Commit Graph

5593 Commits

  • [6/6] Fail exec client operations after disconnect (#18027)
    ## Summary
    - Reject new exec-server client operations once the transport has
    disconnected.
    - Convert pending RPC calls into closed errors instead of synthetic
    server errors.
    - Cover pending read and later write behavior after remote executor
    disconnect.
    
    ## Verification
    - `just fmt`
    - `cargo check -p codex-exec-server`
    
    ## Stack
    ```text
    @  #18027 [6/6] Fail exec client operations after disconnect
    │
    o  #18212 [5/6] Wire executor-backed MCP stdio
    │
    o  #18087 [4/6] Abstract MCP stdio server launching
    │
    o  #18020 [3/6] Add pushed exec process events
    │
    o  #18086 [2/6] Support piped stdin in exec process API
    │
    o  #18085 [1/6] Add MCP server environment config
    │
    o  main
    ```
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Fix exec inheritance of root shared flags (#18630)
    Addresses #18113
    
    Problem: Shared flags provided before the exec subcommand were parsed by
    the root CLI but not inherited by the exec CLI, so exec sessions could
    run with stale or default sandbox and model configuration.
    
    Solution: Move shared TUI and exec flags into a common option block and
    merge root selections into exec before dispatch, while preserving exec's
    global subcommand flag behavior.
  • Refactor TUI app module into submodules (#18753)
    ## Why
    
    The TUI app module had grown past the 512K source-file cap enforced by
    CI/CD. This keeps the app entry point below that limit while preserving
    the existing runtime behavior and test surface.
    
    ## What changed
    
    - Kept the top-level `App` state and run-loop wiring in
    `tui/src/app.rs`.
    - Split app responsibilities into focused private submodules under
    `tui/src/app/`, covering event dispatch, thread routing, session
    lifecycle, config persistence, background requests, startup prompts,
    input, history UI, platform actions, and thread event buffering.
    - Moved the existing app-level tests into `tui/src/app/tests.rs` and
    reused the existing snapshot location rather than adding new tests or
    snapshots.
    - Added module header comments for `app.rs` and the new submodules.
    
    ## Follow-up
    
    A future cleanup can move narrow unit tests from `tui/src/app/tests.rs`
    into the specific app submodules they exercise. This PR keeps the
    existing app-level tests together so the refactor stays focused on the
    source-file split.
    
    ## Verification
    
    - `cargo test -p codex-tui --lib
    app::tests::agent_picker_item_name_snapshot`
    - `cargo test -p codex-tui --lib app::tests::clear_ui`
    - `cargo test -p codex-tui --lib
    app::tests::ctrl_l_clear_ui_after_long_transcript_reuses_clear_header_snapshot`
    - `just fix -p codex-tui`
    
    Full `cargo test -p codex-tui` still fails on model-catalog drift
    unrelated to this refactor, including stale
    `gpt-5.3-codex`/`gpt-5.1-codex` snapshot and migration expectations now
    resolving to `gpt-5.4`.
  • Add session config loader interface (#18208)
    ## Why
    
    Cloud-hosted sessions need a way for the service that starts or manages
    a thread to provide session-owned config without treating all config as
    if it came from the same user/project/workspace TOML stack.
    
    The important boundary is ownership: some values should be controlled by
    the session/orchestrator, some by the authenticated user, and later some
    may come from the executor. The earlier broad config-store shape made
    that boundary too fuzzy and overlapped heavily with the existing
    filesystem-backed config loader. This PR starts with the smaller piece
    we need now: a typed session config loader that can feed the existing
    config layer stack while preserving the normal precedence and merge
    behavior.
    
    ## What Changed
    
    - Added `ThreadConfigLoader` and related typed payloads in
    `codex-config`.
    - `SessionThreadConfig` currently supports `model_provider`,
    `model_providers`, and feature flags.
    - `UserThreadConfig` is present as an ownership boundary, but does not
    yet add TOML-backed fields.
    - `NoopThreadConfigLoader` preserves existing behavior when no external
    loader is configured.
      - `StaticThreadConfigLoader` supports tests and simple callers.
    
    - Taught thread config sources to produce ordinary `ConfigLayerEntry`
    values so the existing `ConfigLayerStack` remains the place where
    precedence and merging happen.
    
    - Wired the loader through `ConfigBuilder`, the config loader, and
    app-server startup paths so app-server can provide session-owned config
    before deriving a thread config.
    
    - Added coverage for:
      - translating typed thread config into config layers,
    - inserting thread config layers into the stack at the right precedence,
    - applying session-provided model provider and feature settings when
    app-server derives config from thread params.
    
    ## Follow-Ups
    
    This intentionally stops short of adding the remote/service transport.
    The next pieces are expected to be:
    
    1. Define the proto/API shape for this interface.
    2. Add a client implementation that can source session config from the
    service side.
    
    ## Verification
    
    - Added unit coverage in `codex-config` for the loader and layer
    conversion.
    - Added `codex-core` config loader coverage for thread config layer
    precedence.
    - Added app-server coverage that verifies session thread config wins
    over request-provided config for model provider and feature settings.
  • Add Code Review skill (#18746)
    Adds a skill that centralizes rules used during code review for codex.
  • uds: add async Unix socket crate (#18254)
    ## Summary
    - add a codex-uds crate with async UnixListener and UnixStream wrappers
    - expose helpers for private socket directory setup and stale socket
    path checks
    - migrate codex-stdio-to-uds onto codex-uds and Tokio-based stdio/socket
    relaying
    - update the CLI stdio-to-uds command path for the async runner
    
    ## Tests
    - cargo test -p codex-uds -p codex-stdio-to-uds
    - cargo test -p codex-cli
    - just fmt
    - just fix -p codex-uds
    - just fix -p codex-stdio-to-uds
    - just fix -p codex-cli
    - just bazel-lock-check
    - git diff --check
  • Add realtime silence tool (#18635)
    ## Summary
    
    Adds a second realtime v2 function tool, `remain_silent`, so the
    realtime model has an explicit non-speaking action when the
    collaboration mode or latest context says it should not answer aloud.
    This is stacked on #18597.
    
    ## Design
    
    - Advertise `remain_silent` alongside `background_agent` in realtime v2
    conversational sessions.
    - Parse `remain_silent` function calls into a typed
    `RealtimeEvent::NoopRequested` event.
    - Have core answer that function call with an empty
    `function_call_output` and deliberately avoid `response.create`, so no
    follow-up realtime response is requested.
    - Keep the event hidden from app-server/TUI surfaces; it is operational
    plumbing, not user-visible conversation content.
  • Read conversation summaries through thread store (#18716)
    Migrate the conversation summary App Server methods to ThreadStore
    
    Because this app server api allows explicitly fetching the thread by
    rollout path, intercept that case in the app server code and (a) route
    directly to underlying local thread store methods if we're using a local
    thread store, or (b) throw an unsupported error if we're using a remote
    thread store. This keeps the thread store API clean and all filesystem
    operations inside of the local thread store, which pushing the
    "fundamental incompatibility" check as early as possible.
  • feat: cascade thread archive (#18112)
    Cascade the thread archive endpoint to all the sub-agents in the agent
    tree
    
    Fix: https://github.com/openai/codex/issues/17867
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Use app server metadata for fork parent titles (#18632)
    ## Problem
    The TUI resolved fork parent titles from local CODEX_HOME metadata,
    which could show missing or stale titles when app-server metadata is
    authoritative.
    
    This is a lingering bug left over from the migration of the TUI to the
    app-server interface. I found it when I asked Codex to review all places
    where the TUI code was still directly accessing the local CODEX_HOME.
    
    ## Solution
    Route fork parent title metadata through the app-server session state
    and render only that supplied title, with focused snapshot coverage for
    stale local metadata.
    
    ## Testing
    I manually tested by renaming a thread then forking it and confirming
    that the "forked from" message indicated the parent thread's name.
  • [codex] prefer inherited spawn agent model (#18701)
    This updates the spawn-agent tool contract so subagents are presented as
    inheriting the parent model by default. The visible model list is now
    framed as optional overrides, the model parameter tells callers to leave
    it unset and the delegation guidance no longer nudges models toward
    picking a smaller/mini override.
    
    Fixes reports that 5.4 would occasionally pick 5.2 or lower as
    sub-agents.
  • fix(tui): keep /copy aligned with rollback (#18739)
    ## Why
    
    Fixes #18718.
    
    After rewinding a thread, `/copy` could still copy the latest assistant
    response from before the rewind. The transcript cells were rolled back,
    but the copy source was a single `last_agent_markdown` cache that was
    not synchronized with backtracking, so the visible conversation and
    copied content could diverge.
    
    ## What changed
    
    `ChatWidget` now keeps a bounded copy history for the most recent 32
    assistant responses, keyed by the visible user-turn count. When local
    rollback trims transcript cells, the copy cache is trimmed to the same
    surviving user-turn count so `/copy` uses the latest visible assistant
    response.
    
    If the user rewinds past the retained copy window, `/copy` now reports:
    
    ```text
    Cannot copy that response after rewinding. Only the most recent 32 responses are available to /copy.
    ```
    
    The change also adds coverage for copying the latest surviving response
    after rollback and for the over-limit rewind message.
    
    ## Verification
    
    - Manually resumed a synthetic 35-turn session, rewound within the
    retained window, and verified `/copy` copied the surviving response.
    - Manually rewound past the retained window and verified `/copy` showed
    the 32-response limit message.
    - `cargo test -p codex-tui slash_copy`
    - `just fix -p codex-tui`
    - `cargo insta pending-snapshots`
    
    Note: `cargo test -p codex-tui` currently fails on unrelated model
    catalog and snapshot drift around the default model changing to
    `gpt-5.4`; the focused `/copy` tests pass after fixing the new test
    setup.
  • Add experimental remote thread store config (#18714)
    Add experimental config to use remote thread store rather than local
    thread store implementation in app server
  • Fix stale model test fixtures (#18719)
    Fixes stale test fixtures left after the active bundled model catalog
    updates in #18586 and #18388. Those changes made `gpt-5.4` the current
    default and removed several older hardcoded slugs, which left Windows
    Bazel shards failing TUI and config tests.
    
    What changed:
    - Refresh TUI model migration, availability NUX, plan-mode, status, and
    snapshot fixtures to use active bundled model slugs.
    - Update the config edit test expectation for the TOML-quoted
    `"gpt-5.2"` migration key.
    - Move the model catalog tests into
    `codex-rs/tui/src/app/tests/model_catalog.rs` so touching them does not
    trip the blob-size policy for `app.rs`.
    
    Verification:
    - CI Bazel/lint checks are expected to cover the affected test shards.
  • Surface TUI skills refresh failures (#18627)
    ## Why
    
    `skills/list` refreshes are best-effort metadata updates. If one fails
    during startup or thread switching, the TUI should keep running and show
    enough detail to diagnose the app-server failure instead of leaving the
    user with only a log entry.
    
    This addresses the recoverability and observability issue reported in
    #16914.
    
    ## What Changed
    
    - Preserve the full startup `skills/list` error chain before sending it
    back through the app event queue.
    - Surface failed skills refreshes as recoverable TUI error messages
    while still logging the warning.
    
    This is related to the recent bug fix from [PR
    #18370](https://github.com/openai/codex/pull/18370).
  • Update realtime handoff transcript handling (#18597)
    ## Summary
    
    This PR aims to improve integration between the realtime model and the
    codex agent by sharing more context with each other. In particular, we
    now share full realtime conversation transcript deltas in addition to
    the delegation message.
    
    realtime_conversation.rs now turns a handoff into:
    ```
    <realtime_delegation>
      <input>...</input>
      <transcript_delta>...</transcript_delta>
    </realtime_delegation>
    ```
    
    ## Implementation notes
    
    The transcript is accumulated in the realtime websocket layer as parsed
    realtime events arrive. When a background-agent handoff is requested,
    the current transcript snapshot is copied onto the handoff event and
    then serialized by `realtime_conversation.rs` into the hidden realtime
    delegation envelope that Codex receives as user-turn context.
    
    For Realtime V2, the session now explicitly enables input audio
    transcription, and the parser handles the relevant input/output
    transcript completion events so the snapshot includes both user speech
    and realtime model responses. The delegation `<input>` remains the
    actual handoff request, while `<transcript_delta>` carries the
    surrounding conversation history for context.
    
    Reviewers should note that the transcript payload is intended for Codex
    context sharing, not UI rendering. The realtime delegation envelope
    should stay hidden from the user-facing transcript surface, while still
    being included in the background-agent turn so Codex can answer with the
    same conversational context the realtime model had.
  • chore(guardian) disable mcps and plugins (#18722)
    ## Summary
    Disables apps, plugins, mcps for the guardian subagent thread
    
    ## Testing
    - [x] Added unit tests
  • [codex-analytics] guardian review analytics schema polishing (#17692)
    ## Why
    
    Guardian review analytics needs a Rust event shape that matches the
    backend schema while avoiding unnecessary PII exposure from reviewed
    tool calls. This PR narrows the analytics payload to the fields we
    intend to emit and keeps shared Guardian assessment enums in protocol
    instead of duplicating equivalent analytics-only enums.
    
    ## What changed
    
    - Uses protocol Guardian enums directly for `risk_level`,
    `user_authorization`, `outcome`, and command source values.
    - Removes high-risk reviewed-action fields from the analytics payload,
    including raw commands, display strings, working directories, file
    paths, network targets/hosts, justification text, retry reason, and
    rationale text.
    - Makes `target_item_id` and `tool_call_count` nullable so the Codex
    event can represent cases where the app-server protocol or producer does
    not have those values.
    - Keeps lower-risk structured reviewed-action metadata such as sandbox
    permissions, permission profile, `tty`, `execve` source/program, network
    protocol/port, and MCP connector/tool labels.
    - Adds an analytics reducer/client test covering `codex_guardian_review`
    serialization with an optional `target_item_id` and absent removed
    fields.
    
    ## Verification
    
    - `cargo test -p codex-analytics
    guardian_review_event_ingests_custom_fact_with_optional_target_item`
    - `cargo fmt --check`
    
    ---
    [//]: # (BEGIN SAPLING FOOTER)
    Stack created with [Sapling](https://sapling-scm.com). Best reviewed
    with [ReviewStack](https://reviewstack.dev/openai/codex/pull/17692).
    * #17696
    * #17695
    * #17693
    * __->__ #17692
  • [codex] Fix high severity dependency alerts (#18167)
    ## Summary
    - Pin vulnerable npm dependencies through the existing root
    `resolutions` mechanism so the lockfile moves only to patched versions.
    - Refresh `pnpm-lock.yaml` for `@modelcontextprotocol/sdk`,
    `handlebars`, `path-to-regexp`, `picomatch`, `minimatch`, `flatted`,
    `rollup`, and `glob`.
    - Bump `quinn-proto` from `0.11.13` to `0.11.14` and refresh
    `MODULE.bazel.lock`.
    
    ## Testing
    - `corepack pnpm --store-dir .pnpm-store install --frozen-lockfile
    --ignore-scripts`
    - `corepack pnpm audit --audit-level high` (passes; remaining advisories
    are low/moderate)
    - `corepack pnpm -r --filter ./sdk/typescript run build`
    - `corepack pnpm exec eslint 'src/**/*.ts' 'tests/**/*.ts'`
    - `cargo check --locked`
    - `cargo build -p codex-cli`
    - `bazel --output_user_root=/tmp/bazel-codex-dependabot
    --ignore_all_rc_files mod deps --lockfile_mode=error`
    - `just fmt`
    
    Note: `corepack pnpm -r --filter ./sdk/typescript run test` was also
    attempted after building `codex`; it is blocked on this workstation by
    host-managed Codex MDM/auth state (`approval_policy` restrictions and
    ChatGPT/API-key mismatch), not by this dependency change.
  • Update models.json (#18388)
    Automated update of models.json.
    
    ---------
    
    Co-authored-by: aibrahim-oai <219906144+aibrahim-oai@users.noreply.github.com>
    Co-authored-by: Ahmed Ibrahim <aibrahim@openai.com>
  • [codex] Fix agent identity auth test fixture (#18697)
    ## Summary
    - Add the missing `background_task_id: None` field to the
    `AgentIdentityAuthRecord` fixture introduced in `auth_tests.rs`.
    
    ## Why
    - Current `main` fails Bazel/rust-ci compile paths after the
    background-task auth field landed and a later auth test fixture
    constructed `AgentIdentityAuthRecord` without that new field.
    - I intentionally removed the earlier broader CI-stability edits from
    this PR. The code-mode timeout, external-agent migration snapshot, and
    MCP resource timeout failures appear to be general/flaky or unrelated to
    the agent identity merge stack rather than cleanly caused by it.
    
    ## Validation
    - `cargo test -p codex-login
    dummy_chatgpt_auth_does_not_create_cwd_auth_json_when_identity_is_set --
    --nocapture`
    - `just fmt`
  • Remove simple TUI legacy_core reexports (#18631)
    ## Problem
    The TUI still imported path utilities and config-loader symbols through
    app-server-client's legacy_core facade even though those APIs already
    exist in utility/config crates. This is part of our ongoing effort to
    whittle away at these old dependencies.
    
    ## Solution
    Rewire imports to avoid the TUI directly importing from the core crate
    and instead import from common lower-level crates. This PR doesn't
    include any functional changes; it's just a simple rewiring.
  • Wire the PatchUpdated events through app_server (#18289)
    Wires patch_updated events through app_server. These events are parsed
    and streamed while apply_patch is being written by the model. Also adds 500ms of buffering to the patch_updated events in the diff_consumer.
    
    The eventual goal is to use this to display better progress indicators in
    the codex app.
  • Update models.json (#18586)
    - Replace the active models-manager catalog with the deleted core
    catalog contents.
    - Replace stale hardcoded test model slugs with current bundled model
    slugs.
    - Keep this as a stacked change on top of the cleanup PR.
  • refactor: use semaphores for async serialization gates (#18403)
    This is the second cleanup in the await-holding lint stack. The
    higher-level goal, following https://github.com/openai/codex/pull/18178
    and https://github.com/openai/codex/pull/18398, is to enable Clippy
    coverage for guards held across `.await` points without carrying broad
    suppressions.
    
    The stack is working toward enabling Clippy's
    [`await_holding_lock`](https://rust-lang.github.io/rust-clippy/master/index.html#await_holding_lock)
    lint and the configurable
    [`await_holding_invalid_type`](https://rust-lang.github.io/rust-clippy/master/index.html#await_holding_invalid_type)
    lint for Tokio guard types.
    
    Several existing fields used `tokio::sync::Mutex<()>` only as
    one-at-a-time async gates. Those guards intentionally lived across
    `.await` while an operation was serialized. A mutex over `()` suggests
    protected data and trips the await-holding lint shape; a single-permit
    `tokio::sync::Semaphore` expresses the intended serialization directly.
    
    ## What changed
    
    - Replace `Mutex<()>` serialization gates with `Semaphore::new(1)` for
    agent identity ensure, exec policy updates, guardian review session
    reuse, plugin remote sync, managed network proxy refresh, auth token
    refresh, and RMCP session recovery.
    - Update call sites from `lock().await` / `try_lock()` to
    `acquire().await` / `try_acquire()`.
    - Map closed-semaphore errors into the existing local error types, even
    though these semaphores are owned for the lifetime of their managers.
    - Update session test builders for the new
    `managed_network_proxy_refresh_lock` type.
    
    ## Verification
    
    - The split stack was verified at the final lint-enabling head with
    `just clippy`.
    
    
    
    
    
    ---
    [//]: # (BEGIN SAPLING FOOTER)
    Stack created with [Sapling](https://sapling-scm.com). Best reviewed
    with [ReviewStack](https://reviewstack.dev/openai/codex/pull/18403).
    * #18698
    * #18423
    * #18418
    * __->__ #18403
  • protocol: canonicalize file system permissions (#18274)
    ## Why
    
    `PermissionProfile` needs stable, canonical file-system semantics before
    it can become the primary runtime permissions abstraction. Without a
    canonical form, callers have to keep re-deriving legacy sandbox maps and
    profile comparisons remain lossy or order-dependent.
    
    ## What changed
    
    This adds canonicalization helpers for `FileSystemPermissions` and
    `PermissionProfile`, expands special paths into explicit sandbox
    entries, and updates permission request/conversion paths to consume
    those canonical entries. It also tightens the legacy bridge so root-wide
    write profiles with narrower carveouts are not silently projected as
    full-disk legacy access.
    
    ## Verification
    
    - `cargo test -p codex-protocol
    root_write_with_read_only_child_is_not_full_disk_write -- --nocapture`
    - `cargo test -p codex-sandboxing permission -- --nocapture`
    - `cargo test -p codex-tui permissions -- --nocapture`
  • codex: move unloaded thread writes into store (#18361)
    - Migrates unloaded `thread/name/set` and `thread/memoryModeSet`
    app-server writes behind the generic
    `ThreadStore::update_thread_metadata` API rather than adding one-off
    store methods for setting thread name or memory mode.
    - Implements the local ThreadStore metadata patch path for thread name
    and memory mode, including rollout append, legacy name index updates,
    SessionMeta validation/update, SQLite reconciliation, and re-reading the
    stored thread.
    - Adds focused local thread-store unit coverage plus app-server
    integration coverage for the migrated unloaded write paths.
  • Surface parent thread status in side conversations (#18591)
    ## Summary
    
    Side conversations can hide important state changes from the parent
    conversation while the user is focused on the side thread. In
    particular, the parent may finish, fail, need user input, or require an
    approval while the side conversation remains visible. Users need a
    lightweight signal for those states, but parent approval overlays should
    not interrupt the side conversation itself.
    
    This change adds parent-conversation status to the side conversation
    context label and defers parent interactive overlays while side mode is
    active. When the user exits side mode, pending parent approvals and
    input requests are restored in the main thread. The pending approval
    footer avoids duplicating the same parent approval status, and replayed
    notice cells are filtered when restoring a pending interactive request
    so tips or warnings do not crowd out the approval prompt.
    
    The change is contained to the TUI side-conversation and thread replay
    paths.
    
    Example 1: Approval pending
    <img width="752" height="35" alt="Screenshot 2026-04-19 at 12 56 07 PM"
    src="https://github.com/user-attachments/assets/1cc0f1a3-9cab-4d60-aed2-96523ccafc20"
    />
    
    Example 2: Turn complete
    <img width="754" height="35" alt="Screenshot 2026-04-19 at 12 56 27 PM"
    src="https://github.com/user-attachments/assets/653521a5-e298-4366-ae1c-72b56eb88eeb"
    />
  • Use app server thread names in TUI picker (#18633)
    ## Problem
    
    The TUI resume/fork picker was backfilling thread names from local
    rollout indexes. This was left over from before the TUI was moved to the
    app server. It should be using app-server APIs because the TUI might be
    connected to a remote connection.
    
    This bug wasn't (yet) reported by a user. I found it by asking Codex to
    review places in the TUI code where it was still directly accessing the
    CODEX_HOME directory rather than going through app-server APIs.
    
    ## Solution
    
    The resume picker and session lookups should use app-server thread APIs
    only. Remove legacy rollout name/list backfills, and avoid local name
    reads in fork history.
    
    ## Testing
    
    I manually tested `codex resume` and `codex resume --all` to look for
    functional or performance regressions in the resume picker.
  • Add verbose diagnostics for /mcp (#18610)
    Fixes #18539.
    
    ## Summary
    The recent `/mcp` performance work kept the default command fast by
    avoiding resource and resource-template inventory probes, but it also
    removed useful diagnostics for users trying to confirm MCP server state.
    
    This keeps bare `/mcp` on the fast tools/auth path and adds `/mcp
    verbose` for the slower diagnostic view. Verbose mode requests full MCP
    server status from the app-server and restores status, resources, and
    resource templates in the TUI output.
    
    ## Testing
    In addition to running automation, I manually tested the feature to
    confirm that it works.
  • fix: auth.json leak in tests (#18657)
    Before this some tests were leaking an auth.json file into
    `codex-rs/core`. This just fixes it
  • [codex] Use background task auth for additional backend calls (#18260)
    ## Summary
    
    Splits the larger PR4.1 background task auth rollout by moving
    additional backend/control-plane call sites into this downstream PR.
    
    This PR keeps callers on the same design as PR4.1: most code asks
    `AuthManager` for the default ChatGPT backend authorization header, and
    `AuthManager` decides bearer vs background AgentAssertion internally.
    Task-pinned inference auth remains separate because it needs the
    thread's registered task id.
    
    ## Stack
    
    - PR1: https://github.com/openai/codex/pull/17385 - add
    `features.use_agent_identity`
    - PR2: https://github.com/openai/codex/pull/17386 - register agent
    identities when enabled
    - PR3: https://github.com/openai/codex/pull/17387 - register agent tasks
    when enabled
    - PR3.1: https://github.com/openai/codex/pull/17978 - persist and
    prewarm registered tasks per thread
    - PR4: https://github.com/openai/codex/pull/17980 - use task-scoped
    `AgentAssertion` for downstream calls
    - PR4.1: https://github.com/openai/codex/pull/18094 - introduce
    AuthManager-owned background/control-plane `AgentAssertion` auth
    - PR4.2: this PR - use background task auth for additional
    backend/control-plane calls
    
    ## What Changed
    
    - pass full authorization header values through backend-client and
    cloud-tasks-client call paths where needed
    - move ChatGPT client, cloud requirements, cloud tasks, thread-manager,
    and models-manager background auth usage into this downstream slice
    - make app-server remote control enrollment/websocket auth ask
    `AuthManager` for the local backend authorization header instead of
    threading a background auth mode through transport options
    - keep the same feature-gated bearer fallback behavior from PR4.1
    
    ## Validation
    
    - `just fmt`
    - `cargo check -p codex-core -p codex-login -p codex-analytics -p
    codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
    codex-models-manager -p codex-chatgpt -p codex-model-provider -p
    codex-mcp -p codex-core-skills`
    - `cargo test -p codex-login agent_identity`
    - `cargo test -p codex-model-provider bearer_auth_provider`
    - `cargo test -p codex-core agent_assertion`
    - `cargo test -p codex-app-server remote_control`
    - `cargo test -p codex-cloud-requirements fetch_cloud_requirements`
    - `cargo test -p codex-models-manager manager::tests`
    - `cargo test -p codex-chatgpt`
    - `cargo test -p codex-cloud-tasks`
    - `just fix -p codex-core -p codex-login -p codex-analytics -p
    codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
    codex-models-manager -p codex-chatgpt -p codex-model-provider -p
    codex-mcp -p codex-core-skills`
    - `just fix -p codex-app-server`
    - `git diff --check`
  • Avoid false shell snapshot cleanup warnings (#18441)
    ## Why
    Fresh app-server thread startup can create a shell snapshot through a
    temp file and then promote it to the final snapshot path. The previous
    implementation briefly wrapped the temp path in `ShellSnapshot`, so
    after a successful rename its `Drop` attempted to delete the old temp
    path and could log a false `ENOENT` warning.
    
    Fixes #17549.
    
    ## What changed
    - Validate the temp snapshot path directly before promotion.
    - Rename the temp path directly to the final snapshot path.
    - Keep explicit cleanup of the temp path on validation or finalization
    failures.
  • [codex] Use background agent task auth for backend calls (#18094)
    ## Summary
    
    Introduces a single background/control-plane agent task for ChatGPT
    backend requests that do not have a thread-scoped task, with
    `AuthManager` owning the default ChatGPT backend authorization decision.
    
    Callers now ask `AuthManager` for the default ChatGPT backend
    authorization header. `AuthManager` decides whether that is bearer or
    background AgentAssertion based on config/internal state, while
    low-level bootstrap paths can explicitly request bearer-only auth.
    
    This PR is stacked on PR4 and focuses on the shared background task auth
    plumbing plus the first tranche of backend/control-plane consumers. The
    remaining callsite wiring is split into PR4.2 to keep review size down.
    
    ## Stack
    
    - PR1: https://github.com/openai/codex/pull/17385 - add
    `features.use_agent_identity`
    - PR2: https://github.com/openai/codex/pull/17386 - register agent
    identities when enabled
    - PR3: https://github.com/openai/codex/pull/17387 - register agent tasks
    when enabled
    - PR3.1: https://github.com/openai/codex/pull/17978 - persist and
    prewarm registered tasks per thread
    - PR4: https://github.com/openai/codex/pull/17980 - use task-scoped
    `AgentAssertion` for downstream calls
    - PR4.1: this PR - introduce AuthManager-owned background/control-plane
    `AgentAssertion` auth
    - PR4.2: https://github.com/openai/codex/pull/18260 - use background
    task auth for additional backend/control-plane calls
    
    ## What Changed
    
    - add background task registration and assertion minting inside
    `codex-login`
    - persist `agent_identity.background_task_id` separately from
    per-session task state
    - make `BackgroundAgentTaskManager` private to `codex-login`; call sites
    do not instantiate or pass it around
    - teach `AuthManager` the ChatGPT backend base URL and feature-derived
    background auth mode from resolved config
    - expose bearer-only helpers for bootstrap/registration/refresh-style
    paths that must not use AgentAssertion
    - wire `AuthManager` default ChatGPT authorization through app listing,
    connector directory listing, remote plugins, MCP status/listing,
    analytics, and core-skills remote calls
    - preserve bearer fallback when the feature is disabled, the backend
    host is unsupported, or background task registration is not available
    
    ## Validation
    
    - `just fmt`
    - `cargo check -p codex-core -p codex-login -p codex-analytics -p
    codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
    codex-models-manager -p codex-chatgpt -p codex-model-provider -p
    codex-mcp -p codex-core-skills`
    - `cargo test -p codex-login agent_identity`
    - `cargo test -p codex-model-provider bearer_auth_provider`
    - `cargo test -p codex-core agent_assertion`
    - `cargo test -p codex-app-server remote_control`
    - `cargo test -p codex-cloud-requirements fetch_cloud_requirements`
    - `cargo test -p codex-models-manager manager::tests`
    - `cargo test -p codex-chatgpt`
    - `cargo test -p codex-cloud-tasks`
    - `just fix -p codex-core -p codex-login -p codex-analytics -p
    codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
    codex-models-manager -p codex-chatgpt -p codex-model-provider -p
    codex-mcp -p codex-core-skills`
    - `just fix -p codex-app-server`
    - `git diff --check`
  • feat: log client use min log level (#18661)
    In the log client, use the log level filter as a minimum severity
    instead of exact match
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • chore: drop review prompt from TUI UX (#18659)
    Due to the app-server rebase of the TUI, the review prompt was leaked
    into the transcript on the TUI
    This is not a security issue but it was bad UX. This PR fixes this
  • feat: add metric to track the number of turns with memory usage (#18662)
    Add a metric `codex.turn.memory` to know if a turn used memories or not.
    This is not part of the other turn metrics as a label to limit
    cardinality
  • feat: chronicle alias (#18651)
    Rename Telepathy to Chronicle and add an alias for backward
    compatibility
  • feat: add --ignore-user-config and --ignore-rules (#18646)
    Add those 2 flags to be able to fully isolate a run of `codex exec` from
    any rules or tools.
    This will be used by Chronicle
  • fix: FS watcher when file does not exist yet (#18492)
    The initial goal of this PR was to stabilise the test
    `fs_watch_allows_missing_file_targets`. After further investigation, it
    turns out that this test was always failing and the unstability was
    coming from a race between timeouts mostly
    
    The goal of the test was to test what happens if a notifier gets
    subscribed while a file does not exist yet. But actually the main code
    was broken and in case of a file not existing yet, the notifier used to
    never notify anything (even if the file ended up being created)
    
    This PR fixes the main code (and the test). For this, we basically watch
    the sup-directory when a file does not exist and refresh on it when the
    files gets created
  • Stabilize marketplace/remove installedRoot test (#17721)
    ## Why
    
    This addresses the review comment from #17751 about `marketplace/remove`
    app-server test portability:
    https://github.com/openai/codex/pull/17751#discussion_r3104378613
    
    The API returns the removed installed root using the app-server's
    effective `CODEX_HOME`. On macOS, temporary directory paths can appear
    as either `/var/...` or `/private/var/...`, so comparing one raw path
    against another can fail even when `marketplace/remove` behaves
    correctly.
    
    ## What changed
    
    - Removed the direct whole-response equality assertion for the installed
    root path.
    - Asserted the stable response field, `marketplace_name`, directly.
    - Compared the expected and returned installed-root paths after
    canonicalizing their existing parent directories, which avoids requiring
    the removed leaf directory to still exist.
    
    ## Verification
    
    - `cargo test -p codex-app-server
    marketplace_remove_deletes_config_and_installed_root`
    - `cargo test -p codex-app-server marketplace_remove`
  • chore: morpheus to path (#18353)
    Make the morpheus agent (which is the phase 2 memories agent) follow the
    agent-v2 path system by naming it `/morpheus`. To maintain the path
    primitive this means moving it to a dedicated `AgentControl`
    
    Co-authored-by: Codex <noreply@openai.com>
  • feat: add mem 2 agent header (#18644)
    Add a header to memory phase 2 agent for analytics
  • [codex] Add marketplace/remove app-server RPC (#17751)
    ## Summary
    
    Add a new app-server `marketplace/remove` RPC on top of the shared
    marketplace-remove implementation.
    
    This change:
    - adds `MarketplaceRemoveParams` / `MarketplaceRemoveResponse` to the
    app-server protocol
    - wires the new request through `codex_message_processor`
    - reuses the shared core marketplace-remove flow from the stacked
    refactor PR
    - updates generated schema files and adds focused app-server coverage
    
    ## Validation
    
    - `just write-app-server-schema`
    - `just fmt`
    - heavy compile/test coverage deferred to GitHub CI per request
  • [codex] Use AgentAssertion downstream behind use_agent_identity (#17980)
    ## Summary
    
    This is the AgentAssertion downstream slice for feature-gated agent
    identity support, replacing the oversized AgentAssertion slice from PR
    #17807.
    
    It isolates task-scoped downstream AgentAssertion wiring on top of the
    merged PR3.1 work without re-carrying the earlier agent registration,
    task registration, or task-state history.
    
    This PR includes the task-scoped bug-fix call sites from the review:
    generic file upload auth, MCP OpenAI file upload auth, and ARC monitor
    auth. Broader user/control-plane calls move to PR4.1 and PR4.2.
    
    ## Stack
    
    - PR1: https://github.com/openai/codex/pull/17385 - add
    `features.use_agent_identity`
    - PR2: https://github.com/openai/codex/pull/17386 - register agent
    identities when enabled
    - PR3: https://github.com/openai/codex/pull/17387 - register agent tasks
    when enabled
    - PR3.1: https://github.com/openai/codex/pull/17978 - persist and
    prewarm registered tasks per thread
    - PR4: this PR - use task-scoped `AgentAssertion` downstream when
    enabled
    - PR4.1: https://github.com/openai/codex/pull/18094 - introduce
    AuthManager-owned background/control-plane `AgentAssertion` auth
    - PR4.2: https://github.com/openai/codex/pull/18260 - use background
    task auth for additional backend/control-plane calls
    
    ## What Changed
    
    - add AgentAssertion envelope generation in `codex-core`
    - route downstream HTTP and websocket auth through AgentAssertion when
    an agent task is present
    - extend the model-provider auth provider so non-bearer authorization
    schemes can be passed through cleanly
    - make generic file uploads attach the full authorization header value
    - make MCP OpenAI file uploads use the cached thread agent task
    assertion when present
    - make ARC monitor calls use the cached thread agent task assertion when
    present
    
    ## Why
    
    The original PR had drifted ancestry and showed a much larger diff than
    the semantic change actually required. Restacking it onto PR3.1 keeps
    the reviewable surface down to the downstream assertion slice.
    
    ## Validation
    
    - `just fmt`
    - `cargo check -p codex-core -p codex-login -p codex-analytics -p
    codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
    codex-models-manager -p codex-chatgpt -p codex-model-provider -p
    codex-mcp -p codex-core-skills`
    - `cargo test -p codex-model-provider bearer_auth_provider`
    - `cargo test -p codex-core agent_assertion`
    - `cargo test -p codex-app-server remote_control`
    - `cargo test -p codex-cloud-requirements fetch_cloud_requirements`
    - `cargo test -p codex-models-manager manager::tests`
    - `cargo test -p codex-chatgpt`
    - `cargo test -p codex-cloud-tasks`
    - `cargo test -p codex-login agent_identity`
    - `just fix -p codex-core -p codex-login -p codex-analytics -p
    codex-app-server -p codex-cloud-requirements -p codex-cloud-tasks -p
    codex-models-manager -p codex-chatgpt -p codex-model-provider -p
    codex-mcp -p codex-core-skills`
    - `just fix -p codex-app-server`
    - `git diff --check`
  • [codex] Add workspace owner usage nudge UI (#18221)
    ## Summary
    
    Third PR in the split from #17956. Stacked on #18220.
    
    - shows workspace-owner/member-specific rate-limit messages behind
    `workspace_owner_usage_nudge`
    - prompts workspace members to notify the owner or request a usage-limit
    increase
    - sends the confirmed nudge through the app-server API and renders
    completion feedback
    - adds focused TUI snapshot coverage for prompts and completion states
    - feature gate
    
    ## Validation
    
    - `cargo test -p codex-backend-client`
    - `cargo test -p codex-app-server-protocol`
    - `cargo test -p codex-app-server rate_limits`
    - `cargo test -p codex-tui workspace_`
    - `cargo test -p codex-tui status_`
    - `just fmt`
    - `just fix -p codex-backend-client`
    - `just fix -p codex-app-server-protocol`
    - `just fix -p codex-app-server`
    - `just fix -p codex-tui`