Audit recent Codex Lab PRs against authoritative Every Code source

[shiny-code-bot]

Finish Line

Recent Codex Lab PRs that were intended to port Every Code features or fixtures are audited against the authoritative restored Every Code source at ../code-prealign-new-skills/code-rs, with each affected slice classified as keep, fix, rework, quarantine, or revert before more feature work builds on it.

Current Status

Active parity audit remains paused at PR #63, after fixing the PR #60/#128 follow-up regressions.

Completed since the prior status:

• Merged Fix auto-review store migration awareness #129 (Fix auto-review store migration awareness) at b7bc5c4e17.
• Fix auto-review store migration awareness #129 preserves visibility of legacy CODEX_LAB_HOME/auto-review/runs/*.json history while keeping new scoped state/review/repo-*/auto-review data authoritative.
• Fix auto-review store migration awareness #129 restores the empty-store awareness fast path so normal turns avoid git/diff probing unless there is loadable legacy data, scoped store data, or a live pending/running review.
• Fix auto-review store migration awareness #129 makes legacy reads best-effort so corrupt retired artifacts cannot hide valid scoped store data.

Validation for #129:

• cargo fmt --manifest-path codex-rs/Cargo.toml --all --check
• git diff --check
• cargo test -p codex-auto-review
• cargo test -p codex-core auto_review_awareness
• Read-only agent reviews iterated through migration compatibility, hot-path awareness detection, and legacy/new precedence issues before merge.
• PR Fix auto-review store migration awareness #129 CI passed and was merged; local main is fast-forwarded.

Current stop point:

• PR Persist detached review runs #63 (native-detached-auto-review-runtime) is still the first credible possible parity miss from the low-to-high audit.
• The open question is whether Codex Lab should replace its simplified detached auto-review persistence/lifecycle model with the richer authoritative Every Code review store/coordination model before continuing the audit.

Next action:

• Discuss PR Persist detached review runs #63 as a parity correction decision. If accepted, plan a focused corrective PR for the durable review schema/lifecycle model, then resume the audit at PR Persist detached review runs #63/Harden background auto review lifecycle #64 after that lands.

Audit Tracks

P0: Auth, login, and account switching

First queue: PRs #116, #117, #118, #119, #120, #122, #123, #124.

Authoritative source areas:

• ../code-prealign-new-skills/code-rs/core/src/auth.rs
• ../code-prealign-new-skills/code-rs/core/src/auth_accounts.rs
• ../code-prealign-new-skills/code-rs/core/src/account_switching.rs
• ../code-prealign-new-skills/code-rs/core/src/account_usage.rs
• ../code-prealign-new-skills/code-rs/login/src/server.rs
• ../code-prealign-new-skills/code-rs/login/src/device_code_auth.rs
• ../code-prealign-new-skills/code-rs/tui/src/bottom_pane/login_accounts_view.rs
• ../code-prealign-new-skills/code-rs/tui/src/bottom_pane/account_switch_settings_view.rs
• ../code-prealign-new-skills/code-rs/tui/src/account_label.rs
• ../code-prealign-new-skills/code-rs/tui/src/onboarding/auth.rs

Immediate audit question: does Codex Lab's /login and add-account flow match Every Code's flow where selecting Add opens the auth webpage, rather than sending the user to another command?

P0: Browser, bridge, and app-server client behavior

First queue: PRs #88, #89, #90, #100 through #112, plus #36-related work.

Authoritative source areas:

• ../code-prealign-new-skills/code-rs/cli/src/bridge.rs
• ../code-prealign-new-skills/code-rs/core/src/bridge_client.rs
• ../code-prealign-new-skills/code-rs/browser/src/config.rs
• ../code-prealign-new-skills/code-rs/browser/src/hooks/browser_injector.rs
• ../code-prealign-new-skills/code-rs/browser/src/tools/browser_tools.rs
• ../code-prealign-new-skills/code-rs/browser/src/page.rs
• ../code-prealign-new-skills/code-rs/tui/src/chatwidget/browser_sessions.rs
• ../code-prealign-new-skills/code-rs/tui/src/history_cell/browser.rs

Immediate audit question: which bridge/browser behavior is actual Every Code parity, and which Codex Lab work is useful but product-original and should be tracked as such?

P1: External agents, session provenance, and worktrees

First queue: PRs #82, #86, #92, #94, #95, #96, #97.

Authoritative source areas:

• ../code-prealign-new-skills/code-rs/core/src/agent_tool.rs
• ../code-prealign-new-skills/code-rs/core/src/agent_defaults.rs
• ../code-prealign-new-skills/code-rs/core/src/external_agent_config.rs
• ../code-prealign-new-skills/code-rs/app-server/src/external_agent_config_api.rs
• ../code-prealign-new-skills/code-rs/tui/src/bottom_pane/agents_settings_view.rs
• ../code-prealign-new-skills/code-rs/tui/src/bottom_pane/agents_overview_view.rs
• ../code-prealign-new-skills/code-rs/tui/src/bottom_pane/agent_editor_view.rs
• ../code-prealign-new-skills/code-rs/tui/src/chatwidget/agent_runs.rs

P1: Home/config migration and repository-local state

First queue: PRs #84, #87, #91, #114, plus config/home pieces inside auth PRs.

Authoritative source areas:

• ../code-prealign-new-skills/code-rs/core/src/config.rs
• ../code-prealign-new-skills/code-rs/core/src/config_types.rs
• ../code-prealign-new-skills/code-rs/core/src/config_edit.rs
• ../code-prealign-new-skills/code-rs/common/src
• ../code-prealign-new-skills/code-rs/cli/src/main.rs
• ../code-prealign-new-skills/code-rs/exec/src/cli.rs

P2: Exec harness, snapshots, and fixtures

First queue: PRs #40, #44, #75, and any fixtures created to prove bridge/auth behavior.

Authoritative source areas:

• ../code-prealign-new-skills/code-rs/core/src/patch_harness.rs
• ../code-prealign-new-skills/code-rs/exec/src/cli.rs
• ../code-prealign-new-skills/code-rs/exec/src/main.rs
• ../code-prealign-new-skills/code-rs/tui/tests/vt100_chatwidget_snapshot.rs
• ../code-prealign-new-skills/code-rs/tui/tests/snapshots/
• ../code-prealign-new-skills/code-rs/app-server-protocol/tests/schema_fixtures.rs
• ../code-prealign-new-skills/code-rs/app-server-protocol/schema/

Audit Template

For each PR or feature slice, record:

• PR / feature slice.
• Intended Every Code behavior.
• Authoritative Every Code source files inspected.
• Codex Lab files inspected.
• Match verdict: matches, diverges, no Every Code equivalent, or unclear.
• Product verdict: keep, fix, rework, quarantine, or revert.
• Validation needed: static source comparison, fixture, snapshot, live dogfood, or CI only.
• Follow-up issue or PR required.

Validation Guardrails

• Use static source comparison and offline fixtures first.
• Use live dogfood only for behavior that cannot be safely mocked, such as real auth browser handoff or real bridge lifecycle.
• Do not run automated loops against live auth/model accounts; protect weekly quotas and prompt-cache locality.
• For TUI changes, prefer snapshot or screenshot evidence compared against the authoritative Every Code UX.
• For auth/config tests, override home directories and never mutate the user's real home in automation.

Relationships

• Parent: Codex Lab MVP dogfood plan #28 Codex Lab MVP dogfood plan.
• Blocks: Codex Lab multi-auth MVP #115 Codex Lab multi-auth MVP until the auth/login/account-switching cluster has an audit verdict.
• Related: Scope minimal Code Bridge vertical slice #36 Code Bridge activation should pause for bridge/browser parity classification before more broad implementation.

Acceptance Criteria

• A full merged-PR inventory exists from the lowest merged PR number through the current head.
• Each PR is classified as Every Code parity, Codex Lab original, infrastructure, docs/planning, or unknown.
• Parity and unknown PRs have an audit verdict against ../code-prealign-new-skills/code-rs: keep, fix, rework, quarantine, revert, or needs decision.
• The audit proceeds read-only unless the user explicitly approves corrective implementation.
• The auditor stops at each credible possible miss and reports both the suspected miss and a short list of items that looked correct so far.

[shiny-code-bot]

Audit checkpoint 1, read-only pass from lowest merged PRs:

Possible active miss:

• Installer default release repository still appears to be cbusillo/codex in scripts/codex_lab_package/installer.py.
• The default was introduced with PR Add Codex Lab release installer #10 and has not been changed by later installer PRs.
• Live release metadata suggests cbusillo/codex currently hosts upstream-style v0.6.x releases, while cbusillo/codex-lab hosts codex-lab-v... prereleases.
• This may have been correct at the time, but current main likely should default the Codex Lab installer to the Codex Lab release repository.

Looks right so far:

• The merged PR inventory starts at Add Codex Lab app packaging scaffold #5; no merged Codex fork overlay capability map #1-Codex Lab identity and channel naming #4 were found in the helper inventory.
• PR Add Codex Lab app packaging scaffold #5 is Codex Lab-original app packaging scaffold, not Every Code feature parity.
• PRs Add Codex Lab distribution manifest #6-Add Codex Lab installer status command #14 are release/installer infrastructure rather than direct Every Code UX parity.
• Early app/shim naming is consistently Codex Lab / codex-lab.
• Installer state defaults to ~/Library/Application Support/Codex Lab/install-state.json.

Paused for discussion before continuing or fixing.

[shiny-code-bot]

Audit checkpoint 1 update:

The installer repository miss from the first lowest-PR audit pass is now addressed by PR #127:
#127

Scope:

• Defaults install_codex_lab.py --latest / release-tag resolution to cbusillo/codex-lab through DEFAULT_REPOSITORY.
• Updates package release URL fixtures to Codex Lab release URLs.

Verification before PR:

• python3 -m unittest scripts.codex_lab_package.test_installer scripts.codex_lab_package.test_distribution_manifest
• Read-only review agent reported no findings.

[shiny-code-bot]

Audit checkpoint 1 resolved:

PR #127 merged and fixed the installer release repository miss.

Result:

• Codex Lab installer defaults now resolve releases from cbusillo/codex-lab.
• Package installer/distribution manifest tests use Codex Lab release URLs.
• CI passed before merge.

Audit can resume from the next unchecked early PRs after #24-#26.

[shiny-code-bot]

Read-only audit progress after resolving checkpoint 1:

Checked through PR #41.

Looks right / no miss found:

• Ignore local handoff scratch files #16 local handoff ignore hygiene.
• Add Codex Lab installer update command #17-Handle Codex Lab installer CLI errors #18 installer follow-ups are covered by the fix: default installer to codex-lab releases #127 repository-default fix.
• Document Just Every skill provenance #19-Add OpenAI metadata for repo skills #21 skills provenance/metadata and repo policy cleanup.
• Strengthen skill guidance and add exec harness #24-Add exec harness eval reports #26 exec harness pilot, CI gate, and reports. These are intentionally narrower than the authoritative Every Code tools/code-exec-harness; the narrowing is documented in the Codex Lab harness README and later cache-safety plans build on that explicit shape.
• Point agents at durable Codex Lab plan #29 durable planning guidance, later corrected by docs: clarify Every Code source references #125 for restored-source lookup.
• Fix exec harness cleanup automation #38-Add skills cache continuity scenario #40 exec harness automation/cache/skills-continuity follow-ups align with the focused harness plan.
• Document app-server Desktop compatibility gate #41 app-server/Desktop compatibility gate and macOS build workaround; no Every Code parity miss found.

Next audit cursor: PR #44.