Eric Traut

This commit **fixes a bug** in the **TUI's `/status` command** where displayed rate limits could become stale due to the reuse of a cached snapshot, leading to an outdated view of remaining usage. It introduces a new mechanism to **dynamically refresh** and update the rate limit information *after* the status is initially displayed, ensuring users always see current data. This required **refactoring** the `codex-rs/tui/src/app.rs` and `codex-rs/tui/src/chatwidget.rs` modules to handle new events for fetching and displaying updated limits, and updating the `codex-rs/tui/src/status/card.rs` to manage this dynamic state. The change significantly **enhances the user experience** by providing accurate, real-time rate limit feedback within active TUI sessions.

This commit **refactors** the external authentication system by replacing a separate `ExternalAuth` enum and `ExternalAuthRefresher` trait with a **single, unified `ExternalAuth` trait**. This architectural improvement impacts the **`login` module's `AuthManager`** and the `app-server`'s `message_processor`, which are updated to leverage this new generic API. Specifically, bearer token authentication is now managed by `BearerTokenRefresher` implementing the new `ExternalAuth` trait, streamlining its integration. The change **simplifies the overall architecture** for handling various external authentication methods, promoting consistency and extensibility, with updated documentation reflecting the new trait requirement.

This commit **enhances** the **PR babysitter watcher** by **prioritizing the monitoring and handling of new review comments** within the `gh_pr_watch.py` script. It modifies the PR monitoring logic to ensure the `--watch` process continuously runs for open pull requests, even when they are merge-ready, preventing subsequent review feedback from being missed. This change significantly improves the responsiveness and reliability of the **PR management system** by ensuring review comments are addressed promptly. New unit tests have been added to verify this continuous polling and prioritization behavior, and the `babysit-pr` skill's documentation has been updated accordingly.

This commit **reroutes the TUI's `/feedback` submission process** to go through the app server instead of directly via the local feedback crate. This **feature enhancement** and **refactoring** of the **TUI feedback module** (`codex-rs/tui/src/app.rs`, `codex-rs/tui/src/bottom_pane/feedback_view.rs`) ensures consistent feedback handling across all clients. It resolves issues where TUI feedback lacked auth-derived tags like `chatgpt_user_id` and failed to upload correct logs for remote sessions. By integrating with the app server, this change **improves the reliability and data integrity of TUI feedback submissions**.

This commit **fixes a platform-specific test failure** by **normalizing Windows paths** within the **`codex-rs/tui` chat widget's MCP startup snapshot test**. Previously, the snapshot assertion in `chatwidget/tests.rs` would compare raw Windows paths, leading to CI failures on Windows environments due to a mismatch with the normalized snapshot fixture. By routing this assertion through the existing `normalize_snapshot_paths` helper, the test now consistently compares normalized paths, ensuring **platform stability** and preventing future CI issues related to path differences across operating systems.

This commit delivers a **bug fix** for the **TUI application server** (`tui_app_server`) to eliminate "ghost" subagent entries from the `/agent` picker. Previously, the TUI could accumulate selectable but blank threads because it created local state for subagents without an active local session, particularly during metadata hydration and backfill. The fix involves **refactoring thread loading and attachment logic** within `codex-rs/tui/src/app.rs` to prevent empty channel creation, prune terminally unavailable entries, and dynamically materialize live sessions. This significantly improves the **agent navigation and thread management experience** by ensuring only genuinely available and active subagent threads are presented to the user.

This commit **fixes a regression** in the **TUI**'s `tui_app_server` component, which had stopped displaying **MCP startup failure warnings** during cold starts. It enhances the `app_server_adapter` to consume per-server status notifications and updates the `chatwidget` to robustly track and display these warnings, including handling lag and synthesizing aggregate failure messages. This **restores critical diagnostic information** for users, ensuring that silent failures in **app-server bridge** MCP handshakes are now properly surfaced.

This commit **removes the partially-completed voice transcription feature** from the **TUI composer**, including its associated state machine, app events, and hold-to-talk logic. This extensive **refactoring** impacts core **TUI** components such as the `chat_composer`, `bottom_pane`, and `voice` modules, where all transcription-related functions, data structures, and event handlers are eliminated. The **maintenance** effort also involves removing feature flags, dedicated tests, and the `RecordedAudio` struct, effectively ensuring the **TUI** no longer supports or attempts to process voice input for transcription. Additionally, placeholder function names in the `chatwidget` are updated from 'transcription' to 'recording_meter' to reflect the complete removal of transcription capabilities.

This commit **fixes a bug** in the **TUI app server's skills picker** that caused the filtered list of skill candidates to be prematurely truncated. Previously, the `$` skills picker only displayed the first 8 matches, preventing keyboard navigation beyond the first page and making many skills appear missing. The fix involves removing the truncation logic from the `get_filtered_mention_items` function in `codex-rs/tui/src/bottom_pane/skill_popup.rs`, ensuring all available skill candidates are now correctly displayed. This **improves the usability** and discoverability of skills for users interacting with the TUI.

This commit **removes a temporary workaround** in the **`app-server`**'s message processing logic, specifically within `handle_message`, which previously assigned a default originator for the `codex-tui` client. As part of this **refactoring**, the `codex-tui` client is now explicitly recognized as a **first-party originator** in the `login` and `auth` subsystem's `is_first_party_originator` function. This change streamlines the client identification process, ensuring `codex-tui` is handled consistently with other trusted clients and improving the overall **security and maintainability** of the system. A new test case was also added to verify this correct identification.

This commit **removes all remaining custom prompt support** from the system, constituting a significant **refactoring and cleanup** effort. It specifically impacts the **TUI's slash-command flow** and the **command popup**, which are now simplified to exclusively handle built-in commands, streamlining input processing within the `chat_composer`. This change also involves deleting obsolete custom prompt tests, helpers, and updating `docs/tui-chat-composer.md` to remove related references. The overall scope is to simplify the codebase, reduce maintenance overhead, and provide a more focused command experience by eliminating an unused feature.

This commit **updates the documentation** for the **PR Babysitter skill** to provide clearer guidance on handling review comments. Specifically, it clarifies that actionable review comments should be marked "resolved" after being addressed, and non-actionable comments require a direct reply explaining why no changes are needed. This **documentation update** in `.codex/skills/babysit-pr/SKILL.md` aims to improve the consistency and effectiveness of the **PR review workflow** and communication. The change ensures that all feedback is appropriately acknowledged and managed, streamlining the review process for contributors.

This commit delivers a **bug fix** addressing a **regression** in the **TUI app server's agent picker** that caused live agent threads to be incorrectly marked as closed. Previously, the picker relied on unreliable listener-task bookkeeping, leading to agents appearing grayed out and false "Agent thread ... is closed" messages after switching branches. The fix modifies the `open_agent_picker` refresh logic within `codex-rs/tui_app_server/src/app.rs` to query the app server directly for each thread's `thread/read` status, accurately determining its closed or loaded state while preserving cached metadata for replay-only threads. This ensures the **agent picker** now correctly reflects the real-time status of agent threads, significantly improving the reliability and user experience of the **TUI agent management**.

This commit **fixes a regression** in the **TUI app-server** that prevented users from reliably resuming saved sessions by name using commands like `codex resume <name>` or `/resume <name>`. The issue stemmed from an incorrect name lookup mechanism that pre-filtered `thread/list` with backend search terms, failing to account for thread names hydrated client-side. The **fix** modifies the `lookup_session_target_by_name_with_app_server` function in `codex-rs/tui_app_server/src/lib.rs` to **scan listed threads client-side** for accurate name resolution. This ensures **consistent session resumption** for all saved sessions and is accompanied by a **new regression test** to cover cases where the rollout title does not match the thread name.

This commit **fixes a regression** in the **TUI application server** (`tui_app_server`) where the `/copy` command became unavailable after an assistant's response, stemming from a post-migration change where `turn/completed` notifications no longer repeated the final assistant text. To address this, the `ChatWidget` now tracks the last completed final-answer agent message in a new `pending_turn_copyable_output` field during an active turn. Upon turn completion, this message is correctly promoted to the `/copy` cache, **restoring the expected functionality** for copying assistant output. This ensures users can reliably copy the last assistant message immediately after a turn completes, without altering rollback handling.

This commit provides a **bug fix** for the **`tui_app_server`** to correctly render and replay **hook notifications**. It addresses issues where `HookStarted` and `HookCompleted` events were lost due to a fragile JSON translation layer and dropped during session refreshes. The fix involves explicitly mapping app-server hook notifications into TUI events within `codex-rs/tui_app_server/src/chatwidget.rs` and preserving these buffered notifications across session refreshes in `codex-rs/tui_app_server/src/app.rs`. This ensures that the **TUI consistently displays hook status and output** for both cold-start and resumed sessions, enhancing the reliability of the interactive user experience.

This commit **enables the `tui_app_server` feature by default**, making the **TUI application server** functionality stable and universally available to users without requiring explicit configuration. The change involves updating `codex-rs/features/src/lib.rs` to mark `TuiAppServer` as stable and enabled. Additionally, it includes a minor **refactoring** in `codex-rs/tui_app_server/src/app_server_session.rs` to improve error logging for rate limit fetching and clean up imports. **Test suites** in both `tui` and `tui_app_server` are updated to explicitly enable or disable the feature for specific test scenarios, ensuring robust validation. This significantly impacts the **TUI user experience** by activating a core server component for all users.

This commit **fixes a bug** in the **`tui_app_server`** that caused **duplicate review messages and banners** to appear in the **TUI's chat widget** when the `/review` command was used. Previously, review lifecycle events like `EnteredReviewMode` and `ExitedReviewMode` were incorrectly rendering content multiple times or from redundant sources. The **refactoring** centralizes the handling of these events within `chatwidget.rs`, ensuring the review-start banner is rendered once from the `ItemStarted` path and the final review text is sourced solely from the assistant message. This **improves the user experience** by providing a clean, single display of **code review output** without redundant information.

This commit introduces **client-side support for remote app-server authentication**, enabling users to securely connect to app-server instances via WebSocket. It adds new **CLI options** to the `codex-rs/cli` such as `--remote-auth-token-env <ENV_VAR>` for specifying bearer tokens from environment variables. The **`codex-rs/app-server-client`** and **`codex-rs/tui_app_server`** modules are updated to transport these tokens during the WebSocket handshake, while enforcing a **security policy** that restricts token usage to `wss://` or loopback `ws://` URLs. This **new capability** significantly enhances the security and flexibility of remote app-server interactions, particularly for the interactive TUI mode.

This commit **fixes a bug** in the `tui_app_server` where shell commands were incorrectly rendered as fully quoted invocations rather than their parsed arguments. It introduces a **shared utility function `split_command_string`** within `exec_command.rs` to correctly parse and split shell-quoted command strings back into individual arguments. This new parsing logic is applied across the **`tui_app_server`'s command rendering path**, specifically for **live command execution items**, replayed thread items, and **execution approval requests** in `app.rs` and `chatwidget.rs`. The **bug fix** ensures that commands displayed in the TUI now appear consistently and correctly, aligning the app server's behavior with the direct TUI path and significantly improving readability for users.