@vibelet/cli 0.1.34 → 0.1.36

package/src/drivers/codex.ts

@@ -0,0 +1,879 @@
+import { spawn, type ChildProcess } from 'child_process';
+import { existsSync } from 'fs';
+import type { ApprovalRequestPayload } from '@vibelet/shared';
+import type { Driver, MessageHandler } from './types.js';
+import { config } from '../config.js';
+import { logger as rootLogger } from '../logger.js';
+import { metrics } from '../metrics.js';
+import { audit } from '../audit.js';
+import { CLI_VERSION } from '../cli-version.js';
+
+const log = rootLogger.child({ module: 'codex' });
+
+type CodexApprovalRequest =
+  | {
+      kind: 'command-execution';
+      responseKind: 'v2';
+      rpcId: number;
+      toolName: string;
+      input: Record<string, unknown>;
+    }
+  | {
+      kind: 'file-change';
+      responseKind: 'v2';
+      rpcId: number;
+      toolName: string;
+      input: Record<string, unknown>;
+    }
+  | {
+      kind: 'request-user-input-approval';
+      rpcId: number;
+      questionId: string;
+      approveLabel: string;
+      denyLabel: string;
+      toolName: string;
+      input: Record<string, unknown>;
+    }
+  | {
+      kind: 'exec-command-legacy';
+      rpcId: number;
+      toolName: string;
+      input: Record<string, unknown>;
+    }
+  | {
+      kind: 'apply-patch-legacy';
+      rpcId: number;
+      toolName: string;
+      input: Record<string, unknown>;
+    };
+
+type CodexToolContext = {
+  toolName: string;
+  input: Record<string, unknown>;
+};
+
+function serializeApprovalContext(request: CodexApprovalRequest): NonNullable<ApprovalRequestPayload['approvalContext']> {
+  switch (request.kind) {
+    case 'request-user-input-approval':
+      return {
+        provider: 'codex',
+        kind: request.kind,
+        rpcId: request.rpcId,
+        questionId: request.questionId,
+        approveLabel: request.approveLabel,
+        denyLabel: request.denyLabel,
+      };
+    default:
+      return {
+        provider: 'codex',
+        kind: request.kind,
+        rpcId: request.rpcId,
+      };
+  }
+}
+
+function restoreApprovalRequest(approval: ApprovalRequestPayload): CodexApprovalRequest | null {
+  const context = approval.approvalContext;
+  if (!context || context.provider !== 'codex') {
+    return null;
+  }
+
+  switch (context.kind) {
+    case 'command-execution':
+      return {
+        kind: context.kind,
+        responseKind: 'v2',
+        rpcId: context.rpcId,
+        toolName: approval.toolName,
+        input: approval.input,
+      };
+    case 'file-change':
+      return {
+        kind: context.kind,
+        responseKind: 'v2',
+        rpcId: context.rpcId,
+        toolName: approval.toolName,
+        input: approval.input,
+      };
+    case 'request-user-input-approval':
+      if (!context.questionId || !context.approveLabel || !context.denyLabel) {
+        return null;
+      }
+      return {
+        kind: context.kind,
+        rpcId: context.rpcId,
+        questionId: context.questionId,
+        approveLabel: context.approveLabel,
+        denyLabel: context.denyLabel,
+        toolName: approval.toolName,
+        input: approval.input,
+      };
+    case 'exec-command-legacy':
+      return {
+        kind: context.kind,
+        rpcId: context.rpcId,
+        toolName: approval.toolName,
+        input: approval.input,
+      };
+    case 'apply-patch-legacy':
+      return {
+        kind: context.kind,
+        rpcId: context.rpcId,
+        toolName: approval.toolName,
+        input: approval.input,
+      };
+    default:
+      return null;
+  }
+}
+
+function asRecord(value: unknown): Record<string, unknown> | null {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) return null;
+  return value as Record<string, unknown>;
+}
+
+function readString(value: unknown): string | null {
+  return typeof value === 'string' && value.trim().length > 0 ? value.trim() : null;
+}
+
+const INTERRUPTED_TURN_STATUSES = new Set(['aborted', 'interrupted', 'cancelled', 'canceled']);
+
+function normalizeTurnStatus(value: unknown): string | null {
+  const text = readString(value);
+  return text ? text.toLowerCase() : null;
+}
+
+function normalizeItemType(value: unknown): string | null {
+  const text = readString(value);
+  return text ? text.replace(/[^a-z0-9]/gi, '').toLowerCase() : null;
+}
+
+function readItemId(record: Record<string, unknown> | null | undefined): string | null {
+  if (!record) return null;
+  return readString(record.itemId) ?? readString(record.id) ?? readString(record.callId) ?? readString(record.call_id);
+}
+
+function omitKeys(record: Record<string, unknown>, keys: string[]): Record<string, unknown> {
+  const next: Record<string, unknown> = {};
+  for (const [key, value] of Object.entries(record)) {
+    if (!keys.includes(key)) next[key] = value;
+  }
+  return next;
+}
+
+function isApproveLabel(label: string): boolean {
+  return /\bapprove\b|\ballow\b|\baccept\b|\byes\b|\bcontinue\b|\bproceed\b|\brun\b|\bapply\b/i.test(label);
+}
+
+function isDenyLabel(label: string): boolean {
+  return /\bdeny\b|\breject\b|\bdecline\b|\bno\b|\bcancel\b|\babort\b|\bstop\b/i.test(label);
+}
+
+function resolveApprovalQuestion(questions: unknown): {
+  questionId: string;
+  approveLabel: string;
+  denyLabel: string;
+} | null {
+  if (!Array.isArray(questions)) return null;
+  for (const question of questions) {
+    const record = asRecord(question);
+    if (!record) continue;
+
+    const questionId = readString(record.id);
+    const options = Array.isArray(record.options)
+      ? record.options.map((option) => asRecord(option)).filter((option): option is Record<string, unknown> => Boolean(option))
+      : [];
+    if (!questionId || options.length === 0) continue;
+
+    const labels = options
+      .map((option) => readString(option.label))
+      .filter((label): label is string => Boolean(label));
+    if (labels.length < 2) continue;
+
+    const approveLabel = labels.find((label) => isApproveLabel(label)) ?? labels[0];
+    const denyLabel = labels.find((label) => isDenyLabel(label)) ?? labels[labels.length - 1];
+
+    if (!approveLabel || !denyLabel || approveLabel === denyLabel) {
+      continue;
+    }
+
+    return {
+      questionId,
+      approveLabel,
+      denyLabel,
+    };
+  }
+
+  return null;
+}
+
+function looksLikeApprovalRequestUserInput(questions: unknown): boolean {
+  if (!Array.isArray(questions) || questions.length === 0) return false;
+  const labels = questions
+    .map((question) => asRecord(question))
+    .filter((question): question is Record<string, unknown> => Boolean(question))
+    .flatMap((question) => {
+      const options = Array.isArray(question.options) ? question.options : [];
+      return options
+        .map((option) => asRecord(option))
+        .filter((option): option is Record<string, unknown> => Boolean(option))
+        .map((option) => readString(option.label))
+        .filter((label): label is string => Boolean(label));
+    });
+  const hasApproval = labels.some((label) => isApproveLabel(label));
+  const hasDeny = labels.some((label) => isDenyLabel(label));
+  return hasApproval && hasDeny;
+}
+
+function extractToolContext(item: Record<string, unknown>): CodexToolContext | null {
+  const itemType = normalizeItemType(item.type ?? item.itemType);
+  if (itemType === 'commandexecution') {
+    return {
+      toolName: 'Bash',
+      input: omitKeys(item, ['id', 'itemId', 'type', 'itemType', 'stdout', 'stderr', 'exitCode', 'exit_code', 'status', 'success', 'error']),
+    };
+  }
+  if (itemType === 'filechange') {
+    return {
+      toolName: 'Patch',
+      input: omitKeys(item, ['id', 'itemId', 'type', 'itemType', 'stdout', 'stderr', 'exitCode', 'exit_code', 'status', 'success', 'error']),
+    };
+  }
+  if (itemType === 'mcptoolcall') {
+    const server = readString(item.server);
+    const tool = readString(item.tool) ?? readString(item.name);
+    if (!tool) return null;
+    return {
+      toolName: server ? `mcp__${server}__${tool}` : tool,
+      input: (asRecord(item.arguments) ?? asRecord(item.input) ?? {}) as Record<string, unknown>,
+    };
+  }
+  return null;
+}
+
+function readRequestUserInputDescription(questions: unknown): string {
+  if (!Array.isArray(questions)) return '';
+  for (const question of questions) {
+    const record = asRecord(question);
+    if (!record) continue;
+    const questionText = readString(record.question) ?? readString(record.header);
+    if (questionText) return questionText;
+  }
+  return '';
+}
+
+function resolveCodexPolicy(approvalMode: string | undefined, cwd: string): {
+  approvalPolicy: 'on-request' | 'never';
+  sandbox: 'workspace-write' | 'danger-full-access';
+  sandboxPolicy: Record<string, unknown>;
+} {
+  if (approvalMode === 'autoApprove') {
+    return {
+      approvalPolicy: 'never',
+      sandbox: 'danger-full-access',
+      sandboxPolicy: { type: 'dangerFullAccess' },
+    };
+  }
+  if (approvalMode === 'plan') {
+    return {
+      approvalPolicy: 'on-request',
+      sandbox: 'workspace-write',
+      sandboxPolicy: {
+        type: 'workspaceWrite',
+        writableRoots: [],
+        readOnlyAccess: { type: 'fullAccess' },
+        networkAccess: true,
+        excludeTmpdirEnvVar: false,
+        excludeSlashTmp: false,
+      },
+    };
+  }
+  return {
+    approvalPolicy: 'on-request',
+    sandbox: 'workspace-write',
+    sandboxPolicy: {
+      type: 'workspaceWrite',
+      writableRoots: [cwd],
+      readOnlyAccess: { type: 'fullAccess' },
+      networkAccess: true,
+      excludeTmpdirEnvVar: false,
+      excludeSlashTmp: false,
+    },
+  };
+}
+
+export class CodexDriver implements Driver {
+  private proc: ChildProcess | null = null;
+  private handler: MessageHandler | null = null;
+  private exitHandler: ((code: number | null) => void) | null = null;
+  private buffer = '';
+  private rpcId = 0;
+  private pending = new Map<number, { resolve: (v: unknown) => void; reject: (e: Error) => void }>();
+  private threadId = '';
+  private lastStderr: string[] = [];
+  private approvalRequests = new Map<string, CodexApprovalRequest>();
+  private toolContextByCallId = new Map<string, CodexToolContext>();
+  private turnStartInFlight = false;
+  private interruptRequestedDuringTurnStart = false;
+
+  private approvalMode?: string;
+  private cwd = '';
+
+  async start(cwd: string, resumeSessionId?: string, approvalMode?: string): Promise<string> {
+    this.approvalMode = approvalMode;
+    this.cwd = cwd;
+    this.approvalRequests.clear();
+    this.toolContextByCallId.clear();
+    this.turnStartInFlight = false;
+    this.interruptRequestedDuringTurnStart = false;
+    const codexPath = config.codexPath;
+    let spawnCmd: string;
+    let spawnArgs = this.buildSpawnArgs();
+
+    if (config.isTransientPath(codexPath)) {
+      const resolved = config.execViaLoginShell('codex', spawnArgs);
+      spawnCmd = resolved.command;
+      spawnArgs = resolved.args;
+      log.info({ spawnCmd, argsPreview: spawnArgs.slice(0, 2) }, 'spawning via login shell');
+    } else {
+      spawnCmd = codexPath;
+      log.info({ spawnCmd, args: spawnArgs }, 'spawning');
+    }
+
+    audit.emit('driver.spawn', { agent: 'codex', cwd, resumeSessionId });
+    this.lastStderr = [];
+
+    this.proc = spawn(spawnCmd, spawnArgs, {
+      cwd: cwd || undefined,
+      stdio: ['pipe', 'pipe', 'pipe'],
+      env: config.buildSanitizedEnv(),
+      ...(process.platform === 'win32' ? { shell: true } : {}),
+    });
+
+    this.proc.on('error', (err) => {
+      let message = err.message;
+      if ((err as NodeJS.ErrnoException).code === 'ENOENT' && cwd && !existsSync(cwd)) {
+        message = `Working directory does not exist: ${cwd}`;
+      }
+      log.error({ error: message, cwd }, 'spawn error');
+      audit.emit('driver.error', { agent: 'codex', error: message });
+    });
+
+    this.proc.stdout!.on('data', (chunk: Buffer) => {
+      this.buffer += chunk.toString();
+      const lines = this.buffer.split('\n');
+      this.buffer = lines.pop()!;
+      for (const line of lines) {
+        if (!line.trim()) continue;
+        try {
+          this.handleRaw(JSON.parse(line));
+        } catch {
+          log.warn({ linePreview: line.slice(0, 200) }, 'failed to parse stdout line');
+        }
+      }
+    });
+
+    this.proc.stderr!.on('data', (chunk: Buffer) => {
+      const text = chunk.toString().trim();
+      if (text) {
+        log.debug({ stderr: text }, 'stderr');
+        this.lastStderr.push(text);
+        if (this.lastStderr.length > 10) this.lastStderr.shift();
+      }
+    });
+
+    this.proc.on('exit', (code) => {
+      log.info({ threadId: this.threadId, exitCode: code }, 'process exited');
+      if (code && code !== 0) {
+        log.error({ threadId: this.threadId, exitCode: code, lastStderr: this.lastStderr.slice(-3) }, 'abnormal exit');
+      }
+      this.proc = null;
+      this.approvalRequests.clear();
+      this.toolContextByCallId.clear();
+      this.turnStartInFlight = false;
+      this.interruptRequestedDuringTurnStart = false;
+      for (const [, { reject }] of this.pending) {
+        reject(new Error(`Codex process exited with code ${code}`));
+      }
+      this.pending.clear();
+      this.exitHandler?.(code);
+      if (code && this.handler && this.threadId) {
+        this.handler({ type: 'error', sessionId: this.threadId, message: `Codex process exited with code ${code}` });
+      }
+    });
+
+    const endInit = metrics.startTimer('rpc.duration');
+    await this.rpc('initialize', {
+      clientInfo: { name: '@vibelet/cli', version: CLI_VERSION },
+      capabilities: {
+        experimentalApi: true,
+      },
+    });
+    endInit();
+    this.rpcNotify('initialized', {});
+
+    const policy = resolveCodexPolicy(this.approvalMode, cwd);
+
+    if (resumeSessionId) {
+      const res = await this.rpc('thread/resume', {
+        threadId: resumeSessionId,
+        approvalPolicy: policy.approvalPolicy,
+        sandbox: policy.sandbox,
+        persistExtendedHistory: true,
+      }) as any;
+      this.threadId = res?.thread?.id ?? resumeSessionId;
+      log.info({ threadId: this.threadId }, 'thread resumed');
+      audit.emit('driver.init', { agent: 'codex', sessionId: this.threadId });
+    } else {
+      const res = await this.rpc('thread/start', {
+        cwd,
+        approvalPolicy: policy.approvalPolicy,
+        sandbox: policy.sandbox,
+        experimentalRawEvents: true,
+        persistExtendedHistory: true,
+      }) as any;
+      this.threadId = res?.thread?.id ?? res?.threadId ?? '';
+      log.info({ threadId: this.threadId }, 'thread created');
+      audit.emit('driver.init', { agent: 'codex', sessionId: this.threadId });
+    }
+
+    return this.threadId;
+  }
+
+  private buildSpawnArgs(): string[] {
+    return ['app-server', '--listen', 'stdio://'];
+  }
+
+  sendPrompt(text: string): void {
+    const policy = resolveCodexPolicy(this.approvalMode, this.cwd || process.cwd());
+    this.turnStartInFlight = true;
+    this.interruptRequestedDuringTurnStart = false;
+    log.info({ threadId: this.threadId, promptPreview: text.slice(0, 50) }, 'turn/start');
+    this.rpc('turn/start', {
+      threadId: this.threadId,
+      input: [{ type: 'text', text }],
+      approvalPolicy: policy.approvalPolicy,
+      sandboxPolicy: policy.sandboxPolicy,
+    })
+      .then((res) => {
+        log.debug({ resultPreview: JSON.stringify(res).slice(0, 200) }, 'turn/start result');
+        this.turnStartInFlight = false;
+        if (this.interruptRequestedDuringTurnStart) {
+          this.interruptRequestedDuringTurnStart = false;
+          this.requestTurnInterrupt();
+        }
+      })
+      .catch((e) => {
+        this.turnStartInFlight = false;
+        this.interruptRequestedDuringTurnStart = false;
+        log.error({ threadId: this.threadId, error: e.message }, 'sendPrompt error');
+        this.handler?.({ type: 'error', sessionId: this.threadId, message: e.message });
+      });
+  }
+
+  respondApproval(requestId: string, approved: boolean): boolean {
+    if (!this.proc?.stdin?.writable) return false;
+    const tracked = this.approvalRequests.get(requestId);
+    const rpcId = tracked?.rpcId ?? Number(requestId);
+    if (!Number.isFinite(rpcId)) return false;
+
+    let result: Record<string, unknown>;
+    if (!tracked) {
+      result = approved
+        ? { decision: 'approve' }
+        : { decision: 'deny', reason: 'User denied from Vibelet' };
+    } else {
+      switch (tracked.kind) {
+        case 'command-execution':
+        case 'file-change':
+          result = { decision: approved ? 'accept' : 'decline' };
+          break;
+        case 'request-user-input-approval':
+          result = {
+            answers: {
+              [tracked.questionId]: {
+                answers: [approved ? tracked.approveLabel : tracked.denyLabel],
+              },
+            },
+          };
+          break;
+        case 'exec-command-legacy':
+        case 'apply-patch-legacy':
+          result = { decision: approved ? 'approved' : 'denied' };
+          break;
+        default:
+          result = { decision: approved ? 'accept' : 'decline' };
+          break;
+      }
+      this.approvalRequests.delete(requestId);
+    }
+
+    log.info({ threadId: this.threadId, rpcId, approved }, 'approval response');
+    this.proc.stdin.write(JSON.stringify({ jsonrpc: '2.0', id: rpcId, result }) + '\n');
+    return true;
+  }
+
+  restorePendingApproval(approval: ApprovalRequestPayload): void {
+    const request = restoreApprovalRequest(approval);
+    if (!request) {
+      return;
+    }
+    this.approvalRequests.set(approval.requestId, request);
+  }
+
+  interrupt(): void {
+    if (this.turnStartInFlight) {
+      this.interruptRequestedDuringTurnStart = true;
+    }
+    this.requestTurnInterrupt();
+  }
+
+  setApprovalMode(mode: string): void {
+    this.approvalMode = mode;
+    log.info({ approvalMode: mode }, 'approval mode updated (takes effect on subsequent turns)');
+  }
+
+  stop(): void {
+    if (!this.proc) return;
+    this.proc.kill('SIGTERM');
+    const p = this.proc;
+    setTimeout(() => {
+      if (!p.killed) p.kill('SIGKILL');
+    }, 5000).unref();
+    this.proc = null;
+    this.approvalRequests.clear();
+    this.toolContextByCallId.clear();
+    this.turnStartInFlight = false;
+    this.interruptRequestedDuringTurnStart = false;
+    for (const [, { reject }] of this.pending) {
+      reject(new Error('Process stopped'));
+    }
+    this.pending.clear();
+  }
+
+  onMessage(handler: MessageHandler): void {
+    this.handler = handler;
+  }
+
+  onExit(handler: (code: number | null) => void): void {
+    this.exitHandler = handler;
+  }
+
+  private rpc(method: string, params: unknown): Promise<unknown> {
+    const id = ++this.rpcId;
+    const endTimer = metrics.startTimer('rpc.duration');
+    return new Promise((resolve, reject) => {
+      this.pending.set(id, {
+        resolve: (v) => { endTimer(); resolve(v); },
+        reject: (e) => { endTimer(); reject(e); },
+      });
+      if (!this.proc?.stdin?.writable) {
+        this.pending.delete(id);
+        endTimer();
+        reject(new Error('Process not available'));
+        return;
+      }
+      this.proc.stdin.write(JSON.stringify({ jsonrpc: '2.0', method, id, params }) + '\n');
+      setTimeout(() => {
+        if (this.pending.has(id)) {
+          this.pending.delete(id);
+          log.error({ method, rpcId: id, threadId: this.threadId }, 'RPC timeout');
+          endTimer();
+          reject(new Error(`RPC timeout: ${method}`));
+        }
+      }, 30000).unref();
+    });
+  }
+
+  private requestTurnInterrupt(): void {
+    this.rpc('turn/interrupt', { threadId: this.threadId }).catch(() => {});
+  }
+
+  private rpcNotify(method: string, params: unknown): void {
+    if (!this.proc?.stdin?.writable) return;
+    this.proc.stdin.write(JSON.stringify({ jsonrpc: '2.0', method, params }) + '\n');
+  }
+
+  private writeServerRequestError(rpcId: number, message: string): void {
+    if (!this.proc?.stdin?.writable) return;
+    this.proc.stdin.write(JSON.stringify({
+      jsonrpc: '2.0',
+      id: rpcId,
+      error: { code: -32601, message },
+    }) + '\n');
+  }
+
+  private resolveToolContext(params: Record<string, unknown> | undefined): {
+    callId: string;
+    toolContext: CodexToolContext;
+  } | null {
+    const item = asRecord(params?.item) ?? params ?? null;
+    const callId = readItemId(item);
+    if (!callId) return null;
+
+    const extracted = item ? extractToolContext(item) : null;
+    if (extracted) {
+      this.toolContextByCallId.set(callId, extracted);
+      return { callId, toolContext: extracted };
+    }
+
+    const remembered = this.toolContextByCallId.get(callId);
+    if (!remembered) return null;
+    return { callId, toolContext: remembered };
+  }
+
+  private createFallbackInput(params: Record<string, unknown> | undefined, excludedKeys: string[]): Record<string, unknown> {
+    return params ? omitKeys(params, ['threadId', 'turnId', ...excludedKeys]) : {};
+  }
+
+  private queueApprovalRequest(requestId: string, request: CodexApprovalRequest, description: string): void {
+    this.approvalRequests.set(requestId, request);
+    audit.emit('approval.request', { agent: 'codex', sessionId: this.threadId, toolName: request.toolName });
+
+    if (!this.handler) {
+      log.warn({ threadId: this.threadId, requestId, toolName: request.toolName }, 'approval request received without handler');
+      if (!this.respondApproval(requestId, false)) {
+        this.writeServerRequestError(request.rpcId, 'Approval handler unavailable');
+      }
+      return;
+    }
+
+    this.handler({
+      type: 'approval.request',
+      sessionId: this.threadId,
+      requestId,
+      toolName: request.toolName,
+      input: request.input,
+      description,
+      approvalContext: serializeApprovalContext(request),
+    });
+  }
+
+  private handleServerRequest(method: string, rpcId: number, params: Record<string, unknown> | undefined): void {
+    const requestId = String(rpcId);
+    const resolved = this.resolveToolContext(params);
+
+    if (method === 'item/commandExecution/requestApproval') {
+      this.queueApprovalRequest(requestId, {
+        kind: 'command-execution',
+        responseKind: 'v2',
+        rpcId,
+        toolName: resolved?.toolContext.toolName ?? 'Bash',
+        input: resolved?.toolContext.input ?? this.createFallbackInput(params, ['itemId', 'reason', 'description']),
+      }, readString(params?.reason) ?? readString(params?.description) ?? '');
+      return;
+    }
+
+    if (method === 'item/fileChange/requestApproval') {
+      this.queueApprovalRequest(requestId, {
+        kind: 'file-change',
+        responseKind: 'v2',
+        rpcId,
+        toolName: resolved?.toolContext.toolName ?? 'Patch',
+        input: resolved?.toolContext.input ?? this.createFallbackInput(params, ['itemId', 'reason', 'description']),
+      }, readString(params?.reason) ?? readString(params?.description) ?? '');
+      return;
+    }
+
+    if (method === 'item/tool/requestUserInput') {
+      const questions = params?.questions;
+      if (!looksLikeApprovalRequestUserInput(questions)) {
+        log.warn({ threadId: this.threadId, rpcId }, 'unsupported requestUserInput request');
+        this.writeServerRequestError(rpcId, 'Unsupported interactive request from Codex');
+        return;
+      }
+
+      const question = resolveApprovalQuestion(questions);
+      if (!question) {
+        this.writeServerRequestError(rpcId, 'Malformed requestUserInput approval request');
+        return;
+      }
+
+      this.queueApprovalRequest(requestId, {
+        kind: 'request-user-input-approval',
+        rpcId,
+        questionId: question.questionId,
+        approveLabel: question.approveLabel,
+        denyLabel: question.denyLabel,
+        toolName: resolved?.toolContext.toolName ?? 'Bash',
+        input: resolved?.toolContext.input ?? this.createFallbackInput(params, ['itemId', 'questions']),
+      }, readRequestUserInputDescription(questions));
+      return;
+    }
+
+    if (method === 'execCommandApproval') {
+      this.queueApprovalRequest(requestId, {
+        kind: 'exec-command-legacy',
+        rpcId,
+        toolName: resolved?.toolContext.toolName ?? 'Bash',
+        input: resolved?.toolContext.input ?? this.createFallbackInput(params, []),
+      }, readString(params?.reason) ?? readString(params?.description) ?? '');
+      return;
+    }
+
+    if (method === 'applyPatchApproval') {
+      this.queueApprovalRequest(requestId, {
+        kind: 'apply-patch-legacy',
+        rpcId,
+        toolName: resolved?.toolContext.toolName ?? 'Patch',
+        input: resolved?.toolContext.input ?? this.createFallbackInput(params, []),
+      }, readString(params?.reason) ?? readString(params?.description) ?? '');
+      return;
+    }
+
+    if (method === 'item/permissions/requestApproval') {
+      log.warn({ threadId: this.threadId, rpcId }, 'unsupported permissions approval request');
+      this.writeServerRequestError(rpcId, 'Unsupported permissions approval request');
+      return;
+    }
+
+    log.warn({ threadId: this.threadId, rpcId, method }, 'unsupported server request');
+    this.writeServerRequestError(rpcId, `Unsupported server request: ${method}`);
+  }
+
+  private handleRaw(msg: Record<string, unknown>): void {
+    log.debug({ method: msg.method ?? '(response)', rpcId: msg.id ?? '-' }, 'handleRaw');
+
+    if (msg.id != null && !msg.method && this.pending.has(msg.id as number)) {
+      const p = this.pending.get(msg.id as number)!;
+      this.pending.delete(msg.id as number);
+      if (msg.error) {
+        p.reject(new Error((msg.error as any).message ?? 'RPC error'));
+      } else {
+        p.resolve(msg.result);
+      }
+      return;
+    }
+
+    const method = typeof msg.method === 'string' ? msg.method : undefined;
+    const params = asRecord(msg.params);
+
+    if (method && msg.id != null) {
+      this.handleServerRequest(method, msg.id as number, params ?? undefined);
+      return;
+    }
+
+    if (method) {
+      log.debug({ method, paramsPreview: JSON.stringify(params ?? {}).slice(0, 300) }, 'notification');
+    }
+
+    switch (method) {
+      case 'item/agentMessage/delta': {
+        const deltaText = (params?.text ?? params?.delta ?? params?.content ?? '') as string;
+        if (deltaText && this.handler) {
+          this.handler({
+            type: 'text.delta',
+            sessionId: this.threadId,
+            content: deltaText,
+          });
+        } else if (!deltaText) {
+          log.debug({ paramsKeys: Object.keys(params ?? {}) }, 'agentMessage/delta with empty text');
+        }
+        break;
+      }
+
+      case 'item/commandExecution/outputDelta':
+        if (params?.output && this.handler) {
+          this.handler({
+            type: 'tool.result',
+            sessionId: this.threadId,
+            toolCallId: (params.itemId as string) ?? '',
+            output: String(params.output),
+          });
+        }
+        break;
+
+      case 'item/started': {
+        const item = asRecord(params?.item);
+        const callId = readItemId(item);
+        const toolContext = item ? extractToolContext(item) : null;
+        if (callId && toolContext) {
+          this.toolContextByCallId.set(callId, toolContext);
+          if (this.handler) {
+            this.handler({
+              type: 'tool.call',
+              sessionId: this.threadId,
+              toolName: toolContext.toolName,
+              input: toolContext.input,
+              toolCallId: callId,
+            });
+          }
+        }
+        break;
+      }
+
+      case 'item/completed': {
+        const item = asRecord(params?.item) ?? params;
+        const callId = readItemId(item);
+        if (callId) this.toolContextByCallId.delete(callId);
+        break;
+      }
+
+      case 'turn/aborted': {
+        this.turnStartInFlight = false;
+        this.interruptRequestedDuringTurnStart = false;
+        const reason = readString(params?.reason) ?? readString(asRecord(params?.turn)?.reason);
+        log.info({ threadId: this.threadId, reason }, 'turn interrupted');
+        audit.emit('session.interrupted', {
+          agent: 'codex',
+          sessionId: this.threadId,
+          ...(reason ? { reason } : {}),
+        });
+        if (this.handler) {
+          this.handler({
+            type: 'session.interrupted',
+            sessionId: this.threadId,
+          });
+        }
+        break;
+      }
+
+      case 'turn/completed': {
+        this.turnStartInFlight = false;
+        this.interruptRequestedDuringTurnStart = false;
+        const turn = asRecord(params?.turn);
+        const turnStatus = normalizeTurnStatus(turn?.status);
+        const rawUsage = asRecord(params?.usage);
+        const usage = rawUsage
+          ? {
+              inputTokens: Number(rawUsage.input_tokens ?? rawUsage.inputTokens ?? 0),
+              outputTokens: Number(rawUsage.output_tokens ?? rawUsage.outputTokens ?? 0),
+            }
+          : undefined;
+        if (turnStatus && INTERRUPTED_TURN_STATUSES.has(turnStatus)) {
+          log.info({ threadId: this.threadId, status: turnStatus }, 'turn interrupted');
+          audit.emit('session.interrupted', {
+            agent: 'codex',
+            sessionId: this.threadId,
+            status: turnStatus,
+            ...(usage ? { usage } : {}),
+          });
+          if (this.handler) {
+            this.handler({
+              type: 'session.interrupted',
+              sessionId: this.threadId,
+            });
+          }
+          break;
+        }
+
+        log.info({ threadId: this.threadId, status: turnStatus ?? 'completed' }, 'turn completed');
+        audit.emit('session.done', { agent: 'codex', sessionId: this.threadId, usage });
+        if (this.handler) {
+          this.handler({
+            type: 'session.done',
+            sessionId: this.threadId,
+            usage,
+          });
+        }
+        break;
+      }
+
+      default:
+        if (method) {
+          log.debug({ method }, 'unhandled notification');
+        }
+        break;
+    }
+  }
+}