mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
13d378f2ce3a95bdcea912c573c19fc4dca87ca3
270 Commits
-
fix: prepare ExecPolicy in exec-server for execpolicy2 cutover (#6888)
This PR introduces an extra layer of abstraction to prepare us for the migration to execpolicy2: - introduces a new trait, `EscalationPolicy`, whose `determine_action()` method is responsible for producing the `EscalateAction` - the existing `ExecPolicy` typedef is changed to return an intermediate `ExecPolicyOutcome` instead of `EscalateAction` - the default implementation of `EscalationPolicy`, `McpEscalationPolicy`, composes `ExecPolicy` - the `ExecPolicyOutcome` includes `codex_execpolicy2::Decision`, which has a `Prompt` variant - when `McpEscalationPolicy` gets `Decision::Prompt` back from `ExecPolicy`, it prompts the user via an MCP elicitation and maps the result into an `ElicitationAction` - now that the end user can reply to an elicitation with `Decline` or `Cancel`, we introduce a new variant, `EscalateAction::Deny`, which the client handles by returning exit code `1` without running anything Note the way the elicitation is created is still not quite right, but I will fix that once we have things running end-to-end for real in a follow-up PR.
Michael Bolin ·
2025-11-19 13:55:29 -08:00 -
chore(app-server) world-writable windows notification (#6880)
## Summary On app-server startup, detect whether the experimental sandbox is enabled, and send a notification . **Note** New conversations will not respect the feature because we [ignore cli overrides in NewConversation](https://github.com/openai/codex/blob/a75321a64c990275ed4368bf26a5334c9ddfa0a7/codex-rs/app-server/src/codex_message_processor.rs#L1237-L1252). However, this should be okay, since we don't actually use config for this, we use a [global variable](https://github.com/openai/codex/blob/87cce88f4865685a863e143e0fad4cf5ea542e62/codex-rs/core/src/safety.rs#L105-L110). We should carefully unwind this setup at some point. ## Testing - [ ] In progress: testing locally --------- Co-authored-by: jif-oai <jif@openai.com>
Dylan Hurd ·
2025-11-19 11:19:34 +00:00 -
fix: add more fields to ThreadStartResponse and ThreadResumeResponse (#6847)
This adds the following fields to `ThreadStartResponse` and `ThreadResumeResponse`: ```rust pub model: String, pub model_provider: String, pub cwd: PathBuf, pub approval_policy: AskForApproval, pub sandbox: SandboxPolicy, pub reasoning_effort: Option<ReasoningEffort>, ``` This is important because these fields are optional in `ThreadStartParams` and `ThreadResumeParams`, so the caller needs to be able to determine what values were ultimately used to start/resume the conversation. (Though note that any of these could be changed later between turns in the conversation.) Though to get this information reliably, it must be read from the internal `SessionConfiguredEvent` that is created in response to the start of a conversation. Because `SessionConfiguredEvent` (as defined in `codex-rs/protocol/src/protocol.rs`) did not have all of these fields, a number of them had to be added as part of this PR. Because `SessionConfiguredEvent` is referenced in many tests, test instances of `SessionConfiguredEvent` had to be updated, as well, which is why this PR touches so many files.Michael Bolin ·
2025-11-18 21:18:43 -08:00 -
windows sandbox: support multiple workspace roots (#6854)
The Windows sandbox did not previously support multiple workspace roots via config. Now it does
iceweasel-oai ·
2025-11-18 16:35:00 -08:00 -
Jeremy Rose ·
2025-11-19 00:20:19 +00:00 -
[codex][otel] support mtls configuration (#6228)
fix for https://github.com/openai/codex/issues/6153 supports mTLS configuration and includes TLS features in the library build to enable secure HTTPS connections with custom root certificates. grpc: https://docs.rs/tonic/0.13.1/src/tonic/transport/channel/endpoint.rs.html#63 https: https://docs.rs/reqwest/0.12.23/src/reqwest/async_impl/client.rs.html#516
Anton Panasenko ·
2025-11-18 14:01:01 -08:00 -
[app-server] feat: add v2 command execution approval flow (#6758)
This PR adds the API V2 version of the command‑execution approval flow for the shell tool. This PR wires the new RPC (`item/commandExecution/requestApproval`, V2 only) and related events (`item/started`, `item/completed`, and `item/commandExecution/delta`, which are emitted in both V1 and V2) through the app-server protocol. The new approval RPC is only sent when the user initiates a turn with the new `turn/start` API so we don't break backwards compatibility with VSCE. The approach I took was to make as few changes to the Codex core as possible, leveraging existing `EventMsg` core events, and translating those in app-server. I did have to add additional fields to `EventMsg::ExecCommandEndEvent` to capture the command's input so that app-server can statelessly transform these events to a `ThreadItem::CommandExecution` item for the `item/completed` event. Once we stabilize the API and it's complete enough for our partners, we can work on migrating the core to be aware of command execution items as a first-class concept. **Note**: We'll need followup work to make sure these APIs work for the unified exec tool, but will wait til that's stable and landed before doing a pass on app-server. Example payloads below: ``` { "method": "item/started", "params": { "item": { "aggregatedOutput": null, "command": "/bin/zsh -lc 'touch /tmp/should-trigger-approval'", "cwd": "/Users/owen/repos/codex/codex-rs", "durationMs": null, "exitCode": null, "id": "call_lNWWsbXl1e47qNaYjFRs0dyU", "parsedCmd": [ { "cmd": "touch /tmp/should-trigger-approval", "type": "unknown" } ], "status": "inProgress", "type": "commandExecution" } } } ``` ``` { "id": 0, "method": "item/commandExecution/requestApproval", "params": { "itemId": "call_lNWWsbXl1e47qNaYjFRs0dyU", "parsedCmd": [ { "cmd": "touch /tmp/should-trigger-approval", "type": "unknown" } ], "reason": "Need to create file in /tmp which is outside workspace sandbox", "risk": null, "threadId": "019a93e8-0a52-7fe3-9808-b6bc40c0989a", "turnId": "1" } } ``` ``` { "id": 0, "result": { "acceptSettings": { "forSession": false }, "decision": "accept" } } ``` ``` { "params": { "item": { "aggregatedOutput": null, "command": "/bin/zsh -lc 'touch /tmp/should-trigger-approval'", "cwd": "/Users/owen/repos/codex/codex-rs", "durationMs": 224, "exitCode": 0, "id": "call_lNWWsbXl1e47qNaYjFRs0dyU", "parsedCmd": [ { "cmd": "touch /tmp/should-trigger-approval", "type": "unknown" } ], "status": "completed", "type": "commandExecution" } } } ```Owen Lin ·
2025-11-18 00:23:54 +00:00 -
background rate limits fetch (#6789)
fetching rate limits every minute asynchronously
zhao-oai ·
2025-11-17 16:06:26 -08:00 -
LM Studio OSS Support (#2312)
## Overview Adds LM Studio OSS support. Closes #1883 ### Changes This PR enhances the behavior of `--oss` flag to support LM Studio as a provider. Additionally, it introduces a new flag`--local-provider` which can take in `lmstudio` or `ollama` as values if the user wants to explicitly choose which one to use. If no provider is specified `codex --oss` will auto-select the provider based on whichever is running. #### Additional enhancements The default can be set using `oss-provider` in config like: ``` oss_provider = "lmstudio" ``` For non-interactive users, they will need to either provide the provider as an arg or have it in their `config.toml` ### Notes For best performance, [set the default context length](https://lmstudio.ai/docs/app/advanced/per-model) for gpt-oss to the maximum your machine can support --------- Co-authored-by: Matt Clayton <matt@lmstudio.ai> Co-authored-by: Eric Traut <etraut@openai.com>
rugvedS07 ·
2025-11-17 11:49:09 -08:00 -
feat: execpolicy v2 (#6467)
## Summary - Introduces the `codex-execpolicy2` crate. - This PR covers only the prefix-rule subset of the planned execpolicy v2 language; a richer language will follow. ## Policy - Policy language centers on `prefix_rule(pattern=[...], decision?, match?, not_match?)`, where `pattern` is an ordered list of tokens; any element may be a list to denote alternatives. `decision` defaults to `allow`; valid values are `allow`, `prompt`, and `forbidden`. `match` / `not_match` hold example commands that are tokenized and validated at load time (think of these as unit tests). ## Policy shapes - Prefix rules use Starlark syntax: ```starlark prefix_rule( pattern = ["cmd", ["alt1", "alt2"]], # ordered tokens; list entries denote alternatives decision = "prompt", # allow | prompt | forbidden; defaults to allow match = [["cmd", "alt1"]], # examples that must match this rule (enforced at compile time) not_match = [["cmd", "oops"]], # examples that must not match this rule (enforced at compile time) ) ``` ## Response shapes - Match: ```json { "match": { "decision": "allow|prompt|forbidden", "matchedRules": [ { "prefixRuleMatch": { "matchedPrefix": ["<token>", "..."], "decision": "allow|prompt|forbidden" } } ] } } ``` - No match: ```json "noMatch" ``` - `matchedRules` lists every rule whose prefix matched the command; `matchedPrefix` is the exact prefix that matched. - The effective `decision` is the strictest severity across all matches (`forbidden` > `prompt` > `allow`). --------- Co-authored-by: Michael Bolin <mbolin@openai.com>zhao-oai ·
2025-11-17 10:15:45 -08:00 -
fix: resolve Windows MCP server execution for script-based tools (#3828)
## What? Fixes MCP server initialization failures on Windows when using script-based tools like `npx`, `pnpm`, and `yarn` that rely on `.cmd`/`.bat` files rather than `.exe` binaries. Fixes #2945 ## Why? Windows users encounter "program not found" errors when configuring MCP servers with commands like `npx` in their `~/.codex/config.toml`. This happens because: - Tools like `npx` are batch scripts (`npx.cmd`) on Windows, not executable binaries - Rust's `std::process::Command` bypasses the shell and cannot execute these scripts directly - The Windows shell normally handles this by checking `PATHEXT` for executable extensions Without this fix, Windows users must specify full paths or add `.cmd` extensions manually, which breaks cross-platform compatibility. ## How? Added platform-specific program resolution using the `which` crate to find the correct executable path: - **Windows**: Resolves programs through PATH/PATHEXT to find `.cmd`/`.bat` scripts - **Unix**: Returns the program unchanged (no-op, as Unix handles scripts natively) ### Changes - Added `which = "6"` dependency to `mcp-client/Cargo.toml` - Implemented `program_resolver` module in `mcp_client.rs` with platform-specific resolution - Added comprehensive tests for both Windows and Unix behavior ### Testing Added platform-specific tests to verify: - Unix systems execute scripts without extensions - Windows fails without proper extensions - Windows succeeds with explicit extensions - Cross-platform resolution enables successful execution **Tested on:** - Windows 11 (NT 10.0.26100.0 x64) - PowerShell 5.1 & 7+, CMD, Git Bash - MCP servers: playwright, context7, supabase - WSL (verified no regression) **Local checks passed:** ```bash cargo test && cargo clippy --tests && cargo fmt -- --config imports_granularity=Item ``` ### Results **Before:** ``` 🖐 MCP client for `playwright` failed to start: program not found ``` **After:** ``` 🖐 MCP client for `playwright` failed to start: request timed out ``` Windows users can now use simple commands like `npx` in their config without specifying full paths or extensions. The timeout issue is a separate concern that will be addressed in a follow-up PR. --------- Co-authored-by: Eric Traut <etraut@openai.com>
Joonsoo Lee ·
2025-11-16 13:41:10 -08:00 -
feat: add app-server-test-client crate for internal use (#5391)
For app-server development it's been helpful to be able to trigger some test flows end-to-end and print the JSON-RPC messages sent between client and server.
Owen Lin ·
2025-11-14 12:39:58 -08:00 -
[App server] add mcp tool call item started/completed events (#6642)
this PR does two things: 1. refactor `apply_bespoke_event_handling` into a separate file as it's getting kind of long; 2. add mcp tool call `item/started` and `item/completed` events. To roll out app server events asap we didn't properly migrate mcp core events to use TurnItem for mcp tool calls - this will be a follow-up PR. real events generated in log: ``` { "method": "codex/event/mcp_tool_call_end", "params": { "conversationId": "019a8021-26af-7c20-83db-21ca81e44d68", "id": "0", "msg": { "call_id": "call_7EjRQkD9HnfyMWf7tGrT9FKA", "duration": { "nanos": 92708, "secs": 0 }, "invocation": { "arguments": { "server": "" }, "server": "codex", "tool": "list_mcp_resources" }, "result": { "Ok": { "content": [ { "text": "{\"resources\":[]}", "type": "text" } ], "isError": false } }, "type": "mcp_tool_call_end" } } } { "method": "item/completed", "params": { "item": { "arguments": { "server": "" }, "error": null, "id": "call_7EjRQkD9HnfyMWf7tGrT9FKA", "result": { "content": [ { "text": "{\"resources\":[]}", "type": "text" } ], "structuredContent": null }, "server": "codex", "status": "completed", "tool": "list_mcp_resources", "type": "mcpToolCall" } } } ```Celia Chen ·
2025-11-14 08:08:43 -08:00 -
jif-oai ·
2025-11-14 17:05:00 +01:00 -
chore(core) Consolidate apply_patch tests (#6545)
## Summary Consolidates our apply_patch tests into one suite, and ensures each test case tests the various ways the harness supports apply_patch: 1. Freeform custom tool call 2. JSON function tool 3. Simple shell call 4. Heredoc shell call There are a few test cases that are specific to a particular variant, I've left those alone. ## Testing - [x] This adds a significant number of tests
Dylan Hurd ·
2025-11-13 15:52:39 -08:00 -
Reasoning level update (#6586)
Automatically update reasoning levels when migrating between models
pakrym-oai ·
2025-11-13 06:24:36 +00:00 -
Add unified exec escalation handling and tests (#6492)
Similar implementation to the shell tool
pakrym-oai ·
2025-11-11 08:19:35 -08:00 -
Use codex-linux-sandbox in unified exec (#6480)
Unified exec isn't working on Linux because we don't provide the correct arg0. The library we use for pty management doesn't allow setting arg0 separately from executable. Use the same aliasing strategy we use for `apply_patch` for `codex-linux-sandbox`. Use `#[ctor]` hack to dispatch codex-linux-sandbox calls. Addresses https://github.com/openai/codex/issues/6450
pakrym-oai ·
2025-11-10 17:17:09 -08:00 -
add codex debug seatbelt --log-denials (#4098)
This adds a debugging tool for analyzing why certain commands fail to execute under the sandbox. Example output: ``` $ codex debug seatbelt --log-denials bash -lc "(echo foo > ~/foo.txt)" bash: /Users/nornagon/foo.txt: Operation not permitted === Sandbox denials === (bash) file-write-data /dev/tty (bash) file-write-data /dev/ttys001 (bash) sysctl-read kern.ngroups (bash) file-write-create /Users/nornagon/foo.txt ``` It operates by: 1. spawning `log stream` to watch system logs, and 2. tracking all descendant PIDs using kqueue + proc_listchildpids. this is a "best-effort" technique, as `log stream` may drop logs(?), and kqueue + proc_listchildpids isn't atomic and can end up missing very short-lived processes. But it works well enough in my testing to be useful :)
Jeremy Rose ·
2025-11-10 22:48:14 +00:00 -
Fix wayland image paste error (#4824)
## Summary - log and surface clipboard failures instead of silently ignoring them when `Ctrl+V` pastes an image (`paste_image_to_temp_png()` now feeds an error history cell) - enable `arboard`’s `wayland-data-control` feature so native Wayland sessions can deliver image data without XWayland - keep the success path unchanged: valid images still attach and show the `[image …]` placeholder as before Fixes #4818 --------- Co-authored-by: Eric Traut <etraut@openai.com> Co-authored-by: Jeremy Rose <172423086+nornagon-openai@users.noreply.github.com>
George Nesterenok ·
2025-11-10 14:35:30 -08:00 -
fix: use generate_ts from app_server_protocol (#6407)
Update `codex generate-ts` to use the TS export code from `app-server-protocol/src/export.rs`. I realized there were two duplicate implementations of Typescript export code: - `app-server-protocol/src/export.rs` - the `codex-protocol-ts` crate The `codex-protocol-ts` crate that `codex generate-ts` uses is out of date now since it doesn't handle the V2 namespace from: https://github.com/openai/codex/pull/6212.
Owen Lin ·
2025-11-10 08:08:12 -08:00 -
chore(deps): bump zeroize from 1.8.1 to 1.8.2 in /codex-rs (#6444)
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.8.1 to 1.8.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/RustCrypto/utils/commit/c100874101bfd584870de5dde1b13dd92a17bf48"><code>c100874</code></a> zeroize v1.8.2 (<a href="https://redirect.github.com/RustCrypto/utils/issues/1229">#1229</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/3940ccbebdac7a519523b29b4ff3749863026b8f"><code>3940ccb</code></a> Switch from <code>doc_auto_cfg</code> to <code>doc_cfg</code> (<a href="https://redirect.github.com/RustCrypto/utils/issues/1228">#1228</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/c68a5204b2e66b0f60832d845e048fca96a81211"><code>c68a520</code></a> Fix Nightly warnings (<a href="https://redirect.github.com/RustCrypto/utils/issues/1080">#1080</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/b15cc6c1cddad1558d44b138ff869b0590d2ac55"><code>b15cc6c</code></a> cargo: point <code>repository</code> metadata to clonable URLs (<a href="https://redirect.github.com/RustCrypto/utils/issues/1079">#1079</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/3db6690f7be82e90a92e457d5becfd754fd10299"><code>3db6690</code></a> zeroize: fix <code>homepage</code>/<code>repository</code> in Cargo.toml (<a href="https://redirect.github.com/RustCrypto/utils/issues/1076">#1076</a>)</li> <li>See full diff in <a href="https://github.com/RustCrypto/utils/compare/zeroize-v1.8.1...zeroize-v1.8.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:03:36 -08:00 -
chore(deps): bump askama from 0.12.1 to 0.14.0 in /codex-rs (#6443)
Bumps [askama](https://github.com/askama-rs/askama) from 0.12.1 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/askama-rs/askama/releases">askama's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Added Features</h2> <ul> <li>Implement <code>Values</code> on tuple by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/391">askama-rs/askama#391</a></li> <li>Pass variables to sub-templates more reliably even if indirectly by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/397">askama-rs/askama#397</a></li> <li>Implement <code>first</code> and <code>blank</code> arguments for <code>|indent</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/401">askama-rs/askama#401</a></li> <li>Add named arguments for builtin filters by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/403">askama-rs/askama#403</a></li> <li>Add <code>unique</code> filter by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/405">askama-rs/askama#405</a></li> </ul> <h2>Bug Fixes And Consistency</h2> <ul> <li><code>askama_derive</code> accidentally exposed as a feature by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/384">askama-rs/askama#384</a></li> <li>Track config files by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/385">askama-rs/askama#385</a></li> <li>If using local variable as value when creating a new variable, do not put it behind a reference by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/392">askama-rs/askama#392</a></li> <li>generator: make <code>CARGO_MANIFEST_DIR</code> part of <code>ConfigKey</code> by <a href="https://github.com/strickczq"><code>@strickczq</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> <li>Do not put question mark initialization expressions behind a reference by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/400">askama-rs/askama#400</a></li> <li>Update to more current rust version on readthedocs by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/410">askama-rs/askama#410</a></li> <li>Fix <code>unique</code> filter implementation by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/417">askama-rs/askama#417</a></li> <li>Add <code>|titlecase</code> as alias for <code>|title</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/416">askama-rs/askama#416</a></li> </ul> <h2>Further Changes</h2> <ul> <li>book: add page about <code>FastWritable</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/407">askama-rs/askama#407</a></li> <li>Add throughput to derive benchmark by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/413">askama-rs/askama#413</a></li> <li>Move <code>FastWritable</code> into <code>askama</code> root by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/411">askama-rs/askama#411</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/strickczq"><code>@strickczq</code></a> made their first contribution in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/askama-rs/askama/compare/v0.13.0...v0.14.0">https://github.com/askama-rs/askama/compare/v0.13.0...v0.14.0</a></p> <h2>v0.13.1</h2> <h2>What's Changed</h2> <ul> <li><code>askama_derive</code> accidentally exposed as a feature by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/384">askama-rs/askama#384</a></li> <li>Track config files by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/385">askama-rs/askama#385</a></li> <li>Implement <code>Values</code> on tuple by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/391">askama-rs/askama#391</a></li> <li>generator: make <code>CARGO_MANIFEST_DIR</code> part of <code>ConfigKey</code> by <a href="https://github.com/strickczq"><code>@strickczq</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/strickczq"><code>@strickczq</code></a> made their first contribution in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/askama-rs/askama/compare/v0.13.0...v0.13.1">https://github.com/askama-rs/askama/compare/v0.13.0...v0.13.1</a></p> <h2>v0.13.0 – Rinja is Askama, again!</h2> <p>With this release, the <a href="https://blog.guillaume-gomez.fr/articles/2024-07-31+docs.rs+switching+jinja+template+framework+from+tera+to+rinja">fork</a> rinja got merged back into the main project. Please have a look at our <a href="https://blog.guillaume-gomez.fr/articles/2025-03-19+Askama+and+Rinja+merge">blog post</a> for more information about the split and the merge.</p> <h2>What's Changed</h2> <p>This release (v0.13.0), when <a href="https://github.com/askama-rs/askama/compare/0.12.1...v0.13.0">compared to</a> the last stable askama release (v0.12.1), consists of:</p> <ul> <li>over 1000 commits</li> <li>with changes in over 500 files</li> <li>with over 40k additions and 8000 deletions</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/askama-rs/askama/commit/95867ac8cedc80b69f4047dea9c1272a5bf947b3"><code>95867ac</code></a> Merge pull request <a href="https://redirect.github.com/askama-rs/askama/issues/416">#416</a> from Kijewski/pr-upgrading-0.14</li> <li><a href="https://github.com/askama-rs/askama/commit/61b74224971f3975da70e1fdaa0c7f49e315bf17"><code>61b7422</code></a> Add <code>|titlecase</code> as alias for <code>|title</code></li> <li><a href="https://github.com/askama-rs/askama/commit/79be27159326c5adfb181ae2afb55201a48ff43a"><code>79be271</code></a> Run doctests</li> <li><a href="https://github.com/askama-rs/askama/commit/72bbe3ede14b20ea3449408f49b6ab204cd1dc54"><code>72bbe3e</code></a> Bump version number to v0.14.0</li> <li><a href="https://github.com/askama-rs/askama/commit/57750338fa9a8d354404512cdbc8c118930923d6"><code>5775033</code></a> book: update <code>upgrading.md</code></li> <li><a href="https://github.com/askama-rs/askama/commit/a5b43c0aa2c98182a9a09940b2f6b7250e0a1b19"><code>a5b43c0</code></a> Fix <code>unique</code> filter implementation</li> <li><a href="https://github.com/askama-rs/askama/commit/7fccbdf1d7a8874ddd00f93620364971bc8aa88c"><code>7fccbdf</code></a> Remove usage of <code>nextest</code></li> <li><a href="https://github.com/askama-rs/askama/commit/6a16256f24915fcf857225fec2517c51ca1fd2c1"><code>6a16256</code></a> Fix new clippy lints</li> <li><a href="https://github.com/askama-rs/askama/commit/04a4d5b0206378244f397c0f85c4fd1a2a865d13"><code>04a4d5b</code></a> Update MSRV to 1.83</li> <li><a href="https://github.com/askama-rs/askama/commit/d2a788a740b4724a1f946b75d327974e7390cc75"><code>d2a788a</code></a> Add doc about <code>unique</code> filter</li> <li>Additional commits viewable in <a href="https://github.com/askama-rs/askama/compare/0.12.1...v0.14.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:02:26 -08:00 -
Improve world-writable scan (#6381)
1. scan many more directories since it's much faster than the original implementation 2. limit overall scan time to 2s 3. skip some directories that are noisy - ApplicationData, Installer, etc.
iceweasel-oai ·
2025-11-07 21:28:55 -08:00 -
refactor(terminal): cleanup deprecated flush logic (#6373)
Removes flush logic that was leftover to test against ratatui's flush Cleaned up the flush logic so it's a bit more intent revealing. DrawCommand now owns the Cells that it draws as this works around a borrow checker problem.
Josh McKinney ·
2025-11-07 15:54:07 -08:00 -
Windows Sandbox: Show Everyone-writable directory warning (#6283)
Show a warning when Auto Sandbox mode becomes enabled, if we detect Everyone-writable directories, since they cannot be protected by the current implementation of the Sandbox. This PR also includes changes to how we detect Everyone-writable to be *much* faster
iceweasel-oai ·
2025-11-06 10:44:42 -08:00 -
[app-server] feat: v2 Thread APIs (#6214)
Implements: ``` thread/list thread/start thread/resume thread/archive ``` along with their integration tests. These are relatively light wrappers around the existing core logic, and changes to core logic are minimal. However, an improvement made for developer ergonomics: - `thread/start` and `thread/resume` automatically attaches a conversation listener internally, so clients don't have to make a separate `AddConversationListener` call like they do today. For consistency, also updated `model/list` and `feedback/upload` (naming conventions, list API params).
Owen Lin ·
2025-11-05 20:28:43 +00:00 -
Update rmcp to 0.8.5 (#6261)
Picks up https://github.com/modelcontextprotocol/rust-sdk/pull/511 which should fix todoist and some other MCP server oauth and may further resolve issues in https://github.com/openai/codex/issues/5045
Gabriel Peal ·
2025-11-05 14:20:30 -05:00 -
Upgrade rmcp to 0.8.4 (#6234)
Picks up https://github.com/modelcontextprotocol/rust-sdk/pull/509 which fixes https://github.com/openai/codex/issues/6164
Gabriel Peal ·
2025-11-05 00:23:24 -05:00 -
[app-server] feat: export.rs supports a v2 namespace, initial v2 notifications (#6212)
**Typescript and JSON schema exports** While working on Thread/Turn/Items type definitions, I realize we will run into name conflicts between v1 and v2 APIs (e.g. `RateLimitWindow` which won't be reusable since v1 uses `RateLimitWindow` from `protocol/` which uses snake_case, but we want to expose camelCase everywhere, so we'll define a V2 version of that struct that serializes as camelCase). To set us up for a clean and isolated v2 API, generate types into a `v2/` namespace for both typescript and JSON schema. - TypeScript: v2 types emit under `out_dir/v2/*.ts`, and root index.ts now re-exports them via `export * as v2 from "./v2"`;. - JSON Schemas: v2 definitions bundle under `#/definitions/v2/*` rather than the root. The location for the original types (v1 and types pulled from `protocol/` and other core crates) haven't changed and are still at the root. This is for backwards compatibility: no breaking changes to existing usages of v1 APIs and types. **Notifications** While working on export.rs, I: - refactored server/client notifications with macros (like we already do for methods) so they also get exported (I noticed they weren't being exported at all). - removed the hardcoded list of types to export as JSON schema by leveraging the existing macros instead - and took a stab at API V2 notifications. These aren't wired up yet, and I expect to iterate on these this week.
Owen Lin ·
2025-11-05 01:02:39 +00:00 -
fix:
--searchshouldn't show deprecation message (#6180)Use the new feature flags instead of the old config.
Ahmed Ibrahim ·
2025-11-04 00:11:50 +00:00 -
Do not skip trust prompt on Windows if sandbox is enabled. (#6167)
If the experimental windows sandbox is enabled, the trust prompt should show on Windows.
iceweasel-oai ·
2025-11-03 11:27:45 -08:00 -
tui: patch crossterm for better color queries (#5935)
See https://github.com/crossterm-rs/crossterm/compare/master...nornagon:crossterm:nornagon/color-query This patches crossterm to add support for querying fg/bg color as part of the crossterm event loop, which fixes some issues where this query would fight with other input. - dragging screenshots into the cli would sometimes paste half of the pathname instead of being recognized as an image (https://github.com/openai/codex/issues/5603) - Fixes https://github.com/openai/codex/issues/4945
Jeremy Rose ·
2025-10-31 16:36:41 -07:00 -
feat: compactor 2 (#6027)
Co-authored-by: pakrym-oai <pakrym@openai.com>
jif-oai ·
2025-10-31 14:27:08 -07:00 -
chore(deps): bump indexmap from 2.10.0 to 2.11.4 in /codex-rs (#4804)
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.10.0 to 2.11.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's changelog</a>.</em></p> <blockquote> <h2>2.11.4 (2025-09-18)</h2> <ul> <li>Updated the <code>hashbrown</code> dependency to a range allowing 0.15 or 0.16.</li> </ul> <h2>2.11.3 (2025-09-15)</h2> <ul> <li>Make the minimum <code>serde</code> version only apply when "serde" is enabled.</li> </ul> <h2>2.11.2 (2025-09-15)</h2> <ul> <li>Switched the "serde" feature to depend on <code>serde_core</code>, improving build parallelism in cases where other dependents have enabled "serde/derive".</li> </ul> <h2>2.11.1 (2025-09-08)</h2> <ul> <li>Added a <code>get_key_value_mut</code> method to <code>IndexMap</code>.</li> <li>Removed the unnecessary <code>Ord</code> bound on <code>insert_sorted_by</code> methods.</li> </ul> <h2>2.11.0 (2025-08-22)</h2> <ul> <li>Added <code>insert_sorted_by</code> and <code>insert_sorted_by_key</code> methods to <code>IndexMap</code>, <code>IndexSet</code>, and <code>VacantEntry</code>, like customizable versions of <code>insert_sorted</code>.</li> <li>Added <code>is_sorted</code>, <code>is_sorted_by</code>, and <code>is_sorted_by_key</code> methods to <code>IndexMap</code> and <code>IndexSet</code>, as well as their <code>Slice</code> counterparts.</li> <li>Added <code>sort_by_key</code> and <code>sort_unstable_by_key</code> methods to <code>IndexMap</code> and <code>IndexSet</code>, as well as parallel counterparts.</li> <li>Added <code>replace_index</code> methods to <code>IndexMap</code>, <code>IndexSet</code>, and <code>VacantEntry</code> to replace the key (or set value) at a given index.</li> <li>Added optional <code>sval</code> serialization support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indexmap-rs/indexmap/commit/03f9e58626ad7ef811b1522097bced2400c18b1a"><code>03f9e58</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/418">#418</a> from a1phyr/hashbrown_0.16</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/ee6080d480eea3b738757c6bff1bb21b440f3849"><code>ee6080d</code></a> Release 2.11.4</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/a7da8f181e81f8a37bc46936bf2d1d6db14edddc"><code>a7da8f1</code></a> Use a range for hashbrown</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/0cd5aefb4434fb495cb87ba5de50870d331558fc"><code>0cd5aef</code></a> Update <code>hashbrown</code> to 0.16</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/fd5c819daf8c3c62919ec0bbc777a571ee20ae5a"><code>fd5c819</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/417">#417</a> from cuviper/release-2.11.3</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/9321145e1f517f31969c0d9ab5a5171cc23c3daf"><code>9321145</code></a> Release 2.11.3</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/7b485688c299ed840d900b5a33aed33a1924a7c9"><code>7b48568</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/416">#416</a> from cuviper/release-2.11.2</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/49ce7fa4716e24cf9380653a40d88b5186f2f555"><code>49ce7fa</code></a> Release 2.11.2</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/58fd834804415879eb9be862291eba03e945e32a"><code>58fd834</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/414">#414</a> from DaniPopes/serde_core</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/5dc1d6ab3105739ae61039f422e5246f0eee4f64"><code>5dc1d6a</code></a> Depend on <code>serde_core</code> instead of <code>serde</code></li> <li>Additional commits viewable in <a href="https://github.com/indexmap-rs/indexmap/compare/2.10.0...2.11.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-10-31 10:15:52 -07:00 -
chore(deps): bump anyhow from 1.0.99 to 1.0.100 in /codex-rs (#4802)
Bumps [anyhow](https://github.com/dtolnay/anyhow) from 1.0.99 to 1.0.100. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/anyhow/releases">anyhow's releases</a>.</em></p> <blockquote> <h2>1.0.100</h2> <ul> <li>Teach clippy to lint formatting arguments in <code>bail!</code>, <code>ensure!</code>, <code>anyhow!</code> (<a href="https://redirect.github.com/dtolnay/anyhow/issues/426">#426</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dtolnay/anyhow/commit/18c2598afa0f996f56217ef128aa3a20ea1e9512"><code>18c2598</code></a> Release 1.0.100</li> <li><a href="https://github.com/dtolnay/anyhow/commit/f2719888cb2f4f033c441cf6723cea1c532c0c87"><code>f271988</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/anyhow/issues/426">#426</a> from dtolnay/clippyfmt</li> <li><a href="https://github.com/dtolnay/anyhow/commit/52f2115a1fe22a79110747f19e35f01d52bdd1af"><code>52f2115</code></a> Mark macros with clippy::format_args</li> <li><a href="https://github.com/dtolnay/anyhow/commit/da5fd9d5a33c2949bc3ee3075d8d6f9e224363d5"><code>da5fd9d</code></a> Raise minimum tested compiler to rust 1.76</li> <li><a href="https://github.com/dtolnay/anyhow/commit/211e4092b7e1fb1c6f5d22063474e5b2f8dd0f16"><code>211e409</code></a> Opt in to generate-macro-expansion when building on docs.rs</li> <li><a href="https://github.com/dtolnay/anyhow/commit/b48fc02c327c502a81fcc2b46318eb61fda6b7b3"><code>b48fc02</code></a> Enforce trybuild >= 1.0.108</li> <li><a href="https://github.com/dtolnay/anyhow/commit/d5f59fbd45db00982bc0ea490edbe331ef8cab26"><code>d5f59fb</code></a> Update ui test suite to nightly-2025-09-07</li> <li><a href="https://github.com/dtolnay/anyhow/commit/238415d25b65dcf73ab2e3741d7adc56615af8c3"><code>238415d</code></a> Update ui test suite to nightly-2025-08-24</li> <li><a href="https://github.com/dtolnay/anyhow/commit/3bab0709a347b90de15c5eaaf3779904cfcc1ac6"><code>3bab070</code></a> Update actions/checkout@v4 -> v5</li> <li><a href="https://github.com/dtolnay/anyhow/commit/42492546e3b5510378d0ee32b659fefee1f26158"><code>4249254</code></a> Order cap-lints flag in the same order as thiserror build script</li> <li>See full diff in <a href="https://github.com/dtolnay/anyhow/compare/1.0.99...1.0.100">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-10-31 10:15:33 -07:00 -
chore(deps): bump thiserror from 2.0.16 to 2.0.17 in /codex-rs (#4426)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.16 to 2.0.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p> <blockquote> <h2>2.0.17</h2> <ul> <li>Use differently named __private module per patch release (<a href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dtolnay/thiserror/commit/72ae716e6d6a7f7fdabdc394018c745b4d39ca45"><code>72ae716</code></a> Release 2.0.17</li> <li><a href="https://github.com/dtolnay/thiserror/commit/599fdce83aee7767eb87b5af7bb30c37f3ed61e5"><code>599fdce</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a> from dtolnay/private</li> <li><a href="https://github.com/dtolnay/thiserror/commit/9ec05f6b38041bfe1ff5a274caec6e054a459aca"><code>9ec05f6</code></a> Use differently named __private module per patch release</li> <li><a href="https://github.com/dtolnay/thiserror/commit/d2c492b5498a0134abcc1677101bec876fe0621a"><code>d2c492b</code></a> Raise minimum tested compiler to rust 1.76</li> <li><a href="https://github.com/dtolnay/thiserror/commit/fc3ab9501d4f2b6df2d7e495dc1cb37ab6e68363"><code>fc3ab95</code></a> Opt in to generate-macro-expansion when building on docs.rs</li> <li><a href="https://github.com/dtolnay/thiserror/commit/819fe29dbb6e41bb937e3fef0469917d7c476c60"><code>819fe29</code></a> Update ui test suite to nightly-2025-09-12</li> <li><a href="https://github.com/dtolnay/thiserror/commit/259f48c549a2b49c00d2d58a204c1a3b4d2fb29a"><code>259f48c</code></a> Enforce trybuild >= 1.0.108</li> <li><a href="https://github.com/dtolnay/thiserror/commit/470e6a681c073f12e29daf64dcec724bfd5871a9"><code>470e6a6</code></a> Update ui test suite to nightly-2025-08-24</li> <li><a href="https://github.com/dtolnay/thiserror/commit/544e191e6e7f2e7cc3ac34b77d9165c30d982463"><code>544e191</code></a> Update actions/checkout@v4 -> v5</li> <li><a href="https://github.com/dtolnay/thiserror/commit/cbc1ebad3e91621ee0f94cf56d131f12fee62a3c"><code>cbc1eba</code></a> Delete duplicate cap-lints flag from build script</li> <li>See full diff in <a href="https://github.com/dtolnay/thiserror/compare/2.0.16...2.0.17">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-10-30 19:00:00 -07:00 -
Windows Sandbox - Alpha version (#4905)
- Added the new codex-windows-sandbox crate that builds both a library entry point (run_windows_sandbox_capture) and a CLI executable to launch commands inside a Windows restricted-token sandbox, including ACL management, capability SID provisioning, network lockdown, and output capture (windows-sandbox-rs/src/lib.rs:167, windows-sandbox-rs/src/main.rs:54). - Introduced the experimental WindowsSandbox feature flag and wiring so Windows builds can opt into the sandbox: SandboxType::WindowsRestrictedToken, the in-process execution path, and platform sandbox selection now honor the flag (core/src/features.rs:47, core/src/config.rs:1224, core/src/safety.rs:19, core/src/sandboxing/mod.rs:69, core/src/exec.rs:79, core/src/exec.rs:172). - Updated workspace metadata to include the new crate and its Windows-specific dependencies so the core crate can link against it (codex-rs/ Cargo.toml:91, core/Cargo.toml:86). - Added a PowerShell bootstrap script that installs the Windows toolchain, required CLI utilities, and builds the workspace to ease development on the platform (scripts/setup-windows.ps1:1). - Landed a Python smoke-test suite that exercises read-only/workspace-write policies, ACL behavior, and network denial for the Windows sandbox binary (windows-sandbox-rs/sandbox_smoketests.py:1).iceweasel-oai ·
2025-10-30 15:51:57 -07:00 -
Add item streaming events (#5546)
Adds AgentMessageContentDelta, ReasoningContentDelta, ReasoningRawContentDelta item streaming events while maintaining compatibility for old events. --------- Co-authored-by: Owen Lin <owen@openai.com>
pakrym-oai ·
2025-10-29 22:33:57 +00:00 -
jif-oai ·
2025-10-29 20:46:45 +00:00 -
chore: merge git crates (#5909)
Merge `git-apply` and `git-tooling` into `utils/`
jif-oai ·
2025-10-29 12:11:44 +00:00 -
[Auth] Add keyring support for Codex CLI (#5591)
Follow-up PR to #5569. Add Keyring Support for Auth Storage in Codex CLI as well as a hybrid mode (default to persisting in keychain but fall back to file when unavailable.) It also refactors out the keyringstore implementation from rmcp-client [here](https://github.com/openai/codex/blob/main/codex-rs/rmcp-client/src/oauth.rs) to a new keyring-store crate. There will be a follow-up that picks the right credential mode depending on the config, instead of hardcoding `AuthCredentialsStoreMode::File`.
Celia Chen ·
2025-10-27 12:10:11 -07:00 -
feat: image resizing (#5446)
Add image resizing on the client side to reduce load on the API
jif-oai ·
2025-10-27 16:58:10 +00:00 -
jif-oai ·
2025-10-27 10:55:29 +00:00 -
jif-oai ·
2025-10-27 10:09:10 +00:00 -
Ahmed Ibrahim ·
2025-10-27 05:53:39 +00:00 -
Fixed flaky unit test (#5654)
This PR fixes a test that is sporadically failing in CI. The problem is that two unit tests (the older `login_and_cancel_chatgpt` and a recently added `login_chatgpt_includes_forced_workspace_query_param`) exercise code paths that start the login server. The server binds to a hard-coded localhost port number, so attempts to start more than one server at the same time will fail. If these two tests happen to run concurrently, one of them will fail. To fix this, I've added a simple mutex. We can use this same mutex for future tests that use the same pattern.
Eric Traut ·
2025-10-24 16:31:24 -07:00 -
Add CodexHttpClient wrapper with request logging (#5564)
## Summary - wrap the default reqwest::Client inside a new CodexHttpClient/CodexRequestBuilder pair and log the HTTP method, URL, and status for each request - update the auth/model/provider plumbing to use the new builder helpers so headers and bearer auth continue to be applied consistently - add the shared `http` dependency that backs the header conversion helpers ## Testing - `CODEX_SANDBOX=seatbelt CODEX_SANDBOX_NETWORK_DISABLED=1 cargo test -p codex-core` - `CODEX_SANDBOX=seatbelt CODEX_SANDBOX_NETWORK_DISABLED=1 cargo test -p codex-chatgpt` - `CODEX_SANDBOX=seatbelt CODEX_SANDBOX_NETWORK_DISABLED=1 cargo test -p codex-tui` ------ https://chatgpt.com/codex/tasks/task_i_68fa5038c17483208b1148661c5873be
pakrym-oai ·
2025-10-24 09:47:52 -07:00 -
[MCP] Update rmcp to 0.8.3 (#5542)
Picks up modelcontextprotocol/rust-sdk#497 which fixes #5208 by allowing 204 response to MCP initialize notifications instead of just 202.
Gabriel Peal ·
2025-10-23 20:45:29 -07:00 -
jif-oai ·
2025-10-23 17:08:06 +01:00