Dylan

This commit performs **maintenance** by **adjusting timeout configurations** to stabilize CI tests, particularly on macOS. It raises the `apply_patch` helper timeout in `codex-core` to mitigate startup races and increases the `DEFAULT_READ_TIMEOUT` from 5 to 10 seconds within the `codex-app-server`'s connection handling websocket test suite. These changes prevent **spurious test failures** that occur due to slow initialization handshakes or race conditions, significantly improving the reliability of the test suite.

This commit **introduces a new `approvals_reviewer` field** to the `Op::UserTurn` enum variant within the **core `codex-rs` protocol**. This **feature addition** extends the user turn operation to explicitly carry information about the designated reviewer for approvals, which is crucial for **migrating `CodexMessageProcessor::turn_start`** to leverage `Op::UserTurn`. The change impacts the **`core` logic, `protocol` definition, and `tui` components**, requiring updates to how user turns are constructed and processed. This prepares the system for more robust approval workflows by standardizing reviewer assignment within user interactions, with extensive test updates ensuring compatibility.

This commit **refactors** the **`exec_policy` tests** within `codex-rs/core/src/exec_policy_tests.rs` to enhance consistency and maintainability. Specifically, it consolidates the test suite to uniformly utilize the `ExecApprovalRequirementScenario` and the `assert_exec_approval_requirement_for_command` helper function. This **maintenance** work standardizes how execution approval requirements are tested, improving the clarity and future extensibility of the test suite. The change primarily impacts the **testing infrastructure** for the `exec_policy` module, ensuring a more robust and consistent approach to verifying policy behavior.

This commit introduces an **enhancement** to the **`codex-rs/core`** and **`codex-rs/protocol`** modules by integrating **guardian approval context** into developer messages. It achieves this by passing approvals reviewer configuration to policy generation and permissions update items, and by introducing a new `PermissionsPromptConfig` struct. The `DeveloperInstructions` functions, including `from`, `from_policy`, and `from_permissions_with_network`, are updated to incorporate and utilize this context, ensuring that guardian subagent approval guidance is consistently included. This change improves the completeness and accuracy of developer instructions regarding permissions and approvals.

This commit **fixes** an issue within the **`core`** module's **command execution policy** by **disabling the `command_might_be_dangerous` check** when the system is already explicitly unsandboxed. Previously, the `ApprovalPolicy::Never` setting could still block dangerous commands even in an unsandboxed state, which was an unintended restriction. The `render_decision_for_unmatched_command` function in `codex-rs/core/src/exec_policy.rs` was adjusted to correctly allow these commands, with new unit tests added in `codex-rs/core/src/exec_policy_tests.rs` to verify the behavior. This ensures that **explicitly unsandboxed environments** are not unduly restricted by sandboxing policies, providing expected flexibility.

This commit **updates the `prefix_rule` guidance** within the `codex-rs/protocol` module's **permissions approval policy documentation**. It enhances the content by adding details on advanced shell features, clarifying what constitutes broad prefixes, and refining examples by removing 'pytest'. A related **maintenance chore** also updates the `APPROVAL_POLICY_ON_REQUEST_RULE` constant's path in `codex-rs/protocol/src/models.rs` to reflect the markdown file's new location. This **documentation update** improves the clarity and accuracy of `prefix_rule` configuration instructions for users interacting with the approval policy system.

This commit performs a **maintenance chore and refactoring** within the **core runtime for shell execution** by **removing the `PowershellUtf8` feature flag**. As the UTF-8 prefix for PowerShell commands is now unconditionally applied, the explicit feature check and its associated conditional logic have been eliminated. This simplifies the codebase in `codex-rs/core/src/tools/runtimes/shell.rs` and `codex-rs/core/src/tools/runtimes/unified_exec.rs`, ensuring consistent UTF-8 handling for all PowerShell commands. Test harnesses in `codex-rs/core/tests/suite/shell_command.rs` are also updated to reflect this permanent behavior.

This commit **fixes** an inconsistency in the **subagent execution policy** system by ensuring that user-approved policies for subagents are **shared and propagated by default** to parent threads. It introduces new logic in `codex-rs/core/src/exec_policy.rs` to determine policy inheritance and modifies **thread management** functions like `spawn_new_thread_with_source` and `fork_thread_with_source` to pass these inherited policies. This **enhancement** improves the consistency of **subagent interactions** and permissions, preventing redundant approvals and streamlining the user experience by syncing `execpolicy` changes across threads. The `codex-rs/core` module's `Codex` and `Session` creation, along with `codex_delegate.rs`, are updated to support this inheritance. The change is verified with new integration tests for policy amendment propagation.

This commit introduces a **generic nested experimental gating mechanism** for the **app-server protocol**, ensuring that experimental features like `AskForApproval::Reject` are correctly restricted even when embedded within otherwise stable protocol types. It replaces previous ad-hoc, request-specific gating logic with a declarative `#[experimental(nested)]` attribute, implemented in the `codex-experimental-api-macros` crate. This **new capability** affects various **`app-server-protocol`** types, including `ProfileV2`, `Config`, and `Thread/Turn` parameters, by applying the new attribute and `ExperimentalApi` trait derivations. The **refactoring** improves the robustness and maintainability of **experimental API enforcement**, preventing unintended usage of experimental features by clients without the necessary capabilities enabled.

This commit implements a **bug fix** to improve the robustness of **protocol deserialization** within the `app-server-protocol` and `core` modules. It **adds a default value of `false`** to the `request_permissions` field across numerous **JSON schemas** (e.g., `ClientRequest.json`, `ConfigReadResponse.json`, `ThreadForkParams.json`) and their corresponding **Rust `struct` definitions** like `RejectConfig` and `AskForApproval::Reject`. By making `request_permissions` optional and providing a default, this change **prevents deserialization failures** for existing configurations or messages that might be missing this field, thereby ensuring **backward compatibility** and more resilient system operation.

This commit introduces a **new capability** to the **approval system**, allowing for more granular control over permission requests when using a `Reject` policy. It adds a `request_permissions` boolean field to the `RejectConfig` across the **application server protocol** and **core configuration schemas**. This enables the system to be configured to explicitly allow `request_permissions` calls to proceed, even when the overall policy is set to `Reject`, rather than implicitly rejecting all such requests. This is a **backwards-incompatible change** for existing `Reject` policies, requiring updates to both client and server-side components to accommodate the evolved protocol and configuration.

This commit **fixes** a critical oversight in the **core `apply_patch` tool**, ensuring it now correctly respects `AdditionalPermissions` and permissions granted via `request_permissions`. It introduces new permission handling logic within `codex-rs/core/src/tools/handlers/apply_patch.rs` and updates the `ApplyPatchRequest` runtime to properly incorporate sandbox and permission profiles. This **bug fix** significantly enhances the **security and reliability** of patch application by enforcing granular authorization for file modifications. A new test case confirms that `apply_patch` now proceeds seamlessly without redundant prompts after permissions are explicitly granted.

This commit introduces a **new capability** to the **permission request system**, enabling users to grant permissions for the **entire session** rather than just the current turn. It updates the **`app-server-protocol`** with a new `PermissionGrantScope` and `scope` field, which is then integrated into the **`app-server`**'s event handling and the **`core`** module's state management to persist these session-wide grants. The **`tui`** now presents an option to grant permissions for the session, significantly improving user experience by reducing repeated prompts for the same permissions within a session. This change impacts the **`core`** permission handling logic, **`app-server`** communication, and the **`tui`**'s approval overlay.

This commit **fixes and improves** the **`shell_command::unicode_output` test** within the **`core` crate's test suite**, specifically addressing issues on Windows. It modifies the test to now execute commands via a **child process on Windows**, which is crucial for accurately validating PowerShell's handling of Unicode output. This change ensures more reliable and correct testing of the **`shell_command` module's** behavior in the **CI pipeline**, simplifying the command for other platforms while providing a robust solution for Windows-specific scenarios.

This commit introduces a **new capability** to the **TUI (Terminal User Interface)**, enabling it to visually render and manage `request_permissions` calls. It integrates a new **state management system** for pending interactive requests, extending the **chat widget** and **interrupt manager** to process these events. The **bottom pane's approval overlay** is updated to display a dedicated UI for reviewing and deciding on permission requests, allowing users to interactively approve or deny them directly within the terminal and enhancing user control.

This commit **fixes a Bazel build issue** by **adding the missing `BUILD.bazel` file** for the new `app-server-client` Rust crate. This **maintenance** task ensures that the `app-server-client` module has its necessary build rules defined, allowing the **Bazel build system** to correctly compile and manage it. The addition of `codex-rs/app-server-client/BUILD.bazel` is critical for **Bazel CI stability** and proper integration of this new component. This resolves a configuration oversight, enabling the `app-server-client` to be fully supported by the project's build infrastructure.

This commit delivers a **bug fix** addressing a **hanging OpenTelemetry (OTel) test** within the **`core` module's test suite**. The primary change involves **updating the `otel.rs` test** to **include a crucial turn completion event** in the responses stream, which was previously missing and causing the test to hang indefinitely. Furthermore, the update introduces a second response sequence and refactors the definition of function call events, enhancing the test's robustness and accuracy. This ensures the OTel integration tests correctly simulate event flows and complete reliably.

This commit provides a **fix** for **CI stability**, specifically addressing issues related to the **Guardian feature** and platform-specific test execution. It resolves unused import warnings and ensures that Guardian-related tests, particularly within `codex-rs/core` and `codex-rs/tui`'s chatwidget, correctly handle the `codex-linux-sandbox` executable path. A new utility macro, `codex_linux_sandbox_exe_or_skip`, is introduced in `codex-rs/core/tests/common/lib.rs` to conditionally set this path. This **maintenance** work prevents CI failures by ensuring tests pass reliably on Linux, including updating snapshots for the experimental popup display. The overall impact is improved robustness and reliability of the project's test suite.

This commit **removes a guardian snapshot test** from the **`core` module** due to its **flakiness** and associated Bazel build issues. This **temporary maintenance fix** is crucial for **restoring CI stability** and ensuring continuous integration pipelines remain green. The test, while semantically valuable, was causing disruptions, and will be re-evaluated and reintroduced in a stable form at a later time.

This commit **refactors** the **TUI's trusted directory flow** by **removing an obsolete configuration check** related to custom approval policies or sandbox modes. It eliminates the `did_user_set_custom_approval_policy_or_sandbox_mode` field from the `Config` struct within `codex-rs/core` and updates the `load_from_base_config_with_overrides` function. Concurrently, the `should_show_trust_screen` function in `codex-rs/tui` is modified to remove this outdated check. This **simplifies the logic** for determining when to display the trust screen, aligning it with the current purpose of directory trust and streamlining the user experience.