Codex runtime CLI example

Profiles:

• agent-runtime-cli
• agent-tool-mcp-gateway
• agent-sdk-api
• agent-ui-tui-desktop
• agent-distribution-release

Typical gates:

• static: cargo fmt, cargo clippy, dependency/policy checks, Bazel parity.
• unit/runtime: targeted crate tests and cargo nextest run --no-fail-fast.
• contract/protocol: MCP fixtures, SSE fixtures, app-server protocol schemas, SDK/API tests.
• ui-interaction: terminal snapshots for approval overlays, footer/status, diff/history, request-user-input, resume/model picker.
• runtime-e2e: CLI exec/apply-patch/resume/sandbox/process cleanup suites.
• distribution-release: Bazel release matrix, native package contents, npm/package staging.

Public QC plan JSON:

{
  "schema_version": "0.4.0",
  "id": "codex-runtime-tui-protocol-qc",
  "target_project": "codex",
  "project_profiles": [
    "agent-runtime-cli",
    "agent-tool-mcp-gateway",
    "agent-sdk-api",
    "agent-ui-tui-desktop",
    "agent-distribution-release"
  ],
  "risk_level": "high",
  "risk_domains": [
    "sandbox",
    "tool-execution",
    "protocol",
    "tui-rendering",
    "release-package"
  ],
  "required_gates": [
    "static",
    "unit",
    "contract-protocol",
    "runtime-e2e",
    "ui-interaction",
    "distribution-release"
  ],
  "cases": [
    {
      "id": "deny-unsafe-tool-action",
      "name": "Deny unsafe tool action",
      "project_profile": "agent-runtime-cli",
      "target": "sandbox policy",
      "steps": [
        "Run the sandbox deny fixture",
        "Capture CLI transcript, structured event sample, and exit status"
      ],
      "expected": [
        "Unsafe action is denied",
        "Transcript includes a controlled error and no orphan subprocess remains"
      ],
      "risk": "permission bypass",
      "required_gates": [
        "unit",
        "runtime-e2e"
      ],
      "required_evidence": [
        "command_log",
        "cli_transcript",
        "process_cleanup_note"
      ],
      "status": "planned",
      "surface": "cli-stream"
    },
    {
      "id": "approval-overlay-renders-request-id",
      "name": "Approval overlay renders request id and action",
      "project_profile": "agent-ui-tui-desktop",
      "target": "ratatui approval overlay",
      "steps": [
        "Trigger an exec or patch approval fixture",
        "Render the TUI at narrow and standard viewport sizes",
        "Capture runtime approval event and terminal snapshots"
      ],
      "expected": [
        "Overlay shows command or patch intent, permission reason, and request correlation",
        "Ctrl-C/Esc footer state is correct while approval is pending",
        "Allow or deny result is reflected in the runtime transcript"
      ],
      "risk": "invisible or stale permission prompt",
      "required_gates": [
        "contract-protocol",
        "ui-interaction"
      ],
      "required_evidence": [
        "terminal_snapshot",
        "viewport_matrix",
        "runtime_event_transcript"
      ],
      "status": "planned",
      "surface": "tui"
    },
    {
      "id": "mcp-tool-event-round-trip",
      "name": "MCP tool event round-trips through protocol and UI",
      "project_profile": "agent-tool-mcp-gateway",
      "target": "MCP tool declaration and stream event",
      "steps": [
        "Mount MCP client/server fixture",
        "Run a fake model stream that calls the tool",
        "Inspect app-server or CLI protocol transcript"
      ],
      "expected": [
        "Tool name, schema, permission boundary, and output shape remain stable",
        "Runtime event preserves tool call id and structured output"
      ],
      "risk": "tool declaration drift or stream event mismatch",
      "required_gates": [
        "contract-protocol",
        "fake-integration"
      ],
      "required_evidence": [
        "schema_diff_or_fixture",
        "fake_server_log",
        "stream_transcript"
      ],
      "status": "planned",
      "surface": "cli-stream"
    },
    {
      "id": "release-binary-package-contents",
      "name": "Release package contains expected platform helpers",
      "project_profile": "agent-distribution-release",
      "target": "native CLI package",
      "steps": [
        "Build or dry-run the release package",
        "Inspect native binaries and helper scripts",
        "Compare package manifest with expected platform matrix"
      ],
      "expected": [
        "Package contains the CLI binary and required platform helpers",
        "Manifest does not include unexpected generated or secret files"
      ],
      "risk": "broken or unsafe distribution artifact",
      "required_gates": [
        "distribution-release"
      ],
      "required_evidence": [
        "package_manifest",
        "build_log",
        "platform_matrix_note"
      ],
      "status": "planned",
      "surface": "cli-stream"
    }
  ],
  "evidence_policy": "Every pass must link to command, fixture, transcript, snapshot, schema diff, package manifest, or CI evidence. TUI proof must include both terminal snapshots and runtime transcripts."
}