Interactive CLI/TUI: opt-in local ingress for trusted local controllers (avoid PTY input emulation)

[sidkandan]

What feature would you like to see?

Expose an opt-in local ingress for interactive Codex CLI/TUI sessions, so another trusted local process can safely deliver input to the active session using real session semantics rather than PTY/keyboard emulation.

This is intentionally narrower than broad “remote control” and broader than “support one MCP notification”. The need is:

I have an already-running interactive Codex CLI/TUI session on my machine. I want a trusted local controller to hand it structured work or a follow-up message without pretending to be a keyboard.

Why this matters

Today, local orchestration around a running Codex TUI session often falls back to terminal injection:

• send-keys
• paste-buffer
• pipe-pane -I
• direct PTY writes

These all have the same class of problems:

• text can land in the draft without actually submitting
• injected text can race with a human actively typing
• attribution, dedupe, and replay are ad hoc
• wrappers are forced to emulate terminal input instead of using real session/thread semantics

In practice this makes local automation brittle. It also discourages safer local integrations because the only widely available option is “pretend to be the terminal”.

This matters for:

• local orchestrators coordinating multiple Codex/CLI workers
• tmux- or terminal-based multi-agent workflows
• editor/terminal wrappers
• accessibility tooling
• local remote-control shells
• background workers that need to hand work back to a human-visible Codex session

Why existing features are close, but not enough

Codex already has the right conceptual model in the programmable surfaces:

• thread/start
• thread/resume
• thread/fork
• turn/start
• turn/steer
• turn/interrupt

Those are exactly the kinds of semantics local controllers want.

The gap is that there does not appear to be a supported way to apply equivalent semantics to an already-running interactive Codex CLI/TUI session on the same machine.

Current adjacent features do not fully solve this:

• App Server / SDK: strong control model, but they do not obviously provide a documented “attach this existing interactive TUI session as a local controllable endpoint” workflow.
• MCP: great tool plane, but not a documented receive-side transport into the active TUI thread.
• Event hooks / notify: useful for observation and orchestration, but outbound-only.
• Remote control / mobile proposals: related, but they target remote supervision/control rather than the local trusted-controller case.

What I expected

At least one supported local-first path such as:

1. An opt-in local IPC listener for interactive sessions

   • for example: codex --listen uds:///path/to/session.sock
   • local-only by default
   • receives real turn/draft/steer operations instead of raw keystrokes

2. A local CLI control command for live interactive sessions

   • for example: codex tui send --session <id> --text "..." [--submit]
   • optionally --append-draft, --steer, or --interrupt

3. A documented way to bind an interactive TUI session to App Server semantics

   • so a local controller can attach to the same session/thread and send real turns

What I observed

For the stock interactive CLI/TUI, the practical fallback today is still terminal input emulation.

That leads to concrete failure modes:

• draft text inserted but not submitted
• active human typing gets mixed with injected content
• no built-in sender identity or audit trail at the ingress point
• orchestrators need terminal-state heuristics instead of stable session APIs

Why this is worth solving

This would unlock a cleaner class of local integrations without forcing people into cloud- or network-oriented remote-control flows.

Benefits:

• safer local orchestration for long-running interactive sessions
• less pressure to build wrappers around PTY injection
• easier composition with local tools and terminal multiplexers
• better accessibility and automation ergonomics
• stronger alignment between the interactive TUI and the documented thread/turn model already present in App Server / SDK

Suggested direction

My strong preference would be:

• keep it opt-in
• keep it local-only by default
• reuse existing thread/turn semantics where possible
• avoid introducing a second unrelated message model just for the TUI

If full ingress is too large, a useful partial step would be richer documented local event coverage for orchestration wrappers, for example:

• turn-started
• turn-interrupted
• approval-requested
• approval-resolved
• idle
• draft-presence-changed

That would at least let local controllers make safer delivery decisions without scraping terminal output.

Related issues

This feels related to, but distinct from:

• #15299 inbound MCP notifications into an active CLI session
• #14722 sync CLI and app-server sessions
• #15320 app-server TUI not fully reflecting external live turns on shared thread
• #14693 no-interrupt typing / queued-draft safety while Codex is running
• #9224 remote control from phone/web
• #2109 event hooks

The difference here is the focus on trusted local ingress for an already-running interactive session, without relying on PTY injection and without requiring a separate remote/mobile product surface.

Additional information

If useful, I can provide a more explicit repro matrix showing:

• PTY injection behavior today
• the specific failure modes in interactive terminal workflows
• the minimal event/ingress API surface needed by a local orchestrator

[sidkandan]

Small concrete repro matrix to make the integration gap more testable.

What local wrappers/orchestrators do today

When they need to hand work to an already-running interactive Codex CLI/TUI session, the practical options are usually:

• send-keys
• paste-buffer
• pipe-pane -I
• direct PTY writes

Those differ in mechanics, but from the session’s perspective they are all “pretend to be terminal input”.

Failure modes with current PTY-style approaches

1. send-keys

Observed/expected class of problems:

• text may be inserted character-by-character into the draft/composer
• submission depends on UI state and exact key sequence
• races badly with a human actively typing
• poor fit for structured or multi-line payloads

2. paste-buffer

Observed/expected class of problems:

• safer than character-by-character injection, but still terminal emulation
• pasted text can land in the draft without becoming a real submitted turn
• still races with local editing / focus state
• no built-in sender identity or session-level audit semantics

3. pipe-pane -I

Observed/expected class of problems:

• writes to the pane “as if typed”, so it is still not a real session API
• bypasses some wrapper assumptions because it is lower-level than explicit key macros
• still depends on current TUI/input state
• still has draft-collision / not-submitted ambiguity

Desired behavior instead

What local orchestrators actually need is a supported ingress with real session semantics, for example:

• append draft without pretending to type
• start turn with explicit submission
• steer active turn as a first-class operation
• interrupt active turn as a first-class operation

And ideally:

• local-only / opt-in
• explicit session identity
• clear sender attribution or source metadata
• deterministic success/failure semantics
• no dependence on terminal focus, cursor position, or whether a human is mid-typing

That is why this request is less about any one transport and more about exposing a proper local control surface for interactive sessions.

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• Support inbound MCP notifications routed into an active Codex CLI session #15299

Powered by Codex Action

[sidkandan]

Thanks — I reviewed #15299.

I think it is related, but not a true duplicate.

My read of the distinction:

• #15299 is asking for a specific inbound MCP-notification path into an active Codex CLI session.
• #15355 is asking for a broader opt-in local ingress for an already-running interactive CLI/TUI session, ideally reusing thread/turn semantics and not depending on any one transport.

In other words, #15299 is one possible solution shape under the larger problem, but not the whole problem.

Some examples that would satisfy #15355 without necessarily solving it via MCP notifications:

• a local IPC listener for an interactive session
• a codex tui send ... command for a live session
• a documented way to bind an interactive TUI session to App Server-style thread/turn control

I opened this separately because the core integration gap exists even outside MCP-specific channel/inbox use cases.

That said, if maintainers would prefer to consolidate discussion into #15299, I’m happy to adapt and close this one.

[sidkandan]

I think the smallest useful first step here is a local-only, opt-in control surface for live interactive sessions, with a phased rollout instead of treating full ingress as all-or-nothing.

If a full local ingress endpoint is too large initially, a phased shape like this seems aligned with Codex’s existing thread/turn direction:

1. a documented local event/status surface
   • idle
   • busy
   • turn-started
   • turn-completed
   • approval-requested
   • approval-resolved
2. a supported turn.interrupt / turn.steer path into a live session
3. then turn.start / submit semantics once the interactive session model is settled

The reason I think this shape matters is that local wrappers/orchestrators are currently forced into PTY input emulation (send-keys, paste-buffer, pipe-pane -I, direct PTY writes). Those are all the same class of primitive from the session’s perspective: “pretend to be terminal input.” That is where the brittle failure modes come from:

• text lands in the draft but does not become a real submitted turn
• injected content collides with a human actively typing
• sender/session semantics and attribution are ad hoc

If there eventually is a full ingress endpoint, the cleanest model seems like a session-scoped local endpoint that maps into Codex’s own turn semantics rather than raw stdin. But even the smaller first step of status/events plus interrupt / steer would already make local wrappers and sidecars much safer.

If maintainers prefer, I’m happy to narrow the request further to just the event surface plus interrupt / steer as a first phase.

[isCopyman]

app server?