openai · khai-oai · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025 · Oct 17, 2025
diff --git a/codex-rs/Cargo.lock b/codex-rs/Cargo.lock
diff --git a/codex-rs/Cargo.toml b/codex-rs/Cargo.toml
@@ -143,6 +143,7 @@ pulldown-cmark = "0.10"
 rand = "0.9"
 ratatui = "0.29.0"
 regex-lite = "0.1.7"
+regex = "1.11.1"
 reqwest = "0.12"
 rmcp = { version = "0.8.0", default-features = false }
 schemars = "0.8.22"

diff --git a/codex-rs/core/src/lib.rs b/codex-rs/core/src/lib.rs
@@ -84,6 +84,11 @@ mod tasks;
 mod user_notification;
 pub mod util;
 
+/// Shared jittered exponential backoff used across Codex retries.
+pub fn default_retry_backoff(attempt: u64) -> std::time::Duration {
+    util::backoff(attempt)
+}
+
 pub use apply_patch::CODEX_APPLY_PATCH_ARG1;
 pub use command_safety::is_safe_command;
 pub use safety::get_platform_sandbox;

diff --git a/codex-rs/core/src/tools/handlers/grep_files.rs b/codex-rs/core/src/tools/handlers/grep_files.rs
@@ -115,6 +115,7 @@ async fn run_rg_search(
     limit: usize,
     cwd: &Path,
 ) -> Result<Vec<String>, FunctionCallError> {
+    // First attempt: regex search
     let mut command = Command::new("rg");
     command
         .current_dir(cwd)
@@ -146,8 +147,49 @@ async fn run_rg_search(
         Some(1) => Ok(Vec::new()),
         _ => {
             let stderr = String::from_utf8_lossy(&output.stderr);
+            let stderr_trimmed = stderr.trim();
+            // Retry with fixed-strings if the regex failed to parse.
+            if stderr_trimmed.contains("regex parse error")
+                || stderr_trimmed.contains("error parsing regex")
+                || stderr_trimmed.contains("unclosed group")
+            {
+                let mut fixed = Command::new("rg");
+                fixed
+                    .current_dir(cwd)
+                    .arg("--files-with-matches")
+                    .arg("--sortr=modified")
+                    .arg("--fixed-strings")
+                    .arg(pattern)
+                    .arg("--no-messages");
+                if let Some(glob) = include {
+                    fixed.arg("--glob").arg(glob);
+                }
+                fixed.arg("--").arg(search_path);
+                let second = timeout(COMMAND_TIMEOUT, fixed.output())
+                    .await
+                    .map_err(|_| {
+                        FunctionCallError::RespondToModel(
+                            "rg timed out after 30 seconds".to_string(),
+                        )
+                    })?
+                    .map_err(|err| {
+                        FunctionCallError::RespondToModel(format!(
+                            "failed to launch rg: {err}. Ensure ripgrep is installed and on PATH."
+                        ))
+                    })?;
+                return match second.status.code() {
+                    Some(0) => Ok(parse_results(&second.stdout, limit)),
+                    Some(1) => Ok(Vec::new()),
+                    _ => {
+                        let second_stderr = String::from_utf8_lossy(&second.stderr);
+                        Err(FunctionCallError::RespondToModel(format!(
+                            "rg failed: {second_stderr}"
+                        )))
+                    }
+                };
+            }
             Err(FunctionCallError::RespondToModel(format!(
-                "rg failed: {stderr}"
+                "rg failed: {stderr_trimmed}"
             )))
         }
     }

diff --git a/codex-rs/tui/Cargo.toml b/codex-rs/tui/Cargo.toml
@@ -60,6 +60,7 @@ ratatui = { workspace = true, features = [
     "unstable-widget-ref",
 ] }
 regex-lite = { workspace = true }
+regex = { workspace = true }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true, features = ["preserve_order"] }
 shlex = { workspace = true }
@@ -71,6 +72,7 @@ textwrap = { workspace = true }
 tree-sitter-highlight = { workspace = true }
 tree-sitter-bash = { workspace = true }
 tokio = { workspace = true, features = [
+    "fs",
     "io-std",
     "macros",
     "process",
@@ -85,6 +87,9 @@ opentelemetry-appender-tracing = { workspace = true }
 unicode-segmentation = { workspace = true }
 unicode-width = { workspace = true }
 url = { workspace = true }
+futures = { workspace = true }
+reqwest = { workspace = true }
+time = { workspace = true, features = ["serde"] }
 
 [target.'cfg(unix)'.dependencies]
 libc = { workspace = true }

diff --git a/codex-rs/tui/src/app.rs b/codex-rs/tui/src/app.rs
@@ -381,6 +381,59 @@ impl App {
             AppEvent::OpenReviewCustomPrompt => {
                 self.chat_widget.show_review_custom_prompt();
             }
+            AppEvent::OpenSecurityReviewPathPrompt(mode) => {
+                self.chat_widget.show_security_review_path_prompt(mode);
+            }
+            AppEvent::StartSecurityReview {
+                mode,
+                include_paths,
+                scope_prompt,
+                force_new,
+            } => {
+                self.chat_widget.start_security_review(
+                    mode,
+                    include_paths,
+                    scope_prompt,
+                    force_new,
+                );
+            }
+            AppEvent::ResumeSecurityReview {
+                output_root,
+                metadata,
+            } => {
+                self.chat_widget
+                    .resume_security_review(output_root, metadata);
+            }
+            AppEvent::SecurityReviewAutoScopeConfirm {
+                mode,
+                prompt,
+                selections,
+                responder,
+            } => {
+                self.chat_widget
+                    .show_security_review_scope_confirmation(mode, prompt, selections, responder);
+            }
+            AppEvent::SecurityReviewScopeResolved { paths } => {
+                self.chat_widget.on_security_review_scope_resolved(paths);
+            }
+            AppEvent::SecurityReviewCommandStatus {
+                id,
+                summary,
+                state,
+                preview,
+            } => {
+                self.chat_widget
+                    .on_security_review_command_status(id, summary, state, preview);
+            }
+            AppEvent::SecurityReviewLog(message) => {
+                self.chat_widget.on_security_review_log(message);
+            }
+            AppEvent::SecurityReviewComplete { result } => {
+                self.chat_widget.on_security_review_complete(result);
+            }
+            AppEvent::SecurityReviewFailed { error } => {
+                self.chat_widget.on_security_review_failed(error);
+            }
             AppEvent::FullScreenApprovalRequest(request) => match request {
                 ApprovalRequest::ApplyPatch { cwd, changes, .. } => {
                     let _ = tui.enter_alt_screen();

diff --git a/codex-rs/tui/src/app_event.rs b/codex-rs/tui/src/app_event.rs
@@ -5,12 +5,31 @@ use codex_core::protocol::ConversationPathResponseEvent;
 use codex_core::protocol::Event;
 use codex_file_search::FileMatch;
 
-use crate::bottom_pane::ApprovalRequest;
-use crate::history_cell::HistoryCell;
-
 use codex_core::protocol::AskForApproval;
 use codex_core::protocol::SandboxPolicy;
 use codex_core::protocol_config_types::ReasoningEffort;
+use tokio::sync::oneshot;
+
+use crate::bottom_pane::ApprovalRequest;
+use crate::history_cell::HistoryCell;
+use crate::security_review::SecurityReviewFailure;
+use crate::security_review::SecurityReviewMetadata;
+use crate::security_review::SecurityReviewMode;
+use crate::security_review::SecurityReviewResult;
+
+#[derive(Clone, Debug)]
+pub(crate) struct SecurityReviewAutoScopeSelection {
+    pub display_path: String,
+    pub reason: Option<String>,
+}
+
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub(crate) enum SecurityReviewCommandState {
+    Running,
+    Matches,
+    NoMatches,
+    Error,
+}
 
 #[allow(clippy::large_enum_variant)]
 #[derive(Debug)]
@@ -87,4 +106,55 @@ pub(crate) enum AppEvent {
 
     /// Open the approval popup.
     FullScreenApprovalRequest(ApprovalRequest),
+
+    /// Open the scoped path input for security reviews.
+    OpenSecurityReviewPathPrompt(SecurityReviewMode),
+
+    /// Begin running a security review with the given mode and optional scoped paths.
+    StartSecurityReview {
+        mode: SecurityReviewMode,
+        include_paths: Vec<String>,
+        scope_prompt: Option<String>,
+        force_new: bool,
+    },
+
+    /// Resume a previously generated security review from disk.
+    ResumeSecurityReview {
+        output_root: PathBuf,
+        metadata: SecurityReviewMetadata,
+    },
+
+    /// Prompt the user to confirm auto-detected scope selections.
+    SecurityReviewAutoScopeConfirm {
+        mode: SecurityReviewMode,
+        prompt: String,
+        selections: Vec<SecurityReviewAutoScopeSelection>,
+        responder: oneshot::Sender<bool>,
+    },
+
+    /// Notify that the security review scope has been resolved to specific paths.
+    SecurityReviewScopeResolved {
+        paths: Vec<String>,
+    },
+
+    /// Update the command status display for running security review shell commands.
+    SecurityReviewCommandStatus {
+        id: u64,
+        summary: String,
+        state: SecurityReviewCommandState,
+        preview: Vec<String>,
+    },
+
+    /// Append a progress log emitted during the security review.
+    SecurityReviewLog(String),
+
+    /// Security review completed successfully.
+    SecurityReviewComplete {
+        result: SecurityReviewResult,
+    },
+
+    /// Security review failed prior to completion.
+    SecurityReviewFailed {
+        error: SecurityReviewFailure,
+    },
 }
diff --git a/codex-rs/tui/src/bottom_pane/chat_composer.rs b/codex-rs/tui/src/bottom_pane/chat_composer.rs
@@ -1504,6 +1504,10 @@ impl ChatComposer {
         self.is_task_running = running;
     }
 
+    pub(crate) fn set_placeholder_text(&mut self, placeholder: String) {
+        self.placeholder_text = placeholder;
+    }
+
     pub(crate) fn set_context_window_percent(&mut self, percent: Option<u8>) {
         if self.context_window_percent != percent {
             self.context_window_percent = percent;

diff --git a/codex-rs/tui/src/bottom_pane/mod.rs b/codex-rs/tui/src/bottom_pane/mod.rs
@@ -30,9 +30,12 @@ pub(crate) use list_selection_view::SelectionViewParams;
 mod paste_burst;
 pub mod popup_consts;
 mod scroll_state;
+mod security_review_scope_confirm_view;
 mod selection_popup_common;
 mod textarea;
 
+pub(crate) use security_review_scope_confirm_view::SecurityReviewScopeConfirmView;
+
 #[derive(Debug, Clone, Copy, PartialEq, Eq)]
 pub(crate) enum CancellationEvent {
     Handled,
@@ -44,6 +47,7 @@ pub(crate) use chat_composer::InputResult;
 use codex_protocol::custom_prompts::CustomPrompt;
 
 use crate::status_indicator_widget::StatusIndicatorWidget;
+pub(crate) use crate::status_indicator_widget::StatusSnapshot;
 pub(crate) use list_selection_view::SelectionAction;
 pub(crate) use list_selection_view::SelectionItem;
 
@@ -68,6 +72,8 @@ pub(crate) struct BottomPane {
     status: Option<StatusIndicatorWidget>,
     /// Queued user messages to show under the status indicator.
     queued_user_messages: Vec<String>,
+    /// Recent log messages shown beneath the status header.
+    status_logs: Vec<String>,
     context_window_percent: Option<u8>,
 }
 
@@ -100,6 +106,7 @@ impl BottomPane {
             ctrl_c_quit_hint: false,
             status: None,
             queued_user_messages: Vec::new(),
+            status_logs: Vec::new(),
             esc_backtrack_hint: false,
             context_window_percent: None,
         }
@@ -270,6 +277,11 @@ impl BottomPane {
         self.request_redraw();
     }
 
+    pub(crate) fn set_placeholder_text(&mut self, text: String) {
+        self.composer.set_placeholder_text(text);
+        self.request_redraw();
+    }
+
     /// Get the current composer text (for tests and programmatic checks).
     pub(crate) fn composer_text(&self) -> String {
         self.composer.current_text()
@@ -285,6 +297,22 @@ impl BottomPane {
         }
     }
 
+    pub(crate) fn update_status_snapshot(&mut self, snapshot: StatusSnapshot) {
+        self.status_logs = snapshot.logs.clone();
+        if let Some(status) = self.status.as_mut() {
+            status.update_snapshot(snapshot);
+        } else {
+            self.update_status_header(snapshot.header);
+        }
+    }
+
+    pub(crate) fn update_status_logs(&mut self, logs: Vec<String>) {
+        self.status_logs = logs.clone();
+        if let Some(status) = self.status.as_mut() {
+            status.set_logs(logs);
+        }
+    }
+
     pub(crate) fn show_ctrl_c_quit_hint(&mut self) {
         self.ctrl_c_quit_hint = true;
         self.composer
@@ -328,18 +356,21 @@ impl BottomPane {
 
         if running {
             if self.status.is_none() {
+                self.status_logs.clear();
                 self.status = Some(StatusIndicatorWidget::new(
                     self.app_event_tx.clone(),
                     self.frame_requester.clone(),
                 ));
             }
             if let Some(status) = self.status.as_mut() {
                 status.set_queued_messages(self.queued_user_messages.clone());
+                status.set_logs(self.status_logs.clone());
             }
             self.request_redraw();
         } else {
             // Hide the status indicator when a task completes, but keep other modal views.
             self.hide_status_indicator();
+            self.status_logs.clear();
         }
     }