feat: Complete LLMX v0.1.0 - Rebrand from Codex with LiteLLM Integration

This release represents a comprehensive transformation of the codebase from Codex to LLMX,
enhanced with LiteLLM integration to support 100+ LLM providers through a unified API.

## Major Changes

### Phase 1: Repository & Infrastructure Setup
- Established new repository structure and branching strategy
- Created comprehensive project documentation (CLAUDE.md, LITELLM-SETUP.md)
- Set up development environment and tooling configuration

### Phase 2: Rust Workspace Transformation
- Renamed all Rust crates from `codex-*` to `llmx-*` (30+ crates)
- Updated package names, binary names, and workspace members
- Renamed core modules: codex.rs → llmx.rs, codex_delegate.rs → llmx_delegate.rs
- Updated all internal references, imports, and type names
- Renamed directories: codex-rs/ → llmx-rs/, codex-backend-openapi-models/ → llmx-backend-openapi-models/
- Fixed all Rust compilation errors after mass rename

### Phase 3: LiteLLM Integration
- Integrated LiteLLM for multi-provider LLM support (Anthropic, OpenAI, Azure, Google AI, AWS Bedrock, etc.)
- Implemented OpenAI-compatible Chat Completions API support
- Added model family detection and provider-specific handling
- Updated authentication to support LiteLLM API keys
- Renamed environment variables: OPENAI_BASE_URL → LLMX_BASE_URL
- Added LLMX_API_KEY for unified authentication
- Enhanced error handling for Chat Completions API responses
- Implemented fallback mechanisms between Responses API and Chat Completions API

### Phase 4: TypeScript/Node.js Components
- Renamed npm package: @codex/codex-cli → @valknar/llmx
- Updated TypeScript SDK to use new LLMX APIs and endpoints
- Fixed all TypeScript compilation and linting errors
- Updated SDK tests to support both API backends
- Enhanced mock server to handle multiple API formats
- Updated build scripts for cross-platform packaging

### Phase 5: Configuration & Documentation
- Updated all configuration files to use LLMX naming
- Rewrote README and documentation for LLMX branding
- Updated config paths: ~/.codex/ → ~/.llmx/
- Added comprehensive LiteLLM setup guide
- Updated all user-facing strings and help text
- Created release plan and migration documentation

### Phase 6: Testing & Validation
- Fixed all Rust tests for new naming scheme
- Updated snapshot tests in TUI (36 frame files)
- Fixed authentication storage tests
- Updated Chat Completions payload and SSE tests
- Fixed SDK tests for new API endpoints
- Ensured compatibility with Claude Sonnet 4.5 model
- Fixed test environment variables (LLMX_API_KEY, LLMX_BASE_URL)

### Phase 7: Build & Release Pipeline
- Updated GitHub Actions workflows for LLMX binary names
- Fixed rust-release.yml to reference llmx-rs/ instead of codex-rs/
- Updated CI/CD pipelines for new package names
- Made Apple code signing optional in release workflow
- Enhanced npm packaging resilience for partial platform builds
- Added Windows sandbox support to workspace
- Updated dotslash configuration for new binary names

### Phase 8: Final Polish
- Renamed all assets (.github images, labels, templates)
- Updated VSCode and DevContainer configurations
- Fixed all clippy warnings and formatting issues
- Applied cargo fmt and prettier formatting across codebase
- Updated issue templates and pull request templates
- Fixed all remaining UI text references

## Technical Details

**Breaking Changes:**
- Binary name changed from `codex` to `llmx`
- Config directory changed from `~/.codex/` to `~/.llmx/`
- Environment variables renamed (CODEX_* → LLMX_*)
- npm package renamed to `@valknar/llmx`

**New Features:**
- Support for 100+ LLM providers via LiteLLM
- Unified authentication with LLMX_API_KEY
- Enhanced model provider detection and handling
- Improved error handling and fallback mechanisms

**Files Changed:**
- 578 files modified across Rust, TypeScript, and documentation
- 30+ Rust crates renamed and updated
- Complete rebrand of UI, CLI, and documentation
- All tests updated and passing

**Dependencies:**
- Updated Cargo.lock with new package names
- Updated npm dependencies in llmx-cli
- Enhanced OpenAPI models for LLMX backend

This release establishes LLMX as a standalone project with comprehensive LiteLLM
integration, maintaining full backward compatibility with existing functionality
while opening support for a wide ecosystem of LLM providers.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Sebastian Krüger <support@pivoine.art>

llmx-rs/linux-sandbox/src/landlock.rs

@@ -0,0 +1,145 @@
+use std::collections::BTreeMap;
+use std::path::Path;
+use std::path::PathBuf;
+
+use llmx_core::error::LlmxErr;
+use llmx_core::error::Result;
+use llmx_core::error::SandboxErr;
+use llmx_core::protocol::SandboxPolicy;
+
+use landlock::ABI;
+use landlock::Access;
+use landlock::AccessFs;
+use landlock::CompatLevel;
+use landlock::Compatible;
+use landlock::Ruleset;
+use landlock::RulesetAttr;
+use landlock::RulesetCreatedAttr;
+use seccompiler::BpfProgram;
+use seccompiler::SeccompAction;
+use seccompiler::SeccompCmpArgLen;
+use seccompiler::SeccompCmpOp;
+use seccompiler::SeccompCondition;
+use seccompiler::SeccompFilter;
+use seccompiler::SeccompRule;
+use seccompiler::TargetArch;
+use seccompiler::apply_filter;
+
+/// Apply sandbox policies inside this thread so only the child inherits
+/// them, not the entire CLI process.
+pub(crate) fn apply_sandbox_policy_to_current_thread(
+    sandbox_policy: &SandboxPolicy,
+    cwd: &Path,
+) -> Result<()> {
+    if !sandbox_policy.has_full_network_access() {
+        install_network_seccomp_filter_on_current_thread()?;
+    }
+
+    if !sandbox_policy.has_full_disk_write_access() {
+        let writable_roots = sandbox_policy
+            .get_writable_roots_with_cwd(cwd)
+            .into_iter()
+            .map(|writable_root| writable_root.root)
+            .collect();
+        install_filesystem_landlock_rules_on_current_thread(writable_roots)?;
+    }
+
+    // TODO(ragona): Add appropriate restrictions if
+    // `sandbox_policy.has_full_disk_read_access()` is `false`.
+
+    Ok(())
+}
+
+/// Installs Landlock file-system rules on the current thread allowing read
+/// access to the entire file-system while restricting write access to
+/// `/dev/null` and the provided list of `writable_roots`.
+///
+/// # Errors
+/// Returns [`LlmxErr::Sandbox`] variants when the ruleset fails to apply.
+fn install_filesystem_landlock_rules_on_current_thread(writable_roots: Vec<PathBuf>) -> Result<()> {
+    let abi = ABI::V5;
+    let access_rw = AccessFs::from_all(abi);
+    let access_ro = AccessFs::from_read(abi);
+
+    let mut ruleset = Ruleset::default()
+        .set_compatibility(CompatLevel::BestEffort)
+        .handle_access(access_rw)?
+        .create()?
+        .add_rules(landlock::path_beneath_rules(&["/"], access_ro))?
+        .add_rules(landlock::path_beneath_rules(&["/dev/null"], access_rw))?
+        .set_no_new_privs(true);
+
+    if !writable_roots.is_empty() {
+        ruleset = ruleset.add_rules(landlock::path_beneath_rules(&writable_roots, access_rw))?;
+    }
+
+    let status = ruleset.restrict_self()?;
+
+    if status.ruleset == landlock::RulesetStatus::NotEnforced {
+        return Err(LlmxErr::Sandbox(SandboxErr::LandlockRestrict));
+    }
+
+    Ok(())
+}
+
+/// Installs a seccomp filter that blocks outbound network access except for
+/// AF_UNIX domain sockets.
+fn install_network_seccomp_filter_on_current_thread() -> std::result::Result<(), SandboxErr> {
+    // Build rule map.
+    let mut rules: BTreeMap<i64, Vec<SeccompRule>> = BTreeMap::new();
+
+    // Helper – insert unconditional deny rule for syscall number.
+    let mut deny_syscall = |nr: i64| {
+        rules.insert(nr, vec![]); // empty rule vec = unconditional match
+    };
+
+    deny_syscall(libc::SYS_connect);
+    deny_syscall(libc::SYS_accept);
+    deny_syscall(libc::SYS_accept4);
+    deny_syscall(libc::SYS_bind);
+    deny_syscall(libc::SYS_listen);
+    deny_syscall(libc::SYS_getpeername);
+    deny_syscall(libc::SYS_getsockname);
+    deny_syscall(libc::SYS_shutdown);
+    deny_syscall(libc::SYS_sendto);
+    deny_syscall(libc::SYS_sendmsg);
+    deny_syscall(libc::SYS_sendmmsg);
+    // NOTE: allowing recvfrom allows some tools like: `cargo clippy` to run
+    // with their socketpair + child processes for sub-proc management
+    // deny_syscall(libc::SYS_recvfrom);
+    deny_syscall(libc::SYS_recvmsg);
+    deny_syscall(libc::SYS_recvmmsg);
+    deny_syscall(libc::SYS_getsockopt);
+    deny_syscall(libc::SYS_setsockopt);
+    deny_syscall(libc::SYS_ptrace);
+
+    // For `socket` we allow AF_UNIX (arg0 == AF_UNIX) and deny everything else.
+    let unix_only_rule = SeccompRule::new(vec![SeccompCondition::new(
+        0, // first argument (domain)
+        SeccompCmpArgLen::Dword,
+        SeccompCmpOp::Ne,
+        libc::AF_UNIX as u64,
+    )?])?;
+
+    rules.insert(libc::SYS_socket, vec![unix_only_rule.clone()]);
+    rules.insert(libc::SYS_socketpair, vec![unix_only_rule]); // always deny (Unix can use socketpair but fine, keep open?)
+
+    let filter = SeccompFilter::new(
+        rules,
+        SeccompAction::Allow,                     // default – allow
+        SeccompAction::Errno(libc::EPERM as u32), // when rule matches – return EPERM
+        if cfg!(target_arch = "x86_64") {
+            TargetArch::x86_64
+        } else if cfg!(target_arch = "aarch64") {
+            TargetArch::aarch64
+        } else {
+            unimplemented!("unsupported architecture for seccomp filter");
+        },
+    )?;
+
+    let prog: BpfProgram = filter.try_into()?;
+
+    apply_filter(&prog)?;
+
+    Ok(())
+}

llmx-rs/linux-sandbox/src/lib.rs

@@ -0,0 +1,14 @@
+#[cfg(target_os = "linux")]
+mod landlock;
+#[cfg(target_os = "linux")]
+mod linux_run_main;
+
+#[cfg(target_os = "linux")]
+pub fn run_main() -> ! {
+    linux_run_main::run_main();
+}
+
+#[cfg(not(target_os = "linux"))]
+pub fn run_main() -> ! {
+    panic!("llmx-linux-sandbox is only supported on Linux");
+}

llmx-rs/linux-sandbox/src/linux_run_main.rs

@@ -0,0 +1,56 @@
+use clap::Parser;
+use std::ffi::CString;
+use std::path::PathBuf;
+
+use crate::landlock::apply_sandbox_policy_to_current_thread;
+
+#[derive(Debug, Parser)]
+pub struct LandlockCommand {
+    /// It is possible that the cwd used in the context of the sandbox policy
+    /// is different from the cwd of the process to spawn.
+    #[arg(long = "sandbox-policy-cwd")]
+    pub sandbox_policy_cwd: PathBuf,
+
+    #[arg(long = "sandbox-policy")]
+    pub sandbox_policy: llmx_core::protocol::SandboxPolicy,
+
+    /// Full command args to run under landlock.
+    #[arg(trailing_var_arg = true)]
+    pub command: Vec<String>,
+}
+
+pub fn run_main() -> ! {
+    let LandlockCommand {
+        sandbox_policy_cwd,
+        sandbox_policy,
+        command,
+    } = LandlockCommand::parse();
+
+    if let Err(e) = apply_sandbox_policy_to_current_thread(&sandbox_policy, &sandbox_policy_cwd) {
+        panic!("error running landlock: {e:?}");
+    }
+
+    if command.is_empty() {
+        panic!("No command specified to execute.");
+    }
+
+    #[expect(clippy::expect_used)]
+    let c_command =
+        CString::new(command[0].as_str()).expect("Failed to convert command to CString");
+    #[expect(clippy::expect_used)]
+    let c_args: Vec<CString> = command
+        .iter()
+        .map(|arg| CString::new(arg.as_str()).expect("Failed to convert arg to CString"))
+        .collect();
+
+    let mut c_args_ptrs: Vec<*const libc::c_char> = c_args.iter().map(|arg| arg.as_ptr()).collect();
+    c_args_ptrs.push(std::ptr::null());
+
+    unsafe {
+        libc::execvp(c_command.as_ptr(), c_args_ptrs.as_ptr());
+    }
+
+    // If execvp returns, there was an error.
+    let err = std::io::Error::last_os_error();
+    panic!("Failed to execvp {}: {err}", command[0].as_str());
+}

llmx-rs/linux-sandbox/src/main.rs

@@ -0,0 +1,6 @@
+/// Note that the cwd, env, and command args are preserved in the ultimate call
+/// to `execv`, so the caller is responsible for ensuring those values are
+/// correct.
+fn main() -> ! {
+    llmx_linux_sandbox::run_main()
+}