oh-my-codex 0.15.3 → 0.16.0

package/Cargo.lock

@@ -20,9 +20,9 @@ checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2"
 
 [[package]]
 name = "libc"
-version = "0.2.183"
+version = "0.2.186"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d"
+checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66"
 
 [[package]]
 name = "memchr"
@@ -32,11 +32,14 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "omx-explore-harness"
-version = "0.15.3"
+version = "0.16.0"
+dependencies = [
+ "libc",
+]
 
 [[package]]
 name = "omx-mux"
-version = "0.15.3"
+version = "0.16.0"
 dependencies = [
  "serde",
  "serde_json",
@@ -44,7 +47,7 @@ dependencies = [
 
 [[package]]
 name = "omx-runtime"
-version = "0.15.3"
+version = "0.16.0"
 dependencies = [
  "omx-mux",
  "omx-runtime-core",
@@ -53,7 +56,7 @@ dependencies = [
 
 [[package]]
 name = "omx-runtime-core"
-version = "0.15.3"
+version = "0.16.0"
 dependencies = [
  "fs2",
  "serde",
@@ -62,7 +65,7 @@ dependencies = [
 
 [[package]]
 name = "omx-sparkshell"
-version = "0.15.3"
+version = "0.16.0"
 dependencies = [
  "omx-mux",
 ]

package/Cargo.toml

@@ -10,7 +10,7 @@ resolver = "2"
 
 [workspace.package]
 
-version = "0.15.3"
+version = "0.16.0"
 
 edition = "2021"
 rust-version = "1.73"

package/README.md

@@ -74,6 +74,7 @@ $deep-interview "clarify the authentication change"
 $ralplan "approve the auth plan and review tradeoffs"
 $ralph "carry the approved plan to completion"
 $team 3:executor "execute the approved plan in parallel"
+$ultragoal "turn this launch into durable Codex goals"
 ```
 
 That is the main path.
@@ -84,6 +85,7 @@ Start OMX strongly, clarify first when needed, approve the plan, then choose `$t
 
 Use OMX if you already like Codex and want a better day-to-day runtime around it:
 - a standard workflow built around `$deep-interview`, `$ralplan`, `$team`, and `$ralph`
+- durable multi-goal handoffs with `$ultragoal` and `.omx/ultragoal` artifacts when a launch needs sequential Codex goals
 - specialist roles and supporting skills when the task needs them
 - project guidance through scoped `AGENTS.md`
 - durable state under `.omx/` for plans, logs, memory, and mode tracking
@@ -323,6 +325,7 @@ If this happens, try:
 - [Agent catalog](./docs/agents.html)
 - [Skills reference](./docs/skills.html)
 - [Codex native hook mapping](./docs/codex-native-hooks.md)
+- [GitHub / PR / package identity pipeline](./docs/pipeline/github-pr-package-identity.md)
 - [Integrations](./docs/integrations.html)
 - [Troubleshooting execution readiness](./docs/troubleshooting.md)
 - [OpenClaw / notification gateway guide](./docs/openclaw-integration.md)

package/crates/omx-explore/Cargo.toml

@@ -9,3 +9,6 @@ repository.workspace = true
 [[bin]]
 name = "omx-explore-harness"
 path = "src/main.rs"
+
+[dependencies]
+libc = "0.2"

package/crates/omx-explore/src/main.rs

@@ -3,17 +3,25 @@ use std::ffi::OsString;
 use std::fs::{
     canonicalize, create_dir_all, read_to_string, remove_dir_all, remove_file, write, File,
 };
-use std::io::{self, BufRead, BufReader};
+use std::io::{self, BufRead, BufReader, Read};
 use std::path::{Path, PathBuf};
-use std::process::Command;
-use std::time::{SystemTime, UNIX_EPOCH};
+use std::process::{Child, Command, Output, Stdio};
+use std::sync::mpsc::{self, Receiver, RecvTimeoutError};
+use std::thread;
+use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH};
 
 const CODEX_BIN_ENV: &str = "OMX_EXPLORE_CODEX_BIN";
 const HARNESS_ROOT_ENV: &str = "OMX_EXPLORE_ROOT";
+const CODEX_TIMEOUT_MS_ENV: &str = "OMX_EXPLORE_CODEX_TIMEOUT_MS";
 const INTERNAL_DIRECT_WRAPPER_FLAG: &str = "--internal-allowlist-direct";
 const INTERNAL_SHELL_WRAPPER_FLAG: &str = "--internal-allowlist-shell";
 const TEMP_ALLOWLIST_DIR_PREFIX: &str = "omx-explore-allowlist-";
-const SHELL_STARTUP_ENV_VARS: &[&str] = &["BASH_ENV", "ENV", "PROMPT_COMMAND"];
+const DEFAULT_CODEX_TIMEOUT_MS: u64 = 180_000;
+const PROCESS_TERMINATION_GRACE_MS: u64 = 500;
+const PIPE_READER_READY_GRACE_MS: u64 = 25;
+const PIPE_READER_JOIN_GRACE_MS: u64 = 500;
+const EXPLORE_SUBPROCESS_ENV_VARS_TO_SCRUB: &[&str] =
+    &["BASH_ENV", "ENV", "PROMPT_COMMAND", "NODE_OPTIONS"];
 const WINDOWS_UNSUPPORTED_ALLOWLIST_MESSAGE: &str =
     "omx explore built-in harness is not ready on Windows because its allowlist runtime relies on POSIX sh/bash wrappers. Set OMX_EXPLORE_BIN to a compatible custom harness, prefer `omx sparkshell` for shell-native read-only lookups, or run `omx doctor` for readiness details.";
 
@@ -301,15 +309,187 @@ fn invoke_codex(args: &Args, model: &str, prompt_contract: &str) -> io::Result<A
         )
         .env("SHELL", &allowlist.shell_path);
     sanitize_explore_subprocess_env(&mut command);
-    let output = command.output()?;
+    let timeout = codex_timeout();
+    let output = run_command_with_timeout(command, timeout)?;
 
     let markdown = read_to_string(&output_path).ok();
     let _ = remove_file(&output_path);
-    Ok(AttemptResult {
-        status_code: output.status.code().unwrap_or(1),
-        stderr: String::from_utf8_lossy(&output.stderr).into_owned(),
-        output_markdown: markdown,
-    })
+    match output {
+        TimedCommandOutput::Completed(output) => Ok(AttemptResult {
+            status_code: output.status.code().unwrap_or(1),
+            stderr: String::from_utf8_lossy(&output.stderr).into_owned(),
+            output_markdown: markdown,
+        }),
+        TimedCommandOutput::TimedOut { stderr } => Ok(AttemptResult {
+            status_code: 124,
+            stderr: format!(
+                "[omx explore] codex exec timed out after {}ms; terminated process tree{}{}",
+                timeout.as_millis(),
+                if stderr.trim().is_empty() {
+                    ""
+                } else {
+                    ". stderr before timeout: "
+                },
+                stderr.trim()
+            ),
+            output_markdown: None,
+        }),
+    }
+}
+
+#[derive(Debug)]
+enum TimedCommandOutput {
+    Completed(Output),
+    TimedOut { stderr: String },
+}
+
+fn codex_timeout() -> Duration {
+    let timeout_ms = env::var(CODEX_TIMEOUT_MS_ENV)
+        .ok()
+        .and_then(|value| value.trim().parse::<u64>().ok())
+        .filter(|value| *value > 0)
+        .unwrap_or(DEFAULT_CODEX_TIMEOUT_MS);
+    Duration::from_millis(timeout_ms)
+}
+
+fn run_command_with_timeout(
+    mut command: Command,
+    timeout: Duration,
+) -> io::Result<TimedCommandOutput> {
+    command.stdout(Stdio::piped()).stderr(Stdio::piped());
+    configure_process_group(&mut command);
+    let mut child = command.spawn()?;
+
+    let stdout_reader = spawn_pipe_reader(child.stdout.take());
+    let stderr_reader = spawn_pipe_reader(child.stderr.take());
+
+    let deadline = Instant::now() + timeout;
+    loop {
+        if let Some(status) = child.try_wait()? {
+            let (stdout, stderr) = collect_completed_output(
+                &mut child,
+                &stdout_reader,
+                &stderr_reader,
+                Duration::from_millis(PIPE_READER_READY_GRACE_MS),
+                Duration::from_millis(PIPE_READER_JOIN_GRACE_MS),
+            )?;
+            return Ok(TimedCommandOutput::Completed(Output {
+                status,
+                stdout,
+                stderr,
+            }));
+        }
+
+        if Instant::now() >= deadline {
+            terminate_child_process_tree(&mut child);
+            let _ = child.wait();
+            let reader_timeout = Duration::from_millis(PIPE_READER_JOIN_GRACE_MS);
+            let _ = receive_pipe_reader(&stdout_reader, reader_timeout);
+            let stderr = receive_pipe_reader(&stderr_reader, reader_timeout).unwrap_or_default();
+            return Ok(TimedCommandOutput::TimedOut {
+                stderr: String::from_utf8_lossy(&stderr).into_owned(),
+            });
+        }
+
+        thread::sleep(Duration::from_millis(25));
+    }
+}
+
+fn spawn_pipe_reader<R: Read + Send + 'static>(pipe: Option<R>) -> Receiver<io::Result<Vec<u8>>> {
+    let (sender, receiver) = mpsc::channel();
+    thread::spawn(move || {
+        let _ = sender.send(read_pipe_to_end(pipe));
+    });
+    receiver
+}
+
+fn read_pipe_to_end<R: Read + Send + 'static>(pipe: Option<R>) -> io::Result<Vec<u8>> {
+    let mut bytes = Vec::new();
+    if let Some(mut pipe) = pipe {
+        pipe.read_to_end(&mut bytes)?;
+    }
+    Ok(bytes)
+}
+
+fn collect_completed_output(
+    child: &mut Child,
+    stdout_reader: &Receiver<io::Result<Vec<u8>>>,
+    stderr_reader: &Receiver<io::Result<Vec<u8>>>,
+    ready_timeout: Duration,
+    cleanup_timeout: Duration,
+) -> io::Result<(Vec<u8>, Vec<u8>)> {
+    let stdout = receive_pipe_reader_if_ready(stdout_reader, ready_timeout)?;
+    let stderr = receive_pipe_reader_if_ready(stderr_reader, ready_timeout)?;
+
+    if stdout.is_none() || stderr.is_none() {
+        terminate_child_process_tree(child);
+    }
+
+    let stdout = match stdout {
+        Some(stdout) => stdout,
+        None => receive_pipe_reader(stdout_reader, cleanup_timeout)?,
+    };
+    let stderr = match stderr {
+        Some(stderr) => stderr,
+        None => receive_pipe_reader(stderr_reader, cleanup_timeout)?,
+    };
+
+    Ok((stdout, stderr))
+}
+
+fn receive_pipe_reader_if_ready(
+    receiver: &Receiver<io::Result<Vec<u8>>>,
+    timeout: Duration,
+) -> io::Result<Option<Vec<u8>>> {
+    match receive_pipe_reader(receiver, timeout) {
+        Ok(bytes) => Ok(Some(bytes)),
+        Err(err) if err.kind() == io::ErrorKind::TimedOut => Ok(None),
+        Err(err) => Err(err),
+    }
+}
+
+fn receive_pipe_reader(
+    receiver: &Receiver<io::Result<Vec<u8>>>,
+    timeout: Duration,
+) -> io::Result<Vec<u8>> {
+    match receiver.recv_timeout(timeout) {
+        Ok(result) => result,
+        Err(RecvTimeoutError::Timeout) => Err(io::Error::new(
+            io::ErrorKind::TimedOut,
+            "timed out waiting for subprocess output pipe to close",
+        )),
+        Err(RecvTimeoutError::Disconnected) => Err(io::Error::new(
+            io::ErrorKind::Other,
+            "subprocess output reader disconnected",
+        )),
+    }
+}
+
+#[cfg(unix)]
+fn configure_process_group(command: &mut Command) {
+    use std::os::unix::process::CommandExt;
+    command.process_group(0);
+}
+
+#[cfg(not(unix))]
+fn configure_process_group(_command: &mut Command) {}
+
+#[cfg(unix)]
+fn terminate_child_process_tree(child: &mut Child) {
+    let pgid = child.id() as libc::pid_t;
+    unsafe {
+        let _ = libc::kill(-pgid, libc::SIGTERM);
+    }
+    thread::sleep(Duration::from_millis(PROCESS_TERMINATION_GRACE_MS));
+    unsafe {
+        let _ = libc::kill(-pgid, libc::SIGKILL);
+    }
+    let _ = child.kill();
+}
+
+#[cfg(not(unix))]
+fn terminate_child_process_tree(child: &mut Child) {
+    let _ = child.kill();
 }
 
 fn escape_toml_string(value: &str) -> String {
@@ -759,11 +939,18 @@ fn shell_quote(value: &str) -> String {
 }
 
 fn sanitize_explore_subprocess_env(command: &mut Command) {
-    for key in SHELL_STARTUP_ENV_VARS {
+    for key in EXPLORE_SUBPROCESS_ENV_VARS_TO_SCRUB {
         command.env_remove(key);
     }
 }
 
+fn shell_supports_bash_startup_suppression(shell_path: &str) -> bool {
+    Path::new(shell_path)
+        .file_name()
+        .and_then(|name| name.to_str())
+        .is_some_and(|name| name == "bash")
+}
+
 fn run_internal_direct_wrapper<I>(mut args: I) -> Result<(), String>
 where
     I: Iterator<Item = OsString>,
@@ -796,17 +983,22 @@ where
     let forwarded: Vec<String> = args.map(|arg| arg.to_string_lossy().into_owned()).collect();
     let command = validate_shell_invocation(&forwarded)?;
 
-    let mut child = Command::new(&real_shell);
-    if real_shell.ends_with("bash") {
+    let status_code = execute_validated_shell(&real_shell, &command)?;
+    std::process::exit(status_code);
+}
+
+fn execute_validated_shell(real_shell: &str, command: &str) -> Result<i32, String> {
+    let mut child = Command::new(real_shell);
+    if shell_supports_bash_startup_suppression(real_shell) {
         child.arg("--noprofile").arg("--norc");
     }
     sanitize_explore_subprocess_env(&mut child);
     let status = child
-        .arg("-lc")
-        .arg(&command)
+        .arg("-c")
+        .arg(command)
         .status()
         .map_err(|err| format!("failed to execute validated shell command: {err}"))?;
-    std::process::exit(status.code().unwrap_or(1));
+    Ok(status.code().unwrap_or(1))
 }
 
 fn validate_shell_invocation(args: &[String]) -> Result<String, String> {
@@ -1088,6 +1280,13 @@ mod tests {
             .unwrap_or_else(|poisoned| poisoned.into_inner())
     }
 
+    fn process_tree_lock() -> std::sync::MutexGuard<'static, ()> {
+        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+        LOCK.get_or_init(|| Mutex::new(()))
+            .lock()
+            .unwrap_or_else(|poisoned| poisoned.into_inner())
+    }
+
     #[test]
     fn parse_args_requires_all_fields() {
         let result = parse_args(vec![OsString::from("--cwd")].into_iter());
@@ -1906,6 +2105,69 @@ printf '# Answer\nok\n' > "$output_path"
         );
     }
 
+    #[test]
+    fn invoke_codex_scrubs_node_options_before_node_shebang_launch() {
+        let _guard = env_lock();
+        if resolve_host_command("node").is_none() {
+            return;
+        }
+
+        let root = temp_allowlist_dir().expect("temp root");
+        let repo = root.path.join("repo");
+        create_dir_all(&repo).expect("create repo");
+        let prompt_file = root.path.join("prompt.md");
+        write(&prompt_file, "contract").expect("write prompt");
+        let capture_path = root.path.join("node-options.txt");
+        let fake_codex = root.path.join("codex-node-stub");
+        write(
+            &fake_codex,
+            format!(
+                r#"#!/usr/bin/env node
+const fs = require('fs');
+let outputPath = '';
+for (let index = 2; index < process.argv.length; index += 1) {{
+  if (process.argv[index] === '-o') {{
+    outputPath = process.argv[index + 1];
+    index += 1;
+  }}
+}}
+fs.writeFileSync({}, `NODE_OPTIONS=${{process.env.NODE_OPTIONS || ''}}\n`);
+fs.writeFileSync(outputPath, '# Answer\nok\n');
+"#,
+                shell_quote(&capture_path.display().to_string())
+            ),
+        )
+        .expect("write fake codex");
+
+        unsafe {
+            env::set_var(CODEX_BIN_ENV, &fake_codex);
+            env::set_var("NODE_OPTIONS", "--disable-warning=");
+        }
+        let attempt = invoke_codex(
+            &Args {
+                cwd: repo.clone(),
+                prompt: "find tests".to_string(),
+                prompt_file,
+                instructions_file: repo.join("AGENTS.md"),
+                spark_model: "spark-model".to_string(),
+                fallback_model: "fallback-model".to_string(),
+            },
+            "spark-model",
+            "contract",
+        )
+        .expect("invoke codex");
+        unsafe {
+            env::remove_var(CODEX_BIN_ENV);
+            env::remove_var("NODE_OPTIONS");
+        }
+
+        assert_eq!(attempt.status_code, 0);
+        assert_eq!(
+            read_to_string(&capture_path).expect("read capture"),
+            "NODE_OPTIONS=\n"
+        );
+    }
+
     #[test]
     fn invoke_codex_injects_model_instructions_file_override() {
         let _guard = env_lock();
@@ -2009,6 +2271,245 @@ printf '# Answer\nok\n' > "$output_path"
         assert_eq!(read_to_string(&bash_env_log).unwrap_or_default(), "");
     }
 
+    #[test]
+    fn execute_validated_shell_drops_login_flag_and_startup_env() {
+        let _guard = env_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let fake_shell = root.path.join("fake-sh");
+        let argv_log = root.path.join("argv.log");
+        let startup_log = root.path.join("startup.log");
+        let bash_env = root.path.join("bash-env.sh");
+        write(
+            &bash_env,
+            format!(
+                "grep -qsi '^COLOR.*none' /etc/GREP_COLORS || true\nprintf startup >> {}\n",
+                shell_quote(&startup_log.display().to_string())
+            ),
+        )
+        .expect("write fake startup hook");
+        write_executable(
+            &fake_shell,
+            &format!(
+                r#"#!/bin/sh
+printf '%s
+' "$@" > {}
+if [ "${{BASH_ENV:-}}" ]; then
+  . "$BASH_ENV"
+fi
+if [ "$1" = "-lc" ]; then
+  grep -qsi '^COLOR.*none' /etc/GREP_COLORS
+fi
+if [ "$1" = "-c" ]; then
+  shift
+  exec /bin/sh -c "$1"
+fi
+exit 64
+"#,
+                shell_quote(&argv_log.display().to_string())
+            ),
+        )
+        .expect("write fake shell");
+
+        unsafe {
+            env::set_var("BASH_ENV", &bash_env);
+            env::set_var("ENV", &bash_env);
+            env::set_var(
+                "PROMPT_COMMAND",
+                "grep -qsi '^COLOR.*none' /etc/GREP_COLORS",
+            );
+        }
+        let status = execute_validated_shell(
+            &fake_shell.display().to_string(),
+            "printf shell-ok >/dev/null",
+        )
+        .expect("execute fake shell");
+        unsafe {
+            env::remove_var("BASH_ENV");
+            env::remove_var("ENV");
+            env::remove_var("PROMPT_COMMAND");
+        }
+
+        assert_eq!(status, 0);
+        assert_eq!(
+            read_to_string(&argv_log).expect("read argv"),
+            "-c\nprintf shell-ok >/dev/null\n"
+        );
+        assert_eq!(read_to_string(&startup_log).unwrap_or_default(), "");
+    }
+
+    #[test]
+    fn sanitize_explore_subprocess_env_blocks_fedora_grep_colors_startup_hook() {
+        let _guard = env_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let repo = root.path.join("repo");
+        create_dir_all(&repo).expect("create repo");
+        let startup_log = root.path.join("startup.log");
+        let bash_env = root.path.join("bash-env.sh");
+        write(
+            &bash_env,
+            format!(
+                "grep -qsi '^COLOR.*none' /etc/GREP_COLORS || true\nprintf 'fedora-startup-ran\n' >> {}\n",
+                shell_quote(&startup_log.display().to_string())
+            ),
+        )
+        .expect("write bash env");
+        let allowlist = prepare_allowlist_environment().expect("allowlist environment");
+        let bash_path = resolve_host_command("bash").expect("host bash path");
+
+        unsafe {
+            env::set_var("BASH_ENV", &bash_env);
+            env::set_var("ENV", &bash_env);
+            env::set_var(
+                "PROMPT_COMMAND",
+                "grep -qsi '^COLOR.*none' /etc/GREP_COLORS",
+            );
+        }
+        let mut child = Command::new(bash_path);
+        child
+            .arg("--noprofile")
+            .arg("--norc")
+            .arg("-c")
+            .arg("true")
+            .env(HARNESS_ROOT_ENV, &repo)
+            .env(
+                "PATH",
+                build_codex_path(&allowlist.bin_dir, allowlist.sandbox_bin_dir.as_deref())
+                    .expect("restricted path"),
+            );
+        sanitize_explore_subprocess_env(&mut child);
+        let output = child.output().expect("run bash");
+        unsafe {
+            env::remove_var("BASH_ENV");
+            env::remove_var("ENV");
+            env::remove_var("PROMPT_COMMAND");
+        }
+
+        assert!(output.status.success());
+        assert_eq!(read_to_string(&startup_log).unwrap_or_default(), "");
+        assert!(
+            !String::from_utf8_lossy(&output.stderr).contains("/etc/GREP_COLORS"),
+            "stderr should not contain Fedora GREP_COLORS repo escape: {}",
+            String::from_utf8_lossy(&output.stderr)
+        );
+    }
+
+    #[test]
+    fn invoke_codex_times_out_and_returns_bounded_failure() {
+        let _guard = env_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let repo = root.path.join("repo");
+        create_dir_all(&repo).expect("create repo");
+        let prompt_file = root.path.join("prompt.md");
+        write(&prompt_file, "contract").expect("write prompt");
+        let fake_codex = root.path.join("codex-sleep");
+        write_executable(
+            &fake_codex,
+            r#"#!/bin/sh
+printf 'fake codex started
+' >&2
+/bin/sleep 5
+"#,
+        )
+        .expect("write fake codex");
+
+        unsafe {
+            env::set_var(CODEX_BIN_ENV, &fake_codex);
+            env::set_var(CODEX_TIMEOUT_MS_ENV, "100");
+        }
+        let started = Instant::now();
+        let attempt = invoke_codex(
+            &Args {
+                cwd: repo.clone(),
+                prompt: "find tests".to_string(),
+                prompt_file,
+                instructions_file: repo.join("AGENTS.md"),
+                spark_model: "spark-model".to_string(),
+                fallback_model: "fallback-model".to_string(),
+            },
+            "spark-model",
+            "contract",
+        )
+        .expect("invoke codex");
+        unsafe {
+            env::remove_var(CODEX_BIN_ENV);
+            env::remove_var(CODEX_TIMEOUT_MS_ENV);
+        }
+
+        assert_eq!(attempt.status_code, 124);
+        assert!(attempt.stderr.contains("timed out after 100ms"));
+        assert!(attempt.stderr.contains("terminated process tree"));
+        assert!(started.elapsed() < Duration::from_secs(3));
+        assert!(attempt.output_markdown.is_none());
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn run_command_with_timeout_kills_process_group_children() {
+        let _env_guard = env_lock();
+        let _process_guard = process_tree_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let term_file = root.path.join("grandchild.term");
+        let ready_file = root.path.join("grandchild.ready");
+        let script = root.path.join("spawn-grandchild.sh");
+        write_executable(
+            &script,
+            &format!(
+                r#"#!/bin/sh
+(trap 'printf term > {}; exit 0' TERM; printf ready > {}; sleep 30) &
+while [ ! -f {} ]; do
+  sleep 0.01
+done
+sleep 30
+"#,
+                shell_quote(&term_file.display().to_string()),
+                shell_quote(&ready_file.display().to_string()),
+                shell_quote(&ready_file.display().to_string()),
+            ),
+        )
+        .expect("write script");
+
+        let result = run_command_with_timeout(Command::new(&script), Duration::from_millis(500))
+            .expect("run with timeout");
+        let TimedCommandOutput::TimedOut { .. } = result else {
+            panic!("expected timeout");
+        };
+        assert_eq!(read_to_string(&term_file).unwrap_or_default(), "term");
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn run_command_with_timeout_closes_inherited_stdio_after_parent_exit() {
+        let _env_guard = env_lock();
+        let _process_guard = process_tree_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let script = root.path.join("inherited-stdio.sh");
+        write_executable(
+            &script,
+            r#"#!/bin/sh
+(sleep 30) &
+printf 'parent stdout\n'
+printf 'parent stderr\n' >&2
+exit 0
+"#,
+        )
+        .expect("write script");
+
+        let started = Instant::now();
+        let result = run_command_with_timeout(Command::new(&script), Duration::from_secs(10))
+            .expect("run with inherited stdio descendant");
+
+        let TimedCommandOutput::Completed(output) = result else {
+            panic!("expected parent completion");
+        };
+        assert!(
+            started.elapsed() < Duration::from_secs(3),
+            "reader cleanup should not wait for the descendant sleep"
+        );
+        assert!(output.status.success());
+        assert_eq!(String::from_utf8_lossy(&output.stdout), "parent stdout\n");
+        assert_eq!(String::from_utf8_lossy(&output.stderr), "parent stderr\n");
+    }
+
     fn fallback_test_event() -> FallbackEvent {
         FallbackEvent {
             from_model: "spark-model".to_string(),