51 Commits

  • sdk: launch packaged Codex runtimes (#23786)
    ## Why
    
    The Python and TypeScript SDKs launch the native Codex runtime directly,
    so they need to consume the same package artifact shape that release
    jobs now produce. The runtime wheel should be built from the canonical
    Codex package archive rather than reconstructing a parallel layout from
    loose binaries.
    
    ## What Changed
    
    - Stage `openai-codex-cli-bin` by extracting
    `codex-package-<target>.tar.gz` into `src/codex_cli_bin` and validating
    the expected package layout.
    - Update release workflows to pass the generated package archive into
    `stage-runtime` instead of the temporary package directory.
    - Update Python runtime setup to download `codex-package-*.tar.gz`
    release assets directly.
    - Expose Python runtime helpers for the bundled package directory and
    `codex-path`, and prepend that path when `openai_codex` launches the
    installed runtime without duplicating Windows `Path`/`PATH` keys.
    - Teach the TypeScript SDK to resolve package-layout optional
    dependencies while keeping the existing npm fallback layout, and
    preserve the existing Windows path variable casing when prepending
    `codex-path`.
    
    ## Test Plan
    
    - `python3 -m py_compile sdk/python/scripts/update_sdk_artifacts.py
    sdk/python/_runtime_setup.py sdk/python/src/openai_codex/client.py
    sdk/python-runtime/src/codex_cli_bin/__init__.py`
    - `uv run --frozen --project sdk/python --extra dev ruff check
    sdk/python/scripts/update_sdk_artifacts.py sdk/python/_runtime_setup.py
    sdk/python/src/openai_codex/client.py
    sdk/python/tests/test_artifact_workflow_and_binaries.py
    sdk/python-runtime/src/codex_cli_bin/__init__.py`
    - `uv run --frozen --project sdk/python --extra dev pytest
    sdk/python/tests/test_artifact_workflow_and_binaries.py`
    - `pnpm eslint src/exec.ts tests/exec.test.ts`
    - `pnpm test --runInBand tests/exec.test.ts`
  • [codex] preserve MCP result meta in McpToolCallItemResult (#22946)
    ## Summary
    
    https://openai.slack.com/archives/C0ARA9UAQEA/p1778890981647319?thread_ts=1778888537.934319&cid=C0ARA9UAQEA
    
    
    - Add `_meta` to exec JSONL MCP tool call result events.
    - Copy MCP result metadata through the JSONL event conversion.
    - Add a focused test that verifies `_meta` is serialized as `_meta` and
    not `meta`.
    
    
    ## Verification
    
    https://www.notion.so/openai/Miaolin-0516-_meta-population-debug-3628e50b62b08074b365e0ce1ffb8f74
  • [codex] Remove unused legacy shell tools (#22246)
    ## Why
    
    Recent session history showed no active use of the raw `shell`,
    `local_shell`, or `container.exec` execution surfaces. Keeping those
    handlers/specs wired into core leaves duplicate shell execution paths
    alongside the supported `shell_command` and unified exec tools.
    
    ## What changed
    
    - Removed the raw `shell` handler/spec and its `ShellToolCallParams`
    protocol helper.
    - Removed the legacy `local_shell` and `container.exec` handler/spec
    plumbing while preserving persisted-history compatibility for old
    response items.
    - Normalized model/config `default` and `local` shell selections to
    `shell_command`.
    - Pruned tests that exercised removed raw-shell/local-shell/apply-patch
    variants and kept coverage on `shell_command`, unified exec, and
    freeform `apply_patch`.
    
    ## Verification
    
    - `git diff --check`
    - `cargo test -p codex-protocol`
    - `cargo test -p codex-tools`
    - `cargo test -p codex-core tools::handlers::shell`
    - `cargo test -p codex-core tools::spec`
    - `cargo test -p codex-core tools::router`
    - `cargo test -p codex-core
    active_call_preserves_triggering_command_context`
    - `cargo test -p codex-core guardian_tests`
    - `cargo test -p codex-core --test all shell_serialization`
    - `cargo test -p codex-core --test all apply_patch_cli`
    - `cargo test -p codex-core --test all shell_command_`
    - `cargo test -p codex-core --test all local_shell`
    - `cargo test -p codex-core --test all otel::`
    - `cargo test -p codex-core --test all hooks::`
    - `just fix -p codex-core`
    - `just fix -p codex-tools`
  • Harden package-manager install policy (#19163)
    ## Summary
    
    This PR hardens package-manager usage across the repo to reduce
    dependency supply-chain risk. It also removes the stale `codex-cli`
    Docker path, which was already broken on `main`, instead of keeping a
    bitrotted container workflow alive.
    
    ## What changed
    
    - Updated pnpm package manager pins and workspace install settings.
    - Removed stale `codex-cli` Docker assets instead of trying to keep a
    broken local container path alive.
    - Added uv settings and lockfiles for the Python SDK packages.
    - Updated Python SDK setup docs to use `uv sync`.
    
    ## Why
    
    This is primarily a security hardening change. It reduces
    package-install and supply-chain risk by ensuring dependency installs go
    through pinned package managers, committed lockfiles, release-age
    settings, and reviewed build-script controls.
    
    For `codex-cli`, the right follow-up was to remove the local Docker path
    rather than keep patching it:
    
    - `codex-cli/Dockerfile` installed `codex.tgz` with `npm install -g`,
    which bypassed the repo lockfile and age-gated pnpm settings.
    - The local `codex-cli/scripts/build_container.sh` helper was already
    broken on `main`: it called `pnpm run build`, but
    `codex-cli/package.json` does not define a `build` script.
    - The container path itself had bitrotted enough that keeping it would
    require extra packaging-specific behavior that was not otherwise needed
    by the repo.
    
    ## Gaps addressed
    
    - Global npm installs bypassed the repo lockfile in Docker and CLI
    reinstall paths, including `codex-cli/Dockerfile` and
    `codex-cli/bin/codex.js`.
    - CI and Docker pnpm installs used `--frozen-lockfile`, but the repo was
    missing stricter pnpm workspace settings for dependency build scripts.
    - Python SDK projects had `pyproject.toml` metadata but no committed
    `uv.lock` coverage or uv age/index settings in `sdk/python` and
    `sdk/python-runtime`.
    - The secure devcontainer install path used npm/global install behavior
    without a local locked package-manager boundary.
    - The local `codex-cli` Docker helper was already broken on `main`, so
    this PR removes that stale Docker path instead of preserving a broken
    surface.
    - pnpm was already pinned, but not to the current repo-wide pnpm version
    target.
    
    ## Verification
    
    - `pnpm install --frozen-lockfile`
    - `.devcontainer/codex-install`: `pnpm install --prod --frozen-lockfile`
    - `.devcontainer/codex-install`: `./node_modules/.bin/codex --version`
    - `sdk/python`: `uv lock --check`, `uv sync --locked --all-extras
    --dry-run`, `uv build`
    - `sdk/python-runtime`: `uv lock --check`, `uv sync --locked --dry-run`,
    `uv build --wheel`
    - `pnpm -r --filter ./sdk/typescript run build`
    - `pnpm -r --filter ./sdk/typescript run lint`
    - `pnpm -r --filter ./sdk/typescript run test`
    - `node --check codex-cli/bin/codex.js`
    - `docker build -f .devcontainer/Dockerfile.secure -t codex-secure-test
    .`
    - `cargo build -p codex-cli`
    - repo-wide package-manager audit
  • Surface reasoning tokens in exec JSON usage (#19308)
    ## Summary
    
    Fixes #19022.
    
    `codex exec --json` currently emits `turn.completed.usage` with input,
    cached input, and output token counts, but drops the reasoning-token
    split that Codex already receives through thread token usage updates.
    Programmatic consumers that rely on the JSON stream, especially
    ephemeral runs that do not write rollout files, need this field to
    accurately display reasoning-model usage.
    
    This PR adds `reasoning_output_tokens` to the public exec JSON `Usage`
    payload and maps it from the existing `ThreadTokenUsageUpdated` total
    token usage data.
    
    ## Verification
    
    - Added coverage to
    `event_processor_with_json_output::token_usage_update_is_emitted_on_turn_completion`
    so `turn.completed.usage.reasoning_output_tokens` is asserted.
    - Updated SDK expectations for `run()` and `runStreamed()` so TypeScript
    consumers see the new usage field.
    - Ran `cargo test -p codex-exec`.
    - Ran `pnpm --filter ./sdk/typescript run build`.
    - Ran `pnpm --filter ./sdk/typescript run lint`.
    - Ran `pnpm --filter ./sdk/typescript exec jest --runInBand
    --testTimeout=30000`.
  • Remove OPENAI_BASE_URL config fallback (#16720)
    The `OPENAI_BASE_URL` environment variable has been a significant
    support issue, so we decided to deprecate it in favor of an
    `openai_base_url` config key. We've had the deprecation warning in place
    for about a month, so users have had time to migrate to the new
    mechanism. This PR removes support for `OPENAI_BASE_URL` entirely.
  • ci: run SDK tests with a Bazel-built codex (#16046)
    ## Why
    
    Before this change, the SDK CI job built `codex` with Cargo before
    running the TypeScript package tests. That step has been getting more
    expensive as the Rust workspace grows, while the repo already has a
    Bazel-backed build path for the CLI.
    
    The SDK tests also need a normal executable path they can spawn
    repeatedly. Moving the job to Bazel exposed an extra CI detail: a plain
    `bazel-bin/...` lookup is not reliable under the Linux config because
    top-level outputs may stay remote and the wrapper emits status lines
    around `cquery` output.
    
    ## What Changed
    
    - taught `sdk/typescript/tests/testCodex.ts` to honor `CODEX_EXEC_PATH`
    before falling back to the local Cargo-style `target/debug/codex` path
    - added `--remote-download-toplevel` to
    `.github/scripts/run-bazel-ci.sh` so workflows can force Bazel to
    materialize top-level outputs on disk after a build
    - switched `.github/workflows/sdk.yml` from `cargo build --bin codex` to
    the shared Bazel CI setup and `//codex-rs/cli:codex` build target
    - changed the SDK workflow to resolve the built CLI with wrapper-backed
    `cquery --output=files`, stage the binary into
    `${GITHUB_WORKSPACE}/.tmp/sdk-ci/codex`, and point the SDK tests at that
    path via `CODEX_EXEC_PATH`
    - kept the warm-up step before Jest and the Bazel repository-cache save
    step
    
    ## Verification
    
    - `bash -n .github/scripts/run-bazel-ci.sh`
    - `./.github/scripts/run-bazel-ci.sh -- cquery --output=files --
    //codex-rs/cli:codex | grep -E '^(/|bazel-out/)' | tail -n 1`
    - `./.github/scripts/run-bazel-ci.sh --remote-download-toplevel -- build
    --build_metadata=TAG_job=sdk -- //codex-rs/cli:codex`
    - `CODEX_EXEC_PATH="$PWD/.tmp/sdk-ci/codex" pnpm --dir sdk/typescript
    test --runInBand`
    - `pnpm --dir sdk/typescript lint`
  • fix: disable plugins in SDK integration tests (#16036)
    ## Why
    
    The TypeScript SDK tests create a fresh `CODEX_HOME` for each Jest case
    and delete it during teardown. That cleanup has been flaking because the
    real `codex` binary can still be doing background curated-plugin startup
    sync under `.tmp/plugins-clone-*`, which races the test harness's
    recursive delete and leaves `ENOTEMPTY` failures behind.
    
    This path is unrelated to what the SDK tests are exercising, so letting
    plugin startup run during these tests only adds nondeterministic
    filesystem activity. This showed up recently in the `sdk` CI lane for
    [#16031](https://github.com/openai/codex/pull/16031).
    
    ## What Changed
    
    - updated `sdk/typescript/tests/testCodex.ts` to merge test config
    through a single helper
    - disabled `features.plugins` unconditionally for SDK integration tests
    so the CLI does not start curated-plugin sync in the temporary
    `CODEX_HOME`
    - preserved other explicit feature overrides from individual tests while
    forcing `plugins` back to `false`
    - kept the existing mock-provider override behavior intact for
    SSE-backed tests
    
    ## Verification
    
    - `pnpm test --runInBand`
    - `pnpm lint`
  • Prefer websockets when providers support them (#13592)
    Remove all flags and model settings.
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Add openai_base_url config override for built-in provider (#12031)
    We regularly get bug reports from users who mistakenly have the
    `OPENAI_BASE_URL` environment variable set. This PR deprecates this
    environment variable in favor of a top-level config key
    `openai_base_url` that is used for the same purpose. By making it a
    config key, it will be more visible to users. It will also participate
    in all of the infrastructure we've added for layered and managed
    configs.
    
    Summary
    - introduce the `openai_base_url` top-level config key, update
    schema/tests, and route the built-in openai provider through it while
    - fall back to deprecated `OPENAI_BASE_URL` env var but warn user of
    deprecation when no `openai_base_url` config key is present
    - update CLI, SDK, and TUI code to prefer the new config path (with a
    deprecated env-var fallback) and document the SDK behavior change
  • Update pnpm versions to fix cve-2026-24842 (#12009)
    Update pnpm versions to resolve CVE-2026-24842
  • Make codex-sdk depend on openai/codex (#11503)
    Do not bundle all binaries inside the SDK as it makes the package huge.
    Instead depend on openai/codex
  • fix: ensure resume args precede image args (#10709)
    ## Summary
    Fixes argument ordering when `resumeThread()` is used with
    `local_image`. The SDK previously emitted CLI args with `--image` before
    `resume <threadId>`, which caused the Codex CLI to treat `resume`/UUID
    as image paths and start a new session. This PR moves `resume
    <threadId>` before any `--image` flags and adds a regression test.
    
    ## Bug Report / Links
    - OpenAI issue: https://github.com/openai/codex/issues/10708
    - Repro repo:
    https://github.com/cryptonerdcn/codex-resume-local-image-repro
    - Repro issue (repo):
    https://github.com/cryptonerdcn/codex-resume-local-image-repro/issues/1
    
    ## Repro (pre-fix)
    1. Build SDK from source
    2. Run resume + local_image
    3. Args order: `--image <path> resume <id>`
    4. Result: new session created (thread id changes)
    
    ## Fix
    Move `resume <threadId>` before `--image` in `CodexExec.run` and add a
    regression test to assert ordering.
    
    ## Tests
    - `cd sdk/typescript && npm test`
      - **Failed**: `codex-rs/target/debug/codex` missing (ENOENT)
    
    ## Notes
    - I can rerun tests in an environment with `codex-rs` built and report
    results.
  • Fix minor typos in comments and documentation (#10287)
    ## Summary
    
    I have read the contribution guidelines.  
    All changes in this PR are limited to text corrections and do not modify
    any business logic, runtime behavior, or user-facing functionality.
    
    ## Details
    
    This PR fixes several minor typos, including:
    
    - `create` -> `crate`
    - `analagous` -> `analogous`
    - `apply-patch` -> `apply_patch`
    - `codecs` -> `codex`
    - ` '/" ` -> ` '/' `
    - `Respesent` -> `Represent`
  • fix: remove references to corepack (#10138)
    Currently, our `npm publish` logic is failing.
    
    There were a number of things that were merged recently that seemed to
    contribute to this situation, though I think we have fixed most of them,
    but this one stands out:
    
    https://github.com/openai/codex/pull/10115
    
    As best I can tell, we tried to fix the pnpm version to a specific hash,
    but we did not do it consistently (though `shell-tool-mcp/package.json`
    had it specified twice...), so for this PR, I ran:
    
    ```
    $ git ls-files | grep package.json
    codex-cli/package.json
    codex-rs/responses-api-proxy/npm/package.json
    package.json
    sdk/typescript/package.json
    shell-tool-mcp/package.json
    ```
    
    and ensured that all of them now have this line:
    
    ```json
      "packageManager": "pnpm@10.28.2+sha512.41872f037ad22f7348e3b1debbaf7e867cfd448f2726d9cf74c08f19507c31d2c8e7a11525b983febc2df640b5438dee6023ebb1f84ed43cc2d654d2bc326264"
    ```
    
    I also went and deleted all of the `corepack` stuff that was added by
    https://github.com/openai/codex/pull/10115.
    
    If someone can explain why we need it and verify it does not break `npm
    publish`, then we can bring it back.
  • feat: make it possible to specify --config flags in the SDK (#10003)
    Updates the `CodexOptions` passed to the `Codex()` constructor in the
    SDK to support a `config` property that is a map of configuration data
    that will be transformed into `--config` flags passed to the invocation
    of `codex`.
    
    Therefore, something like this:
    
    ```typescript
    const codex = new Codex({
      config: {
        show_raw_agent_reasoning: true,
        sandbox_workspace_write: { network_access: true },
      },
    });
    ```
    
    would result in the following args being added to the invocation of
    `codex`:
    
    ```shell
    --config show_raw_agent_reasoning=true --config sandbox_workspace_write.network_access=true
    ```
  • add WebSearchMode enum (#9216)
    ### What
    Add `WebSearchMode` enum (disabled, cached live, defaults to cached) to
    config + V2 protocol. This enum takes precedence over legacy flags:
    `web_search_cached`, `web_search_request`, and `tools.web_search`.
    
    Keep `--search` as live.
    
    ### Tests
    Added tests
  • fix: handle early codex exec exit (#8825)
    Fixes CodexExec to avoid missing early process exits by registering the
    exit handler up front and deferring the error until after stdout is
    drained, and adds a regression test that simulates a fast-exit child
    while still producing output so hangs are caught.
  • feat(sdk): add xhigh reasoning effort support to TypeScript SDK (#8108)
    Add "xhigh" to the ModelReasoningEffort type to match the Rust backend
    which already supports this reasoning level for models like
    gpt-5.1-codex-max.
  • fix: Upgrade @modelcontextprotocol/sdk to ^1.24.0 (#7817)
    ## What?
    Upgrades @modelcontextprotocol/sdk from ^1.20.2 to ^1.24.0 in the
    TypeScript SDK's devDependencies.
    
    ## Why?
    Related to #7737 - keeping development dependencies up to date with the
    latest MCP SDK version that includes the fix for CVE-2025-66414.
    
    Note: This change does not address the CVE for Codex users, as the MCP
    SDK is only in devDependencies here. The actual MCP integration that
    would be affected by the CVE is in the Rust codebase.
    
    ## How?
    •  Updated dependency version in sdk/typescript/package.json
    •  Ran pnpm install to update lockfile
    •  Fixed formatting (added missing newline in package.json)
    
    ## Related Issue
    Related to #7737
    
    ## Test Status
    ⚠️ After this upgrade, 2 additional tests timeout (1 test was already
    failing on main):
    •  tests/run.test.ts: "sends previous items when run is called twice" 
    •  tests/run.test.ts: "resumes thread by id"
    • tests/runStreamed.test.ts: "sends previous items when runStreamed is
    called twice"
    
    Marking as draft to investigate test timeouts. Maintainer guidance would
    be appreciated.
    
    Co-authored-by: HalfonA <amit@miggo.io>
  • feat(ts-sdk): allow overriding CLI environment (#6648)
    ## Summary
    - add an `env` option for the TypeScript Codex client and plumb it into
    `CodexExec` so the CLI can run without inheriting `process.env`
    - extend the test spy to capture spawn environments, add coverage for
    the new option, and document how to use it
    
    ## Testing
    - `pnpm test` *(fails: corepack cannot download pnpm because outbound
    network access is blocked in the sandbox)*
    
    ------
    [Codex
    Task](https://chatgpt.com/codex/tasks/task_i_6916b2d7c7548322a72d61d91a2dac85)
  • feat: Add support for --add-dir to exec and TypeScript SDK (#6565)
    ## Summary
    
    Adds support for specifying additional directories in the TypeScript SDK
    through a new `additionalDirectories` option in `ThreadOptions`.
    
    ## Changes
    
    - Added `additionalDirectories` parameter to `ThreadOptions` interface
    - Updated `CodexExec` to accept and pass through additional directories
    via the `--config` flag for `sandbox_workspace_write.writable_roots`
    - Added comprehensive test coverage for the new functionality
    
    ## Test plan
    
    - Added test case that verifies `additionalDirectories` is correctly
    passed as repeated flags
    - Existing tests continue to pass
    
    ---------
    
    Co-authored-by: Claude <noreply@anthropic.com>
  • Add AbortSignal support to TypeScript SDK (#6378)
    ## Summary
    Adds AbortSignal support to the TypeScript SDK for canceling thread
    execution using AbortController.
    
    ## Changes
    - Add `signal?: AbortSignal` property to `TurnOptions` type
    - Pass signal through Thread class methods to exec layer  
    - Add signal parameter to `CodexExecArgs`
    - Leverage Node.js native `spawn()` signal support for automatic
    cancellation
    - Add comprehensive test coverage (6 tests covering all abort scenarios)
    
    ## Implementation
    The implementation uses Node.js's built-in AbortSignal support in
    `spawn()` (available since Node v15, SDK requires >=18), which
    automatically handles:
    - Checking if already aborted before starting
    - Killing the child process when abort is triggered
    - Emitting appropriate error events
    - All cleanup operations
    
    This is a one-line change to the core implementation (`signal:
    args.signal` passed to spawn), making it simple, reliable, and
    maintainable.
    
    ## Usage Example
    ```typescript
    import { Codex } from '@openai/codex-sdk';
    
    const codex = new Codex({ apiKey: 'your-api-key' });
    const thread = codex.startThread();
    
    // Create AbortController
    const controller = new AbortController();
    
    // Run with abort signal
    const resultPromise = thread.run("Your prompt here", {
      signal: controller.signal
    });
    
    // Cancel anytime
    controller.abort('User requested cancellation');
    ```
    
    ## Testing
    All tests pass (23 total across SDK):
    -  Aborts when signal is already aborted (both run and runStreamed)
    -  Aborts during execution/iteration
    -  Completes normally when not aborted
    -  Backward compatible (signal is optional)
    
    Tests verified to fail correctly when signal support is removed (no
    false positives).
    
    ---------
    
    Co-authored-by: Claude <noreply@anthropic.com>
    Co-authored-by: pakrym-oai <pakrym@openai.com>
  • Fix SDK documentation: replace 'file diffs' with 'file change notifications' (#6425)
    The TypeScript SDK's README incorrectly claimed that runStreamed() emits
    "file diffs". However, the FileChangeItem type only contains metadata
    (path, kind, status) without actual diff content.
    
    Updated line 36 to accurately describe the SDK as providing "file change
    notifications" instead of "file diffs" to match the actual
    implementation in items.ts.
    
    Fixes #5850
  • [SDK] Add network_access and web_search options to TypeScript SDK (#6367)
    ## Summary
    
    This PR adds two new optional boolean fields to `ThreadOptions` in the
    TypeScript SDK:
    
    - **`networkAccess`**: Enables network access in the sandbox by setting
    `sandbox_workspace_write.network_access` config
    - **`webSearch`**: Enables the web search tool by setting
    `tools.web_search` config
    
    These options map to existing Codex configuration options and are
    properly threaded through the SDK layers:
    1. `ThreadOptions` (threadOptions.ts) - User-facing API
    2. `CodexExecArgs` (exec.ts) - Internal execution args  
    3. CLI flags via `--config` in the `codex exec` command
    
    ## Changes
    
    - `sdk/typescript/src/threadOptions.ts`: Added `networkAccess` and
    `webSearch` fields to `ThreadOptions` type
    - `sdk/typescript/src/exec.ts`: Added fields to `CodexExecArgs` and CLI
    flag generation
    - `sdk/typescript/src/thread.ts`: Pass options through to exec layer
    
    ## Test Plan
    
    - [x] Build succeeds (`pnpm build`)
    - [x] Linter passes (`pnpm lint`)
    - [x] Type definitions are properly exported
    - [ ] Manual testing with sample code (to be done by reviewer)
    
    ---------
    
    Co-authored-by: Claude <noreply@anthropic.com>
  • Add modelReasoningEffort option to TypeScript SDK (#6237)
    ## Summary
    - Adds `ModelReasoningEffort` type to TypeScript SDK with values:
    `minimal`, `low`, `medium`, `high`
    - Adds `modelReasoningEffort` option to `ThreadOptions`
    - Forwards the option to the codex CLI via `--config
    model_reasoning_effort="<value>"`
    - Includes test coverage for the new option
    
    ## Changes
    - `sdk/typescript/src/threadOptions.ts`: Define `ModelReasoningEffort`
    type and add to `ThreadOptions`
    - `sdk/typescript/src/index.ts`: Export `ModelReasoningEffort` type
    - `sdk/typescript/src/exec.ts`: Forward `modelReasoningEffort` to CLI as
    config flag
    - `sdk/typescript/src/thread.ts`: Pass option through to exec (+ debug
    logging)
    - `sdk/typescript/tests/run.test.ts`: Add test for
    `modelReasoningEffort` flag forwarding
    
    ---------
    
    Co-authored-by: Eric Traut <etraut@openai.com>
  • Re-enable SDK image forwarding test (#5934)
    ## Summary
    - re-enable the TypeScript SDK test that verifies local images are
    forwarded to `codex exec`
    
    ## Testing
    - `pnpm test` *(fails: unable to download pnpm 10.8.1 because external
    network access is blocked in the sandbox)*
    
    ------
    https://chatgpt.com/codex/tasks/task_i_690289cb861083209fd006867e2adfb1
  • [exec] Add MCP tool arguments and results (#5899)
    Extends mcp_tool_call item to include arguments and results.
  • Skip flaky test (#5680)
    Did an investigation but couldn't find anything obvious. Let's skip for
    now.
  • feat: add images support to the Codex Typescript SDK (#5281)
    Extend `run` and `runStreamed` input to be either a `string` or
    structured input. A structured input is an array of text parts and/or
    image paths, which will then be fed to the CLI through the `--image`
    argument. Text parts are combined with double newlines. For instance:
    
    ```ts
    const turn = await thread.run([
      { type: "text", text: "Describe these screenshots" },
      { type: "local_image", path: "./ui.png" },
      { type: "local_image", path: "./diagram.jpg" },
      { type: "text", text: "Thanks!" },
    ]);
    ```
    
    Ends up launching the CLI with:
    
    ```
    codex exec --image foo.png --image bar.png "Describe these screenshots\n\nThanks!" 
    ```
    
    The complete `Input` type for both function now is:
    
    ```ts
    export type UserInput =
      | {
          type: "text";
          text: string;
        }
      | {
          type: "local_image";
          path: string;
        };
    
    export type Input = string | UserInput[];
    ```
    
    This brings the Codex SDK closer to feature parity with the CLI.
    Adresses #5280 .
  • Remove unused type (#5003)
    It was never exported
  • Set codex SDK TypeScript originator (#4894)
    ## Summary
    - ensure the TypeScript SDK sets CODEX_INTERNAL_ORIGINATOR_OVERRIDE to
    codex_sdk_ts when spawning the Codex CLI
    - extend the responses proxy test helper to capture request headers for
    assertions
    - add coverage that verifies Codex threads launched from the TypeScript
    SDK send the codex_sdk_ts originator header
    
    ## Testing
    - Not Run (not requested)
    
    
    ------
    https://chatgpt.com/codex/tasks/task_i_68e561b125248320a487f129093d16e7
  • Update README.md (#4794)
    # External (non-OpenAI) Pull Request Requirements
    
    Before opening this Pull Request, please read the dedicated
    "Contributing" markdown file or your PR may be closed:
    https://github.com/openai/codex/blob/main/docs/contributing.md
    
    If your PR conforms to our contribution guidelines, replace this text
    with a detailed and high quality description of your changes.
  • Expand TypeScript SDK README (#4779)
    ## Summary
    - expand the TypeScript SDK README with streaming, architecture, and API
    docs
    - refresh quick start examples and clarify thread management options
    
    ## Testing
    - Not Run (docs only)
    
    ---------
    
    Co-authored-by: pakrym-oai <pakrym@openai.com>
  • Misc SDK fixes (#4752)
    Remove codex-level workingDirectory
    Throw on turn.failed in `run()`
    Cleanup readme
  • Expose turn token usage in the SDK (#4700)
    It's present on the event, add it to the final result as well.
  • Support CODEX_API_KEY for codex exec (#4615)
    Allows to set API key per invocation of `codex exec`
  • Store settings on the thread instead of turn (#4579)
    It's much more common to keep the same settings for the entire
    conversation, we can add per-turn overrides later.
  • Add initial set of doc comments to the SDK (#4513)
    Also perform minor code cleanup.
  • Explicit node imports (#4567)
    To help with compatibility
  • SDK: support working directory and skipGitRepoCheck options (#4563)
    Make options not required, add support for working directory and
    skipGitRepoCheck options on the turn
  • chore: introduce publishing logic for @openai/codex-sdk (#4543)
    There was a bit of copypasta I put up with when were publishing two
    packages to npm, but now that it's three, I created some more scripts to
    consolidate things.
    
    With this change, I ran:
    
    ```shell
    ./scripts/stage_npm_packages.py --release-version 0.43.0-alpha.8 --package codex --package codex-responses-api-proxy --package codex-sdk
    ```
    
    Indeed when it finished, I ended up with:
    
    ```shell
    $ tree dist
    dist
    └── npm
        ├── codex-npm-0.43.0-alpha.8.tgz
        ├── codex-responses-api-proxy-npm-0.43.0-alpha.8.tgz
        └── codex-sdk-npm-0.43.0-alpha.8.tgz
    $ tar tzvf dist/npm/codex-sdk-npm-0.43.0-alpha.8.tgz
    -rwxr-xr-x  0 0      0    25476720 Oct 26  1985 package/vendor/aarch64-apple-darwin/codex/codex
    -rwxr-xr-x  0 0      0    29871400 Oct 26  1985 package/vendor/aarch64-unknown-linux-musl/codex/codex
    -rwxr-xr-x  0 0      0    28368096 Oct 26  1985 package/vendor/x86_64-apple-darwin/codex/codex
    -rwxr-xr-x  0 0      0    36029472 Oct 26  1985 package/vendor/x86_64-unknown-linux-musl/codex/codex
    -rw-r--r--  0 0      0       10926 Oct 26  1985 package/LICENSE
    -rw-r--r--  0 0      0    30187520 Oct 26  1985 package/vendor/aarch64-pc-windows-msvc/codex/codex.exe
    -rw-r--r--  0 0      0    35277824 Oct 26  1985 package/vendor/x86_64-pc-windows-msvc/codex/codex.exe
    -rw-r--r--  0 0      0        4842 Oct 26  1985 package/dist/index.js
    -rw-r--r--  0 0      0        1347 Oct 26  1985 package/package.json
    -rw-r--r--  0 0      0        9867 Oct 26  1985 package/dist/index.js.map
    -rw-r--r--  0 0      0          12 Oct 26  1985 package/README.md
    -rw-r--r--  0 0      0        4287 Oct 26  1985 package/dist/index.d.ts
    ```
  • Add executable detection and export Codex from the SDK (#4532)
    Executable detection uses the same rules as the codex wrapper.
  • SDK CI (#4483)
    Build debug codex in SDK configuration