diff --git a/codex-rs/core/src/arc_monitor.rs b/codex-rs/core/src/arc_monitor.rs
index 8a972907b..030116b17 100644
--- a/codex-rs/core/src/arc_monitor.rs
+++ b/codex-rs/core/src/arc_monitor.rs
@@ -127,7 +127,7 @@ pub(crate) async fn monitor_action(
 
     let url = read_non_empty_env_var(CODEX_ARC_MONITOR_ENDPOINT_OVERRIDE).unwrap_or_else(|| {
         format!(
-            "{}/api/codex/safety/arc",
+            "{}/codex/safety/arc",
             turn_context.config.chatgpt_base_url.trim_end_matches('/')
         )
     });
@@ -703,7 +703,7 @@ mod tests {
             .await;
 
         Mock::given(method("POST"))
-            .and(path("/api/codex/safety/arc"))
+            .and(path("/codex/safety/arc"))
             .and(header("authorization", "Bearer Access Token"))
             .and(header("chatgpt-account-id", "account_id"))
             .and(body_json(serde_json::json!({
@@ -817,7 +817,7 @@ mod tests {
     async fn monitor_action_rejects_legacy_response_fields() {
         let server = MockServer::start().await;
         Mock::given(method("POST"))
-            .and(path("/api/codex/safety/arc"))
+            .and(path("/codex/safety/arc"))
             .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
                 "outcome": "steer-model",
                 "reason": "legacy high-risk action",
diff --git a/codex-rs/core/src/mcp_tool_call.rs b/codex-rs/core/src/mcp_tool_call.rs
index 629f2afe5..70421ae3d 100644
--- a/codex-rs/core/src/mcp_tool_call.rs
+++ b/codex-rs/core/src/mcp_tool_call.rs
@@ -1968,7 +1968,7 @@ mod tests {
 
         let server = MockServer::start().await;
         Mock::given(method("POST"))
-            .and(path("/api/codex/safety/arc"))
+            .and(path("/codex/safety/arc"))
             .respond_with(ResponseTemplate::new(200).set_body_json(serde_json::json!({
                 "outcome": "steer-model",
                 "short_reason": "needs approval",