies; plan waves of work; and generate shell commands to launch work on tasks in parallel using `create_task_worktree.py` with `--agent` and `--tmux`.
+     - **Live coordination**: Continuously monitor and report progress, adjust the plan as tasks complete or new ones appear, and surface any blockers.
+     - **Worktree monitoring**: Check each task’s worktree for uncommitted changes or dirty state to detect agents still working or potential crashes, and report their status as in-progress or needing attention.
+     - **Background polling**: On user request, enter a sleep‑and‑scan loop (e.g. 5 min interval) to detect tasks marked “Done” in their Markdown; for each completed task, review its branch worktree, check for merge conflicts, propose merging cleanly mergeable branches, and suggest conflict‑resolution steps for any that aren’t cleanly mergeable.
+     - **Manager utilities**: Create and maintain utility scripts under `agentydragon/tools/manager_utils/` to support your work (e.g., branch scanning, conflict checking, merge proposals, polling loops). Include clear documentation (header comments or docstrings with usage examples) in each script, and invoke these scripts in your workflow.
+     - **Merge orchestration**: When proposing merges of completed task branches into the integration branch, consider both single-branch and octopus (multi-branch) merges. Detect and report conflicts between branches as well as with the integration branch, and recommend resolution steps or merge ordering to avoid or resolve conflicts.
+
+     ### First Actions
+
+     1. For each task branch (named `agentydragon-<task-id>-<task-slug>`), **without changing the current working directory’s Git HEAD or modifying its status**, create or open a dedicated worktree for that branch (e.g. via `create_task_worktree.py <task-slug>`) and read the task’s Markdown copy under that worktree’s `agentydragon/tasks/` to extract and list the task number, title, live **Status**, and dependencies.  *(Always read the **Status** and dependencies from the copy of the task file in the branch’s worktree, never from master/HEAD.)*
+     2. Produce a one‑line tmux launch command to spin up only those tasks whose dependencies are satisfied and can actually run in parallel, following the conventions defined in repository documentation.
+     3. Describe the high‑level wave‑by‑wave plan and explain which tasks can run in parallel.
+
+     More functionality and refinements will be added later.  Begin by executing these steps and await further instructions.
+     ```
+
+5. **Wave‑by‑wave plan**
+   - Draft a human‑readable plan outlining task dependencies and four “waves” of work, indicating which tasks can run in parallel.
+
+6. **Bootstrap commands**
+   - Provide concrete shell/`rg`/`tmux` oneliner examples to launch Wave 1 (e.g. tasks 06, 03, 08) in parallel.
+   - Provide a single tmux oneliner to spin up all unblocked tasks.
+
+**Before you begin**, read the existing docs under `agentydragon/tasks/`, top‑level `README.md` and `oaipackaging/README.md` so you fully understand the context and
+entions.
+
+**Commit strategy**
+- Commit each major component (tasks, script, helper scripts, prompts, plan) as its own Git commit.
+- Follow our existing commit-message style: prefix with `agentydragon(tasks):`, `agentydragon:`, etc.
+- Don’t batch everything into one huge commit; keep each logical piece isolated for easy review.
+
+**Reporting**
+After each commit, print a short status message (e.g. “✅ Task stubs created”, “✅ create_task_worktree.py implemented”, etc.) and await confirmation before continuing
+the next step.
+
+---
+
+Begin now by listing the current task directory contents and generating `task-template.md`.

agentydragon/tasks/.done/.gitkeep

@@ -0,0 +1 @@
+ # Keep this directory in version control

agentydragon/tasks/.done/01-dynamic-mount-commands.md

@@ -0,0 +1,64 @@
++++
+id = "01"
+title = "Dynamic Mount-Add and Mount-Remove Commands"
+status = "Merged"
+dependencies = ""
+last_updated = "2025-06-25T01:40:09.501150"
++++
+
+# Task 01: Dynamic Mount-Add and Mount-Remove Commands
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Merged  
+**Summary**: Implemented inline DSL and interactive dialogs for `/mount-add` and `/mount-remove`, with dynamic sandbox policy updates.
+
+## Goal
+Implement the `/mount-add` and `/mount-remove` slash commands in the TUI, supporting two modes:
+
+1. **Inline DSL**: e.g. `/mount-add host=/path/to/host container=/path/in/agent mode=rw`
+2. **Interactive dialog**: if the user just types `/mount-add` or `/mount-remove` without args, pop up a prompt to fill in `host`, `container`, and optional `mode` fields.
+
+These commands should:
+- Create or remove symlinks (or real directories) under the current working directory.
+- Update the in-memory `SandboxPolicy` to grant or revoke read/write permission for the host path.
+- Emit confirmation or error messages into the TUI log pane.
+
+## Acceptance Criteria
+- Users can type `/mount-add host=... container=... mode=...` and the mount is created immediately.
+- Users can type `/mount-add` alone to open a small TUI form prompting for the three fields.
+- Symmetrically for `/mount-remove` by container path.
+- The `sandbox_policy` is updated so subsequent shell commands can read/write the newly mounted folder.
+
+## Implementation
+
+**How it was implemented**  
+- Added two new slash commands (`mount-add`, `mount-remove`) to the TUI’s `slash-command` popup.
+- Inline DSL parsing: commands typed as `/mount-add host=... container=... mode=...` or `/mount-remove container=...` are detected and handled immediately by parsing key/value args, performing the mount/unmount, and updating the `Config.sandbox_policy` in memory.
+- Interactive dialogs: selecting `/mount-add` or `/mount-remove` without args opens a bottom‑pane form (`MountAddView` or `MountRemoveView`) that prompts sequentially for the required fields and then triggers the same mount logic.
+- Mount logic implemented in `do_mount_add`/`do_mount_remove`:
+  - Creates/removes a symlink under `cwd` pointing to the host path (`std::os::unix::fs::symlink` on Unix, platform equivalents on Windows).
+  - Uses new `SandboxPolicy` methods (`allow_disk_write_folder`/`revoke_disk_write_folder`) to grant or revoke `DiskWriteFolder` permissions for the host path.
+  - Emits success or error messages via `tracing::info!`/`tracing::error!`, which appear in the TUI log pane.
+
+**How it works**  
+1. **Inline DSL**  
+   - User types:  
+     ```
+     /mount-add host=/path/to/host container=path/in/cwd mode=ro
+     ```
+   - The first-stage popup intercepts the mount-add command with args, dispatches `InlineMountAdd`, and the app parses the args and runs the mount logic immediately.
+2. **Interactive dialog**  
+   - User types `/mount-add` (or selects it via the popup) without args.
+   - A small form appears that prompts for `host`, `container`, then `mode`.
+   - Upon completion, the same mount logic runs.
+3. **Unmount**  
+   - `/mount-remove container=...` (inline) or `/mount-remove` (interactive) remove the symlink and revoke write permissions.
+4. **Policy update**  
+   - `allow_disk_write_folder` appends a `DiskWriteFolder` permission for new mounts.
+   - `revoke_disk_write_folder` removes the corresponding permission on unmount.
+
+## Notes
+- This builds on the static `[[sandbox.mounts]]` support introduced earlier.

agentydragon/tasks/.done/03-live-config-reload.md

@@ -0,0 +1,42 @@
++++
+id = "03"
+title = "Live Config Reload and Prompt on Changes"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T05:36:17.783726"
++++
+
+# Task 03: Live Config Reload and Prompt on Changes
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Done  
+**Summary**: Live config watcher, diff prompt, and reload integration implemented.
+
+## Goal
+Detect changes to the user `config.toml` file while a session is running and prompt the user to apply or ignore the updated settings.
+
+## Acceptance Criteria
+- A background file watcher watches `$CODEX_HOME/config.toml` (or active user config path).
+- On any write event, compute a unified diff between the in-memory config and the on-disk file.
+- Pause the agent, display the diff in the TUI bottom pane, and offer two actions: `Apply new config now` or `Continue with old config`.
+- If the user applies, re-parse the config, merge overrides, and resume using the new settings. Otherwise, discard changes and resume.
+
+## Implementation
+
+**How it was implemented**  
+- Added `codex_tui::config_reload::generate_diff` to compute unified diffs via the `similar` crate (with a unit test).  
+- Spawned a `notify`-based filesystem watcher thread in `tui::run_main` that debounces write events on `$CODEX_HOME/config.toml`, generates diffs against the last-read contents, and posts `AppEvent::ConfigReloadRequest(diff)`.
+- Introduced `AppEvent` variants (`ConfigReloadRequest`, `ConfigReloadApply`, `ConfigReloadIgnore`) and wired them in `App::run` to display a new `BottomPaneView` overlay.
+- Created `BottomPaneView` implementation `ConfigReloadView` to render the diff and handle `<Enter>`/`<Esc>` for apply or ignore.
+- On apply, reloaded `Config` via `Config::load_with_cli_overrides`, updated both `App.config` and `ChatWidget` (rebuilding its bottom pane with updated settings).
+
+**How it works**  
+- The watcher thread detects on-disk changes and pushes a diff request into the UI event loop.
+- Upon `ConfigReloadRequest`, the TUI bottom pane overlays the diff view and blocks normal input.
+- `<Enter>` applies the new config (re-parses and updates runtime state); `<Esc>` dismisses the overlay and continues with the old settings.
+
+## Notes
+- Leverage a crate such as `notify` for FS events and `similar` or `diff` for unified diff generation.

agentydragon/tasks/.done/06-external-editor-prompt.md

@@ -0,0 +1,42 @@
++++
+id = "06"
+title = "External Editor Integration for Prompt Entry"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T02:40:09.505778"
++++
+
+# Task 06: External Editor Integration for Prompt Entry
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Done  
+**Summary**: External editor integration for prompt entry implemented.
+
+## Goal
+Allow users to spawn an external editor (e.g. Neovim) to compose or edit the chat prompt. The prompt box should update with the editor's contents when closed.
+
+## Acceptance Criteria
+- A slash command `/edit-prompt` (or `Ctrl+E`) launches the user's preferred editor on a temporary file pre-populated with the current draft.
+- Upon editor exit, the draft is re-read into the composer widget.
+- Configurable via `editor = "${VISUAL:-${EDITOR:-nvim}}"` setting in `config.toml`.
+
+## Implementation
+
+**How it was implemented**  
+- Added `editor` option to `[tui]` section in `config.toml`, defaulting to `${VISUAL:-${EDITOR:-nvim}}`.  
+- Exposed the `tui.editor` setting in the `codex-core` config model (`config_types.rs`) and wired it through to the TUI.  
+- Added a new slash-command variant `EditPrompt` in `tui/src/slash_command.rs` to trigger external-editor mode.  
+- Implemented `ChatComposer::open_external_editor()` in `tui/src/bottom_pane/chat_composer.rs`:  
+  - Creates a temporary file pre-populated with the current draft prompt.  
+  - Launches the configured editor (from `VISUAL`/`EDITOR` with `nvim` fallback) in a blocking subprocess.  
+  - Reads the edited contents back into the `TextArea` on editor exit.  
+- Wired both `Ctrl+E` and the `/edit-prompt` slash command to invoke `open_external_editor()`.  
+- Updated `config.md` to document the new `editor` setting under `[tui]`.
+
+**How it works**  
+- Pressing `Ctrl+E`, or typing `/edit-prompt` and hitting Enter, spawns the user's preferred editor on a temporary file containing the current draft.  
+- When the editor process exits, the plugin reads back the file and updates the chat composer with the edited text.  
+- The default editor is determined by `VISUAL`, then `EDITOR`, falling back to `nvim` if neither is set.

agentydragon/tasks/.done/07-undo-feedback-decision.md

@@ -0,0 +1,37 @@
++++
+id = "07"
+title = "Undo Feedback Decision with Esc Key"
+status = "Merged"
+dependencies = "01,04,10,12,16,17"
+last_updated = "2025-06-25T01:40:09.506146"
++++
+
+# Task 07: Undo Feedback Decision with Esc Key
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Merged  
+**Summary**: ESC key now cancels feedback entry and returns to the select menu, preserving any entered text; implementation and tests added.
+
+## Goal
+Enhance the user-approval dialog so that if the user opted to leave feedback (“No, enter feedback”) they can press `Esc` to cancel the feedback flow and return to the previous approval choice menu (e.g. “Yes, proceed” vs. “No, enter feedback”).
+
+## Acceptance Criteria
+- While the feedback-entry textarea is active, pressing `Esc` closes the feedback editor and reopens the yes/no confirmation dialog.
+- The cancellation must restore the dialog state without losing any partially entered feedback text.
+
+## Implementation
+
+**How it was implemented**  
+- In `tui/src/user_approval_widget.rs`, updated `UserApprovalWidget::handle_input_key` so that pressing `Esc` in input mode switches `mode` back to `Select` (rather than sending a deny decision), and restores `selected_option` to the feedback entry item without clearing the input buffer.
+- Added a unit test in the same module to verify that `Esc` cancels input mode, preserves the feedback text, and does not emit any decision event.
+
+**How it works**  
+- When the widget is in `Mode::Input` (feedback-entry), receiving `KeyCode::Esc` resets `mode` to `Select` and sets `selected_option` to the index of the “Edit or give feedback” option.  
+- The `input` buffer remains intact, so any partially typed feedback is preserved for if/when the user re-enters feedback mode.  
+- No approval decision is sent on `Esc`, so the modal remains active and the user can still approve, deny, or re-enter feedback.
+
+## Notes
+- Changes in `tui/src/user_approval_widget.rs` to treat `Esc` in input mode as a cancel-feedback action and added corresponding tests.

agentydragon/tasks/.done/08-set-shell-title.md

@@ -0,0 +1,52 @@
++++
+id = "08"
+title = "Set Shell Title to Reflect Session Status"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T04:06:55.265790"
++++
+
+# Task 08: Set Shell Title to Reflect Session Status
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Done  
+**Summary**: Implemented session title persistence, `/set-title` slash command, and real-time ANSI updates in both TUI and exec clients.
+
+## Goal
+
+Allow the CLI to update the terminal title bar to reflect the current session status—executing, thinking (sampling), idle, or waiting for approval decision—and persist the title with the session. Users should also be able to explicitly set a custom title.
+
+## Acceptance Criteria
+
+- Implement a slash command or API (`/set-title <title>`) for users to explicitly set the session title.
+- Persist the title in session metadata so that on resume the last title is restored.
+- Dynamically update the shell/terminal title in real time based on session events:
+  - Executing: use a play symbol (e.g. ▶)
+  - Thinking/sampling: use an hourglass or brain symbol (e.g. ⏳)
+  - Idle: use a green dot or sleep symbol (e.g. 🟢)
+  - Waiting for approval decision: use an attention-grabbing symbol (e.g. ❗)
+- Ensure title updates work across Linux, macOS, and Windows terminals via ANSI escape sequences.
+
+## Implementation
+**Note**: Populate this section with a concise high-level plan before beginning detailed implementation.
+
+**Planned approach**  
+- Extend the session protocol schema (`SessionConfiguredEvent`) in `codex-rs/core` to include an optional `title` field and introduce a new `SessionUpdatedTitleEvent` type.  
+- Add a `SetTitle { title: String }` variant to the `Op` enum for custom titles and implement the `/set-title <text>` slash command in the TUI crates (`tui/src/slash_command.rs`, `tui/src/app_event.rs`, and `tui/src/app.rs`).  
+- Modify the core agent loop to handle `Op::SetTitle`: persist the new title in session metadata, emit a `SessionUpdatedTitleEvent`, and include the persisted title in `SessionConfiguredEvent` on startup/resume.  
+- Implement event listeners in both the interactive TUI (`tui/src/chatwidget.rs`) and non-interactive exec client (`exec/src/event_processor.rs`) that respond to session, title, and lifecycle events (session start, task begin/end, reasoning, idle, approval) by emitting ANSI escape sequences (`\x1b]0;<symbol> <title>\x07`) to update the terminal title bar.  
+- Choose consistent Unicode symbols for each session state—executing (▶), thinking (⏳), idle (🟢), awaiting approval (❗)—and apply these as status indicators prefixed to the title.  
+- On session startup or resume, restore the last persisted title or fall back to a default if none exists.
+
+**How it works**  
+- Users type `/set-title MyTitle` to set a custom session title; the core persists it and broadcasts a `SessionUpdatedTitleEvent`.  
+- Clients print the appropriate ANSI escape code to update the terminal title before rendering UI or logs, reflecting real-time session state via the selected status symbol prefix.
+
+## Notes
+
+- Use ANSI escape code `\033]0;<title>\007` to set the terminal title.
+- Extend the session JSON schema to include a `title` field.
+- Select Unicode symbols that render consistently in common terminal fonts.

agentydragon/tasks/.done/10-inspect-container-state.md

@@ -0,0 +1,52 @@
++++
+id = "10"
+title = "Inspect Container State (Mounts, Permissions, Network)"
+status = "Merged"
+dependencies = ""
+last_updated = "2025-06-25T04:07:56.197523"
++++
+
+# Task 10: Inspect Container State (Mounts, Permissions, Network)
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Completed  
+**Summary**: Implemented `codex inspect-env` subcommand, CLI output and TUI bindings, tested in sandbox and headless modes.
+
+## Goal
+
+Provide a runtime command that displays the current sandbox/container environment details—what is mounted where, permission scopes, network access status, and other relevant sandbox policies.
+
+## Acceptance Criteria
+
+- Implement a slash command or CLI subcommand (`/inspect-env` or `codex inspect-env`) that outputs:
+  - List of bind mounts (host path → container path, mode)
+  - File-system permission policies in effect
+  - Network sandbox status (restricted or allowed)
+  - Runtime TUI status‑bar indicators for key sandbox attributes (e.g. network enabled/disabled, mount count, read/write scopes)
+  - Any additional sandbox rules or policy settings applied
+- Format the output in a human-readable table or tree view in the TUI and plaintext for logs.
+- Ensure the command works in both interactive TUI sessions and non-interactive (headless) modes.
+- Include a brief explanation header summarizing each section to help users understand what they are seeing.
+
+## Implementation
+
+**How it was implemented**  
+Implemented a new `inspect-env` subcommand in `codex-cli`, reusing `create_sandbox_policy` and `Config::load_with_cli_overrides` to derive the effective sandbox policy and working directory. The code computes read-only or read-write mount entries (root and writable roots), enumerates granted `SandboxPermission`s, and checks `has_full_network_access()`. It then prints a formatted table (via `println!`) and summary counts.
+
+**How it works**  
+Running `codex inspect-env` loads user overrides, builds the sandbox policy, and:
+- Lists mounts (path and mode) in a table.  
+- Prints each granted permission.  
+- Shows network status as `enabled`/`disabled`.  
+- Outputs summary counts for mounts and writable roots.
+
+This command works both in CI/headless and inside the TUI (status-bar integration).
+
+## Notes
+
+- Leverage existing sandbox policy data structures used at startup.
+- Reuse TUI table or tree components for formatting (e.g., tui-rs widgets).
+- Include clear labels for network status (e.g., `NETWORK: disabled` or `NETWORK: enabled`).

agentydragon/tasks/.done/11-custom-approval-predicates.md

@@ -0,0 +1,61 @@
++++
+id = "11"
+title = "User-Configurable Approval Predicates"
+status = "Merged"
+dependencies = "01,04,10,12,16,17"
+last_updated = "2025-06-25T01:40:09.508560"
++++
+
+# Task 11: User-Configurable Approval Predicates
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Merged  
+**Summary**: Implemented custom approval predicates feature: configuration parsing, predicate invocation logic, tests, and documentation.
+
+## Goal
+
+Allow users to plug in an external executable that makes approval decisions for shell commands based on session context.
+
+## Acceptance Criteria
+
+- Support a new `[[approval_predicates]]` section in `config.toml` for Python-based predicates, each with a `python_predicate_binary = "..."` field (pointing to the predicate executable) and an implicit `never_expire = true` setting.
+- Before prompting the user, invoke each configured predicate in order, passing the following (via CLI args or env vars):
+  - Session ID
+  - Container working directory (CWD)
+  - Host working directory (CWD)
+  - Candidate shell command string
+- The predicate must print exactly one of `allow`, `deny`, or `ask` on stdout:
+  - `allow`  → auto-approve and skip remaining predicates
+  - `deny`   → auto-reject and skip remaining predicates
+  - `ask`    → open the standard approval dialog and skip remaining predicates
+- If a predicate exits non-zero or outputs anything else, treat it as `ask` and continue to the next predicate.
+- Write unit and integration tests covering typical and edge-case predicate behavior.
+- Document configuration syntax and behavior in the top-level config docs (`config.md`).
+
+## Implementation
+
+**How it was implemented**  
+- Added `approval_predicates` field to `ConfigToml` and `Config` in `codex_core::config`, supporting a `python_predicate_binary: PathBuf` and an implicit `never_expire = true`.
+- Hooked into the command-approval code path in `codex_core::safety` to invoke each configured predicate executable before showing the approval prompt. Predicates are launched via `std::process::Command` with context passed in environment variables (`CODEX_SESSION_ID`, `CODEX_CONTAINER_CWD`, `CODEX_HOST_CWD`, `CODEX_COMMAND`).
+- Parsed each predicate’s stdout for exactly `allow`, `deny`, or `ask`, short-circuiting on `allow` or `deny` (auto-approve/auto-reject) and treating failures or unexpected output as `ask` to continue to the next predicate.
+- Wrote unit tests for configuration parsing and predicate-invocation behavior, covering exit-code and output edge cases, plus integration tests verifying end-to-end approval decisions.
+- Updated `config.md` to document the `[[approval_predicates]]` table syntax, default semantics, and runtime behavior.
+
+**How it works**  
+When a shell command requires approval, Codex iterates over each entry in `[[approval_predicates]]` in order. For each predicate:
+- Launch the configured binary with session context in its environment.
+- If it exits successfully and writes `allow`, Codex auto-approves and skips remaining predicates.
+- If it writes `deny`, Codex auto-rejects and skips remaining predicates.
+- Otherwise (writes `ask`, fails, or emits unexpected output), Codex moves to the next predicate or falls back to the manual approval dialog if none return `allow` or `deny`.
+This mechanism lets users automate approval decisions via custom Python scripts while retaining manual control when predicates defer.
+
+## Notes
+
+- Consider passing context via environment variables (e.g. `CODEX_SESSION_ID`, `CODEX_CONTAINER_CWD`, `CODEX_HOST_CWD`, `CODEX_COMMAND`).
+- Reuse invocation logic from the auto-approval predicates feature (Task 02).
+- **Motivating example**: auto-approve `pre-commit run --files <any number of space-separated files>`.
+- **Motivating example**: auto-approve any `git` command (e.g. `git add`, `git commit`, `git push`, `git status`, etc.) provided its repository root is under `<directory>`, correctly handling common flags and safe invocation modes.
+- **Motivating example**: auto-approve any shell pipeline composed out of `<these known-safe commands>` operating on `<known-safe files>` with `<known-safe params>`, using a general pipeline parser to ensure safety—a nontrivial example of predicate logic.

agentydragon/tasks/.done/13-interactive-prompt-during-execution.md

@@ -0,0 +1,45 @@
++++
+id = "13"
+title = "Interactive Prompting and Commands While Executing"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T01:40:09.509881"
++++
+
+# Task 13: Interactive Prompting and Commands While Executing
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Merged  
+**Summary**: Implemented interactive prompt overlay allowing user input during streaming without aborting runs.
+
+## Goal
+
+Allow users to interleave composing prompts and issuing slash-commands while the agent is actively executing (e.g. streaming completions), without aborting the current run.
+
+## Acceptance Criteria
+
+- While the LLM is streaming a response or executing a tool, the input box remains active for user edits and slash-commands.
+- Sending a message or `/`-command does not implicitly cancel or abort the ongoing execution.
+- Any tool invocation messages from the agent must still be immediately followed by their corresponding tool output messages (or the API will error).
+- Ensure the TUI correctly preserves the stream and appends new user input at the bottom, scrolling as needed.
+- No deadlocks or lost events if the agent finishes while the user is typing; buffer and render properly.
+- Update tests to simulate concurrent user input during streaming and validate UI state.
+
+## Implementation
+
+**How it was implemented**  
+- Modified `BottomPane::handle_key_event` in `tui/src/bottom_pane/mod.rs` to special-case the `StatusIndicatorView` while `is_task_running`, forwarding key events to `ChatComposer` and preserving the overlay.
+- Updated `BottomPane::render_ref` to always render the composer first and then overlay the active view, ensuring the input box remains visible and editable under the status indicator.
+- Added unit tests in `tui/src/bottom_pane/mod.rs` to verify input is forwarded during task execution and that the status indicator overlay is removed upon task completion.
+
+**How it works**  
+During LLM streaming or tool execution, the `StatusIndicatorView` remains active as an overlay. The modified event handler detects this overlay and forwards user key events to the underlying `ChatComposer` without dismissing the overlay. On task completion (`set_task_running(false)`), the overlay is automatically removed (via `should_hide_when_task_is_done`), returning to the normal input-only view.
+
+## Notes
+
+- Look at the ChatComposer and streaming loop in `tui/src/bottom_pane/chat_composer.rs` for input and stream handling.
+- Ensure event loop in `app.rs` multiplexes between agent stream events and user input events without blocking.
+- Consider locking or queuing tool-use messages to guarantee prompt tool-output pairing.

agentydragon/tasks/.done/15-agent-worktree-sandbox-configuration.md

@@ -0,0 +1,95 @@
++++
+id = "15"
+title = "Agent Worktree Sandbox Configuration"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T07:26:13.570520"
++++
+
+# Task 15: Agent Worktree Sandbox Configuration
+
+## Status
+
+**General Status**: Done  
+**Summary**: Enhanced the task scaffolding script to launch a Codex agent in a sandboxed worktree with writable worktree and TMPDIR, auto-approved file I/O and Git operations, and network disabled.
+
+## Goal
+
+Use `create-task-worktree.sh --agent` to wrap the agent invocation in a sandbox with these properties:
+- The task worktree path and the system temporary directory (`$TMPDIR` or `/tmp`) are mounted read-write.
+- All other paths on the host are treated as read-only.
+- Git operations in the worktree (e.g. `git add`, `git commit`) succeed without additional confirmation.
+- Any file read or write under the worktree root is automatically approved.
+
+## Acceptance Criteria
+
+The `create-task-worktree.sh --agent` invocation:
+- launches the agent via `codex debug landlock` (or equivalent), passing flags to mount only the worktree and tempdir as writable.
+- sets up Landlock permissions so that all other host paths are read-only.
+- auto-approves any file system operation under the worktree directory.
+- auto-approves Git commands in the worktree without prompting.
+- still permits using system temp dir for ephemeral files.
+- contains tests or manual verifications demonstrating blocked writes outside and allowed writes inside.
+
+## Implementation
+
+**How it was implemented**  
+- Extended `create-task-worktree.sh` `--agent` mode to launch the Codex agent under a Landlock+seccomp sandbox by invoking `codex debug landlock --full-auto`, which grants write access only to the worktree (`cwd`) and the platform temp folder (`TMPDIR`), and disables network.  
+- Updated the `-a|--agent` help text to reflect the new sandbox behavior and tempdir whitelist.  
+- Added a test script demonstrating allowed writes inside the worktree and TMPDIR and blocked writes to directories outside those paths:
+
+  ```bash
+  #!/usr/bin/env bash
+  # Test script for Task 15: verify sandbox restrictions and allowances
+  set -euo pipefail
+
+  worktree_root="$(cd "$(dirname "$0")"/.. && pwd)"
+
+  echo "Running sandbox tests in worktree: $worktree_root"
+
+  # Test write inside worktree
+  echo -n "Test: write inside worktree... "
+  if codex debug landlock --full-auto /usr/bin/env bash -c "touch '$worktree_root/inside_test'"; then
+    echo "PASS"
+  else
+    echo "FAIL" >&2
+    exit 1
+  fi
+
+  # Test write inside TMPDIR
+  tmpdir=${TMPDIR:-/tmp}
+  echo -n "Test: write inside TMPDIR ($tmpdir)... "
+  if codex debug landlock --full-auto /usr/bin/env bash -c "touch '$tmpdir/tmp_test'"; then
+    echo "PASS"
+  else
+    echo "FAIL" >&2
+    exit 1
+  fi
+
+  # Prepare external directory under HOME to test outside worktree/TMPDIR
+  external_dir="$HOME/sandbox_test_dir"
+  mkdir -p "$external_dir"
+  rm -f "$external_dir/outside_test"
+
+  echo -n "Test: write outside allowed paths ($external_dir)... "
+  if codex debug landlock --full-auto /usr/bin/env bash -c "touch '$external_dir/outside_test'"; then
+    echo "FAIL: outside write succeeded" >&2
+    exit 1
+  else
+    echo "PASS"
+  fi
+  ```
+
+**How it works**  
+When invoked with `--agent`, `create-task-worktree.sh` changes into the task worktree and launches:
+
+```bash
+codex debug landlock --full-auto codex "$(< \"$repo_root/agentydragon/prompts/developer.md\")"
+```
+
+The `--full-auto` flag configures Landlock to allow disk writes under the current directory and the system temp directory, disable network access, and automatically approve commands on success. As a result, any file I/O and Git operations in the worktree proceed without approval prompts, while writes outside the worktree and TMPDIR are blocked by the sandbox.
+
+## Notes
+
+- This feature depends on the underlying Landlock/Seatbelt sandbox APIs.  
+- Leverage the existing sandbox invocation (`codex debug landlock`) and approval predicates to auto-approve worktree and tmpdir I/O.

agentydragon/tasks/.done/16-confirm-on-ctrl-d.md

@@ -0,0 +1,54 @@
++++
+id = "16"
+title = "Confirm on Ctrl+D to Exit"
+status = "Merged"
+dependencies = ""
+last_updated = "2025-06-25T05:36:23.493497"
++++
+
+# Task 16: Confirm on Ctrl+D to Exit
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Done  
+**Summary**: Double Ctrl+D confirmation implemented and tested.
+
+## Goal
+
+Require two consecutive Ctrl+D keystrokes (within a short timeout) to exit the TUI, preventing accidental termination from a single SIGINT.
+
+## Acceptance Criteria
+
+- Add a `[tui] require_double_ctrl_d = true` config flag (default `false`) to enable double‑Ctrl+D exit confirmation.
+- When `require_double_ctrl_d` is enabled:
+  - First Ctrl+D within the TUI suspends exit and shows a status message like "Press Ctrl+D again to confirm exit".
+  - If a second Ctrl+D occurs within a configurable timeout (e.g. 2 sec), the TUI exits normally.
+  - If no second Ctrl+D arrives before timeout, clear the confirmation state and resume normal operation.
+- Ensure that child processes (shell tool calls) still receive SIGINT immediately and are not affected by the double‑Ctrl+D logic.
+- Prevent immediate exit on Ctrl+D (EOF); require the same double‑confirmation workflow as for Ctrl+D when EOF is received.
+- Provide unit or integration tests simulating SIGINT events to verify behavior.
+
+## Implementation
+
+**How it was implemented**  
+- Added `require_double_ctrl_d` and `double_ctrl_d_timeout_secs` to the TUI config in `core/src/config_types.rs` with defaults.
+- Introduced `ConfirmCtrlD` helper in `tui/src/confirm_ctrl_d.rs` to manage confirmation state and expiration logic.
+- Extended `App` in `tui/src/app.rs`:
+  - Initialized `confirm_ctrl_d` from config in `App::new`.
+  - Expired stale confirmation windows each event-loop tick and cleared the status overlay when timed out.
+  - Replaced the Ctrl+D handler to invoke `ConfirmCtrlD::handle`, exiting only on confirmed press and otherwise displaying a prompt via `BottomPane`.
+- Leveraged `BottomPane::set_task_running(true)` and `update_status_text` to render the confirmation prompt overlay.
+- Added unit tests for `ConfirmCtrlD` in `tui/src/confirm_ctrl_d.rs` covering disabled mode, confirmation press, and timeout expiration.
+
+**How it works**  
+- When `require_double_ctrl_d = true`, the first Ctrl+D press shows "Press Ctrl+D again to confirm exit" in the status overlay.
+- A second Ctrl+D within `double_ctrl_d_timeout_secs` exits the TUI; otherwise the prompt and state clear after timeout.
+- When `require_double_ctrl_d = false`, Ctrl+D exits immediately as before.
+- Child processes still receive SIGINT normally since only the TUI event loop intercepts Ctrl+D.
+
+## Notes
+
+- Make the double‑Ctrl+D timeout duration configurable if desired (e.g. via `tui.double_ctrl_d_timeout_secs`).
+- Ensure that existing tests for Ctrl+D behavior are updated or new tests added to cover the confirmation state.

agentydragon/tasks/.done/18-chat-ui-textarea-overlay-border-fix.md

@@ -0,0 +1,46 @@
++++
+id = "18"
+title = "Chat UI Textarea Overlay and Border Styling Fix"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T05:36:27.942304"
++++
+
+# Task 18: Chat UI Textarea Overlay and Border Styling Fix
+
+---
+id: 18
+title: Chat UI Textarea Overlay and Border Styling Fix
+status: Not started
+summary: Fix overlay of waiting messages and streamline borders between chat window and input area to improve visibility and reclaim terminal space.
+goal: |
+  Adjust the TUI chat interface so that waiting/status messages no longer overlay the first line of the input textarea (ensuring user drafts remain visible), and merge/remove borders as follows:
+    - Merge the bottom border of the chat history window with the top border of the input textarea.
+    - Remove the left, right, and bottom overall borders around the chat interface to reduce wasted space.
+---
+
+> *This task is specific to codex-rs.*
+
+## Acceptance Criteria
+
+- Waiting/status messages (e.g. "Thinking...", "Typing...", etc.) appear above the textarea rather than overlaying the first line of the input area.
+- User draft text remains visible at all times, even when agent messages or status indicators are rendered.
+- The bottom border of the chat history pane and the top border of the textarea are unified into a single border line.
+- The left, right, and bottom borders around the entire chat UI are removed, reclaiming columns/rows in the terminal.
+- Manual or automated visual verification steps demonstrate correct layout in a variety of terminal widths.
+
+## Implementation
+
+**How it was implemented**  
+* Merged the bottom border of the history pane and the top border of the input textarea into a single shared line by removing the textarea's top border and keeping only a bottom border on the textarea and both top/bottom borders on the history pane.*
+* Removed left/right borders on both panes (history and textarea) and removed the textarea's bottom border from the overall UI to reclaim horizontal space.*
+* Updated the status-indicator overlay to render in its own floating box immediately above the textarea instead of covering the first input line.*
+
+**How it works**  
+At runtime the conversation history widget now draws only its top and bottom borders. The input textarea draws only its bottom border, carrying the help title there. These changes yield a single continuous border line separating history from input and eliminate the outer left, right, and bottom borders. Status messages ("Thinking...", etc.) render in a separate floating box positioned just above the textarea, leaving the user's draft text visible at all times.
+
+## Notes
+
+- This involves updating the rendering logic in the TUI modules (likely under `tui/src/` in `codex-rs`).
+- Ensure layout changes do not break existing tests or rendering in unusual terminal sizes.
+- Consider writing a simple snapshot test or manual demo script to validate border and overlay behavior.

agentydragon/tasks/.done/19-bash-command-rendering-improvements.md

@@ -0,0 +1,42 @@
++++
+id = "19"
+title = "Bash Command Rendering Improvements for Less Verbosity"
+status = "Merged"
+dependencies = "02,07,09,11,14,29"
+last_updated = "2025-06-25T05:36:32.641375"
++++
+
+> *This task is specific to per-agent UI conventions and log readability.*
+
+## Acceptance Criteria
+
+- Shell commands render as plain text without `bash -lc` wrappers.
+- Role labels and message content appear on the same line, separated by a space.
+- Command-result annotations show a checkmark and duration for zero exit codes, or `exit code: N` and duration for nonzero codes, in the format `<icon or exit code> <duration>ms`.
+- Existing functionality remains unaffected beyond formatting changes.
+- Verbose background event logs (e.g. sandbox‑denied exec errors, retries) collapse into a single command execution entry showing command start, running indicator, and concise completion status.
+- Automated examples or tests verify the new rendering behavior.
+
+## Implementation
+This change will touch both the event-processing and rendering layers of the Rust TUI:
+
+- **Event processing** (`codex-rs/exec/src/event_processor.rs`):
+  - Strip any `bash -lc` wrapper when formatting shell commands via `escape_command`.
+  - Replace verbose `BackgroundEvent` logs for sandbox-denied errors and automatic retries with a unified exec-command begin/end sequence.
+  - Annotate completed commands with either a checkmark (✅) and `<duration>ms` for success or `exit code: N <duration>ms` for failures.
+
+- **TUI rendering** (`codex-rs/tui/src/history_cell.rs`):
+  - Collapse consecutive `BackgroundEvent` entries related to exec failures/retries into the standard active/completed exec-command cells.
+  - Update `new_active_exec_command` and `new_completed_exec_command` to use the new inline format (icon or exit code + duration, with `$ <command>` on the same block).
+  - Ensure role labels and plain-text messages render on a single line separated by a space.
+
+- **Tests** (`codex-rs/tui/tests/`):
+  - Add or update test fixtures to verify:
+    - Commands appear without any `bash -lc` boilerplate.
+    - Completed commands show the correct checkmark or exit-code annotation with accurate duration formatting.
+    - Background debugging events no longer leak raw debug strings and are correctly collapsed into the exec-command flow.
+
+## Notes
+
+- Improves readability of interactive sessions and logs by reducing boilerplate.
+- Ensure compatibility with both live TUI output and persisted log transcripts.

agentydragon/tasks/.done/21-compact-markdown-rendering.md

@@ -0,0 +1,34 @@
++++
+id = "21"
+title = "Compact Markdown Rendering Option"
+status = "Merged"
+dependencies = "03,06,08,13,15,32,18,19,22,23"
+last_updated = "2025-06-25T05:55:23.855039"
++++
+
+## Summary
+Provide an option to render Markdown without blank lines between headings and content for more vertical packing.
+
+## Goal
+Add a configuration flag to control Markdown rendering in the chat UI and logs so that headings render immediately adjacent to their content with no separating blank line.
+
+## Acceptance Criteria
+
+- Introduce a config flag `markdown_compact = true|false` under the UI settings.
+- When enabled, the renderer omits the default blank line between headings (lines starting with `#`) and their subsequent content.
+- The flag applies globally to all Markdown rendering (diffs, docs, help messages).
+- Default behavior remains unchanged (blank lines preserved) when `markdown_compact` is false or unset.
+- Add tests to verify both compact and default rendering modes across heading levels.
+
+## Implementation
+
+**How it was implemented**  
+- Extend the Markdown-to-TUI formatter to check `markdown_compact` and collapse heading/content spacing.
+- Implement a post-processing step that removes blank lines immediately following heading tokens (`^#{1,6} `) when `markdown_compact` is true.
+- Expose the new flag via the config parser and default it to `false`.
+- Add unit tests covering H1–H6 headings, verifying absence of blank line in compact mode and presence in default mode.
+
+## Notes
+
+- This option improves vertical density for screens with limited height.
+- Ensure compatibility with existing Markdown features like lists and code blocks; only target heading-content spacing.

agentydragon/tasks/.done/23-interactive-container-command-affordance.md

@@ -0,0 +1,41 @@
++++
+id = "23"
+title = "Interactive Container Command Affordance via Hotkey"
+status = "Merged"
+freeform_status = ""
+dependencies = "01"
+last_updated = "2025-06-25T12:10:10.584536"
++++
+
+## Summary
+Provide a keybinding to run arbitrary shell commands in the agent’s container and display output inline.
+
+## Goal
+Add a user-facing affordance (e.g. a hotkey) to invoke arbitrary shell commands within the agent's container during a session for on-demand inspection and debugging.  The typed command should be captured as a chat turn, executed via the existing shell tool, and its output rendered inline in the chat UI.
+
+## Acceptance Criteria
+
+- Bind a hotkey (e.g. Ctrl+M) that opens a prompt for the user to type any shell command.
+- When the user submits, capture the command as if entered in the chat input, and invoke the shell tool with the command in the agent’s container.
+- Display the command invocation and its stdout/stderr output inline in the chat window, respecting formatting rules (e.g. compact rendering settings).
+- Support chaining multiple commands in separate turns; history should show these command turns normally.
+- Provide unit or integration tests simulating a user hotkey press, command input, and verifying the shell tool is called and output is displayed.
+
+## Implementation
+
+**How it was implemented**
+- Added a new slash command `Shell` and updated dispatch logic in `app.rs` to push a shell-command view.
+- Bound `Ctrl+M` in `ChatComposer` to dispatch `SlashCommand::Shell` for hotkey-driven shell prompt.
+- Created `ShellCommandView` (bottom pane overlay) to capture arbitrary user input and emit `AppEvent::ShellCommand(cmd)`.
+- Extended `AppEvent` with `ShellCommand(String)` and `ShellCommandResult { call_id, stdout, stderr, exit_code }` variants for round-trip messaging.
+- Implemented `ChatWidget::handle_shell_command` to execute `sh -c <cmd>` asynchronously (tokio::spawn) and send back `ShellCommandResult`.
+- Updated `ConversationHistoryWidget` to reuse existing exec-command cells to display shell commands and their output inline.
+- Added tests:
+  - Unit test in `shell_command_view.rs` asserting correct event emission (skipping redraws).
+  - Integration test in `chat_composer.rs` asserting `Ctrl+M` opens the shell prompt view and allows input.
+
+
+## Notes
+
+- This feature aids debugging and inspection without leaving the agent workflow.
+- Ensure that security policies (e.g. sandbox restrictions) still apply to these commands.

agentydragon/tasks/.done/28-include-command-snippet-in-approval-label.md

@@ -0,0 +1,36 @@
++++
+id = "28"
+title = "Include Command Snippet in Session-Scoped Approval Label"
+status = "Merged"
+dependencies = "03,06,08,13,15,32,18,19,22,23"
+last_updated = "2025-06-25T04:04:47.399379"
++++
+
+## Summary
+When asking for session-scoped approval of a command, embed a truncated snippet of the actual command in the approval label for clarity.
+
+## Goal
+Improve the session-scoped approval option label for commands by including a backtick-quoted snippet of the command itself (truncated to fit).  This makes it clear exactly which command (including parameters) will be auto-approved for the session.
+
+## Acceptance Criteria
+
+- The session-scoped approval label changes from generic text to include a snippet of the current command, e.g.:  
+  ```text
+  Yes, always allow running `cat x | foo --bar > out` for this session (a)
+  ```
+- If the command is too long, truncate the middle (e.g. `long-part…end-part`) to fit a configurable max length.
+- Implement the snippet templating in both Rust and JS UIs for consistency.
+- Add unit tests to verify snippet extraction, truncation logic, and label rendering for various command lengths.
+
+## Implementation
+
+**Planned implementation**  
+- Add a `truncateMiddle` helper in both the Rust TUI and the JS/TS UI to ellipsize command snippets in the middle.
+- Extract the first line of the command string (up to any newline), truncate to a default max length (e.g. 30 characters), inserting a single-character ellipsis `…` when needed.
+- In the session-scoped approval option, replace the static label with a dynamic one:
+  `Yes, always allow running `<snippet>` for this session (a)`.
+- Write unit tests for the helper and label generation covering commands shorter than, equal to, and longer than the max length.
+
+## Notes
+
+- This clarifies what parameters will be auto-approved and avoids ambiguity when multiple similar commands occur.

agentydragon/tasks/.done/31-display-context-remaining-percentage.md

@@ -0,0 +1,38 @@
++++
+id = "31"
+title = "Display Remaining Context Percentage in codex-rs TUI"
+status = "Merged"
+dependencies = "03,06,08,13,15,32,18,19,22,23"
+last_updated = "2025-06-25T01:40:09.600000"
++++
+
+## Summary
+Show a live "x% context left" indicator in the TUI (Rust) to inform users of remaining model context buffer.
+
+## Goal
+Enhance the codex-rs TUI by adding a status indicator that displays the percentage of model context buffer remaining (e.g. "75% context left").  Update this indicator dynamically as the conversation progresses.
+
+## Acceptance Criteria
+
+- Compute current token usage and total context limit from the active session.
+- Display "<N>% context left" in the status bar or header of the TUI, formatted compactly.
+- Update the percentage after each message turn in real time.
+- Ensure the indicator is visible but does not obstruct existing UI elements.
+- Add unit or integration tests mocking token count updates and verifying correct percentage formatting (rounding behavior, boundary conditions).
+
+## Implementation
+
+**How it was implemented**  
+- Added a `history_items: Vec<ResponseItem>` field to `ChatWidget` to accumulate the raw sequence of messages and function calls.
+- Created a new module `tui/src/context.rs` mirroring the JS heuristics:
+  - `approximate_tokens_used(&[ResponseItem])`: counts characters in text and function-call items, divides by 4 and rounds up.
+  - `max_tokens_for_model(&str)`: uses a registry of known model limits and heuristic fallbacks (32k, 16k, 8k, 4k, default 128k).
+  - `calculate_context_percent_remaining(&[ResponseItem], &str)`: computes `(remaining / max) * 100`.
+- Updated `ChatWidget::replay_items` and `ChatWidget::handle_codex_event` to push each incoming `ResponseItem` into `history_items`.
+- Modified `ChatComposer::render_ref` to query `calculate_context_percent_remaining`, format and display "<N>% context left" after the input area, coloring it green/yellow/red per thresholds (>40%, 25–40%, ≤25%).
+- Added unit tests in `tui/tests/context_percent.rs` covering token counting, model heuristics, percent rounding, and boundary conditions.
+
+## Notes
+
+- This feature helps users anticipate when they may need to truncate history or start a new session.
+- Future enhancement: allow toggling this indicator on/off via config.

agentydragon/tasks/.done/35-tui-inspect-env-integration.md

@@ -0,0 +1,42 @@
++++
+id = "35"
+title = "TUI Integration for Inspect-Env Command"
+status = "Done"
+dependencies = "10" # Rationale: depends on Task 10 for container state inspection
+last_updated = "2025-06-25T11:38:19Z"
++++
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Done  
+**Summary**: Follow-up to Task 10; add slash-command and TUI bindings for `inspect-env`.
+
+## Goal
+
+Add an `/inspect-env` slash-command in the TUI that invokes the existing `codex inspect-env` logic to display sandbox state inline.
+
+## Acceptance Criteria
+
+- Extend `SlashCommand` enum to include `InspectEnv`.
+- Dispatch `AppEvent::InlineInspectEnv` when `/inspect-env` is entered.
+- Handle `InlineInspectEnv` in `app.rs` to run `inspect-env` logic and stream its output to the TUI log pane.
+- Render mounts, permissions, and network status in a formatted table or tree view in the bottom pane.
+- Unit/integration tests simulating slash-command invocation and verifying rendered output.
+
+## Implementation
+
+**High-level approach**
+- Extend `SlashCommand` enum with `InspectEnv` and provide user-visible description.
+- Add `InlineInspectEnv` variant to `AppEvent` enum to represent inline slash-command invocation.
+- Update dispatch logic in `App::run` to spawn a background thread on `InlineInspectEnv` that runs `codex inspect-env`, reads its stdout line-by-line, and sends each line as `AppEvent::LatestLog`, then triggers a redraw.
+- Wire up `/inspect-env` to dispatch `InlineInspectEnv` in the slash-command handling.
+- Add unit tests in the TUI crate to verify `built_in_slash_commands()` includes `inspect-env` mapping and description, and tests for the command-popup filter to ensure `InspectEnv` is listed when `/inspect-env` is entered.
+
+**How it works**  
+When the user enters `/inspect-env`, the TUI parser recognizes the command and emits `AppEvent::InlineInspectEnv`.  The main event loop handles this event by spawning a thread that invokes the external `codex inspect-env` command, captures its output line-by-line, and forwards each line into the TUI log pane via `AppEvent::LatestLog`. A redraw is scheduled once the inspection completes.
+
+## Notes
+
+- Reuse formatting code from `cli/src/inspect_env.rs` for consistency.

agentydragon/tasks/.done/38-approval-dialog-transparent-background-fix.md

@@ -0,0 +1,34 @@
++++
+id = "38"
+title = "Fix Approval Dialog Transparent Background"
+status = "Done"
+dependencies = ""
+summary = "The approval dialog background is transparent, causing prompt text underneath to overlap and become unreadable."
+last_updated = "2025-06-25T23:00:00.000000"
++++
+
+> *UI bug:* When the approval dialog appears, its background is transparent and any partially entered prompt text shows through, overlapping and confusing the dialog.
+
+## Status
+
+**General Status**: Done  
+**Summary**: Identify and implement an opaque background for the approval dialog to prevent underlying text bleed-through.
+
+## Goal
+
+Ensure the approval dialog is drawn with a solid background color (matching the dialog border or theming) so that any underlying text does not bleed through.
+
+## Acceptance Criteria
+
+- Approval dialogs block underlying prompt text (solid background).
+- Existing unit/integration tests validate dialog visual rendering.
+
+## Implementation
+
+- Updated `render_ref` in `codex-rs/tui/src/user_approval_widget.rs` to fill the entire dialog area with a `DarkGray` background before drawing the border and content.
+- Implemented nested loops over the dialog `Rect` calling `buf[(col, row)].set_bg(Color::DarkGray)` on each cell.
+- Added unit test `render_approval_dialog_fills_background` in `tui/src/user_approval_widget.rs` to render the widget onto a buffer pre-filled with a red background and verify no cell in the dialog region remains transparent or retains the sentinel background.
+
+## Notes
+
+<!-- Any implementation notes -->

agentydragon/tasks/02-auto-approve-predicates.md

@@ -0,0 +1,47 @@
++++
+id = "02"
+title = "Granular Auto-Approval Predicates"
+status = "Done"
+dependencies = "11" # Rationale: depends on Task 11 for user-configurable approval predicates
+last_updated = "2025-06-25T10:48:30.000000"
++++
+
+# Task 02: Granular Auto-Approval Predicates
+
+> *This task is specific to codex-rs.*
+
+## Status
+**General Status**: Done  
+**Summary**: Added granular auto-approval predicates: configuration parsing, predicate evaluation, integration, documentation, and tests.
+
+## Goal
+Let users configure one or more scripts in `config.toml` that examine each proposed shell command and return exactly one of:
+
+- `deny`        => auto-reject (skip sandbox and do not run the command)
+- `allow`       => auto-approve and proceed under the sandbox
+- `no-opinion`  => no opinion (neither approve nor reject)
+
+Multiple scripts cast votes: if any script returns `deny`, the command is denied; otherwise if any script returns `allow`, the command is allowed; otherwise (all scripts return `no-opinion` or exit non-zero), pause for manual approval (existing logic).
+
+## Acceptance Criteria
+- New `[[auto_allow]]` table in `config.toml` supporting one or more `script = "..."` entries.
+- Before running any shell/subprocess, Codex invokes each configured script in order, passing the candidate command as an argument.
+- If a script returns `deny` or `allow`, immediately take that vote and skip remaining scripts.
+- After all scripts complete with only `no-opinion` results or errors, pause for manual approval (existing logic).
+
+ - Spawn each predicate script with the full command as its only argument.
+ - Parse stdout (case-insensitive) expecting `deny`, `allow`, or `no-opinion`, treating errors or unknown output as `NoOpinion`.
+ - Short-circuit on the first `Deny` or `Allow` vote.
+ - A `Deny` vote aborts execution.
+ - An `Allow` vote skips prompting and proceeds under sandbox.
+ - All `NoOpinion` votes fall back to existing approval logic.
+
+## Implementation
+-- Added `auto_allow: Vec<AutoAllowPredicate>` to `ConfigToml`, `ConfigProfile`, and `Config` to parse `[[auto_allow]]` entries from `config.toml`.
+-- Defined `AutoAllowPredicate { script: String }` and `AutoAllowVote { Allow, Deny, NoOpinion }` in `core::safety`.
+-- Implemented `evaluate_auto_allow_predicates` in `core::safety` to spawn each script with the candidate command, parse its stdout vote, and short-circuit on `Deny` or `Allow`.
+-- Integrated `evaluate_auto_allow_predicates` into the shell execution path in `core::codex`, aborting on `Deny`, auto-approving on `Allow`, and falling back to manual or policy-based approval on `NoOpinion`.
+-- Updated `config.md` to document the `[[auto_allow]]` table syntax and behavior.
+-- Added comprehensive unit tests covering vote parsing, error propagation, short-circuit behavior, and end-to-end predicate functionality.
+## Notes
+- This pairs with the existing `approval_policy = "unless-allow-listed"` but adds custom logic before prompting.

agentydragon/tasks/04-auto-mount-repo.md

@@ -0,0 +1,63 @@
++++
+id = "04"
+title = "Auto-Mount Entire Repo and Auto-CD to Subfolder"
+status = "Not started"
+dependencies = "01" # Rationale: depends on Task 01 for mount-add/remove foundational commands
+last_updated = "2025-06-25T01:40:09.800000"
++++
+
+# Task 04: Auto-Mount Entire Repo and Auto-CD to Subfolder
+
+> *This task is specific to codex-rs.*
+
+## Subtasks
+
+Subtasks to implement in order all in one P:
+
+### 04.1 – Config → `ConfigToml` + `Config`
+- Add `auto_mount_repo: bool` and `mount_prefix: String` to `ConfigToml` (with proper `#[serde(default)]` and defaults).
+- Wire these fields through to the `Config` struct.
+
+### 04.2 – Git root detection + relative‐path
+- Implement a helper in `codex_core::util` to locate the Git repository root given a starting `cwd`.
+- Compute the sub‐directory path relative to the repo root.
+
+### 04.3 – Bind‑mount logic
+- In the sandbox startup path (`apply_sandbox_policy_to_current_thread` or a new wrapper before it), if `auto_mount_repo` is set:
+  - Bind‑mount `repo_root` → `mount_prefix` (e.g. `/workspace`).
+  - Create target directory if missing.
+
+### 04.4 – Automate `cwd` → new mount
+- After mounting, update the process‐wide `cwd` to `mount_prefix/relative_path` so all subsequent file ops occur under the mount.
+
+### 04.5 – Config docs & tests
+- Update `config.md` to document `auto_mount_repo` and `mount_prefix` under the top‐level config.
+- Add unit tests for the Git‐root helper and default values.
+
+### 04.6 – E2E manual verification
+- Manually verify launching with `auto_mount_repo = true` in a nested subfolder:
+  - TTY prompt shows sandboxed cwd under `/workspace/<subdir>`.
+  - Commands executed by Codex see the mount.
+
+## Goal
+Allow users to enable a flag so that each session:
+
+1. Detects the Git repository root of the current working directory.
+2. Bind-mounts the entire repository into `/workspace` in the session.
+3. Changes directory to `/workspace/<relative-path-from-root>` to mirror the user’s original subfolder.
+
+## Acceptance Criteria
+- New `auto_mount_repo = true` and optional `mount_prefix = "/workspace"` in `config.toml`.
+- Before any worktree or mount processing, detect the Git root, bind-mount it to `mount_prefix`, and set `cwd` to `mount_prefix + relative_path`.
+- Existing worktree/session-worktree logic should operate relative to this new `cwd`.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+- This offloads the entire monorepo into the session, leaving the user’s original clone untouched.

agentydragon/tasks/09-file-dir-level-approvals.md

@@ -0,0 +1,47 @@
++++
+id = "09"
+title = "File- and Directory-Level Approvals"
+status = "Not started"
+dependencies = "11" # Rationale: depends on Task 11 for custom approval predicate infrastructure
+last_updated = "2025-06-25T01:40:09.507043"
++++
+
+# Task 09: File- and Directory-Level Approvals
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Enable fine-grained approval controls so users can whitelist edits scoped to specific files or directories at runtime, with optional time limits.
+
+## Acceptance Criteria
+
+- In the approval dialog, offer “Allow this file always” and “Allow this directory always” options alongside proceed/deny.
+- Prompt for a time limit when granting a file/dir approval, with default presets (e.g. 5 min, 1 hr, 4 hr, 24 hr).
+- Introduce runtime commands to inspect and manage granular approvals:
+  - `/approvals list` to view active approvals and remaining time
+  - `/approvals add [file|dir] <path> [--duration <preset>]` to grant approval
+  - `/approvals remove <id>` to revoke an approval
+- Persist granular approvals in session metadata, keyed by working directory. On session resume in a different directory, warn the user and discard all file/dir approvals.
+- Automatically expire and remove approvals when their time limits elapse.
+- Reflect file/dir-approval state in the CLI shell prompt or title for quick visibility.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Store approvals with {id, scope: file|dir, path, expires_at} in session JSON.
+- Use a background timer or check-before-command to prune expired entries.
+- Reuse existing command-parsing infrastructure to implement `/approvals` subcommands.
+- Consider UI/UX for selecting presets in TUI dialogs.

agentydragon/tasks/12-internet-connection-toggle.md

@@ -0,0 +1,44 @@
++++
+id = "12"
+title = "Runtime Internet Connection Toggle"
+status = "Not started"
+dependencies = "" # No prerequisites
+last_updated = "2025-06-25T01:40:09.509507"
++++
+
+# Task 12: Runtime Internet Connection Toggle
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Allow users to enable or disable internet access at runtime within their container/sandbox session.
+
+## Acceptance Criteria
+
+- Slash command or CLI subcommand (`/toggle-network <on|off>`) to turn internet on or off immediately.
+- Persist network state in session metadata so that resuming a session restores the last setting.
+- Enforce the new network policy dynamically: block or allow outbound network connections without restarting the agent.
+- Reflect the current network status in the CLI prompt or shell title (e.g. 🌐/🚫).
+- Work across supported platforms (Linux sandbox, macOS Seatbelt, Windows) using appropriate sandbox APIs.
+- Include unit and integration tests to verify network toggle behavior and persistence.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Reuse the existing sandbox network-disable mechanism (`CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR`) for toggling.
+- On Linux, this may involve updating Landlock or seccomp rules at runtime.
+- On macOS, interact with the Seatbelt profile; consider session restart if necessary.
+- When persisting state, store a `network_enabled: bool` flag in the session JSON.

agentydragon/tasks/14-ai-generated-approval-predicates.md

@@ -0,0 +1,47 @@
++++
+id = "14"
+title = "AI‑Generated Approval Predicate Suggestions"
+status = "Not started"
+dependencies = "02,11" # Rationale: depends on Task 02 for auto-approval predicates and Task 11 for predicate invocation logic
+last_updated = "2025-06-25T01:40:09.511783"
++++
+
+# Task 14: AI‑Generated Approval Predicate Suggestions
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+When a shell command is not auto-approved, the approval prompt should include 1–3 AI-generated approval predicates. Each suggestion is a time-limited Python predicate snippet plus an explanation of the full set of permissions it would grant. Users can pick one suggestion to append to the session’s approval policy as a broader-scope allow rule.
+
+## Acceptance Criteria
+
+- When a command is not auto-approved, show up to 3 suggested predicates inline in the TUI approval dialog.
+- Each suggestion consists of:
+  - A Python code snippet defining a predicate function.
+  - An AI-generated explanation of exactly what permissions or scope that predicate grants.
+  - A TTL or expiration timestamp indicating how long it will remain active.
+- Users can select one suggestion to append to the session’s list of approval predicates.
+- Predicates are stored in session state (in-memory) for the duration of the session.
+- Provide a slash/CLI command (`/inspect-approval-predicates`) to list current predicates, their code, explanations, and timeouts.
+- Support headless and interactive modes equally.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Reuse the existing AI reasoning engine to generate predicate suggestions.
+- Represent predicates as Python functions returning a boolean.
+- Ensure that expiration is enforced and stale predicates are ignored.
+- Integrate the new `/inspect-approval-predicates` command into both the TUI and Exec CLI.

agentydragon/tasks/17-sandbox-precommit-permission-error.md

@@ -0,0 +1,28 @@
++++
+id = "17"
+title = "Sandbox Pre-commit Permission Error"
+status = "Not started"
+dependencies = "15" # Rationale: depends on Task 15 for sandbox worktree configuration
+last_updated = "2025-06-25T01:41:34.737190"
++++
+
+> *This task addresses scaffolding/setup for Agent worktrees.*
+
+## Acceptance Criteria
+
+- Pre-commit hooks detect sandbox environment and skip or override gitconfig locking.
+- Documentation in scaffold guides is updated to note pre-commit limitations and workarounds.
+- Verification steps demonstrate pre-commit hooks succeeding in sandbox without modifying user gitconfig.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- The sandbox prevents locking ~/.gitconfig, leading to PermissionError.
+- Consider configuring pre-commit to use a repo-local config or skip locking by passing `--config` or setting `PRE_COMMIT_HOME`.

agentydragon/tasks/20-render-patch-content-in-chat-display.md

@@ -0,0 +1,36 @@
++++
+id = "20"
+title = "Render Patch Content in Chat Display Window for Approve/Deny"
+status = "Not started"
+dependencies = "" # No prerequisites
+last_updated = "2025-06-25T01:41:34.738344"
++++
+
+> *This task is specific to the chat UI renderer.*
+
+## Acceptance Criteria
+
+- When displaying a patch for approve/deny, the full diff for the active patch is rendered inline in the chat window.
+- Older or superseded patches collapse to show only up to N lines of context, with an indicator (e.g. "... 10 lines collapsed ...").
+- File paths in diff headers are shown relative to the current working directory, unless the file resides outside the CWD.
+- Event logs around patch application are simplified: drop structured event data and replace with a simple status note (e.g. "patch applied").
+- Configurable parameter (e.g. `patch_context_lines`) controls the number of context lines for collapsed hunks.
+- Preserve the user’s draft input when an approval dialog or patch diff appears; ensure the draft editor remains visible so users can continue editing while reviewing.
+- Provide end-to-end integration tests that simulate drafting long messages, triggering approval dialogs and overlays, and verify that all UI elements (draft editor, diffs, logs) render correctly without overlap or content loss.
+- Exhaustively test all dialog interaction flows (approve, deny, cancel) and overlay scenarios to confirm consistent behavior across combinations and prevent rendering artifacts.
+
+## Implementation
+
+**How it was implemented**  
+- Extend the chat renderer to detect patch approval prompts and render diffs using a custom formatter.
+- Compute relative paths via `Path::strip_prefix`, falling back to full path if outside CWD.
+- Track the current patch ID and render its full content; collapse previous patch bodies according to `patch_context_lines` setting.
+- Preserve and render the current draft buffer alongside the active patch diff, ensuring live edits remain visible during approval steps.
+- Add integration tests using the TUI test harness or end-to-end framework to simulate user input of long text, approval flows, overlay dialogs, and log output, asserting correct screen layout and content integrity.
+- Design a parameterized test matrix covering all dialog interaction flows (approve/deny/cancel) and overlay transitions to ensure exhaustive coverage and UI sanity.
+- Replace verbose event debug output with a single-line status message.
+
+## Notes
+
+- Users can override `patch_context_lines` in their config to see more or fewer collapsed lines.
+- Ensure compatibility with both live TUI sessions and persisted transcript logs.

agentydragon/tasks/22-message-rendering-layout-options.md

@@ -0,0 +1,37 @@
++++
+id = "22"
+title = "Message Separation and Sender-Content Layout Options"
+status = "Done"
+dependencies = "" # No prerequisites
+last_updated = "2025-06-25T11:05:55.000000"
++++
+
+## Summary
+Add configurable options for inter-message spacing and sender-content line breaks in chat rendering
+**in the codex-rs package** - **NOT** the codex-cli package.
+
+## Goal
+Provide users with flexibility in how chat messages are visually separated and how sender labels are displayed relative to message content:
+- Control whether an empty line is inserted between consecutive messages.
+- Control whether sender and content appear on the same line or on separate lines.
+
+## Acceptance Criteria
+
+- Introduce one new config flags under the UI section:
+  - `message_spacing: true|false` controls inserting a blank line between messages when true.
+- default to `false` to preserve current compact layout.
+- When `message_spacing` is enabled, render an empty line between each message bubble or block.
+- Add unit tests to verify the layout produces the correct sequence of lines.
+
+## Implementation
+### Plan
+
+**How it was implemented**  
+- Extend the chat UI renderer to read `message_spacing` from config.
+- In the message rendering routine, after emitting each message block, conditionally insert a blank line if `message_spacing` is true.
+- Write unit tests for values of `(message_spacing)` covering single-line messages, multi-line content, and boundaries.
+
+## Notes
+
+- These options improve readability for users who prefer more visual separation or clearer sender labels.
+- Keep default settings unchanged to avoid surprising existing users.

agentydragon/tasks/24-guard-tool-output-sequencing-js.md

@@ -0,0 +1,33 @@
++++
+id = "24"
+title = "Guard Against Missing Tool Output in JS Server Sequencing"
+status = "Not started"
+dependencies = "" # No prerequisites
+last_updated = "2025-06-25T01:40:09.600000"
++++
+
+## Summary
+Prevent out-of-order chat messages and missing tool outputs when user input interrupts tool execution in the JS backend.
+
+## Goal
+Ensure the JS server never emits a user or model message before the corresponding tool output has been delivered. Add sequencing guards to the message dispatcher so that aborted rollouts or interleaved user messages cannot cause "No tool output found" errors.
+
+## Acceptance Criteria
+
+- When a tool invocation is interrupted or user sends a message mid-rollout, the JS server buffers subsequent messages until the tool output event arrives or the invocation is explicitly cancelled.
+- The server must never log or emit an error like "No tool output found for local shell call" due to sequencing mismatch.
+- Add automated tests simulating mid-rollout user interrupts in the JS test suite, verifying correct buffering and eventual message delivery or cancellation.
+
+## Implementation
+
+**How it was implemented**  
+- In the JS message dispatcher, track pending tool invocations by ID and delay processing of new chat messages until the pending invocation resolves (success, failure, or cancel).
+- Add a guard in the `handleUserMessage` path to check for unresolved tool IDs before appending user content; if pending, queue the message.
+- On receiving `toolOutput` or `toolError` for an invocation ID, flush any queued messages in order.
+- Implement explicit cancellation paths so that if a tool invocation is abandoned, queued messages still flow after cancellation confirmation.
+- Add unit and integration tests in the JS test harness to cover normal, aborted, and concurrent message scenarios.
+
+## Notes
+
+- This change prevents 400 Bad Request errors from tool retries where the model requests a tool before the output is streamed.
+- Keep diagnostic logs around sequencing logic for troubleshooting but avoid spamming on normal race cases.

agentydragon/tasks/25-guard-tool-output-sequencing-rust.md

@@ -0,0 +1,78 @@
++++
+id = "25"
+title = "Guard Against Missing Tool Output in Rust Server Sequencing"
+status = "Needs input"
+dependencies = "" # No prerequisites
+last_updated = "2025-06-25T22:50:01.000000"
++++
+
+## Summary
+Prevent out-of-order chat messages and missing tool output errors when user input interrupts tool execution in the Rust backend.
+
+## Goal
+Ensure the Rust server implementation sequences tool output and chat messages correctly. Add synchronization logic so that an in-flight tool invocation either completes or is cancelled before new messages are processed, avoiding "No tool output found" invalid_request errors.
+
+## Acceptance Criteria
+
+- The Rust message broker must detect pending tool invocations and pause delivery of subsequent user or model messages until the tool result or cancellation is handled.
+- No panic or 400 Bad Request errors should occur due to missing tool output in edge cases of interrupted rollouts or mid-stream user input.
+- Add Rust integration tests simulating tool invocation interruption and user message interleaving, verifying correct ordering and delivery.
+
+## Implementation
+
+We will implement the following high-level plan:
+
+- Locate where the ChatCompletion request messages array is built in Rust:
+  the `stream_chat_completions` function in `codex-rs/core/src/chat_completions.rs`.
+- In that loop, track pending tool invocations by their call IDs when encountering `ResponseItem::FunctionCall` entries.
+- Buffer any subsequent `ResponseItem::Message { role: "user" }` or new turn inputs until the matching `ResponseItem::FunctionCallOutput` (tool result) appears.
+- Once the tool output is seen, flush buffered user messages in order immediately before continuing to build the next API call.
+- Add tests under `codex-rs/core/tests/` (e.g. `guard_tool_output_sequencing.rs`) that exercise interleaved input sequences:
+  - A user message mid-rollout before tool output, ensuring it is delayed until after the tool result.
+  - Normal flow where no buffering is needed.
+  - Cancellation paths (no tool output) inserting a fake "Tool cancelled" tool message and flushing buffered messages.
+- Front-end layers automatically render the "Tool cancelled" message as a tool output, satisfying UI requirements.
+
+## Notes
+
+```text
+                                                                                                                                █
+thinking                                                                                                                                 █Deciding on file management                                                                                                              █
+                                                                                                                                      ───╮
+I’m thinking that since file editing can be a hassle, it might be simpler to just remove the file. I could then ask the user to provide  │any errors they’re facing. To do this, I'd create a patch to delete the specified file. Alternatively, I could consider reverting the    │
+changes with git, but applying the patch seems like a straightforward solution. So, I’ll go ahead and prepare to apply the patch to    ──╯
+delete the file.
+
+proposed patch
+D /Users/mpokorny/code/codex/agentydragon/tasks/.worktrees/23-interactive-container-command-affordance/codex-rs/.cargo/config.toml      ny
+ERROR: Turn interrupted
+
+user
+why did you try to delete that?                                                                                                        s P
+event
+BackgroundEvent(BackgroundEventEvent { message: "stream error: unexpected status 400 Bad Request: {\n  \"error\": {\n    \"message\":     \"No tool output found for local shell call call_PjdhYGAM7q52HL13WF8slGn9.\",\n    \"type\": \"invalid_request_error\",\n    \"param\":
+\"input\",\n    \"code\": null\n  }\n}; retrying 1/10 in 201ms…" })                                                                      │
+                                                                                                                                         │
+event                                                                                                                                    │
+BackgroundEvent(BackgroundEventEvent { message: "stream error: unexpected status 400 Bad Request: {\n  \"error\": {\n    \"message\":    │
+\"No tool output found for local shell call call_PjdhYGAM7q52HL13WF8slGn9.\",\n    \"type\": \"invalid_request_error\",\n    \"param\":  │\"input\",\n    \"code\": null\n  }\n}; retrying 2/10 in 246ms…" })                                                                      │
+                                                                                                                                         │
+event                                                                                                                                    │BackgroundEvent(BackgroundEventEvent { message: "stream error: unexpected status 400 Bad Request: {\n  \"error\": {\n    \"message\":    │
+\"No tool output found for local shell call call_PjdhYGAM7q52HL13WF8slGn9.\",\n    \"type\": \"invalid_request_error\",\n    \"param\":  █
+\"input\",\n    \"code\": null\n  }\n}; retrying 3/10 in 371ms…" })                                                                      █
+
+this is a lot of the problem still happening
+```
+
+## Next Steps / Debugging
+
+The above change did not resolve the issue. We need to gather more debug information to understand why missing tool output errors still occur.
+
+Suggested approaches:
+- Enable detailed debug logging in the Rust message broker (e.g. set `RUST_LOG=debug` or add tracing spans around function calls).
+- Dump the sequence of incoming and outgoing `ResponseItem` events to a log file for offline analysis.
+- Instrument timing and ordering by recording timestamps when tool invocations start, complete, and when user input is received.
+- Write a minimal reproduction harness that reliably triggers the missing output error under controlled conditions.
+- Capture full request/response payloads to/from the OpenAI API to verify whether the function output is delivered but not processed.
+
+Please expand this section with specific examples or helper scripts to collect the necessary data.

agentydragon/tasks/26-separate-approval-dialog-from-draft.md

@@ -0,0 +1,36 @@
++++
+id = "26"
+title = "Render Approval Requests in Separate Dialog from Draft Window"
+status = "Not started"
+dependencies = "09,23" # Rationale: depends on Tasks 09 and 23 for file-level approvals and interactive command affordance
+last_updated = "2025-06-25T01:40:09.600000"
++++
+
+## Summary
+Display patch approval prompts in a distinct dialog or panel to avoid overlaying the draft editor.
+
+## Goal
+Change the chat UI so that approval requests (patch diffs for approve/deny) appear in a separate dialog element or panel, positioned adjacent to or below the chat window, rather than overlaying the draft input area.
+This eliminates overlay conflicts and ensures the draft editor remains fully visible and interactive while reviewing patches.
+
+## Acceptance Criteria
+
+- Approval prompts with diffs open in a distinct UI element (e.g. side panel or bottom pane) that does not obscure the draft editor.
+- The draft input area remains fully visible and editable whenever an approval dialog is active.
+- The approval dialog is visually distinguished (border, background) and clearly labeled.
+- The layout adjusts responsively for narrow/short terminal sizes, maintaining separation without clipping content.
+- Add functional tests or integration tests verifying that the draft input remains accessible and that the approval dialog contents are rendered in the new panel.
+
+## Implementation
+
+**How it was implemented**  
+- Refactor the patch-approval renderer to spawn a separate TUI view (`ApprovalDialogView`) instead of the overlay popup.
+- Allocate a consistent panel region (e.g. bottom X rows or right-hand column) for approval dialogs, reserving the draft editor region above or to the left.
+- Update layout logic to recalculate positions on terminal resize, ensuring both panels remain visible.
+- Style the new dialog with its own borders and title bar (e.g. "Approval Request").
+- Add integration tests using the TUI test harness to simulate opening approval prompts and verifying that typing in the draft area still works and that the dialog appears in the correct panel.
+
+## Notes
+
+- This change fixes the long-standing overlay bug where approval diffs obstruct the draft.  
+- Future enhancements may allow toggling between inline overlay or separate panel modes.

agentydragon/tasks/27-unified-sandbox-retry-prompt-rust.md

@@ -0,0 +1,46 @@
++++
+id = "27"
+title = "Unified Sandbox-Retry Prompt with y/a/A/n Options (Rust)"
+status = "Not started"
+dependencies = "15,17" # Rationale: depends on Tasks 15 and 17 for sandbox configuration and pre-commit permission handling
+last_updated = "2025-06-25T01:40:09.600000"
++++
+
+## Summary
+Implement a unified retry‑without‑sandbox prompt in the Rust TUI with one‑shot, session‑scoped, and persistent options.
+
+## Goal
+Replace the two-stage sandbox‑retry and approval flow with a single, unified prompt in the Rust UI.  Provide four hotkey options (y/a/A/n) to control sandbox behavior at varying scopes:
+- y: retry this one command without sandbox
+- a: always run without sandbox but still ask first
+- A: always run without sandbox and never ask again
+- n: keep using sandbox
+
+## Acceptance Criteria
+
+- When a sandboxed shell invocation fails (exit code ≠ 0), display a single prompt:
+  ```
+  Retry without sandbox
+
+    y Yes, run without sandbox this one time
+    a Yes, always run without sandbox but still ask me first
+    A Yes, always run without sandbox and do not ask again
+    n No, keep using sandbox
+  ```
+- Hotkeys y/a/A/n must map to the corresponding behavior and dismiss the prompt.
+- The prompt replaces the older two‑stage “retry?” + “Allow command?” dialogs.
+- Add unit/integration tests simulating a failing sandbox command and each hotkey path, verifying correct sandbox flag logic.
+
+## Implementation
+
+**How it was implemented**  
+- Refactor the sandbox error handler in `tui/src/shell.rs` to emit a single `SandboxRetryPrompt` event instead of separate prompts.
+- Create a new TUI widget `SandboxRetryWidget` that renders the four-line menu and captures y/a/A/n keys.
+- Map each choice to updating the per-session config (`Config.tui.sandbox_mode`) and retrying or aborting the command as appropriate.
+- Update the shell‑invocation pipeline to consult the new `sandbox_mode` setting and skip sandbox when indicated.
+- Write Rust tests (in `tui/tests/`) to simulate sandbox failures and user key presses for all four options.
+
+## Notes
+
+- This unifies and simplifies the UX, removing confusion from layered prompts.
+- The three levels of scope (one-off, scoped prompt, no prompt) give power users flexibility and safety.

agentydragon/tasks/29-auto-approve-empty-tool-commands.md

@@ -0,0 +1,29 @@
++++
+id = "29"
+title = "Auto-Approve Empty-Array Tool Invocations"
+status = "Not started"
+dependencies = "02" # Rationale: depends on Task 02 for auto-approval logic
+last_updated = "2025-06-25T01:40:09.600000"
++++
+
+## Summary
+Automatically approve tool-use requests where the command array is empty, bypassing the approval prompt.
+
+## Goal
+In rare cases the model may emit a tool invocation event with an empty `command: []`.  These invocations cannot succeed and continually trigger errors.  Automatically treat empty-array tool requests as approved (once), suppressing the approval UI, to allow downstream error handling rather than perpetual prompts.
+
+## Acceptance Criteria
+
+- Detect tool requests where `command: []` (no arguments).
+- Do not open the approval prompt for these cases; instead, automatically approve and allow the tool pipeline to proceed (and eventually handle the error).
+- Include a unit test simulating an empty-array tool invocation that verifies no approval prompt is shown and that a `ReviewDecision::Approved` is returned immediately.
+
+## Implementation
+
+**How it was implemented**  
+- In the command-review widget setup (`ApprovalRequest::Exec`), check for `command.is_empty()` before rendering; if empty, directly send `ReviewDecision::Approved` and mark the widget done.
+- Add a Rust unit test for `UserApprovalWidget` to feed an `Exec { command: vec![] }` request and assert automatic approval without rendering the select mode.
+
+## Notes
+
+- This is a pragmatic workaround for spurious empty‑command tool calls; a more robust model‑side fix may replace this later.

agentydragon/tasks/30-non-fullscreen-scrollback-mode.md

@@ -0,0 +1,41 @@
++++
+id = "30"
+title = "Non-Fullscreen Scrollback Mode with Native Terminal Scroll"
+status = "Not started"
+dependencies = "" # No prerequisites
+last_updated = "2025-06-25T01:40:09.600000"
++++
+
+## Summary
+Offer a non-fullscreen TUI mode that appends conversation output and defers scrolling to the terminal scrollback.
+
+## Goal
+Provide an optional non-fullscreen mode for the chat UI where:
+- The TUI does not capture the mouse scroll wheel.
+- All conversation output is appended in place, allowing the terminal's native scrollback to navigate history.
+- The user-entry window remains fixed at the bottom of the terminal.
+- The entire UI runs in a standard terminal buffer (no alternate screen), so the user can use their terminal’s scrollbar or scrollback keys to review past messages.
+
+## Acceptance Criteria
+
+- Introduce a `tui.non_fullscreen_mode` config flag (default `false`).
+- When enabled, the application:
+  - Disables alternate screen buffering (i.e. does not switch to the TUI alt-screen).
+  - Does not intercept mouse scroll events; scroll events are passed through to the terminal.
+  - Renders new chat messages inline (appended) rather than redrawing the full viewport.
+  - Keeps the user input prompt visible at the bottom after each message.
+- Add integration tests or manual validation steps to confirm that: scrollback keys/mouse scroll work via terminal scrollback, and the prompt remains in view.
+
+## Implementation
+
+**How it was implemented**  
+- Add `non_fullscreen_mode: bool` to the `tui` config section.
+- In the TUI initialization, skip entering the alternate screen and disable pannable viewports.
+- Remove mouse event capture for scroll wheel events when `non_fullscreen_mode` is true.
+- Change rendering loop: after each new message, print the message directly to the stdout buffer (in append mode), then redraw only the input prompt line.
+- Write integration tests that spawn the TUI in non-fullscreen mode, emit multiple messages, send scroll events (if possible), and assert that scrollback buffer contains the messages.
+
+## Notes
+
+- This mode trades advanced in-TUI scrolling features for simplicity and compatibility with users’ accustomed terminal scrollback.
+- It may not support complex viewport resizing; documentation should note that.

agentydragon/tasks/32-embedded-neovim-prompt-editor.md

@@ -0,0 +1,49 @@
++++
+id = "32"
+title = "Embedded Neovim Prompt Editor"
+status = "Not started"
+dependencies = "06" # Rationale: depends on Task 06 for external editor integration
+last_updated = "2025-06-25T01:40:09.513224"
++++
+
+# Task 32: Embedded Neovim Prompt Editor
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Not started; missing Implementation details (How it was implemented and How it works).
+
+## Goal
+
+Replace the basic line‑editing prompt composer with an embedded Neovim window so users can enjoy full-featured, multi-line editing of their chat prompt directly inside the TUI.
+
+## Acceptance Criteria
+
+- Introduce a TUI-integrated Neovim editor pane activated via `/edit-prompt` or `Ctrl+E` when `embedded_prompt_editor = true` in `[tui]` config.
+- Pre-populate the Neovim buffer with the current draft prompt; upon exit, reload the buffer contents back into the composer.
+- Support standard Neovim keybindings and commands (e.g. insert mode, visual mode, plugins) within the embedded pane.
+- Cleanly restore the previous TUI layout after closing the editor, with prompt focus returned to the composer.
+- Provide configuration toggle (`embedded_prompt_editor`) and fall back to external-editor prompt behavior when disabled.
+
+## Implementation
+
+**How it was implemented**  
+- Add a new module `tui/src/editor/neovim.rs` that wraps a headless Neovim RPC instance and renders its UI into a dedicated TUI layer.
+- Extend `tui/src/bottom_pane/chat_composer.rs` to detect `embedded_prompt_editor` and invoke the embedded editor instead of spawning an external process.
+- Wire a config flag `embedded_prompt_editor: bool` through `ConfigToml` → `Config` under the `tui` section, defaulting to `false`.
+- Handle Neovim communication via `nvim-rs` crate, multiplexing input/output over the TUI event loop.
+
+**How it works**  
+- When the user triggers the editor, pause the main TUI rendering and allocate a full-screen or split view for Neovim.
+- Start Neovim in embedded RPC mode, passing the current prompt text into a new buffer.
+- Drive Neovim’s UI updates via RPC and render its screen cells into the TUI terminal using termion or similar backend.
+- Detect the Neovim exit event (e.g. user `:q` or `ZZ`), fetch the buffer contents, and close the embedded view.
+- Restore the original TUI state and update the composer widget with the edited prompt.
+
+## Notes
+
+- This relies on a working `nvim` binary in PATH or specified via `nvim_binary` config.
+- Investigate performance impact of embedding a full editor in the TUI; ensure fallback to external-editor remains smooth.
+- Consider edge cases (resizing, plugin‑heavy Neovim configs) and document prerequisites in the README.

agentydragon/tasks/33-external-editor-focus-issue.md

@@ -0,0 +1,34 @@
++++
+id = "33"
+title = "Fix External Editor Focus Issue"
+status = "Not started"
+summary = "When launching the external editor from the TUI (e.g. nvim), keyboard input is still captured by the Rust TUI, causing keys to split between the editor and the TUI."
+dependencies = "06,32" # Rationale: depends on Tasks 06 and 32 for external and embedded editor features
+last_updated = "2025-06-25T01:40:09.700000"
++++
+
+# Task 33: Fix External Editor Focus Issue
+
+## Goal
+Ensure that when the TUI spawns an external editor, it fully hands off keyboard control to the editor, and upon editor exit, restores TUI input handling without leaking keystrokes or misrouting commands.
+
+## Acceptance Criteria
+
+- Launching external editor via `/edit-prompt` or Ctrl+E disables TUI raw mode and event capture so all keystrokes go directly to the editor.
+- Upon editor exit, raw mode and event capture are correctly re-enabled, and no keystrokes are lost or misrouted.
+- No residual input events are processed by the TUI while the editor is running.
+- Add integration tests or manual validation steps simulating editor launch and exit sequences.
+
+## Implementation
+
+**High-level plan**  
+- Before spawning the editor process (in `ChatComposer`), call `disable_raw_mode()` and `disable_event_capture()` to restore normal terminal behavior.  
+- Spawn the editor subprocess and wait for it to exit.  
+- After exit, re-enable raw mode and event capture via `enable_raw_mode()` and `enable_event_capture()`.  
+- Wrap this sequence in a helper function (e.g., `spawn_external_editor`) and update the `/edit-prompt` handler to use it.
+- Add integration tests in `tui/tests/` that mock the editor command (e.g., `echo`) to verify terminal mode transitions.
+
+## Notes
+
+- Use Crossterm APIs for terminal mode management.  
+- Ensure interruption signals (e.g., Ctrl+C) during editor sessions are propagated correctly to avoid TUI deadlock.

agentydragon/tasks/34-set-shell-title-followup.md

@@ -0,0 +1,41 @@
++++
+id = "34"
+title = "Complete Set Shell Title to Reflect Session Status"
+status = "Not started"
+dependencies = "08" # Rationale: depends on Task 08 for initial shell title change
+last_updated = "2025-06-25T04:45:29Z"
++++
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Follow-up to Task 08; implementation missing for core title persistence and ANSI updates.
+
+## Goal
+
+Implement the missing pieces from Task 08 to fully support dynamic and persistent shell title updates:
+1. Define `SessionUpdatedTitleEvent` and add a `title` field in `SessionConfiguredEvent` (core protocol).
+2. Introduce `Op::SetTitle(String)` variant and handle it in the core agent loop, persisting the title and emitting the update event.
+3. Update TUI and exec clients to listen for title events and emit ANSI escape sequences (`\x1b]0;<title>\x07`) for live terminal title changes.
+4. Restore the persisted title on session resume via `SessionConfiguredEvent`.
+
+## Acceptance Criteria
+
+- New `SessionUpdatedTitleEvent` type in `codex_core::protocol` and `title` field in `SessionConfiguredEvent`.
+- `Op::SetTitle(String)` variant in the protocol and core event handling persisted in session metadata.
+- Clients broadcast ANSI title-setting sequences on title events and lifecycle state changes.
+- Unit tests for protocol serialization and client reaction to title updates.
+
+## Implementation
+
+**How it was implemented**  
+*(Not implemented yet)*
+
+**How it works**  
+*(Not implemented yet)*
+
+## Notes
+
+- Use ANSI escape code `\x1b]0;<title>\x07` for setting terminal title.

agentydragon/tasks/36-tests-interactive-prompt-execution.md

@@ -0,0 +1,39 @@
++++
+id = "36"
+title = "Add Tests for Interactive Prompting While Executing"
+status = "Not started"
+dependencies = "06,13" # Rationale: depends on Tasks 06 and 13 for external editor and interactive prompt support
+last_updated = "2025-06-25T11:05:55Z"
++++
+
+> *This task is specific to codex-rs.*
+
+## Status
+
+**General Status**: Done  
+**Summary**: Follow-up to Task 13; add unit tests for interactive prompt overlay during execution.
+
+## Goal
+
+Write tests that verify `BottomPane::handle_key_event` forwards input to the composer while `is_task_running`, preserving the status overlay until completion.
+
+## Acceptance Criteria
+
+- Unit tests covering key events (e.g. alphanumeric, Enter) during `is_task_running == true`.
+- Assertions that `active_view` remains a `StatusIndicatorView` while running and is removed when `set_task_running(false)` is called.
+- Coverage of redraw requests and correct `InputResult` values.
+
+## Implementation
+
+**Planned Approach**
+
+- Use existing `make_pane` and `make_pane_and_rx` helpers to create a `BottomPane` in a running-task state.
+- Write unit tests in `tui/src/bottom_pane/mod.rs` that verify:
+  - Typing alphanumeric characters while `is_task_running == true` appends to the composer, maintains the `StatusIndicatorView` overlay, and emits a `AppEvent::Redraw`.
+  - Pressing Enter returns `InputResult::Submitted` with the buffered text, clears the composer, retains the overlay, and triggers a redraw.
+  - Calling `set_task_running(false)` removes the status indicator overlay.
+- Follow existing patterns from the tests in `user_approval_widget.rs` and `set_title_view.rs`.
+
+## Notes
+
+- Refer to existing tests in `user_approval_widget.rs` and `set_title_view.rs` for testing patterns.

agentydragon/tasks/37-session-state-persistence.md

@@ -0,0 +1,41 @@
++++
+id = "37"
+title = "Session State Persistence and Debug Instrumentation"
+status = "Not started"
+dependencies = ""
+last_updated = "2025-06-25T23:00:00.000000"
++++
+
+## Summary
+Persist session runtime state and capture raw request/response data and supplemental metadata to a session-specific directory.
+
+## Goal
+Collect and persist all relevant session state (beyond the rollout transcript) in a dedicated directory under `.codex/sessions/<UUID>/`, to aid debugging and allow post-mortem analysis.
+
+## Acceptance Criteria
+
+- All session data (transcript, logs, raw OpenAI API requests/responses, approval events, and other runtime metadata) is written under `.codex/sessions/<session_id>/`.
+- Existing rollout transcript continues to be written to `sessions/rollout-<UUID>.jsonl`, now moved or linked into the session directory.
+- Logging configuration respects `--debug-log` and writes to the session directory when set to a relative path.
+- A selector flag (e.g. `--persist-session`) enables or disables writing persistent state.
+- No change to default behavior when persistence is disabled (i.e. backward compatibility).
+- Minimal integration test or manual verification steps demonstrate that files appear correctly and no extraneous error logs occur.
+
+## Implementation
+
+**How it was implemented**  
+- Add a new CLI flag `--persist-session` to the TUI and server binaries to enable session persistence.
+- Compute a session directory under `$CODEX_HOME/sessions/<UUID>/`, create it at startup when persistence is enabled.
+- After initializing the rollout file (`rollout-<UUID>.jsonl`), move or symlink it into the session directory.
+- Configure tracing subscriber file layer and `--debug-log` default path to write logs into the same session directory (e.g. `session.log`).
+- Instrument the OpenAI HTTP client layer to dump raw request and response bodies into `session_oai_raw.log` in that directory.
+- In the message sequencing logic, add debug spans to record approval and cancellation events into `session_meta.log`.
+
+**How it works**  
+- When `--persist-session` is active, all file outputs (rollout transcript, debug logs, raw API dumps, metadata logs) are collated under a single session directory.
+- If disabled (default), writes occur in the existing locations (`rollout-<UUID>.jsonl`, `$CODEX_HOME/log/`), preserving current behavior.
+
+## Notes
+
+- This feature streamlines troubleshooting by co-locating all session artifacts.
+- Ensure directory creation and file writes handle permission errors gracefully and fallback cleanly when disabled.

agentydragon/tasks/39-patch-diff-left-indent-coloring-fix.md

@@ -0,0 +1,35 @@
++++
+id = "39"
+title = "Fix Coloring of Left-Indented Patch Diffs"
+status = "Not started"
+dependencies = ""
+summary = "Patch diffs rendered with left indentation mode are not colored correctly, losing syntax highlighting."
+last_updated = "2025-06-25T00:00:00Z"
++++
+
+# Task 39: Fix Coloring of Left-Indented Patch Diffs
+
+> *UI bug:* When patch diffs are rendered in left-indented mode, the ANSI color codes are misaligned, resulting in lost or incorrect coloring.
+
+## Status
+
+**General Status**: Not started  
+**Summary**: Diagnose offset logic in diff renderer and adjust color processing to account for indentation.
+
+## Goal
+
+Ensure diff lines maintain proper ANSI color highlighting even when indented on the left by a fixed margin.
+
+## Acceptance Criteria
+
+- Diff render tests pass for both default and indented modes.
+- Visual manual check confirms colored diff alignment.
+
+## Implementation
+
+- Update diff renderer to strip indentation before applying color logic, then reapply indentation.
+- Add unit tests for multiline indented diffs.
+
+## Notes
+
+<!-- Any implementation notes -->

agentydragon/tasks/40-cli-input-multiline-paste.md

@@ -0,0 +1,34 @@
++++
+id = "40"
+title = "Support Multiline Paste in codex-rs CLI Input Window"
+status = "Not started"
+freeform_status = ""
+dependencies = ""
+last_updated = "2025-06-25T09:19:34Z"
++++
+
+# Task 40: Support Multiline Paste in codex-rs CLI Input Window
+
+> *This task is specific to codex-rs.*
+
+## Acceptance Criteria
+
+- When pasting multiline text into the codex-rs CLI input (REPL), newlines in the pasted text are inserted into the input buffer rather than causing premature command execution.
+- The pasted content preserves original end-of-line characters and spacing.
+- The user can still press Enter to submit the complete command when desired.
+- Behavior for single-line input and manual line breaks remains unchanged.
+
+## Implementation
+**How it was implemented**  
+Provide details on code modules, design decisions, and steps taken.  
+*If this section is left blank or contains only placeholder text, the implementing developer should first populate it with a concise high-level plan before writing code.*
+
+**How it works**  
+Explain runtime behavior and overall operation.  
+*If this section is left blank or contains only placeholder text, the implementing developer should update it to describe the intended runtime behavior.*
+
+## Notes
+
+- Investigate enabling bracketed paste support in the line-editing library used (e.g. rustyline, liner).
+- Ensure that bracketed paste mode is enabled when initializing the CLI to distinguish between pasted content and typed input.
+- Review how other REPLs implement multiline paste handling to inform the design.

agentydragon/tasks/41-slash-init-command.md

@@ -0,0 +1,29 @@
++++
+id = "41"
+title = "Slash-command /init to load init prompt into composer"
+status = "Not started"
+freeform_status = ""
+dependencies = ""
+last_updated = "2025-06-25T11:23:30Z"
++++
+
+# Task 41: Slash-command /init to load init prompt into composer
+
+> *This task is specific to codex-rs.*
+
+## Acceptance Criteria
+
+- Typing `/init` in the chat composer should load the contents of `codex-rs/code/init.md` into the input buffer.
+- `/init` appears in the slash-command menu alongside other commands.
+- After executing `/init`, the composer shows the init prompt, ready for editing.
+
+## Implementation
+
+- Add a new slash-command identifier `/init` in the command dispatch logic (e.g. in `ChatComposer` or equivalent).
+- On `/init`, read `codex-rs/code/init.md` (relative to the repository root) and inject its text into the composer buffer.
+- Ensure the slash-menu and feedback UI treat `/init` consistently with other commands.
+- Write unit tests to verify that `/init` populates the composer correctly without losing focus.
+
+## Notes
+
+Link to the init prompt source: `codex-rs/code/init.md`.

agentydragon/tasks/task-template.md

@@ -0,0 +1,32 @@
++++
+id = "<NN>"
+title = "<Task Title>"
+status = "<<<!!! MANAGER: SET VALID STATUS  - Not started? !!!>>>"
+freeform_status = "<<<!!! MANAGER/DEVELOPER: Freeform status text, optional. E.g. progress notes or developer comments. !!!>>>"
+dependencies = [<<<!!! MANAGER: LIST TASK IDS THAT MUST BE COMPLETED BEFORE STARTING; SEPARATED BY COMMAS, E.G. "02","05" !!!>>>] # <!-- Manager rationale: explain why these dependencies are required and why other tasks are not. -->
+last_updated = "<timestamp in ISO format>"
++++
+
+# Task Template
+
+# Valid status values: Not started | In progress | Needs input | Needs manual review | Done | Cancelled | Merged
+
+
+> *This task is specific to codex-rs.*
+
+## Acceptance Criteria
+
+List measurable criteria for completion.
+
+## Implementation
+**How it was implemented**  
+Provide details on code modules, design decisions, and steps taken.  
+*If this section is left blank or contains only placeholder text, the implementing developer should first populate it with a concise high-level plan before writing code.*
+
+**How it works**  
+Explain runtime behavior and overall operation.  
+*If this section is left blank or contains only placeholder text, the implementing developer should update it to describe the intended runtime behavior.*
+
+## Notes
+
+Any additional notes or references.

agentydragon/tools/check_tasks.py

@@ -0,0 +1,126 @@
+#!/usr/bin/env python3
+"""
+check_tasks.py: Run all task-directory validation checks in one go.
+  - Ensure task Markdown frontmatter parses and validates (id, title, status, etc.).
+  - Detect circular dependencies among non-merged tasks.
+  - Enforce only .md files under agentydragon/tasks/ (excluding .worktrees/ and .done/).
+"""
+import os
+import re
+import sys
+from pathlib import Path
+
+from manager_utils.tasklib import task_dir, worktree_dir, load_task
+
+
+def skip_path(p: Path) -> bool:
+    """Return True for paths we should ignore in validations."""
+    wt = worktree_dir()
+    done = task_dir() / ".done"
+    if p.is_relative_to(wt) or p.is_relative_to(done):
+        return True
+    if p.name in ("task-template.md",) or p.name.endswith("-plan.md"):
+        return True
+    return False
+
+
+def iter_task_markdown() -> Path:
+    """Yield all task markdown files under agentydragon/tasks, pruning .worktrees and .done dirs."""
+    wt = worktree_dir()
+    done = task_dir() / ".done"
+    root = task_dir()
+    for base, dirs, files in os.walk(str(root)):
+        # do not descend into .worktrees or .done
+        dirs[:] = [d for d in dirs if (Path(base) / d) not in (wt, done)]
+        for fn in files:
+            if re.fullmatch(r"[0-9]{2}-.*\.md", fn):
+                yield Path(base) / fn
+
+
+def check_file_types():
+    failures: list[Path] = []
+    for p in task_dir().iterdir():
+        if skip_path(p) or p.is_dir():
+            continue
+        if p.suffix.lower() != ".md":
+            failures.append(p)
+    return failures
+
+
+def check_frontmatter():
+    failures: list[tuple[Path, str]] = []
+    for md in iter_task_markdown():
+        try:
+            load_task(md)
+        except Exception as e:
+            failures.append((md, str(e)))
+    return failures
+
+
+def check_cycles():
+    merged = set()
+    deps_map: dict[str, list[str]] = {}
+    for md in iter_task_markdown():
+        meta, _ = load_task(md)
+        if meta.status == "Merged":
+            merged.add(meta.id)
+        else:
+            deps = [d for d in re.findall(r"\d+", meta.dependencies)]
+            deps_map[meta.id] = [d for d in deps if d not in merged]
+
+    failures: list[list[str]] = []
+    visited: set[str] = set()
+    stack: list[str] = []
+
+    def visit(n: str):
+        if n in stack:
+            cycle = stack[stack.index(n) :] + [n]
+            failures.append(cycle)
+            return
+        if n in visited:
+            return
+        stack.append(n)
+        for m in deps_map.get(n, []):
+            visit(m)
+        stack.pop()
+        visited.add(n)
+
+    for node in deps_map:
+        visit(node)
+    return failures
+
+
+def main():
+    err = False
+
+    # File type check
+    ft_fail = check_file_types()
+    if ft_fail:
+        print("Non-md files under tasks/:", file=sys.stderr)
+        for f in ft_fail:
+            print(f"  {f}", file=sys.stderr)
+        err = True
+
+    # Frontmatter check
+    fm_fail = check_frontmatter()
+    if fm_fail:
+        print("\nFrontmatter errors:", file=sys.stderr)
+        for md, msg in fm_fail:
+            print(f"  {md}: {msg}", file=sys.stderr)
+        err = True
+
+    # Dependency cycles
+    cyc_fail = check_cycles()
+    if cyc_fail:
+        print("\nCircular dependency errors:", file=sys.stderr)
+        for cycle in cyc_fail:
+            print("  " + " -> ".join(cycle), file=sys.stderr)
+        err = True
+
+    if err:
+        sys.exit(1)
+    print("All task checks passed.")
+
+
+if __name__ == "__main__":
+    main()

agentydragon/tools/common.py

@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+"""
+common.py: Shared utilities for agentydragon tooling scripts.
+"""
+import subprocess
+from pathlib import Path
+
+
+def repo_root() -> Path:
+    """Return the Git repository root directory."""
+    out = subprocess.check_output(['git', 'rev-parse', '--show-toplevel'])
+    return Path(out.decode().strip())
+
+
+def tasks_dir() -> Path:
+    """Path to the agentydragon/tasks directory."""
+    return repo_root() / 'agentydragon' / 'tasks'
+
+
+def worktrees_dir() -> Path:
+    """Path to the agentydragon/tasks/.worktrees directory."""
+    return tasks_dir() / '.worktrees'
+
+
+def resolve_slug(input_id: str) -> str:
+    """Resolve a two-digit task ID into its full slug, or return slug unchanged."""
+    if input_id.isdigit() and len(input_id) == 2:
+        matches = list(tasks_dir().glob(f"{input_id}-*.md"))
+        if len(matches) == 1:
+            return matches[0].stem
+        raise ValueError(f"Expected one task file for ID {input_id}, found {len(matches)}")
+    return input_id

agentydragon/tools/create_task_worktree.py

@@ -0,0 +1,153 @@
+#!/usr/bin/env python3
+"""
+create_task_worktree.py: Create or reuse a git worktree for a specific task and optionally launch a Developer Codex agent.
+"""
+import os
+import subprocess
+import sys
+import re
+from pathlib import Path
+
+import click
+
+from common import repo_root, tasks_dir, worktrees_dir, resolve_slug
+
+
+def run(cmd, cwd=None):
+    click.echo(f"Running: {' '.join(cmd)}")
+    subprocess.check_call(cmd, cwd=cwd)
+
+
+def resolve_slug(input_id: str) -> str:
+    if input_id.isdigit() and len(input_id) == 2:
+        matches = list(tasks_dir().glob(f"{input_id}-*.md"))
+        if len(matches) == 1:
+            return matches[0].stem
+        click.echo(f"Error: expected one task file for ID {input_id}, found {len(matches)}", err=True)
+        sys.exit(1)
+    return input_id
+
+
+@click.command()
+@click.option('-a', '--agent', is_flag=True,
+              help='Launch Developer Codex agent after setting up worktree.')
+@click.option('-t', '--tmux', 'tmux_mode', is_flag=True,
+              help='Open each task in its own tmux pane; implies --agent. '
+                   'Attaches to an existing session if already running.')
+@click.option('-i', '--interactive', is_flag=True,
+              help='Run agent in interactive mode (no exec); implies --agent.')
+@click.option('-s', '--shell', 'shell_mode', is_flag=True,
+              help='Launch an interactive Codex shell (skip exec and auto-commit); implies --agent and --interactive.')
+@click.option('--skip-presubmit', is_flag=True,
+              help='Skip the initial presubmit pre-commit checks when creating a new worktree.')
+@click.argument('task_inputs', nargs=-1, required=True)
+def main(agent, tmux_mode, interactive, shell_mode, skip_presubmit, task_inputs):
+    """Create/reuse a task worktree and optionally launch a Dev agent or tmux session."""
+    # shell mode implies interactive (skip exec within the worktree)
+    if shell_mode:
+        interactive = True
+    if interactive or shell_mode:
+        agent = True
+
+    if tmux_mode:
+        agent = True
+        session = 'agentydragon_' + '_'.join(task_inputs)
+        # If a tmux session already exists, skip setup and attach
+        if subprocess.call(['tmux', 'has-session', '-t', session]) == 0:
+            click.echo(f"Session {session} already exists; attaching")
+            run(['tmux', 'attach', '-t', session])
+            return
+        # Create a new session and windows for each task
+        for idx, inp in enumerate(task_inputs):
+            slug = resolve_slug(inp)
+            cmd = [sys.executable, '-u', __file__]
+            if agent:
+                cmd.append('--agent')
+            cmd.append(slug)
+            if idx == 0:
+                run(['tmux', 'new-session', '-d', '-s', session] + cmd)
+            else:
+                run(['tmux', 'new-window', '-t', session] + cmd)
+        run(['tmux', 'attach', '-t', session])
+        return
+
+    # Single task
+    slug = resolve_slug(task_inputs[0])
+    branch = f"agentydragon-{slug}"
+    wt_root = worktrees_dir()
+    wt_path = wt_root / slug
+
+    # Ensure branch exists
+    if subprocess.call(['git', 'show-ref', '--verify', '--quiet', f'refs/heads/{branch}']) != 0:
+        run(['git', 'branch', '--track', branch, 'agentydragon'])
+
+    wt_root.mkdir(parents=True, exist_ok=True)
+    new_wt = False
+    if not wt_path.exists():
+        # --- COW hydration logic via rsync ---
+        # Instead of checking out files normally, register the worktree empty and then
+        # perform a filesystem-level hydration via rsync (with reflink if supported) for
+        # near-instant setup while excluding VCS metadata and other worktrees.
+        run(['git', 'worktree', 'add', '--no-checkout', str(wt_path), branch])
+        src = str(repo_root())
+        dst = str(wt_path)
+        # Hydrate the worktree filesystem via rsync, excluding .git and any .worktrees to avoid recursion
+        rsync_cmd = [
+            'rsync', '-a', '--delete', f'{src}/', f'{dst}/',
+            '--exclude=.git*', '--exclude=.worktrees/'
+        ]
+        if sys.platform != 'darwin':
+            rsync_cmd.insert(3, '--reflink=auto')
+        run(rsync_cmd)
+        # Install pre-commit hooks in the new worktree
+        if shutil.which('pre-commit'):
+            run(['pre-commit', 'install'], cwd=dst)
+        else:
+            click.echo('Warning: pre-commit not found; skipping hook install', err=True)
+        new_wt = True
+    else:
+        click.echo(f'Worktree already exists at {wt_path}')
+
+    if not agent:
+        return
+
+    # Initial presubmit: only on new worktree & branch, unless skipped or in shell mode
+    if new_wt and not skip_presubmit and not shell_mode:
+        if shutil.which('pre-commit'):
+            try:
+                run(['pre-commit', 'run', '--all-files'], cwd=str(wt_path))
+            except subprocess.CalledProcessError:
+                click.echo(
+                    'Pre-commit checks failed. Please fix the issues in the worktree or ' +
+                    're-run with --skip-presubmit to bypass these checks.', err=True)
+                sys.exit(1)
+        else:
+            click.echo('Warning: pre-commit not installed; skipping presubmit checks', err=True)
+
+    click.echo(f'Launching Developer Codex agent for task {slug} in sandboxed worktree')
+
+    click.echo(f'Launching Developer Codex agent for task {slug} in sandboxed worktree')
+    os.chdir(wt_path)
+    cmd = ['codex', '--full-auto']
+    if not interactive:
+        cmd.append('exec')
+    prompt = (repo_root() / 'agentydragon' / 'prompts' / 'developer.md').read_text()
+    taskfile = (tasks_dir() / f'{slug}.md').read_text()
+    run(cmd + [prompt + '\n\n' + taskfile])
+    # After Developer agent exits, if task status is Done, invoke Commit agent to stage and commit changes
+    task_path = tasks_dir() / f"{slug}.md"
+    content = task_path.read_text(encoding='utf-8')
+    m = re.search(r'^status\s*=\s*"([^"]+)"', content, re.MULTILINE)
+    status = m.group(1) if m else None
+    if status and status.lower() == 'done':
+        click.echo(f"Task {slug} marked Done; running Commit agent helper")
+        commit_script = repo_root() / 'agentydragon' / 'tools' / 'launch_commit_agent.py'
+        # Launch commit agent from the main repo root, not inside the task worktree
+        run([sys.executable, str(commit_script), slug], cwd=str(repo_root()))
+    else:
+        click.echo(f"Task {slug} status is '{status or 'unknown'}'; skipping Commit agent helper")
+
+
+if __name__ == '__main__':
+    import shutil
+    main()

agentydragon/tools/launch_commit_agent.py

@@ -0,0 +1,57 @@
+#!/usr/bin/env python3
+"""
+launch_commit_agent.py: Run the non-interactive Commit agent for completed tasks.
+"""
+import os
+import subprocess
+import sys
+from pathlib import Path
+
+import click
+
+from common import repo_root, tasks_dir, worktrees_dir, resolve_slug
+
+
+@click.command()
+@click.argument('task_input', required=True)
+def main(task_input):
+    """Resolve TASK_INPUT to slug, run the Commit agent, and commit changes."""
+    slug = resolve_slug(task_input)
+    wt = worktrees_dir() / slug
+    if not wt.exists():
+        click.echo(f"Error: worktree for '{slug}' not found; run create_task_worktree.py first", err=True)
+        sys.exit(1)
+
+    prompt_file = repo_root() / 'agentydragon' / 'prompts' / 'commit.md'
+    task_file = tasks_dir() / f'{slug}.md'
+    for f in (prompt_file, task_file):
+        if not f.exists():
+            click.echo(f"Error: file not found: {f}", err=True)
+            sys.exit(1)
+
+    msg_file = Path(subprocess.check_output(['mktemp']).decode().strip())
+    try:
+        os.chdir(wt)
+        # Abort early if no pending changes in this worktree
+        status_out = subprocess.check_output(['git', 'status', '--porcelain'], text=True).strip()
+        if not status_out:
+            click.echo(f"No changes detected in worktree for '{slug}'; nothing to commit.", err=True)
+            sys.exit(0)
+        cmd = ['codex', '--full-auto', 'exec', '--output-last-message', str(msg_file)]
+        # Run the Commit agent in silent mode (suppressing its full stdout)
+        click.echo(f"Running commit agent: {' '.join(cmd)}")
+        prompt_content = prompt_file.read_text(encoding='utf-8')
+        task_content = task_file.read_text(encoding='utf-8')
+        subprocess.check_call(cmd + [prompt_content + '\n\n' + task_content], stdout=subprocess.DEVNULL)
+        # Stage all changes, including new files (not just modifications)
+        subprocess.check_call(['git', 'add', '-A'])
+        subprocess.check_call(['git', 'commit', '-F', str(msg_file)])
+        # Print the commit message for visibility
+        msg = msg_file.read_text(encoding='utf-8').strip()
+        click.echo("Commit message:\n" + msg)
+    finally:
+        msg_file.unlink()
+
+
+if __name__ == '__main__':
+    main()

agentydragon/tools/launch_project_manager.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+"""
+launch_project_manager.py: Launch the Codex Project Manager agent prompt.
+"""
+import subprocess
+import sys
+
+import click
+
+from common import repo_root
+
+
+@click.command()
+def main():
+    """Read manager.md prompt and invoke Codex Project Manager agent."""
+    prompt_file = repo_root() / 'agentydragon' / 'prompts' / 'manager.md'
+    if not prompt_file.exists():
+        click.echo(f"Error: manager prompt not found at {prompt_file}", err=True)
+        sys.exit(1)
+
+    prompt = prompt_file.read_text(encoding='utf-8')
+    cmd = ['codex', prompt]
+    click.echo(f"Running: {' '.join(cmd[:1])} <prompt>")
+    subprocess.check_call(cmd)
+
+
+if __name__ == '__main__':
+    main()

agentydragon/tools/manager_utils/README.md

@@ -0,0 +1,9 @@
+# manager_utils
+
+This directory contains utility scripts to support the Project Manager agent.
+Scripts here should automate common manager tasks (e.g. scanning branches for status,
+checking for merge conflicts, proposing merges, conflict-resolution guidance,
+polling loops, etc.).
+
+Each script should include a short header explaining its purpose, usage examples,
+and any dependencies.

agentydragon/tools/manager_utils/__init__.py

@@ -0,0 +1,4 @@
+"""
+agentydragon manager utilities package.
+"""
+__version__ = '0.1'

agentydragon/tools/manager_utils/agentydragon_task.py

@@ -0,0 +1,355 @@
+"""
+CLI for managing agentydragon tasks: status, set-status, set-deps, dispose, launch.
+"""
+import subprocess
+import re
+import sys
+from datetime import datetime
+
+import click
+from tasklib import load_task, repo_root, save_task, task_dir, TaskMeta, worktree_dir, TaskStatus
+import shutil
+
+try:
+    from tabulate import tabulate
+except ImportError:
+    tabulate = None
+
+
+@click.group()
+def cli():
+    """Manage agentydragon tasks."""
+    pass
+
+@cli.command()
+def status():
+    """Show a table of task id, title, status, dependencies, last_updated.
+
+    If tabulate is installed, render as GitHub-flavored Markdown table;
+    otherwise fallback to fixed-width formatting.
+    """
+    # Load all task metadata, reporting load errors with file path
+    all_meta: dict[str, TaskMeta] = {}
+    path_map: dict[str, Path] = {}
+    wt_root = worktree_dir()
+    for md in sorted(task_dir().rglob('[0-9][0-9]-*.md')):
+        # skip task template, plan files, and any worktree copies
+        if md.name in ('task-template.md',) or md.name.endswith('-plan.md') or md.is_relative_to(wt_root):
+            continue
+        try:
+            meta, _ = load_task(md)
+        except Exception as e:
+            print(f"Error loading {md}: {e}")
+            continue
+        all_meta[meta.id] = meta
+        path_map[meta.id] = md
+
+    # If a worktree exists, reload the task from that workspace (including .done paths)
+    repo = repo_root()
+    for tid, md in list(path_map.items()):
+        wt_root_dir = wt_root / md.stem
+        # derive relative path of the task file under the repo
+        try:
+            rel = md.relative_to(repo)
+        except Exception:
+            continue
+        wt_task = wt_root_dir / rel
+        if wt_task.exists():
+            try:
+                wt_meta, _ = load_task(wt_task)
+                all_meta[tid] = wt_meta
+                path_map[tid] = wt_task
+            except Exception as e:
+                print(f"Error loading {wt_task}: {e}")
+
+    # Build dependency graph, excluding already merged tasks
+    merged_ids = {tid for tid, m in all_meta.items() if m.status == 'Merged'}
+    deps_map: dict[str, list[str]] = {}
+    for tid, meta in all_meta.items():
+        deps_map[tid] = [d for d in re.findall(r"\d+", meta.dependencies)
+                         if d in all_meta and d not in merged_ids]
+
+    # Topologically sort tasks by dependencies, fall back on filename order on error
+    try:
+        sorted_ids: list[str] = []
+        temp: set[str] = set()
+        perm: set[str] = set()
+        def visit(n: str) -> None:
+            if n in perm:
+                return
+            if n in temp:
+                raise RuntimeError(f"Circular dependency detected at task {n}")
+            temp.add(n)
+            for m in deps_map.get(n, []):
+                visit(m)
+            temp.remove(n)
+            perm.add(n)
+            sorted_ids.append(n)
+        for n in all_meta:
+            visit(n)
+    except Exception as e:
+        print(f"Warning: cannot topo-sort tasks ({e}); falling back to filename order")
+        sorted_ids = [m.id for m in sorted(all_meta.values(), key=lambda m: path_map[m.id].name)]
+
+    # Identify tasks that are merged with no branch and no worktree (bottom summary)
+    bottom_merged_ids: set[str] = set()
+    for tid in sorted_ids:
+        meta = all_meta[tid]
+        if meta.status != 'Merged':
+            continue
+        branches = subprocess.run(
+            ['git', 'for-each-ref', '--format=%(refname:short)',
+             f'refs/heads/agentydragon-{tid}-*'],
+            capture_output=True, text=True, cwd=repo_root()
+        ).stdout.strip().splitlines()
+        wt_dir = task_dir() / '.worktrees' / path_map[tid].stem
+        if not branches and not wt_dir.exists():
+            bottom_merged_ids.add(tid)
+
+    rows: list[tuple] = []
+    merged_tasks: list[tuple[str, str]] = []
+    root = repo_root()
+
+    for tid in sorted_ids:
+        meta = all_meta[tid]
+        md = path_map[tid]
+        slug = md.stem
+        # branch detection
+        branches = subprocess.run(
+            ['git', 'for-each-ref', '--format=%(refname:short)',
+             f'refs/heads/agentydragon-{tid}-*'],
+            capture_output=True, text=True, cwd=root
+        ).stdout.strip().splitlines()
+        branch_exists = 'Y' if branches and branches[0].strip() else 'N'
+        merged_flag = 'N'
+        if branch_exists == 'Y':
+            b = branches[0].lstrip('*+ ').strip()
+            if subprocess.run(['git', 'merge-base', '--is-ancestor', b, 'agentydragon'], cwd=root).returncode == 0:
+                merged_flag = 'Y'
+        # worktree detection
+        wt_dir = worktree_dir() / slug
+        wt_info = 'none'
+        if wt_dir.exists():
+            st = subprocess.run(['git', 'status', '--porcelain'], cwd=wt_dir,
+                                capture_output=True, text=True).stdout.strip()
+            wt_info = 'clean' if not st else 'dirty'
+
+        # skip fully merged tasks (no branch, no worktree)
+        if meta.status == 'Merged' and branch_exists == 'N' and wt_info == 'none':
+            merged_tasks.append((tid, meta.title))
+            continue
+
+        # filter out dependencies on bottom-summary merged tasks
+        deps = [d for d in deps_map.get(tid, []) if d not in bottom_merged_ids]
+        deps_str = ','.join(deps)
+
+        # determine branch_info text
+        if branch_exists == 'N':
+            branch_info = 'no branch'
+        elif merged_flag == 'Y':
+            branch_info = 'merged'
+        else:
+            a_cnt, b_cnt = subprocess.check_output(
+                ['git', 'rev-list', '--left-right', '--count',
+                 f'{branches[0]}...agentydragon'], cwd=root
+            ).decode().split()
+            # compact diffstat: e.g. "56 files changed, 1265 insertions(+), 342 deletions(-)" -> "56f,1265i,342d"
+            raw = subprocess.check_output(
+                ['git', 'diff', '--shortstat', f'{branches[0]}...agentydragon'], cwd=root
+            ).decode().strip()
+            stat = (
+                raw.replace(' files changed', 'f')
+                   .replace(' file changed', 'f')
+                   .replace(' insertions(+)', 'i')
+                   .replace(' deletions(-)', 'd')
+                   .replace(', ', ',')
+            )
+            base = subprocess.check_output(
+                ['git', 'merge-base', 'agentydragon', branches[0]], cwd=root
+            ).decode().strip()
+            mtree = subprocess.check_output(
+                ['git', 'merge-tree', base, 'agentydragon', branches[0]], cwd=root
+            ).decode(errors='ignore')
+            conflict = 'conflict' if '<<<<<<<' in mtree else 'ok'
+            if a_cnt == '0' and b_cnt == '0':
+                branch_info = f'up-to-date (+{stat or 0})'
+            else:
+                branch_info = f'{b_cnt} behind / {a_cnt} ahead (+{stat or 0}) {conflict}'
+
+        # Use the human-readable enum value and apply a color map
+        label = meta.status.value
+        status_colors = {
+            'Not started':         '\033[90m',  # dim gray
+            'In progress':         '\033[33m',  # yellow
+            'Needs input':         '\033[31m',  # red
+            'Needs manual review': '\033[31m',  # red
+            'Done':                '\033[32m',  # green
+            'Cancelled':           '\033[31m',  # red
+            'Merged':              '\033[34m',  # blue
+        }
+        color = status_colors.get(label, '')
+        stat_disp = f"{color}{label}\033[0m" if color else label
+        wt_disp = wt_info
+        if wt_info == 'dirty':
+            wt_disp = f"\033[31m{wt_info}\033[0m"
+
+        rows.append((
+            tid, meta.title, stat_disp,
+            deps_str, meta.last_updated.strftime('%Y-%m-%d %H:%M'),
+            branch_info, wt_disp
+        ))
+
+    headers = ['ID', 'Title', 'Status', 'Dependencies', 'Updated',
+               'Branch Status', 'Worktree Status']
+    if tabulate:
+        print(tabulate(rows, headers=headers, tablefmt='github'))
+    else:
+        fmt = '{:>2}  {:<30}  {:<12}  {:<20}  {:<16}  {:<40}  {:<10}'
+        print(fmt.format(*headers))
+        for r in rows:
+            print(fmt.format(*r))
+
+    # summary of fully merged tasks (no branch, no worktree)
+    if merged_tasks:
+        items = ' '.join(f"{tid} ({title})" for tid, title in merged_tasks)
+        print(f"\n\033[32mMerged:\033[0m {items}")
+
+    # summary of tasks Ready to merge (Done with branch commits)
+    ready_tasks: list[tuple[str, str]] = []
+    for tid in sorted_ids:
+        meta = all_meta[tid]
+        if meta.status != 'Done':
+            continue
+        # detect branch existence and ahead commits
+        branches = subprocess.run(
+            ['git', 'for-each-ref', '--format=%(refname:short)', f'refs/heads/agentydragon-{tid}-*'],
+            capture_output=True, text=True, cwd=repo_root()
+        ).stdout.strip().splitlines()
+        if not branches or not branches[0].strip():
+            continue
+        bname = branches[0].lstrip('*+ ').strip()
+        # count commits ahead of integration branch
+        a_cnt, _b_cnt = subprocess.check_output(
+            ['git', 'rev-list', '--left-right', '--count', f'{bname}...agentydragon'], cwd=repo_root()
+        ).decode().split()
+        if int(a_cnt) > 0:
+            ready_tasks.append((tid, meta.title))
+    if ready_tasks:
+        items = ' '.join(f"{tid} ({title})" for tid, title in ready_tasks)
+        print(f"\n\033[33mReady to merge:\033[0m {items}")
+
+    # identify unblocked tasks (no remaining dependencies)
+    unblocked = [tid for tid in sorted_ids if tid not in merged_ids and not deps_map.get(tid)]
+    if unblocked:
+        print(f"\n\033[1mUnblocked:\033[0m {' '.join(unblocked)}")
+        print(f"\033[1mLaunch unblocked in tmux:\033[0m python agentydragon/tools/create_task_worktree.py --agent --tmux {' '.join(unblocked)}")
+
+@cli.command()
+@click.argument('task_id')
+@click.argument('status')
+def set_status(task_id, status):
+    """Set status of TASK_ID to STATUS"""
+    # search both in tasks/ and tasks/.done/ for the task file
+    files = list(task_dir().rglob(f'{task_id}-*.md'))
+    if not files:
+        click.echo(f'Task {task_id} not found', err=True)
+        sys.exit(1)
+    path = files[0]
+    meta, body = load_task(path)
+    meta.status = status
+    meta.last_updated = datetime.utcnow()
+    save_task(path, meta, body)
+    # Move between tasks/ and tasks/.done according to status transitions
+    done_dir = task_dir() / '.done'
+    # Move to .done on Merged
+    if meta.status == TaskStatus.MERGED and path.parent.name != '.done':
+        done_dir.mkdir(exist_ok=True)
+        dest = done_dir / path.name
+        click.echo(f"Archiving task: moving {path.name} -> {done_dir.relative_to(repo_root())}")
+        subprocess.run(['git', 'mv', str(path), str(dest)], cwd=repo_root())
+    # Move back to main tasks/ when status changes away from Done/Merged
+    elif path.parent.name == '.done' and meta.status not in (TaskStatus.DONE, TaskStatus.MERGED):
+        dest = task_dir() / path.name
+        click.echo(f"Reopening task: moving {path.name} -> {dest.parent.relative_to(repo_root())}")
+        subprocess.run(['git', 'mv', str(path), str(dest)], cwd=repo_root())
+
+@cli.command()
+@click.argument('task_id')
+@click.argument('deps', nargs=-1)
+def set_deps(task_id, deps):
+    """Set dependencies of TASK_ID"""
+    files = list(task_dir().glob(f'{task_id}-*.md'))
+    if not files:
+        click.echo(f'Task {task_id} not found', err=True)
+        sys.exit(1)
+    path = files[0]
+    meta, body = load_task(path)
+    now = datetime.utcnow().isoformat()
+    meta.dependencies = f'as of {now}: ' + ', '.join(deps)
+    meta.last_updated = datetime.utcnow()
+    save_task(path, meta, body)
+
+@cli.command()
+@click.argument('task_id', nargs=-1)
+def dispose(task_id):
+    """Dispose worktree and delete branch for TASK_ID(s)"""
+    root = repo_root()
+    wt_base = worktree_dir()
+    for tid in task_id:
+        # Remove any matching worktree directories
+        g = f'{tid}-*'
+        matching_wts = wt_base.glob(g)
+        for wt_dir in matching_wts:
+            click.echo(f"Disposing worktree {wt_dir}")
+            # unregister worktree; then delete the directory if still present
+            rel = wt_dir.relative_to(root)
+            subprocess.run(['git', 'worktree', 'remove', str(rel), '--force'], cwd=root)
+            if wt_dir.exists():
+                shutil.rmtree(wt_dir)
+        else:
+            print(f"No worktrees matching {g} in {wt_base}")
+        # prune any stale worktree entries
+        subprocess.run(['git', 'worktree', 'prune'], cwd=root)
+        # Delete any matching branches
+        # delete any matching local branches cleanly via for-each-ref
+        ref_pattern = f'refs/heads/agentydragon-{tid}-*'
+        branches = subprocess.run(
+            ['git', 'for-each-ref', '--format=%(refname:short)', ref_pattern],
+            capture_output=True, text=True, cwd=root
+        ).stdout.splitlines()
+        branches = [br for br in branches if br]
+        if branches:
+            click.echo(f"Disposing branches: {branches}")
+            subprocess.run(['git', 'branch', '-D', *branches], cwd=root)
+        else:
+            click.echo(f"No branches matching {ref_pattern}")
+        click.echo(f'Disposed task {tid}')
+        # If the task was marked Done, auto-move it into .done/
+        files = list(task_dir().glob(f"{tid}-*.md"))
+        if len(files) == 1:
+            path = files[0]
+            meta, _ = load_task(path)
+            if meta.status == TaskStatus.DONE:
+                done_dir = task_dir() / '.done'
+                done_dir.mkdir(exist_ok=True)
+                target = done_dir / path.name
+                click.echo(f"Moving {path.name} -> .done/ (status Done)")
+                subprocess.run(['git', 'mv', str(path), str(target)], cwd=repo_root())
+
+@cli.command()
+@click.argument('task_id', nargs=-1)
+def launch(task_id):
+    """Copy tmux launch one-liner for TASK_ID(s) to clipboard"""
+    cmd = ['create-task-worktree.sh', '--agent', '--tmux'] + list(task_id)
+    line = ' '.join(cmd)
+    # system clipboard
+    try:
+        subprocess.run(['pbcopy'], input=line.encode(), check=True)
+        click.echo('Copied to clipboard:')
+    except FileNotFoundError:
+        click.echo(line)
+        return
+    click.echo(line)
+
+if __name__ == '__main__':
+    cli()

agentydragon/tools/manager_utils/launch_ready_to_merge.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# launch_ready_to_merge.sh: open tmux panes for all tasks marked Ready to merge
+set -euo pipefail
+
+# Gather all tasks flagged Ready to merge by the status script
+ready=$(agentydragon_task.py status \
+  | sed -n -e '1,/^Ready to merge:/d' -e 's/^Ready to merge:[ ]*//')
+if [ -z "$ready" ]; then
+  echo "No tasks are Ready to merge."
+  exit 0
+fi
+
+echo "Launching tasks: $ready"
+agentydragon/tools/create-task-worktree.sh --agent --tmux $ready

agentydragon/tools/manager_utils/organize_done_tasks.py

@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+"""
+organize_done_tasks.py: Move merged task files under tasks/.done/ subdirectory.
+
+This script should be run once to migrate all tasks with status "Merged"
+to the .done folder.
+"""
+import subprocess
+from pathlib import Path
+
+from tasklib import task_dir, load_task
+
+def main():
+    root = task_dir()
+    done_dir = root / '.done'
+    done_dir.mkdir(exist_ok=True)
+    for md in sorted(root.glob('[0-9][0-9]-*.md')):
+        if md.name == 'task-template.md' or md.name.endswith('-plan.md'):
+            continue
+        meta, _ = load_task(md)
+        if meta.status == 'Merged':
+            target = done_dir / md.name
+            print(f'Moving {md.name} -> .done/')
+            subprocess.run(['git', 'mv', str(md), str(target)], check=True)
+    print('Migration complete.')
+
+if __name__ == '__main__':
+    main()

agentydragon/tools/manager_utils/tasklib.py

@@ -0,0 +1,60 @@
+"""
+Simple library for loading and saving task metadata embedded as TOML front-matter
+in task Markdown files.
+"""
+import re
+import subprocess
+from datetime import datetime
+from pathlib import Path
+
+import toml
+from enum import Enum
+from pydantic import BaseModel, Field
+
+FRONTMATTER_RE = re.compile(r"^\+\+\+\s*(.*?)\s*\+\+\+", re.S | re.M)
+
+def repo_root():
+    return Path(subprocess.check_output(['git', 'rev-parse', '--show-toplevel']).decode().strip())
+
+def task_dir():
+    return repo_root() / "agentydragon/tasks"
+
+def worktree_dir():
+    return task_dir() / ".worktrees"
+
+class TaskStatus(str, Enum):
+    NOT_STARTED = "Not started"
+    IN_PROGRESS = "In progress"
+    NEEDS_INPUT = "Needs input"
+    NEEDS_MANUAL_REVIEW = "Needs manual review"
+    DONE = "Done"
+    CANCELLED = "Cancelled"
+    MERGED = "Merged"
+
+class TaskMeta(BaseModel):
+    id: str
+    title: str
+    status: TaskStatus
+    freeform_status: str = Field(default="")
+    dependencies: str = Field(default="")
+    last_updated: datetime = Field(default_factory=datetime.utcnow)
+
+def load_task(path: Path) -> (TaskMeta, str):
+    text = path.read_text(encoding='utf-8')
+    m = FRONTMATTER_RE.match(text)
+    if not m:
+        raise ValueError(f"No TOML frontmatter in {path}")
+    meta = toml.loads(m.group(1))
+    tm = TaskMeta(**meta)
+    body = text[m.end():].lstrip('\n')
+    return tm, body
+
+def save_task(path: Path, meta: TaskMeta, body: str) -> None:
+    tm = meta.dict()
+    # Serialize enum to its string value for front-matter
+    if isinstance(tm.get('status'), Enum):
+        tm['status'] = tm['status'].value
+    tm['last_updated'] = meta.last_updated.isoformat()
+    fm = toml.dumps(tm).strip()
+    content = f"+++\n{fm}\n+++\n\n{body.lstrip()}"
+    path.write_text(content, encoding='utf-8')

agentydragon/tools/manager_utils/tests/__init__.py

@@ -0,0 +1,3 @@
+"""
+Test package for manager_utils
+"""

agentydragon/tools/manager_utils/tests/test_tasklib.py

@@ -0,0 +1,35 @@
+import tempfile
+from pathlib import Path
+import toml
+import pytest
+
+from ..tasklib import TaskMeta, load_task, save_task
+
+SAMPLE = """+++
+id = "99"
+title = "Sample Task"
+status = "Not started"
+dependencies = ""
+last_updated = "2023-01-01T12:00:00"
++++
+
+# Body here
+"""
+
+def test_load_and_save(tmp_path):
+    md = tmp_path / '99-sample.md'
+    md.write_text(SAMPLE)
+    meta, body = load_task(md)
+    assert meta.id == '99'
+    assert 'Body here' in body
+    meta.status = 'Done'
+    save_task(md, meta, body)
+    text = md.read_text()
+    data = toml.loads(text.split('+++')[1])
+    assert data['status'] == 'Done'
+
+from pydantic import ValidationError
+
+def test_meta_model_validation():
+    with pytest.raises(ValidationError):
+        TaskMeta(id='a', title='t', status='bogus', dependencies='', last_updated='bad')

codex-cli/.editorconfig

@@ -0,0 +1,9 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+
+[*.{js,ts,jsx,tsx}]
+indent_style = space
+indent_size = 2

codex-cli/.eslintrc.cjs

@@ -0,0 +1,107 @@
+module.exports = {
+  root: true,
+  env: { browser: true, node: true, es2020: true },
+  extends: [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "plugin:react-hooks/recommended",
+  ],
+  ignorePatterns: [
+    ".eslintrc.cjs",
+    "build.mjs",
+    "dist",
+    "vite.config.ts",
+    "src/components/vendor",
+  ],
+  parser: "@typescript-eslint/parser",
+  parserOptions: {
+    tsconfigRootDir: __dirname,
+    project: ["./tsconfig.json"],
+  },
+  plugins: ["import", "react-hooks", "react-refresh"],
+  rules: {
+    // Imports
+    "@typescript-eslint/consistent-type-imports": "error",
+    "import/no-cycle": ["error", { maxDepth: 1 }],
+    "import/no-duplicates": "error",
+    "import/order": [
+      "error",
+      {
+        groups: ["type"],
+        "newlines-between": "always",
+        alphabetize: {
+          order: "asc",
+          caseInsensitive: false,
+        },
+      },
+    ],
+    // We use the import/ plugin instead.
+    "sort-imports": "off",
+
+    "@typescript-eslint/array-type": ["error", { default: "generic" }],
+    // FIXME(mbolin): Introduce this.
+    // "@typescript-eslint/explicit-function-return-type": "error",
+    "@typescript-eslint/explicit-module-boundary-types": "error",
+    "@typescript-eslint/no-explicit-any": "error",
+    "@typescript-eslint/switch-exhaustiveness-check": [
+      "error",
+      {
+        allowDefaultCaseForExhaustiveSwitch: false,
+        requireDefaultForNonUnion: true,
+      },
+    ],
+
+    // Use typescript-eslint/no-unused-vars, no-unused-vars reports
+    // false positives with typescript
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": [
+      "error",
+      {
+        argsIgnorePattern: "^_",
+        varsIgnorePattern: "^_",
+        caughtErrorsIgnorePattern: "^_",
+      },
+    ],
+
+    curly: "error",
+
+    eqeqeq: ["error", "always", { null: "never" }],
+    "react-refresh/only-export-components": [
+      "error",
+      { allowConstantExport: true },
+    ],
+    "no-await-in-loop": "error",
+    "no-bitwise": "error",
+    "no-caller": "error",
+    // This is fine during development, but should not be checked in.
+    "no-console": "error",
+    // This is fine during development, but should not be checked in.
+    "no-debugger": "error",
+    "no-duplicate-case": "error",
+    "no-eval": "error",
+    "no-ex-assign": "error",
+    "no-return-await": "error",
+    "no-param-reassign": "error",
+    "no-script-url": "error",
+    "no-self-compare": "error",
+    "no-unsafe-finally": "error",
+    "no-var": "error",
+    "react-hooks/rules-of-hooks": "error",
+    "react-hooks/exhaustive-deps": "error",
+  },
+  overrides: [
+    {
+      // apply only to files under tests/
+      files: ["tests/**/*.{ts,tsx,js,jsx}"],
+      rules: {
+        "@typescript-eslint/no-explicit-any": "off",
+        "import/order": "off",
+        "@typescript-eslint/explicit-module-boundary-types": "off",
+        "@typescript-eslint/ban-ts-comment": "off",
+        "@typescript-eslint/no-var-requires": "off",
+        "no-await-in-loop": "off",
+        "no-control-regex": "off",
+      },
+    },
+  ],
+};

codex-cli/.gitignore

@@ -1,7 +1,3 @@
 # Added by ./scripts/install_native_deps.sh
-/bin/codex-aarch64-apple-darwin
-/bin/codex-aarch64-unknown-linux-musl
 /bin/codex-linux-sandbox-arm64
 /bin/codex-linux-sandbox-x64
-/bin/codex-x86_64-apple-darwin
-/bin/codex-x86_64-unknown-linux-musl

codex-cli/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:24-slim
+FROM node:20-slim
 
 ARG TZ
 ENV TZ="$TZ"