Codex

# Codex app updates ### New features - Added activity insights and share cards to the [Profile section](/codex/app/settings#profile). You can review Codex usage highlights and save a profile card; sharing is available on consumer ChatGPT plans. ### Performance improvements and bug fixes - Improved Computer Use startup readiness and appshot error reporting. - Fixed browser and review UI issues, including fullscreen browser composer controls, hex color swatches, terminal scrollbar alignment, and animated diff stat alignment. - Expanded onboarding with more role choices so Codex can tailor first-run suggestions more accurately. - Additional performance improvements and bug fixes.

New Features

• TUI controls now support F13-F24 keybindings, paste in searchable menus, and a compact reasoning-only status/title item (#25329, #25400, #25504).
• Enterprise/admin flows now show monthly credit limits and can apply cloud-managed config bundles, including EDU workspaces (#24812, #24617, #24619, #24620, #24622, #25963).
• Remote-control clients can start pairing and list or revoke controller grants through app-server v2 RPCs (#25675, #25785).
• Plugin workflows gained machine-readable codex plugin list --json output and cached remote catalog suggestions (#25330, #25457).
• Hosted web and image tools are available in more code-mode flows, with standalone web searches able to run in parallel (#25176, #25702, #25890, #25923).
• Multi-agent v2 keeps runtime choice with each thread and exposes cleaner follow-up and metadata defaults for spawned agents (#25266, #25636, #25720, #25721, #25722, #25841, #26114).

Bug Fixes

• Cancelling a submitted prompt before visible output now restores the draft, attachments, and collaboration mode for editing (#25316).
• Slash-command filtering and footer shortcut hints now reset or render according to the current UI state (#25492, #25625).
• Platform reliability improved for macOS app launches and Windows SQLite startup, thread resume, and sandbox setup refreshes (#25485, #25490, #25509, #25949).
• Plugin loading preserves app manifest order, deduplicates local/remote curated installs, and treats malformed skills fields as warnings (#25491, #25681, #25717, #25782).
• Permission requests and approvals now carry environment identity, and managed MITM proxying exports readable CA bundles to child commands (#25850, #25858, #25862, #22668).
• Local session history is safer for compressed rollouts, renamed titles, pathless side-chat reloads, and stack-heavy startup/config rebuilds (#25087, #25624, #25661, #25814, #25844, #25847).

Documentation

• Added app-server docs and generated schema updates for monthly credit limits, remote-control RPCs, and environment-scoped permission approvals (#24812, #25675, #25785, #25862).
• Moved repo review rules and contributor conventions into AGENTS.md, including Rust test-module layout and Python 3 compatibility guidance (#25682, #25690, #25738).

Chores

• Root formatting and Justfile workflows are more complete and Windows-aware (#24983, #25165, #25683).
• Rust CI and release workflows use the git CLI for Cargo fetches to avoid intermittent libgit2/submodule failures (#25644, #25775).
• Python SDK releases now publish runtime wheels from the SDK workflow and pin to a glibc-compatible runtime package (#25906, #25907).
• Bazel CI’s BuildBuddy wrapper was reintroduced with Windows-safe process handling and validation (#25915).
• Shared prompts, context fragments, and skills plumbing moved into dedicated crates/extension paths to reduce codex-core coupling (#25151, #25953, #25959, #26106, #26122, #26167).

Changelog

Full Changelog: rust-v0.136.0...rust-v0.137.0

• #25329 feat(tui): allow function keys through f24 in keymaps @fcoury-oai
• #24617 Add config bundle transport types @joeflorencio-openai
• #25435 Add build_unsigned_archive release mode @shijie-oai
• #24619 Compose requirements layers @joeflorencio-openai
• #24620 Add cloud-managed config layer support @joeflorencio-openai
• #25462 Revert "Add build_unsigned_archive release mode" @shijie-oai
• #25113 store and expose parent_thread_id on Threads @owenlin0
• #25266 Set multi-agent v2 dogfood defaults @jif-oai
• #25060 Add goal extension idle continuation @jif-oai
• #25576 Use templates for goal steering prompts @jif-oai
• #25577 Remove Plan-mode gate from idle turn injection @jif-oai
• #25096 Add goal extension GoalApi @jif-oai
• #25087 Read compressed rollouts and materialize before append @jif-oai
• #25628 [codex] fix compressed rollout fixture SessionMeta initialization @fcoury-oai
• #25316 feat(tui): restore output-free cancelled prompts @fcoury-oai
• #23763 Preserve auto-review approval policy in codex exec @won-openai
• #25400 Allow paste in searchable selection menus @charliemarsh-oai
• #25485 Use deep links for macOS codex app paths @etraut-openai
• #25492 Reset slash popup selection when filter changes @etraut-openai
• #25504 Add reasoning-only status surface item @etraut-openai
• #25624 Preserve renamed thread titles during reconciliation @jif-oai
• #25089 Compress cold local rollouts @jif-oai
• #25490 Disable SQLite intrinsics for Windows x64 releases @etraut-openai
• #25603 [codex] Inherit raw events for spawned child listeners @vivi
• #25644 [codex] Use git CLI for release Cargo fetches @shijie-oai
• #25655 nit: drop todo @jif-oai
• #25654 Parallelize cold rollout compression @jif-oai
• #25121 exec-server: add environment path refs @starr-openai
• #25636 [codex] Rename multi-agent v2 assign_task to followup_task @jif-oai
• #25491 Preserve plugin app manifest order @charlesgong-openai
• #24983 [codex] Make justfile recipes Windows-aware @iceweasel-oai
• #25151 [codex] Consolidate shared prompts in codex-prompts @anp-oai
• #25659 Throttle repeated rollout compression runs @jif-oai
• #25165 Check root Python script formatting in CI @anp-oai
• #23767 [codex-rs] auto-review model override @won-openai
• #25149 exec-server: canonicalize bound filesystem paths @starr-openai
• #25669 fix: deflake zsh-fork approval test @jif-oai
• #24979 feat: gate unified exec zsh fork composition @bolinfest
• #24980 refactor: hide shell override for zsh fork unified exec @bolinfest
• #25679 Add rollout compression counters @jif-oai
• #25682 [codex] document out-of-line test module convention @anp-oai
• #25680 Add rollout compression histograms @jif-oai
• #25689 [codex] Generalize deferred nested tool guidance @sayan-oai
• #25690 Add Python version compatibility guidance @anp-oai
• #25681 fix: Deduplicate installed local and remote curated plugins @xl-openai
• #25701 fix: rename McpServer to TestAppServer @bolinfest
• #25702 [codex] enable parallel standalone web search calls @sayan-oai
• #25705 Fix stale TestAppServer rename in plugin_list test @bolinfest
• #25684 Move tool search metadata onto ToolExecutor @jif-oai
• #25625 fix(tui): clarify footer shortcut overlay hints @fcoury-oai
• #25649 [codex] Publish release symbol artifacts @nornagon-openai
• #25661 Reject directory rollout paths for pathless side chats @bolinfest
• #22668 Wire managed MITM CA trust into child env @winston-openai
• #25712 app-server: remove experimental persist_extended_history bool flag @owenlin0
• #24621 Move cloud requirements crate to cloud config @joeflorencio-openai
• #25717 Handle invalid plugin skills manifest field @xli-oai
• #25675 feat(remote-control): add pairing start @apanasenko-oai
• #25683 [codex] Add comprehensive root formatting check @anp-oai
• #25738 Move code review rules into AGENTS @pakrym-oai
• #24812 feat: show enterprise monthly credit limits in status @efrazer-oai
• #25330 [codex] Add plugin list JSON output @xl-openai
• #25457 [codex] Cache remote plugin catalog for suggestions @xl-openai
• #25783 [codex] Move plugin discoverable logic into core-plugins @xl-openai
• #25782 [codex] Validate plugin skill base names @xl-openai
• #25814 feat: reuse compressed rollout search snippets @jif-oai
• #25720 Add multi-agent runtime metadata types @jif-oai
• #25721 Persist multi-agent runtime metadata @jif-oai
• #25722 Resolve per-thread multi-agent runtime @jif-oai
• #25841 session: keep startup prewarm aligned with resolved multi-agent runtime @jif-oai
• #25840 fix: main oops @jif-oai
• #25723 Test remote multi-agent runtime selector override @jif-oai
• #25724 Test runtime selector before first turn @jif-oai
• #25844 Reduce stack pressure in session startup and config rebuilds @jif-oai
• #25857 flake: Keep plugin test homes alive @jif-oai
• #25847 Run Codex async main on a sized stack @jif-oai
• #25775 [codex] Use git CLI for Cargo fetches across Rust workflows @anp-oai
• #25167 [app-server][core] Add connector-level Guardian reviewer overrides @zamoshchin-openai
• #25868 Skip startup prewarm when websockets are disabled @jif-oai
• #25156 Route Bazel CI through shared BuildBuddy remote config wrapper @anp-oai
• #25739 core: derive built-in permission profiles from raw policies @bolinfest
• #25909 [codex] Revert shared BuildBuddy Bazel wrapper @anp-oai
• #25850 Key request-permission grants by environment @jif-oai
• #25707 [codex-analytics] Track CodexErr details in turn analytics @rhan-oai
• #25858 Add environmentId to request_permissions @jif-oai
• #25176 Route standalone image generation through host finalization md @won-openai
• #25916 Fix Windows release PDB staging @shijie-oai
• #25862 Propagate permission approval environment id @jif-oai
• #25907 [codex] Pin Python SDK to glibc-compatible runtime @aibrahim-oai
• #24859 Use environment secrets for Azure signing @shijie-oai
• #25509 Fix Windows running thread resume path normalization @etraut-openai
• #25135 Populate workspace kind on Codex turn events @knittel-openai
• #24622 Switch runtime to cloud config bundle @joeflorencio-openai
• #25938 fix: update image generation test helper rename @joeflorencio-openai
• #25911 core: stop passing legacy SandboxPolicy to guardian reviews @bolinfest
• #25668 Split cloud config bundle service modules @joeflorencio-openai
• #25890 [codex] Keep hosted tools visible in code-only mode @aibrahim-oai
• #25867 Add remote request permissions integration coverage @jif-oai
• #25943 config: remove dead profile sandbox fallback @bolinfest
• #25948 Revert "Use environment secrets for Azure signing" @shijie-oai
• #25923 Expose standalone image generation in code mode @won-openai
• #25906 [codex] Publish Python runtime wheels with Python SDK releases @aibrahim-oai
• #25953 feat: add skills extension scaffold @jif-oai
• #25915 [codex] Fix Windows BuildBuddy Bazel wrapper execution @anp-oai
• #25926 config: express implicit sandbox defaults as permission profiles @bolinfest
• #25959 feat: add extension turn-input contributors @jif-oai
• #25963 Allow EDU accounts to fetch cloud config bundles @joeflorencio-openai
• #25785 feat(app-server): add remote control client management RPCs @apanasenko-oai
• #25988 revert: publish release symbol artifacts @shijie-oai
• #26114 feat: default hide_spawn_agent_metadata to true @jif-oai
• #26122 chore: extract context fragments into dedicated crate @jif-oai
• #26144 Reject MAv2 close_agent self-targets @jif-oai
• #26106 skills: resolve per-turn catalogs from turn input context @jif-oai
• #26155 fix: serialize goal progress accounting @jif-oai
• #26156 chore: mechanical rename @jif-oai
• #26167 Implement v1 skills extension prompt injection @jif-oai
• #26176 fix: main @jif-oai
• #25949 [codex] Restore setup helper UAC manifest @iceweasel-oai

# Build and deploy websites with Sites [**Sites**](/codex/sites) is now available in preview in the Codex app. Use the Sites plugin to create, save, deploy, and inspect websites, dashboards, internal tools, web apps, and games hosted by OpenAI. Open **Sites** in the app sidebar to return to your projects and manage hosted environment variables and secrets. ChatGPT Business workspaces include Sites by default. ChatGPT Enterprise admins can enable Sites for the appropriate roles through role-based access control (RBAC).

# ChatGPT for iOS ### New features - Added an optional Face ID or passcode lock for Codex. - Added a new settings screen for choosing Queue or Steer as the default follow-up behavior and toggling line wrapping for code diffs. - Added support for connecting to Windows machines over SSH. ### Improvements and bug fixes - Added support for `/side ` to start a side conversation with an initial question. - Improved follow-up prompts, the Codex home screen, and viewing changed files. - Fixed issues with reconnecting, archiving threads, loading tasks, and connecting to hosts.

# Terminal placement controls ### New features - Added **Default terminal location** in [General settings](/codex/app/settings#general). When the bottom panel is enabled, choose whether the terminal shortcut and environment actions open terminal tabs in the bottom panel or the right panel. ### Performance improvements and bug fixes - Additional performance improvements and bug fixes.

# Use Codex with Amazon Bedrock Codex can now use supported OpenAI models available through Amazon Bedrock. Configure [Amazon Bedrock as your model provider](/codex/amazon-bedrock) to run Codex locally with AWS-managed authentication, account controls, and billing.

New Features

• TUI markdown now keeps web links clickable with OSC 8 metadata, and cramped tables switch to readable key/value records without losing link targets. (#24472, #24636, #24825)
• Sessions can now be archived from the TUI with /archive or from the CLI with codex archive / codex unarchive; archived sessions are protected from resume/fork until restored. (#25027, #25021)
• App-server integrations can resume a thread with its initial turns page, see richer MCP server status, and launch stdio mode with codex app-server --stdio. (#23534, #24698, #24940)
• Remote execution setup now supports CODEX_API_KEY registration for approved OpenAI hosts, while remote-control websockets use short-lived server tokens instead of ChatGPT access tokens. (#24666, #24141)
• Windows admins get an alpha codex sandbox setup --elevated provisioning path, plus requirements support for allowed Windows sandbox implementations. (#24831, #23766)
• A feature-gated standalone image generation extension can run through the native Codex image artifact completion pipeline. (#24723, #24972)

Bug Fixes

• ChatGPT auth refreshes tokens before the five-minute expiry window and shows a relogin-required path for reused refresh tokens instead of collapsing into a generic cloud error. (#23546, #24830)
• Command-safety hardening prevents /diff from running repository-provided Git helpers/hooks, avoids PowerShell parser execution on non-Windows hosts, and rejects browser-origin exec-server websocket handshakes. (#24954, #24946, #24947)
• Sandboxed commands clean up more reliably after interruptions or denied Windows network attempts, and deny read rules stay enforced for safe-command and approval-bypass paths. (#22729, #19880, #23943)
• Resumed TUI sessions seed prompt history from the session transcript, multiline hook output renders as separate rows, and Vim normal-mode editing behaves correctly. (#24298, #24965, #25022)
• App-server filesystem watchers debounce later batches correctly, and standalone web search calls now show and restore completed search activity. (#24716, #24693)
• Bedrock auth now falls back to AWS_REGION / AWS_DEFAULT_REGION, and unsupported Bedrock GPT service tiers are no longer advertised or sent. (#25171, #25318)

Documentation

• Python SDK beta docs and package metadata now present the standard pip install openai-codex path, refreshed quickstarts, API reference, FAQ, and examples. (#24836, #24866, #24868, #24870)
• Python SDK examples and docs now use the public CodexConfig name for configuring Codex / AsyncCodex. (#24800)
• The bundled OpenAI Docs skill was updated with current Codex manual routing and a cached manual fetch helper. (#24914)
• Built-in tool schema descriptions now clarify defaults, optional fields, bounds, and enums across shell, Code Mode, MCP, image, goal, plan, multi-agent, and related tools. (#24794)
• App-server and exec-server docs now cover API-key remote registration, --stdio, runtime extra skill roots, and remote-control server-token behavior. (#24666, #24940, #24977, #24141)

Chores

• Python SDK releases can now be staged and published independently from runtime releases using python-v* tags while preserving the reviewed runtime dependency pin. (#24828, #24872)
• Updated MCP dependencies to rmcp 1.7.0 and refreshed compatibility code. (#24763)
• Refreshed Amazon Bedrock catalog metadata, including GPT-5.5, removal of unsupported OSS entries, and default-tier-only GPT model behavior. (#24701, #24960, #25318)
• Removed the stale app-server debug-client pieces and cleaned up the workspace after deletion. (#25063, #25064, #25065, #25066, #25067, #25068, #25069, #25070, #25075)
• Trimmed CI/build maintenance by moving Bazel Windows jobs to Codex runners, removing the libubsan workaround, and reverting the startup benchmark that broke musl builders. (#24952, #24782, #24937)

Changelog

Full Changelog: rust-v0.135.0...rust-v0.136.0

• #22729 fix(linux-sandbox): preserve shell cleanup on interruption @viyatb-oai
• #24472 feat(tui): add OSC 8 web links to rich content @fcoury-oai
• #24636 feat(tui): render cramped markdown tables as key-value records [2 of 2] @fcoury-oai
• #24666 Allow API-key auth for remote exec-server registration @sdcoffey
• #24763 Update rmcp to 1.7.0 @anp-oai
• #24825 [codex] Fix hyperlink-aware key-value table rendering @sayan-oai
• #24800 [codex] Rename Python SDK AppServerConfig to CodexConfig @aibrahim-oai
• #24819 [codex] Remove redundant SQLite dynamic tool storage @sayan-oai
• #24828 [codex] Add independent beta release for the Python SDK @aibrahim-oai
• #24836 [codex] Prepare Python SDK beta documentation and package metadata @aibrahim-oai
• #24830 Treat refresh_token_reused 400s as relogin-required @alexsong-oai
• #24866 [codex] Simplify Python SDK install guidance @aibrahim-oai
• #24868 [codex] Remove Python SDK language classifiers @aibrahim-oai
• #24870 [codex] Remove Python SDK beta warning note @aibrahim-oai
• #24872 [codex] Stage Python SDK beta versions from release tags @aibrahim-oai
• #24758 Move memories root setup out of core config @jif-oai
• #24891 Stabilize Guardian client cache key handling @jif-oai
• #24892 Export Guardian prompt cache key helper @jif-oai
• #24893 Add Guardian review prompt cache key @jif-oai
• #24894 Assert Guardian prompt cache key reuse @jif-oai
• #24895 Thread Guardian cache key through session @jif-oai
• #24803 Use stable Guardian prompt cache keys @jif-oai
• #24902 [codex] Fix Guardian argument comment lint @jif-oai
• #24898 Fix memories namespace for Responses API tools @jif-oai
• #24897 Add Guardian review metrics @jif-oai
• #23546 [codex-cli] Refresh near-expiry ChatGPT access tokens before requests @cooper-oai
• #24915 Add thread start contributor facts @jif-oai
• #24916 Add turn error lifecycle contributor @jif-oai
• #24865 [codex] Store pending response items directly @pakrym-oai
• #24914 [codex] Update OpenAI Docs skill @vb-openai
• #24651 Add app-server startup benchmark crate @anp-oai
• #24925 Gate goal tools by thread eligibility @jif-oai
• #24782 Remove libubsan CI workaround @anp-oai
• #24813 extension-api: add TurnItemEmitter to tool calls @sayan-oai
• #23534 feat(app-server): include turns page on thread resume @btraut-openai
• #24698 Expose MCP server info as part of server status @gpeal
• #24903 Reap stale multi-agent slots @jif-oai
• #24936 Fix extension turn item emitter test event ordering @bolinfest
• #24700 [codex] Support ui visibility meta for tools @gpeal
• #24701 chore: add GPT-5.5 to the Amazon Bedrock catalog @celia-oai
• #23363 TUI: Unified mentions tweaks + polish mentions rendering @canvrno-oai
• #24937 Revert "Add app-server startup benchmark crate" @anp-oai
• #24928 Wire task completion into thread-idle lifecycle @jif-oai
• #24723 Add feature-gated standalone image generation extension @won-openai
• #24952 Move Bazel Windows jobs onto codex-runners @anp-oai
• #24940 Add codex app-server --stdio alias @anp-oai
• #24954 fix(tui): prevent repository-configured code execution in /diff @fcoury-oai
• #24949 [codex] Handle PowerShell UTF-8 setup failures @iceweasel-oai
• #24960 [codex] Remove Bedrock OSS models from catalog @celia-oai
• #23768 runtime: prepend zsh fork bin dir to PATH @bolinfest
• #19880 fix: cancel Windows sandbox on network denial @viyatb-oai
• #24947 fix(exec-server): reject websocket requests with Origin headers @viyatb-oai
• #24653 [codex] Add user input client ids @alexi-openai
• #23924 Surface filesystem permission profiles in prompt context @bolinfest
• #24108 windows-sandbox: pass workspace roots to runner @bolinfest
• #24974 windows-sandbox: fix capture cancellation test roots @bolinfest
• #24962 Tighten hook output event schemas @abhinav-oai
• #24141 feat(app-server): migrate remote control to server tokens @apanasenko-oai
• #24970 fix(config): use deny for Unix socket permissions @viyatb-oai
• #24946 [codex] Avoid PowerShell safety parsing off Windows @adrian-openai
• #24977 Add runtime extra skill roots API @xl-openai
• #24298 Seed prompt history from resumed messages @etraut-openai
• #23943 fix: preserve deny-read sandboxing for safe commands @bolinfest
• #24716 Fix fs/watch debounce batching @etraut-openai
• #24918 Use internal model context fragments for goal steering @jif-oai
• #24924 Use inject_if_running for active goal steering @jif-oai
• #25063 Drop the stale debug-client manifest @jif-oai
• #25064 Remove the generated debug-client README @jif-oai
• #25065 Delete debug-client app-server process plumbing @jif-oai
• #25066 Retire debug-client interactive command parsing @jif-oai
• #25067 Remove the debug-client CLI entrypoint @jif-oai
• #25068 Delete debug-client JSONL output helper @jif-oai
• #25069 Remove debug-client server event reader @jif-oai
• #25070 Drop debug-client prompt state tracking @jif-oai
• #25075 fix: main @jif-oai
• #24794 [codex] Improve built-in tool schema docs @jif-oai
• #25095 Handle goal usage limits from turn errors @jif-oai
• #25106 Remove stale rollout TODO tests @jif-oai
• #24965 Render multiline hook output in TUI @abhinav-oai
• #25031 [codex] Add model tool mode selector @aibrahim-oai
• #24693 Show activity for standalone web search calls @sayan-oai
• #25110 Move config document helpers into their own module @jif-oai
• #25013 feat: Add focused diagnostics for MCP HTTP send failures @xl-openai
• #24964 [codex] Wait for MCP readiness in core integration tests @anp-oai
• #24972 Route extension image generation through the native image completion pipeline @won-openai
• #24831 Add Windows sandbox provisioning setup command @iceweasel-oai
• #25017 Align TUI permissions labels with app @etraut-openai
• #25027 Add /archive slash command @etraut-openai
• #25035 Use session wording in /rename confirmation @etraut-openai
• #24161 Add subagent lineage metadata for responsesapi @owenlin0
• #25116 [exec-server] Kill dropped filesystem helpers @erichoracek
• #24180 code-mode: introduce durable session interface @cconger
• #23165 thread-store: store permission profiles @bolinfest
• #25131 [codex] Require model for standalone web search @sayan-oai
• #25134 ci: use issue triage environment for issue workflows @etraut-openai
• #25118 exec-server: preserve fs helper CoreFoundation env @starr-openai
• #25022 [codex] Fix Vim normal mode editing @jinghanx88
• #25161 Recommend Bazel VSCode extension. @anp-oai
• #24996 Filter plugin install suggestions by installed apps @nm-openai
• #23766 Constrain Windows sandbox requirements @abhinav-oai
• #25172 [codex] Update remote connector suggestions @ericning-o
• #25171 fix: Bedrock API key region fallback @celia-oai
• #24541 feat(config) experimental_request_user_input toggle @dylan-hurd-oai
• #25021 Add thread archive CLI commands @etraut-openai
• #25267 Rename multi-agent v2 assignment tool @jif-oai
• #25318 fix: Limit Bedrock GPT models to default service tier @owenlin0
• #25381 [codex] Avoid forced directory refresh during plugin install auth checks @xl-openai

# Computer use and mobile access on Windows ### New features - [Computer Use](/codex/app/computer-use) now works on Windows. Codex can operate Windows desktop apps by seeing, clicking, and typing in the foreground while it works. - [Remote control](/codex/remote-connections) now supports Windows devices. You can start Codex work on a Windows device from ChatGPT on iOS or Android, or from a Mac running Codex, and check its progress remotely. - The [Profile section](/codex/app/settings#profile) now shows your profile details, usage stats, and token activity. ### Performance improvements and bug fixes - Additional performance improvements and bug fixes.

New Features

• codex doctor now reports richer environment, Git, terminal, app-server, and thread inventory diagnostics for support cases. (#24261, #24311, #24305)
• /status shows remote connection details and server version when the TUI is connected over a remote transport. (#24420)
• Vim mode gained text-object editing, improved word/line-end behavior, and a configurable interrupt-turn binding. (#24382, #24380, #24766)
• /permissions now understands named permission profiles and displays configured custom profiles. (#21559)
• Packaged Codex builds can discover and use the bundled patched zsh helper across supported macOS and Linux targets. (#23756, #24171)
• The Python SDK now exposes friendly Sandbox presets for thread and turn APIs. (#24772)

Bug Fixes

• Markdown tables and multiline lists render more readably in the TUI, with better column sizing and app-style table formatting. (#24489, #24346, #24351)
• TUI output is more stable on macOS and Zellij, avoiding stderr/composer corruption and raw-output overlap. (#24459, #24479, #24593)
• Slash-command completion now preserves existing draft text for commands that accept inline arguments. (#23950)
• Older tmux/iTerm control-mode sessions no longer lose normal Ctrl-C handling from unsupported keyboard enhancement setup. (#24371)
• App mentions now exclude inaccessible or disabled apps instead of offering unusable $ suggestions. (#24625)
• Resume flows now include non-interactive exec sessions when requested and honor cwd overrides for idle cached threads. (#24503, #24528)

Documentation

• Clarified image-viewing tool detail behavior and removed stale TUI composer documentation references. (#23949, #24641)
• Updated Python SDK docs, examples, and notebook content to use the new sandbox preset API. (#24772)

Chores

• Updated Rust toolchain pins and SQLx/SQLite dependencies. (#24684, #24728)
• Moved memory runtime state into a dedicated SQLite database. (#24591)
• Removed remaining legacy config-profile consumers and routed more TUI config/plugin state through app-server-owned APIs. (#24076, #24254, #24255, #24265, #24266, #24257)
• Centralized Responses retry handling and MCP tool naming logic to reduce duplicated internal plumbing. (#24131, #21576)

Changelog

Full Changelog: rust-v0.134.0...rust-v0.135.0

• #24164 fix(remote-control): cap reconnect backoff @apanasenko-oai
• #23756 package: include zsh fork in Codex package @bolinfest
• #23757 Default function tools into tool hooks @abhinav-oai
• #24171 package: add x64 macOS codex-zsh artifact @bolinfest
• #24159 code-mode: merge stored values by key @cconger
• #23983 fix: plugin bundle archive handling for upload and install @xl-openai
• #24261 feat(doctor): add environment diagnostics @fcoury-oai
• #24311 Report app-server version in codex doctor @etraut-openai
• #24314 tui: label compact rate-limit percentages @etraut-openai
• #24420 Show remote connection details in /status @etraut-openai
• #24317 Respect hook trust bypass during TUI startup @etraut-openai
• #24254 TUI config cleanup: oss_provider @etraut-openai
• #24255 TUI config cleanup: trusted projects @etraut-openai
• #24265 TUI config cleanup: MCP inventory @etraut-openai
• #24305 Add doctor thread inventory audit @etraut-openai
• #24346 fix(tui): improve markdown table column allocation @fcoury-oai
• #24351 fix(tui): improve multiline markdown list readability @fcoury-oai
• #24459 fix(tui): prevent macos stderr from corrupting composer @fcoury-oai
• #24479 fix(process-hardening): preserve macos malloc diagnostics @fcoury-oai
• #24474 Log rollout writer OS errors @etraut-openai
• #24076 chore: stop consuming legacy config profiles @jif-oai
• #24131 centralize Responses retry policy @rhan-oai
• #23858 [wip] goal shift @jif-oai
• #24555 chore: drop orphaned codex memories MCP crate @jif-oai
• #24558 chore: move memory prompt builder into extension @jif-oai
• #24562 Add ad-hoc memory note tool @jif-oai
• #24567 Wire metrics client into memories extension @jif-oai
• #24588 fix: drop flake @jif-oai
• #24583 Add memory tool call metrics to memories extension @jif-oai
• #24586 Wire app-server extension event sink @jif-oai
• #24532 Use thread config for TUI MCP inventory @etraut-openai
• #24105 [codex] Make active turn task singular @pakrym-oai
• #21576 Move MCP tool naming mode into manager @pakrym-oai
• #24503 tui: include exec sessions in resume list @etraut-openai
• #24600 feat: gate dedicated memories tools in config @jif-oai
• #21559 tui: add named permission profile picker @viyatb-oai
• #24608 feat: add manual and remote_v2 tags to compaction metric @jif-oai
• #24611 test: clean up apply_patch allow-session artifact @jif-oai
• #24609 Remove reserved namespaces dedup @pakrym-oai
• #23964 Move slash input logic out of chat composer @canvrno-oai
• #24615 Add goal extension telemetry parity @jif-oai
• #24371 fix(tui): avoid modifyOtherKeys for unknown tmux formats @fcoury-oai
• #24626 fix: restore goal accounting after thread resume @jif-oai
• #24591 Move memory state to a dedicated SQLite DB @jif-oai
• #23823 standalone websearch extension @sayan-oai
• #24593 fix(tui): keep raw output above composer in zellij @fcoury-oai
• #24625 tui: keep inaccessible apps out of mentions @canvrno-oai
• #24154 Add experimental turn additional context @pakrym-oai
• #24473 fix(remote-control): surface websocket task stalls @apanasenko-oai
• #24528 Respect resume cwd overrides for idle cached threads @etraut-openai
• #24160 Add forked_from_thread_id turn metadata @owenlin0
• #24646 make direct only allowed caller for standalone websearch @sayan-oai
• #23949 Clarify view_image tool description @fjord-oai
• #24266 TUI config cleanup: plugin mentions @etraut-openai
• #24320 Avoid repeated marketplace upgrades for alternate layouts @etraut-openai
• #23813 windows-sandbox: remove SandboxPolicy runner plumbing @bolinfest
• #24652 [codex] remove plain image wrapper spans @pakrym-oai
• #24623 Attach Windows sandbox log to feedback reports @iceweasel-oai
• #24644 Restore legacy image detail values @rhan-oai
• #24655 [codex-analytics] add grouped session id to runtime events @marksteinbrick-oai
• #24658 [codex] Remove obsolete goal continuation turn marker @pakrym-oai
• #24660 fix: dont compact standalone websearch schema @sayan-oai
• #24667 fix(core): instrument stalled tool-listing handoff @apanasenko-oai
• #24684 Uprev Rust toolchain pins to 1.95.0 @anp-oai
• #21567 fix: add noninteractive install script mode @efrazer-oai
• #24707 Allow runtime enablement for remote plugins @xl-openai
• #24714 fix(auto-review) skip legacy notify for auto review threads @dylan-hurd-oai
• #24690 Revert "Add Bedrock Mantle GovCloud region (#23860)" @celia-oai
• #24628 feat: handle goal usage limits in goal extension @jif-oai
• #24746 Fix guardian review test user input @jif-oai
• #24744 feat: add thread idle lifecycle hook @jif-oai
• #24751 Drop startup context when truncating forked rollouts @jif-oai
• #24257 TUI config cleanup: plugin marketplace @etraut-openai
• #24380 fix(tui): complete vim word-end and line-end behavior @fcoury-oai
• #24728 Bump SQLx to pick up newer bundled SQLite @jif-oai
• #24637 fix: run standalone updates noninteractively @efrazer-oai
• #24778 make vercel webhook url an env secret @sayan-oai
• #23950 fix: Preserve draft text when completing argument-taking slash commands @canvrno-oai
• #24641 [codex] Remove stale composer narrative doc references @canvrno-oai
• #24368 [codex] add compaction metadata to turn headers @ningyi-oai
• #24772 [codex] Add friendly Python SDK sandbox presets @aibrahim-oai
• #24382 feat(tui): add vim text object bindings @fcoury-oai
• #24766 feat(tui): make turn interruption keybind configurable @fcoury-oai
• #24489 feat(tui): render markdown tables in app style [1 of 2] @fcoury-oai
• #24713 chore: enable namespace tools for Bedrock @celia-oai

New Features

• Added search across local conversation history, including case-insensitive content matches with result previews. (#23519, #23921)
• Made --profile the primary profile selector across CLI, TUI permissions, and sandbox flows, with legacy profile configs rejected through migration guidance. (#23708, #23883, #23890, #24051, #24055, #24059, #24067, #24110)
• Improved MCP setup with per-server environment targeting and OAuth options for streamable HTTP servers. (#23583, #24120)
• Made connector tool schemas more reliable by preserving local $ref/$defs structures and compacting oversized schemas before exposure. (#23357, #23904)
• Let read-only MCP tools run concurrently when they advertise readOnlyHint. (#23750)
• Added richer extension and hook context, including conversation history for extension tools and subagent identity in hook inputs. (#22882, #23963)

Bug Fixes

• Improved remote reliability by reconnecting stale exec-server websocket clients, retrying remote control immediately after auth recovery, and retrying remote compaction v2 streams. (#23867, #23775, #23951)
• Fixed Windows TUI rendering corruption by restoring virtual terminal mode before drawing. (#24082)
• Displayed workspace-specific usage-limit messages for credit and spend-cap failures. (#24114)
• Allowed plugin skills to reuse shared plugin-level icon assets. (#23776)
• Preserved active permission profile metadata when syncing auto-review runtime settings. (#23956)
• Ensured Node-based tools honor Codex’s managed network proxy environment. (#23905)

Documentation

• Documented the curl and PowerShell installer paths in the README. (#24106)
• Updated developer docs to prefer just test over direct cargo test for repo-local test runs. (#23910)
• Added profile migration documentation links to relevant config errors. (#23879)

Chores

• Simplified release packaging around canonical native artifacts, reusable DotSlash fetching, and a new macOS x64 zsh artifact. (#23833, #23836, #24129, #24165)
• Added release-build support for Codex-produced V8 artifacts. (#23934)
• Added image re-encoding benchmarks and connector-style JSON schema policy fixtures. (#23935, #24152)
• Improved tracing and analytics for websocket requests, turn starts, and remote compaction v2. (#23581, #23980, #24146)

Changelog

Full Changelog: rust-v0.133.0...rust-v0.134.0

• #23581 Trace logical websocket request after untraced warmup @jif-oai
• #23718 [codex] Steer budget-limited goal extension turns @jif-oai
• #23861 fix: cargo lock @jif-oai
• #23728 feat: retain remote compaction truncation parity in v2 @jif-oai
• #23870 Make tool executor specs mandatory @jif-oai
• #23882 [codex] Stabilize subagent start hook test @jif-oai
• #23876 refactor: centralize tool exposure planning @jif-oai
• #23879 chore: link doc in profile error messages @jif-oai
• #23883 cli: rename profile v2 flag to --profile @jif-oai
• #23835 docs: add description to codex-cli/package.json @bolinfest
• #23583 Route MCP servers through explicit environments @starr-openai
• #23886 cli: remove legacy profile v1 plumbing @jif-oai
• #23708 tui: plumb permission profile selection @viyatb-oai
• #23833 packaging: move rg manifest out of npm bin @bolinfest
• #23796 Improve /goal error messages for ephemeral sessions @etraut-openai
• #23867 Reconnect disconnected exec-server websocket clients with fresh sessions @starr-openai
• #23792 TUI: skip goal replace prompt for completed goals @etraut-openai
• #23519 [codex] Add rollout-backed thread content search @fc-oai
• #22552 Remove plugin hooks feature flag @abhinav-oai
• #23836 npm: remove legacy package artifact synthesis @bolinfest
• #23921 [codex] Make thread search case-insensitive @fc-oai
• #23775 fix(remote-control): retry after auth recovery @apanasenko-oai
• #22882 Add subagent identity to hook inputs @abhinav-oai
• #22915 [3 of 4] tui: route feature and memory toggles through app server @etraut-openai
• #23776 fix: Allow plugin skills to share plugin-level icon assets @xl-openai
• #23860 Add Bedrock Mantle GovCloud region @CHARLESPALEN-OAI
• #23956 Fix auto-review permission profile override @etraut-openai
• #23357 feat: support local refs and defs in tool input schemas @celia-oai
• #23963 Expose conversation history to extension tools @sayan-oai
• #23904 feat: best-effort compact large tool schemas @celia-oai
• #23750 Allow parallel MCP tool calls when annotated readOnly @anp-oai
• #23905 [codex] Enable Node env proxy for managed network proxy @rreichel3-oai
• #23890 mcp: surface profile migration guidance under --profile @jif-oai
• #24051 config: remove legacy profile v1 resolution @jif-oai
• #24055 config: remove legacy profile write paths @jif-oai
• #24057 Avoid config snapshots in live agent subtree traversal @jif-oai
• #24061 otel: drop legacy profile usage telemetry @jif-oai
• #24059 fix: reject legacy profile selectors @jif-oai
• #23934 ci: Use codex produced v8 artifacts for release builds @cconger
• #24099 fix(app-server): fix optional bool annotations @owenlin0
• #23910 Prefer just test over cargo test in docs @anp-oai
• #23951 retry remote compaction v2 requests @rhan-oai
• #24081 tui: make codex-tui.log opt-in @jif-oai
• #24102 cli: infer host sandbox backend @bolinfest
• #24067 app-server: drop legacy profile config surface @jif-oai
• #23736 Add new enterprise requirement gate @adams-oai
• #24117 [codex] Use rolling files for Windows sandbox logs @iceweasel-oai
• #24106 docs: update README.md to mention curl-based installer @bolinfest
• #24082 fix(tui): restore Windows VT before TUI renders @fcoury-oai
• #24110 cli: support --profile for codex sandbox @bolinfest
• #23980 Add trace_id to TurnStartedEvent @mchen-oai
• #24120 Support OAuth options in codex mcp add @mzeng-openai
• #23989 Add typed Images client to codex-api @won-openai
• #24146 [codex-analytics] split compaction v2 analytics implementation @rhan-oai
• #24129 package: factor DotSlash executable fetching @bolinfest
• #24151 [codex] Use TurnInput for session task input @pakrym-oai
• #23935 [codex] Add image re-encoding benchmarks @anp-oai
• #24152 chore: add JSON schema policy fixture coverage @celia-oai
• #24157 [codex] Remove external client session reset plumbing @pakrym-oai
• #24114 Display workspace usage limit error copy from response header @dhruvgupta-oai
• #24165 release: build macOS x64 zsh artifact @bolinfest

# ChatGPT for iOS ### New features - Added Spotlight and Shortcuts support for opening Codex Mobile directly. - Added browsing for archived Codex threads. - Added `/side` for opening a side conversation. - Added options to save or copy rendered images. ### Improvements and bug fixes - Improved iPad keyboard shortcuts. - Improved setup and relaunch reliability. - Fixed issues with task progress, loading archived threads, previewing code changes, and switching hosts.

# Appshots, goal mode, and more [Appshots](/codex/appshots) are now available in the Codex app on macOS. Press both Command keys to send the frontmost app window to Codex with a screenshot and available text, so Codex can work from context in another app without you copying, pasting, or describing it manually. This launch also includes: - [Goal mode](/codex/prompting#goal-mode) is no longer an experimental feature and is available in the Codex app, IDE extension, and CLI. With Goal mode, you can have Codex drive toward a specific objective for hours or even days. - [Remote computer use](/codex/app/computer-use#locked-use), so Codex can use desktop apps after your Mac locks, including remotely via Codex Mobile. Codex scopes locked use to active, trusted computer use turns and includes safeguards such as short-lived authorization, covered displays, relock on local input, and manual-unlock fallback. - [Plugin sharing](/codex/plugins/build#share-a-local-plugin-with-your-workspace) through marketplace sources is available for ChatGPT Business. Enterprise support is coming soon. Teams can distribute reusable plugin bundles that include skills, app integrations, and MCP servers. - [Advanced in-app browser annotations](/codex/app/browser#styling-feedback) let you tweak styling such as font size, colors, and spacing directly using annotations. This gives Codex a clearer signal for changes. - Browser-use improvements across in-app browser & Chrome: - Codex can now download and extract all image assets from a page much more quickly. - Codex can now extract structured data from pages more effectively and find information more quickly with a read-only JS sandbox. - Chrome extension will create less clutter when using it. Codex will no longer create tab groups when taking over existing tabs, and at the end of a task for handoff. Instead, it uses tab icons to indicate status. - Significantly improved reliability for browser use. We fixed bugs on Windows, flaky availability of the plugin to non geo-blocked regions, and many other issues impacting performance.

New Features

• Goals are now enabled by default, backed by dedicated storage, and track progress across active turns. (#23300, #23685, #23696, #23732)
• codex remote-control now runs like a foreground command, waits for readiness, reports machine status, and keeps explicit daemon-style start/stop commands. (#22878)
• Permission profiles gained list APIs, inheritance, managed requirements.toml support, runtime refresh behavior, and stronger Windows sandbox integration. (#22928, #23412, #22270, #23433, #22931, #23715)
• Plugin discovery is easier to inspect, with marketplace-aware list output, installed versions, visible marketplace roots, and remote collection support. (#23372, #23584, #23727, #23730)
• Extensions can observe more lifecycle events, including subagent start/stop, tool execution, turn metadata, and async approval/turn processing. (#22782, #22873, #23309, #23688, #23690, #23692)

Bug Fixes

• Fixed TUI startup choosing the wrong working directory when reusing a local app-server socket. (#23538)
• Fixed plan-mode free-form answers so modified Enter keys, like Shift+Enter, no longer submit unexpectedly. (#23536)
• Removed stale background terminal poll events after a process exits. (#23231)
• Preserved raw code-mode exec output unless an explicit output token limit is requested. (#23564)
• Made AGENTS instruction loading more reliable, including local global reads and warnings for invalid UTF-8 instead of silent drops. (#23343, #23232)
• Fixed app-server startup/shutdown races, empty resume/fork paths, plugin upgrade failures, and realtime v1 websocket compatibility. (#23516, #23578, #23400, #23356, #23771)

Documentation

• Added clearer plugin-creator guidance for updating and reinstalling local personal plugins. (#23542)
• Expanded app-server/API docs and schema coverage around managed permission profile requirements. (#23433, #23555)

Chores

• Added a canonical Codex package archive pipeline and moved installers, npm packages, DotSlash, and SDK runtimes toward that shared layout. (#23513, #23582, #23586, #23596, #23635, #23636, #23637, #23638, #23786)
• Fixed Linux Python runtime wheel tags so glibc-based systems can install the runtime artifacts. (#21812)
• Improved release and CI reliability with package-builder tests, prebuilt resource packaging, DotSlash zstd handling, platform-sharded Rust tests, and Codex Linux release runners. (#23760, #23759, #23752, #23358, #23761)

Changelog

Full Changelog: rust-v0.132.0...rust-v0.133.0

• #23343 codex: route global AGENTS reads through LOCAL_FS @starr-openai
• #22380 fix: default unknown tool schemas to empty schemas @celia-oai
• #23309 Add tool lifecycle extension contributor @jif-oai
• #23253 Reduce rust-ci-full Windows nextest timeout flakes @starr-openai
• #22878 Improve codex remote-control CLI UX @owenlin0
• #21812 Publish Linux runtime wheels with glibc-compatible tags @aibrahim-oai
• #22709 [codex] Trim unused TurnContextItem fields @pakrym-oai
• #23353 Include plugin id in plugin MCP tool metadata @mzeng-openai
• #22728 [codex] Move pending input into input queue @pakrym-oai
• #23371 fix(tui): warn on unsupported iTerm2 pet versions @fcoury-oai
• #23376 [codex-analytics] preserve user thread source for exec threads @marksteinbrick-oai
• #23360 app-server: use profile ids in v2 permission params @bolinfest
• #23384 [codex] Remove external websocket session resets @pakrym-oai
• #22721 cleanup: Remove skill env var dependency prompting @xl-openai
• #23389 Remove ToolSearch feature toggle @sayan-oai
• #23080 [1 of 7] Add thread settings to UserInput @etraut-openai
• #23081 [2 of 7] Remove UserInputWithTurnContext @etraut-openai
• #23075 [3 of 7] Remove UserTurn @etraut-openai
• #23396 [codex] Extract turn skill and plugin injections @pakrym-oai
• #23356 fix(plugins): keep version upgrades additive @iceweasel-oai
• #22508 [5 of 7] Replace OverrideTurnContext with ThreadSettings @etraut-openai
• #22086 CI: Customize v8 building @cconger
• #23390 Remove explicit connector tool undeferral @sayan-oai
• #22928 core: expose permission profile picker metadata @viyatb-oai
• #23352 Preserve context baselines for full-history agent forks @jif-oai
• #23300 feat: dedicated goal DB @jif-oai
• #22835 Remove ToolsConfig from tool planning @jif-oai
• #22870 Add body_after_prefix auto-compact token limit scope @jif-oai
• #23144 Defer v1 multi-agent tools behind tool search @jif-oai
• #23409 [codex] Allow empty turn/start requests @pakrym-oai
• #23388 [codex] Move hook request plumbing into hook runtime @pakrym-oai
• #23405 [codex] Preserve steer input as user input @pakrym-oai
• #22914 [2 of 4] tui: route app and skill enablement through app server @etraut-openai
• #23397 [codex] Make contextual user fragments dyn-renderable @pakrym-oai
• #23475 chore: namespace v1 sub-agent tools @jif-oai
• #23493 Make deny canonical for filesystem permission entries @viyatb-oai
• #22929 Harden CLI rate limit window labels @ase-openai
• #22782 Add SubagentStart hook @abhinav-oai
• #23513 build: add Codex package builder @bolinfest
• #23369 Make local environment optional in EnvironmentManager @starr-openai
• #23327 Refactor exec-server websocket pump @starr-openai
• #23536 fix(tui): preserve modified enter in plan questions @fcoury-oai
• #23400 Fix empty rollout path app-server handling @wiltzius-openai
• #23551 Route local-only app-server gating through processors @starr-openai
• #23372 Split plugin install discovery into list and request tools @mzeng-openai
• #23516 fix: serialize unix app-server startup @efrazer-oai
• #22169 [codex] Honor role-defined spawn service tiers @aibrahim-oai
• #23555 Add CUA requirements subsection for locked computer use @adams-oai
• #23538 Fix: TUI starting in wrong CWD @canvrno-oai
• #23526 build: fetch rg for Codex packages @bolinfest
• #23573 Remove unused ARC monitor path @mzeng-openai
• #23576 test: fix multi-agent service tier assertion @bolinfest
• #23541 build: default Codex package target and output @bolinfest
• #23358 Fan out rust-ci-full nextest by platform @starr-openai
• #23593 feat: expose codex-app-server version flag @bolinfest
• #23412 feat: add permission profile list api @viyatb-oai
• #23535 Move plugin and skill warmup into session startup @aibrahim-oai
• #23231 Fix stale background terminal poll events @etraut-openai
• #23564 [codex] Preserve raw code-mode exec output by default @aibrahim-oai
• #23232 Warn on invalid UTF-8 in AGENTS.md files @etraut-openai
• #23584 feat: Add vertical remote plugin collection support @xl-openai
• #23586 build: package prebuilt Codex entrypoints @bolinfest
• #23582 ci: build Codex package archives in release workflow @bolinfest
• #23596 runtime: detect Codex package layout @bolinfest
• #23500 add encryptedcontent to functioncalloutput @sayan-oai
• #23633 Migrate exec-server remote registration to environments @richardopenai
• #23451 Add timeout for remote compaction requests @jif-oai
• #23667 feat: rename 1 @jif-oai
• #23669 feat: rename 3 @jif-oai
• #23668 feat: rename 2 @jif-oai
• #23675 fix: main @jif-oai
• #23685 feat: wire goal extension tools to the dedicated goal store @jif-oai
• #23690 feat: async approval contrib @jif-oai
• #23692 feat: async turn item process @jif-oai
• #23688 feat: expose turn-start metadata to extensions @jif-oai
• #23605 [codex] Hide deferred tools from code mode prompt @pakrym-oai
• #23634 runtime: use install context for bundled bwrap @bolinfest
• #23635 release: publish Codex package archive checksums @bolinfest
• #23592 feat: Add btw alias for side slash command @anp-oai
• #23696 feat: account active goal progress in the goal extension @jif-oai
• #23176 [2 of 2] Start fresh TUI thread in background @etraut-openai
• #23578 fix(app-server): speed up shutdown @fcoury-oai
• #22896 windows-sandbox: add resolved permissions helper @bolinfest
• #23502 Add thread/settings/update app-server API @etraut-openai
• #23507 Sync TUI thread settings through app server @etraut-openai
• #23666 feat: add turn_id and truncation_policy to extension tool calls @jif-oai
• #23636 install: consume Codex package archives @bolinfest
• #23717 [codex] Preserve failed goal accounting flushes @jif-oai
• #23655 add standalone websearch api client @sayan-oai
• #23724 Fix thread settings clippy failure @etraut-openai
• #23637 npm: ship platform packages in Codex package layout @bolinfest
• #23729 fix(config): resolve cloud requirements deny-read globs @viyatb-oai
• #23638 dotslash: publish Codex entrypoints from package archives @bolinfest
• #22918 windows-sandbox: send permission profiles to elevated runner @bolinfest
• #23735 windows-sandbox: share bundled helper lookup @bolinfest
• #18868 Add MITM hook config model @evawong-oai
• #22270 feat(permissions): resolve permission profile inheritance @viyatb-oai
• #23719 cli: add strict config to exec-server @bolinfest
• #23542 [skills] Create a personal update flow for plugin creator @caseychow-oai
• #21272 Support compact SessionStart hooks @abhinav-oai
• #20659 Wire MITM hooks into runtime enforcement @evawong-oai
• #23752 release: use DotSlash zstd for package archives @bolinfest
• #22923 windows-sandbox: drive write roots from resolved permissions @bolinfest
• #23761 chore: use Codex Linux runners for Rust releases @bolinfest
• #23759 release: package prebuilt resource binaries @bolinfest
• #23167 windows-sandbox: feed setup from resolved permissions @bolinfest
• #22931 core: refresh active permission profiles at runtime @viyatb-oai
• #22873 Add SubagentStop hook @abhinav-oai
• #23727 feat(plugins): tabulate plugin list output @caseychow-oai
• #23732 Make goals feature on by default and no longer experimental @etraut-openai
• #23537 Honor client-resolved service tier defaults @shijie-oai
• #23771 [codex] Fix realtime v1 websocket compatibility @guinness-oai
• #23764 Remove Windows sandbox resource stamping @iceweasel-oai
• #23730 [codex] List marketplaces considered by plugin discovery @caseychow-oai
• #23760 ci: run Codex package builder tests @bolinfest
• #23737 [codex] Add plugin id to MCP tool call items @mzeng-openai
• #18240 Use named MITM permissions config @evawong-oai
• #23774 [codex] Reject read-only fallback with approvals disabled @viyatb-oai
• #23714 windows-sandbox: add profile-native elevated APIs @bolinfest
• #23433 feat: support managed permission profiles in requirements.toml @viyatb-oai
• #23715 core: pass permission profiles to Windows runner @bolinfest
• #23786 sdk: launch packaged Codex runtimes @bolinfest

New Features

• The Python SDK now supports first-class authentication, including API key login, ChatGPT browser and device-code flows, account inspection, and logout APIs. (#23093)
• Python turn APIs are easier to use for text-only workflows: you can pass a plain string as input, and handle-based runs now return a richer TurnResult with collected items, timing, and usage data. (#23151, #23162)
• codex exec resume now accepts --output-schema, so resumed automations can keep session context while still enforcing structured JSON output. (#23123)
• TUI startup is faster because terminal capability probes are now batched instead of waiting on several serial checks before the first interactive frame. (#23175)
• Remote executor registration can now use standard Codex auth instead of a separate registry credential flow. (#22769)
• App-server turns can preserve requested image fidelity, including original-resolution local images, across user inputs and image-producing tools. (#20693)

Bug Fixes

• Goal continuations now stop when they hit usage limits or a repeated blocker instead of looping and burning more tokens, and completion responses phrase usage more naturally. (#23094, #22907)
• The session picker is easier to trust: renamed threads now show name (thread-id) in resume hints, and pasted text works in the picker search box. (#23234, #23338)
• Multi-session TUI flows are more reliable: in-progress MCP calls stay marked as active during replay, and elicitation replies are sent back to the thread that requested them. (#23236, #23241)
• Remote sessions now keep websocket connections alive and show repo-relative diff paths again instead of /tmp/...-prefixed paths. (#23226, #23261)
• Windows installs are more robust: codex doctor now detects npm-managed installs correctly, and MSVC release binaries no longer depend on separately installed VC++ runtime DLLs. (#22967, #22905)
• TUI polish fixes include immediate shutdown feedback on exit, hiding the ChatGPT usage link for non-OpenAI providers, and keeping a cleared Fast tier from reappearing after side-thread resume. (#23323, #23127, #23121)

Documentation

• The Python SDK docs, FAQ, and examples were refreshed around the new auth flow and turn APIs, with clearer setup guidance and simpler text-only examples. (#22941, #23093, #23151, #23162)

Chores

• Memory summaries are now versioned and rebuilt when the stored format is stale, which should keep long-lived memory context leaner and more predictable. (#23148)

Changelog

Full Changelog: rust-v0.131.0...rust-v0.132.0

• #20693 Preserve image detail in app-server inputs @fjord-oai
• #22891 tui: pass active permission profiles through app commands @bolinfest
• #22924 app-server-protocol: remove PermissionProfile from API @bolinfest
• #22941 [codex] Refine Python SDK user-facing docs @aibrahim-oai
• #22967 Fix Windows doctor npm root probe @etraut-openai
• #22920 core: set permission profiles from snapshots @bolinfest
• #22939 [codex] Split Python SDK helper logic @aibrahim-oai
• #22907 Improve goal completion usage reporting @etraut-openai
• #23030 test: construct permission profiles directly @bolinfest
• #22769 exec-server: support auth-backed remote executor registration @miz-openai
• #22946 [codex] preserve MCP result meta in McpToolCallItemResult @miaolin-oai
• #23069 multiagent: trim model-visible description, cap to 5 models @sayan-oai
• #22913 [1 of 4] tui: route primary settings writes through app server @etraut-openai
• #23093 sdk/python: add first-class login support @aibrahim-oai
• #23151 [codex] Return TurnResult from Python turn handles @aibrahim-oai
• #23147 Make multi-agent v2 tool namespace configurable @jif-oai
• #23036 test: reduce core sandbox policy test setup @bolinfest
• #23162 [codex] Accept string input for Python turns @aibrahim-oai
• #23226 Add exec-server websocket keepalive @starr-openai
• #23148 Densify and version memory summaries @jif-oai
• #22448 [codex] Add installed-plugin mention API @xli-oai
• #23288 chore: goal ext skeleton @jif-oai
• #23291 Make extension lifecycle hooks async @jif-oai
• #23293 feat: add extension event sink capability @jif-oai
• #23295 chore: isolate thread goal storage behind GoalStore @jif-oai
• #23301 chore: goal resumed metrics @jif-oai
• #23305 chore: make token usage async @jif-oai
• #23306 Emit goal update events from goal extension tools @jif-oai
• #23121 tui: keep cleared Fast tier from reappearing after side-thread resume @etraut-openai
• #23123 Support --output-schema for exec resume @etraut-openai
• #23128 Fix TUI stream cleanup after turn errors @etraut-openai
• #23127 Hide ChatGPT usage link for non-OpenAI status @etraut-openai
• #23175 [1 of 2] Optimize TUI startup terminal probes @etraut-openai
• #22706 [codex] Remove legacy shell output formatting paths @pakrym-oai
• #23332 nit: read prompt @jif-oai
• #22905 windows: link MSVC release binaries with static CRT @iceweasel-oai
• #23323 fix(tui): show shutdown feedback on exit @fcoury-oai
• #23261 Fix remote turn diff display roots @starr-openai
• #22569 Simplify legacy Windows sandbox ACL persistence @iceweasel-oai
• #23273 Upload rust full CI JUnit reports @starr-openai
• #22893 fix: harden plugin creator sharing validation @efrazer-oai
• #23094 goal: pause continuation loops on usage limits and blockers @etraut-openai
• #23234 Clarify resume hints for renamed threads @etraut-openai
• #23241 TUI: route elicitation responses to request thread @etraut-openai
• #23236 TUI: replay in-progress MCP calls as started @etraut-openai
• #23088 goals: keep pause transitions explicit @etraut-openai
• #23338 feat(tui): handle paste in session picker @fcoury-oai
• #23335 feat(app-server): add optional thread_id to experimentalFeature/list @owenlin0

# ChatGPT for iOS ### New features - Added support for opening completed Codex tasks directly from iOS notifications. - Added the ability to open changed files directly while reviewing a task. ### Improvements and bug fixes - Improved task resume, reconnection, and foreground reliability. - Improved task progress updates, code review, and message composition.

New Features

• The TUI now offers richer session controls and display: data-driven service-tier commands, blended token usage, permissions/approval mode, effective workspace roots, and responsive Markdown tables. (#21745, #21906, #21991, #21669, #21677, #22052, #22612)

• @ mentions now search files, directories, plugins, and skills in one picker, backed by app-server plugin metadata. (#19068, #22375)

• Plugin workflows gained marketplace CLI commands, version-aware sharing, share checkout, clearer shared-workspace buckets, and default-enabled plugin hooks. (#21396, #22397, #22425, #22435, #22549)

• Remote workflows now support daemon-managed codex remote-control, runtime enable/disable APIs, status reads, and registry-backed/configured remote environments. (#20718, #22218, #22562, #22578, #22877, #20667, #21323)

• The Python SDK moved to openai-codex / openai_codex, with pinned runtime-generated types, concurrent turn routing, approval modes, and integration coverage. (#21778, #21891, #21893, #21896, #21905, #21910, #22014)

• Added codex doctor for support-ready diagnostics across runtime, auth, terminal, network, config, and local state. (#22336)

Bug Fixes

• Fixed several TUI interaction and rendering issues, including URL wrapping, light-mode selection contrast, Shift+Enter in tmux, /review MCP startup status, /side Esc handling, and network approval history text. (#21760, #21950, #21943, #21624, #22710, #22229)

• Hardened Windows sandbox behavior around deny-read rules, scoped write roots, ineffective firewall policy, and PowerShell edge cases. (#18202, #21479, #22353, #21400, #22643)

• Preserved managed read restrictions during permission escalation and cleaned up workspace-root permission profile resolution. (#15977, #22624, #22683)

• Made app-server and local state startup safer by preserving SQLite data, failing closed when state cannot open, adding recovery paths, and softening optional metadata sync failures. (#21831, #21847, #22580, #22734, #22899)

• Improved Git and auth reliability by using root worktree hooks consistently, ignoring repo hook/fsmonitor config in helper commands, binding local MCP OAuth callbacks, and revoking superseded login tokens. (#21969, #22843, #22652, #20237, #21747)

• Reduced remote and Windows cleanup friction with longer exec-server transport timeouts, quieter taskkill cleanup, and non-queued plugin reads. (#21825, #21759, #22058, #22703)

Documentation

• Clarified that general Codex product docs should not be added to this repo, while app-server API docs remain in scope. (#21772)

• Updated plugin-creator guidance for the simplified local plugin handoff links. (#22240)

• Documented new app-server/API contracts for remote environments and the desktop-owned config namespace. (#21323, #22584)

Chores

• Improved CI and release reliability across Rust CI, exact PR-head checkout, Windows Bazel sharding, unsigned macOS artifacts, and signed macOS promotion. (#21604, #21628, #21835, #22408, #22559, #22649, #22737, #22788, #22900)

• Split large TUI ChatWidget, history, and composer code into focused modules without intended behavior changes. (#21866, #22269, #22407, #22433, #22518, #22537, #22704, #22581, #22656)

• Continued extracting extension and tool internals, including shared tool contracts plus guardian and memory extension plumbing. (#21736, #21737, #21738, #22138, #22147, #22216, #22258, #22344, #22476, #22480, #22485, #22498)

• Removed obsolete tool paths, feature flags, config gates, and legacy hooks as defaults stabilized. (#21651, #21805, #22173, #22246, #22565, #22711, #22717, #22724, #22730)

Changelog

Full Changelog: rust-v0.130.0...rust-v0.131.0

• #21550 [codex] make shutdown pending-touch test deterministic @jif-oai

• #21697 Allow string service tiers in config TOML @aibrahim-oai

• #21687 [codex] Enable apply_patch freeform by default @aibrahim-oai

• #19896 Update models.json @github-actions

• #21669 Display blended token count in status line @etraut-openai

• #21677 Show permissions and approval mode in the TUI status line @etraut-openai

• #21757 api: send hyphenated session and thread headers @jif-oai

• #21763 nit: comment @jif-oai

• #21749 codex-otel: validate provider span attributes consistently @bbrown-oai

• #21767 chore: thread tui @jif-oai

• #21443 [sandboxing] Remove Darwin user cache write from Seatbelt network policy @evawong-oai

• #21604 Fix rust-ci-full failures due to missing bwrap @zanie-oai

• #21628 Use CARGO_NET_GIT_FETCH_WITH_CLI in rust-ci-full for more reliable git fetches @zanie-oai

• #21745 [codex] Generalize service tier slash commands @aibrahim-oai

• #21772 Clarify docs folder guidance in AGENTS.md @etraut-openai

• #21622 [codex] Address some more GHA hygiene issues @ww-oai

• #21662 feat: Use installation ID in remote enrollments @ddr-oai

• #20667 Load configured environments from CODEX_HOME @starr-openai

• #21776 Update models.json @github-actions

• #21787 Support resource binaries in Python runtime staging @aibrahim-oai

• #21784 Publish Python runtime wheels on release @aibrahim-oai

• #21601 Emit accepted line fingerprint analytics @alexsong-oai

• #21465 Remove ToolName display helper @pakrym-oai

• #20619 [codex] request desktop attestation from app @jiamingz42

• #21810 Revert "Publish Python runtime wheels on release" @aibrahim-oai

• #21651 [codex] Delete function-style apply_patch @pakrym-oai

• #21805 [codex] Remove legacy after tool use hooks @pakrym-oai

• #21616 Enable --deny-warnings for cargo shear @charliemarsh-oai

• #21497 Using cached connector directory for discoverable tools list @mzeng-openai

• #21835 ci: check out PR head commits in workflows @bolinfest

• #21794 Make environment provider snapshots path-free @starr-openai

• #21831 app-server: support daemon-safe restart handling @euroelessar

• #20293 Support openai library tool @lt-oai

• #21323 [codex] support executor registry remote environments @miz-openai

• #21825 Increase exec-server environment transport timeouts @starr-openai

• #20718 [daemon] Add app-server daemon lifecycle management @euroelessar

• #21840 feat: add Bedrock Mantle client agent header @celia-oai

• #21847 sqlite: no more destructive version bumps @owenlin0

• #21652 Reapply "Move skills watcher to app-server" @pakrym-oai

• #21290 Move file watcher out of core @pakrym-oai

• #21867 feat: Add role-aware plugin share context APIs @xl-openai

• #21875 [codex] compact network context rendering @sayan-oai

• #21778 Route Python SDK turn notifications by ID @aibrahim-oai

• #21906 [codex] Lowercase TUI service tier commands @aibrahim-oai

• #21819 tests: cover sandbox link write behavior @bolinfest

• #21760 fix(tui): preserve wrapped prose beside URLs @fcoury-oai

• #21950 fix(tui): improve light-mode selection contrast @fcoury-oai

• #21755 Improve hooks trust flow in TUI @abhinav-oai

• #21870 Avoid blocking TUI on agent metadata hydration @etraut-openai

• #21866 Split ChatWidget state into focused modules @etraut-openai

• #21991 Persist 'priority' service tier as fast in config @aibrahim-oai

• #21943 fix(tui): preserve Shift+Enter in tmux csi-u panes @fcoury-oai

• #21759 fix(tui): suppress taskkill output for MCP teardown on Windows @fcoury-oai

• #22039 Deduplicate issue digest interactions by user @etraut-openai

• #22052 feat(tui): render responsive Markdown tables in TUI @fcoury-oai

• #20825 Read cached metadata for installed Git plugins @xli-oai

• #21736 extension: add initial typed extension API @jif-oai

• #21737 extension: wire extension registries into sessions @jif-oai

• #21738 extension: move git attribution into an extension @jif-oai

• #22138 refactor: extract executable tool contracts into codex-tool-api @jif-oai

• #22140 feat: drop CodexExtension @jif-oai

• #22143 [codex] default unknown contributed tools to mutating @jif-oai

• #22147 feat: wire extension tool bundles into core @jif-oai

• #22163 feat: move extensions tool @jif-oai

• #22113 Add x-codex-ws-stream-request-start-ms @andmis

• #21860 Persist /goal commands in history @etraut-openai

• #22141 [codex] Harden overflow auto-compaction recovery @aibrahim-oai

• #22170 Revert "[codex] Harden overflow auto-compaction recovery" @aibrahim-oai

• #22106 Fix side conversation config inheritance @etraut-openai

• #22045 Improve goal continuation based on feedback @etraut-openai

• #21981 Use goal preview metadata for goal-first threads @etraut-openai

• #21843 app-server: remove TCP websocket listener @euroelessar

• #22173 chore: drop built-in MCPs @jif-oai

• #21954 Fix goal update and add /goal edit command in TUI @etraut-openai

• #22110 Make auto-review denial short-circuit use a rolling review window @won-openai

• #21431 [codex-analytics] add turn tool counts to turn events @rhan-oai

• #22154 Add process-scoped SQLite telemetry @jif-oai

• #19068 Unified mentions in TUI @canvrno-oai

• #20305 fix(exec-policy) use is_known_safe_command less @dylan-hurd-oai

• #22058 fix(exec-server): suppress Windows taskkill output @fcoury-oai

• #22178 fix(app-server): thread history redaction for remote clients @owenlin0

• #15977 fix(permissions): preserve managed deny-read during escalation @viyatb-oai

• #21061 feat(connectors): support managed app tool approval requirements @viyatb-oai

• #22188 [elicitation] Advertise new url elicitation capability when auth_elicitation is enabled. @mzeng-openai

• #22192 config: accept minus in TUI keymap config @fcoury-oai

• #21853 daemon: refresh updater after validated binary rollout @euroelessar

• #21747 [login] revoke superseded auth tokens on relogin @cooper-oai

• #20147 feat: add network proxy feature flag @viyatb-oai

• #21891 [1/8] Pin Python SDK runtime dependency @aibrahim-oai

• #21893 [2/8] Generate Python SDK types from pinned runtime @aibrahim-oai

• #21895 [3/8] Run Python SDK tests in CI @aibrahim-oai

• #21896 [4/8] Define Python SDK public API surface @aibrahim-oai

• #21905 [5/8] Rename Python SDK package to openai-codex @aibrahim-oai

• #21910 [6/8] Add high-level Python SDK approval mode @aibrahim-oai

• #22014 [7/8] Add Python SDK app-server integration harness @aibrahim-oai

• #22021 [8/8] Add Python SDK Ruff formatting @aibrahim-oai

• #18748 [codex-analytics] emit terminal review events @rhan-oai

• #22159 Add Windows hook command overrides @abhinav-oai

• #22218 Update codex remote-control to start the daemon @owenlin0

• #22180 Stop uploading accepted line fingerprints @alexsong-oai

• #21617 Support multi-environment apply_patch selection @starr-openai

• #22198 Add production startup and TTFT telemetry @mzeng-openai

• #21963 [exec-server] serve websocket listener via HTTP upgrade @euroelessar

• #21946 fix(tui): handle hidden app git directives @fcoury-oai

• #21595 Simplify MCP tool handler plumbing @pakrym-oai

• #22221 feat(skills): default plugin creator to personal share flow @efrazer-oai

• #21861 Apply sandbox context to local view_image reads @starr-openai

• #20527 Support PreToolUse updatedInput rewrites @abhinav-oai

• #22243 [codex] Filter legacy warning messages during compaction @pakrym-oai

• #22254 [codex] Make handlers own parallel tool support @pakrym-oai

• #18202 feat(sandbox): add Windows deny-read parity @viyatb-oai

• #22265 feat: Normalize remote plugin summary identities. @xl-openai

• #22216 feat: guardian as an extension (contributors part) @jif-oai

• #22311 [rollout-trace] Add x-codex-inference-call-id header to inference calls. @cassirer-openai

• #21206 feat(tui): add ambient terminal pets @fcoury-oai

• #22323 fix: uv lock @jif-oai

• #22207 [codex] Tighten unified exec sandbox setup @bookholt-oai

• #22382 tools: remove is_mutating dispatch gating @pakrym-oai

• #22383 chore(config) include_collaboration_mode_instructions @dylan-hurd-oai

• #22377 code-mode: carry nested tool kind through runtime @pakrym-oai

• #22392 test(tui): relax configured pet load timeout @fcoury-oai

• #22343 feat(exec-server): use protobuf relay frames @apanasenko-oai

• #20509 [codex] Remove workspace owner usage nudge gate @richardopenai

• #22256 Refactor namespaced tool spec registration @pakrym-oai

• #22280 code-mode: Add pending-aware code mode execution @cconger

• #22266 core: box multi-agent handler futures @bolinfest

• #22398 [codex] Add search term coverage for tool_search @pakrym-oai

• #22236 Unify thread metadata updates above store @wiltzius-openai

• #22269 Refactor chatwidget state into modules @etraut-openai

• #22381 [codex] Remove tool search bucket limit override @sayan-oai

• #22386 mark Feature::RemoteControl as removed @owenlin0

• #22240 docs(skills): simplify plugin creator deeplink shape @efrazer-oai

• #22397 feat: Expose plugin versions and gate plugin sharing @xl-openai

• #22404 Restore app-server websocket listener with auth guard @etraut-openai

• #22258 feat: route guardian review model selection through providers @celia-oai

• #22268 hooks: use new session IDs instead of thread IDs for hooks, apply parent's session ID to subagents' hooks @eternal-openai

• #20319 Add allow_managed_hooks_only hook requirement @eternal-openai

• #22413 Remove CODEX_RS_SSE_FIXTURE test hook @pakrym-oai

• #22406 tools: infer code-mode namespace descriptions from specs @pakrym-oai

• #22261 Encapsulate tool search entries in handlers @pakrym-oai

• #22425 feat: Split shared workspace plugins by discoverability @xl-openai

• #22414 Add support for UDS in codex --remote @etraut-openai

• #22407 Refactor chatwidget input flow into modules @etraut-openai

• #22439 Remove unavailable MCP placeholder tool backfill @sayan-oai

• #21969 Use root repo hooks in linked worktrees @abhinav-oai

• #21768 add --dangerously-bypass-hook-trust CLI flag @abhinav-oai

• #22435 feat: Add plugin share checkout @xl-openai

• #22355 chore: Keep view_image sandbox test in temp dir @jif-oai

• #22344 extension-api: add approval review contributor flow @jif-oai

• #22359 feat: extract shared tool executor interface @jif-oai

• #22369 Refactor extension tools onto shared ToolExecutor @jif-oai

• #22338 [app-server] Gate login issuer override constant @cassirer-openai

• #22437 [codex] isolate plugin/list from config serialization queue @xli-oai

• #22476 feat: add thread lifecycle contributor hooks @jif-oai

• #22479 nit: codeowners @jif-oai

• #22480 feat: add turn lifecycle contributors @jif-oai

• #22482 fix: emit thread stop lifecycle on implicit shutdown @jif-oai

• #22485 feat: add token usage contributor hook @jif-oai

• #22443 Scope macOS signing secrets to release environment @shijie-oai

• #22490 feat: move extension scope ids into ExtensionData @jif-oai

• #22491 Make context contributors async @jif-oai

• #22214 feat(tui): remove Zellij TUI workarounds @fcoury-oai

• #22139 Add service tier overrides to spawned agents @aibrahim-oai

• #22488 feat: add config-change extension contributor @jif-oai

• #22498 feat: memories ext @jif-oai

• #22503 fix: main @jif-oai

• #22347 feat(tui): standardize picker navigation keys @fcoury-oai

• #22500 refactor: split memories extension crate modules @jif-oai

• #22433 Refactor chatwidget protocol flows into modules (phase 3) @etraut-openai

• #22505 fix: prevent fmt from updating Python SDK lockfile @jif-oai

• #22326 [rollout-trace] Add a trace ID to MCP calls. @cassirer-openai

• #20559 config: add strict config parsing @bolinfest

• #22489 Introduce tool exposure for deferred registration @jif-oai

• #22193 fix: drop underscored id headers @jif-oai

• #22246 [codex] Remove unused legacy shell tools @pakrym-oai

• #22520 revert: mark Feature::RemoteControl as removed @owenlin0

• #22513 Revert "Scope macOS signing secrets to release environment" @shijie-oai

• #22514 feat: expose multi-agent v2 as model-only tools @jif-oai

• #22366 Pass Codex product SKU to ChatGPT backend @ericning-o

• #22519 Deprecate TurnContext cwd and resolve_path @pakrym-oai

• #22518 Refactor chatwidget settings surfaces into modules (phase 4) @etraut-openai

• #21479 [codex] Scope Windows sandbox write-root capability SIDs @adrianbravo-oai

• #22353 windows-sandbox: fail elevated setup when firewall policy is ineffective @iceweasel-oai

• #22527 [codex] Reuse Apps MCP path override for plugin-service rollout @adaley-openai

• #22412 chore(config) rm Feature::CodexGitCommit @dylan-hurd-oai

• #22501 chore(config) rm tools.view_image @dylan-hurd-oai

• #22533 fix: prevent codex-backend from stealing originator @owenlin0

• #22408 Shard Bazel Windows tests across jobs @starr-openai

• #22542 Use selected environment cwd for filesystem helpers @pakrym-oai

• #20237 Add callback ids to local MCP OAuth redirects @stevenlee-oai

• #22549 Enable plugin hooks by default @abhinav-oai

• #22375 Use plugin/list to get list of plugins for mentions @canvrno-oai

• #21235 [codex] Fix TUI wrapping for external borrowed slices @canvrno-oai

• #22336 feat(cli): add codex doctor diagnostics @fcoury-oai

• #22543 clean up instructions @sayan-oai

• #21400 Avoid PowerShell profiles in elevated Windows sandbox @iceweasel-oai

• #22528 Make multi_agent_v2 wait_agent timeouts configurable @andmis

• #22529 Spill oversized PreToolUse additionalContext @abhinav-oai

• #22556 feat: namespace in ext @jif-oai

• #22535 Remove resurrected /collab slash command @etraut-openai

• #22537 Refactor chatwidget orchestration into modules (phase 5) @etraut-openai

• #22564 [codex] Canonicalize shared workspace plugin IDs @xl-openai

• #22559 Add unsigned macOS release artifacts @shijie-oai

• #22574 Deprecate issue labeler @maxb-openai

• #22555 Remove connector_openai prefix filtering @ericning-o

• #22580 fix: Block appserver startup if state db can't be opened @ddr-oai

• #22565 chore(config) rm experimental_use_freeform_apply_patch @dylan-hurd-oai

• #22562 Improve remote-control daemon UX @owenlin0

• #22578 enable/disable remote control at runtime, not via features @owenlin0

• #22573 Simplify TUI startup test coverage @etraut-openai

• #22594 Relax remote plugin sync gate @xli-oai

• #22587 Defer startup NUX impressions until startup succeeds @etraut-openai

• #22560 feat: make ToolExecutor an async trait @jif-oai

• #22494 Wire turn item contributors into stream output @jif-oai

• #17141 feat: add layered --profile-v2 config files @jif-oai

• #22643 [codex] treat PowerShell stop-parsing forms as unsupported @bookholt-oai

• #22646 Fix abort-path turn extension data plumbing @jif-oai

• #22624 permissions: canonicalize workspace_roots and danger-full-access names @bolinfest

• #22649 Chore: better published unsigned artifacts @shijie-oai

• #22581 tui: split composer attachment and popup state @etraut-openai

• #21396 [codex] add plugin marketplace CLI commands @caseychow-oai

• #22576 tests: avoid ambient temp sandbox roots @starr-openai

• #22652 [codex] Ignore fsmonitor config in Git metadata reads @bookholt-oai

• #22229 fix(tui): render network approval history by target @fcoury-oai

• #22547 Prefer the model list fetched from the backend for SIWC users @jeevnayak

• #22666 [codex] fix plugin CLI active user layer compile @caseychow-oai

• #22575 Support explicit MCP OAuth client IDs @mzeng-openai

• #22512 test: isolate exec review policy config test @bolinfest

• #22572 Fix remote environment test fixtures @starr-openai

• #22563 tests: isolate codex home for live cli @starr-openai

• #18161 [codex] Support multiple forced ChatGPT workspaces @rreichel3-oai

• #22702 make rust-release-prepare use env secret @sayan-oai

• #22703 Unqueue plugin list and read requests @xli-oai

• #22687 Fix Windows sandbox clippy clones @starr-openai

• #22711 chore(features) rm Feature::ApplyPatchFreeform @dylan-hurd-oai

• #22717 chore(config) rm windows_wsl_setup_acknowledged @dylan-hurd-oai

• #22695 Trim TUI legacy core helper usage @etraut-openai

• #21624 Fix /review mode MCP startup render issue @canvrno-oai

• #22684 Remove SSE fixture loaders @pakrym-oai

• #22730 [codex] Group removed feature flags @dylan-hurd-oai

• #22724 [codex] Remove experimental instructions file config @dylan-hurd-oai

• #22237 Add user_input_requested_during_turn to MCP turn metadata @mchen-oai

• #22737 ci: support signed macOS release promotion @bolinfest

• #22303 Stabilize compact rollback follow-up test @dylan-hurd-oai

• #22683 permissions: resolve profile identity with constraints @bolinfest

• #22734 tui: recover local state db startup failures @etraut-openai

• #22584 [codex] Add opaque desktop config namespace @guinness-oai

• #22710 Prevent Esc from dismissing or rewinding /side @etraut-openai

• #22704 TUI: split history cells into focused modules @etraut-openai

• #22611 app-server: use permission ids and runtime workspace roots @bolinfest

• #22612 tui/exec: show effective workspace roots in summaries @bolinfest

• #22788 Fix signed macOS release promotion follow-up jobs @shijie-oai

• #22647 Reject legacy [profiles] when using profile-v2 @jif-oai

• #22809 [codex] Use compaction_trigger item for remote compaction v2 @jif-oai

• #22636 Simplify tool executor and registry plumbing @jif-oai

• #22820 Remove zombie tools spec module @jif-oai

• #22828 Run compact hooks for remote compaction v2 @jif-oai

• #22841 Move memory prompt injection to app-server extension @jif-oai

• #22789 guardian: use permission profile for review sandbox @bolinfest

• #22656 tui: split remaining composer draft and footer state @etraut-openai

• #22843 Ignore configured hooks in git helpers @bookholt-oai

• #22790 context: remove legacy permissions instructions helper @bolinfest

• #22791 telemetry: tag sandboxes from permission profiles @bolinfest

• #22872 Forward apps MCP product SKU from Codex config @kumquatexpress

• #22582 Workflow updates @viyatb-oai

• #22792 app-server: stop returning thread permission profiles @bolinfest

• #22795 core: construct test permission profiles directly @bolinfest

• #22900 Disable DMG staging for signed macOS promotion @shijie-oai

• #22877 feat(app-server): update remote control APIs for better UX @owenlin0

• #22899 [codex] Soften SQLite metadata sync failures @wiltzius-openai

# Added Amazon Bedrock setup guidance We added [Amazon Bedrock setup guidance](/codex/amazon-bedrock) for teams that want to use Codex with supported OpenAI models available through AWS-managed infrastructure.

Added documentation for using Codex from the ChatGPT mobile app, including setup steps, connected-host behavior, security requirements, and troubleshooting for common connection issues.

Added a dedicated Auto-review page covering the reviewer lifecycle, trigger conditions, failure behavior, and local or managed configuration.

Also updated the Agent approvals & security and Sandbox docs so they explain more clearly how Auto-review relates to the sandbox boundary.

# Codex app ### New features - Added an in-app trust review flow for hooks and kept Hooks settings reachable even before hooks are fully configured. ### Performance improvements and bug fixes - Restored tooltip-wrapped dropdowns that could stop opening after the tooltip rewrite. - Preserved in-progress message edits across thread switches. - Fixed several desktop workflow regressions, including `Ctrl+V` paste in the Windows terminal, opening modified external links outside the in-app browser, and keeping feedback slash commands attached to the right thread. - Improved loading and panel polish by showing model loading while a thread resumes, hiding unavailable model controls during load, and bundling summary-panel layout and hover fixes. - Kept the Computer Use settings control visible even when uninstalled and disabled problematic extension hover panels. - Additional performance improvements and bug fixes.