Codex CLI Release: 0.118.0
Windows sandbox runs can now enforce proxy-only networking with OS-level egress rules, instead of relying on environment variables alone. (#12220)
App-server clients can now start ChatGPT sign-in with a device code flow, which helps when browser callback login is unreliable or unavailable. (#15525)
codex exec now supports the prompt-plus-stdin workflow, so you can pipe input and still pass a separate prompt on the command line. (#15917)
Custom model providers can now fetch and refresh short-lived bearer tokens dynamically, instead of being limited to static credentials from config or environment variables. (#16286, #16287, #16288)
Project-local .codex files are now protected even on first creation, closing a gap where the initial write could bypass normal approval checks. (#15067)
Linux sandbox launches are more reliable because Codex once again finds a trusted system bwrap on normal multi-entry PATHs. (#15791, #15973)
The app-server-backed TUI regained several missing workflows: hook notifications replay correctly, /copy and /resume work again, /agent no longer shows stale threads, and the skills picker scrolls past the first page. (#16013, #16021, #16050, #16014, #16109, #16110)
MCP startup is more robust: local servers get a longer startup window, and failed handshakes surface warnings in the TUI again instead of looking like clean startups. (#16080, #16041)
On Windows, apply_patch is less likely to fail because it no longer adds redundant writable roots that could trigger unnecessary ACL churn. (#16030)
Full Changelog: rust-v0.117.0...rust-v0.118.0
#15891 [plugins] Polish tool suggest prompts. @mzeng-openai
#15791 fix: resolve bwrap from trusted PATH entry @viyatb-oai
#15900 skills: remove unused skill permission metadata @bolinfest
#15811 app-server: Split transport module @euroelessar
#15067 Protect first-time project .codex creation across Linux and macOS sandboxes @rreichel3-oai
#15903 [codex] import token_data from codex-login directly @bolinfest
#15897 sandboxing: use OsString for SandboxCommand.program @bolinfest
#15910 docs: update AGENTS.md to discourage adding code to codex-core @bolinfest
#15898 chore: move bwrap config helpers into dedicated module @viyatb-oai
#15906 chore: remove skill metadata from command approval payloads @bolinfest
#15909 fix(network-proxy): fail closed on network-proxy DNS lookup errors @viyatb-oai
#14495 Preserve bazel repository cache in github actions @siggisim
#15923 codex-tools: extract shared tool schema parsing @bolinfest
#15918 permissions: remove macOS seatbelt extension profiles @bolinfest
#12220 feat(windows-sandbox): add network proxy support @viyatb-oai
#15931 fix: make MACOS_DEFAULT_PREFERENCES_POLICY part of MACOS_SEATBELT_BASE_POLICY @bolinfest
#15933 fix: use matrix.target instead of matrix.os for actions/cache build action @bolinfest
#15928 codex-tools: extract MCP schema adapters @bolinfest
#15948 fix: increase timeout for rust-ci to 45 minutes for now @bolinfest
#15921 [app-server-protocol] introduce generic ClientResponse for app-server-protocol @rhan-oai
#15120 chore: refactor network permissions to use explicit domain and unix socket rule maps @celia-oai
#15525 Add ChatGPT device-code login to app server @daniel-oai
#15954 chore: move pty and windows sandbox to Rust 2024 @bolinfest
#16000 Use codex-utils-template for login error page @jif-oai
#15998 Use codex-utils-template for sandbox mode prompts @jif-oai
#15995 Use codex-utils-template for collaboration mode presets @jif-oai
#15996 Use codex-utils-template for search tool descriptions @jif-oai
#15999 Use codex-utils-template for review exit XML @jif-oai
#15973 fix(sandbox): fix bwrap lookup for multi-entry PATH @viyatb-oai
#15944 codex-tools: extract dynamic tool adapters @bolinfest
#15955 ci: add Bazel clippy workflow for codex-rs @bolinfest
#15953 codex-tools: introduce named tool definitions @bolinfest
#16027 fix: fix Windows CI regression introduced in #15999 @bolinfest
#16036 fix: disable plugins in SDK integration tests @bolinfest
#15946 Normalize /mcp tool grouping for hyphenated server names @pakrym-oai
#16035 plugins: Clean up stale curated plugin sync temp dirs and add sync metrics @xl-openai
#15934 Add usage-based business plan types @bwanner-oai
#16031 codex-tools: extract responses API tool models @bolinfest
#16013 Fix tui_app_server hook notification rendering and replay @etraut-openai
#16021 Fix /copy regression in tui_app_server turn completion @etraut-openai
#16044 [mcp] Bypass read-only tool checks. @mzeng-openai
#16030 don't include redundant write roots in apply_patch @iceweasel-oai
#15922 Remove the legacy TUI split @etraut-openai
#15828 [codex] Pin GitHub Actions workflow references @hintz-openai
#16046 ci: run SDK tests with a Bazel-built codex @bolinfest
#16050 Fix tui_app_server resume-by-name lookup regression @etraut-openai
#16014 Fix tui_app_server agent picker closed-state regression @etraut-openai
#16054 chore: clean up argument-comment lint and roll out all-target CI on macOS @bolinfest
#15917 Support Codex CLI stdin piping for codex exec @jliccini
#16057 shell-command: reuse a PowerShell parser process on Windows @bolinfest
#16063 refactor: rewrite argument-comment lint wrappers in Python @bolinfest
#15952 bazel: enable the full Windows gnullvm CI path @bolinfest
#16067 ci: run Bazel clippy on Windows gnullvm @bolinfest
#16071 fix: clean up remaining Windows argument-comment-lint violations @bolinfest
#16072 ci: split fast PR Rust CI from full post-merge Cargo CI @bolinfest
#16074 bazel: add Windows gnullvm stack flags to unit test binaries @bolinfest
#16026 fix(tui): refresh footer on collaboration mode changes @fcoury
#16112 Update PR babysitter skill for review replies and resolution @etraut-openai
#16104 Rename tui_app_server to tui @etraut-openai
#16118 fix: fix comment linter lint violations in Linux-only code @bolinfest
#16106 build: migrate argument-comment-lint to a native Bazel aspect @bolinfest
#16115 Remove remaining custom prompt support @etraut-openai
#16116 Remove the codex-tui app-server originator workaround @etraut-openai
#16047 codex-tools: extract tool spec models @bolinfest
#16128 bazel: refresh the expired macOS SDK pin @bolinfest
#16129 codex-tools: extract configured tool specs @bolinfest
#16130 ci: keep rust-ci-full Windows argument-comment-lint on packaged wrapper @bolinfest
#16126 core: fix stale curated plugin cache refresh races @bolinfest
#16132 codex-tools: extract code mode tool spec adapters @bolinfest
#16136 ci: use BuildBuddy for rust-ci-full non-Windows argument-comment-lint @bolinfest
#16137 exec: make review-policy tests hermetic @bolinfest
#16109 Fix skills picker scrolling in tui app server @etraut-openai
#16138 codex-tools: extract local host tool specs @bolinfest
#16114 Remove TUI voice transcription feature @etraut-openai
#16080 [mcp] Increase MCP startup timeout. @mzeng-openai
#16141 codex-tools: extract collaboration tool specs @bolinfest
#16041 Fix app-server TUI MCP startup warnings regression @etraut-openai
#16110 Fix tui_app_server ghost subagent entries in /agent @etraut-openai
#16154 codex-tools: extract utility tool specs @bolinfest
#16204 [codex] Normalize Windows path in MCP startup snapshot test @etraut-openai
#16193 codex-tools: extract discovery tool specs @bolinfest
#16254 codex-tools: extract discoverable tool models @bolinfest
#16253 fix: close Bazel argument-comment-lint CI gaps @bolinfest
#16225 [codex-analytics] refactor analytics to use reducer architecture @rhan-oai
#16120 ci: run Windows argument-comment-lint via native Bazel @bolinfest
#16286 auth: generalize external auth tokens for bearer-only sources @bolinfest
#16287 auth: let AuthManager own external bearer auth @bolinfest
#16288 core: support dynamic auth tokens for model providers @bolinfest
Fetched April 16, 2026