Plan Codex-base substrate migration for Every Code

[shiny-code-bot]

Finish Line

Every Code has a reviewable Codex-base substrate migration plan that replaces the raw spike with scoped PR slices, clarifies the future role of code-rs and codex-rs, and prevents new work from landing on the wrong base.

Current Status

State: Codex-base substrate and first identity/config slice merged; next implementation slice is Every Code feature inventory and low-conflict ports.

Landed:

• PR docs: record Codex substrate migration policy #389 documented the Codex-base substrate direction in docs/upstream-import-policy.md and AGENTS.md.
• PR docs: record Codex substrate migration policy #389 added .github/github.json migration metadata with completion criteria for the Codex-base Rust workspace migration.
• PR feat: replace Rust substrate with Codex base #390 replaced code-rs with the Codex-base Rust workspace while keeping codex-rs as the read-only openai/codex:main mirror.
• PR feat: replace Rust substrate with Codex base #390 kept imported upstream crates internally named codex-*, built the Every Code CLI binary as code, and preserved the foundation home policy: CODE_HOME > CODEX_HOME > ~/.code.
• PR feat: replace Rust substrate with Codex base #390 narrowed the codex path dependency guard so it blocks actual sibling ../codex-rs references without rejecting legitimate imported codex-* crates inside code-rs.
• PR feat: replace Rust substrate with Codex base #390 added the upstream code-rs/tui/tests/fixtures/oss-story.jsonl fixture to the blob-size allowlist, matching the existing codex-rs mirror allowlist entry.
• PR feat: align CLI identity with Every Code #391 aligned the first CLI identity/config layer with Every Code and the code command: top-level/help examples, MCP/plugin/login/update/sandbox/apply copy, code exec usage, resume hints, and shared config override help now point at ~/.code/config.toml with legacy ~/.codex compatibility.
• PR feat: align CLI identity with Every Code #391 repaired root package scripts for the Codex-base crate/bin names now used under code-rs.

Validation for PR #390:

• ./build-fast.sh passed cleanly and produced a code binary from the Codex-base code-rs workspace.
• cargo test -p codex-utils-home-dir --locked passed and covers CODE_HOME precedence plus the ~/.code default.
• Review agent pass 1: not merge-blocked; only warnings were fixed before merge.
• Review agent pass 2: not merge-blocked after hardening fixes.
• GitHub blob-size policy passed.

Validation for PR #391:

• ./build-fast.sh passed cleanly after final review fixes.
• Help spot checks passed for code --help, code exec --help, code mcp add --help, code plugin marketplace --help, and code app-server --help.
• Review agent pass 1: not merge-blocked; identified the app-server upstream docs URL and internal synthetic argv string, both fixed before merge.
• Review agent pass 2: identified clearer CODE_HOME/CODEX_HOME help wording, fixed before merge.
• GitHub blob-size policy passed.

Current repo layout:

• code-rs: editable Codex-base Every Code product workspace.
• codex-rs: read-only openai/codex:main mirror for upstream review/provenance until this issue explicitly changes that role.
• code-rs must not depend on sibling ../codex-rs; import or port needed upstream source into code-rs instead.

Remaining PR sequence:

1. Every Code feature inventory and low-conflict ports: use Inventory and port Every Code features onto Codex base #386 to add back product-owned crates/features that do not require deep TUI event-loop changes.
2. TUI/Auto Drive/remote session features: port high-conflict TUI coordinator, Auto Drive, Auto Review, token/burn diagnostics, and remote-inbox/session continuity decisions through Inventory and port Every Code features onto Codex base #386/Decide remote inbox and Discord UI for Codex-base session continuity #388.
3. Desktop validation: use Validate Codex-base Every Code in copied Codex Desktop app #387 to run the copied Codex Desktop app against the Codex-base Every Code binary and validate real chat plus externally-created session continuity.
4. Upstream cursor/policy cleanup: advance .github/upstream-cursors.json, update .github/github.json, AGENTS, and docs/upstream-import-policy.md if the substrate/mirror roles change again.

Known risks:

• Some upstream TUI/config/runtime surfaces still contain Codex docs URLs and product copy outside the first CLI identity slice; address them deliberately in a later identity pass.
• Release/build/package metadata still needs a deliberate Every Code boundary review beyond the root package scripts fixed in PR feat: align CLI identity with Every Code #391.
• Every Code feature ports from the old workspace are not restored by PR feat: replace Rust substrate with Codex base #390 and must be inventoried before piecemeal implementation.
• Existing branches touching the old code-rs layout may need to be rebased, closed, or explicitly blocked.

Next action:

• Start Inventory and port Every Code features onto Codex base #386 by inventorying old Every Code-owned features against the new Codex-base code-rs, then port the lowest-conflict crate/features first.
• Re-check active branches/worktrees touching code-rs; anything based on the old workspace is likely stale after PR feat: replace Rust substrate with Codex base #390.

Acceptance Criteria

• Decide and document the code-rs / codex-rs roles for the Codex-base migration.
• code-rs can build from a Codex-base workspace as the code binary with ./build-fast.sh.
• Imported upstream crates keep codex-* names unless there is a specific Every Code product reason to alias/rename.
• Every Code-only additions have a documented code-* port strategy.
• CODE_HOME takes precedence over CODEX_HOME; no-env default is ~/.code.
• No code-rs crate depends on sibling ../codex-rs; the path-dependency guard enforces the chosen policy.
• .github/github.json, AGENTS/repo guidance, and docs/upstream-import-policy.md describe the new substrate/mirror roles.
• Active issues that touch app-server/session/protocol/TUI/remote-inbox/release identity are linked, blocked, or marked independent.
• The raw spike is decomposed into reviewable PR slices and is not merged wholesale.

Relationships

• Parent: Combine Every Code with the Codex Desktop app #377
• Uses spike branch: spike/codex-base-port
• Informs Reduce codex-rs/code-rs search and layout confusion #88, Audit and retire obsolete legacy code paths #130, Audit Codex CLI app-server parity for Every Code #216, Document compatibility surfaces kept outside release flow #299