@in-the-loop-labs/pair-review 3.5.0 → 3.5.1

package/README.md

@@ -493,7 +493,7 @@ Configure your preferred models in `providers.pi.models` — see [AI Provider Co
 }
 ```
 
-Available chat provider IDs: `pi`, `claude`, `codex`, `copilot-acp`, `gemini-acp`, `opencode-acp`, `cursor-acp`. Each supports `command`, `args` (replaces defaults), `extra_args` (appends), and `env` overrides.
+Available chat provider IDs: `pi`, `claude`, `codex`, `copilot-acp`, `gemini-acp`, `opencode-acp`, `cursor-acp`. Each supports `command`, `args` (replaces defaults), `extra_args` (appends), and `env` overrides. Codex chat also supports `sandbox`: use `workspace-write` by default, or `read-only` for discussion-only sessions.
 
 **Keyboard shortcut:** Press `p` then `c` to toggle the chat panel.
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@in-the-loop-labs/pair-review",
-  "version": "3.5.0",
+  "version": "3.5.1",
   "description": "Your AI-powered code review partner - Close the feedback loop with AI coding agents",
   "main": "src/server.js",
   "bin": {
@@ -21,20 +21,6 @@
   "engines": {
     "node": ">=20.0.0"
   },
-  "scripts": {
-    "start": "node src/server.js",
-    "dev": "node bin/pair-review.js",
-    "test": "vitest run",
-    "test:watch": "vitest",
-    "test:coverage": "vitest run --coverage",
-    "test:e2e": "playwright test",
-    "test:e2e:headed": "playwright test --headed",
-    "test:e2e:debug": "playwright test --debug",
-    "generate:skill-prompts": "node scripts/generate-skill-prompts.js",
-    "changeset": "changeset",
-    "version": "changeset version && pnpm install --lockfile-only && bash scripts/generate-package-lock.sh && node scripts/sync-plugin-versions.js && git add package.json pnpm-lock.yaml package-lock.json CHANGELOG.md .changeset .claude-plugin/marketplace.json plugin/.claude-plugin/plugin.json plugin-code-critic/.claude-plugin/plugin.json && git commit -m \"RELEASING: v$(node -p \"require('./package.json').version\")\"",
-    "release": "npm whoami > /dev/null || { echo 'Error: Not logged in to npm. Run: npm login'; exit 1; } && pnpm run version && changeset tag && npm publish && git push && git push --tags"
-  },
   "keywords": [
     "code-review",
     "pull-request",
@@ -84,9 +70,18 @@
     "supertest": "^7.1.4",
     "vitest": "^4.0.16"
   },
-  "pnpm": {
-    "onlyBuiltDependencies": [
-      "better-sqlite3"
-    ]
+  "scripts": {
+    "start": "node src/server.js",
+    "dev": "node bin/pair-review.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:e2e": "playwright test",
+    "test:e2e:headed": "playwright test --headed",
+    "test:e2e:debug": "playwright test --debug",
+    "generate:skill-prompts": "node scripts/generate-skill-prompts.js",
+    "changeset": "changeset",
+    "version": "changeset version && pnpm install --lockfile-only && bash scripts/generate-package-lock.sh && node scripts/sync-plugin-versions.js && git add package.json pnpm-lock.yaml package-lock.json CHANGELOG.md .changeset .claude-plugin/marketplace.json plugin/.claude-plugin/plugin.json plugin-code-critic/.claude-plugin/plugin.json && git commit -m \"RELEASING: v$(node -p \"require('./package.json').version\")\"",
+    "release": "npm whoami > /dev/null || { echo 'Error: Not logged in to npm. Run: npm login'; exit 1; } && pnpm run version && changeset tag && npm publish && git push && git push --tags"
   }
-}
+}

package/plugin/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "pair-review",
-  "version": "3.5.0",
+  "version": "3.5.1",
   "description": "pair-review app integration — Open PRs and local changes in the pair-review web UI, run server-side AI analysis, and address review feedback. Requires the pair-review MCP server.",
   "author": {
     "name": "in-the-loop-labs",

package/plugin-code-critic/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "code-critic",
-  "version": "3.5.0",
+  "version": "3.5.1",
   "description": "AI-powered code review analysis — Run three-level AI analysis and implement-review-fix loops directly in your coding agent. Works standalone, no server required.",
   "author": {
     "name": "in-the-loop-labs",

package/src/ai/claude-provider.js

@@ -17,19 +17,32 @@ const { StreamParser, parseClaudeLine } = require('./stream-parser');
 const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
 
 /**
- * Claude model definitions with tier mappings
+ * Claude model definitions with tier mappings.
+ *
+ * Effort is set via the CLAUDE_CODE_EFFORT_LEVEL env var (highest-precedence way
+ * to control reasoning effort; takes precedence over the --effort CLI flag and is
+ * not deprecated). Extended thinking is forced on globally via `--thinking enabled`
+ * in the constructor's base args; individual models can override this via extra_args
+ * (e.g., Haiku uses adaptive thinking for efficiency).
+ *
+ * Effort support by model (newest CLIs): Opus 4.8 / 4.7 support low|medium|high|
+ * xhigh|max; Opus 4.6 & Sonnet 4.6 support low|medium|high|max (no xhigh); Haiku
+ * has no effort levels.
  */
 const CLAUDE_MODELS = [
+  // ── Thorough tier ───────────────────────────────────────────────────────
   {
-    id: 'opus-4.7-xhigh',
+    id: 'opus',
+    aliases: ['opus-4.7-xhigh'],
     cli_model: 'claude-opus-4-7',
     env: { CLAUDE_CODE_EFFORT_LEVEL: 'xhigh' },
     name: 'Opus 4.7 XHigh',
     tier: 'thorough',
-    tagline: 'Latest Gen',
-    description: 'Opus 4.7 (latest) with extra-high effort',
-    badge: 'Latest',
-    badgeClass: 'badge-power'
+    tagline: 'Maximum Depth',
+    description: 'Opus 4.7 with extra-high effort — deepest analysis',
+    badge: 'Most Thorough',
+    badgeClass: 'badge-power',
+    default: true
   },
   {
     id: 'opus-4.7-high',
@@ -37,33 +50,46 @@ const CLAUDE_MODELS = [
     env: { CLAUDE_CODE_EFFORT_LEVEL: 'high' },
     name: 'Opus 4.7 High',
     tier: 'thorough',
-    tagline: 'Latest Gen',
-    description: 'Opus 4.7 (latest) with high effort',
+    tagline: 'High Effort',
+    description: 'Opus 4.7 with high effort — thorough, quicker than XHigh',
+    badge: 'Thorough',
+    badgeClass: 'badge-power'
+  },
+  {
+    id: 'opus-4.8-xhigh',
+    cli_model: 'claude-opus-4-8',
+    env: { CLAUDE_CODE_EFFORT_LEVEL: 'xhigh' },
+    name: 'Opus 4.8 XHigh',
+    tier: 'thorough',
+    tagline: 'Newest',
+    description: 'Opus 4.8 (newest) with extra-high effort',
     badge: 'Latest',
     badgeClass: 'badge-power'
   },
   {
-    id: 'opus',
-    aliases: ['opus-4.6-high'],
-    cli_model: 'claude-opus-4-6',
+    id: 'opus-4.8-high',
+    cli_model: 'claude-opus-4-8',
     env: { CLAUDE_CODE_EFFORT_LEVEL: 'high' },
-    name: 'Opus 4.6 High',
+    name: 'Opus 4.8 High',
     tier: 'thorough',
-    tagline: 'Maximum Depth',
-    description: 'Opus 4.6 with high effort — deepest analysis',
-    badge: 'Most Thorough',
-    badgeClass: 'badge-power',
-    default: true
+    tagline: 'Newest',
+    description: 'Opus 4.8 (newest) with high effort',
+    badge: 'Latest',
+    badgeClass: 'badge-power'
   },
   {
-    id: 'haiku',
-    name: 'Haiku 4.6',
-    tier: 'fast',
-    tagline: 'Lightning Fast',
-    description: 'Quick analysis for simple changes',
-    badge: 'Fastest',
-    badgeClass: 'badge-speed'
+    id: 'opus-4.6-high',
+    aliases: ['opus-4.6-low', 'opus-4.6-medium', 'opus-4.5'],
+    cli_model: 'claude-opus-4-6',
+    env: { CLAUDE_CODE_EFFORT_LEVEL: 'high' },
+    name: 'Opus 4.6 High',
+    tier: 'thorough',
+    tagline: 'Previous Gen',
+    description: 'Opus 4.6 with high effort',
+    badge: 'Previous Gen',
+    badgeClass: 'badge-power'
   },
+  // ── Balanced tier ───────────────────────────────────────────────────────
   {
     id: 'sonnet-4.6',
     cli_model: 'claude-sonnet-4-6',
@@ -74,28 +100,6 @@ const CLAUDE_MODELS = [
     badge: 'Standard',
     badgeClass: 'badge-recommended'
   },
-  {
-    id: 'opus-4.6-low',
-    cli_model: 'claude-opus-4-6',
-    env: { CLAUDE_CODE_EFFORT_LEVEL: 'low' },
-    name: 'Opus 4.6 Low',
-    tier: 'balanced',
-    tagline: 'Fast Opus',
-    description: 'Opus 4.6 with low effort — quick and capable',
-    badge: 'Balanced',
-    badgeClass: 'badge-recommended'
-  },
-  {
-    id: 'opus-4.6-medium',
-    cli_model: 'claude-opus-4-6',
-    env: { CLAUDE_CODE_EFFORT_LEVEL: 'medium' },
-    name: 'Opus 4.6 Medium',
-    tier: 'balanced',
-    tagline: 'Balanced Opus',
-    description: 'Opus 4.6 with medium effort — balanced depth',
-    badge: 'Thorough',
-    badgeClass: 'badge-power'
-  },
   {
     id: 'opus-4.6-1m',
     cli_model: 'claude-opus-4-6[1m]',
@@ -106,15 +110,17 @@ const CLAUDE_MODELS = [
     badge: 'More Context',
     badgeClass: 'badge-power'
   },
+  // ── Fast tier ───────────────────────────────────────────────────────────
   {
-    id: 'opus-4.5',
-    cli_model: 'claude-opus-4-5-20251101',
-    name: 'Opus 4.5',
-    tier: 'thorough',
-    tagline: 'Deep Thinker',
-    description: 'Extended thinking for complex analysis',
-    badge: 'Previous Gen',
-    badgeClass: 'badge-power'
+    id: 'haiku',
+    cli_model: 'claude-haiku-4-5-20251001',
+    name: 'Haiku 4.5',
+    tier: 'fast',
+    tagline: 'Lightning Fast',
+    description: 'Quick analysis for simple changes',
+    badge: 'Fastest',
+    badgeClass: 'badge-speed',
+    extra_args: ['--thinking', 'adaptive']
   }
 ];
 
@@ -196,7 +202,12 @@ class ClaudeProvider extends AIProvider {
     // user's configured environment. To disable skills, add --disable-slash-commands
     // to extra_args in provider/model config.
     const hooksArgs = ['--settings', '{"disableAllHooks":true}'];
-    const baseArgs = ['-p', '--verbose', ...cliModelArgs, '--output-format', 'stream-json', ...hooksArgs, ...permissionArgs];
+    // Force extended thinking on for every analysis call. The Claude CLI's
+    // `--thinking` flag accepts enabled|adaptive|disabled; we always want
+    // reasoning engaged for code review. User config extra_args appended later
+    // win over this (commander uses the last occurrence) if an override is set.
+    const thinkingArgs = ['--thinking', 'enabled'];
+    const baseArgs = ['-p', '--verbose', ...cliModelArgs, '--output-format', 'stream-json', ...thinkingArgs, ...hooksArgs, ...permissionArgs];
     if (maxBudget) {
       const budgetNum = parseFloat(maxBudget);
       if (isNaN(budgetNum) || budgetNum <= 0) {
@@ -242,7 +253,8 @@ class ClaudeProvider extends AIProvider {
     // - string: use this exact value for --model
     // - null: explicitly suppress --model (for tools that want the model set via env instead)
     const builtIn = CLAUDE_MODELS.find(m => m.id === modelId || (m.aliases && m.aliases.includes(modelId)));
-    const configModel = configOverrides.models?.find(m => m.id === modelId);
+    const modelKeys = new Set([modelId, builtIn?.id, ...(builtIn?.aliases || [])].filter(Boolean));
+    const configModel = configOverrides.models?.find(m => modelKeys.has(m.id));
     const resolvedCliModel = configModel?.cli_model !== undefined
       ? configModel.cli_model
       : (builtIn?.cli_model !== undefined ? builtIn.cli_model : modelId);

package/src/ai/codex-provider.js

@@ -34,6 +34,29 @@ const BIN_DIR = path.join(__dirname, '..', '..', 'bin');
  * Deprecated (April 2026): gpt-5.1-codex-mini, gpt-5.1-codex-max, gpt-5.1-codex
  */
 const CODEX_MODELS = [
+  {
+    id: 'gpt-5.5-high',
+    cli_model: 'gpt-5.5',
+    extra_args: ['-c', 'model_reasoning_effort="high"'],
+    name: 'GPT-5.5 High',
+    tier: 'thorough',
+    tagline: 'Latest Deep',
+    description: 'Latest-generation GPT model with high reasoning effort for demanding PR reviews, strong code understanding, and careful cross-file analysis.',
+    badge: 'Recommended',
+    badgeClass: 'badge-recommended',
+    default: true
+  },
+  {
+    id: 'gpt-5.5-xhigh',
+    cli_model: 'gpt-5.5',
+    extra_args: ['-c', 'model_reasoning_effort="xhigh"'],
+    name: 'GPT-5.5 XHigh',
+    tier: 'thorough',
+    tagline: 'Frontier Depth',
+    description: 'GPT-5.5 with extra-high reasoning effort for the hardest reviews: architecture, concurrency, security-sensitive changes, and large codebase context.',
+    badge: 'Max Reasoning',
+    badgeClass: 'badge-power'
+  },
   {
     id: 'gpt-5.4-high',
     // Alias keeps results/councils saved under the previous bare `gpt-5.4`
@@ -45,9 +68,8 @@ const CODEX_MODELS = [
     tier: 'thorough',
     tagline: 'Deep Review',
     description: 'GPT-5.4 with high reasoning effort for complex multi-file reviews, architectural consistency, and subtle behavioral regressions.',
-    badge: 'Recommended',
-    badgeClass: 'badge-recommended',
-    default: true
+    badge: 'Previous Gen',
+    badgeClass: 'badge-power'
   },
   {
     id: 'gpt-5.4-xhigh',
@@ -60,28 +82,6 @@ const CODEX_MODELS = [
     badge: 'Extra High',
     badgeClass: 'badge-power'
   },
-  {
-    id: 'gpt-5.5-high',
-    cli_model: 'gpt-5.5',
-    extra_args: ['-c', 'model_reasoning_effort="high"'],
-    name: 'GPT-5.5 High',
-    tier: 'thorough',
-    tagline: 'Latest Deep',
-    description: 'Latest-generation GPT model with high reasoning effort for demanding PR reviews, strong code understanding, and careful cross-file analysis.',
-    badge: 'High Effort',
-    badgeClass: 'badge-power'
-  },
-  {
-    id: 'gpt-5.5-xhigh',
-    cli_model: 'gpt-5.5',
-    extra_args: ['-c', 'model_reasoning_effort="xhigh"'],
-    name: 'GPT-5.5 XHigh',
-    tier: 'thorough',
-    tagline: 'Frontier Depth',
-    description: 'GPT-5.5 with extra-high reasoning effort for the hardest reviews: architecture, concurrency, security-sensitive changes, and large codebase context.',
-    badge: 'Max Reasoning',
-    badgeClass: 'badge-power'
-  },
   {
     id: 'gpt-5.3-codex',
     name: 'GPT-5.3 Codex',
@@ -121,7 +121,7 @@ class CodexProvider extends AIProvider {
    * @param {Object} configOverrides.env - Additional environment variables
    * @param {Object[]} configOverrides.models - Custom model definitions
    */
-  constructor(model = 'gpt-5.4-high', configOverrides = {}) {
+  constructor(model = 'gpt-5.5-high', configOverrides = {}) {
     super(model);
 
     // Command precedence: ENV > config > default
@@ -149,9 +149,9 @@ class CodexProvider extends AIProvider {
     // 2. "read-only" prevents ALL shell commands including git-diff-lines
     // 3. The AI is instructed to only analyze code, not modify it
     //
-    // --full-auto: Non-interactive mode that auto-approves within sandbox bounds.
-    // Combined with workspace-write sandbox, this limits damage to the worktree only.
-    // Note: The -a flag is for interactive mode only; exec subcommand uses --full-auto.
+    // Newer Codex CLI versions deprecate --full-auto; `codex exec` is already
+    // non-interactive, and `--sandbox workspace-write` selects the required
+    // sandbox policy.
     //
     // Shell environment config:
     // - allow_login_shell=false: Prevents zsh from using -l flag, which would
@@ -164,7 +164,7 @@ class CodexProvider extends AIProvider {
     // (--dangerously-bypass-approvals-and-sandbox is the Codex CLI equivalent of Claude's --dangerously-skip-permissions)
     const sandboxArgs = configOverrides.yolo
       ? ['--dangerously-bypass-approvals-and-sandbox']
-      : ['--sandbox', 'workspace-write', '--full-auto'];
+      : ['--sandbox', 'workspace-write'];
     // Shell env args prevent login shell from reconstructing PATH (orthogonal to
     // sandbox permissions). Overridable via configOverrides.args following the
     // same two-tier pattern as chat-providers.js: args replaces, extra_args appends.
@@ -352,7 +352,7 @@ class CodexProvider extends AIProvider {
 
         if (code !== 0) {
           logger.error(`${levelPrefix} Codex CLI exited with code ${code}`);
-          settle(reject, new Error(`${levelPrefix} Codex CLI exited with code ${code}: ${stderr}`));
+          settle(reject, this.createExitError(code, stderr, levelPrefix));
           return;
         }
 
@@ -433,6 +433,37 @@ class CodexProvider extends AIProvider {
     });
   }
 
+  /**
+   * Build an actionable error for Codex CLI process failures.
+   *
+   * @param {number} code - Process exit code
+   * @param {string} stderr - Captured stderr
+   * @param {string} levelPrefix - Logging prefix
+   * @returns {Error}
+   */
+  createExitError(code, stderr, levelPrefix) {
+    const stderrText = stderr.trim();
+
+    if (this.isAuthError(stderrText)) {
+      return new Error(
+        `${levelPrefix} Codex CLI authentication failed. Check Codex CLI authentication and try again. ` +
+        `Original stderr: ${stderrText}`
+      );
+    }
+
+    return new Error(`${levelPrefix} Codex CLI exited with code ${code}: ${stderr}`);
+  }
+
+  /**
+   * Detect authentication failures reported by the Codex CLI.
+   *
+   * @param {string} stderr - Captured stderr
+   * @returns {boolean}
+   */
+  isAuthError(stderr) {
+    return /(?:401\s+Unauthorized|HTTP error:\s*401|Unauthorized)/i.test(stderr);
+  }
+
   /**
    * Parse Codex CLI JSONL response
    * Codex outputs JSONL with multiple event types:
@@ -664,7 +695,7 @@ class CodexProvider extends AIProvider {
 
     // Base args for extraction (read-only sandbox, no shell access needed)
     // Note: '-' (stdin marker) must come LAST, after any extra_args
-    const baseArgs = ['exec', '-m', cliModel, '--json', '--sandbox', 'read-only', '--full-auto'];
+    const baseArgs = ['exec', '-m', cliModel, '--json', '--sandbox', 'read-only'];
 
     // Append stdin marker '-' at the end after all other args
     return [...baseArgs, ...extraArgs, '-'];
@@ -790,7 +821,7 @@ class CodexProvider extends AIProvider {
   }
 
   static getDefaultModel() {
-    return 'gpt-5.4-high';
+    return 'gpt-5.5-high';
   }
 
   static getInstallInstructions() {

package/src/chat/api-reference.js

@@ -235,7 +235,7 @@ curl -s -X POST http://localhost:{{PORT}}/api/pr/OWNER/REPO/PR_NUMBER/analyses \
   -H 'Content-Type: application/json' \\
   -d '{
     "provider": "claude",
-    "model": "claude-sonnet-4-5-20250929",
+    "model": "claude-opus-4-7",
     "tier": "balanced",
     "customInstructions": "Focus on security issues."
   }'

package/src/chat/chat-providers.js

@@ -12,6 +12,7 @@ const logger = require('../utils/logger');
 
 // Default dependencies (overridable for testing)
 const defaults = { spawn };
+const CODEX_SANDBOX_MODES = new Set(['workspace-write', 'read-only']);
 
 /**
  * Built-in chat provider definitions.
@@ -68,6 +69,7 @@ const CHAT_PROVIDERS = {
     name: 'Codex (JSON-RPC)',
     type: 'codex',
     command: 'codex',
+    sandbox: 'workspace-write',
     // Shell environment config prevents zsh -l from reconstructing PATH,
     // ensuring git-diff-lines and other bin/ scripts remain findable.
     args: [
@@ -126,6 +128,9 @@ function getChatProvider(id) {
     }
     if (overrides.load_skills !== undefined) provider.load_skills = overrides.load_skills;
     if (overrides.app_extensions !== undefined) provider.app_extensions = overrides.app_extensions;
+    if (provider.type === 'codex' && overrides.sandbox !== undefined) {
+      provider.sandbox = normalizeCodexSandbox(overrides.sandbox, id);
+    }
     if (provider.command.includes(' ')) {
       provider.useShell = true;
     }
@@ -152,6 +157,9 @@ function getChatProvider(id) {
   }
   if (overrides.load_skills !== undefined) merged.load_skills = overrides.load_skills;
   if (overrides.app_extensions !== undefined) merged.app_extensions = overrides.app_extensions;
+  if (base.type === 'codex' && overrides.sandbox !== undefined) {
+    merged.sandbox = normalizeCodexSandbox(overrides.sandbox, id);
+  }
   // For multi-word commands (e.g. "devx claude"), use shell mode
   if (merged.command && merged.command.includes(' ')) {
     merged.useShell = true;
@@ -159,6 +167,24 @@ function getChatProvider(id) {
   return merged;
 }
 
+/**
+ * Validate the small user-facing Codex sandbox config surface.
+ * @param {string} sandbox
+ * @param {string} providerId
+ * @returns {string}
+ */
+function normalizeCodexSandbox(sandbox, providerId = 'codex') {
+  if (CODEX_SANDBOX_MODES.has(sandbox)) {
+    return sandbox;
+  }
+
+  logger.warn(
+    `[ChatProviders] Invalid sandbox "${sandbox}" for ${providerId}; ` +
+    'falling back to workspace-write. Supported values: workspace-write, read-only.'
+  );
+  return 'workspace-write';
+}
+
 /**
  * Get all chat provider definitions (built-in + dynamic from config).
  * @returns {Array<Object>}

package/src/chat/codex-bridge.js

@@ -13,6 +13,7 @@
 const { EventEmitter } = require('events');
 const { spawn } = require('child_process');
 const { createInterface } = require('readline');
+const { quoteShellArgs } = require('../ai/provider');
 const logger = require('../utils/logger');
 const { version: pkgVersion } = require('../../package.json');
 
@@ -22,6 +23,34 @@ const defaults = {
   createInterface,
 };
 
+const DEFAULT_APPROVAL_POLICY = 'never';
+const DEFAULT_SANDBOX_MODE = 'workspace-write';
+const ACTIVE_TURN_STATUSES = new Set(['inProgress', 'running', 'working']);
+const TERMINAL_TURN_STATUSES = new Set(['completed', 'failed', 'interrupted', 'cancelled', 'canceled']);
+
+function buildSandboxPolicy(sandbox = DEFAULT_SANDBOX_MODE) {
+  if (sandbox === 'read-only') {
+    return {
+      type: 'readOnly',
+      networkAccess: true,
+    };
+  }
+
+  return {
+    type: 'workspaceWrite',
+    writableRoots: [],
+    networkAccess: true,
+    excludeTmpdirEnvVar: false,
+    excludeSlashTmp: false,
+  };
+}
+
+function compactParams(params) {
+  return Object.fromEntries(
+    Object.entries(params).filter(([, value]) => value !== undefined && value !== null)
+  );
+}
+
 class CodexBridge extends EventEmitter {
   /**
    * @param {Object} options
@@ -33,6 +62,8 @@ class CodexBridge extends EventEmitter {
    * @param {Object} [options.env] - Extra env vars for subprocess
    * @param {boolean} [options.useShell] - Use shell mode for multi-word commands
    * @param {string} [options.resumeThreadId] - Thread ID to resume
+   * @param {string|null} [options.sandbox] - Thread sandbox mode (default: 'workspace-write')
+   * @param {Object|null} [options.sandboxPolicy] - Turn sandbox policy override for tests
    * @param {Object} [options._deps] - Dependency injection for testing
    */
   constructor(options = {}) {
@@ -43,6 +74,11 @@ class CodexBridge extends EventEmitter {
     this.env = options.env || {};
     this.useShell = options.useShell || false;
     this.resumeThreadId = options.resumeThreadId || null;
+    this.approvalPolicy = DEFAULT_APPROVAL_POLICY;
+    this.sandbox = options.sandbox !== undefined ? options.sandbox : DEFAULT_SANDBOX_MODE;
+    this.sandboxPolicy = options.sandboxPolicy !== undefined
+      ? options.sandboxPolicy
+      : buildSandboxPolicy(this.sandbox);
 
     // Command resolution: constructor option → env var → default
     this.codexCommand = options.codexCommand
@@ -81,13 +117,9 @@ class CodexBridge extends EventEmitter {
     const args = [...this.codexArgs];
     const useShell = this.useShell;
 
-    // Append model flag if configured
-    if (this.model) {
-      args.push('--model', this.model);
-    }
-
-    // For multi-word commands (e.g. "devx codex"), use shell mode
-    const spawnCmd = useShell ? `${command} ${args.join(' ')}` : command;
+    // For multi-word commands (e.g. "devx codex"), use shell mode. Quote args
+    // so TOML config values like include_only=["PATH","HOME"] survive the shell.
+    const spawnCmd = useShell ? `${command} ${quoteShellArgs(args).join(' ')}` : command;
     const spawnArgs = useShell ? [] : args;
 
     logger.info(`[CodexBridge] Starting Codex agent: ${command} ${args.join(' ')}`);
@@ -188,13 +220,13 @@ class CodexBridge extends EventEmitter {
 
     // 3. Start or resume thread
     if (this.resumeThreadId) {
-      const result = await this._sendRequest('thread/resume', {
+      const result = await this._sendRequest('thread/resume', this._buildThreadParams({
         threadId: this.resumeThreadId,
-      });
+      }));
       this._threadId = result.thread?.id || result.threadId || this.resumeThreadId;
       logger.info(`[CodexBridge] Thread resumed: ${this._threadId}`);
     } else {
-      const result = await this._sendRequest('thread/start', {});
+      const result = await this._sendRequest('thread/start', this._buildThreadParams());
       this._threadId = result.thread?.id || result.threadId;
       if (!this._threadId) {
         throw new Error('thread/start response missing thread ID');
@@ -206,6 +238,41 @@ class CodexBridge extends EventEmitter {
     this.emit('session', { threadId: this._threadId });
   }
 
+  /**
+   * Build thread start/resume settings that keep Codex chat able to call the
+   * pair-review API from the review worktree.
+   * @param {Object} [extra] - Additional params, e.g. threadId for resume.
+   * @returns {Object}
+   */
+  _buildThreadParams(extra = {}) {
+    return compactParams({
+      ...extra,
+      cwd: this.cwd,
+      model: this.model,
+      approvalPolicy: this.approvalPolicy,
+      // thread/start uses the same sandbox enum as the Codex CLI, while
+      // turn/start.sandboxPolicy uses the v2 camelCase policy object.
+      sandbox: this.sandbox,
+    });
+  }
+
+  /**
+   * Build turn/start params. App-server uses the v2 camelCase SandboxPolicy
+   * shape here, not the `codex exec --sandbox workspace-write` CLI flag.
+   * @param {Array<Object>} input
+   * @returns {Object}
+   */
+  _buildTurnStartParams(input) {
+    return compactParams({
+      threadId: this._threadId,
+      input,
+      cwd: this.cwd,
+      model: this.model,
+      approvalPolicy: this.approvalPolicy,
+      sandboxPolicy: this.sandboxPolicy,
+    });
+  }
+
   /**
    * Send a user message to the Codex agent.
    * Fire-and-forget: returns immediately, emits events as the agent responds.
@@ -232,14 +299,11 @@ class CodexBridge extends EventEmitter {
     // not by this response. Store turnId for abort support.
     // Codex app-server expects `input` as an array of typed objects, not a
     // plain string.  See https://developers.openai.com/codex/app-server/
-    this._sendRequest('turn/start', {
-      threadId: this._threadId,
-      input: [{ type: 'text', text: messageContent }],
-      approvalPolicy: 'never',
-    })
+    this._sendRequest('turn/start', this._buildTurnStartParams([{ type: 'text', text: messageContent }]))
       .then((result) => {
-        if (result && result.turnId) {
-          this._turnId = result.turnId;
+        const turnId = this._extractTurnId(result);
+        if (turnId) {
+          this._turnId = turnId;
         }
       })
       .catch((err) => {
@@ -468,7 +532,14 @@ class CodexBridge extends EventEmitter {
         break;
 
       case 'turn/started':
-        this.emit('status', { status: 'working' });
+        this._handleTurnStarted(params);
+        break;
+
+      case 'turn/statusChanged':
+        this._handleTurnStatusChanged(params);
+        break;
+
+      case 'remoteControl/status/changed':
         break;
 
       case 'item/started':
@@ -490,13 +561,64 @@ class CodexBridge extends EventEmitter {
    */
   _handleDelta(params) {
     if (!params) return;
-    const text = params.delta || params.text;
+    let text = params.delta || params.text;
     if (text) {
+      text = this._normalizeDeltaBoundary(text);
       this._accumulatedText += text;
       this.emit('delta', { text });
     }
   }
 
+  /**
+   * Preserve readable boundaries when app-server splits prose deltas without
+   * carrying the whitespace between adjacent chunks.
+   * @param {string} text
+   * @returns {string}
+   */
+  _normalizeDeltaBoundary(text) {
+    const previous = this._accumulatedText;
+    if (
+      previous &&
+      /[.!?]$/.test(previous) &&
+      /^[A-Z]/.test(text)
+    ) {
+      return ` ${text}`;
+    }
+    return text;
+  }
+
+  /**
+   * Handle turn started notifications and capture the active turn id.
+   * @param {Object} params
+   */
+  _handleTurnStarted(params) {
+    const turnId = this._extractTurnId(params);
+    if (turnId) {
+      this._turnId = turnId;
+    }
+    this.emit('status', { status: 'working' });
+  }
+
+  /**
+   * Handle turn status changes without reviving a completed turn.
+   * @param {Object} params
+   */
+  _handleTurnStatusChanged(params) {
+    const status = params?.status || params?.turn?.status;
+
+    if (ACTIVE_TURN_STATUSES.has(status)) {
+      this._handleTurnStarted(params);
+      return;
+    }
+
+    if (TERMINAL_TURN_STATUSES.has(status)) {
+      this._turnId = null;
+      if (status === 'failed') {
+        this._inMessage = false;
+      }
+    }
+  }
+
   /**
    * Handle turn completion.
    * @param {Object} params
@@ -530,14 +652,40 @@ class CodexBridge extends EventEmitter {
     if (!params) return;
     const type = params.type || params.itemType;
     if (type === 'command' || type === 'tool_call' || type === 'function_call') {
-      this.emit('tool_use', {
-        toolCallId: params.itemId || params.id,
-        toolName: params.name || params.title || params.command || type,
-        status: 'start',
-      });
+      this.emit('tool_use', this._buildToolUseEvent(params, 'start'));
     }
   }
 
+  /**
+   * Build the normalized tool event shape consumed by the chat broadcaster.
+   * Command items are represented as bash calls so internal pair-review API
+   * curls can be suppressed consistently across providers.
+   * @param {Object} params
+   * @param {'start'|'end'} status
+   * @returns {Object}
+   */
+  _buildToolUseEvent(params, status) {
+    const type = params.type || params.itemType;
+    const toolCallId = params.itemId || params.id;
+    if (type === 'command') {
+      const event = {
+        toolCallId,
+        toolName: 'bash',
+        status,
+      };
+      if (params.command) {
+        event.args = { command: params.command };
+      }
+      return event;
+    }
+
+    return {
+      toolCallId,
+      toolName: params.name || params.title || params.command || type,
+      status,
+    };
+  }
+
   /**
    * Handle item/completed — emit tool_use end for command-type items.
    * @param {Object} params
@@ -546,11 +694,7 @@ class CodexBridge extends EventEmitter {
     if (!params) return;
     const type = params.type || params.itemType;
     if (type === 'command' || type === 'tool_call' || type === 'function_call') {
-      this.emit('tool_use', {
-        toolCallId: params.itemId || params.id,
-        toolName: params.name || params.title || params.command || type,
-        status: 'end',
-      });
+      this.emit('tool_use', this._buildToolUseEvent(params, 'end'));
     }
   }
 
@@ -573,11 +717,76 @@ class CodexBridge extends EventEmitter {
       return;
     }
 
+    if (method === 'item/commandExecution/requestApproval') {
+      logger.debug(`[CodexBridge] Auto-approving command execution request (id=${id})`);
+      this._sendResponse(id, { decision: 'accept' });
+      return;
+    }
+
+    if (method === 'execCommandApproval') {
+      logger.debug(`[CodexBridge] Auto-approving execCommandApproval request (id=${id})`);
+      this._sendResponse(id, { decision: 'approved' });
+      return;
+    }
+
+    if (method === 'item/permissions/requestApproval') {
+      logger.debug(`[CodexBridge] Granting requested network permissions (id=${id})`);
+      this._sendResponse(id, this._buildPermissionsApproval(params));
+      return;
+    }
+
+    if (method === 'item/fileChange/requestApproval') {
+      logger.debug(`[CodexBridge] Declining file change approval request (id=${id})`);
+      this._sendResponse(id, { decision: 'decline' });
+      return;
+    }
+
+    if (method === 'applyPatchApproval') {
+      logger.debug(`[CodexBridge] Denying applyPatchApproval request (id=${id})`);
+      this._sendResponse(id, { decision: 'denied' });
+      return;
+    }
+
     // Unknown server request — respond with error to avoid hangs
     logger.warn(`[CodexBridge] Unknown server request: ${method} (id=${id})`);
     this._sendErrorResponse(id, -32601, `Method not found: ${method}`);
   }
 
+  /**
+   * Build a response for Codex v2 permission requests. For pair-review chat we
+   * grant network permission so localhost API `curl` calls can proceed, while
+   * avoiding broad file-system permission grants beyond the configured sandbox.
+   * @param {Object} params
+   * @returns {Object}
+   */
+  _buildPermissionsApproval(params = {}) {
+    const requested = params.permissions || {};
+    const permissions = {};
+
+    if (requested.network) {
+      permissions.network = requested.network;
+    } else {
+      // Codex chat needs localhost network access to call pair-review's API.
+      // Grant it even if app-server requests permissions without a network body.
+      permissions.network = { enabled: true };
+    }
+
+    return {
+      permissions,
+      scope: 'session',
+      strictAutoReview: false,
+    };
+  }
+
+  /**
+   * Extract a turn id from legacy and current app-server shapes.
+   * @param {Object} value
+   * @returns {string|null}
+   */
+  _extractTurnId(value) {
+    return value?.turn?.id || value?.turnId || value?.id || null;
+  }
+
   /**
    * Send a JSON-RPC success response.
    * @param {number|string} id - Request ID

package/src/chat/session-manager.js

@@ -571,6 +571,7 @@ class ChatSessionManager {
         codexArgs: def?.args,
         env: def?.env,
         useShell: def?.useShell,
+        sandbox: def?.sandbox,
       });
     }
     // Pi provider — resolve config overrides (command, model, env) from provider def.

package/src/main.js

@@ -118,8 +118,9 @@ OPTIONS:
                             The web UI also starts for the human reviewer.
     --model <name>          Override the AI model. Claude Code is the default provider.
                             Available models: opus, sonnet, haiku (Claude Code);
-                            also: opus-4.5, opus-4.6-low, opus-4.6-medium, opus-4.6-1m,
-                                  opus-4.7-high, opus-4.7-xhigh
+                            also: opus-4.8-xhigh, opus-4.8-high, opus-4.7-xhigh,
+                                  opus-4.7-high, opus-4.6-high, opus-4.6-1m, sonnet-4.6
+                            (opus is Opus 4.7 XHigh, the default)
                             or use provider-specific models with Gemini/Codex
     --use-checkout          Use current directory instead of creating worktree
                             (automatic in GitHub Actions)