feat: Complete LLMX v0.1.0 - Rebrand from Codex with LiteLLM Integration

This release represents a comprehensive transformation of the codebase from Codex to LLMX,
enhanced with LiteLLM integration to support 100+ LLM providers through a unified API.

## Major Changes

### Phase 1: Repository & Infrastructure Setup
- Established new repository structure and branching strategy
- Created comprehensive project documentation (CLAUDE.md, LITELLM-SETUP.md)
- Set up development environment and tooling configuration

### Phase 2: Rust Workspace Transformation
- Renamed all Rust crates from `codex-*` to `llmx-*` (30+ crates)
- Updated package names, binary names, and workspace members
- Renamed core modules: codex.rs → llmx.rs, codex_delegate.rs → llmx_delegate.rs
- Updated all internal references, imports, and type names
- Renamed directories: codex-rs/ → llmx-rs/, codex-backend-openapi-models/ → llmx-backend-openapi-models/
- Fixed all Rust compilation errors after mass rename

### Phase 3: LiteLLM Integration
- Integrated LiteLLM for multi-provider LLM support (Anthropic, OpenAI, Azure, Google AI, AWS Bedrock, etc.)
- Implemented OpenAI-compatible Chat Completions API support
- Added model family detection and provider-specific handling
- Updated authentication to support LiteLLM API keys
- Renamed environment variables: OPENAI_BASE_URL → LLMX_BASE_URL
- Added LLMX_API_KEY for unified authentication
- Enhanced error handling for Chat Completions API responses
- Implemented fallback mechanisms between Responses API and Chat Completions API

### Phase 4: TypeScript/Node.js Components
- Renamed npm package: @codex/codex-cli → @valknar/llmx
- Updated TypeScript SDK to use new LLMX APIs and endpoints
- Fixed all TypeScript compilation and linting errors
- Updated SDK tests to support both API backends
- Enhanced mock server to handle multiple API formats
- Updated build scripts for cross-platform packaging

### Phase 5: Configuration & Documentation
- Updated all configuration files to use LLMX naming
- Rewrote README and documentation for LLMX branding
- Updated config paths: ~/.codex/ → ~/.llmx/
- Added comprehensive LiteLLM setup guide
- Updated all user-facing strings and help text
- Created release plan and migration documentation

### Phase 6: Testing & Validation
- Fixed all Rust tests for new naming scheme
- Updated snapshot tests in TUI (36 frame files)
- Fixed authentication storage tests
- Updated Chat Completions payload and SSE tests
- Fixed SDK tests for new API endpoints
- Ensured compatibility with Claude Sonnet 4.5 model
- Fixed test environment variables (LLMX_API_KEY, LLMX_BASE_URL)

### Phase 7: Build & Release Pipeline
- Updated GitHub Actions workflows for LLMX binary names
- Fixed rust-release.yml to reference llmx-rs/ instead of codex-rs/
- Updated CI/CD pipelines for new package names
- Made Apple code signing optional in release workflow
- Enhanced npm packaging resilience for partial platform builds
- Added Windows sandbox support to workspace
- Updated dotslash configuration for new binary names

### Phase 8: Final Polish
- Renamed all assets (.github images, labels, templates)
- Updated VSCode and DevContainer configurations
- Fixed all clippy warnings and formatting issues
- Applied cargo fmt and prettier formatting across codebase
- Updated issue templates and pull request templates
- Fixed all remaining UI text references

## Technical Details

**Breaking Changes:**
- Binary name changed from `codex` to `llmx`
- Config directory changed from `~/.codex/` to `~/.llmx/`
- Environment variables renamed (CODEX_* → LLMX_*)
- npm package renamed to `@valknar/llmx`

**New Features:**
- Support for 100+ LLM providers via LiteLLM
- Unified authentication with LLMX_API_KEY
- Enhanced model provider detection and handling
- Improved error handling and fallback mechanisms

**Files Changed:**
- 578 files modified across Rust, TypeScript, and documentation
- 30+ Rust crates renamed and updated
- Complete rebrand of UI, CLI, and documentation
- All tests updated and passing

**Dependencies:**
- Updated Cargo.lock with new package names
- Updated npm dependencies in llmx-cli
- Enhanced OpenAPI models for LLMX backend

This release establishes LLMX as a standalone project with comprehensive LiteLLM
integration, maintaining full backward compatibility with existing functionality
while opening support for a wide ecosystem of LLM providers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Sebastian Krüger <support@pivoine.art>

llmx-rs/execpolicy/src/default.policy

@@ -0,0 +1,202 @@
+"""
+define_program() supports the following arguments:
+- program: the name of the program
+- system_path: list of absolute paths on the system where program can likely be found
+- option_bundling (PLANNED): whether to allow bundling of options (e.g. `-al` for `-a -l`)
+- combine_format (PLANNED): whether to allow `--option=value` (as opposed to `--option value`)
+- options: the command-line flags/options: use flag() and opt() to define these
+- args: the rules for what arguments are allowed that are not "options"
+- should_match: list of command-line invocations that should be matched by the rule
+- should_not_match: list of command-line invocations that should not be matched by the rule
+"""
+
+define_program(
+    program="ls",
+    system_path=["/bin/ls", "/usr/bin/ls"],
+    options=[
+        flag("-1"),
+        flag("-a"),
+        flag("-l"),
+    ],
+    args=[ARG_RFILES_OR_CWD],
+)
+
+define_program(
+    program="cat",
+    options=[
+        flag("-b"),
+        flag("-n"),
+        flag("-t"),
+    ],
+    system_path=["/bin/cat", "/usr/bin/cat"],
+    args=[ARG_RFILES],
+    should_match=[
+        ["file.txt"],
+        ["-n", "file.txt"],
+        ["-b", "file.txt"],
+    ],
+    should_not_match=[
+        # While cat without args is valid, it will read from stdin, which
+        # does not seem appropriate for our current use case.
+        [],
+        # Let's not auto-approve advisory locking.
+        ["-l", "file.txt"],
+    ]
+)
+
+define_program(
+    program="cp",
+    options=[
+        flag("-r"),
+        flag("-R"),
+        flag("--recursive"),
+    ],
+    args=[ARG_RFILES, ARG_WFILE],
+    system_path=["/bin/cp", "/usr/bin/cp"],
+    should_match=[
+        ["foo", "bar"],
+    ],
+    should_not_match=[
+        ["foo"],
+    ],
+)
+
+define_program(
+    program="head",
+    system_path=["/bin/head", "/usr/bin/head"],
+    options=[
+        opt("-c", ARG_POS_INT),
+        opt("-n", ARG_POS_INT),
+    ],
+    args=[ARG_RFILES],
+)
+
+printenv_system_path = ["/usr/bin/printenv"]
+
+# Print all environment variables.
+define_program(
+    program="printenv",
+    args=[],
+    system_path=printenv_system_path,
+    # This variant of `printenv` only allows zero args.
+    should_match=[[]],
+    should_not_match=[["PATH"]],
+)
+
+# Print a specific environment variable.
+define_program(
+    program="printenv",
+    args=[ARG_OPAQUE_VALUE],
+    system_path=printenv_system_path,
+    # This variant of `printenv` only allows exactly one arg.
+    should_match=[["PATH"]],
+    should_not_match=[[], ["PATH", "HOME"]],
+)
+
+# Note that `pwd` is generally implemented as a shell built-in. It does not
+# accept any arguments.
+define_program(
+    program="pwd",
+    options=[
+        flag("-L"),
+        flag("-P"),
+    ],
+    args=[],
+)
+
+define_program(
+    program="rg",
+    options=[
+        opt("-A", ARG_POS_INT),
+        opt("-B", ARG_POS_INT),
+        opt("-C", ARG_POS_INT),
+        opt("-d", ARG_POS_INT),
+        opt("--max-depth", ARG_POS_INT),
+        opt("-g", ARG_OPAQUE_VALUE),
+        opt("--glob", ARG_OPAQUE_VALUE),
+        opt("-m", ARG_POS_INT),
+        opt("--max-count", ARG_POS_INT),
+
+        flag("-n"),
+        flag("-i"),
+        flag("-l"),
+        flag("--files"),
+        flag("--files-with-matches"),
+        flag("--files-without-match"),
+    ],
+    args=[ARG_OPAQUE_VALUE, ARG_RFILES_OR_CWD],
+    should_match=[
+        ["-n", "init"],
+        ["-n", "init", "."],
+        ["-i", "-n", "init", "src"],
+        ["--files", "--max-depth", "2", "."],
+    ],
+    should_not_match=[
+        ["-m", "-n", "init"],
+        ["--glob", "src"],
+    ],
+    # TODO(mbolin): Perhaps we need a way to indicate that we expect `rg` to be
+    # bundled with the host environment and we should be using that version.
+    system_path=[],
+)
+
+# Unfortunately, `sed` is difficult to secure because GNU sed supports an `e`
+# flag where `s/pattern/replacement/e` would run `replacement` as a shell
+# command every time `pattern` is matched. For example, try the following on
+# Ubuntu (which uses GNU sed, unlike macOS):
+#
+# ```shell
+# $ yes | head -n 4 > /tmp/yes.txt
+# $ sed 's/y/echo hi/e' /tmp/yes.txt
+# hi
+# hi
+# hi
+# hi
+# ```
+#
+# As you can see, `echo hi` got executed four times. In order to support some
+# basic sed functionality, we implement a bespoke `ARG_SED_COMMAND` that matches
+# only "known safe" sed commands.
+common_sed_flags = [
+    # We deliberately do not support -i or -f.
+    flag("-n"),
+    flag("-u"),
+]
+sed_system_path = ["/usr/bin/sed"]
+
+# When -e is not specified, the first argument must be a valid sed command.
+define_program(
+    program="sed",
+    options=common_sed_flags,
+    args=[ARG_SED_COMMAND, ARG_RFILES],
+    system_path=sed_system_path,
+)
+
+# When -e is required, all arguments are assumed to be readable files.
+define_program(
+    program="sed",
+    options=common_sed_flags + [
+        opt("-e", ARG_SED_COMMAND, required=True),
+    ],
+    args=[ARG_RFILES],
+    system_path=sed_system_path,
+)
+
+define_program(
+    program="which",
+    options=[
+        flag("-a"),
+        flag("-s"),
+    ],
+    # Surprisingly, `which` takes more than one argument.
+    args=[ARG_RFILES],
+    should_match=[
+        ["python3"],
+        ["-a", "python3"],
+        ["-a", "python3", "cargo"],
+    ],
+    should_not_match=[
+        [],
+    ],
+    system_path=["/bin/which", "/usr/bin/which"],
+)