@mmmbuto/masix 0.4.0 → 0.4.2

package/packages/plugin-base/codex-tools/source/src/main.rs

@@ -0,0 +1,995 @@
+//! MCP binary plugin exposing codex-backend tools for MasiX runtime
+//!
+//! This plugin wraps the codex-backend library and exposes it as MCP tools
+//! over stdio JSON-RPC. All tools require admin privileges.
+
+use anyhow::{anyhow, Result};
+use clap::{Parser, Subcommand};
+use masix_codex_backend::http_backend::HttpBackendConfig;
+use masix_codex_backend::{
+    self as backend, CodingBackend, CodingMode, CodingTask, HttpBackend, PermissionLevel,
+    PolicyContext, ProviderType, DEFAULT_MAX_OUTPUT_BYTES, DEFAULT_MAX_TOKENS,
+    DEFAULT_TIMEOUT_SECS,
+};
+use masix_codex_backend::{
+    apply_patch, preview_patch, resolve_workspace, rollback_patch, CommandExecutor, ExecRequest,
+    ExecutionProfile, WorkspaceConfig,
+};
+use serde::{Deserialize, Serialize};
+use std::io::{self, BufRead, Write};
+use std::path::PathBuf;
+use std::time::Duration;
+use tracing::{debug, error, info};
+
+const MODULE_VERSION: &str = env!("CARGO_PKG_VERSION");
+const BACKEND_VERSION: &str = backend::MODULE_VERSION;
+
+/// Detect current platform at runtime
+fn detect_platform() -> String {
+    #[cfg(target_os = "android")]
+    {
+        format!("android-{}-termux", std::env::consts::ARCH)
+    }
+    #[cfg(not(target_os = "android"))]
+    {
+        format!("{}-{}", std::env::consts::OS, std::env::consts::ARCH)
+    }
+}
+
+#[derive(Parser)]
+#[command(name = "masix-plugin-codex-tools")]
+#[command(about = "MCP tools for codex-backend - coding agent tools for MasiX")]
+struct Cli {
+    #[command(subcommand)]
+    command: Commands,
+}
+
+#[derive(Subcommand)]
+enum Commands {
+    /// Print plugin metadata
+    Manifest,
+    /// Run MCP server over stdio (JSON-RPC)
+    ServeMcp,
+    /// Run a coding task directly (CLI mode, for testing)
+    Run {
+        /// Repository path
+        #[arg(short, long)]
+        repo: String,
+        /// Instructions for the coding agent
+        #[arg(short, long)]
+        instructions: String,
+        /// Mode: read_only or workspace_write
+        #[arg(long, default_value = "read_only")]
+        mode: String,
+        /// Timeout in seconds
+        #[arg(long, default_value_t = 300)]
+        timeout: u64,
+    },
+}
+
+#[derive(Debug, Deserialize)]
+struct JsonRpcRequest {
+    #[allow(dead_code)]
+    jsonrpc: String,
+    id: Option<serde_json::Value>,
+    method: String,
+    #[serde(default)]
+    params: serde_json::Value,
+}
+
+#[derive(Debug, Serialize)]
+struct JsonRpcResponse {
+    jsonrpc: String,
+    id: Option<serde_json::Value>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    result: Option<serde_json::Value>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    error: Option<JsonRpcError>,
+}
+
+#[derive(Debug, Serialize)]
+struct JsonRpcError {
+    code: i32,
+    message: String,
+}
+
+#[derive(Debug, Serialize)]
+struct ToolDefinition {
+    name: String,
+    description: String,
+    input_schema: serde_json::Value,
+}
+
+#[derive(Debug, Serialize)]
+struct ToolResult {
+    content: Vec<ToolContent>,
+    #[serde(skip_serializing_if = "is_false")]
+    is_error: bool,
+}
+
+fn is_false(b: &bool) -> bool {
+    !b
+}
+
+#[derive(Debug, Serialize)]
+struct ToolContent {
+    #[serde(rename = "type")]
+    content_type: String,
+    text: String,
+}
+
+// Tool input schemas
+#[derive(Debug, Deserialize)]
+struct CodexRunInput {
+    repo_path: String,
+    instructions: String,
+    #[serde(default)]
+    mode: Option<String>,
+    #[serde(default = "default_timeout")]
+    timeout_secs: u64,
+    #[serde(default = "default_max_steps")]
+    max_steps: u32,
+}
+
+fn default_timeout() -> u64 {
+    DEFAULT_TIMEOUT_SECS
+}
+
+fn default_max_steps() -> u32 {
+    50
+}
+
+/// Input for codex_exec_command
+#[derive(Debug, Deserialize)]
+struct CodexExecInput {
+    /// Command to execute
+    command: String,
+    /// Command arguments
+    #[serde(default)]
+    args: Vec<String>,
+    /// Working directory (optional, defaults to workspace root)
+    #[serde(default)]
+    cwd: Option<String>,
+    /// Timeout in seconds (default 60, max 300)
+    #[serde(default = "default_exec_timeout")]
+    timeout_secs: u64,
+    /// Maximum output bytes (default 1MB)
+    #[serde(default = "default_max_output")]
+    max_output_bytes: usize,
+    /// Execution profile (default: workspace_locked)
+    #[serde(default)]
+    profile: Option<String>,
+    /// Repository path for workspace resolution (optional)
+    #[serde(default)]
+    repo_path: Option<String>,
+}
+
+fn default_exec_timeout() -> u64 {
+    60
+}
+
+fn default_max_output() -> usize {
+    DEFAULT_MAX_OUTPUT_BYTES
+}
+
+/// Output for codex_exec_command
+#[derive(Debug, Serialize)]
+struct CodexExecOutput {
+    command: String,
+    args: Vec<String>,
+    exit_code: Option<i32>,
+    stdout: String,
+    stderr: String,
+    timed_out: bool,
+    output_truncated: bool,
+    duration_ms: u64,
+    workspace_root: String,
+    workspace_source: String,
+    profile: String,
+}
+
+#[derive(Debug, Serialize)]
+struct CodexRunOutput {
+    summary: String,
+    exit_status: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    patch: Option<String>,
+    logs: Vec<String>,
+    /// Structured event traces for AI workers
+    events: Vec<serde_json::Value>,
+}
+
+#[derive(Debug, Serialize)]
+struct CodexDryRunOutput {
+    backend: &'static str,
+    provider_type: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    base_url: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    model: Option<String>,
+    timeout_secs: u64,
+    mode: String,
+    repo_path: String,
+    policy_allowed: bool,
+    requires_admin: bool,
+}
+
+#[derive(Debug, Serialize)]
+struct CodexStatusOutput {
+    module_id: &'static str,
+    module_version: &'static str,
+    backend_version: &'static str,
+    provider_mode: String,
+    limits: LimitsInfo,
+    safety: SafetyInfo,
+}
+
+#[derive(Debug, Serialize)]
+struct LimitsInfo {
+    default_timeout_secs: u64,
+    max_output_bytes: usize,
+    max_log_entries: usize,
+}
+
+#[derive(Debug, Serialize)]
+struct SafetyInfo {
+    path_traversal_guard: bool,
+    symlink_escape_guard: bool,
+    output_truncation: bool,
+}
+
+#[derive(Debug, Serialize)]
+struct CodexCapabilitiesOutput {
+    tools: &'static [&'static str],
+    limits: LimitsInfo,
+    platform: String,
+    requires_admin: bool,
+}
+
+fn get_tool_definitions() -> Vec<ToolDefinition> {
+    vec![
+        ToolDefinition {
+            name: "codex_run".to_string(),
+            description: "Execute a coding task via the codex HTTP backend (requires admin)"
+                .to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {
+                    "repo_path": {
+                        "type": "string",
+                        "description": "Absolute path to repository root"
+                    },
+                    "instructions": {
+                        "type": "string",
+                        "description": "Task instructions for the coding agent"
+                    },
+                    "mode": {
+                        "type": "string",
+                        "enum": ["read_only", "workspace_write"],
+                        "default": "read_only",
+                        "description": "Execution mode"
+                    },
+                    "timeout_secs": {
+                        "type": "integer",
+                        "default": 300,
+                        "minimum": 10,
+                        "maximum": 3600,
+                        "description": "Maximum execution time"
+                    },
+                    "max_steps": {
+                        "type": "integer",
+                        "default": 50,
+                        "minimum": 1,
+                        "maximum": 200,
+                        "description": "Maximum tool call iterations"
+                    }
+                },
+                "required": ["repo_path", "instructions"]
+            }),
+        },
+        ToolDefinition {
+            name: "codex_dry_run".to_string(),
+            description: "Preview execution settings without making changes".to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {
+                    "repo_path": {
+                        "type": "string",
+                        "description": "Absolute path to repository root"
+                    },
+                    "instructions": {
+                        "type": "string",
+                        "description": "Task instructions (for context only)"
+                    },
+                    "mode": {
+                        "type": "string",
+                        "enum": ["read_only", "workspace_write"],
+                        "default": "read_only"
+                    },
+                    "timeout_secs": {
+                        "type": "integer",
+                        "default": 300
+                    },
+                    "max_steps": {
+                        "type": "integer",
+                        "default": 50
+                    }
+                },
+                "required": ["repo_path", "instructions"]
+            }),
+        },
+        ToolDefinition {
+            name: "codex_status".to_string(),
+            description: "Get module version and health information".to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {},
+                "additionalProperties": false
+            }),
+        },
+        ToolDefinition {
+            name: "codex_capabilities".to_string(),
+            description: "Get machine-readable metadata for AI workers".to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {},
+                "additionalProperties": false
+            }),
+        },
+        ToolDefinition {
+            name: "codex_exec_command".to_string(),
+            description: "Execute a command in a bounded, secure environment (requires admin)"
+                .to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {
+                    "command": {
+                        "type": "string",
+                        "description": "Command to execute (must be in allowlist)"
+                    },
+                    "args": {
+                        "type": "array",
+                        "items": { "type": "string" },
+                        "default": [],
+                        "description": "Command arguments"
+                    },
+                    "cwd": {
+                        "type": "string",
+                        "description": "Working directory (must be within workspace)"
+                    },
+                    "timeout_secs": {
+                        "type": "integer",
+                        "default": 60,
+                        "minimum": 1,
+                        "maximum": 300,
+                        "description": "Maximum execution time"
+                    },
+                    "max_output_bytes": {
+                        "type": "integer",
+                        "default": 1048576,
+                        "minimum": 1024,
+                        "maximum": 10485760,
+                        "description": "Maximum output size"
+                    },
+                    "profile": {
+                        "type": "string",
+                        "enum": ["workspace_locked", "workspace_plus_roots", "system_unlocked"],
+                        "default": "workspace_locked",
+                        "description": "Execution profile"
+                    },
+                    "repo_path": {
+                        "type": "string",
+                        "description": "Repository path for workspace resolution (optional)"
+                    }
+                },
+                "required": ["command"]
+            }),
+        },
+        ToolDefinition {
+            name: "codex_patch_preview".to_string(),
+            description: "Preview a diff patch without applying it (requires admin)".to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {
+                    "diff": {
+                        "type": "string",
+                        "description": "Unified diff content to preview"
+                    },
+                    "repo_path": {
+                        "type": "string",
+                        "description": "Repository path for workspace resolution"
+                    }
+                },
+                "required": ["diff", "repo_path"]
+            }),
+        },
+        ToolDefinition {
+            name: "codex_apply_patch".to_string(),
+            description: "Apply a diff patch with automatic backup (requires admin)".to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {
+                    "diff": {
+                        "type": "string",
+                        "description": "Unified diff content to apply"
+                    },
+                    "repo_path": {
+                        "type": "string",
+                        "description": "Repository path for workspace resolution"
+                    },
+                    "create_backup": {
+                        "type": "boolean",
+                        "default": true,
+                        "description": "Create backup before applying (recommended)"
+                    }
+                },
+                "required": ["diff", "repo_path"]
+            }),
+        },
+        ToolDefinition {
+            name: "codex_rollback_patch".to_string(),
+            description: "Rollback a previously applied patch using backup ID (requires admin)"
+                .to_string(),
+            input_schema: serde_json::json!({
+                "type": "object",
+                "properties": {
+                    "backup_id": {
+                        "type": "string",
+                        "description": "Backup ID returned from codex_apply_patch"
+                    },
+                    "repo_path": {
+                        "type": "string",
+                        "description": "Repository path for workspace resolution"
+                    }
+                },
+                "required": ["backup_id", "repo_path"]
+            }),
+        },
+    ]
+}
+
+fn parse_mode(s: Option<&str>) -> CodingMode {
+    match s.map(|s| s.to_lowercase()).as_deref() {
+        Some("workspace_write") | Some("write") => CodingMode::WorkspaceWrite,
+        _ => CodingMode::ReadOnly,
+    }
+}
+
+fn policy_context_from_env() -> Option<PolicyContext> {
+    let level = std::env::var("MASIX_CALLER_PERMISSION_LEVEL")
+        .ok()
+        .and_then(|v| PermissionLevel::from_str(v.trim()));
+    level.map(PolicyContext::new)
+}
+
+fn check_admin_policy() -> Result<()> {
+    use masix_codex_backend::AdminPolicy;
+    let policy = AdminPolicy::new();
+    if let Some(ctx) = policy_context_from_env() {
+        policy
+            .check(Some(&ctx))
+            .map_err(|e| anyhow!("Admin policy failed: {}", e))
+    } else {
+        // Compatibility mode: core runtime already enforces admin_only tools before MCP calls.
+        Ok(())
+    }
+}
+
+fn resolve_repo_root(repo_path: &str) -> Result<PathBuf> {
+    let mut workspace_config = WorkspaceConfig::default().with_repo_path(repo_path);
+    if let Ok(cwd) = std::env::current_dir() {
+        workspace_config = workspace_config.with_runtime_workdir(cwd);
+    }
+
+    let workspace = resolve_workspace(&workspace_config)
+        .map_err(|e| anyhow!("Workspace resolution failed: {}", e))?;
+    Ok(workspace.root)
+}
+
+fn get_backend_from_env() -> Result<HttpBackend> {
+    let api_key = std::env::var("CODEX_API_KEY")
+        .or_else(|_| std::env::var("OPENAI_API_KEY"))
+        .map_err(|_| anyhow!("No API key found. Set CODEX_API_KEY or OPENAI_API_KEY"))?;
+
+    let provider_type = std::env::var("CODEX_PROVIDER")
+        .ok()
+        .and_then(|s| ProviderType::from_str(&s))
+        .unwrap_or(ProviderType::OpenAI);
+
+    let base_url = std::env::var("CODEX_BASE_URL").ok();
+    let model = std::env::var("CODEX_MODEL").ok();
+    let timeout_secs = std::env::var("CODEX_TIMEOUT_SECS")
+        .ok()
+        .and_then(|s| s.parse().ok())
+        .unwrap_or(DEFAULT_TIMEOUT_SECS);
+
+    let config = HttpBackendConfig {
+        provider_type,
+        api_key,
+        base_url,
+        model,
+        timeout: Duration::from_secs(timeout_secs),
+        max_tokens: DEFAULT_MAX_TOKENS,
+        max_output_bytes: DEFAULT_MAX_OUTPUT_BYTES,
+        max_log_bytes: 64 * 1024,
+        legacy_fallback: false,
+    };
+
+    HttpBackend::new(config).map_err(|e| anyhow!("Backend init failed: {}", e))
+}
+
+async fn run_mcp_server() -> Result<()> {
+    info!("Starting codex-tools MCP server");
+    let stdin = io::stdin();
+    let mut stdout = io::stdout();
+
+    for line in stdin.lock().lines() {
+        let line = line?;
+        let line = line.trim();
+        if line.is_empty() {
+            continue;
+        }
+
+        debug!("Received: {}", line.chars().take(200).collect::<String>());
+
+        let request: JsonRpcRequest = match serde_json::from_str(line) {
+            Ok(req) => req,
+            Err(e) => {
+                let response = JsonRpcResponse {
+                    jsonrpc: "2.0".to_string(),
+                    id: None,
+                    result: None,
+                    error: Some(JsonRpcError {
+                        code: -32700,
+                        message: format!("Parse error: {}", e),
+                    }),
+                };
+                writeln!(stdout, "{}", serde_json::to_string(&response)?)?;
+                stdout.flush()?;
+                continue;
+            }
+        };
+
+        let response = handle_mcp_request(&request).await;
+        let response_str = serde_json::to_string(&response)?;
+        writeln!(stdout, "{}", response_str)?;
+        stdout.flush()?;
+    }
+
+    Ok(())
+}
+
+async fn handle_mcp_request(request: &JsonRpcRequest) -> JsonRpcResponse {
+    match request.method.as_str() {
+        "initialize" => JsonRpcResponse {
+            jsonrpc: "2.0".to_string(),
+            id: request.id.clone(),
+            result: Some(serde_json::json!({
+                "protocolVersion": "2024-11-05",
+                "capabilities": {
+                    "tools": {}
+                },
+                "serverInfo": {
+                    "name": "masix-codex-tools",
+                    "version": MODULE_VERSION
+                }
+            })),
+            error: None,
+        },
+        "notifications/initialized" => JsonRpcResponse {
+            jsonrpc: "2.0".to_string(),
+            id: None,
+            result: None,
+            error: None,
+        },
+        "tools/list" => {
+            let tools = get_tool_definitions();
+            JsonRpcResponse {
+                jsonrpc: "2.0".to_string(),
+                id: request.id.clone(),
+                result: Some(serde_json::json!({ "tools": tools })),
+                error: None,
+            }
+        }
+        "tools/call" => {
+            let params = &request.params;
+            let tool_name = params.get("name").and_then(|v| v.as_str()).unwrap_or("");
+            let arguments = params
+                .get("arguments")
+                .cloned()
+                .unwrap_or(serde_json::json!({}));
+
+            match handle_tool_call(tool_name, arguments).await {
+                Ok(result) => JsonRpcResponse {
+                    jsonrpc: "2.0".to_string(),
+                    id: request.id.clone(),
+                    result: Some(serde_json::to_value(result).unwrap_or(serde_json::json!({}))),
+                    error: None,
+                },
+                Err(e) => {
+                    error!("Tool call error: {}", e);
+                    JsonRpcResponse {
+                        jsonrpc: "2.0".to_string(),
+                        id: request.id.clone(),
+                        result: Some(
+                            serde_json::to_value(ToolResult {
+                                content: vec![ToolContent {
+                                    content_type: "text".to_string(),
+                                    text: format!("Error: {}", e),
+                                }],
+                                is_error: true,
+                            })
+                            .unwrap_or(serde_json::json!({})),
+                        ),
+                        error: None,
+                    }
+                }
+            }
+        }
+        _ => JsonRpcResponse {
+            jsonrpc: "2.0".to_string(),
+            id: request.id.clone(),
+            result: None,
+            error: Some(JsonRpcError {
+                code: -32601,
+                message: format!("Method not found: {}", request.method),
+            }),
+        },
+    }
+}
+
+async fn handle_tool_call(name: &str, arguments: serde_json::Value) -> Result<ToolResult> {
+    match name {
+        "codex_run" => {
+            let input: CodexRunInput =
+                serde_json::from_value(arguments).map_err(|e| anyhow!("Invalid input: {}", e))?;
+
+            let backend = get_backend_from_env()?;
+            let mode = parse_mode(input.mode.as_deref());
+
+            let task = CodingTask {
+                repo_path: resolve_repo_root(&input.repo_path)?,
+                instructions: input.instructions,
+                mode,
+                timeout: Some(Duration::from_secs(input.timeout_secs)),
+                max_steps: Some(input.max_steps),
+                policy: policy_context_from_env().or_else(|| Some(PolicyContext::admin())),
+            };
+
+            let result = backend.run(task).await?;
+
+            let output = CodexRunOutput {
+                summary: result.summary,
+                exit_status: result.exit_status.to_string(),
+                patch: result.patch,
+                logs: result.logs,
+                events: result
+                    .events
+                    .iter()
+                    .map(|e| serde_json::to_value(e).unwrap_or_default())
+                    .collect(),
+            };
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&output)?,
+                }],
+                is_error: false,
+            })
+        }
+        "codex_dry_run" => {
+            let input: CodexRunInput =
+                serde_json::from_value(arguments).map_err(|e| anyhow!("Invalid input: {}", e))?;
+
+            // Build DryRunInfo directly from env vars — no API key required
+            let provider_type = std::env::var("CODEX_PROVIDER")
+                .ok()
+                .and_then(|s| ProviderType::from_str(&s))
+                .unwrap_or(ProviderType::OpenAI);
+
+            let base_url = std::env::var("CODEX_BASE_URL").ok();
+            let model = std::env::var("CODEX_MODEL").ok();
+            let has_api_key = std::env::var("CODEX_API_KEY")
+                .or_else(|_| std::env::var("OPENAI_API_KEY"))
+                .is_ok();
+
+            let mode = parse_mode(input.mode.as_deref());
+            let repo_path = resolve_repo_root(&input.repo_path)?;
+
+            let output = CodexDryRunOutput {
+                backend: "http",
+                provider_type: provider_type.as_str().to_string(),
+                base_url,
+                model,
+                timeout_secs: input.timeout_secs,
+                mode: match mode {
+                    CodingMode::ReadOnly => "read-only".to_string(),
+                    CodingMode::WorkspaceWrite => "workspace-write".to_string(),
+                },
+                repo_path: repo_path.to_string_lossy().to_string(),
+                policy_allowed: has_api_key,
+                requires_admin: true,
+            };
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&output)?,
+                }],
+                is_error: false,
+            })
+        }
+        "codex_status" => {
+            let provider_mode = std::env::var("CODEX_PROVIDER")
+                .ok()
+                .unwrap_or_else(|| "openai".to_string());
+
+            let output = CodexStatusOutput {
+                module_id: "codex-tools",
+                module_version: MODULE_VERSION,
+                backend_version: BACKEND_VERSION,
+                provider_mode,
+                limits: LimitsInfo {
+                    default_timeout_secs: DEFAULT_TIMEOUT_SECS,
+                    max_output_bytes: DEFAULT_MAX_OUTPUT_BYTES,
+                    max_log_entries: backend::MAX_LOG_ENTRIES,
+                },
+                safety: SafetyInfo {
+                    path_traversal_guard: true,
+                    symlink_escape_guard: true,
+                    output_truncation: true,
+                },
+            };
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&output)?,
+                }],
+                is_error: false,
+            })
+        }
+        "codex_capabilities" => {
+            let output = CodexCapabilitiesOutput {
+                tools: &[
+                    "codex_run",
+                    "codex_dry_run",
+                    "codex_status",
+                    "codex_capabilities",
+                    "codex_exec_command",
+                    "codex_patch_preview",
+                    "codex_apply_patch",
+                    "codex_rollback_patch",
+                ],
+                limits: LimitsInfo {
+                    default_timeout_secs: DEFAULT_TIMEOUT_SECS,
+                    max_output_bytes: DEFAULT_MAX_OUTPUT_BYTES,
+                    max_log_entries: backend::MAX_LOG_ENTRIES,
+                },
+                platform: detect_platform(),
+                requires_admin: true,
+            };
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&output)?,
+                }],
+                is_error: false,
+            })
+        }
+        "codex_exec_command" => {
+            check_admin_policy()?;
+            let input: CodexExecInput =
+                serde_json::from_value(arguments).map_err(|e| anyhow!("Invalid input: {}", e))?;
+
+            // Resolve workspace
+            let profile = input
+                .profile
+                .as_deref()
+                .and_then(ExecutionProfile::from_str)
+                .unwrap_or_default();
+
+            let mut workspace_config = WorkspaceConfig::default().with_profile(profile);
+            if let Some(ref repo_path) = input.repo_path {
+                workspace_config = workspace_config.with_repo_path(repo_path);
+            }
+            if let Ok(cwd) = std::env::current_dir() {
+                workspace_config = workspace_config.with_runtime_workdir(cwd);
+            }
+
+            let workspace = resolve_workspace(&workspace_config)
+                .map_err(|e| anyhow!("Workspace resolution failed: {}", e))?;
+
+            // Create executor
+            let executor = CommandExecutor::new(workspace.clone()).with_profile(workspace.profile);
+
+            // Build request
+            let exec_request = ExecRequest::new(&input.command)
+                .args(&input.args)
+                .timeout_secs(input.timeout_secs)
+                .max_output_bytes(input.max_output_bytes);
+
+            let exec_request = if let Some(ref cwd) = input.cwd {
+                exec_request.cwd(cwd)
+            } else {
+                exec_request
+            };
+
+            // Execute
+            let result = executor.execute(exec_request).await?;
+
+            // Determine error status before moving result fields
+            let is_error = !result.success() && !result.timed_out;
+
+            let output = CodexExecOutput {
+                command: input.command,
+                args: input.args,
+                exit_code: result.exit_code,
+                stdout: result.stdout,
+                stderr: result.stderr,
+                timed_out: result.timed_out,
+                output_truncated: result.output_truncated,
+                duration_ms: result.duration.as_millis() as u64,
+                workspace_root: workspace.root.to_string_lossy().to_string(),
+                workspace_source: workspace.source.to_string(),
+                profile: workspace.profile.to_string(),
+            };
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&output)?,
+                }],
+                is_error,
+            })
+        }
+        "codex_patch_preview" => {
+            check_admin_policy()?;
+            #[derive(Debug, Deserialize)]
+            struct PatchPreviewInput {
+                diff: String,
+                repo_path: String,
+            }
+
+            let input: PatchPreviewInput =
+                serde_json::from_value(arguments).map_err(|e| anyhow!("Invalid input: {}", e))?;
+
+            let workspace_config = WorkspaceConfig::default().with_repo_path(&input.repo_path);
+            let workspace = resolve_workspace(&workspace_config)
+                .map_err(|e| anyhow!("Workspace resolution failed: {}", e))?;
+
+            let preview = preview_patch(&input.diff, &workspace)
+                .map_err(|e| anyhow!("Patch preview failed: {}", e))?;
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&preview)?,
+                }],
+                is_error: false,
+            })
+        }
+        "codex_apply_patch" => {
+            check_admin_policy()?;
+            #[derive(Debug, Deserialize)]
+            struct PatchApplyInput {
+                diff: String,
+                repo_path: String,
+                #[serde(default = "default_create_backup")]
+                create_backup: bool,
+            }
+
+            fn default_create_backup() -> bool {
+                true
+            }
+
+            let input: PatchApplyInput =
+                serde_json::from_value(arguments).map_err(|e| anyhow!("Invalid input: {}", e))?;
+
+            let workspace_config = WorkspaceConfig::default().with_repo_path(&input.repo_path);
+            let workspace = resolve_workspace(&workspace_config)
+                .map_err(|e| anyhow!("Workspace resolution failed: {}", e))?;
+
+            let result = apply_patch(&input.diff, &workspace, input.create_backup)
+                .map_err(|e| anyhow!("Patch apply failed: {}", e))?;
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&result)?,
+                }],
+                is_error: !result.success,
+            })
+        }
+        "codex_rollback_patch" => {
+            check_admin_policy()?;
+            #[derive(Debug, Deserialize)]
+            struct RollbackInput {
+                backup_id: String,
+                repo_path: String,
+            }
+
+            let input: RollbackInput =
+                serde_json::from_value(arguments).map_err(|e| anyhow!("Invalid input: {}", e))?;
+
+            let workspace_config = WorkspaceConfig::default().with_repo_path(&input.repo_path);
+            let workspace = resolve_workspace(&workspace_config)
+                .map_err(|e| anyhow!("Workspace resolution failed: {}", e))?;
+
+            let restored = rollback_patch(&input.backup_id, &workspace)
+                .map_err(|e| anyhow!("Rollback failed: {}", e))?;
+
+            let output = serde_json::json!({
+                "success": true,
+                "backup_id": input.backup_id,
+                "restored_files": restored
+            });
+
+            Ok(ToolResult {
+                content: vec![ToolContent {
+                    content_type: "text".to_string(),
+                    text: serde_json::to_string_pretty(&output)?,
+                }],
+                is_error: false,
+            })
+        }
+        _ => Err(anyhow!("Unknown tool: {}", name)),
+    }
+}
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            tracing_subscriber::EnvFilter::from_default_env()
+                .add_directive("masix_plugin_codex_tools=info".parse()?),
+        )
+        .with_writer(std::io::stderr)
+        .init();
+
+    let cli = Cli::parse();
+
+    match cli.command {
+        Commands::Manifest => {
+            let manifest = serde_json::json!({
+                "id": "codex-tools",
+                "name": "MasiX Codex Tools",
+                "version": MODULE_VERSION,
+                "tools": [
+                    "codex_run", "codex_dry_run", "codex_status", "codex_capabilities",
+                    "codex_exec_command", "codex_patch_preview", "codex_apply_patch",
+                    "codex_rollback_patch"
+                ],
+                "capabilities": ["http_client", "file_read", "file_write", "command_exec", "patch_apply"],
+                "requires_admin": true,
+                "backend_version": BACKEND_VERSION
+            });
+            println!("{}", serde_json::to_string_pretty(&manifest)?);
+        }
+        Commands::ServeMcp => {
+            run_mcp_server().await?;
+        }
+        Commands::Run {
+            repo,
+            instructions,
+            mode,
+            timeout,
+        } => {
+            let backend = get_backend_from_env()?;
+            let task = CodingTask {
+                repo_path: resolve_repo_root(&repo)?,
+                instructions,
+                mode: parse_mode(Some(&mode)),
+                timeout: Some(Duration::from_secs(timeout)),
+                max_steps: Some(50),
+                policy: Some(PolicyContext::unenforced()), // CLI mode
+            };
+            let result = backend.run(task).await?;
+            println!("{}", serde_json::to_string_pretty(&result)?);
+        }
+    }
+
+    Ok(())
+}