Fouad Matin

This commit **fixes** a **security vulnerability** in the **MCP tool approval system** by modifying the `requires_mcp_tool_approval` function within the `codex-rs/core` module. Previously, tools missing specific annotations would bypass the approval process, leading to an unsafe "fail open" behavior. Now, when annotations are absent, the system applies **default MCP specification behaviors**, marking unannotated tools as destructive and open-world. This ensures that all **unannotated MCP tools** are correctly routed through the **approval and ARC monitoring process**, preventing silent and potentially dangerous execution, while explicitly read-only tools continue to bypass approval unless also marked destructive.

This commit **fixes** an incorrect API path within the **ARC monitor** subsystem by **removing the redundant `/api` segment** from the endpoint used by the `monitor_action` function in `codex-rs/core/src/arc_monitor.rs`. Concurrently, the **mock API path in tests** for the **MCP tool call monitor** in `codex-rs/core/src/mcp_tool_call.rs` is updated to reflect this change, ensuring test accuracy. This **maintenance fix** prevents potential API communication errors for the ARC monitoring functionality and maintains consistency across related test suites.

This commit **adds a new capability** to provide users with a per-turn warning when their requested AI model is downgraded to a fallback model due to cyber safety checks. The **`codex-api`** module now detects model changes from server responses (SSE and WebSocket) and emits a `ServerModel` event, which the **`core`** logic then uses to identify mismatches and generate a warning. This warning is surfaced in the **`app-server` (V2 API)** as a synthetic user message, clearly explaining the reroute and directing users to Trusted Access verification and cyber safety information. This **enhancement** improves transparency and user understanding of model routing decisions, ensuring users are informed about the actual model processing their requests.

This commit introduces a **new capability** by adding an "Over-refusal / safety check" option to the **feedback system**. It extends the `FeedbackCategory` enum in the **TUI** to include `SafetyCheck`, allowing users to select this new feedback type from the UI. The `feedback_view` component is updated to display the new option with appropriate titles and placeholders, and the backend `log_feedback` function now supports this classification. This enhancement provides more granular data for analyzing model behavior related to safety and refusal, improving the quality of collected feedback. Snapshot tests were also updated to reflect the new UI elements.

This commit **fixes** an issue within the **`protocol`** module by **refining the instructions** provided to models when the `approval_policy` is set to `never`. It **removes overly directed language** from the `codex-rs/protocol/src/prompts/permissions/approval_policy/never.md` prompt, ensuring models receive more appropriate and less prescriptive guidance. The **`core`** module's test suite, specifically `prompt_caching.rs`, is updated to align its assertion logic with this clarified policy. This **maintenance** change improves the semantic interaction with models under the `never` approval policy, with a minor adjustment to `tool_parallelism.rs` test duration for CI stability.

This commit **fixes a broken image link** within the project's `README.md` file, specifically addressing an issue where the **Codex CLI splash image** was not rendering on **npm package pages**. It updates the image source from a relative path, `./.github/codex-cli-splash.png`, to a fully qualified GitHub-hosted URL, `https://github.com/openai/codex/blob/main/.github/codex-cli-splash.png`. This **documentation fix** ensures that the visual presentation of the package's README is correct and consistent across different platforms, improving the overall **user experience** for those browsing the project's documentation on npm.

This commit implements a **bug fix** within the **Codex API** to correctly handle `invalid_prompt` errors. Previously, these errors were mistakenly treated as retryable, causing the system to continuously reattempt requests and preventing the **UI** from displaying the actual error. The change introduces an `InvalidRequest` error variant and logic to detect `invalid_prompt` responses, mapping them to a non-retryable error type across the `codex-api` and `core` API bridge. This ensures that the **UI** promptly receives and displays the correct error message, improving user feedback and preventing unnecessary retries.

This commit **fixes** and **updates** the **onboarding instructions** for **Windows users** within the `codex-rs/tui` application. It modifies `codex-rs/tui/src/onboarding/windows.rs` to replace inline **WSL installation commands** with a direct link to the official documentation. This **documentation update** ensures users receive the most current and comprehensive guidance for setting up Windows Subsystem for Linux. The change improves the **clarity and accuracy** of the initial setup process, enhancing the **user experience** for new Windows users.

This commit introduces a **new capability** by adding a `codex sandbox` subcommand to the **CLI**, providing dedicated `macos` and `linux` targets for managing sandboxes. It **refactors** the command-line interface to offer a more intuitive entry point, while ensuring backward compatibility by retaining `codex debug` and other legacy aliases. Extensive **documentation updates** across `README.md`, `core/README.md`, and `docs/sandbox.md` reflect these changes, clarifying the new command structure and its platform-specific options. This enhances the user experience by streamlining sandbox interaction and making platform-specific sandbox commands more explicit.

This commit **enhances the device code authentication flow** within the **login subsystem**, specifically in `codex-rs/login/src/device_code_auth.rs`. It introduces **specific error handling for disabled login** attempts, providing clearer feedback to users. Additionally, user instructions for device code login are **rephrased and formatted with ANSI colors** for improved readability and guidance. This **feature addition** improves the user experience during the authentication process by making it more informative and user-friendly.

This commit introduces a **managed configuration system** that layers configuration from multiple sources, including user-defined `config.toml`, an optional `managed_config.toml`, and macOS managed preferences, with recursive merging for nested tables. This **new capability** significantly enhances **configuration management**, allowing administrators to ship **fleet-wide overrides** for settings like sandbox or approval defaults. The **core configuration loading mechanism** (`codex-rs/core/src/config_loader`) has been extensively **refactored** to support this asynchronous, layered approach, impacting various application entry points and command runners across `app-server`, `cli`, and `tui` modules.

This commit **fixes a regression** in the **TUI** where the `?` key, used for displaying help or shortcuts, stopped working due to recent refactoring efforts. It addresses this by **reworking the bottom pane and footer rendering logic**, specifically in `codex-rs/tui/src/bottom_pane/chat_composer.rs` and `codex-rs/tui/src/bottom_pane/footer.rs`, to correctly handle key events and display hints. The changes involve replacing `FooterMode` with a new span-based approach for hints and integrating token usage display, alongside new utility functions for key hint rendering. This ensures the `?` key functionality is restored while also improving the overall rendering architecture and adding new token usage information to the user interface.

This commit **fixes** the default behavior of the **TUI's `--full-auto` mode** by adjusting its approval policy. Specifically, it updates the `full-auto` preset to use `AskForApproval::OnRequest` as its default, moving away from the previous `OnFailure` policy. This change, located within `codex-rs/tui/src/lib.rs` and affecting the `run_main` symbol, ensures that automated operations now require explicit user approval by default. Consequently, the **TUI** provides a more cautious and user-controlled experience for automated tasks, preventing unintended actions.

This commit provides a **bug fix** to resolve a **flaky test** in the **`core`** module, specifically `unified_exec::tests::completed_commands_do_not_persist_sessions`. The test was failing due to a **race condition** where initial output from a PTY session was not consistently captured, leading to an assertion failure. To address this, the **`exec_command`** and **`unified_exec`** subsystems are updated to subscribe to the output stream *before* the session begins execution, ensuring that all output, including immediate responses, is reliably received. This change enhances the stability of command execution output handling and prevents future intermittent test failures.

This commit **updates the `README.md` documentation** to provide clear instructions and a link for installing the **Codex project within an Integrated Development Environment (IDE)**. This **documentation enhancement** improves the onboarding experience by guiding users on how to set up and integrate Codex into their preferred development workflow. The change specifically targets the **project's setup and installation guide**, making it easier for developers to get started with Codex.

This commit **updates the default OpenAI model** used by the **`codex-rs`** project, addressing a configuration **fix** to align with current model recommendations. Specifically, it changes the `OPENAI_DEFAULT_MODEL` constant in `codex-rs/core/src/flags.rs` to `codex-mini-latest`, replacing the previous `o4-mini` default. This ensures that all new sessions and unconfigured requests within the **core protocol** will now default to the `codex-mini-latest` model. The change also includes necessary **documentation updates** in `README.md` and an adjustment to a **test case** in `codex-rs/core/src/protocol.rs` to reflect this new default, alongside a minor comment **refactoring**.

bump(version): 0.1.2505172129 (#1008)

This commit **introduces a Node.js version check** within the **`codex-cli`** startup process. This **maintenance fix** ensures that the CLI only runs on **Node.js v22 or newer**, preventing potential compatibility issues with older environments. If an unsupported Node.js version is detected, the CLI will now **exit gracefully with an informative error message**. This change enhances the **robustness and reliability** of the CLI by enforcing essential environment prerequisites for correct operation.

This commit **fixes** a critical issue within the **`codex-cli` authentication and API key management subsystem**, ensuring that new refresh and ID tokens are properly persisted after a token refresh or exchange operation. The `maybeRedeemCredits` function in `src/utils/get-api-key.tsx` is updated to **persist new refresh tokens**, preventing premature logouts and improving session stability. Additionally, a `forceLogin` option is introduced to the `getApiKey` function, and the credit redemption logic in `src/cli.tsx` is adjusted to fetch an API key if a refresh token is unavailable when the `--free` flag is used, enhancing the **robustness of user sessions and API access** for CLI operations.

bump(version): 0.1.2505171619 (#1001)