feat: Complete LLMX v0.1.0 - Rebrand from Codex with LiteLLM Integration

This release represents a comprehensive transformation of the codebase from Codex to LLMX,
enhanced with LiteLLM integration to support 100+ LLM providers through a unified API.

## Major Changes

### Phase 1: Repository & Infrastructure Setup
- Established new repository structure and branching strategy
- Created comprehensive project documentation (CLAUDE.md, LITELLM-SETUP.md)
- Set up development environment and tooling configuration

### Phase 2: Rust Workspace Transformation
- Renamed all Rust crates from `codex-*` to `llmx-*` (30+ crates)
- Updated package names, binary names, and workspace members
- Renamed core modules: codex.rs → llmx.rs, codex_delegate.rs → llmx_delegate.rs
- Updated all internal references, imports, and type names
- Renamed directories: codex-rs/ → llmx-rs/, codex-backend-openapi-models/ → llmx-backend-openapi-models/
- Fixed all Rust compilation errors after mass rename

### Phase 3: LiteLLM Integration
- Integrated LiteLLM for multi-provider LLM support (Anthropic, OpenAI, Azure, Google AI, AWS Bedrock, etc.)
- Implemented OpenAI-compatible Chat Completions API support
- Added model family detection and provider-specific handling
- Updated authentication to support LiteLLM API keys
- Renamed environment variables: OPENAI_BASE_URL → LLMX_BASE_URL
- Added LLMX_API_KEY for unified authentication
- Enhanced error handling for Chat Completions API responses
- Implemented fallback mechanisms between Responses API and Chat Completions API

### Phase 4: TypeScript/Node.js Components
- Renamed npm package: @codex/codex-cli → @valknar/llmx
- Updated TypeScript SDK to use new LLMX APIs and endpoints
- Fixed all TypeScript compilation and linting errors
- Updated SDK tests to support both API backends
- Enhanced mock server to handle multiple API formats
- Updated build scripts for cross-platform packaging

### Phase 5: Configuration & Documentation
- Updated all configuration files to use LLMX naming
- Rewrote README and documentation for LLMX branding
- Updated config paths: ~/.codex/ → ~/.llmx/
- Added comprehensive LiteLLM setup guide
- Updated all user-facing strings and help text
- Created release plan and migration documentation

### Phase 6: Testing & Validation
- Fixed all Rust tests for new naming scheme
- Updated snapshot tests in TUI (36 frame files)
- Fixed authentication storage tests
- Updated Chat Completions payload and SSE tests
- Fixed SDK tests for new API endpoints
- Ensured compatibility with Claude Sonnet 4.5 model
- Fixed test environment variables (LLMX_API_KEY, LLMX_BASE_URL)

### Phase 7: Build & Release Pipeline
- Updated GitHub Actions workflows for LLMX binary names
- Fixed rust-release.yml to reference llmx-rs/ instead of codex-rs/
- Updated CI/CD pipelines for new package names
- Made Apple code signing optional in release workflow
- Enhanced npm packaging resilience for partial platform builds
- Added Windows sandbox support to workspace
- Updated dotslash configuration for new binary names

### Phase 8: Final Polish
- Renamed all assets (.github images, labels, templates)
- Updated VSCode and DevContainer configurations
- Fixed all clippy warnings and formatting issues
- Applied cargo fmt and prettier formatting across codebase
- Updated issue templates and pull request templates
- Fixed all remaining UI text references

## Technical Details

**Breaking Changes:**
- Binary name changed from `codex` to `llmx`
- Config directory changed from `~/.codex/` to `~/.llmx/`
- Environment variables renamed (CODEX_* → LLMX_*)
- npm package renamed to `@valknar/llmx`

**New Features:**
- Support for 100+ LLM providers via LiteLLM
- Unified authentication with LLMX_API_KEY
- Enhanced model provider detection and handling
- Improved error handling and fallback mechanisms

**Files Changed:**
- 578 files modified across Rust, TypeScript, and documentation
- 30+ Rust crates renamed and updated
- Complete rebrand of UI, CLI, and documentation
- All tests updated and passing

**Dependencies:**
- Updated Cargo.lock with new package names
- Updated npm dependencies in llmx-cli
- Enhanced OpenAPI models for LLMX backend

This release establishes LLMX as a standalone project with comprehensive LiteLLM
integration, maintaining full backward compatibility with existing functionality
while opening support for a wide ecosystem of LLM providers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Sebastian Krüger <support@pivoine.art>

llmx-rs/execpolicy/src/policy.rs

@@ -0,0 +1,103 @@
+use multimap::MultiMap;
+use regex_lite::Error as RegexError;
+use regex_lite::Regex;
+
+use crate::ExecCall;
+use crate::Forbidden;
+use crate::MatchedExec;
+use crate::NegativeExamplePassedCheck;
+use crate::ProgramSpec;
+use crate::error::Error;
+use crate::error::Result;
+use crate::policy_parser::ForbiddenProgramRegex;
+use crate::program::PositiveExampleFailedCheck;
+
+pub struct Policy {
+    programs: MultiMap<String, ProgramSpec>,
+    forbidden_program_regexes: Vec<ForbiddenProgramRegex>,
+    forbidden_substrings_pattern: Option<Regex>,
+}
+
+impl Policy {
+    pub fn new(
+        programs: MultiMap<String, ProgramSpec>,
+        forbidden_program_regexes: Vec<ForbiddenProgramRegex>,
+        forbidden_substrings: Vec<String>,
+    ) -> std::result::Result<Self, RegexError> {
+        let forbidden_substrings_pattern = if forbidden_substrings.is_empty() {
+            None
+        } else {
+            let escaped_substrings = forbidden_substrings
+                .iter()
+                .map(|s| regex_lite::escape(s))
+                .collect::<Vec<_>>()
+                .join("|");
+            Some(Regex::new(&format!("({escaped_substrings})"))?)
+        };
+        Ok(Self {
+            programs,
+            forbidden_program_regexes,
+            forbidden_substrings_pattern,
+        })
+    }
+
+    pub fn check(&self, exec_call: &ExecCall) -> Result<MatchedExec> {
+        let ExecCall { program, args } = &exec_call;
+        for ForbiddenProgramRegex { regex, reason } in &self.forbidden_program_regexes {
+            if regex.is_match(program) {
+                return Ok(MatchedExec::Forbidden {
+                    cause: Forbidden::Program {
+                        program: program.clone(),
+                        exec_call: exec_call.clone(),
+                    },
+                    reason: reason.clone(),
+                });
+            }
+        }
+
+        for arg in args {
+            if let Some(regex) = &self.forbidden_substrings_pattern
+                && regex.is_match(arg)
+            {
+                return Ok(MatchedExec::Forbidden {
+                    cause: Forbidden::Arg {
+                        arg: arg.clone(),
+                        exec_call: exec_call.clone(),
+                    },
+                    reason: format!("arg `{arg}` contains forbidden substring"),
+                });
+            }
+        }
+
+        let mut last_err = Err(Error::NoSpecForProgram {
+            program: program.clone(),
+        });
+        if let Some(spec_list) = self.programs.get_vec(program) {
+            for spec in spec_list {
+                match spec.check(exec_call) {
+                    Ok(matched_exec) => return Ok(matched_exec),
+                    Err(err) => {
+                        last_err = Err(err);
+                    }
+                }
+            }
+        }
+        last_err
+    }
+
+    pub fn check_each_good_list_individually(&self) -> Vec<PositiveExampleFailedCheck> {
+        let mut violations = Vec::new();
+        for (_program, spec) in self.programs.flat_iter() {
+            violations.extend(spec.verify_should_match_list());
+        }
+        violations
+    }
+
+    pub fn check_each_bad_list_individually(&self) -> Vec<NegativeExamplePassedCheck> {
+        let mut violations = Vec::new();
+        for (_program, spec) in self.programs.flat_iter() {
+            violations.extend(spec.verify_should_not_match_list());
+        }
+        violations
+    }
+}