Decodex

• The PR body says codex --remote now accepts ws://host:port, wss://host:port, unix://, and unix://PATH.
• codex-rs/app-server-client/src/remote.rs adds endpoint parsing and transport handling for WebSocket and Unix socket app-server endpoints.
• codex-rs/app-server-client/src/lib.rs reuses the existing JSON-RPC client protocol over either a WebSocket stream or a Unix socket stream.
• codex-rs/tui/src/lib.rs adds a fast startup probe for the default daemon socket and falls back to the embedded app-server when the daemon is missing or unresponsive.
• The PR records focused coverage for UDS remote round trips, WebSocket auth headers, auth-token transport policy, remote address parsing, and missing-daemon fallback.

Watch state Track when this lands in a public prerelease, because Decodex Control Plane and app-server integrations may be able to prefer local UDS transport over loopback WebSocket wiring.

1. PR Add support for UDS in `codex --remote` #22414
2. Commit Support UDS and websocket remotes f31f1b6

• The PR summary explicitly introduces experimental_network.danger_full_access_denylist_only and says it applies only to SandboxPolicy::DangerFullAccess sessions.
• The bundle shows the new field wired through config requirements parsing, app-server protocol/schema output, config API mapping, and the TUI debug config surface, which confirms this is a real operator-facing config addition rather than an internal constant.
• The core network proxy spec changes add a wildcard allowlist path plus dedicated tests for enforcing managed denied domains in danger-full-access mode.
• The PR body includes a concrete TOML example under [experimental_network] and repeatedly warns that the denylist remains best effort only, which is the key behavioral caveat for anyone enabling it.

Watch state Watch for follow-up hardening around bypass paths and non-loopback proxy listener behavior, since this mode deliberately trades strict isolation for broader connectivity.

1. PR [codex] Add danger-full-access denylist-only network mode #16946
2. Commit feat(network): add danger-full-access denylist-only mode 9d93253
3. Commit fix(network): broaden danger-full-access denylist-only mode 4df276f

• The PR body states the new goal directly: add an mcpResource/read method to read an MCP resource.
• The protocol bundle adds McpResourceReadParams, McpResourceReadResponse, and ResourceContent types plus a new mcpServer/resource/read request shape in both JSON schema and generated TypeScript outputs.
• The app-server implementation gains request handling in codex_message_processor.rs, and the shared test harness adds a dedicated send_mcp_resource_read_request helper for the new method.
• A new integration suite file, codex-rs/app-server/tests/suite/v2/mcp_resource.rs, provides focused end-to-end coverage for reading MCP resources through the v2 app-server path.

Watch state Watch for follow-up MCP Apps work that builds on resource reads with richer UI wiring, resource-template flows, or higher-level client helpers.

1. PR [mcp] Support MCP Apps part 1. #16082
2. Commit update 9d85fa8

• The code-mode description string now documents setTimeout(callback, delayMs?) and clearTimeout(timeoutId?) as built-in helpers available to runtime scripts.
• The runtime adds dedicated timeout callbacks, installs both globals, and introduces a new timers.rs module that schedules callbacks and tracks timeout IDs.
• Core integration coverage adds code_mode_can_resume_after_set_timeout, which awaits a promise built on setTimeout and verifies the exec call returns the expected output.
• The PR body notes the current implementation uses one thread per timer, which supports reading this as a real new capability with an acknowledged implementation tradeoff rather than a docs-only change.

Watch state Watch for a follow-up runtime implementation that moves timers onto a shared async scheduler instead of per-timeout threads.

1. PR Add setTimeout support to code mode #16153
2. Commit Add setTimeout support to code mode ee42b49
3. Commit Merge remote-tracking branch 'origin/main' into pakrym/add-settimeout-to-codemode 9113313
4. Commit codex: fix CI failure on PR #16153 9abf7ea

• The PR summary explicitly says model metadata paths stop depending on core::Config and lists new owners such as codex-models-manager, codex-model-provider-info, codex-api, codex-protocol, and codex-response-debug-context.
• The patch adds new workspace members and rewires Cargo manifests plus moved source files, which matches the claim that crate ownership is being redistributed rather than just lightly renamed.
• Follow-up commits in the same PR restore bundled-model fallback behavior and avoid a giant import-only rewrite, which supports reading the change as a staged ownership extraction instead of a breaking immediate surface reset.
• The touched files span core, api, app-server, protocol-adjacent code, and multiple new crates, so the main value is structural decoupling across the Codex Rust workspace.

1. PR extract models manager and related ownership from core #16508
2. Commit Extract models manager ownership from core e67d682
3. Commit codex: allow bundled models expect in PR #16508 2e105a9
4. Commit codex: restore bundled models fallback 4dd6b8e
5. Commit Address review style nits 22ddcb4

• The PR body says the unused-variable issue slipped in during PR #16578 and explicitly frames this as part of ongoing Windows bring-up work.
• The bundle contains a single-file diff in codex-rs/tui/src/tui.rs where let area = terminal.viewport_area; is moved under #[cfg(unix)], which directly matches the stated fix.
• No runtime logic, command paths, or user-visible rendering branches changed outside that binding placement, so the evidence supports calling this a narrow compile-path correction rather than a new TUI feature.

1. PR fix: address unused variable on windows #16633
2. Commit fix: address unused variable on windows 14da169

• The PR body says this change continues the compile-time cleanup from #16630 and cites package-clean codex-core rebuilds as the benchmark that showed the real gain.
• The patch removes #[async_trait] from SessionTask and concrete task implementations, switches the trait to native RPITIT futures, and adds an AnySessionTask adapter to keep boxing only at the heterogeneous storage boundary.
• The state layer changes RunningTask from Arc<dyn SessionTask> to Arc<dyn AnySessionTask>, which matches the PR narrative that task lifecycle semantics stay the same while the abstraction boundary moves.
• The touched files are all in the core task/state/test surface, which supports reading this as a scoped compile-time and maintainability change rather than a new end-user workflow.

1. PR core: cut codex-core compile time 48% with native async SessionTask #16631
2. Commit core: use native async SessionTask trait 2cafd78

• The PR narrative says a mailbox now backs inter-agent communication and that wait no longer takes a target argument.
• The wait.rs handler removes targets from WaitArgs and replaces per-agent status waiting with a mailbox-sequence watch, so fresh mailbox traffic becomes the completion signal.
• Session/task wiring was updated to treat mailbox items as pending input, which is the runtime path that makes the new wait behavior observable.
• Tests were rewritten to accept timeout-only wait_agent calls and to confirm that new mailbox activity after the wait starts completes the call, while already-queued mail does not.

1. PR feat: add mailbox concept for wait #16010
2. Commit feat: add mailbox concept for wait ddcdd1a
3. Commit clippy 3670d0e
4. Commit Merge remote-tracking branch 'origin/main' into jif/wait-mail-box 2fc9d2f
5. Commit nit fixes 89fa34b

• The PR body says the change adds a singleton environment manager created early in app-server startup and uses an environment variable to point Codex at a running exec server.
• codex-rs/exec-server/src/environment.rs adds CODEX_EXEC_SERVER_URL_ENV_VAR = "CODEX_EXEC_SERVER_URL" plus an EnvironmentManager backed by OnceCell, which is direct evidence that exec-server selection is now cached and env-driven.
• codex-rs/core/src/config/mod.rs and codex-rs/core/config.schema.json remove experimental_exec_server_url, showing the old config-surface override is no longer the supported path.
• codex-rs/app-server/src/lib.rs, codex-rs/app-server/src/in_process.rs, and codex-rs/tui/src/app.rs now construct EnvironmentManager::from_env() early, while codex-rs/core/src/codex_delegate.rs passes the parent exec-server URL into delegated threads.
• The new scripts/run_tui_with_exec_server.sh helper starts codex-exec-server, and the bundle's extracted flags include CODEX_EXEC_SERVER_URL="$exec_server_url", which supports the new env-based TUI handoff workflow.

Watch state Whether operator docs and surrounding tooling fully migrate from the removed experimental_exec_server_url knob to CODEX_EXEC_SERVER_URL, especially outside the new helper script.

1. PR Add cached environment manager for exec server URL #15785
2. Commit Add environment manager setup 2fdf36b
3. Commit Add environment manager for exec url 9524bd2
4. Commit codex: fix CI failure on PR #15785 8606dd1
5. Commit codex: route tui app server through env manager 9c07e68
6. Commit codex: drop broken remote-aware shell test 8986e44

• The PR body frames the change as three user-facing polish items: rename the openai-curated marketplace to OpenAI Curated, hide the /apps menu entry, and change the app-install-phase display text.
• Both codex-rs/tui and codex-rs/tui_app_server update bottom_pane/command_popup.rs to filter out SlashCommand::Apps, and both chatwidget/plugins.rs files replace Not installed yet. with Install the required Apps in ChatGPT to continue:.
• codex-rs/core/src/plugins/manager.rs adds OPENAI_CURATED_MARKETPLACE_DISPLAY_NAME = "OpenAI Curated" and uses it when the marketplace name is openai-curated, while manager_tests.rs is updated to expect that display name.

Watch state Whether any remaining plugin surfaces or docs still reference the older /apps command or the raw openai-curated marketplace name.

1. PR TUI plugin menu polish #15802
2. Commit Change label at app instalp step, hide /apps command c61d828
3. Commit Cleaner display name for OpenAI Curated plugins marketplace 9ede25d
4. Commit fmt 982b96d

• The PR description explicitly says -c features.tui_app_server=true could corrupt large streamed output because AgentMessageDelta and ItemCompleted were previously droppable under backpressure, leaving incomplete markdown on screen.
• The main file change in codex-rs/app-server-client/src/lib.rs expands must-deliver handling from terminal-only events to shared transcript-and-terminal notification classification, with comments calling out corrupted markdown and incomplete paragraphs as the failure mode.
• codex-rs/app-server-client/src/remote.rs now delegates to the same shared server_notification_requires_delivery logic, which is evidence that both in-process and remote app-server transports were aligned around the new lossless transcript policy.
• The commit set includes dedicated regression coverage for backpressure preservation plus follow-up docs and test adjustments, matching the PR's claim that transcript notifications now survive saturated queues.

1. PR fix(tui_app_server): preserve transcript events under backpressure #15759
2. Commit feat(tui_app_server): preserve transcript events under backpressure 86d0792
3. Commit test(app-server-client): add backpressure regression coverage f45919b
4. Commit docs(app-server-client): document backpressure forwarding internals e189c1c
5. Commit test(core): relax remote backpressure event ordering assertion b66ae15

• The PR body says websocket auth is enforced before JSON-RPC initialize, and that unauthenticated clients are rejected during the websocket handshake rather than after a connection is already open.
• The README adds a new security note and user-facing auth options: --ws-auth capability-token --ws-token-file ... and --ws-auth signed-bearer-token --ws-shared-secret-file ..., with optional issuer, audience, and clock-skew checks, and it documents Authorization: Bearer <token> for clients.
• The change adds a dedicated transport/auth.rs module and expands websocket transport tests, backing the feature with real transport-layer enforcement, constant-time capability-token checks, JWT verification via jsonwebtoken, and 403 rejection for Origin-bearing browser-style handshakes.

Watch state During rollout, non-loopback websocket listeners still remain unauthenticated by default unless --ws-auth is explicitly configured.

1. PR feat: add websocket auth for app-server #14847
2. Commit feat: add websocket auth flags for app-server 22d51ec
3. Commit refactor: rename transport auth module a19f46d
4. Commit fix: harden websocket auth verification 35cff1b
5. Commit fix: reject browser-origin websocket handshakes without auth c9e706f
6. Commit fix: make websocket auth opt-in during rollout c1f1b6d
7. Commit fix: use jwt for signed websocket auth 3b84329
8. Commit refactor: remove insecure websocket rollout flag 61baaee
9. Commit codex: address PR review feedback (#14847) 4e69aa8
10. Commit refactor: use jsonwebtoken for websocket jwt auth 7b79230
11. Commit Merge remote-tracking branch 'origin/main' into codex/viyatb/app-server-websocket-auth a91c332

• The PR body explicitly says the goal is to queue input after the user submits /compact until that manual compact turn ends, mirror the behavior in the app-server TUI, and add regressions for messages queued before and during compact.
• codex-rs/protocol/src/protocol.rs adds NonSteerableTurnKind::{Review, Compact} plus an ActiveTurnNotSteerable error, showing /review and manual /compact now take a distinct retryable path instead of generic steering.
• Both codex-rs/tui/src/chatwidget.rs and codex-rs/tui_app_server/src/chatwidget.rs add a rejected_steers_queue, and the pending-input preview snapshots add a new Messages to be submitted at end of turn section for those deferred prompts.
• New and updated snapshots for compact_queues_user_messages and review_queues_user_messages, along with codex-rs/core/src/codex_tests.rs, verify the queued-retry behavior and visible messaging in both frontends.

1. PR tui: queue follow-ups during manual /compact #15259
2. Commit steer: queue follow-ups for non-steerable turns ff28c3b

• The PR body explicitly says duplicate app mentions are suppressed for plugin-backed entries with the same display name, remaining connector mentions are labeled [Plugin] instead of [App] when plugin metadata exists, and mention result lists are capped to 8 rows in both tui and tui_app_server.
• chat_composer.rs in both codex-rs/tui and codex-rs/tui_app_server now builds a set of plugin display names and checks connector.plugin_display_names, which is the concrete path for deduping and relabeling plugin-backed mention items.
• file_search_popup.rs and skill_popup.rs in both frontends now truncate filtered results to MAX_POPUP_ROWS, and the added tests assert that only the first page of matches is kept after filtering.

1. PR Label plugins as plugins, and hide skills/apps for given plugin #15279
2. Commit Label plugins as plugins, and hide skills/apps for given plugin from 4ce939c
3. Commit tui: keep plugin-backed app mentions visible in skill picker bb0beef

• The PR title and body explicitly say tui_app_server is removing legacy app-server notifications and dropping the local ChatGPT auth refresh request path, and frame it as cleanup split out from the larger app-server migration.
• codex-rs/tui_app_server/src/app/app_server_adapter.rs removes imports for load_local_chatgpt_auth, ChatgptAuthTokensRefreshParams, and RequestId, and the patch excerpt shows the old AppServerEvent::ServerRequest handling branch being deleted.
• codex-rs/tui_app_server/src/local_chatgpt_auth.rs removes ChatgptAuthTokensRefreshResponse plus the to_refresh_response helper, which is concrete evidence that this adapter no longer builds the legacy refresh response payload.

1. PR Remove legacy auth and notification handling from tui_app_server #15414
2. Commit Remove legacy auth and notification handling from tui_app_server 263c63a
3. Commit codex: fix CI failure on PR #15414 e65c137

• The PR body explicitly says the removed handling was temporary, only needed for very old rollouts, and not supported by the IDE extension or app clients either.
• codex-rs/tui_app_server/src/app/app_server_adapter.rs removes the legacy notification translation layer, including LegacyThreadNotification and the old JSONRPCNotification-based handling path.
• codex-rs/tui_app_server/src/app.rs deletes LegacyWarning, LegacyRollback, the pending rollback queue, and related buffering/session-refresh logic, showing the TUI app-server no longer preserves or replays those events.
• codex-rs/tui_app_server/src/chatwidget.rs removes the warning-message hook used by this path, completing the TUI-side cleanup.

1. PR Remove legacy app-server notification handling from tui_app_server #15390
2. Commit codex: remove tui_app_server legacy notification handling fcb4222
3. Commit Merge remote-tracking branch 'origin/main' into codex/pr-15106-tui-legacy-notifications 05b63be

• The PR body explicitly says the new dummy v8-poc project demonstrates that Codex can successfully link and use V8 on the platforms it wants to target.
• codex-rs/Cargo.toml adds a new v8-poc workspace member and pins v8 = =146.4.0, while codex-rs/v8-poc/src/lib.rs adds a proof-of-concept crate with tests that initialize V8 and evaluate an expression.
• MODULE.bazel, third_party/v8/BUILD.bazel, and the Rust CI and release workflows add target-specific V8 artifact wiring, including musl overrides and Bazel-side source-built archives for shipped platforms.

1. PR Add v8-poc consumer of our new built v8 #15203
2. Commit Add v8-poc consumer of our new built v8 733e868
3. Commit Build v8-poc as part of CI 20ce301
4. Commit Working on all platforms 9ae2f06
5. Commit Ignore codex-v8-poc 1fb916a
6. Commit Prepull our artifacts for musl f8a239e
7. Commit Path b6b58e1
8. Commit Fix bazel build for v8-poc 7b80661
9. Commit Repatch rusty_v8 393b560
10. Commit Always link v8 6c0deb2
11. Commit Build v8 for our bazel platforms ffbe942
12. Commit Remove local=1 e43c0f6
13. Commit darwin exception 9edd9a3

• The PR body explicitly says image-generation items should be restored in resumed thread history.
• The protocol schemas add a savedPath field to image-related notifications and thread responses so image history can carry the persisted file location.
• The commit sequence includes Persist image generation end events for history replay and Add tests for resumed image history preservation, which confirms this is an intended behavior change.

1. PR Feat/restore image generation history #15223
2. Commit Restore image generation items in resumed thread history f065885
3. Commit Persist image generation end events for history replay 005e6fc
4. Commit Restore saved image paths in resumed history e870aae
5. Commit Add copy guidance for generated images 85464fb
6. Commit Fix tui app server image generation adapter f1a6367
7. Commit Add tests for resumed image history preservation ace552c
8. Commit Remove temporary image history proof tests b1ed4a7
9. Commit Avoid duplicating saved image blobs in limited rollouts 050a478
10. Commit Remove rollout image persistence test 66aa6d1
11. Commit Revert rollout image blob clearing 6e7d372
12. Commit Trim restore image history branch scope 0552a98

• The PR body says early users with enabled apps should have plugins enabled as part of initial setup.
• The core plugin manager now routes startup work through startup_sync.rs and renames the old curated-repo sync path into broader startup plugin tasks.
• The integration test app_server_startup_remote_plugin_sync_runs_once verifies that the remote plugin sync happens once at startup.

1. PR feat: Add One-Time Startup Remote Plugin Sync #15264
2. Commit feat: Add One-Time Startup Remote Plugin Sync 56c33c2

• Primary PR metadata identifies the change as “Disable hooks on windows for now” and includes a temporary-status body (“We'll verify a bit later... and re-enable”).
• The modified file codex-rs/hooks/src/engine/mod.rs adds a cfg!(windows) early return that initializes handlers as empty and sets a warnings message stating hooks are disabled because lifecycle hooks are not yet supported on Windows.
• Bundle evidence shows exactly one commit (933ef3ccbdeb1877f2f9ba45d1379826f4c63088) with message “disable hooks on windows for now,” and that commit is tied to the merged PR 15252.
• The patch shows no deletions and only additions around hook startup logic, indicating a targeted behavioral gate rather than broad refactoring.

1. PR Disable hooks on windows for now #15252
2. Commit disable hooks on windows for now 933ef3c

• The PR body explicitly describes a preliminary /plugins menu in both tui and tui_app_server, including loading, search, and detail-view behavior.
• The testing section in the PR body documents the exact /plugins flow to verify, including disabled behavior when plugins are not enabled.
• The patch adds plugin list and plugin read wiring in tui/src/app.rs and tui/src/app_event.rs, which is the concrete UI plumbing for the new menu.

1. PR Initial plugins TUI menu - list and read only. tui + tui_app_server #15215
2. Commit Initial plugins TUI - list and read only. tui + tui_app_server ff5efc8
3. Commit Combine marketplace_path and plugin_name into PluginReadParams a101165

• PR #15199 body explicitly states the lint path is moving to the released DotSlash artifact for normal CI and just workflows, while preserving source-build for active lint development.
• The files changes include adding tools/argument-comment-lint/argument-comment-lint and run-prebuilt-linter.sh, plus wrapper behavior updates in tools/argument-comment-lint/run.sh and src/bin/argument-comment-lint.rs to normalize nightly toolchain naming and infer RUSTUP_HOME when needed.
• CI and task wiring changed to enforce this path: .github/workflows/rust-ci.yml is split into dedicated lint jobs and justfile routes argument-comment-lint to the prebuilt wrapper instead of the source wrapper.
• A follow-up evidence bundle commit (a1b8effb15edfc337ba58215adc4d70f60c548ac) adds compatibility fixes across Windows sandbox call sites to make the stricter lint clean on current code, supporting the PR’s stated goal of a green prebuilt lint run.

1. PR Use released DotSlash package for argument-comment lint #15199
2. Commit Use released DotSlash package for argument-comment lint a1b8eff

• The app-server README now documents plugin/install as installing bundled MCPs in addition to returning auth policy information.
• The new plugin_mcp_oauth.rs path wires OAuth login handling for MCP servers discovered during plugin installation.
• The integration test plugin_install_makes_bundled_mcp_servers_available_to_followup_requests verifies that bundled MCP servers become usable right after install.

1. PR [plugins] Install MCPs when calling plugin/install #15195
2. Commit update 1a910fd

• PR body explicitly states the intent: move auth implementation and token data into codex-login, while keeping codex-core re-exporting that surface.
• New auth-focused files were added under codex-rs/login/src/auth (including error.rs and util.rs), and logic previously in core files (for example core/src/error.rs and core/src/util.rs) was moved to those modules.
• codex-rs/core/src/lib.rs now re-exports codex_login auth/default-client modules so downstream crates can continue using core-facing auth APIs after the move.
• Consumers were updated across app-server, exec, tui, and cli to import auth structures from codex_login compatibility paths, showing an intentional dependency re-alignment rather than a feature addition.

1. PR Move auth code into login crate #15150
2. Commit Move terminal module to its own crate df7a587
3. Commit Rename terminal crate to terminal-detection 3661c08
4. Commit codex: fix CI failure on PR #15216 9e6c404
5. Commit Move auth code into login crate 4b9dde5
6. Commit codex: clean up auth import style on PR #15150 a717396
7. Commit codex: fix CI failure on PR #15150 905255d
8. Commit codex: avoid default_client imports in login on PR #15150 59c056e
9. Commit codex: restore login auth API surface on PR #15150 499c319
10. Commit unify 112d231

• The PR body explicitly says the approach is to use rusty_v8 everywhere possible and to build a musl V8 from source for x86/aarch64, with a release step for consumption.
• Added .github/scripts/rusty_v8_bazel.py introduces the musl-oriented Bazel build orchestration and packaging metadata used by the new release path.
• Added .github/workflows/v8-canary.yml and .github/workflows/rusty-v8-release.yml, creating a dedicated canary/release lane (including optional GitHub release publishing) for V8 artifacts instead of coupling them to standard CI.
• Updated build metadata in MODULE.bazel, MODULE.bazel.lock, and new Bazel patches under patches/ to pin/use V8 14.6.202.9 plus required dependency/workspace overrides.
• Adjusted .github/workflows/bazel.yml to exclude //third_party/v8:all from ordinary Bazel test runs, matching the PR’s “keep V8 out of ordinary CI” intent and evidence trail in commit history.

1. PR V8 Bazel Build #15021
2. Commit Setup a new v8-poc package d317180
3. Commit Merge the v8 building for musl 6c2e61f
4. Commit Update v8 version ca8204a
5. Commit Link in the missing llvm runtime archives cef4b77
6. Commit Version match f496726
7. Commit Do not test this package by default d040eda
8. Commit Add canary workflow for now dc98f8e
9. Commit I swear no v8 4809cd1
10. Commit Split v8-poc consumer to follow-up branch 1ab6566
11. Commit rename to v8-canary 2d05604
12. Commit Remove v8 from cargo.toml for now 93dbe48
13. Commit Fix build 3b573d1
14. Commit Hermetic python + cleanup e358585
15. Commit skylib b9f2761
16. Commit Build opt for release abc472b
17. Commit Release fixes d0289aa
18. Commit Stronger lean in to opt 14f4bd9
19. Commit Address PR feedback f92d130
20. Commit Drop patch to prebuilt v8 cef0a87

• PR narrative states the change pattern per feature: trait on environment, local implementation, remote implementation via network proxy, and handler integration for PRC requests.
• codex-rs/exec-server/src/file_system.rs introduces the shared ExecutorFileSystem interface and supporting option/type definitions.
• codex-rs/exec-server/src/environment.rs switches get_filesystem to return RemoteFileSystem when a remote client exists, otherwise LocalFileSystem.
• codex-rs/exec-server/src/remote_file_system.rs adds a new remote implementation that fulfills the shared trait with protocol-level filesystem operations.
• codex-rs/exec-server/tests/file_system.rs adds a large parameterized test module covering filesystem operations for both local and remote file systems.
• codex-rs/exec-server/src/server/file_system_handler.rs and codex-rs/exec-server/src/server/handler.rs are updated to use the new module split and handler naming.
• codex-rs/exec-server/src/server/transport.rs adds websocket URL output support used by the test harness (exec_server.rs).

1. PR Refactor ExecServer filesystem split between local and remote #15232
2. Commit Extract local and remote fs APIs 4b42ea8
3. Commit Add parameterized file system tests ec76d77
4. Commit Merge remote-tracking branch 'origin/main' into pakrym/compare-execserverfilesystem-and 7dc0759
5. Commit Print exec server websocket URL 4a9479b
6. Commit exec-server: remove expect usage in filesystem tests 4b303df

• The PR body explicitly says the default image-generation save directory now points at codex_home with a per-thread path.
• The Rust helper in stream_events_utils.rs now builds image artifact paths from codex_home and a dedicated generated_images directory instead of std::env::temp_dir().
• Tests in codex_tests.rs and stream_events_utils_tests.rs were updated to expect the new codex-home path, which confirms this is a behavior change rather than a comment-only cleanup.

1. PR changed save directory to codex_home #15222
2. Commit changed save directory to codex_home 5d11650
3. Commit Collapse generated image artifact helpers 6cd6f49
4. Commit Avoid expect in image artifact path handling f8b8920

• The PR body explicitly says the legacy MCP startup update event is now exposed as an API v2 notification.
• The protocol schemas add both McpServerStartupState and McpServerStatusUpdatedNotification, which defines the new event contract.
• The server notification schema now registers mcpServer/startupStatus/updated as a first-class v2 notification method.

1. PR feat(app-server): add mcpServer/startupStatus/updated notification #15220
2. Commit feat(app-server): add mcpServer/status/updated notification 9c0fdb4
3. Commit mcpServer/startupStatus/updated ba1d743
4. Commit fix random bug c58e46d

• The PR narrative is explicitly feat: expose needs_auth for plugin/read and the merge record is openai/codex#15217.
• Schema updates add needsAuth: boolean and require it in codex_app_server_protocol.schemas.json, codex_app_server_protocol.v2.schemas.json, v2/PluginInstallResponse.json, and v2/PluginReadResponse.json, indicating a contract-level API field addition.
• Protocol type definitions were updated in v2/AppSummary.ts and protocol/v2.rs to carry a needs_auth/needsAuth field in AppSummary, with conversion paths updated to populate it.
• plugin_app_helpers.rs now queries connector access/auth status before emitting plugin summaries, and returns early with plugin summaries when the auth-status service is unavailable, showing runtime handling for the new metadata.
• Tests in plugin_install.rs were updated with needs_auth: true expectations for auth-required plugin cases, anchoring the new behavior in executable behavior checks.

1. PR feat: expose needs_auth for plugin/read. #15217
2. Commit feat: expose needs_auth for plugin/read. d9f6b7f

• Primary PR title/body says it adds full image paths so generated images are open-able in TUI, currently limited to VSCode Terminal.
• In codex-rs/tui/src/chatwidget.rs and codex-rs/tui_app_server/src/chatwidget.rs, image generation end handling now maps saved paths through url::Url::from_file_path(...).to_string(), producing URI-formatted paths.
• In both codex-rs/tui/src/history_cell.rs and codex-rs/tui_app_server/src/history_cell.rs, rendering changed from saved_to to saved_path and directly displays the formatted path string after Saved to:.
• Snapshot and test updates in TUI history outputs/tests replace /tmp/ig-1.png with file:///tmp/ig-1.png, showing the visible output change.
• Additional identical updates in both codex-rs/tui and codex-rs/tui_app_server indicate the behavior applies to both terminal UI variants.

1. PR adding full imagepath to tui #15154
2. Commit adding full imagepath to tui 51153be
3. Commit added snapshots 8ca6ef3
4. Commit flaky code f27a4e9

• PR #15206 explicitly sets the goal to tag app-server turn spans with turn.id for turn/start, turn/steer, and turn/interrupt.
• primary_pr.title and the two commits (7f9f93e057d7c73a84ea071aabcc88ddfe743150, 8e042a093cceac78a48d1d8cabd6f6247e51532f) are narrowly scoped to tracing and turn-id propagation.
• app_server_tracing.rs adds a turn.id field into the server request span template.
• codex_message_processor.rs records turn IDs into request context for both turn start and turn interrupt request flows.
• outgoing_message.rs introduces a shared context method that stores turn IDs by request_id, and tracing tests assert turn.id equals the returned turn ID.

1. PR feat(tracing): tag app-server turn spans with turn_id #15206
2. Commit feat(tracing): tag app-server turn spans with turn_id 7f9f93e
3. Commit also record turn id for turn/steer and turn/interrupt 8e042a0

• The PR description explicitly frames the change as solving multi-session identification and documents /title as a new, separate terminal-title surface.
• codex-rs/core/src/config/types.rs and codex-rs/core/src/config/mod.rs add tui.terminal_title mapped into runtime config, with defaults in docs/schema (config.schema.json) to spinner and project when unset.
• codex-rs/tui/src/slash_command.rs adds the /title command, and codex-rs/tui/src/bottom_pane/title_setup.rs introduces the in-TUI selection/reordering UI, wired through bottom_pane/mod.rs and app_event.rs.
• codex-rs/tui/src/terminal_title.rs adds dedicated OSC terminal-title output and sanitization logic, while codex-rs/tui/src/chatwidget/status_surfaces.rs and chatwidget.rs integrate title refresh with the existing status pipeline.
• The bundle includes added/updated tests and snapshots (title_setup snapshot + chatwidget/config tests), indicating behavior verification for the new user-facing flow rather than purely internal cleanup.

1. PR feat(tui): add /title terminal title configuration #12334
2. Commit feat(tui): add /title terminal title configuration db4b7fe
3. Commit codex: fix CI failure on PR #12334 5d24272

• The PR body explicitly states that it carries surviving exec-server process and filesystem RPC implementation on top of existing websocket-based scaffolding and calls out the macOS SCCACHE regression workaround.
• Primary PR narrative + commits show a feature rollout: initial implementation (Add exec-server process and filesystem RPCs) plus follow-up lifecycle fix (exec-server: report false after retained exit).
• codex-rs/exec-server/src/protocol.rs adds method constants for process (process/start, process/read, process/write, process/terminate, process/output, process/exited) and filesystem RPCs (fs/readFile, fs/writeFile, fs/createDirectory, etc.).
• Server-side expansion is added in codex-rs/exec-server/src/server/filesystem.rs and codex-rs/exec-server/src/server/registry.rs, with substantial handler updates, indicating the new RPC surface is actually dispatched and handled.
• Client-facing layers were updated (client.rs, client_api.rs, lib.rs, local_backend.rs) to expose/read new RPC/notification types, while transport/routing internals in rpc.rs/processor.rs were refactored to support the new request/notification paths.
• Regression-hardening is included via .github/workflows/rust-ci.yml: SCCACHE is disabled for windows and macos-15-xlarge + x86_64-apple-darwin to avoid mixed-architecture ring/cc-rs cache failures.
• New/updated tests in codex-rs/exec-server/src/server/handler/tests.rs and codex-rs/exec-server/tests/process.rs show validation of the new behavior path.
• Build metadata changes (base64 and codex-utils-pty dependencies) and Cargo.lock updates support the newly added process and FS implementation paths.

1. PR Add exec-server process and filesystem RPCs #15090
2. Commit Add exec-server process and filesystem RPCs (#15090) dd1416a
3. Commit exec-server: report false after retained exit ab89fdf

• Primary PR context states the previous linter flow required building from source and that PRs commonly failed later in CI because violations were not checked until later, motivating a prebuilt artifact distribution.
• The new .github/dotslash-argument-comment-lint-config.json defines packaged outputs for macos-aarch64, linux-x86_64, linux-aarch64, and windows-x86_64, each pointing to argument-comment-lint executables under a packaged bin/ path.
• A new .github/workflows/rust-release-argument-comment-lint.yml workflow is added to build host-specific release artifacts (archives/zips), and rust-release.yml is updated to invoke it and publish the new DotSlash manifest on releases.
• tools/argument-comment-lint/src/bin/argument-comment-lint.rs adds a dedicated runner binary that resolves sibling packaged binaries/libraries and invokes cargo-dylint with the bundled library path, making the release artifact directly runnable.
• Docs were updated (tools/argument-comment-lint/README.md) to describe the released argument-comment-lint DotSlash package layout and target coverage.

1. PR Publish runnable DotSlash package for argument-comment lint #15198
2. Commit Publish runnable DotSlash package for argument-comment lint 5afbcf6

• The PR metadata identifies the change as "Add experimental exec server URL handling" and documents it as merged in openai/codex PR 15196, with commit 1f0ed50a125c758bb8d4d2f71e425e9eef3519f4.
• codex-rs/core/src/config/mod.rs adds experimental_exec_server_url: Option<String> to both Config and ConfigToml, with doc text explicitly describing it as an override for the remote exec server URL.
• codex-rs/core/src/config.schema.json adds experimental_exec_server_url as a schema field, exposing it as a configurable runtime input.
• codex-rs/core/src/codex.rs now constructs environment via Environment::create(config.experimental_exec_server_url.clone()).await?, directly consuming the new config value during session setup.
• codex-rs/exec-server/src/environment.rs replaces a unit Environment with a stateful struct that stores the optional override URL and a possible remote_exec_server_client, supporting the configurable connection path.

1. PR Add experimental exec server URL handling #15196
2. Commit Add experimental exec server config 1f0ed50

• Primary PR narrative is explicit: title is Revert "Forward session and turn headers to MCP HTTP requests" and body states it reverts openai/codex#15011.
• The revert commit is bab2a28f26223da6a3a6f61bb9656d2f8d6cc4ee, whose message matches the PR title and confirms intent.
• codex-rs/core/src/codex.rs removes sync_mcp_request_headers_for_turn, which was responsible for building/stashing turn- and session-derived request headers.
• codex-rs/core/src/tasks/mod.rs removes both the per-turn header sync call and turn-state header-clear calls, indicating the rollback of that lifecycle behavior.
• codex-rs/core/src/mcp_connection_manager.rs and codex-rs/core/src/mcp_connection_manager_tests.rs remove request-header storage/carrying state in AsyncManagedClient and related tests.
• codex-rs/rmcp-client/src/rmcp_client.rs removes request-scoped-header handling for JSON-RPC client messages, including the message_uses_request_scoped_headers logic.

1. PR Revert "Forward session and turn headers to MCP HTTP requests" #15185
2. Commit Revert "Forward session and turn headers to MCP HTTP requests (#15011)" bab2a28

• PR #15175 is explicitly framed as "morpheus does not generate memories" and is merged in openai/codex as a PR-first bundle (analysis_mode: pr_first).
• codex-rs/core/src/memories/phase2.rs adds agent_config.memories.generate_memories = false when creating the consolidation sub-agent config, directly changing runtime behavior for that path.
• codex-rs/core/src/memories/tests.rs now binds the consolidation thread id before fetching the thread and reads its config_snapshot, indicating test-level verification tied to the consolidation thread behavior.

1. PR chore: morpheus does not generate memories #15175
2. Commit chore: morpheus does not generate memories db01ae2
3. Commit nit fix 9c1838e

• PR #15180 is titled chore: add metrics for profile and has a committed change set tied to a single merged commit (959dc2a4d88ebe8caad796b05e5a76096ba20f2e)
• codex-rs/otel/src/metrics/names.rs now defines PROFILE_USAGE_METRIC as codex.profile.usage, establishing a new named metric in the shared telemetry namespace
• codex-rs/otel/src/events/session_telemetry.rs imports PROFILE_USAGE_METRIC and increments it via self.counter(..., 1, &[]) whenever active_profile.is_some() is true

1. PR chore: add metrics for profile #15180
2. Commit chore: add metrics for profile 959dc2a

• The PR body explicitly frames the change around three behaviors: adding SessionSource::Custom(String) plus --session-source, enforcing plugin and skill products by session_source, and applying the same filtering to curated background refresh.
• Protocol and schema changes add a custom session-source shape, which shows this is a supported runtime input rather than an internal one-off.
• The runtime wiring passes the chosen session source through app-server setup instead of hardcoding a fixed source, making product-aware filtering active at execution time.
• Plugin and skill loading paths now check product restrictions against the session-derived product, so mismatched items are hidden or treated as unavailable.
• The test additions cover disallowed product plugins and product-scoped skill visibility, confirming this is a deliberate user-visible behavior change.

1. PR feat: support product-scoped plugins. #15041
2. Commit feat: support product-scoped plugins. d3b349c
3. Commit Address comments. 06e9a1a

• The PR title and body frame the change around a new thread/shellCommand API plus TUI support for ! shell commands, making the PR itself a clear user-facing capability addition.
• Protocol/schema files add a dedicated ThreadShellCommand request shape and ThreadShellCommandParams, while command items gain a CommandExecutionSource field, showing this is a first-class app-server surface rather than an internal workaround.
• codex_message_processor.rs, app_server_session.rs, and tui_app_server/src/app.rs wire request handling and submission for thread/shellCommand, connecting the new API to the app-server-backed TUI path.
• tui_app_server/src/chatwidget.rs removes the prior disabled-error behavior for ! commands and instead dispatches run_user_shell_command, while core/src/tasks/user_shell.rs adds rollout materialization for standalone shell-output persistence.
• The new test suite app-server/tests/suite/v2/thread_shell_command.rs and updated chatwidget tests provide direct evidence that the request path and TUI behavior were intentionally added and verified.

1. PR Add thread/shellCommand to app server API surface #14988
2. Commit Add thread shellCommand support to tui app server eb6a697
3. Commit codex: address PR review feedback (#14988) e14a72a
4. Commit codex: fix CI failure on PR #14988 aac5786
5. Commit codex: revert broad rollout persistence change 3aadef3
6. Commit codex: fix protocol clippy default derivation 6fa40a7
7. Commit codex: fix CI formatting on PR #14988 03dd655
8. Commit codex: clarify standalone shell turn docs on PR #14988 37d04c6
9. Commit codex: revert thread command output delta raw-bytes followup (#14988) f4d42d0

• The PR title and body explicitly frame the change as adding simple directory-mention support in the TUI, with trailing slashes used to distinguish directories from extensionless files.
• The Rust search model in codex-rs/file-search adds a MatchType on search results, and the app-server mapping forwards that as FuzzyFileSearchMatchType with file and directory variants.
• Generated JSON/TypeScript protocol schemas now require match_type on FuzzyFileSearchResult, and fuzzy-file-search tests were updated to expect the new field, confirming this is a real behavior-contract change rather than internal cleanup.

Watch state Watch for follow-up client updates that consume match_type and fully differentiate folder links outside the TUI.

1. PR Simple directory mentions #14970
2. Commit Simple folder mentions a4277b0
3. Commit Use trailing slash df3a8b4
4. Commit Add match type 385be6b
5. Commit Added match_type to indicate file/directory mentions c0617a5
6. Commit Merge conflicts f9634cb
7. Commit Fix test in windows envs 0dbfa40

• The PR title and body explicitly frame the change as exposing turn_id to hook scripts so runs can be connected to particular turns.
• The generated hook input schemas for stop.command.input and user-prompt-submit.command.input now require a string turn_id field.
• The Rust hook event code now serializes request.turn_id into both Stop and UserPromptSubmit payloads, and the test suite was expanded to log hook inputs and verify turn-scoped behavior.

1. PR [hooks] turn_id extension for Stop & UserPromptSubmit #15118
2. Commit turn_id extension for stop/userpromptsubmit 9647be0
3. Commit codex: fix CI failure on PR #15118 524f3aa

• The PR title and body explicitly frame this as new Python SDK convenience methods: thread.run(...) and async thread.run(...) for the common case.
• The code adds new _inputs.py and _run.py helpers, including RunInput and a RunResult dataclass with final_response, collected items, and optional usage.
• The README, getting-started guide, quickstart examples, and runtime/signature tests were updated to use thread.run(...), which shows the new flow is intended for public use rather than internal refactoring.

1. PR Add Python SDK thread.run convenience methods #15088
2. Commit python-sdk: add thread.run convenience methods 3536149
3. Commit python-sdk: update quickstart examples for thread.run 33289a1
4. Commit python-sdk: fix thread.run final response semantics 5f141ad
5. Commit python-sdk: use typed thread items for run results 62ff8ba
6. Commit Merge remote-tracking branch 'origin/main' into dev/shaqayeq/python-sdk-thread-run 93f5ebe
7. Commit python-sdk: prefer final-answer phase in run results 4c52a5d
8. Commit python-sdk: split convenience helpers out of api 49ff282
9. Commit python-sdk: inline turn handles into api facade a32b804
10. Commit python-sdk: make run final_response optional 7f5e539

• The PR title is Support featured plugins, and the protocol schema, Rust type, and generated TypeScript type for PluginListResponse all add a featuredPluginIds array.
• The core plugin remote layer adds a dedicated fetch_remote_featured_plugin_ids path with a separate featured-plugin fetch timeout, showing this is backed by a distinct remote data source rather than local-only metadata.
• The app-server plugin-list test now mocks an authenticated GET /backend-api/plugins/featured call returning IDs like linear@openai-curated and calendar@openai-curated, which ties the new response field to real plugin-list behavior.

Watch state Whether downstream UIs actually use featuredPluginIds to rank or badge plugins; this PR adds the metadata path, not a visible marketplace redesign.

1. PR Support featured plugins #15042
2. Commit Support featured plugins 39be8e1
3. Commit add cache a553a10
4. Commit fmt 63aa14e
5. Commit minor d0ba77e
6. Commit remove unrelated 9e93805
7. Commit remove py 9236f69
8. Commit revert unrelated 03d7d85
9. Commit merge startup e605d01
10. Commit pass clone 0d58db1

• The PR title and body explicitly frame this as an "initialize-only" exec-server stub slice with protocol docs, not a full execution feature.
• codex-rs/Cargo.toml, codex-rs/exec-server/Cargo.toml, and codex-rs/Cargo.lock add a new codex-exec-server workspace crate and binary target.
• codex-rs/exec-server/README.md documents a standalone server, shared JSON-RPC wire protocol, and two supported transports: ws://IP:PORT and stdio://.
• codex-rs/exec-server/src/bin/codex-exec-server.rs, src/protocol.rs, src/rpc.rs, and src/server/transport.rs provide the new server entrypoint, initialize protocol types, RPC plumbing, and transport parsing/runtime support.
• Smoke tests in codex-rs/exec-server/tests/stdio_smoke.rs and codex-rs/exec-server/tests/websocket_smoke.rs verify the initialize flow over both transport modes, which confirms the stub is functional at the protocol layer.

1. PR Add exec-server stub server and protocol docs #15089
2. Commit Add codex-exec-server crate 144c359
3. Commit docs(exec-server): add protocol README 949932c
4. Commit Add Bazel package for exec-server 40cc199
5. Commit Trim exec-server PR to stub server slice 2958067
6. Commit Keep first exec-server PR initialize-only 7607197
7. Commit Add generic RPC server glue to exec-server stub 16ff474
8. Commit Add generic exec-server RPC foundation 0a846a2
9. Commit Wire notification sender into exec-server RPC foundation c5dbe42
10. Commit Remove outer handler mutex from exec-server RPC base 66f49ea
11. Commit Test generic exec-server RPC response matching 43b112c
12. Commit exec-server: simplify stub json-rpc transport shape 2661dc5
13. Commit exec-server: address transport review feedback 3b4a522
14. Commit exec-server: keep malformed-json connections alive 2ed509d
15. Commit exec-server: trim unused stub dependencies 866743d

• The PR body states three user-visible objectives: use requirement-resolved config.features as the plugin gate, guard plugin list/read flows behind that gate, and skip bad marketplace.json files instead of failing the entire list.
• codex-rs/core/src/plugins/marketplace.rs now wraps marketplace loading in a match that warns and continues on failure, and adds a test for skipping failing marketplaces.
• codex-rs/app-server/src/codex_message_processor.rs changes plugin request handling to load latest config (load_latest_config) before continuing and treats plugin-disabled as a distinct case instead of treating marketplace/config issues as a hard plugin failure.
• codex-rs/core/src/skills/manager.rs and call sites in codex-rs/core/src/codex.rs, codex-rs/core/src/codex_tests.rs, and codex-rs/core/src/tools/runtimes/shell/unix_escalation.rs now pass config into skills_for_cwd, making behavior follow the active config state.

1. PR fix: harden plugin feature gating #15104
2. Commit fix: read plugin feature flag from requirement-resolved config. 62b5fbc
3. Commit guard plugin/*** with the feature flag. fdd9ab9
4. Commit Fail open to marketplace.json fail. 2f834ba
5. Commit Cleanup configured_plugin_states 801f834

• PR openai/codex#15103 is explicitly titled "Add update_plan code mode result" and the sole commit is message "Implement code-mode plan result," indicating a focused behavioral change.
• codex-rs/core/src/tools/handlers/plan.rs changed imports and added PlanToolOutput, with new payload/output/model types (FunctionCallOutputPayload, ResponseInputItem, ToolOutput, serde_json::Value) tied to plan/update handling.
• codex-rs/core/tests/suite/code_mode.rs adds code_mode_update_plan_nested_tool_result_is_empty_object, explicitly executing tools.update_plan(...) from code mode and asserting the nested tool call is successful plus parseable JSON handling.
• The change is confined to plan-tool and code-mode test surfaces, matching the PR title and no unrelated files in the bundle.

1. PR Add update_plan code mode result #15103
2. Commit Implement code-mode plan result e1b3f11

• The PR title and body explicitly say realtime handoff output should be prefixed with the agent final message label for both realtime v1 and v2.
• methods_common.rs adds a shared AGENT_FINAL_MESSAGE_PREFIX constant and prepends it inside conversation_handoff_append_message, which is the code path that builds the outbound handoff message.
• Realtime websocket and core conversation tests were updated to expect "Agent Final Message":\n\n... in both output_text and delegated output fields, confirming this is an intentional behavior change rather than a test-only refactor.

1. PR Add final message prefix to realtime handoff output #15077
2. Commit Add final message prefix to realtime handoff output 26e0227

• The PR title and body explicitly mark this as a revert of PR #15020 because changes were merged before review was finished.
• The protocol and generated schemas remove SessionSource::Custom(...), drop the custom thread source kind, and delete the --session-source app-server CLI argument.
• App-server docs now say the default interactive sourceKinds set is only cli and vscode, no longer including custom product sources.
• Core and app-server changes remove session-source-based skill and curated-plugin filtering helpers, and related plugin-list/plugin-install tests are deleted.

1. PR Revert "fix: harden plugin feature gating" #15102
2. Commit Revert "fix: harden plugin feature gating (#15020)" c5281d1

• The PR title and body explicitly frame the change as a startup deprecation warning for custom prompts, shown only when prompts are detected in $CODEX_HOME/prompts.
• The main code change is in tui/src/app.rs, where startup now counts discovered custom prompts and inserts a deprecation notice that tells users to use the $skill-creator skill.
• The bundle includes a new snapshot showing the rendered warning text, and the PR body says tests were added for present, missing, and empty prompts directories, which supports this as an intentional user-visible behavior change.

Watch state Watch for the follow-up release that actually removes custom prompt support, since this PR is an advance warning rather than the removal itself.

1. PR Add a startup deprecation warning for custom prompts #15076
2. Commit Warn about deprecated custom prompts at startup 3c62fb0

• The PR title and body frame the change as a semantic cleanup: view_image now returns an object with image_url, and image() now accepts either a string or that structured object.
• The changed tool docs and spec add a typed view_image output schema with image_url and detail, and update the code-mode helper signature from image(string) to image(string | { image_url, detail? }).
• The bundle includes a dedicated test, code_mode_can_use_view_image_result_with_image_helper, which verifies the direct handoff path, and companion view_image test updates switch non-image inputs from placeholder output to an error, tightening the behavior around invalid files.

1. PR Return image URL from view_image tool #15072
2. Commit Handle view_image output b48f93d
3. Commit Restore view image detail handling c0c2b71
4. Commit Replace debug panic with assertion in code mode test b157203
5. Commit codex: fix CI failure on PR #15072 1733c87
6. Commit protocol: remove unused mime_guess dependency ce202b8

• PR #15075 explicitly says it pushes FunctionCallError up to the dispatcher so code mode can surface failures as exceptions.
• The code-mode protocol adds an error_text field, and runner.cjs rejects the pending call when that field is present, which turns backend tool failures into script exceptions instead of resolved values.
• The router and parallel tool runtime switch to a code-mode-aware dispatch path, and the added test code_mode_exec_surfaces_handler_errors_as_exceptions verifies a failing tools.exec_command({}) call is caught by try/catch.

1. PR Propagate tool errors to code mode #15075
2. Commit Handle code-mode tool errors b2f2dc2
3. Commit Update tool call error handling e62bd04
4. Commit Merge remote-tracking branch 'origin/main' into pakrym/add-tests-for-respondtomodel-errors a07b1c7
5. Commit Fix post-merge code mode worker and custom output shape 68f228c

• The PR body explicitly says the failing CI step is fixed by switching from release 0.74.0 to 0.115.0 because the older workflow history was likely reaped.
• The only changed file is .github/workflows/ci.yml, where CODEX_VERSION for the "Stage npm package" step is bumped from 0.74.0 to 0.115.0.
• The bundle contains a single merged commit and no product-code changes, which supports reading this as a scoped CI behavior fix rather than a broader feature update.

1. PR fix: try to fix "Stage npm package" step in ci.yml #15092
2. Commit fix: try to fix "Stage npm package" step in ci.yml ee651d1

• The PR description says the app-server TUI previously showed a stub for Up/Down history recall and dropped new submissions from the shared history file, and that this change restores both behaviors locally.
• codex-rs/tui_app_server/src/app.rs and related TUI files add local handling for GetHistoryEntryRequest and AddToHistory, routing history lookups and writes through codex_core::message_history instead of the unsupported RPC path.
• Tests were updated to verify async history navigation, per-thread routing of history responses, and bootstrap population of history_log_id / history_entry_count, confirming the restored behavior is exercised end to end.

1. PR feat(tui): restore composer history in app-server tui #14945
2. Commit feat(tui): restore composer history in app-server tui 4d02185