Codex is becoming a broader workspace for getting work done with AI. This update makes it easier to start work with less setup, verify what Codex is building, create richer outputs, and keep momentum across longer-running tasks.
The Codex app now includes an early in-app browser. You can open local or public pages that don't require sign-in, comment directly on the rendered page, and ask Codex to address page-level feedback.
Computer use lets Codex operate macOS apps by seeing, clicking, and typing, which helps with native app testing, simulator flows, low-risk app settings, and GUI-only bugs.
The feature isn't available in the European Economic Area, the United Kingdom, or Switzerland at launch.
Chats are threads you can start without choosing a project folder first. They're useful for research, writing, planning, analysis, source gathering, and tool-driven work that doesn't begin in a codebase.
For work that needs a later check-in, thread automations can wake up the same thread on a schedule while preserving the conversation context. Use them to check a long-running process, watch for updates, or continue a follow-up loop without starting from scratch.
The task sidebar makes plans, sources, generated artifacts, and summaries easier to follow while Codex works. Context-aware suggestions can also help you pick up relevant follow-ups when you start or return to Codex.
Codex now brings more of the pull request workflow into the app. You can inspect GitHub pull requests in the sidebar, review comments in the diff, review changed files, then ask Codex to explain feedback, make changes, check them, and keep the review moving.
The artifact viewer can preview generated files such as PDF files, spreadsheets, documents, and presentations in the sidebar before you commit or share them. Memories, where available, can also carry useful context from past tasks into future threads, including stable preferences, project conventions, and recurring work patterns.
Added codex marketplace add and app-server support for installing plugin marketplaces from GitHub, git URLs, local directories, and direct marketplace.json URLs (#17087, #17717, #17756).
Added TUI prompt history improvements, including Ctrl+R reverse search and local recall for accepted slash commands (#17550, #17336).
Added TUI and app-server controls for memory mode, memory reset/deletion, and memory-extension cleanup (#17632, #17626, #17913, #17937, #17844).
Expanded MCP/plugin support with MCP Apps tool calls, namespaced MCP registration, parallel-call opt-in, and sandbox-state metadata for MCP servers (#17364, #17404, #17667, #17763).
Added realtime and app-server APIs for output modality, transcript completion events, raw turn item injection, and symlink-aware filesystem metadata (#17701, #17703, #17719).
Added a secure devcontainer profile with bubblewrap support, plus macOS sandbox allowlists for Unix sockets (#10431, #17547, #17654).
Fixed macOS sandbox/proxy handling for private DNS and removed the danger-full-access denylist-only network mode (#17370, #17732).
Fixed Windows cwd/session matching so resume --last and thread/list work when paths use verbatim prefixes (#17414).
Fixed rate-limit/account handling for prolite plans and made unknown WHAM plan values decodable (#17419).
Made Guardian timeouts distinct from policy denials, with timeout-specific guidance and visible TUI history entries (#17381, #17486, #17521, #17557).
Stabilized app-server behavior by avoiding premature thread unloads, tolerating failed trust persistence on startup, and skipping broken symlinks in fs/readDirectory (#17398, #17595, #17907).
Fixed MCP/tool-call edge cases including flattened deferred tool names, elicitation timeout accounting, and empty namespace descriptions (#17556, #17566, #17946).
Documented the secure devcontainer profile and its bubblewrap requirements (#10431, #17547).
Added TUI composer documentation for history search behavior (#17550).
Updated app-server docs for new MCP, marketplace, turn injection, memory reset, filesystem metadata, external-agent migration, and websocket token-hash APIs (#17364, #17717, #17703, #17913, #17719, #17855, #17871).
Documented WSL1 bubblewrap limitations and WSL2 behavior (#17559).
Added memory pipeline documentation for extension cleanup (#17844).
Hardened supply-chain and CI inputs by pinning GitHub Actions, cargo installs, git dependencies, V8 checksums, and cargo-deny source allowlists (#17471).
Added Bazel release-build verification so release-only Rust code is compiled in PR CI (#17704, #17705).
Introduced the codex-thread-store crate/interface and moved local thread listing behind it (#17659, #17824).
Required reviewed pnpm dependency build scripts for workspace installs (#17558).
Reduced Rust maintenance surface with broader absolute-path types and removal of unused helper APIs (#17407, #17792, #17146).
Full Changelog: rust-v0.120.0...rust-v0.121.0
#17409 Fix Windows exec-server output test flake @etraut-openai
#17381 representing guardian review timeouts in protocol types @won-openai
#17399 TUI: enforce core boundary @etraut-openai
#17370 fix: unblock private DNS in macOS sandbox @viyatb-oai
#17396 update cloud requirements parse failure msg @alexsong-oai
#17364 [mcp] Support MCP Apps part 3 - Add mcp tool call support. @mzeng-openai
#17424 Stabilize marketplace add local source test @ningyi-oai
#17414 Fix thread/list cwd filtering for Windows verbatim paths @etraut-openai
#10431 feat(devcontainer): add separate secure customer profile @viyatb-oai
#17314 Pass turn id with feedback uploads @ningyi-oai
#17336 fix(tui): recall accepted slash commands locally @fcoury-oai
#17430 Handle closed TUI input stream as shutdown @etraut-openai
#17385 Add use_agent_identity feature flag @adrian-openai
#17483 Update issue labeler agent labels @etraut-openai
#17493 fix @aibrahim-oai
#17419 Support prolite plan type @etraut-openai
#17416 Clear /ps after /stop @etraut-openai
#17415 Restore codex-tui resume hint on exit @etraut-openai
#17402 chore: refactor name and namespace to single type @sayan-oai
#17486 changing decision semantics after guardian timeout @won-openai
#17521 Clarify guardian timeout guidance @won-openai
#17547 [codex] Support bubblewrap in secure Docker devcontainer @viyatb-oai
#17519 Budget realtime current thread context @aibrahim-oai
#17556 [codex] Support flattened deferred MCP tool calls @fc-oai
#17558 build(pnpm): require reviewed dependency build scripts @mcgrew-oai
#17559 fix(sandboxing): reject WSL1 bubblewrap sandboxing @viyatb-oai
#17520 Mirror user text into realtime @aibrahim-oai
#17550 feat(tui): add reverse history search to composer @fcoury-oai
#17420 Remove context status-line meter @etraut-openai
#17506 Expose instruction sources (AGENTS.md) via app server @etraut-openai
#17566 fix(mcp) pause timer for elicitations @dylan-hurd-oai
#17406 Add MCP tool wall time to model output @pakrym-oai
#17294 Run exec-server fs operations through sandbox helper @starr-openai
#17605 Stabilize exec-server process tests @etraut-openai
#17216 Build remote exec env from exec-server policy @jif-oai
#17247 Make forked agent spawns keep parent model config @friel-openai
#17470 Fix custom tool output cleanup on stream failure @etraut-openai
#17417 Emit plan-mode prompt notifications for questionnaires @etraut-openai
#17481 Wrap status reset timestamps in narrow layouts @etraut-openai
#17601 Suppress duplicate compaction and terminal wait events @etraut-openai
#17657 Fix TUI compaction item replay @etraut-openai
#17595 Do not fail thread start when trust persistence fails @etraut-openai
#17407 Use AbsolutePathBuf in skill loading and codex_home @pakrym-oai
#17365 Include legacy deny paths in elevated Windows sandbox setup @iceweasel-oai
#17638 feat: Avoid reloading curated marketplaces for tool-suggest discovera… @jif-oai
#17398 app-server: Only unload threads which were unused for some time @euroelessar
#17669 only specify remote ports when the rule needs them @iceweasel-oai
#17691 Fix tui compilation @davidhao3300
#17685 Cap realtime mirrored user turns @aibrahim-oai
#17699 change realtime tool description @aibrahim-oai
#17667 Add supports_parallel_tool_calls flag to included mcps @josiah-openai
#17703 Add turn item injection API @pakrym-oai
#17671 Stabilize exec-server filesystem tests in CI @starr-openai
#17557 guardian timeout fix pr 3 - ux touch for timeouts @won-openai
#17719 [codex] Add symlink flag to fs metadata @pakrym-oai
#17146 [codex] Remove unused Rust helpers @pakrym-oai
#17471 fix: pin inputs @viyatb-oai
#17717 [codex] Refactor marketplace add into shared core flow @xli-oai
#17747 Refactor plugin loading to async @pakrym-oai
#17709 [codex] Initialize ICU data for code mode V8 @pakrym-oai
#17749 [codex] drain mailbox only at request boundaries @tibo-openai
#16640 [codex-analytics] feature plumbing and emittance @rhan-oai
#17761 Tighten realtime handoff finalization @aibrahim-oai
#17701 Add realtime output modality and transcript events @aibrahim-oai
#17665 Always enable original image detail on supported models @fjord-oai
#17374 [codex-analytics] add session source to client metadata @marksteinbrick-oai
#17489 Moving updated-at timestamps to unique millisecond times @ddr-oai
#17732 fix: Revert danger-full-access denylist-only mode @viyatb-oai
#17234 Redirect debug client output to a file @rasmusrygaard
#17803 Keep image_detail_original as a removed feature flag @fjord-oai
#17372 app-server: prepare to run initialized rpcs concurrently @euroelessar
#17704 Refactor Bazel CI job setup @bolinfest
#17674 Route apply_patch through the environment filesystem @starr-openai
#17702 Fix remote skill popup loading @starr-openai
#17830 [codex] Fix app-server initialized request analytics build @etraut-openai
#17389 [codex-analytics] enable general analytics by default @rhan-oai
#17659 thread store interface @wiltzius-openai
#17792 Spread AbsolutePathBuf @pakrym-oai
#17838 Add realtime wire trace logs @aibrahim-oai
#17684 Adjust default tool search result caps @malone-oai
#17705 Add Bazel verify-release-build job @bolinfest
#17720 Make skill loading filesystem-aware @pakrym-oai
#17846 Fix for Guardian CI Tests stack overflow, applying Box to reduce stack pressure @won-openai
#17855 support plugins in external agent config migration @alexsong-oai
#17872 Disable hooks in guardian review sessions @abhinav-oai
#17868 Wrap delegated input text @guinness-oai
#17884 Fix clippy warnings in external agent config migration @canvrno-oai
#17837 Reuse remote exec-server in core tests @starr-openai
#17859 sandbox: remove dead seatbelt helper and update tests @bolinfest
#17870 fix: cleanup the contract of the general-purpose exec() function @bolinfest
#17871 fix: add websocket capability token hash support @viyatb-oai
#17763 Send sandbox state through MCP tool metadata @aaronl-openai
#17654 Support Unix socket allowlists in macOS sandbox @aaronl-openai
#17917 [codex] Fix current main CI blockers @sayan-oai
#17919 chore: do not disable memories for past rollouts on reset @jif-oai
#17404 register all mcp tools with namespace @sayan-oai
#17883 Remove exec-server fs sandbox request preflight @pakrym-oai
#17386 Register agent identities behind use_agent_identity @adrian-openai
#17907 Fix fs/readDirectory to skip broken symlinks @willwang-openai
#17960 chore(features) codex dependencies feat @dylan-hurd-oai
#17965 fix: rename is_azure_responses_wire_base_url to is_azure_responses_provider @bolinfest
#17946 Fix empty tool descriptions @shijie-oai
#17824 [codex] Add local thread store listing @wiltzius-openai
#17942 Add CLI update announcement @shijie-oai
#17866 Refactor auth providers to mutate request headers @pakrym-oai
#17902 app-server: track remote-control seq IDs per stream @euroelessar
#17957 mcp: remove codex/sandbox-state custom request support @bolinfest
#17920 chore(tui) cleanup @dylan-hurd-oai
Realtime V2 can now stream background agent progress while work is still running and queue follow-up responses until the active response completes (#17264, #17306)
Hook activity in the TUI is easier to scan, with live running hooks shown separately and completed hook output kept only when useful (#17266)
Custom TUI status lines can include the renamed thread title (#17187)
Code-mode tool declarations now include MCP outputSchema details so structured tool results are typed more precisely (#17210)
SessionStart hooks can distinguish sessions created by /clear from fresh startup or resume sessions (#17073)
Fixed Windows elevated sandbox handling for split filesystem policies, including read-only carveouts under writable roots (#14568)
Fixed sandbox permission handling for symlinked writable roots and carveouts, preventing failures in shell and apply_patch workflows (#15981)
Fixed codex --remote wss://... panics by installing the Rustls crypto provider before TLS websocket connections (#17288)
Preserved tool search result ordering instead of alphabetically reordering results (#17263)
Fixed live Stop-hook prompts so they appear immediately instead of only after thread history reloads (#17189)
Fixed app-server MCP cleanup on disconnect so unsubscribed threads and resources are torn down correctly (#17223)
Documented the elevated vs restricted-token Windows sandbox support split in the core README (#14568)
Updated app-server protocol documentation for the new /clear SessionStart source (#17073)
Made rollout recording more reliable by retrying failed flushes and surfacing durability failures instead of dropping buffered items (#17214)
Added analytics schemas and metadata wiring for compaction and Guardian review events (#17155, #17055)
Improved Guardian follow-up efficiency by sending transcript deltas instead of repeatedly resending full history (#17269)
Added stable Guardian review IDs across app-server events and internal approval state (#17298)
Full Changelog: rust-v0.119.0...rust-v0.120.0
#17268 remove windows gate that disables hooks @iceweasel-oai
#17267 Stop Realtime V2 response.done delegation @aibrahim-oai
#14568 fix: support split carveouts in windows elevated sandbox @viyatb-oai
#17263 preserve search results order in tool_search_output @sayan-oai
#17189 Emit live hook prompts before raw-event filtering @abhinav-oai
#17288 Install rustls provider for remote websocket client @etraut-openai
#16969 Option to Notify Workspace Owner When Usage Limit is Reached @richardopenai
#17278 Rename Realtime V2 tool to background_agent @aibrahim-oai
#17280 Extract realtime input task handlers @aibrahim-oai
#17249 adding parent_thread_id in guardian @won-openai
#17264 Stream Realtime V2 background agent progress @aibrahim-oai
#17214 feat: make rollout recorder reliable against errors @jif-oai
#17269 feat(guardian): send only transcript deltas on guardian followups @owenlin0
#17306 Queue Realtime V2 response.create while active @aibrahim-oai
#17363 Strengthen realtime backend delegation prompt @aibrahim-oai
#17155 [codex-analytics] add compaction analytics event @rhan-oai
#17187 Add thread title to configurable TUI status line @canvrno-oai
#17194 add parent-id to guardian context @won-openai
#17266 [codex] Improve hook status rendering @abhinav-oai
#17073 Support clear SessionStart source @abhinav-oai
#17298 fix(guardian, app-server): introduce guardian review ids @owenlin0
#17391 Revert "Option to Notify Workspace Owner When Usage Limit is Reached" @shijie-oai
#17371 app-server: add pipelined config rpc regression test @euroelessar
#15981 fix(permissions): fix symlinked writable roots in sandbox permissions @viyatb-oai
#17055 feat(analytics): add guardian review event schema @owenlin0
Realtime voice sessions now default to the v2 WebRTC path, with configurable transport, voice selection, native TUI media support, and app-server coverage for the new flow (#16960, #17057, #17058, #17093, #17097, #17145, #17165, #17176, #17183, #17188).
MCP Apps and custom MCP servers gained richer support, including resource reads, tool-call metadata, custom-server tool search, server-driven elicitations, file-parameter uploads, and more reliable plugin cache refreshes (#16082, #16465, #16944, #17043, #15197, #16191, #16947).
Remote/app-server workflows now support egress websocket transport, remote --cd forwarding, runtime remote-control enablement, sandbox-aware filesystem APIs, and an experimental codex exec-server subcommand (#15951, #16700, #16973, #16751, #17059, #17142, #17162).
The TUI can copy the latest agent response with Ctrl+O, including better clipboard behavior over SSH and across platforms (#16966).
/resume can now jump directly to a session by ID or name from the TUI (#17222).
TUI notifications are more configurable, including Warp OSC 9 support and an opt-in mode for notifications even while the terminal is focused (#17174, #17175).
The TUI starts faster by fetching rate limits asynchronously, and /status now refreshes stale limits instead of showing frozen or misleading quota information (#16201, #17039).
Resume flows are more stable: the picker no longer flashes false empty states, uses fresher thread names, stabilizes timestamp labels, preserves resume hints on zero-token exits, and avoids crashing when resuming the current thread (#16591, #16601, #16822, #16987, #17086).
Composer and chat behavior are smoother, including fixed paste teardown, CJK word navigation, stale /copy output, percent-decoded local file links, and clearer truncated exec-output hints (#16202, #16829, #16648, #16810, #17076).
Fast Mode no longer stays stuck on after /fast off in app-server-backed TUI sessions (#16833).
MCP status and startup are less noisy and faster: hyphenated server names list tools correctly, /mcp avoids slow full inventory probes, disabled servers skip auth probing, and residency headers are honored by codex mcp-server (#16674, #16831, #17098, #16952).
Sandbox, network, and platform edge cases were tightened, including clearer read-only apply_patch errors, refreshed network proxy policy after sandbox changes, suppressed irrelevant bubblewrap warnings, a macOS HTTP-client sandbox panic fix, and Windows firewall address handling (#16885, #17040, #16667, #16670, #17053).
The README now uses the current ChatGPT Business plan name (#16348).
Developer guidance for argument_comment_lint was updated to favor getting CI started instead of blocking on slow local lint runs (#16375).
Obsolete codex-cli README content was removed to avoid stale setup guidance (#17096).
codex exec --help now shows clearer usage and approval-mode wording (#16881, #16888).
codex-core was slimmed down through major crate extractions for MCP, tools, config, model management, auth, feedback, protocol, and related ownership boundaries (#15919, #16379, #16508, #16523, #16962).
Rust CI and workspace guardrails were simplified by blocking new crate features and dropping routine --all-features runs (#16455, #16473).
Core compile times were reduced by removing expensive async-trait expansion from hot tool/task abstractions (#16630, #16631).
Bazel diagnostics and dependency wiring improved with compact execution logs, repository-cache persistence, remote downloader support, and several platform-specific build fixes (#16577, #16926, #16928, #16634, #16744).
Full Changelog: rust-v0.118.0...rust-v0.119.0
#16345 fix: fix clippy issue caught by cargo but not bazel @bolinfest
#16184 Route TUI /feedback submission through the app server @etraut-openai
#16363 Fix PR babysitter review comment monitoring @etraut-openai
#16356 Refactor external auth to use a single trait @etraut-openai
#16366 Fix Windows external bearer refresh test @bolinfest
#16353 ci: verify codex-rs Cargo manifests inherit workspace settings @bolinfest
#16361 Refactor chatwidget tests into topical modules @etraut-openai
#16201 Fix stale /status rate limits in active TUI sessions @etraut-openai
#16351 ci: sync Bazel clippy lints and fix uncovered violations @bolinfest
#16378 fix: suppress status card expect_used warnings after #16351 @bolinfest
#16422 fix(core) rm execute_exec_request sandbox_policy @dylan-hurd-oai
#16375 docs: update argument_comment_lint instructions in AGENTS.md @bolinfest
#16449 fix: remove unused import @bolinfest
#15772 Make fuzzy file search case insensitive @meyers-oai
#16455 ci: block new workspace crate features @bolinfest
#16456 cloud-tasks: split the mock client out of cloud-tasks-client @bolinfest
#16457 tui: remove debug/test-only crate features @bolinfest
#16467 tui: remove the voice-input crate feature @bolinfest
#16379 Extract tool config into codex-tools @bolinfest
#16469 otel: remove the last workspace crate feature @bolinfest
#16471 Extract tool spec helpers into codex-tools @bolinfest
#16473 ci: stop running rust CI with --all-features @bolinfest
#16477 Extract tool discovery helpers into codex-tools @bolinfest
#16480 login: treat provider auth refresh_interval_ms=0 as no auto-refresh @bolinfest
#16448 fix(guardian): make GuardianAssessmentEvent.action strongly typed @owenlin0
#16481 Extract update_plan tool spec into codex-tools @bolinfest
#15919 Extract MCP into codex-mcp crate @aibrahim-oai
#16482 Remove client_common tool re-exports @bolinfest
#16495 fix: remove unused import @bolinfest
#16493 Extract built-in tool spec constructors into codex-tools @bolinfest
#16273 Fix regression: "not available in TUI" error message @etraut-openai
#16497 Extract tool-search output helpers into codex-tools @bolinfest
#16498 fix: guard guardian_command_source_tool_name with cfg(unix) @bolinfest
#16499 Extract tool-suggest wire helpers into codex-tools @bolinfest
#16284 Fix TUI app-server permission profile conversions @etraut-openai
#16202 Fix paste-driven bottom pane completion teardown @etraut-openai
#16504 core: use codex-tools config types directly @bolinfest
#16503 Extract request_user_input normalization into codex-tools @bolinfest
#16510 core: use codex-mcp APIs directly @bolinfest
#16509 Extract code-mode nested tool collection into codex-tools @bolinfest
#16512 core: remove cross-crate re-exports from lib.rs @bolinfest
#16516 fix: add update to Cargo.lock that was missed in #16512 @bolinfest
#16513 Extract tool registry planning into codex-tools @bolinfest
#16521 Move tool registry plan tests into codex-tools @bolinfest
#16523 [codex] Move config types into codex-config @bolinfest
#16524 fix: move some test utilities out of codex-rs/core/src/tools/spec.rs @bolinfest
#16529 [codex] Remove codex-core config type shim @bolinfest
#16577 ci: upload compact Bazel execution logs for bazel.yml @bolinfest
#16581 chore: move codex-exec unit tests into sibling files @bolinfest
#16590 Fix non-determinism in rules_rs/crate_git_repository.bzl @tyler-french
#16604 test: deflake external bearer auth token tests on Windows @bolinfest
#16606 fix: add more detail to test assertion @bolinfest
#16608 fix: increase timeout to account for slow PowerShell startup @bolinfest
#16591 Fix resume picker initial loading state @etraut-openai
#16613 fix: increase another startup timeout for PowerShell @bolinfest
#16601 Fix resume picker stale thread names @etraut-openai
#16616 Fixed some existing labels and added a few new ones @etraut-openai
#16588 Fix stale turn steering during TUI review follow-ups @etraut-openai
#16617 fix: add shell fallback paths for pwsh/powershell that work on GitHub Actions Windows runners @bolinfest
#16596 Fix fork source display in /status (expose forked_from_id in app server) @etraut-openai
#16578 fix(tui): handle zellij redraw and composer rendering @fcoury-oai
#16630 core: cut codex-core compile time 63% with native async ToolHandler @bolinfest
#16631 core: cut codex-core compile time 48% with native async SessionTask @bolinfest
#16492 Auto-trust cwd on thread start @aibrahim-oai
#16633 fix: address unused variable on windows @bolinfest
#16635 app-server: make thread/shellCommand tests shell-aware @bolinfest
#16629 test: use cmd.exe for ProviderAuthScript on Windows @bolinfest
#16634 build: fix Bazel lzma-sys wiring @starr-openai
#16658 Fix deprecated login --api-key parsing @etraut-openai
#16508 extract models manager and related ownership from core @aibrahim-oai
#16662 fix: changes to test that should help them pass on Windows under Bazel @bolinfest
#16665 fix: use COMSPEC in Windows unicode shell test @bolinfest
#16668 fix: use cmd.exe in Windows unicode shell test @bolinfest
#16626 remove temporary ownership re-exports @aibrahim-oai
#16648 Fix stale /copy output after commentary-only turns @etraut-openai
#16674 Fix MCP tool listing for hyphenated server names @etraut-openai
#16667 Suppress bwrap warning when sandboxing is bypassed @etraut-openai
#16670 Fix macOS sandbox panic in Codex HTTP client @etraut-openai
#16699 Fix macOS malloc diagnostics leaking into TUI composer @etraut-openai
#16700 Add remote --cd forwarding for app-server sessions @etraut-openai
#16707 fix: preserve platform-specific core shell env vars @bolinfest
#16715 fix: address clippy violations that sneaked in @bolinfest
#16722 fix windows-only clippy lint violation @bolinfest
#16710 fix(tui): sort skill mentions by display name first @fcoury-oai
#16709 Sanitize forked child history @aibrahim-oai
#16711 Fix Windows Bazel app-server trust tests @bolinfest
#16720 Remove OPENAI_BASE_URL config fallback @etraut-openai
#16528 Codex/windows bazel rust test coverage no rs @bolinfest
#16450 bazel: lint rust_test targets in clippy workflow @bolinfest
#16735 [codex] allow disabling prompt instruction blocks @tibo-openai
#16745 [codex] allow disabling environment context injection @tibo-openai
#16725 Preempt mailbox mail after reasoning/commentary items @aibrahim-oai
#16755 Use Node 24 for npm publish @aibrahim-oai
#16753 [codex] add responses proxy JSON dumps @tibo-openai
#16746 Add spawn context for MultiAgentV2 children @aibrahim-oai
#16757 Back out "bazel: lint rust_test targets in clippy workflow (#16450)" @bolinfest
#16737 test: avoid PowerShell startup in Windows auth fixture @bolinfest
#16740 ci: align Bazel repo cache and Windows clippy target handling @bolinfest
#16758 [codex] add context-window lineage headers @tibo-openai
#16823 Fix flaky test relating to metadata remote URL @etraut-openai
#16825 Fix flaky permissions escalation test on Windows @etraut-openai
#16881 Fix misleading codex exec help usage @etraut-openai
#16888 Clarify codex exec approval help @etraut-openai
#16876 [codex] add response proxy subagent header test @tibo-openai
#16829 Fix CJK word navigation in the TUI composer @etraut-openai
#16833 Fix TUI fast mode toggle regression @etraut-openai
#16795 [regression] Fix ephemeral turn backfill in exec @etraut-openai
#16822 Fix resume picker timestamp labels and stability @etraut-openai
#16813 Annotate skill doc reads with skill names @etraut-openai
#16810 (tui): Decode percent-escaped bare local file links @etraut-openai
#16877 [codex-backend] Make thread metadata updates tolerate pending backfill @joeytrasatti-openai
#16701 feat(requirements): support allowed_approval_reviewers @owenlin0
#16926 bazel: Always save bazel repository cache @euroelessar
#16928 bazel: Enable --experimental_remote_downloader @euroelessar
#16462 fix(guardian): fix ordering of guardian events @owenlin0
#16924 fix(sqlite): don't hard fail migrator if DB is newer @owenlin0
#16744 build: restore lzma-sys Bazel wiring for devbox codex run @starr-openai
#16764 app-server: centralize AuthManager initialization @euroelessar
#16939 Fix clippy warning @mzeng-openai
#16923 Revert "[codex-backend] Make thread metadata updates tolerate pending backfill" @joeytrasatti-openai
#15951 app-server: Add egress websocket transport @euroelessar
#16945 [codex] Allow PyTorch libomp shm in Seatbelt @viyatb-oai
#16947 feat: fallback curated plugin download from backend endpint. @xl-openai
#16191 feat: refresh non-curated cache from plugin list. @xl-openai
#16952 Respect residency requirements in mcp-server @etraut-openai
#16827 tui: route device-code auth through app server @etraut-openai
#16638 [codex-analytics] add protocol-native turn timestamps @rhan-oai
#16831 Speed up /mcp inventory listing @etraut-openai
#16349 Disable env-bound tools when exec server is none @starr-openai
#16957 Promote image_detail_original to experimental @fjord-oai
#16962 Refactor config types into a separate crate @pakrym-oai
#16153 Add setTimeout support to code mode @pakrym-oai
#16961 app-server: Unify config changes handling a bit @euroelessar
#16890 Validate exec input before starting app-server @etraut-openai
#16082 [mcp] Support MCP Apps part 1. @mzeng-openai
#15893 fix: warn when bwrap cannot create user namespaces @viyatb-oai
#16946 [codex] Add danger-full-access denylist-only network mode @viyatb-oai
#16972 app-server: Fix compilation of a test in mcp_resource @euroelessar
#15826 Make AGENTS.md discovery FS-aware @pakrym-oai
#16964 Honor null thread instructions @aibrahim-oai
#16988 collapse dev message into one @won-openai
#16724 [codex] ez - rename env=>request in codex-rs/core/src/unified_exec/process_manager.rs @starr-openai
#17008 chore: send_message and followup_task do not return anything @jif-oai
#16978 [codex] reduce module visibility @pakrym-oai
#17009 chore: keep request_user_input tool to persist cache on multi-agents @jif-oai
#16739 Stabilize flaky multi-agent followup interrupt test @etraut-openai
#16885 Fix read-only apply_patch rejection message @etraut-openai
#16882 Fix nested exec thread ID restore @etraut-openai
#16976 Preserve null developer instructions @aibrahim-oai
#16987 Fix missing resume hint on zero-token exits @etraut-openai
#16912 feat(analytics): generate an installation_id and pass it in responsesapi client_metadata @owenlin0
#16956 fix(guardian): don't throw away transcript when over budget @owenlin0
#16981 [codex] Make AbsolutePathBuf joins infallible @pakrym-oai
#16348 Update README @romainhuet
#16977 [codex] Make unified exec tests remote aware @pakrym-oai
#16465 [mcp] Support MCP Apps part 2 - Add meta to mcp tool call result. @mzeng-openai
#17026 app-server: Move watch_id to request of fs/watch @euroelessar
#16980 Add full-ci branch trigger @pakrym-oai
#16973 app-server: Allow enabling remote control in runtime @euroelessar
#17032 [codex] Fix unified exec test build @pakrym-oai
#17031 fix(core) revert Command line in unified exec output @dylan-hurd-oai
#17027 [codex] Migrate apply_patch to executor filesystem @pakrym-oai
#17044 [app-server-protocol] introduce generic ServerResponse for app-server-protocol @rhan-oai
#17047 fix(app-server) revert null instructions changes @dylan-hurd-oai
#16960 Add WebRTC transport to realtime start @aibrahim-oai
#17053 Fix remote address format to work with Windows Firewall rules. @iceweasel-oai
#17048 [codex] Apply patches through executor filesystem @pakrym-oai
#16949 Use model metadata for Fast Mode status @pash-openai
#17039 fix(tui): reduce startup and new-session latency @fcoury-oai
#17059 Add remote exec start script @pakrym-oai
#17064 Add project-local codex bug triage skill @etraut-openai
#17040 fix: refresh network proxy settings when sandbox mode changes @viyatb-oai
#16698 Remove expired April 2nd tooltip copy @etraut-openai
#17096 Remove obsolete codex-cli README @etraut-openai
#17071 Configure multi_agent_v2 spawn agent hints @pakrym-oai
#17091 Show global AGENTS.md in /status @etraut-openai
#17086 Fix TUI crash when resuming the current thread @etraut-openai
#17098 Skip MCP auth probing for disabled servers @etraut-openai
#17097 Add realtime transport config @aibrahim-oai
#17043 [mcp] Support server-driven elicitations @mzeng-openai
#17058 Add WebRTC media transport to realtime TUI @aibrahim-oai
#17063 Use AbsolutePathBuf for exec cwd plumbing @pakrym-oai
#17138 fix(debug-config, guardian): fix /debug-config rendering and guardian… @owenlin0
#17046 release ready, enabling only for siwc users @won-openai
#16751 Add sandbox support to filesystem APIs @starr-openai
#17142 [codex] Support remote exec cwd in TUI startup @pakrym-oai
#17149 Fix missing fields @canvrno-oai
#17154 Fix ToolsConfigParams initializer in tool registry test @won-openai
#17145 Wire realtime WebRTC native media into Bazel @aibrahim-oai
#17057 Attach WebRTC realtime starts to sideband websocket @aibrahim-oai
#17162 Add top-level exec-server subcommand @starr-openai
#17061 Update guardian output schema @maja-openai
#17164 Auto-approve MCP server elicitations in Full Access mode @leoshimo-oai
#17093 Add WebRTC realtime app-server e2e tests @aibrahim-oai
#17174 Support Warp for OSC 9 notifications @etraut-openai
#16646 Fix stale thread-name resume lookups @etraut-openai
#17165 Move default realtime prompt into core @aibrahim-oai
#17176 Add realtime voice selection @aibrahim-oai
#17175 Add TUI notification condition config @etraut-openai
#17183 Default realtime startup to v2 model @aibrahim-oai
#17186 Skip update prompts for source builds @etraut-openai
#17188 make webrtc the default experience @aibrahim-oai
#17163 [codex] Defer steering until after sampling the model post-compaction @jgershen-oai
#17226 feat: advanced announcements per OS and plans @jif-oai
#17170 Render statusline context as a meter @etraut-openai
#17217 Skip local shell snapshots for remote unified exec @jif-oai
#17168 refactor(proxy): clarify sandbox block messages @viyatb-oai
#17076 [codex] Show ctrl + t hint on truncated exec output in TUI @mom-oai
#15197 Add Codex Apps sediment file remapping @caseychow-oai
#16009 Forward app-server turn clientMetadata to Responses @neil-oai
#17256 app-server: Use shared receivers for app-server message processors @euroelessar
#16944 [mcp] Expand tool search to custom MCPs. @mzeng-openai
#16966 feat(tui): Ctrl+O copy hotkey and harden copy-as-markdown behavior @fcoury-oai
#17262 app-server: Fix clippy by removing extra mut @euroelessar
#17258 Omit empty app-server instruction overrides @aibrahim-oai
We're updating model availability for users who sign in with ChatGPT. Starting
April 7, the model picker no longer shows gpt-5.2-codex,
gpt-5.1-codex-mini, gpt-5.1-codex-max, gpt-5.1-codex, gpt-5.1, or
gpt-5. On April 14, we'll remove those models from Codex for ChatGPT sign-in.
Users can still choose from gpt-5.4, gpt-5.4-mini, gpt-5.3-codex, and
gpt-5.2. ChatGPT Pro users can also choose gpt-5.3-codex-spark.
To use another API-supported model in Codex, sign in with an API key or configure a model provider.
Windows sandbox runs can now enforce proxy-only networking with OS-level egress rules, instead of relying on environment variables alone. (#12220)
App-server clients can now start ChatGPT sign-in with a device code flow, which helps when browser callback login is unreliable or unavailable. (#15525)
codex exec now supports the prompt-plus-stdin workflow, so you can pipe input and still pass a separate prompt on the command line. (#15917)
Custom model providers can now fetch and refresh short-lived bearer tokens dynamically, instead of being limited to static credentials from config or environment variables. (#16286, #16287, #16288)
Project-local .codex files are now protected even on first creation, closing a gap where the initial write could bypass normal approval checks. (#15067)
Linux sandbox launches are more reliable because Codex once again finds a trusted system bwrap on normal multi-entry PATHs. (#15791, #15973)
The app-server-backed TUI regained several missing workflows: hook notifications replay correctly, /copy and /resume work again, /agent no longer shows stale threads, and the skills picker scrolls past the first page. (#16013, #16021, #16050, #16014, #16109, #16110)
MCP startup is more robust: local servers get a longer startup window, and failed handshakes surface warnings in the TUI again instead of looking like clean startups. (#16080, #16041)
On Windows, apply_patch is less likely to fail because it no longer adds redundant writable roots that could trigger unnecessary ACL churn. (#16030)
Full Changelog: rust-v0.117.0...rust-v0.118.0
#15891 [plugins] Polish tool suggest prompts. @mzeng-openai
#15791 fix: resolve bwrap from trusted PATH entry @viyatb-oai
#15900 skills: remove unused skill permission metadata @bolinfest
#15811 app-server: Split transport module @euroelessar
#15067 Protect first-time project .codex creation across Linux and macOS sandboxes @rreichel3-oai
#15903 [codex] import token_data from codex-login directly @bolinfest
#15897 sandboxing: use OsString for SandboxCommand.program @bolinfest
#15910 docs: update AGENTS.md to discourage adding code to codex-core @bolinfest
#15898 chore: move bwrap config helpers into dedicated module @viyatb-oai
#15906 chore: remove skill metadata from command approval payloads @bolinfest
#15909 fix(network-proxy): fail closed on network-proxy DNS lookup errors @viyatb-oai
#14495 Preserve bazel repository cache in github actions @siggisim
#15923 codex-tools: extract shared tool schema parsing @bolinfest
#15918 permissions: remove macOS seatbelt extension profiles @bolinfest
#12220 feat(windows-sandbox): add network proxy support @viyatb-oai
#15931 fix: make MACOS_DEFAULT_PREFERENCES_POLICY part of MACOS_SEATBELT_BASE_POLICY @bolinfest
#15933 fix: use matrix.target instead of matrix.os for actions/cache build action @bolinfest
#15928 codex-tools: extract MCP schema adapters @bolinfest
#15948 fix: increase timeout for rust-ci to 45 minutes for now @bolinfest
#15921 [app-server-protocol] introduce generic ClientResponse for app-server-protocol @rhan-oai
#15120 chore: refactor network permissions to use explicit domain and unix socket rule maps @celia-oai
#15525 Add ChatGPT device-code login to app server @daniel-oai
#15954 chore: move pty and windows sandbox to Rust 2024 @bolinfest
#16000 Use codex-utils-template for login error page @jif-oai
#15998 Use codex-utils-template for sandbox mode prompts @jif-oai
#15995 Use codex-utils-template for collaboration mode presets @jif-oai
#15996 Use codex-utils-template for search tool descriptions @jif-oai
#15999 Use codex-utils-template for review exit XML @jif-oai
#15973 fix(sandbox): fix bwrap lookup for multi-entry PATH @viyatb-oai
#15944 codex-tools: extract dynamic tool adapters @bolinfest
#15955 ci: add Bazel clippy workflow for codex-rs @bolinfest
#15953 codex-tools: introduce named tool definitions @bolinfest
#16027 fix: fix Windows CI regression introduced in #15999 @bolinfest
#16036 fix: disable plugins in SDK integration tests @bolinfest
#15946 Normalize /mcp tool grouping for hyphenated server names @pakrym-oai
#16035 plugins: Clean up stale curated plugin sync temp dirs and add sync metrics @xl-openai
#15934 Add usage-based business plan types @bwanner-oai
#16031 codex-tools: extract responses API tool models @bolinfest
#16013 Fix tui_app_server hook notification rendering and replay @etraut-openai
#16021 Fix /copy regression in tui_app_server turn completion @etraut-openai
#16044 [mcp] Bypass read-only tool checks. @mzeng-openai
#16030 don't include redundant write roots in apply_patch @iceweasel-oai
#15922 Remove the legacy TUI split @etraut-openai
#15828 [codex] Pin GitHub Actions workflow references @hintz-openai
#16046 ci: run SDK tests with a Bazel-built codex @bolinfest
#16050 Fix tui_app_server resume-by-name lookup regression @etraut-openai
#16014 Fix tui_app_server agent picker closed-state regression @etraut-openai
#16054 chore: clean up argument-comment lint and roll out all-target CI on macOS @bolinfest
#15917 Support Codex CLI stdin piping for codex exec @jliccini
#16057 shell-command: reuse a PowerShell parser process on Windows @bolinfest
#16063 refactor: rewrite argument-comment lint wrappers in Python @bolinfest
#15952 bazel: enable the full Windows gnullvm CI path @bolinfest
#16067 ci: run Bazel clippy on Windows gnullvm @bolinfest
#16071 fix: clean up remaining Windows argument-comment-lint violations @bolinfest
#16072 ci: split fast PR Rust CI from full post-merge Cargo CI @bolinfest
#16074 bazel: add Windows gnullvm stack flags to unit test binaries @bolinfest
#16026 fix(tui): refresh footer on collaboration mode changes @fcoury
#16112 Update PR babysitter skill for review replies and resolution @etraut-openai
#16104 Rename tui_app_server to tui @etraut-openai
#16118 fix: fix comment linter lint violations in Linux-only code @bolinfest
#16106 build: migrate argument-comment-lint to a native Bazel aspect @bolinfest
#16115 Remove remaining custom prompt support @etraut-openai
#16116 Remove the codex-tui app-server originator workaround @etraut-openai
#16047 codex-tools: extract tool spec models @bolinfest
#16128 bazel: refresh the expired macOS SDK pin @bolinfest
#16129 codex-tools: extract configured tool specs @bolinfest
#16130 ci: keep rust-ci-full Windows argument-comment-lint on packaged wrapper @bolinfest
#16126 core: fix stale curated plugin cache refresh races @bolinfest
#16132 codex-tools: extract code mode tool spec adapters @bolinfest
#16136 ci: use BuildBuddy for rust-ci-full non-Windows argument-comment-lint @bolinfest
#16137 exec: make review-policy tests hermetic @bolinfest
#16109 Fix skills picker scrolling in tui app server @etraut-openai
#16138 codex-tools: extract local host tool specs @bolinfest
#16114 Remove TUI voice transcription feature @etraut-openai
#16080 [mcp] Increase MCP startup timeout. @mzeng-openai
#16141 codex-tools: extract collaboration tool specs @bolinfest
#16041 Fix app-server TUI MCP startup warnings regression @etraut-openai
#16110 Fix tui_app_server ghost subagent entries in /agent @etraut-openai
#16154 codex-tools: extract utility tool specs @bolinfest
#16204 [codex] Normalize Windows path in MCP startup snapshot test @etraut-openai
#16193 codex-tools: extract discovery tool specs @bolinfest
#16254 codex-tools: extract discoverable tool models @bolinfest
#16253 fix: close Bazel argument-comment-lint CI gaps @bolinfest
#16225 [codex-analytics] refactor analytics to use reducer architecture @rhan-oai
#16120 ci: run Windows argument-comment-lint via native Bazel @bolinfest
#16286 auth: generalize external auth tokens for bearer-only sources @bolinfest
#16287 auth: let AuthManager own external bearer auth @bolinfest
#16288 core: support dynamic auth tokens for model providers @bolinfest
Plugins are now a first-class workflow: Codex can sync product-scoped plugins at startup, browse them in /plugins, and install or remove them with clearer auth/setup handling. (#15041, #15042, #15195, #15215, #15217, #15264, #15275, #15342, #15580, #15606, #15802)
Sub-agents now use readable path-based addresses like /root/agent_a, with structured inter-agent messaging and agent listing for multi-agent v2 workflows. (#15313, #15515, #15556, #15570, #15621, #15647)
The /title terminal-title picker now works in both the classic TUI and the app-server TUI, making parallel sessions easier to tell apart. (#12334, #15860)
App-server clients can now send ! shell commands, watch filesystem changes, and connect to remote websocket servers with bearer-token auth. (#14988, #14533, #14847, #14853)
Image workflows got smoother: view_image now returns image URLs for code mode, generated images are reopenable from the TUI, and image-generation history survives resume. (#15072, #15154, #15223)
Prompt history recall now works in the app-server TUI, including across sessions. (#14945)
tui_app_server no longer duplicates live reasoning summaries or /review output, and it preserves transcript text instead of dropping it under backpressure. (#15758, #15839, #15759)
ChatGPT login in tui_app_server now opens the local browser again, cancels cleanly on Ctrl+C, and no longer fails startup when you're logged out. (#15672, #15673, #15670)
Early exits now restore terminal state reliably, avoiding broken shell state after quitting; tmux users also get a working queued-message edit shortcut on Shift+Left. (#15671, #15480)
Linux sandboxed tool calls are more reliable on older distributions with older bubblewrap, and Windows restricted-token sandboxing now supports more split-policy carveout layouts. (#15693, #14172)
Remote multi-agent sessions now show agent names instead of raw IDs and recover more gracefully from stale turn-steering races. (#15513, #15714, #15163)
Plugin-backed mentions and product gating now behave more predictably, fixing cases where explicit mentions lost context or plugins were filtered incorrectly. (#15372, #15263, #15279)
thread.run(...) quickstart flow. (#15089, #14533, #15344, #15088)The app-server-backed TUI is now enabled by default, and the plugin/app rollout flags have been flipped on in normal builds. (#15661, #15713, #15719, #15820)
Removed the legacy artifact tool and retired the old read_file and grep_files handlers as part of ongoing tool-surface cleanup. (#15851, #15864, #15773, #15775)
Full Changelog: rust-v0.116.0...rust-v0.117.0
#14945 feat(tui): restore composer history in app-server tui @fcoury
#15092 fix: try to fix "Stage npm package" step in ci.yml @bolinfest
#15075 Propagate tool errors to code mode @pakrym-oai
#15072 Return image URL from view_image tool @pakrym-oai
#15076 Add a startup deprecation warning for custom prompts @etraut-openai
#15102 Revert "fix: harden plugin feature gating" @xl-openai
#15077 Add final message prefix to realtime handoff output @aibrahim-oai
#13494 Align SQLite feedback logs with feedback formatter @charley-oai
#14888 Feat: reuse persisted model and reasoning effort on thread resume @shijie-oai
#15111 don't add transcript for v2 realtime @aibrahim-oai
#15103 Add update_plan code mode result @pakrym-oai
#15100 Add apply_patch code mode result @pakrym-oai
#15104 fix: harden plugin feature gating @xl-openai
#15089 Add exec-server stub server and protocol docs @starr-openai
#15042 Support featured plugins @alexsong-oai
#15088 Add Python SDK thread.run convenience methods @shaqayeq-oai
#15119 Remove stdio transport from exec server @pakrym-oai
#14632 feat(core, tracing): create turn spans over websockets @owenlin0
#15011 Forward session and turn headers to MCP HTTP requests @nicholasclark-openai
#15118 [hooks] turn_id extension for Stop & UserPromptSubmit @eternal-openai
#14970 Simple directory mentions @canvrno-oai
#14988 Add thread/shellCommand to app server API surface @etraut-openai
#15041 feat: support product-scoped plugins. @xl-openai
#15056 feat: add graph representation of agent network @jif-oai
#15125 Move environment abstraction into exec server @pakrym-oai
#15185 Revert "Forward session and turn headers to MCP HTTP requests" @nicholasclark-openai
#14867 [hooks] use a user message > developer message for prompt continuation @eternal-openai
#15196 Add experimental exec server URL handling @pakrym-oai
#15198 Publish runnable DotSlash package for argument-comment lint @bolinfest
#15090 Add exec-server process and filesystem RPCs @starr-openai
#15201 Log automated reviewer approval sources distinctly @gabec-openai
#12334 feat(tui): add /title terminal title configuration @yvolovich-cyber
#15206 feat(tracing): tag app-server turn spans with turn_id @owenlin0
#15216 Move terminal module to terminal-detection crate @aibrahim-oai
#15207 add specific tool guidance for Windows destructive commands @iceweasel-oai
#15154 adding full imagepath to tui @won-openai
#15217 feat: expose needs_auth for plugin/read. @xl-openai
#15190 Plumb MCP turn metadata through _meta @nicholasclark-openai
#15220 feat(app-server): add mcpServer/startupStatus/updated notification @owenlin0
#15222 changed save directory to codex_home @won-openai
#15232 Refactor ExecServer filesystem split between local and remote @pakrym-oai
#15150 Move auth code into login crate @aibrahim-oai
#15195 [plugins] Install MCPs when calling plugin/install @mzeng-openai
#15254 core: add a full-buffer exec capture policy @bolinfest
#15263 fix: Distinguish missing and empty plugin products @xl-openai
#15253 Split features into codex-features crate @aibrahim-oai
#15233 Split exec process into local and remote implementations @starr-openai
#15199 Use released DotSlash package for argument-comment lint @bolinfest
#15215 Initial plugins TUI menu - list and read only. tui + tui_app_server @canvrno-oai
#15252 Disable hooks on windows for now @eternal-openai
#15264 feat: Add One-Time Startup Remote Plugin Sync @xl-openai
#15262 Add guardian follow-up reminder @charley-oai
#15223 Feat/restore image generation history @won-openai
#15275 feat: prefer git for curated plugin sync @xl-openai
#14869 Add remote env CI matrix and integration test @pakrym-oai
#15218 Add temporary app-server originator fallback for codex-tui @etraut-openai
#15324 Add remote test skill @pakrym-oai
#15313 feat: change multi-agent to use path-like system instead of uuids @jif-oai
#15244 Pin Python SDK app-server stdio to UTF-8 on Windows @shaqayeq-oai
#15273 [apps] Use ARC for yolo mode. @mzeng-openai
#15128 chore(core) Remove Feature::PowershellUtf8 @dylan-hurd-oai
#15344 Add realtime transcript notification in v2 @aibrahim-oai
#15285 Gate tui /plugins menu behind flag @canvrno-oai
#15114 fix: allow restricted filesystem profiles to read helper executables @celia-oai
#15231 chore(core) update prefix_rule guidance @dylan-hurd-oai
#15036 fix(core) disable command_might_be_dangerous when unsandboxed @dylan-hurd-oai
#15348 Pass platform param to featured plugins @alexsong-oai
#15372 [plugins] Fix plugin explicit mention context management. @mzeng-openai
#15366 chore(context) Include guardian approval context @dylan-hurd-oai
#15390 Remove legacy app-server notification handling from tui_app_server @etraut-openai
#15414 Remove legacy auth and notification handling from tui_app_server @etraut-openai
#15376 [apps] Improve app tools loading for TUI. @mzeng-openai
#15415 chore(exec_policy) ExecPolicyRequirementScenario tests @dylan-hurd-oai
#15464 Remove smart_approvals alias migration @charley-oai
#15443 core: snapshot fork startup context injection @charley-oai
#15480 Use Shift+Left to edit queued messages in tmux @charley-oai
#15338 fix: fall back to vendored bubblewrap when system bwrap lacks --argv0 @bolinfest
#15279 Label plugins as plugins, and hide skills/apps for given plugin @canvrno-oai
#15259 tui: queue follow-ups during manual /compact @charley-oai
#15357 Fix: proactive auth refresh to reload guarded disk state first @celia-oai
#15342 Plugins TUI install/uninstall @canvrno-oai
#15516 Thread guardian Responses API errors into denial rationale @charley-oai
#15378 feat: support disable skills by name. @xl-openai
#15529 Unify realtime stop handling in TUI @aibrahim-oai
#15556 feat: new op type for sub-agents communication @jif-oai
#15211 [hooks] add non-streaming (non-stdin style) shell-only PreToolUse support @eternal-openai
#15560 feat: use serde to differenciate inter agent communication @jif-oai
#15426 chore(core) Add approvals reviewer to UserTurn @dylan-hurd-oai
#15562 [codex] Add rollback context duplication snapshot @charley-oai
#15360 fix: build PATH env var using OsString instead of String @bolinfest
#15239 Add fork snapshot modes @charley-oai
#15554 Add plugin-creator as system skill @alexsong-oai
#15592 Extract landlock helpers into codex-sandboxing @pakrym-oai
#15593 Move macOS sandbox builders into codex-sandboxing @pakrym-oai
#15478 [codex-cli][app-server] Update self-serve business usage limit copy in error returned @dhruvgupta-oai
#15600 move imagegen skill into system skills @dkundel-openai
#15599 Move sandbox policy transforms into codex-sandboxing @pakrym-oai
#15580 Remove filter from plugins/list result @canvrno-oai
#15581 Stabilize macOS CI test timeouts @dylan-hurd-oai
#15549 Allow global network allowlist wildcard @rreichel3-oai
#15424 Finish moving codex exec to app-server @etraut-openai
#15603 Extract sandbox manager and transforms into codex-sandboxing @pakrym-oai
#15484 chore(deps): bump pnpm/action-setup from 4 to 5 @dependabot
#14777 Bump vedantmgoyal9/winget-releaser from 19e706d4c9121098010096f9c495a70a7518b30f to 7bd472be23763def6e16bd06cc8b1cdfab0e2fd5 @dependabot
#15558 [Codex TUI] - Sort /plugins TUI menu by installed status first, alpha second @canvrno-oai
#15598 Refresh mentions list after plugin install/uninstall @canvrno-oai
#15624 feat: disable notifier v2 and start turn on agent interaction @jif-oai
#15605 [codex] Stabilize compact resume and fork snapshot flaky tests @charley-oai
#15606 Pretty plugin labels, preserve plugin app provenance during MCP tool refresh @canvrno-oai
#15579 Increase voice space hold timeout to 1s @aibrahim-oai
#15093 core: Make FileWatcher reusable @euroelessar
#15547 app-server: Add back pressure and batching to command/exec @euroelessar
#15438 feat: include marketplace loading error in plugin/list @xl-openai
#15545 chore: use access token expiration for proactive auth refresh @celia-oai
#15530 chore: stop app-server auth refresh storms after permanent token failure @celia-oai
#15577 Trim pre-turn context updates during rollback @charley-oai
#15660 Hide numeric prefixes on disabled TUI list rows @canvrno-oai
#15644 fix: keep zsh-fork release assets after removing shell-tool-mcp @bolinfest
#15670 tui_app_server: tolerate missing rate limits while logged out @etraut-openai
#15564 Move git utilities into a dedicated crate @aibrahim-oai
#15669 Clean up TUI /plugins row allignment @canvrno-oai
#15671 tui: always restore the terminal on early exit @etraut-openai
#15672 tui_app_server: open ChatGPT login in the local browser @etraut-openai
#15673 tui_app_server: cancel active login before Ctrl+C exit @etraut-openai
#15676 Tweak /plugin menu wording @canvrno-oai
#15666 Suppress plugin-install MCP OAuth URL console spam @canvrno-oai
#15573 [plugins] Additional gating for tool suggest and apps. @mzeng-openai
#15665 Drop sandbox_permissions from sandbox exec requests @pakrym-oai
#15572 Move string truncation helpers into codex-utils-string @aibrahim-oai
#14533 app-server: add filesystem watch support @euroelessar
#15674 Use delayed shimmer for plugin loading headers in tui and tui_app_server @canvrno-oai
#15689 app-server: Return codex home in initialize response @euroelessar
#15363 fix: keep rmcp-client env vars as OsString @bolinfest
#15700 Remove provenance filtering in $mentions for apps and skills from plugins @canvrno-oai
#15692 Add legal link to TUI /plugin details @canvrno-oai
#15351 Expand ~ in MDM workspace write roots @evawong-oai
#15548 Extract rollout into its own crate @aibrahim-oai
#15699 [codex] Defer fork context injection until first turn @charley-oai
#15601 [app-server] Add a method to override feature flags. @mzeng-openai
#15708 TUI plugin menu cleanup - hide app ID @canvrno-oai
#15677 Fix stale quickstart integration assertion @shaqayeq-oai
#15713 [plugins] Flip the flags. @mzeng-openai
#15719 [plugins] Flip on additional flags. @mzeng-openai
#14172 fix: support split carveouts in windows restricted-token sandbox @viyatb-oai
#15714 Fix stale turn steering fallback in tui_app_server @etraut-openai
#15722 [plugins] Add a flag for tool search. @mzeng-openai
#15734 Update plugin creator skill. @xl-openai
#15519 fix(core): default approval behavior for mcp missing annotations @fouad-openai
#15710 Use AbsolutePathBuf for cwd state @pakrym-oai
#15758 fix(tui): avoid duplicate live reasoning summaries @fcoury
#15744 Extract codex-instructions crate @aibrahim-oai
#15339 Add non-interactive resume filter option @nornagon-openai
#15746 Extract codex-utils-plugins crate @aibrahim-oai
#15747 Extract codex-plugin crate @aibrahim-oai
#15748 Extract codex-analytics crate @aibrahim-oai
#15707 Clarify codex_home base for MDM path resolution @evawong-oai
#15513 fix(tui_app_server): fix remote subagent switching and agent names @fcoury
#14856 [apps][tool_suggest] Remove tool_suggest's dependency on tool search. @mzeng-openai
#14847 feat: add websocket auth for app-server @viyatb-oai
#15759 fix(tui_app_server): preserve transcript events under backpressure @fcoury
#15749 Extract codex-core-skills crate @aibrahim-oai
#15798 Avoid duplicate auth refreshes in getAuthStatus @etraut-openai
#15659 Add MCP tool call spans @nicholasclark-openai
#15789 Treat ChatGPT hc plan as Enterprise @arnavdugar-openai
#15802 TUI plugin menu polish @canvrno-oai
#15785 Add cached environment manager for exec server URL @pakrym-oai
#15806 Add ReloadUserConfig to tui_app_server @canvrno-oai
#15810 app-server: Organize app-server to allow more transports @euroelessar
#15800 [mcp] Improve custom MCP elicitation @mzeng-openai
#15531 [hooks] add non-streaming (non-stdin style) shell-only PostToolUse support @eternal-openai
#15820 [plugins] Flip flags on. @mzeng-openai
#15825 Fix quoted command rendering in tui_app_server @etraut-openai
#14853 Wire remote app-server auth through the client @etraut-openai
#15817 Expand home-relative paths on Windows @tiffanycitra
#15693 fix: fix old system bubblewrap compatibility without falling back to vendored bwrap @viyatb-oai
#15812 core: remove special execve handling for skill scripts @bolinfest
#15829 [plugins] Update the suggestable plugins list. @mzeng-openai
#15839 Fix duplicate /review messages in app-server TUI @etraut-openai
#15805 Add MCP connector metrics @nicholasclark-openai
#15661 Enable tui_app_server feature by default @etraut-openai
#15835 fix: box apply_patch test harness futures @bolinfest
#15796 [codex] Block unsafe git global options from safe allowlist @adrian-openai
#15813 Add wildcard in the middle test coverage @evawong-oai
#15860 feat(tui): add terminal title support to tui app server @fcoury
#15885 [mcp] Fix legacy_tools @mzeng-openai
Codex now supports plugins: installable bundles that package skills, app integrations, and MCP server configuration for reusable workflows.
Plugins are available in the Codex app, CLI, and IDE extensions.
You can install curated plugins from the plugin directory, or scaffold a local
plugin with @plugin-creator and test it with workspace-scoped or home-scoped
marketplaces.
Learn more in the plugins documentation.
Every plugin is a folder with a required .codex-plugin/plugin.json manifest
and optional supporting files:
my-plugin/
.codex-plugin/
plugin.json # Required: plugin manifest
skills/ # Optional: packaged skills
.app.json # Optional: app or connector mappings
.mcp.json # Optional: MCP server configuration
assets/ # Optional: icons, logos, screenshotsYou can install plugins for just yourself with
~/.agents/plugins/marketplace.json and ~/.codex/plugins/, or for everyone
on a project with .agents/plugins/marketplace.json and a repo-local plugin
directory such as ./plugins/.
Codex surfaces curated public plugins in the plugin directory. Codex also ships
with the built-in @plugin-creator skill to help you scaffold a plugin, add a
local marketplace entry, and test it before sharing it with teammates.
@ menu so you can insert them from the composer alongside other mentions.Cmd/Ctrl+F now starts with your current text selection, which makes searching reviews and diffs faster.App-server TUI now supports device-code ChatGPT sign-in during onboarding and can refresh existing ChatGPT tokens. (#14952)
Plugin setup is smoother: Codex can prompt to install missing plugins or connectors, honor a configured suggestion allowlist, and sync install/uninstall state remotely. (#14896, #15022, #14878)
Added a userpromptsubmit hook so prompts can be blocked or augmented before execution and before they enter history. (#14626)
Realtime sessions now start with recent thread context and are less likely to self-interrupt during audio playback. (#14829, #14827)
Fixed a first-turn stall where websocket prewarm could delay turn/start; startup now times out and falls back cleanly. (#14838)
Restored conversation history for remote resume/fork in the app-server TUI and stopped duplicate live transcript output from legacy stream events. (#14930, #14892)
Improved Linux sandbox startup on symlinked checkouts, missing writable roots, and Ubuntu/AppArmor hosts by preferring system bwrap when available. (#14849, #14890, #14963)
Fixed an agent job finalization race and reduced status polling churn for worker threads. (#14843)
setup-zig GitHub Action to an immutable SHA for more reproducible CI. (#14858)Full Changelog: rust-v0.115.0...rust-v0.116.0
#14717 Move TUI on top of app server (parallel code) @etraut-openai
#14665 Use request permission profile in app server @mousseau-oai
#14826 Fixed build failures related to PR 14717 @etraut-openai
#14833 fix(core): fix sanitize name to use '_' everywhere @apanasenko-oai
#14268 memories: exclude AGENTS and skills from stage1 input @andi-oai
#14139 windows-sandbox: add runner IPC foundation for future unified_exec @iceweasel-oai
#14851 Add exit helper to code mode scripts @pakrym-oai
#14828 [stack 1/4] Split realtime websocket methods by version @aibrahim-oai
#14652 Apply argument comment lint across codex-rs @bolinfest
#14837 skill-creator: default new skills to ~/.codex/skills @xl-openai
#14861 Add marketplace display names to plugin/list @xl-openai
#14878 feat: support remote_sync for plugin install/uninstall. @xl-openai
#14830 [stack 2/4] Align main realtime v2 wire and runtime flow @aibrahim-oai
#14886 fix: align marketplace display name with existing interface conventions @xl-openai
#14881 [codex] add Jason as a predefined subagent name @tibo-openai
#14864 fix: tighten up shell arg quoting in GitHub workflows @bolinfest
#14829 [stack 3/4] Add current thread context to realtime startup @aibrahim-oai
#14827 [stack 4/4] Reduce realtime self-interruptions during playback @aibrahim-oai
#14849 fix: canonicalize symlinked Linux sandbox cwd @viyatb-oai
#14892 Fix tui_app_server: ignore duplicate legacy stream events @etraut-openai
#14899 Revert tui code so it does not rely on in-process app server @etraut-openai
#14890 fix(linux-sandbox): ignore missing writable roots @viyatb-oai
#14935 feat: rename to get more explicit close agent @jif-oai
#14843 Fix agent jobs finalization race and reduce status polling churn @daveaitel-openai
#14944 feat: show effective model in spawn agent event @jif-oai
#14838 fix(core): prevent hanging turn/start due to websocket warming issues @owenlin0
#14859 Feat: CXA-1831 Persist latest model and reasoning effort in sqlite @shijie-oai
#14930 fix(tui): restore remote resume and fork history @fcoury
#14955 Fix fuzzy search notification buffering in app-server tests @aibrahim-oai
#14959 Fix code mode yield startup race @aibrahim-oai
#14434 generate an internal json schema for RolloutLine @keyz
#14846 use framed IPC for elevated command runner @iceweasel-oai
#14952 Add device-code onboarding and ChatGPT token refresh to app-server TUI @etraut-openai
#14896 [plugins] Support plugin installation elicitation. @mzeng-openai
#14958 Stabilize Windows cmd-based shell test harnesses @aibrahim-oai
#14966 Stabilize permissions popup selection tests @aibrahim-oai
#14968 Stabilize approval matrix write-file command @aibrahim-oai
#14986 temporarily disable private desktop until it works with elevated IPC path @iceweasel-oai
#14983 Rename exec_wait tool to wait @pakrym-oai
#14931 fix(tui): implement /mcp inventory for tui_app_server @fcoury
#14977 Cleanup skills/remote/xxx endpoints. @xl-openai
#14984 Gate realtime audio interruption logic to v2 @aibrahim-oai
#14902 Unify realtime shutdown in core @aibrahim-oai
#14963 fix(linux-sandbox): prefer system /usr/bin/bwrap when available @viyatb-oai
#14446 Add Python SDK public API and examples @shaqayeq-oai
#14993 feat: Add product-aware plugin policies and clean up manifest naming @xl-openai
#14995 app-server: reject websocket requests with Origin headers @maxj-oai
#14960 Add FS abstraction and use in view_image @pakrym-oai
#14293 fix: honor active permission profiles in sandbox debug @viyatb-oai
#14610 feat: support restricted ReadOnlyAccess in elevated Windows sandbox @viyatb-oai
#13592 Prefer websockets when providers support them @pakrym-oai
#14903 Handle realtime conversation end in the TUI @aibrahim-oai
#14727 Use workspace requirements for guardian prompt override @charley-oai
#14626 [hooks] userpromptsubmit - hook before user's prompt is executed @eternal-openai
#14858 Pin setup-zig GitHub Action to immutable SHA @viyatb-oai
#13702 fix(subagents) share execpolicy by default @dylan-hurd-oai
#15022 [plugins] Support configuration tool suggest allowlist. @mzeng-openai
#14947 feat: adapt artifacts to new packaging and 2.5.6 @jif-oai
#14942 Removed remaining core events from tui_app_server @etraut-openai
#15059 chore: disable memory read path for morpheus @jif-oai
#14842 Add notify to code-mode @pakrym-oai
#15020 fix: harden plugin feature gating @xl-openai
GPT-5.4 mini is now available in Codex as a fast, efficient model for lighter coding tasks and subagents.
It improves over GPT-5 mini across coding, reasoning, image understanding, and tool use while running more than 2x faster. In Codex, GPT-5.4 mini uses 30% as much of your included limits as GPT-5.4, so comparable tasks can last about 3.3x longer before you hit those limits.
GPT-5.4 mini is available in the Codex app, the CLI, the IDE extension, and Codex on the web. GPT-5.4 mini is also available in the API.
Use GPT-5.4 mini for codebase exploration, large-file review, processing supporting documents, and other less reasoning-intensive subagent work. For more complex planning, coordination, and final judgment, start with GPT-5.4.
To switch to GPT-5.4 mini:
codex --model gpt-5.4-mini/model during a session.If you don't see GPT-5.4 mini yet, update the CLI, IDE extension, or Codex app to the latest version.
Supported models can now request full-resolution image inspection through both view_image and codex.emitImage(..., detail: "original"), which helps with precision visual tasks. (#14175)
js_repl now exposes codex.cwd and codex.homeDir, and saved codex.tool(...) / codex.emitImage(...) references keep working across cells. (#14385, #14503)
Realtime websocket sessions gained a dedicated transcription mode, plus v2 handoff support through the codex tool, with a unified [realtime] session config. (#14554, #14556, #14606)
The v2 app-server now exposes filesystem RPCs for file reads, writes, copies, directory operations, and path watching, and there is a new Python SDK for integrating with that API. (#14245, #14435)
Smart Approvals can now route review requests through a guardian subagent in core, app-server, and TUI, reducing repeated setup work on follow-up approvals. (#13860, #14668)
App integrations now use the Responses API tool-search flow, can suggest missing tools, and fall back cleanly when the active model does not support search-based lookup. (#14274, #14287, #14732)
Spawned subagents now inherit sandbox and network rules more reliably, including project-profile layering, persisted host approvals, and symlinked writable roots. (#14619, #14650, #14674, #14807)
js_repl no longer hangs when dynamic tool responses contain literal U+2028 or U+2029 characters. (#14421)
The TUI no longer stalls on exit after creating subagents, and interrupting a turn no longer tears down background terminals by default. (#14816, #14602)
codex exec --profile once again preserves profile-scoped settings when starting or resuming a thread. (#14524)
MCP and elicitation flows are more robust, with safer tool-name normalization and preserved tool_params in approval prompts. (#14491, #14605, #14769)
The local network proxy now serves CONNECT traffic as explicit HTTP/1, improving compatibility with HTTP proxy clients. (#14395)
wait_agent, aligning it with spawn_agent and send_input. (#14631)Full Changelog: rust-v0.114.0...rust-v0.115.0
#14395 fix(network-proxy): serve HTTP proxy listener as HTTP/1 @viyatb-oai
#14385 Add js_repl cwd and homeDir helpers @fjord-oai
#14376 Keep agent-switch word-motion keys out of draft editing @joshka-oai
#14175 Let models opt into original image detail @fjord-oai
#14392 chore(app-server): stop emitting codex/event/ notifications @owenlin0
#14274 feat: search_tool migrate to bring you own tool of Responses API @apanasenko-oai
#14174 refactor: centralize filesystem permissions precedence @viyatb-oai
#14394 chore(app-server): delete unused rpc methods from v1.rs @owenlin0
#14171 fix: align core approvals with split sandbox policies @viyatb-oai
#14410 Make collab model metadata accurate on completion @aibrahim-oai
#14387 feat(app-server): propagate traces across tasks and core ops @owenlin0
#14407 chore: use AVAILABLE and ON_INSTALL as default plugin install and auth policies @sayan-oai
#14287 [apps] Add tool_suggest tool. @mzeng-openai
#14432 Clarify spawn agent authorization @aibrahim-oai
#14295 Support waiting for code_mode sessions @pakrym-oai
#14427 feat: refactor on openai-curated plugins. @xl-openai
#13996 refactor: make bubblewrap the default Linux sandbox @viyatb-oai
#14440 fix: follow up on linux sandbox review nits @viyatb-oai
#14431 Handle pre-approved permissions in zsh fork @mousseau-oai
#14403 [elicitation] User-friendly tool call messages. @mzeng-openai
#14429 Use granted permissions when invoking apply_patch @mousseau-oai
#14471 Updated out-of-date tip about availability on free and go plans @etraut-openai
#14444 fix: move inline codex-rs/core unit tests into sibling files @bolinfest
#14437 Dispatch tools when code mode is not awaited directly @pakrym-oai
#14435 Add Python app-server SDK @shaqayeq-oai
#14473 fix(cli): support legacy use_linux_sandbox_bwrap flag @viyatb-oai
#13882 Fix stdio-to-uds peer-close flake @aibrahim-oai
#14476 Move code mode tool files under tools/code_mode and split functionality @pakrym-oai
#14475 rename spawn_csv feature flag to enable_fanout @daveaitel-openai
#14173 fix: preserve split filesystem semantics in linux sandbox @viyatb-oai
#14480 Cleanup code_mode tool descriptions @pakrym-oai
#14488 Handle malformed agent role definitions nonfatally @gabec-openai
#14398 Do not allow unified_exec for sandboxed scenarios on Windows @iceweasel-oai
#14419 use scopes_supported for OAuth when present on MCP servers @jgershen-oai
#14484 Add default code-mode yield timeout @pakrym-oai
#14494 Add parallel tool call test @pakrym-oai
#14478 chore(app-server): stop exporting EventMsg schemas @owenlin0
#14490 fix turn_start_jsonrpc_span_parents_core_turn_spans flakiness @owenlin0
#14496 Reuse tool runtime for code mode worker @pakrym-oai
#14421 Fix js_repl hangs on U+2028/U+2029 dynamic tool responses @aaronl-openai
#14505 Skip nested tool call parallel test on Windows @pakrym-oai
#14491 Fix MCP tool calling @pakrym-oai
#14493 memories: focus write prompts on user preferences @andi-oai
#14510 Rename exec session IDs to cell IDs @pakrym-oai
#14500 Update tool search prompts @mzeng-openai
#14426 Decouple request permissions feature and tool @mousseau-oai
#14503 Persist js_repl codex helpers across cells @fjord-oai
#14517 Expose code-mode tools through globals @pakrym-oai
#14502 feat(search_tool): gate search_tool on model supports_search_tool field @apanasenko-oai
#14521 Reapply "Pass more params to compaction" (#14298) @rasmusrygaard
#14524 Fix codex exec --profile handling @etraut-openai
#14516 Rename reject approval policy to granular @mousseau-oai
#14445 feat: add plugin/read. @xl-openai
#14178 login: add custom CA support for login flows @joshka-oai
#14535 Split multi-agent handlers per tool @pakrym-oai
#13329 [js_repl] Hard-stop active js_repl execs on explicit user interrupts @aaronl-openai
#14239 client: extend custom CA handling across HTTPS and websocket clients @joshka-oai
#14536 Add typed multi-agent tool outputs @pakrym-oai
#14514 fix: reopen writable linux carveouts under denied parents @viyatb-oai
#14531 Add plugin usage telemetry @alexsong-oai
#14511 code_mode: Move exec params from runtime declarations to @pragma @cconger
#14504 Refactor cloud requirements error and surface in JSON-RPC error @alexsong-oai
#14537 Add realtime v2 event parser behind feature flag @aibrahim-oai
#14529 Simplify permissions available in request permissions tool @mousseau-oai
#14522 feat: support skill-scoped managed network domain overrides in skill config @celia-oai
#14554 Add codex tool support for realtime v2 handoff @aibrahim-oai
#14556 Add realtime transcription mode for websocket sessions @aibrahim-oai
#14518 Add diagnostics for read_only_unless_trusted timeout flake @aibrahim-oai
#14603 Split multi-agent handler into dedicated files @pakrym-oai
#14526 code mode: single line tool declarations @pakrym-oai
#14400 Use a private desktop for Windows sandbox instead of Winsta0\Default @iceweasel-oai
#14558 sending back imagaegencall response back to responseapi @won-openai
#14553 Improve granular approval policy prompt @mousseau-oai
#14541 chore: clarify plugin + app copy in model instructions @sayan-oai
#14542 [bazel] Bump up cc and rust toolchains @zbarsky-openai
#14512 Start TUI on embedded app server @etraut-openai
#14606 Unify realtime v1/v2 session config @aibrahim-oai
#14527 app-server: Add platform os and family to init response @euroelessar
#14618 Use subagents naming in the TUI @aibrahim-oai
#14304 Override local apps settings with requirements.toml settings @canvrno-oai
#13644 fix: preserve zsh-fork escalation fds across unified-exec spawn paths @bolinfest
#14617 Add code_mode_only feature @pakrym-oai
#13201 Slash copy osc52 wsl support @won-openai
#14631 Rename multi-agent wait tool to wait_agent @aibrahim-oai
#14622 Stabilize multi-agent feature flag @aibrahim-oai
#14245 app-server: add v2 filesystem APIs @euroelessar
#14605 Normalize MCP tool names to code-mode safe form @pakrym-oai
#14637 Fix wait_agent expectations in core tests @charley-oai
#13860 Add Smart Approvals guardian review across core, app-server, and TUI @charley-oai
#14639 Fix stale create_wait_tool reference @charley-oai
#14532 [hooks] stop continuation & stop_hook_active mechanics @eternal-openai
#14635 Fix realtime transcription session.update tools payload @aibrahim-oai
#14636 Use parser-specific realtime voice enum @aibrahim-oai
#14633 refactor: make unified-exec zsh-fork state explicit @bolinfest
#12031 Add openai_base_url config override for built-in provider @etraut-openai
#14645 Fix Windows CI assertions for guardian and Smart Approvals @aibrahim-oai
#14616 Fix turn context reconstruction after backtracking @charley-oai
#14619 fix: persist future network host approvals across sessions @viyatb-oai
#14650 fix: sync split sandbox policies for spawned subagents @viyatb-oai
#14609 move plugin/skill instructions into dev msg and reorder @sayan-oai
#12024 Enforce errors on overriding built-in model providers @etraut-openai
#14646 Refresh Python SDK generated types @sayan-oai
#14649 make defaultPrompt an array, keep backcompat @sayan-oai
#14501 dynamic tool calls: add param exposeToContext to optionally hide tool @cconger
#14651 Add argument-comment Dylint runner @bolinfest
#14674 fix: fix symlinked writable roots in sandbox policies @viyatb-oai
#14611 Add auth 401 recovery observability to client bug reports @ccy-oai
#14647 [apps] Add tool call meta. @mzeng-openai
#14732 [apps] Improve search tool fallback. @mzeng-openai
#14602 Preserve background terminals on interrupt and rename cleanup command to /stop @friel-openai
#14668 Reuse guardian session across approvals @charley-oai
#14769 fix(core): preserve tool_params for elicitations @mzeng-openai
#14806 feat: improve skills cache key to take into account config layering @jif-oai
#13850 feat: make interrupt state not final for multi-agents @jif-oai
Change the Codex app appearance in Settings by choosing a base theme, adjusting accent, background, and foreground colors, and changing the UI and code fonts. You can also share your custom theme with friends.
You can now choose whether automations run locally or on a worktree, define custom reasoning levels and models, and use templates to find inspiration for new automations.
Various bug fixes and performance improvements.
GPT-5.4 is now available in Codex as OpenAI's most capable and efficient frontier model for professional work.
It combines recent advances in reasoning, coding, and agentic workflows in one model, and it's the recommended choice for most Codex tasks.
In Codex, GPT-5.4 is the first general-purpose model with native computer-use capabilities. GPT-5.4 in Codex includes experimental support for the 1M context window. It supports complex workflows across applications and long-horizon tasks, with stronger tool use and tool search that help agents find and use the right tools more efficiently.
GPT-5.4 is available everywhere you can use Codex: the Codex app, the CLI, the IDE extension, and Codex Cloud on the web. GPT-5.4 is also available in the API.
To switch to GPT-5.4:
codex --model gpt-5.4/model during a session.If you don't see GPT-5.4 yet, update the CLI, IDE extension, or Codex app to the latest version.
codex://new links could stop prefilling a new conversation when the app was already open.The Codex app is now available on Windows. The app gives you one interface for working across projects, running parallel agent threads, and reviewing results in one place.
The Codex app runs natively on Windows using PowerShell and a native Windows sandbox for bounded permissions, so you can use Codex on Windows without moving your workflow into WSL, onto a virtual machine, or by deactivating the sandbox.
The Windows app includes the same core features as the rest of the Codex app:
If you prefer to develop in WSL, you can also switch the Codex agent and the integrated terminal to run there.
Download it from the Microsoft Store and sign in with your ChatGPT account or an API key. For setup and configuration details, see Setup, Use WSL with the Codex app, and Customize the app for your development setup.