Update codex fork to upstream 0.128.0#14
Merged
Conversation
…19207) ## Summary - include the outer tool `call_id` in Codex Apps MCP request metadata under `_meta._codex_apps.call_id` - preserve existing Codex Apps metadata like `resource_uri` and `contains_mcp_source` - add request metadata coverage for both the existing-metadata and no-existing-metadata cases ## Why The paired backend change in [openai/openai#850796](openai/openai#850796) updates MCP compliance logging to prefer `_meta._codex_apps.call_id` instead of the JSON-RPC request id. This client change sends that outer tool call id so the backend can record the model/tool call identifier when it is available. This is wire-compatible with older backends because `_meta._codex_apps` is already reserved backend-only metadata. Backends that do not read `call_id` will ignore the extra field. ## Testing - `cargo test -p codex-core request_meta` - `just fmt` - `just fix -p codex-core`
## Why Recent `main` CI had repeated Windows timeouts in the legacy sandbox process tests: - `codex-windows-sandbox session::tests::legacy_capture_powershell_emits_output` failed in runs [24909500958](https://github.com/openai/codex/actions/runs/24909500958), [24908076251](https://github.com/openai/codex/actions/runs/24908076251), [24906197645](https://github.com/openai/codex/actions/runs/24906197645), [24905411571](https://github.com/openai/codex/actions/runs/24905411571), [24903336028](https://github.com/openai/codex/actions/runs/24903336028), and [24898949647](https://github.com/openai/codex/actions/runs/24898949647). - `legacy_tty_powershell_emits_output_and_accepts_input` failed in the same set of runs. - `legacy_non_tty_cmd_emits_output` failed in runs [24909500958](https://github.com/openai/codex/actions/runs/24909500958), [24908076251](https://github.com/openai/codex/actions/runs/24908076251), [24906197645](https://github.com/openai/codex/actions/runs/24906197645), and [24903336028](https://github.com/openai/codex/actions/runs/24903336028). - `legacy_non_tty_powershell_emits_output` failed in runs [24908076251](https://github.com/openai/codex/actions/runs/24908076251), [24906197645](https://github.com/openai/codex/actions/runs/24906197645), and [24903336028](https://github.com/openai/codex/actions/runs/24903336028). These failures were 30s timeouts on Windows x64 and/or arm64 rather than assertion failures. ## Root Cause The active legacy Windows sandbox process tests all exercise host-level resources: sandbox setup, ACL/user state, private desktop process launch, stdio capture, and PowerShell/cmd child cleanup. Running several of these tests concurrently can leave them competing for the same Windows sandbox setup path and process/session resources, which makes command startup or output collection hang under CI load. ## What Changed - Added a shared in-process mutex for the active legacy Windows sandbox process tests. - Held that guard across each legacy cmd/PowerShell process test so those host-resource-heavy cases run one at a time. - Kept the skipped legacy cmd TTY tests unchanged. ## Why This Should Be Reliable The tests still use unique homes and run the real legacy sandbox process path, but they no longer overlap the fragile host-level setup and process/session lifecycle. Serializing just this small group removes the concurrency race without reducing the behavioral coverage of each test. ## Verification - `cargo test -p codex-windows-sandbox` - GitHub Windows CI is the primary validation signal for the affected tests; on this PR, Windows clippy, Windows release, and Windows local Bazel passed after the serialization fix.
## Why This prepares feedback log capture for a future remote app-server hook sink without changing the current local SQLite upload path. The important boundary is now intentionally small: a log sink is a tracing `Layer` that can also flush entries it has accepted. That keeps the existing SQLite implementation simple while giving the upcoming gRPC sink a place to fit beside it. SQLite and gRPC have different worker/write semantics, so this PR avoids introducing a shared buffered-sink abstraction and instead lets each `LogWriter` own the buffering mechanics it needs. ## What Changed - Added `LogSinkQueueConfig` with the existing local defaults: queue capacity `512`, batch size `128`, and flush interval `2s`. - Added `LogDbLayer::start_with_config(...)` while preserving `LogDbLayer::start(...)` and `log_db::start(...)` defaults. - Introduced the `LogWriter` trait as the minimal shared interface: `tracing_subscriber::Layer` plus `flush()`. - Made `LogDbLayer` implement `LogWriter`. - Kept tracing event formatting inside `LogDbLayer`; it still creates one `LogEntry` per tracing event before queueing it for SQLite. - Kept normal event capture best-effort and non-blocking via bounded `try_send`. ## Behavior Notes This does not change the SQLite schema, retention behavior, `/feedback/upload`, or Sentry upload behavior. Normal log events still drop when the queue is full; explicit `flush()` still waits for queue capacity and receiver processing before returning. ## Verification - `cargo test -p codex-state log_db` - `cargo test -p codex-state` - `just fix -p codex-state` The added tests cover configured batch-size flushing, configured interval flushing, queue-full drops, and the flush barrier semantics.
## Why
When using the Amazon Bedrock provider with `openai.gpt-5.4-cmb`, the
model picker allowed `xhigh` because the CMB catalog entry was derived
from the bundled `gpt-5.4` reasoning metadata. Bedrock rejects that
effort level, causing the request to fail before the turn can run:
```text
{"error":{"code":"validation_error","message":"Failed to deserialize the JSON body into the target type: Invalid 'reasoning': Invalid 'effort': unknown variant `xhigh`, expected one of `high`, `low`, `medium`, `minimal` at line 1 column 77239","param":null,"type":"invalid_request_error"}}
```
## What Changed
- Replace the runtime lookup of bundled `gpt-5.4` metadata for
`openai.gpt-5.4-cmb` with an explicit Bedrock CMB `ModelInfo` entry.
- Advertise only the Bedrock-supported CMB reasoning levels: `minimal`,
`low`, `medium`, and `high`.
- Keep the existing GPT OSS Bedrock model metadata and reasoning levels
unchanged.
- Add catalog coverage for the hardcoded CMB metadata and
Bedrock-compatible reasoning level list.
## Why `ReadOnlyAccess` was a transitional legacy shape on `SandboxPolicy`: `FullAccess` meant the historical read-only/workspace-write modes could read the full filesystem, while `Restricted` tried to carry partial readable roots. The partial-read model now belongs in `FileSystemSandboxPolicy` and `PermissionProfile`, so keeping it on `SandboxPolicy` makes every legacy projection reintroduce lossy read-root bookkeeping and creates unnecessary noise in the rest of the permissions migration. This PR makes the legacy policy model narrower and explicit: `SandboxPolicy::ReadOnly` and `SandboxPolicy::WorkspaceWrite` represent the old full-read sandbox modes only. Split readable roots, deny-read globs, and platform-default/minimal read behavior stay in the runtime permissions model. ## What changed - Removes `ReadOnlyAccess` from `codex_protocol::protocol::SandboxPolicy`, including the generated `access` and `readOnlyAccess` API fields. - Updates legacy policy/profile conversions so restricted filesystem reads are represented only by `FileSystemSandboxPolicy` / `PermissionProfile` entries. - Keeps app-server v2 compatible with legacy `fullAccess` read-access payloads by accepting and ignoring that no-op shape, while rejecting legacy `restricted` read-access payloads instead of silently widening them to full-read legacy policies. - Carries Windows sandbox platform-default read behavior with an explicit override flag instead of depending on `ReadOnlyAccess::Restricted`. - Refreshes generated app-server schema/types and updates tests/docs for the simplified legacy policy shape. ## Verification - `cargo check -p codex-app-server-protocol --tests` - `cargo check -p codex-windows-sandbox --tests` - `cargo test -p codex-app-server-protocol sandbox_policy_` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/19449). * openai#19395 * openai#19394 * openai#19393 * openai#19392 * openai#19391 * __->__ openai#19449
## Summary - update Codex issue automation to pin `openai/codex-action` to `5c3f4ccdb2b8790f73d6b21751ac00e602aa0c02`, the commit for `v1.7` - keep the release intent visible with `# v1.7` comments beside the hash pins ## Test plan - `git diff --check` - `yq e '.' .github/workflows/issue-labeler.yml` - `yq e '.' .github/workflows/issue-deduplicator.yml` --------- Co-authored-by: Codex <noreply@openai.com>
## Summary Fix a Bazel-only path resolution bug in `codex_utils_cargo_bin::cargo_bin`. Under Bazel runfiles, `rlocation` can return a relative `bazel-out/...` path even though `cargo_bin()` documents that it returns an absolute path. That can break callers that store the returned binary path and later spawn it after changing cwd, because the relative path is resolved from the wrong directory. This patch absolutizes the runfiles-resolved path before returning it.
Adds the persisted goal foundation for the rest of the stack. This PR is intentionally limited to feature flag and state-layer behavior; app-server APIs, model tools, runtime continuation, and TUI UX are layered in later PRs. ## Why Goal mode needs durable thread-level state before clients or model tools can safely build on it. The state layer needs to know whether a goal exists, what objective it tracks, whether it is active, paused, budget-limited, or complete, and how much time/token usage has already been accounted. ## What changed - Added the `goals` feature flag and generated config schema entry. - Added the `thread_goals` state table and Rust model for persisted thread goals. - Added state runtime APIs for creating, replacing, updating, deleting, and accounting goal usage. - Added `goal_id`-based stale update protection so an old goal update cannot overwrite a replacement. - Kept this PR scoped to persistence and state runtime behavior, with no app-server, model-facing, continuation, or TUI behavior yet. ## Verification - Added state runtime coverage for goal creation, replacement, stale update protection, status transitions, token-budget behavior, and usage accounting.
Adds the app-server v2 goal API on top of the persisted goal state from PR 1. ## Why Clients need a stable app-server surface for reading and controlling materialized thread goals before the model tools and TUI can use them. Goal changes also need to be observable by app-server clients, including clients that resume an existing thread. ## What changed - Added v2 `thread/goal/get`, `thread/goal/set`, and `thread/goal/clear` RPCs for materialized threads. - Added `thread/goal/updated` and `thread/goal/cleared` notifications so clients can keep local goal state in sync. - Added resume/snapshot wiring so reconnecting clients see the current goal state for a thread. - Added app-server handlers that reconcile persisted rollout state before direct goal mutations. - Updated the app-server README plus generated JSON and TypeScript schema fixtures for the new API surface. ## Verification - Added app-server v2 coverage for goal get/set/clear behavior, notification emission, resume snapshots, and non-local thread-store interactions.
Adds the model-facing goal tools on top of the app-server API from PR 2. ## Why Once goals are persisted and exposed to clients, the model needs a small, constrained tool surface for goal workflows. The tool contract should let the model inspect goals, create them only when explicitly requested, and mark them complete without giving it broad control over user/runtime-owned state. ## What changed - Added `get_goal`, `create_goal`, and `update_goal` tool specs behind the `goals` feature flag. - Added core goal tool handlers that validate objectives and token budgets before mutating persisted state. - Constrained `create_goal` to create only when no goal exists, with optional `token_budget` only when a budget is explicitly provided. - Tightened the `create_goal` instructions so the model does not infer goals from ordinary task requests. - Constrained `update_goal` to expose only goal completion; pause, resume, clear, and budget-limited transitions remain user- or runtime-controlled. - Registered the goal tools in the tool registry and kept them out of review contexts where they should not appear. ## Verification - Added tool-registry coverage for feature gating and tool availability. - Added core session tests for create/get/update behavior, duplicate goal rejection, budget validation, and completion-only updates.
Adds the core runtime behavior for active goals on top of the model tools from PR 3. ## Why A long-running goal should be a core runtime concern, not something every client has to implement. Core owns the turn lifecycle, tool completion boundaries, interruptions, resume behavior, and token usage, so it is the right place to account progress, enforce budgets, and decide when to continue work. ## What changed - Centralized goal lifecycle side effects behind `Session::goal_runtime_apply(GoalRuntimeEvent::...)`. - Starts goal continuation turns only when the session is idle; pending user input and mailbox work take priority. - Accounts token and wall-clock usage at turn, tool, mutation, interrupt, and resume boundaries; `get_thread_goal` remains read-only. - Preserves sub-second wall-clock remainder across accounting boundaries so long-running goals do not drift downward over time. - Treats token budget exhaustion as a soft stop by marking the goal `budget_limited` and injecting wrap-up steering instead of aborting the active turn. - Suppresses budget steering when `update_goal` marks a goal complete. - Pauses active goals on interrupt and auto-reactivates paused goals when a thread resumes outside plan mode. - Suppresses repeated automatic continuation when a continuation turn makes no tool calls. - Added continuation and budget-limit prompt templates. ## Verification - Added focused core coverage for continuation scheduling, accounting boundaries, budget-limit steering, completion accounting, interrupt pause behavior, resume auto-activation, and wall-clock remainder accounting.
Adds the TUI user experience for goals on top of the core runtime from PR 4. ## Why Users need a direct TUI control surface for long-running goals. The UI should make the current goal visible, support common goal actions without waiting for a model turn, and avoid confusing end-of-turn notifications while an active goal is immediately continuing. ## What changed - Added `/goal` summary rendering for the current goal, including active, paused, budget-limited, and complete states. - Added `/goal <objective>` creation/replacement through the app-server goal API rather than a model prompt. - Added `/goal clear`, `/goal pause`, and `/goal unpause` command variants. - Added a confirmation menu when the user enters a new goal while another goal already exists. - Updated `/goal` help and summary tip text so it reflects the supported command variants without advertising slash-command token budgets. - Added footer/statusline goal indicators, including elapsed time and token budget display when a budget exists from API/tool-created goals. - Consumes goal updated/cleared notifications so the TUI stays in sync with external app-server changes. - Suppresses end-of-turn desktop notifications only when a goal is still active and follow-up work is expected. - Preserves slash-command history behavior and avoids leaking queued `/goal` state into unrelated submissions. ## Verification - Added TUI unit and snapshot coverage for goal command availability, summary rendering, control commands, replacement menu behavior, status/footer display, notification handling, and command history.
## Why Recent `main` CI repeatedly timed out in: - `codex-core::all suite::approvals::approval_matrix_covers_all_modes` It failed in runs [24909500958](https://github.com/openai/codex/actions/runs/24909500958), [24908076251](https://github.com/openai/codex/actions/runs/24908076251), [24906197645](https://github.com/openai/codex/actions/runs/24906197645), [24905823212](https://github.com/openai/codex/actions/runs/24905823212), [24903439629](https://github.com/openai/codex/actions/runs/24903439629), [24903336028](https://github.com/openai/codex/actions/runs/24903336028), and [24898949647](https://github.com/openai/codex/actions/runs/24898949647). The failure pattern was a 60s Linux remote timeout. Logs showed many approval scenarios completing before the single matrix test timed out. ## Root Cause `approval_matrix_covers_all_modes` packed every approval/sandbox/tool scenario into one test case. That made the test vulnerable to normal CI variance: one slow scenario or a slow process startup could push the whole monolithic case past the 60s per-test timeout. It also hid which part of the matrix was slow because the runner only reported the one large matrix test. ## What Changed - Keep the shared `scenarios()` table as the single source of approval matrix coverage. - Use one `#[test_case]` per `ScenarioGroup` to generate five async Tokio tests: danger/full-access, read-only, workspace-write, apply-patch, and unified-exec. - Keep the group runner small and add per-scenario error context so a failure still reports the specific scenario name. ## Why This Should Be Reliable Each scenario group now has its own test harness timeout instead of sharing one timeout window with the full matrix. That removes the long sequential loop from a single test while keeping the implementation compact and easy to scan. The tests still run through the same scenario definitions and runner, so this preserves coverage. `test-case` already composes with `#[tokio::test]` in this crate and is already available for test code. ## Verification - `cargo test -p codex-core --test all approval_matrix_ -- --list` - `cargo test -p codex-core --test all approval_matrix_`
## Why Issue openai#19418 points out a small grammar issue in `codex-rs/README.md` under "Code Organization." The current sentence says "we hope this to be," which reads awkwardly. Fixes openai#19418. ## What changed Updated the `core/` crate description so the sentence reads "we hope this becomes a library crate." ## Verification Documentation-only change. Reviewed the Markdown diff.
## Summary - Mark `unavailable_dummy_tools` as a stable feature and enable it by default - Update the feature registry test to match the new default state ## Testing - `just fmt` - `cargo test -p codex-features`
## Why `codex-mcp` currently exposes more API than the rest of the workspace uses. Some of that surface is simply visibility that can be tightened, and some of it is public helper code that remains compiler-valid because it is exported even though no workspace caller uses it. That distinction matters: Rust does not warn on exported API just because the current workspace does not call it. This PR intentionally treats those exported-but-workspace-unreferenced paths as stale `codex-mcp` surface. The main example is MCP skill dependency collection, where the active implementation now lives in `codex-rs/core/src/mcp_skill_dependencies.rs`; keeping the older `codex-mcp` copy makes it unclear which implementation owns skill MCP installation. ## What Changed - Pruned unused `codex-mcp` re-exports from `codex-mcp/src/lib.rs`. - Removed non-runtime helper methods from `McpConnectionManager` so it stays focused on live MCP clients. - Made `ToolPluginProvenance` lookup methods crate-private. - Removed workspace-unreferenced snapshot wrapper APIs and qualified-tool grouping helpers. - Deleted the duplicate `codex-mcp` skill dependency module and tests now that skill MCP dependency handling is owned by `core`. ## Verification - `cargo check -p codex-mcp`
## Why The visibility cleanup in the base PR reduced what `codex-mcp` exposes, but several files still made reviewers read private support machinery before the public or crate-facing entry points. This ordering pass makes each file easier to scan: exported API first, crate-visible MCP internals next, then private helpers in breadth-first order from the higher-level MCP flows to leaf utilities. ## What Changed - Reordered `codex-mcp` exports so the runtime, configuration, snapshot, auth, and helper surfaces are grouped by visibility and reader importance. - Moved public and crate-visible MCP items ahead of private helpers in the auth, MCP planning/snapshot, connection manager, and tool-name modules. - Kept the change mechanical, with no behavior changes intended. ## Verification - `cargo check -p codex-mcp`
Unfortunately, if most of the build graph is invalidated such that there are few cache hits, the Windows Bazel build for all the tests often takes more than `30` minutes, so this PR increases the timeout to `45` minutes until we set up distributed builds.
Fixes openai#15219. ## Why `thread/resume` should continue a persisted thread with the same model provider that created the thread. The app server already restores the persisted model and reasoning effort before resuming, but it was leaving `model_provider` unset. If a user created a thread with one provider and later switched their active profile to another provider, resumed encrypted history could be sent to the wrong endpoint and fail with `invalid_encrypted_content`. The thread metadata already records the original provider, so resume should apply it when the caller has not explicitly requested a different model/provider/reasoning configuration. ## What changed This updates `merge_persisted_resume_metadata` in `app-server/src/codex_message_processor.rs` to copy `ThreadMetadata::model_provider` into `ConfigOverrides::model_provider` alongside the persisted model. The existing resume metadata tests now also assert that: - the persisted provider is restored for normal resume - explicit model, provider, or reasoning-effort overrides still prevent persisted resume metadata from being applied - a thread with no persisted model or reasoning effort still resumes with its persisted provider ## Verification - `cargo test -p codex-app-server` passed the app-server unit tests, including the updated resume metadata coverage. The broader integration portion of that command failed in an unrelated environment-sensitive skills-budget warning assertion, where this run saw 8 omitted skills instead of the expected 7. - `just fix -p codex-app-server` completed successfully.
…nai#19593) Follow-up to openai#19266. ## Why `thread_start_with_non_local_thread_store_does_not_create_local_persistence` is meant to catch accidental local thread persistence when a non-local thread store is configured. The Windows flake reported in [this BuildBuddy invocation](https://app.buildbuddy.io/invocation/0b75dde4-6828-4e7b-a35b-e45b73fb005d) showed that the assertion was tripping on an unexpected top-level `.tmp` entry: ```diff { + ".tmp", "config.toml", "installation_id", "memories", "skills", } ``` That `.tmp` does not appear to come from `tempfile::TempDir`; it comes from unrelated plugin startup work that can legitimately materialize `codex_home/.tmp`, including the startup remote plugin sync marker in [`core/src/plugins/startup_sync.rs`](https://github.com/openai/codex/blob/bce74c70ce058982534507330ff33f7b196708ef/codex-rs/core/src/plugins/startup_sync.rs#L13-L15) and the curated plugin snapshot under [`.tmp/plugins`](https://github.com/openai/codex/blob/bce74c70ce058982534507330ff33f7b196708ef/codex-rs/core-plugins/src/startup_sync.rs#L25-L26). That makes the regression race unrelated background startup tasks instead of validating the thread-store invariant it was added to cover. Rather than weakening the assertion to allow arbitrary `.tmp` entries, this change isolates the test from plugin warmups so it can stay strict about unexpected local thread persistence artifacts. ## What changed - disable plugins in the generated config used by `app-server/tests/suite/v2/remote_thread_store.rs` - keep the existing `codex_home` assertions unchanged so the test still fails if local session or sqlite persistence is introduced ## Verification - `cargo test -p codex-app-server suite::v2::remote_thread_store::thread_start_with_non_local_thread_store_does_not_create_local_persistence -- --exact`
## Why Fixes openai#19499. The slash-command popup recalculated the command-name column from only the rows visible in the current viewport. That made the description column shift horizontally while scrolling through `/` commands whenever longer command names entered or left the visible window. ## What Changed `codex-rs/tui/src/bottom_pane/command_popup.rs` now uses the shared selection-popup `AutoAllRows` column-width mode for both height measurement and rendering. This keeps the command description column based on the full filtered slash-command list instead of the current viewport. ## Verification - `cargo test -p codex-tui bottom_pane::command_popup`
## Why `sandbox_permissions = "require_escalated"` is treated as an explicit request to approve the command and run it outside the filesystem/platform sandbox. Before this change, shell and unified exec still registered managed network approval context and could inject Codex-managed proxy state into the child process, which meant an approved escalated command could still hit a second network approval path. This PR makes that escalation boundary consistent: once a command is explicitly approved to run outside the sandbox, Codex does not also route that process through the managed network proxy. ## Security impact Command/filesystem sandbox approval now implies network approval for that command. If an untrusted command or script is allowed to run with `require_escalated`, its network calls are unsandboxed: Codex-managed network allowlists and denylists are not respected for that process, so the command can exfiltrate any data it can read. ## What changed - Skip managed network approval specs for `SandboxPermissions::RequireEscalated`. - Pass `network: None` into shell, zsh-fork shell, and unified exec sandbox preparation for explicitly escalated requests. - Strip Codex-managed proxy environment variables when `CODEX_NETWORK_PROXY_ACTIVE` is present, while preserving user proxy env when the Codex marker is absent. - Add regression coverage for the prepared exec request so the old behavior cannot silently reappear. ## Verification - `cargo test -p codex-core explicit_escalation` - `cargo clippy -p codex-core --all-targets -- -D warnings`
## Why Windows can represent the same canonical local path with either a normal drive path or a verbatim device path prefix. The failure pattern that motivated this PR was an assertion diff like `C:\...` versus `\\?\C:\...`: different spellings, same file. That became visible while validating the permissions stack above this PR. The stack increasingly routes paths through `AbsolutePathBuf`, which normalizes supported Windows device prefixes, while several existing tests still built expected values directly with `std::fs::canonicalize()` or compared `AbsolutePathBuf::as_path()` to a raw `PathBuf`. On Windows, that can make tests fail because the two sides choose different textual forms for an otherwise equivalent canonical path. This PR is intentionally split out as the bottom PR below openai#19606. The runtime permissions migration should not carry unrelated Windows test stabilization, and reviewers should be able to verify this as a test-only change before looking at the larger permissions changes. ## Failure Modes Covered - `conversation_summary` expected rollout paths were built from raw canonicalized `PathBuf`s, while app-server responses could carry `AbsolutePathBuf`-normalized paths. - `thread_resume` compared returned thread paths directly to previously stored or fixture paths, so a verbatim-prefix spelling could fail an otherwise correct resume. - `marketplace_add` compared plugin install roots through `as_path()` against raw canonicalized paths, reproducing the same `C:\...` versus `\\?\C:\...` mismatch in both app-server and core-plugin coverage. ## What Changed - In `app-server/tests/suite/conversation_summary.rs`, normalize both expected rollout paths and received `ConversationSummary.path` values through `AbsolutePathBuf` before comparing the full summary object. - In `app-server/tests/suite/v2/thread_resume.rs`, normalize both sides of thread path comparisons before asserting equality. This keeps the tests focused on whether resume returned the same existing path, not whether Windows used the same string spelling. - In `app-server/tests/suite/v2/marketplace_add.rs` and `core-plugins/src/marketplace_add.rs`, compare install roots as `AbsolutePathBuf` values instead of comparing an absolute-path wrapper to a raw canonicalized `PathBuf`. ## Behavior This PR does not change production app-server or marketplace behavior. It only changes tests to assert semantic path identity across Windows path spelling variants. It also leaves API response values untouched; the normalization happens inside assertions only. ## Verification Targeted local checks run while extracting this fix: - `cargo test -p codex-app-server get_conversation_summary_by_thread_id_reads_rollout` - `cargo test -p codex-app-server get_conversation_summary_by_relative_rollout_path_resolves_from_codex_home` - `cargo test -p codex-app-server thread_resume_prefers_path_over_thread_id` Windows-specific confidence comes from the Bazel Windows CI job for this PR, since the failure is platform-specific. ## Docs No docs update is needed because this is test-only infrastructure stabilization. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/19604). * openai#19395 * openai#19394 * openai#19393 * openai#19392 * openai#19606 * __->__ openai#19604
I think raising it to 45 minutes in openai#19578 was a mistake for the reasons explained in the comments in the code. Instead, we attempt to defend against timeouts by increasing the number of shards in `app-server-all-test` so that a "true failure" that gets run 3x should not take as much wall clock time.
## Why For npm/Bun-managed installs, the update prompt was treating the latest GitHub release as ready to install. During the `0.124.0` release, GitHub and npm visibility were not atomic: the root npm wrapper could become visible before the npm registry marked that version as the package `latest`. That left a window where users could be prompted to upgrade before npm was ready for the release. ## What changed - Keep GitHub Releases as the candidate latest-version source for npm/Bun installs, but only write the existing `version.json` cache after npm registry metadata proves that same root version is ready. - Add `codex-rs/tui/src/npm_registry.rs` to validate npm readiness by checking `dist-tags.latest` and root package `dist` metadata for the GitHub candidate version. - Move version parsing helpers into `codex-rs/tui/src/update_versions.rs` so that logic can be tested without compiling the release-only `updates.rs` module under tests. - Update `.github/workflows/rust-release.yml` so the six known platform tarballs publish before the root `@openai/codex` wrapper. Other npm tarballs publish before the root wrapper, and the SDK publishes after the root package it depends on.
Fixes multiple scrollback and terminal resize issues: openai#5538, openai#5576, openai#8352, openai#12223, openai#16165, and openai#15380. ## Why Codex writes finalized transcript output into terminal scrollback after wrapping it for the current viewport width. A later terminal resize could leave that scrollback shaped for the old width, so wider windows kept narrow output and narrower windows could show stale wrapping artifacts until enough new output replaced the visible area. This is also the foundation PR for responsive markdown tables. Table rendering needs finalized transcript content to be width-sensitive after insertion, not only while content is first streaming. Markdown table rendering itself stays in openai#18576. ## Stack - PR1: resize backlog reflow and interrupt cleanup - openai#18576: markdown table support ## What Changed - Rebuild source-backed transcript history when the terminal width changes. `terminal_resize_reflow` is introduced through the experimental feature system, but is enabled by default for this rollout so we can validate behavior across real terminals. - Preserve assistant and plan stream source so finalized streaming output can participate in resize reflow after consolidation. - Debounce resize work, but force a final source-backed reflow when a resize happened during active or unconsolidated streaming output. - Clear stale pending history lines on resize so old-width wrapped output is not emitted just before rebuilt scrollback. - Bound replay work with `[tui.terminal_resize_reflow].max_rows`: omitted uses terminal-specific defaults, `0` keeps all rendered rows, and a positive value sets an explicit cap. The cap applies both while initially replaying a resumed transcript into scrollback and when rebuilding scrollback after terminal resize. - Consolidate interrupted assistant streams before cleanup, then clear pending stream output and active-tail state consistently. - Move resize reflow and thread event buffering helpers out of `app.rs` into dedicated TUI modules. - Add focused coverage for resize reflow, feature-gated behavior, streaming source preservation, interrupted output cleanup, unicode-neutral text, terminal-specific row caps, and composer/layout stability. ## Runtime Bounds Resize reflow keeps only the most recent rendered rows when a row cap is active. The default is `auto`, which maps to the detected terminal's default scrollback size where Codex can identify it: VS Code `1000`, Windows Terminal `9001`, WezTerm `3500`, and Alacritty `10000`. Terminals without a dedicated mapping use the conservative fallback of `1000` rows. Users can override this with `[tui.terminal_resize_reflow] max_rows = N`, or set `max_rows = 0` to disable row limiting. ## Validation - `just fmt` - `git diff --check` - `cargo test --manifest-path codex-rs/Cargo.toml -p codex-tui reflow` - `cargo test --manifest-path codex-rs/Cargo.toml -p codex-tui transcript_reflow` - `just fix -p codex-tui` - PR CI in progress on the squashed branch
Some providers of Responses API forward a model-defined `end_turn` boolean indicating explicitly the model's indication of whether it would like to end the turn or to be inferenced again. In this PR, we update the sampling loop to use this field correctly if it's set. If the field is not set by the provider, we fall back to the existing sampling logic.
This removes the hidden `codex responses` CLI subcommand after confirming no downstream callers rely on it, deleting the raw Responses passthrough implementation, unregistering the subcommand, and dropping the now-unused CLI dependencies on `codex-api` and `codex-model-provider`.
## Why Windows Bazel runs in the permissions stack exposed that app-server integration tests were launching normal plugin startup warmups in every subprocess. Those warmups can call `https://chatgpt.com/backend-api/plugins/featured` when a test is not specifically exercising plugin startup, which adds slow background work, noisy stderr, and dependence on external network state. The relevant startup/featured-plugin behavior was introduced across openai#15042 and openai#15264. A few app-server tests also had long optional waits or unbounded cleanup paths, making failures expensive to diagnose and contributing to slow Windows shards. One external-agent config test from openai#18246 used a GitHub-style marketplace source, which was enough to exercise the pending remote-import path but also meant the background completion task could attempt a real clone. ## What Changed - Adds explicit `AppServerRuntimeOptions` / `PluginStartupTasks` plumbing and a hidden debug-only `--disable-plugin-startup-tasks-for-tests` app-server flag, so integration tests can suppress startup plugin warmups without adding a production env-var gate. - Has the app-server test harness pass that hidden flag by default, while opting plugin-startup coverage back in for tests that intentionally exercise startup sync and featured-plugin warmup behavior. - Lowers normal app-server subprocess logging from `info`/`debug` to `warn` to avoid multi-megabyte stderr output in Bazel logs. - Prevents the external-agent config test from attempting a real marketplace clone by using an invalid non-local source while still exercising the pending-import completion path. - Bounds optional filesystem/realtime waits and fake WebSocket test-server shutdown so failures produce targeted timeouts instead of hanging a shard. - Fixes the Unix script-resolution test in `rmcp-client` to exercise PATH resolution directly and include the actual spawn error in failures. ## Verification - `cargo check -p codex-app-server` - `cargo clippy -p codex-app-server --tests -- -D warnings` - `cargo test -p codex-rmcp-client program_resolver::tests::test_unix_executes_script_without_extension` - `cargo test -p codex-app-server --test all external_agent_config_import_sends_completion_notification_after_pending_plugins_finish -- --nocapture` - `cargo test -p codex-app-server --test all plugin_list_uses_warmed_featured_plugin_ids_cache_on_first_request -- --nocapture` - Windows Local Bazel passed with this test-hardening bundle before it was extracted from openai#19606. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/19683). * openai#19395 * openai#19394 * openai#19393 * openai#19392 * openai#19606 * __->__ openai#19683
…nai#20291) Remove ApiVersion::V1
## Summary - [x] Move the allowlist out of core crate - [x] Add Teams, SharePoint, Outlook Email, and Outlook Calendar to the tool_suggest discoverable plugin allowlist - [x] Add focused coverage for Microsoft curated plugin discovery ## Testing - just fmt - cargo test -p codex-core-plugins - cargo test -p codex-core list_tool_suggest_discoverable_plugins_returns_
## Why After `hooks/list` exposes the hook inventory, clients need a way to persist user hook preferences, make those changes effective in already-open sessions, and distinguish user-controllable hooks from managed requirements without adding another bespoke app-server write API. ## What - Extends `hooks/list` entries with effective `enabled` state. - Persists user-level hook state under `hooks.state.<hook-id>` so the model can grow beyond a single boolean over time. - Uses the existing `config/batchWrite` path for hook state updates instead of introducing a dedicated hook write RPC. - Refreshes live session hook engines after config writes so already-open threads observe updated enablement without a restart. ## Stack 1. openai#19705 2. openai#19778 3. This PR - openai#19840 4. openai#19882 ## Reviewer Notes The generated schema files account for much of the raw diff. The core behavior is in: - `hooks/src/config_rules.rs`, which resolves per-hook user state from the config layer stack. - `hooks/src/engine/discovery.rs`, which projects effective enablement into `hooks/list` from source-derived managedness. - `config/src/hook_config.rs`, which defines the new `hooks.state` representation. - `core/src/session/mod.rs`, which rebuilds live hook state after user config reloads. --------- Co-authored-by: Codex <noreply@openai.com>
## Why openai#20271 increased the `90`-minute timeout in `rust-release.yml`, but it did not update the reusable Windows workflow in `rust-release-windows.yml`. As a result, the Windows release compile jobs were still capped at `60` minutes and the `windows-x64` primary build could continue timing out. We are keeping the existing `90`-minute timeout in `rust-release.yml`. That increase was still directionally correct because the top-level release build benefits from extra headroom; the mistake was assuming it also covered the reusable Windows jobs. ## What Changed - increase the reusable Windows release workflow timeouts in `rust-release-windows.yml` from `60` minutes to `90` minutes - update the comment in `rust-release.yml` so it no longer implies that the top-level timeout covers the Windows reusable jobs
- Added persisted `/goal` workflows with app-server APIs, model tools, runtime continuation, and TUI controls for create, pause, resume, and clear. (openai#18073, openai#18074, openai#18075, openai#18076, openai#18077, openai#20082) - Added `codex update`, configurable TUI keymaps, plan-mode nudges, action-required terminal titles, and active-turn `/statusline` and `/title` edits. (openai#19933, openai#18593, openai#19901, openai#18372, openai#19917) - Expanded permission profiles with built-in defaults, sandbox CLI profile selection, cwd controls, and active-profile metadata for clients. (openai#19900, openai#20117, openai#20118, openai#20095) - Improved plugin workflows with marketplace installation, remote bundle caching, remote uninstall, plugin-bundled hooks, hook enablement state, and external-agent config import. (openai#18704, openai#19914, openai#19456, openai#19705, openai#19840, openai#19949) - Added external agent session import, including background imports and imported-session title handling. (openai#19895, openai#20284, openai#20261) - Made MultiAgentV2 configuration more explicit with thread caps, wait-time controls, root/subagent hints, and v2-specific depth handling. (openai#19360, openai#19792, openai#19805, openai#20052, openai#20180) ## Bug Fixes - Fixed several resume and interruption issues, including stale interrupt hangs, persisted provider restoration, large remote resume responses, and slow filtered resume lists. (openai#18392, openai#19287, openai#19920, openai#19591) - Improved TUI reliability around terminal resize reflow, markdown list spacing, slash-command popup layout, keyboard cleanup, shell-mode escape, and working status updates. (openai#18575, openai#19706, openai#19511, openai#19625, openai#19986, openai#19939) - Hardened managed network behavior for deferred denials, proxy bypass defaults, resolved target checks, IPv6 host matching, and `git -C` approval handling. (openai#19184, openai#20002, openai#19999, openai#19995, openai#20085) - Fixed Windows sandbox and PTY edge cases, including pseudoconsole startup, elevated runner process handling, core shell environment inheritance, and named-pipe validation. (openai#20042, openai#19211, openai#20089, openai#19283) - Fixed Bedrock model support for `apply_patch`, GPT-5.4 reasoning levels, and updated Bedrock GPT-5.4 endpoint/model metadata. (openai#19416, openai#19461, openai#20109) - Fixed MCP/plugin edge cases around stdio server cleanup, plugin MCP approval persistence, and custom MCP metadata isolation. (openai#19753, openai#19537, openai#19836, openai#19875) ## Documentation - Updated the bundled OpenAI Docs skill for GPT-5.5, `gpt-image-2`, and clearer upgrade guidance. (openai#19407, openai#19443, openai#19422) - Clarified contributor-facing docs, including the PR template, Rust async trait guidance, and README wording. (openai#19912, openai#20242, openai#19514) - Added a checked-in `codex-core` public API listing and a ThreadManager sample crate. (openai#20243, openai#20141) ## Chores - Published `codex-app-server` release artifacts, stopped publishing GNU Linux binaries, and increased release workflow timeouts. (openai#19447, openai#19445, openai#20271, openai#20343) - Added Codex-pinned versioning for the Python app-server SDK package. (openai#18996) - Deprecated `--full-auto` while steering users toward explicit permission profiles and trust flows. (openai#20133) - Stabilized CI and release plumbing with Bazel setup migration, release smoke-test pinning, and updated workflow pins/timeouts. (openai#19851, openai#19854, openai#19472, openai#19609) ## Changelog Full Changelog: openai/codex@rust-v0.125.0...rust-v0.128.0 - openai#19124 Make MultiAgentV2 interruption markers assistant-authored @jif-oai - openai#19354 chore: alias max_concurrent_threads_per_session @jif-oai - openai#19360 feat: surface multi-agent thread limit in spawn description @jif-oai - openai#19351 Add agents.interrupt_message for interruption markers @jif-oai - openai#18392 Fix hang on turn/interrupt @danwang-oai - openai#19380 chore: drop MCP Plugins and App from Morpheus @jif-oai - openai#18907 respect workspace option for disabling plugins @zamoshchin-openai - openai#19283 check PID of named pipe consumer @iceweasel-oai - openai#19407 Update bundled OpenAI Docs skill for GPT-5.5 @kkahadze-oai - openai#19163 Harden package-manager install policy @mcgrew-oai - openai#19416 Fix: use function apply_patch tool for Bedrock model @celia-oai - openai#19093 [codex] Omit fork turns from thread started notifications @euroelessar - openai#19244 Update unix socket transport to use WebSocket upgrade @willwang-openai - openai#19170 Skip disabled rows in selection menu numbering and default focus @canvrno-oai - openai#19414 permissions: make legacy profile conversion cwd-free @bolinfest - openai#18900 Migrate fork and resume reads to thread store @wiltzius-openai - openai#19445 ci: stop publishing GNU Linux release artifacts @bolinfest - openai#19443 Add gpt-image-2 to bundled OpenAI Docs skill @kkahadze-oai - openai#18584 [4/4] Honor Streamable HTTP MCP placement @aibrahim-oai - openai#19447 ci: publish codex-app-server release artifacts @bolinfest - openai#19422 Clarify bundled OpenAI Docs upgrade guide wording @kkahadze-oai - openai#19266 [codex] add non-local thread store regression harness @wiltzius-openai - openai#19098 feat: Compress skill paths with root aliases @xl-openai - openai#19207 [codex] Forward Codex Apps tool call IDs to backend metadata @rreichel3-oai - openai#19453 Serialize legacy Windows PowerShell sandbox tests @dylan-hurd-oai - openai#19234 Refactor log DB into LogWriter interface @rasmusrygaard - openai#19461 fix: Bedrock GPT-5.4 reasoning levels @celia-oai - openai#19449 permissions: remove legacy read-only access modes @bolinfest - openai#19472 ci: pin codex-action v1.7 @viyatb-oai - openai#19468 Fix Bazel cargo_bin runfiles paths @fjord-oai - openai#19410 Remove js_repl feature @fjord-oai - openai#18073 Add goal persistence foundation (1 / 5) @etraut-openai - openai#18074 Add goal app-server API (2 / 5) @etraut-openai - openai#18075 Add goal model tools (3 / 5) @etraut-openai - openai#18076 Add goal core runtime (4 / 5) @etraut-openai - openai#18077 Add goal TUI UX (5 / 5) @etraut-openai - openai#19454 Split approval matrix test groups @dylan-hurd-oai - openai#19514 Fix codex-rs README grammar @etraut-openai - openai#19459 Enable unavailable dummy tools by default @mzeng-openai - openai#19524 [codex] Prune unused codex-mcp API and duplicate helpers @aibrahim-oai - openai#19526 [codex] Order codex-mcp items by visibility @aibrahim-oai - openai#19578 fix: increase Bazel timeout to 45 minutes @bolinfest - openai#19287 Restore persisted model provider on thread resume @etraut-openai - openai#19593 test: isolate remote thread store regression from plugin warmups @bolinfest - openai#19511 Keep slash command popup columns stable while scrolling @etraut-openai - openai#19595 [codex] Bypass managed network for escalated exec @viyatb-oai - openai#19604 test: stabilize app-server path assertions on Windows @bolinfest - openai#19609 fix: restore 30-minute timeout for Bazel builds @bolinfest - openai#19389 Guard npm update readiness @shijie-oai - openai#18575 fix(tui): reflow scrollback on terminal resize @fcoury-oai - openai#19610 Support end_turn in response.completed @andmis - openai#19640 [codex] remove responses command @tibo-openai - openai#19683 test: harden app-server integration tests @bolinfest - openai#18904 feat: load AgentIdentity from JWT login/env @efrazer-oai - openai#19606 permissions: make runtime config profile-backed @bolinfest - openai#19392 permissions: derive compatibility policies from profiles @bolinfest - openai#19484 Lift app-server JSON-RPC error handling to request boundary @pakrym-oai - openai#19487 [codex] Move config loading into codex-config @pakrym-oai - openai#19393 permissions: migrate approval and sandbox consumers to profiles @bolinfest - openai#19726 Fix codex-core config test type paths @pakrym-oai - openai#19727 test: increase core-all-test shard count to 16 @bolinfest - openai#19725 Split MCP connection modules @aibrahim-oai - openai#19605 Delete unused ResponseItem::Message.end_turn @andmis - openai#19394 permissions: remove core legacy policy round trips @bolinfest - openai#19733 Allow agents.max_threads to work with multi_agent_v2 @andmis - openai#19395 permissions: finish profile-backed app surfaces @bolinfest - openai#19739 inline hostname resolution for remote sandbox config @abhinav-oai - openai#19734 permissions: centralize legacy sandbox projection @bolinfest - openai#19058 Add /auto-review-denials retry approval flow @won-openai - openai#19735 permissions: store only constrained permission profiles @bolinfest - openai#19736 permissions: constrain requirements as profiles @bolinfest - openai#19737 permissions: derive legacy exec policies at boundaries @bolinfest - openai#19779 Add Codex issue digest skill @etraut-openai - openai#19792 multi_agent_v2: move thread cap into feature config @jif-oai - openai#18982 feat: use git-backed workspace diffs for memory consolidation @jif-oai - openai#19809 Allow Phase 2 memory claims after retry exhaustion @jif-oai - openai#19812 Avoid rewriting Phase 2 selection on clean workspace @jif-oai - openai#19813 nit: one more fix @jif-oai - openai#19818 chore: split memories part 1 @jif-oai - openai#19510 Hide rewind preview when no user message exists @etraut-openai - openai#19618 Persist shell mode commands in prompt history @etraut-openai - openai#19709 Render delegated patch approval details @etraut-openai - openai#19490 Streamline plugin, apps, and skills handlers @pakrym-oai - openai#19762 refactor: make auth loading async @efrazer-oai - openai#19854 ci: pin npm staging smoke test to a recent rust-release run @bolinfest - openai#19851 ci: migrate Bazel setup away from archived setup-bazelisk @bolinfest - openai#19491 Streamline account and command handlers @pakrym-oai - openai#19771 fix: filter dynamic deferred tools from model_visible_specs @sayan-oai - openai#19863 [codex-analytics] remove ga flag @rhan-oai - openai#19865 Cap original-detail image token estimates @fjord-oai - openai#19591 Fix filtered thread-list resume regression in TUI @etraut-openai - openai#19513 Delay approval prompts while typing @etraut-openai - openai#19706 Preserve TUI markdown list spacing after code blocks @etraut-openai - openai#19841 permissions: remove cwd special path @bolinfest - openai#19492 Streamline thread start handler @pakrym-oai - openai#19874 [codex-backend] Prefer state git metadata in filtered thread lists @joeytrasatti-openai - openai#19493 Streamline thread mutation handlers @pakrym-oai - openai#19862 [codex] Shard exec Bazel integration test @starr-openai - openai#18996 Publish Python SDK with Codex-pinned versioning @sdcoffey - openai#19494 Streamline thread read handlers @pakrym-oai - openai#19839 [codex] Trace cancelled inference streams @cassirer-openai - openai#19495 Streamline thread resume and fork handlers @pakrym-oai - openai#19497 Streamline turn and realtime handlers @pakrym-oai - openai#18372 Show action required in terminal title @canvrno-oai - openai#19884 Add MCP app feature flag @mzeng-openai - openai#19498 Streamline review and feedback handlers @pakrym-oai - openai#19772 permissions: derive config defaults as profiles @bolinfest - openai#19836 disallow fileparams metadata for custom mcps @colby-oai - openai#19892 Refactor exec-server filesystem API into codex-file-system @miz-openai - openai#19452 Stabilize plugin MCP fixture tests @dylan-hurd-oai - openai#19481 Remove ghost snapshots @pakrym-oai - openai#19773 permissions: require profiles in TUI thread state @bolinfest - openai#19917 Allow /statusline and /title slash commands during active turns @canvrno-oai - openai#19763 refactor: load agent identity runtime eagerly @efrazer-oai - openai#17689 [codex-analytics] include user agent in default headers @marksteinbrick-oai - openai#19912 Clarify PR template invitation requirement @etraut-openai - openai#19630 Avoid persisting ShutdownComplete after thread shutdown @etraut-openai - openai#19774 permissions: make SessionConfigured profile-only @bolinfest - openai#19775 permissions: derive snapshot sandbox projections @bolinfest - openai#19920 Allow large remote app-server resume responses @etraut-openai - openai#19776 permissions: store thread sessions as profiles @bolinfest - openai#19899 app-server-protocol: mark permission profiles experimental @bolinfest - openai#19933 Add `codex update` command @etraut-openai - openai#19914 feat: Cache remote plugin bundles on install @xl-openai - openai#19456 Add remote plugin uninstall API @xli-oai - openai#19805 Add MultiAgentV2 root and subagent context hints @jif-oai - openai#19860 feat: split memories part 2 @jif-oai - openai#19961 feat: fix hinting 2 @jif-oai - openai#19963 feat: fix hinting 3 @jif-oai - openai#19967 Stabilize memory Phase 2 input ordering @jif-oai - openai#19970 feat: trigger memories from user turns with cooldown @jif-oai - openai#19904 fix: configure AgentIdentity AuthAPI base URL @efrazer-oai - openai#19990 feat: skip memory startup when Codex rate limits are low @jif-oai - openai#19998 feat: house-keeping memories 1 @jif-oai - openai#20000 feat: house-keeping memories 2 @jif-oai - openai#19832 Preserve assistant phase for replayed messages @friel-openai - openai#19625 Reset TUI keyboard reporting on exit @etraut-openai - openai#18593 feat(tui): add configurable keymap support @fcoury-oai - openai#19846 [sandbox] Enforce protected workspace metadata paths @evawong-oai - openai#20005 feat: house-keeping memories 3 @jif-oai - openai#19929 TUI: use cumulative turn duration for worked-for separator @etraut-openai - openai#19753 Terminate stdio MCP servers on shutdown to avoid process leaks @etraut-openai - openai#19473 Add turn start timestamp to turn metadata @mchen-oai - openai#19875 Strip connector provenance metadata from custom MCP tools @colby-oai - openai#19764 feat: verify agent identity JWTs with JWKS @efrazer-oai - openai#19847 Enforce workspace metadata protections in Seatbelt @evawong-oai - openai#19509 Record MCP result telemetry on mcp.tools.call spans @mchen-oai - openai#19907 Clarify network approval auto-review prompts @maja-openai - openai#19901 feat(tui): suggest plan mode from composer drafts @fcoury-oai - openai#19931 Move local /resume cwd filtering into thread/list @canvrno-oai - openai#19986 fix(tui): let esc exit empty shell mode @fcoury-oai - openai#19895 External agent session support @stefanstokic-oai - openai#20002 fix(network-proxy): tighten network proxy bypass defaults @viyatb-oai - openai#19900 permissions: add built-in default profiles @bolinfest - openai#20045 Fix plan mode nudge test after task completion signature change @canvrno-oai - openai#19432 [codex] Add token usage to turn tracing spans @charley-openai - openai#20001 fix(network-proxy): harden linux proxy bridge helpers @viyatb-oai - openai#19959 Fix log db batch flush flake @dylan-hurd-oai - openai#17373 app-server: run initialized rpcs with keyed serialization @euroelessar - openai#19708 Load cloud requirements for agent identity @shijie-oai - openai#19999 fix(network-proxy): recheck network proxy connect targets @viyatb-oai - openai#20047 app-server: allow remote_control runtime feature override @euroelessar - openai#20052 Make MultiAgentV2 wait minimum configurable @jif-oai - openai#20008 tui: use permission profiles for sandbox state @bolinfest - openai#20068 app-server: disable remote control without sqlite @euroelessar - openai#20066 [rollout-trace] Include x-request-id in rollout trace. @cassirer-openai - openai#19705 Discover hooks bundled with plugins @abhinav-oai - openai#18704 /plugins: add marketplace install flow @canvrno-oai - openai#20085 fix: don't auto approve git -C ... @owenlin0 - openai#20088 Fix flaky plugin hook env test @abhinav-oai - openai#19995 fix(network-proxy): normalize network proxy host matching @viyatb-oai - openai#20010 core tests: submit turns with permission profiles @bolinfest - openai#20092 Return None when auth refresh fails @gpeal - openai#19919 app-server: notify clients of remote-control status changes @euroelessar - openai#20097 Refine Codex issue digest summaries @etraut-openai - openai#20011 core tests: build user turns from permission profiles @bolinfest - openai#20013 core tests: migrate more turns to permission profiles @bolinfest - openai#20015 core tests: configure profiles directly @bolinfest - openai#20016 core tests: send model turns with permission profiles @bolinfest - openai#20100 Increase plugin hook env test timeout @abhinav-oai - openai#20018 core tests: migrate model/personality turns to profiles @bolinfest - openai#20021 core tests: migrate view image turns to profiles @bolinfest - openai#20024 core tests: migrate safety check turns to profiles @bolinfest - openai#20026 core tests: migrate plan item turns to profiles @bolinfest - openai#20027 core tests: migrate tools tests to permission profiles @bolinfest - openai#20028 core tests: migrate permissions message tests to profiles @bolinfest - openai#20030 core tests: migrate exec policy turns to profiles @bolinfest - openai#20032 core tests: migrate prompt caching turns to profiles @bolinfest - openai#20033 core tests: migrate request permissions tool turns to profiles @bolinfest - openai#20034 core tests: migrate zsh-fork permissions to profiles @bolinfest - openai#20035 core tests: migrate compact turns to profiles @bolinfest - openai#20037 core tests: migrate rmcp turns to profiles @bolinfest - openai#20040 core tests: migrate apply patch turns to profiles @bolinfest - openai#20041 core tests: migrate hook turns to profiles @bolinfest - openai#20072 Support disabling tool suggest for specific tools. @mzeng-openai - openai#19949 Support detect and import MCP, Subagents, hooks, commands from external @alexsong-oai - openai#19442 feat: disable capabilities by model provider @celia-oai - openai#20108 fix: restore live event submit path for apply patch tests @bolinfest - openai#19939 Restore TUI working status after steer message is set @canvrno-oai - openai#20086 Fix plugin list workspace settings test isolation @canvrno-oai - openai#20049 feat: expose provider capability bounds to app server clients @celia-oai - openai#20109 feat: update Bedrock Mantle endpoint and GPT-5.4 model ID @celia-oai - openai#20106 linux-sandbox: switch helper plumbing to PermissionProfile @bolinfest - openai#20112 Soften skill description budget warnings @xl-openai - openai#20058 Add environment provider snapshot @starr-openai - openai#20133 chore(cli) deprecate --full-auto @dylan-hurd-oai - openai#20117 feat(cli): add explicit sandbox permission profiles @viyatb-oai - openai#20139 Delete multi_agent_v2 followup_task interrupt parameter @andmis - openai#20118 feat(cli): add sandbox profile config controls @viyatb-oai - openai#20144 Fix migrated hook path rewriting @alexsong-oai - openai#20042 Fix Windows pseudoconsole attribute handling for sandboxed PTY sessions @iceweasel-oai - openai#20186 nit: drop old memories things @jif-oai - openai#20180 Make multi-agent v2 ignore agents.max_depth @jif-oai - openai#20082 Use /goal resume for paused goals @etraut-openai - openai#20172 TUI: Remove core protocol dependency [1/7] @etraut-openai - openai#19211 Improve Windows process management edge cases @iceweasel-oai - openai#20123 [rollout-tracer] Match analysis messages on encrypted id. @cassirer-openai - openai#20173 TUI: Remove core protocol dependency [2/7] @etraut-openai - openai#20174 TUI: Remove core protocol dependency [3/7] @etraut-openai - openai#20228 [codex-backend] Prefer sqlite git info for rollout-path reads @joeytrasatti-openai - openai#20141 Add ThreadManager sample crate @pakrym-oai - openai#20046 test protocol: lock inter-agent commentary phase @friel-openai - openai#20064 Include auto-review rollout in feedback uploads @won-openai - openai#20096 feat: Use remote installed plugin cache for skills and MCP @xl-openai - openai#19184 fix: handle deferred network proxy denials @viyatb-oai - openai#20089 expand the set of core shell env vars for Windows. @iceweasel-oai - openai#17088 [codex-analytics] ingest server requests and responses @rhan-oai - openai#20091 [tool_suggest] Improve tool_suggest triggering conditions. @mzeng-openai - openai#20258 app-server: fix outgoing sender test setup @sayan-oai - openai#20050 [app-server] type client response payloads @rhan-oai - openai#19966 Require remote plugin detail before uninstall @xli-oai - openai#20059 [app-server] centralize client response analytics @rhan-oai - openai#19334 Fallback login callback port when default is busy @xli-oai - openai#20231 [apps] Add apps MCP path override @adaley-openai - openai#20242 docs: discourage `#[async_trait]` and `#[allow(async_fn_in_trait)]` @bolinfest - openai#19620 Escape turn metadata headers as ASCII JSON @etraut-openai - openai#19537 [mcp] Fix plugin MCP approval policy. @mzeng-openai - openai#19229 Add agent graph store interface @rasmusrygaard - openai#20243 Add codex-core public API listing @pakrym-oai - openai#19435 stop blocking unified_exec on Windows @iceweasel-oai - openai#19852 Enforce workspace metadata protections in Linux sandbox @evawong-oai - openai#20136 Update Codex login success page UX @rafael-jac - openai#20271 chore: increase release build timeout from 60 min to 90 @bolinfest - openai#19778 Add hooks/list app-server RPC @abhinav-oai - openai#20261 Consume ai-title from external sessions and add end marker @alexsong-oai - openai#20284 Import external agent sessions in background @stefanstokic-oai - openai#20149 Reduce the surface of collaboration modes @pakrym-oai - openai#20282 tui: return from side chat on Ctrl-D @etraut-openai - openai#20250 update codex_plugins_beta_setting (from workspace settings) @zamoshchin-openai - openai#20080 [codex-analytics] prevent stale guardian events from satisfying reused reviews @rhan-oai - openai#20291 app-server: remove dead api version handling from bespoke events @pakrym-oai - openai#20304 [plugins] Allow MSFT curated plugins in tool_suggest @mzeng-openai - openai#20095 permissions: expose active profile metadata @bolinfest - openai#19840 Add persisted hook enablement state @abhinav-oai - openai#20343 ci: increase Windows release workflow timeouts @bolinfest
…e CLI (#2) * feat: add interactive event stream contract and schema pinning * fix: address codex review feedback for event stream contract * fix: restore terminal on logger init failure and guard stdout stream mode * fix: make stdio event stream mode reachable without TUI output corruption
* Add interactive control socket with idempotent request routing * Handle control clients concurrently with capped request reads * Serialize dedupe checks to enforce request idempotency * Refuse live control socket paths unless stale * Bound control worker fanout and request id size
* Add interactive control socket with idempotent request routing * Handle control clients concurrently with capped request reads * Serialize dedupe checks to enforce request idempotency * Refuse live control socket paths unless stale * Bound control worker fanout and request id size * Render control-socket submit_message in TUI * Preserve literal control input semantics and harden socket cleanup
* Route control socket messages as user turns * Preserve target thread for external messages * Avoid untargeted queue for thread messages * Use target thread context for external messages * Preserve literal queued external messages * Preserve targeted external turn policy * Keep queued external messages literal * Mark external literal turns pending * Mark targeted external turns pending * Queue pending external literal turns * Gate targeted external history on acceptance * Keep targeted external steers thread-local * Preserve literal targeted steer retries * Preserve steer retry action across thread switches * Track targeted steer submit outcome * Preserve queued literal retry semantics * Track pending starts for targeted inputs * Queue targeted active-thread literals * Extract external literal chat handling * Handle external sends through thread routing * Reject inactive non-steerable external sends
* Add control socket thread rename * Cache invalid control rename responses
Owner
Author
|
@codex review |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: fdc208ee53
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Owner
Author
|
@codex review |
Fix cargo deny by ack the `RUSTSEC` while a fix land
```
RUSTSEC-2026-0118
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
RUSTSEC-2026-0119
CPU exhaustion during message encoding due to O(n²) name compression
Dependency path:
hickory-proto 0.25.2
└── hickory-resolver 0.25.2
└── rama-dns 0.3.0-alpha.4
└── rama-tcp 0.3.0-alpha.4
└── codex-network-proxy
```
Also upgrade some workers version to prevent this:
```
warning[license-not-encountered]: license was not encountered
┌─ ./codex-rs/deny.toml:131:6
│
131 │ "OpenSSL",
│ ━━━━━━━ unmatched license allowance
warning[duplicate]: found 2 duplicate entries for crate 'base64'
┌─ /github/workspace/codex-rs/Cargo.lock:79:1
│
79 │ ╭ base64 0.21.7 registry+https://github.com/rust-lang/crates.io-index
80 │ │ base64 0.22.1 registry+https://github.com/rust-lang/crates.io-index
│ ╰───────────────────────────────────────────────────────────────────┘ lock entries
```
(cherry picked from commit 5744b85)
Owner
Author
|
@codex review |
|
Codex Review: Didn't find any major issues. 🎉 ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification