oh-my-codex 0.16.0 → 0.16.1

package/Cargo.lock

@@ -32,14 +32,14 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "omx-explore-harness"
-version = "0.16.0"
+version = "0.16.1"
 dependencies = [
  "libc",
 ]
 
 [[package]]
 name = "omx-mux"
-version = "0.16.0"
+version = "0.16.1"
 dependencies = [
  "serde",
  "serde_json",
@@ -47,7 +47,7 @@ dependencies = [
 
 [[package]]
 name = "omx-runtime"
-version = "0.16.0"
+version = "0.16.1"
 dependencies = [
  "omx-mux",
  "omx-runtime-core",
@@ -56,7 +56,7 @@ dependencies = [
 
 [[package]]
 name = "omx-runtime-core"
-version = "0.16.0"
+version = "0.16.1"
 dependencies = [
  "fs2",
  "serde",
@@ -65,7 +65,7 @@ dependencies = [
 
 [[package]]
 name = "omx-sparkshell"
-version = "0.16.0"
+version = "0.16.1"
 dependencies = [
  "omx-mux",
 ]

package/Cargo.toml

@@ -10,7 +10,7 @@ resolver = "2"
 
 [workspace.package]
 
-version = "0.16.0"
+version = "0.16.1"
 
 edition = "2021"
 rust-version = "1.73"

package/crates/omx-explore/src/main.rs

@@ -6,22 +6,35 @@ use std::fs::{
 use std::io::{self, BufRead, BufReader, Read};
 use std::path::{Path, PathBuf};
 use std::process::{Child, Command, Output, Stdio};
-use std::sync::mpsc::{self, Receiver, RecvTimeoutError};
+use std::sync::mpsc::{self, Receiver, RecvTimeoutError, TryRecvError};
 use std::thread;
 use std::time::{Duration, Instant, SystemTime, UNIX_EPOCH};
 
 const CODEX_BIN_ENV: &str = "OMX_EXPLORE_CODEX_BIN";
 const HARNESS_ROOT_ENV: &str = "OMX_EXPLORE_ROOT";
 const CODEX_TIMEOUT_MS_ENV: &str = "OMX_EXPLORE_CODEX_TIMEOUT_MS";
+const PROCESS_LIMIT_ENV: &str = "OMX_EXPLORE_PROCESS_LIMIT";
+const CODEX_OUTPUT_LIMIT_BYTES_ENV: &str = "OMX_EXPLORE_CODEX_OUTPUT_LIMIT_BYTES";
 const INTERNAL_DIRECT_WRAPPER_FLAG: &str = "--internal-allowlist-direct";
 const INTERNAL_SHELL_WRAPPER_FLAG: &str = "--internal-allowlist-shell";
 const TEMP_ALLOWLIST_DIR_PREFIX: &str = "omx-explore-allowlist-";
 const DEFAULT_CODEX_TIMEOUT_MS: u64 = 180_000;
+const DEFAULT_PROCESS_LIMIT: usize = 96;
+const DEFAULT_CODEX_OUTPUT_LIMIT_BYTES: usize = 8 * 1024 * 1024;
+const PROCESS_LIMIT_POLL_MS: u64 = 100;
 const PROCESS_TERMINATION_GRACE_MS: u64 = 500;
 const PIPE_READER_READY_GRACE_MS: u64 = 25;
 const PIPE_READER_JOIN_GRACE_MS: u64 = 500;
-const EXPLORE_SUBPROCESS_ENV_VARS_TO_SCRUB: &[&str] =
-    &["BASH_ENV", "ENV", "PROMPT_COMMAND", "NODE_OPTIONS"];
+const EXPLORE_SUBPROCESS_ENV_VARS_TO_SCRUB: &[&str] = &[
+    "BASH_ENV",
+    "ENV",
+    "PROMPT_COMMAND",
+    "NODE_OPTIONS",
+    "SHELLOPTS",
+    "BASHOPTS",
+    "GREP_OPTIONS",
+    "GREP_COLORS",
+];
 const WINDOWS_UNSUPPORTED_ALLOWLIST_MESSAGE: &str =
     "omx explore built-in harness is not ready on Windows because its allowlist runtime relies on POSIX sh/bash wrappers. Set OMX_EXPLORE_BIN to a compatible custom harness, prefer `omx sparkshell` for shell-native read-only lookups, or run `omx doctor` for readiness details.";
 
@@ -334,13 +347,59 @@ fn invoke_codex(args: &Args, model: &str, prompt_contract: &str) -> io::Result<A
             ),
             output_markdown: None,
         }),
+        TimedCommandOutput::ProcessLimitExceeded {
+            stderr,
+            process_count,
+            process_limit,
+        } => Ok(AttemptResult {
+            status_code: 125,
+            stderr: format!(
+                "[omx explore] codex exec exceeded per-run process limit ({process_count}>{process_limit}); terminated process tree to avoid runaway shell storms{}{}",
+                if stderr.trim().is_empty() {
+                    ""
+                } else {
+                    ". stderr before termination: "
+                },
+                stderr.trim()
+            ),
+            output_markdown: None,
+        }),
+        TimedCommandOutput::OutputLimitExceeded {
+            stderr,
+            output_limit,
+            stream,
+        } => Ok(AttemptResult {
+            status_code: 126,
+            stderr: format!(
+                "[omx explore] codex exec exceeded subprocess {stream} output limit ({output_limit} bytes); terminated process tree to avoid unbounded memory growth{}{}",
+                if stderr.trim().is_empty() {
+                    ""
+                } else {
+                    ". stderr before termination: "
+                },
+                stderr.trim()
+            ),
+            output_markdown: None,
+        }),
     }
 }
 
 #[derive(Debug)]
 enum TimedCommandOutput {
     Completed(Output),
-    TimedOut { stderr: String },
+    TimedOut {
+        stderr: String,
+    },
+    ProcessLimitExceeded {
+        stderr: String,
+        process_count: usize,
+        process_limit: usize,
+    },
+    OutputLimitExceeded {
+        stderr: String,
+        output_limit: usize,
+        stream: &'static str,
+    },
 }
 
 fn codex_timeout() -> Duration {
@@ -352,6 +411,22 @@ fn codex_timeout() -> Duration {
     Duration::from_millis(timeout_ms)
 }
 
+fn codex_output_limit_bytes() -> usize {
+    env::var(CODEX_OUTPUT_LIMIT_BYTES_ENV)
+        .ok()
+        .and_then(|value| value.trim().parse::<usize>().ok())
+        .filter(|value| *value > 0)
+        .unwrap_or(DEFAULT_CODEX_OUTPUT_LIMIT_BYTES)
+}
+
+fn process_limit() -> usize {
+    env::var(PROCESS_LIMIT_ENV)
+        .ok()
+        .and_then(|value| value.trim().parse::<usize>().ok())
+        .filter(|value| *value > 0)
+        .unwrap_or(DEFAULT_PROCESS_LIMIT)
+}
+
 fn run_command_with_timeout(
     mut command: Command,
     timeout: Duration,
@@ -360,19 +435,37 @@ fn run_command_with_timeout(
     configure_process_group(&mut command);
     let mut child = command.spawn()?;
 
-    let stdout_reader = spawn_pipe_reader(child.stdout.take());
-    let stderr_reader = spawn_pipe_reader(child.stderr.take());
+    let output_limit = codex_output_limit_bytes();
+    let mut stdout_reader = spawn_pipe_reader("stdout", child.stdout.take(), output_limit);
+    let mut stderr_reader = spawn_pipe_reader("stderr", child.stderr.take(), output_limit);
 
     let deadline = Instant::now() + timeout;
+    let process_limit = process_limit();
+    let mut next_process_limit_poll = Instant::now() + Duration::from_millis(PROCESS_LIMIT_POLL_MS);
     loop {
         if let Some(status) = child.try_wait()? {
-            let (stdout, stderr) = collect_completed_output(
+            // The wrapper may exit while grandchildren keep the process group
+            // alive. Sweep it before collecting pipes so completed harness
+            // runs cannot leave detached shells behind.
+            terminate_child_process_tree(&mut child);
+            let output = collect_completed_output(
                 &mut child,
-                &stdout_reader,
-                &stderr_reader,
+                &mut stdout_reader,
+                &mut stderr_reader,
                 Duration::from_millis(PIPE_READER_READY_GRACE_MS),
                 Duration::from_millis(PIPE_READER_JOIN_GRACE_MS),
-            )?;
+            );
+            let (stdout, stderr) = match output {
+                Ok(output) => output,
+                Err(err) if is_output_limit_error(&err) => {
+                    return Ok(TimedCommandOutput::OutputLimitExceeded {
+                        stderr: String::new(),
+                        output_limit,
+                        stream: output_limit_stream(&err),
+                    });
+                }
+                Err(err) => return Err(err),
+            };
             return Ok(TimedCommandOutput::Completed(Output {
                 status,
                 stdout,
@@ -384,37 +477,192 @@ fn run_command_with_timeout(
             terminate_child_process_tree(&mut child);
             let _ = child.wait();
             let reader_timeout = Duration::from_millis(PIPE_READER_JOIN_GRACE_MS);
-            let _ = receive_pipe_reader(&stdout_reader, reader_timeout);
-            let stderr = receive_pipe_reader(&stderr_reader, reader_timeout).unwrap_or_default();
+            let _ = receive_pipe_reader(&mut stdout_reader, reader_timeout);
+            let stderr =
+                receive_pipe_reader(&mut stderr_reader, reader_timeout).unwrap_or_default();
             return Ok(TimedCommandOutput::TimedOut {
                 stderr: String::from_utf8_lossy(&stderr).into_owned(),
             });
         }
 
+        if Instant::now() >= next_process_limit_poll {
+            next_process_limit_poll = Instant::now() + Duration::from_millis(PROCESS_LIMIT_POLL_MS);
+            if let Some(process_count) = count_process_tree(child.id()) {
+                if process_count > process_limit {
+                    terminate_child_process_tree(&mut child);
+                    let _ = child.wait();
+                    let reader_timeout = Duration::from_millis(PIPE_READER_JOIN_GRACE_MS);
+                    let _ = receive_pipe_reader(&mut stdout_reader, reader_timeout);
+                    let stderr =
+                        receive_pipe_reader(&mut stderr_reader, reader_timeout).unwrap_or_default();
+                    return Ok(TimedCommandOutput::ProcessLimitExceeded {
+                        stderr: String::from_utf8_lossy(&stderr).into_owned(),
+                        process_count,
+                        process_limit,
+                    });
+                }
+            }
+        }
+
+        if let Some(stream) = poll_output_limit(&mut stdout_reader, &mut stderr_reader)? {
+            terminate_child_process_tree(&mut child);
+            let _ = child.wait();
+            let reader_timeout = Duration::from_millis(PIPE_READER_JOIN_GRACE_MS);
+            let stderr = if stream == "stderr" {
+                Vec::new()
+            } else {
+                receive_pipe_reader(&mut stderr_reader, reader_timeout).unwrap_or_default()
+            };
+            return Ok(TimedCommandOutput::OutputLimitExceeded {
+                stderr: String::from_utf8_lossy(&stderr).into_owned(),
+                output_limit,
+                stream,
+            });
+        }
+
         thread::sleep(Duration::from_millis(25));
     }
 }
 
-fn spawn_pipe_reader<R: Read + Send + 'static>(pipe: Option<R>) -> Receiver<io::Result<Vec<u8>>> {
+#[cfg(target_os = "linux")]
+fn count_process_tree(root_pid: u32) -> Option<usize> {
+    use std::collections::HashMap;
+    let entries = std::fs::read_dir("/proc").ok()?;
+    let mut children: HashMap<u32, Vec<u32>> = HashMap::new();
+    for entry in entries.flatten() {
+        let name = entry.file_name();
+        let Some(name) = name.to_str() else {
+            continue;
+        };
+        let Ok(pid) = name.parse::<u32>() else {
+            continue;
+        };
+        let Ok(stat) = std::fs::read_to_string(format!("/proc/{pid}/stat")) else {
+            continue;
+        };
+        let Some(close_paren) = stat.rfind(')') else {
+            continue;
+        };
+        let fields: Vec<&str> = stat[close_paren + 2..].split(' ').collect();
+        let Some(ppid) = fields.get(1).and_then(|field| field.parse::<u32>().ok()) else {
+            continue;
+        };
+        children.entry(ppid).or_default().push(pid);
+    }
+    let mut count = 1;
+    let mut stack = children.remove(&root_pid).unwrap_or_default();
+    while let Some(pid) = stack.pop() {
+        count += 1;
+        if let Some(mut nested) = children.remove(&pid) {
+            stack.append(&mut nested);
+        }
+    }
+    Some(count)
+}
+
+#[cfg(not(target_os = "linux"))]
+fn count_process_tree(_root_pid: u32) -> Option<usize> {
+    None
+}
+
+struct PipeReader {
+    receiver: Receiver<io::Result<Vec<u8>>>,
+    cached: Option<io::Result<Vec<u8>>>,
+}
+
+fn spawn_pipe_reader<R: Read + Send + 'static>(
+    stream: &'static str,
+    pipe: Option<R>,
+    output_limit: usize,
+) -> PipeReader {
     let (sender, receiver) = mpsc::channel();
     thread::spawn(move || {
-        let _ = sender.send(read_pipe_to_end(pipe));
+        let _ = sender.send(read_pipe_bounded(pipe, stream, output_limit));
     });
-    receiver
+    PipeReader {
+        receiver,
+        cached: None,
+    }
 }
 
-fn read_pipe_to_end<R: Read + Send + 'static>(pipe: Option<R>) -> io::Result<Vec<u8>> {
+fn read_pipe_bounded<R: Read + Send + 'static>(
+    pipe: Option<R>,
+    stream: &'static str,
+    output_limit: usize,
+) -> io::Result<Vec<u8>> {
     let mut bytes = Vec::new();
-    if let Some(mut pipe) = pipe {
-        pipe.read_to_end(&mut bytes)?;
+    let Some(pipe) = pipe else {
+        return Ok(bytes);
+    };
+    let mut reader = BufReader::new(pipe);
+    let mut chunk = [0_u8; 8192];
+    loop {
+        let read = reader.read(&mut chunk)?;
+        if read == 0 {
+            return Ok(bytes);
+        }
+        if bytes.len().saturating_add(read) > output_limit {
+            return Err(output_limit_error(stream, output_limit));
+        }
+        bytes.extend_from_slice(&chunk[..read]);
+    }
+}
+
+fn output_limit_error(stream: &'static str, output_limit: usize) -> io::Error {
+    io::Error::new(
+        io::ErrorKind::Other,
+        format!("subprocess {stream} exceeded output limit of {output_limit} bytes"),
+    )
+}
+
+fn is_output_limit_error(err: &io::Error) -> bool {
+    err.to_string().contains("exceeded output limit")
+}
+
+fn output_limit_stream(err: &io::Error) -> &'static str {
+    if err.to_string().contains("stderr") {
+        "stderr"
+    } else {
+        "stdout"
+    }
+}
+
+fn poll_output_limit(
+    stdout_reader: &mut PipeReader,
+    stderr_reader: &mut PipeReader,
+) -> io::Result<Option<&'static str>> {
+    if let Some(stream) = poll_one_output_limit("stdout", stdout_reader)? {
+        return Ok(Some(stream));
+    }
+    poll_one_output_limit("stderr", stderr_reader)
+}
+
+fn poll_one_output_limit(
+    stream: &'static str,
+    reader: &mut PipeReader,
+) -> io::Result<Option<&'static str>> {
+    if reader.cached.is_some() {
+        return Ok(None);
+    }
+    match reader.receiver.try_recv() {
+        Ok(Ok(bytes)) => {
+            reader.cached = Some(Ok(bytes));
+            Ok(None)
+        }
+        Ok(Err(err)) if is_output_limit_error(&err) => Ok(Some(stream)),
+        Ok(Err(err)) => Err(err),
+        Err(TryRecvError::Empty) => Ok(None),
+        Err(TryRecvError::Disconnected) => Err(io::Error::new(
+            io::ErrorKind::Other,
+            "subprocess output reader disconnected",
+        )),
     }
-    Ok(bytes)
 }
 
 fn collect_completed_output(
     child: &mut Child,
-    stdout_reader: &Receiver<io::Result<Vec<u8>>>,
-    stderr_reader: &Receiver<io::Result<Vec<u8>>>,
+    stdout_reader: &mut PipeReader,
+    stderr_reader: &mut PipeReader,
     ready_timeout: Duration,
     cleanup_timeout: Duration,
 ) -> io::Result<(Vec<u8>, Vec<u8>)> {
@@ -438,21 +686,21 @@ fn collect_completed_output(
 }
 
 fn receive_pipe_reader_if_ready(
-    receiver: &Receiver<io::Result<Vec<u8>>>,
+    reader: &mut PipeReader,
     timeout: Duration,
 ) -> io::Result<Option<Vec<u8>>> {
-    match receive_pipe_reader(receiver, timeout) {
+    match receive_pipe_reader(reader, timeout) {
         Ok(bytes) => Ok(Some(bytes)),
         Err(err) if err.kind() == io::ErrorKind::TimedOut => Ok(None),
         Err(err) => Err(err),
     }
 }
 
-fn receive_pipe_reader(
-    receiver: &Receiver<io::Result<Vec<u8>>>,
-    timeout: Duration,
-) -> io::Result<Vec<u8>> {
-    match receiver.recv_timeout(timeout) {
+fn receive_pipe_reader(reader: &mut PipeReader, timeout: Duration) -> io::Result<Vec<u8>> {
+    if let Some(result) = reader.cached.take() {
+        return result;
+    }
+    match reader.receiver.recv_timeout(timeout) {
         Ok(result) => result,
         Err(RecvTimeoutError::Timeout) => Err(io::Error::new(
             io::ErrorKind::TimedOut,
@@ -2476,6 +2724,126 @@ sleep 30
         assert_eq!(read_to_string(&term_file).unwrap_or_default(), "term");
     }
 
+    #[cfg(target_os = "linux")]
+    #[test]
+    fn run_command_with_timeout_aborts_suspicious_process_storm() {
+        let _env_guard = env_lock();
+        let _process_guard = process_tree_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let script = root.path.join("storm.sh");
+        write_executable(
+            &script,
+            r#"#!/bin/sh
+while :; do
+  sleep 30 &
+  sleep 0.01
+done
+"#,
+        )
+        .expect("write script");
+
+        unsafe {
+            env::set_var(PROCESS_LIMIT_ENV, "12");
+        }
+        let started = Instant::now();
+        let result = run_command_with_timeout(Command::new(&script), Duration::from_secs(10))
+            .expect("run with process storm");
+        unsafe {
+            env::remove_var(PROCESS_LIMIT_ENV);
+        }
+
+        let TimedCommandOutput::ProcessLimitExceeded {
+            process_count,
+            process_limit,
+            ..
+        } = result
+        else {
+            panic!("expected process limit failure");
+        };
+        assert!(process_count > process_limit);
+        assert!(started.elapsed() < Duration::from_secs(5));
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn run_command_with_timeout_fails_closed_on_large_stdout() {
+        let _env_guard = env_lock();
+        let _process_guard = process_tree_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let script = root.path.join("large-stdout.sh");
+        write_executable(
+            &script,
+            r#"#!/bin/sh
+while :; do
+  printf 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
+done
+"#,
+        )
+        .expect("write script");
+
+        unsafe {
+            env::set_var(CODEX_OUTPUT_LIMIT_BYTES_ENV, "4096");
+        }
+        let started = Instant::now();
+        let result = run_command_with_timeout(Command::new(&script), Duration::from_secs(10))
+            .expect("run with large stdout");
+        unsafe {
+            env::remove_var(CODEX_OUTPUT_LIMIT_BYTES_ENV);
+        }
+
+        let TimedCommandOutput::OutputLimitExceeded {
+            stream,
+            output_limit,
+            ..
+        } = result
+        else {
+            panic!("expected stdout output limit failure");
+        };
+        assert_eq!(stream, "stdout");
+        assert_eq!(output_limit, 4096);
+        assert!(started.elapsed() < Duration::from_secs(3));
+    }
+
+    #[cfg(unix)]
+    #[test]
+    fn run_command_with_timeout_fails_closed_on_large_stderr() {
+        let _env_guard = env_lock();
+        let _process_guard = process_tree_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let script = root.path.join("large-stderr.sh");
+        write_executable(
+            &script,
+            r#"#!/bin/sh
+while :; do
+  printf 'eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee' >&2
+done
+"#,
+        )
+        .expect("write script");
+
+        unsafe {
+            env::set_var(CODEX_OUTPUT_LIMIT_BYTES_ENV, "4096");
+        }
+        let started = Instant::now();
+        let result = run_command_with_timeout(Command::new(&script), Duration::from_secs(10))
+            .expect("run with large stderr");
+        unsafe {
+            env::remove_var(CODEX_OUTPUT_LIMIT_BYTES_ENV);
+        }
+
+        let TimedCommandOutput::OutputLimitExceeded {
+            stream,
+            output_limit,
+            ..
+        } = result
+        else {
+            panic!("expected stderr output limit failure");
+        };
+        assert_eq!(stream, "stderr");
+        assert_eq!(output_limit, 4096);
+        assert!(started.elapsed() < Duration::from_secs(3));
+    }
+
     #[cfg(unix)]
     #[test]
     fn run_command_with_timeout_closes_inherited_stdio_after_parent_exit() {
@@ -2510,6 +2878,44 @@ exit 0
         assert_eq!(String::from_utf8_lossy(&output.stderr), "parent stderr\n");
     }
 
+    #[cfg(unix)]
+    #[test]
+    fn run_command_with_timeout_sweeps_detached_grandchildren_after_parent_exit() {
+        let _env_guard = env_lock();
+        let _process_guard = process_tree_lock();
+        let root = temp_allowlist_dir().expect("temp root");
+        let term_file = root.path.join("orphan.term");
+        let ready_file = root.path.join("orphan.ready");
+        let script = root.path.join("spawn-detached-grandchild.sh");
+        write_executable(
+            &script,
+            &format!(
+                r#"#!/bin/sh
+(trap 'printf term > {}; exit 0' TERM; printf ready > {}; sleep 30) >/dev/null 2>&1 &
+while [ ! -f {} ]; do
+  sleep 0.01
+done
+printf 'parent done\n'
+exit 0
+"#,
+                shell_quote(&term_file.display().to_string()),
+                shell_quote(&ready_file.display().to_string()),
+                shell_quote(&ready_file.display().to_string()),
+            ),
+        )
+        .expect("write script");
+
+        let result = run_command_with_timeout(Command::new(&script), Duration::from_secs(10))
+            .expect("run with detached grandchild");
+
+        let TimedCommandOutput::Completed(output) = result else {
+            panic!("expected parent completion");
+        };
+        assert!(output.status.success());
+        assert_eq!(String::from_utf8_lossy(&output.stdout), "parent done\n");
+        assert_eq!(read_to_string(&term_file).unwrap_or_default(), "term");
+    }
+
     fn fallback_test_event() -> FallbackEvent {
         FallbackEvent {
             from_model: "spark-model".to_string(),

package/dist/agents/__tests__/native-config.test.js

@@ -88,6 +88,31 @@ describe("agents/native-config", () => {
         const tripleQuoteBlocks = toml.match(/"""/g) || [];
         assert.equal(tripleQuoteBlocks.length, 2, "only TOML delimiters should remain as raw triple quotes");
     });
+    it("applies per-agent reasoning overrides when generating native TOML", async () => {
+        const codexHome = await mkdtemp(join(tmpdir(), "omx-native-config-reasoning-"));
+        try {
+            await writeFile(join(codexHome, ".omx-config.json"), JSON.stringify({
+                agentReasoning: {
+                    architect: "xhigh",
+                },
+            }));
+            const agent = {
+                name: "architect",
+                description: "System design",
+                reasoningEffort: "high",
+                posture: "frontier-orchestrator",
+                modelClass: "frontier",
+                routingRole: "leader",
+                tools: "read-only",
+                category: "build",
+            };
+            const toml = generateAgentToml(agent, "Architect prompt", { codexHomeOverride: codexHome });
+            assert.match(toml, /model_reasoning_effort = "xhigh"/);
+        }
+        finally {
+            await rm(codexHome, { recursive: true, force: true });
+        }
+    });
     it("applies exact-model mini guidance only for resolved gpt-5.4-mini standard roles", () => {
         const agent = {
             name: "debugger",
@@ -145,6 +170,31 @@ describe("agents/native-config", () => {
             await rm(root, { recursive: true, force: true });
         }
     });
+    it("installs native agent TOML with configured per-agent reasoning overrides", async () => {
+        const root = await mkdtemp(join(tmpdir(), "omx-native-config-install-reasoning-"));
+        const codexHome = join(root, ".codex");
+        const promptsDir = join(root, "prompts");
+        const outDir = join(codexHome, "agents");
+        try {
+            await mkdir(promptsDir, { recursive: true });
+            await mkdir(codexHome, { recursive: true });
+            await writeFile(join(codexHome, ".omx-config.json"), JSON.stringify({
+                agentReasoning: {
+                    architect: "xhigh",
+                },
+            }));
+            await writeFile(join(promptsDir, "architect.md"), "architect prompt");
+            await installNativeAgentConfigs(root, {
+                agentsDir: outDir,
+                catalogManifest: manifestWithAgents(["architect"]),
+            });
+            const architectToml = await readFile(join(outDir, "architect.toml"), "utf8");
+            assert.match(architectToml, /model_reasoning_effort = "xhigh"/);
+        }
+        finally {
+            await rm(root, { recursive: true, force: true });
+        }
+    });
     it("preserves active provider on native agents so websocket-capable Responses providers are inherited", async () => {
         const root = await mkdtemp(join(tmpdir(), "omx-native-config-provider-"));
         const codexHome = join(root, ".codex");