mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
13d378f2ce3a95bdcea912c573c19fc4dca87ca3
96 Commits
-
Jeremy Rose ·
2025-11-19 00:20:19 +00:00 -
[app-server] feat: add v2 command execution approval flow (#6758)
This PR adds the API V2 version of the command‑execution approval flow for the shell tool. This PR wires the new RPC (`item/commandExecution/requestApproval`, V2 only) and related events (`item/started`, `item/completed`, and `item/commandExecution/delta`, which are emitted in both V1 and V2) through the app-server protocol. The new approval RPC is only sent when the user initiates a turn with the new `turn/start` API so we don't break backwards compatibility with VSCE. The approach I took was to make as few changes to the Codex core as possible, leveraging existing `EventMsg` core events, and translating those in app-server. I did have to add additional fields to `EventMsg::ExecCommandEndEvent` to capture the command's input so that app-server can statelessly transform these events to a `ThreadItem::CommandExecution` item for the `item/completed` event. Once we stabilize the API and it's complete enough for our partners, we can work on migrating the core to be aware of command execution items as a first-class concept. **Note**: We'll need followup work to make sure these APIs work for the unified exec tool, but will wait til that's stable and landed before doing a pass on app-server. Example payloads below: ``` { "method": "item/started", "params": { "item": { "aggregatedOutput": null, "command": "/bin/zsh -lc 'touch /tmp/should-trigger-approval'", "cwd": "/Users/owen/repos/codex/codex-rs", "durationMs": null, "exitCode": null, "id": "call_lNWWsbXl1e47qNaYjFRs0dyU", "parsedCmd": [ { "cmd": "touch /tmp/should-trigger-approval", "type": "unknown" } ], "status": "inProgress", "type": "commandExecution" } } } ``` ``` { "id": 0, "method": "item/commandExecution/requestApproval", "params": { "itemId": "call_lNWWsbXl1e47qNaYjFRs0dyU", "parsedCmd": [ { "cmd": "touch /tmp/should-trigger-approval", "type": "unknown" } ], "reason": "Need to create file in /tmp which is outside workspace sandbox", "risk": null, "threadId": "019a93e8-0a52-7fe3-9808-b6bc40c0989a", "turnId": "1" } } ``` ``` { "id": 0, "result": { "acceptSettings": { "forSession": false }, "decision": "accept" } } ``` ``` { "params": { "item": { "aggregatedOutput": null, "command": "/bin/zsh -lc 'touch /tmp/should-trigger-approval'", "cwd": "/Users/owen/repos/codex/codex-rs", "durationMs": 224, "exitCode": 0, "id": "call_lNWWsbXl1e47qNaYjFRs0dyU", "parsedCmd": [ { "cmd": "touch /tmp/should-trigger-approval", "type": "unknown" } ], "status": "completed", "type": "commandExecution" } } } ```Owen Lin ·
2025-11-18 00:23:54 +00:00 -
LM Studio OSS Support (#2312)
## Overview Adds LM Studio OSS support. Closes #1883 ### Changes This PR enhances the behavior of `--oss` flag to support LM Studio as a provider. Additionally, it introduces a new flag`--local-provider` which can take in `lmstudio` or `ollama` as values if the user wants to explicitly choose which one to use. If no provider is specified `codex --oss` will auto-select the provider based on whichever is running. #### Additional enhancements The default can be set using `oss-provider` in config like: ``` oss_provider = "lmstudio" ``` For non-interactive users, they will need to either provide the provider as an arg or have it in their `config.toml` ### Notes For best performance, [set the default context length](https://lmstudio.ai/docs/app/advanced/per-model) for gpt-oss to the maximum your machine can support --------- Co-authored-by: Matt Clayton <matt@lmstudio.ai> Co-authored-by: Eric Traut <etraut@openai.com>
rugvedS07 ·
2025-11-17 11:49:09 -08:00 -
feat: execpolicy v2 (#6467)
## Summary - Introduces the `codex-execpolicy2` crate. - This PR covers only the prefix-rule subset of the planned execpolicy v2 language; a richer language will follow. ## Policy - Policy language centers on `prefix_rule(pattern=[...], decision?, match?, not_match?)`, where `pattern` is an ordered list of tokens; any element may be a list to denote alternatives. `decision` defaults to `allow`; valid values are `allow`, `prompt`, and `forbidden`. `match` / `not_match` hold example commands that are tokenized and validated at load time (think of these as unit tests). ## Policy shapes - Prefix rules use Starlark syntax: ```starlark prefix_rule( pattern = ["cmd", ["alt1", "alt2"]], # ordered tokens; list entries denote alternatives decision = "prompt", # allow | prompt | forbidden; defaults to allow match = [["cmd", "alt1"]], # examples that must match this rule (enforced at compile time) not_match = [["cmd", "oops"]], # examples that must not match this rule (enforced at compile time) ) ``` ## Response shapes - Match: ```json { "match": { "decision": "allow|prompt|forbidden", "matchedRules": [ { "prefixRuleMatch": { "matchedPrefix": ["<token>", "..."], "decision": "allow|prompt|forbidden" } } ] } } ``` - No match: ```json "noMatch" ``` - `matchedRules` lists every rule whose prefix matched the command; `matchedPrefix` is the exact prefix that matched. - The effective `decision` is the strictest severity across all matches (`forbidden` > `prompt` > `allow`). --------- Co-authored-by: Michael Bolin <mbolin@openai.com>zhao-oai ·
2025-11-17 10:15:45 -08:00 -
Fix FreeBSD/OpenBSD builds: target-specific keyring features and BSD hardening (#6680)
## Summary Builds on FreeBSD and OpenBSD were failing due to globally enabled Linux-specific keyring features and hardening code paths not gated by OS. This PR scopes keyring native backends to the appropriate targets, disables default features at the workspace root, and adds a BSD-specific hardening function. Linux/macOS/Windows behavior remains unchanged, while FreeBSD/OpenBSD now build and run with a supported backend. ## Key Changes - Keyring features: - Disable keyring default features at the workspace root to avoid pulling Linux backends on non-Linux. - Move native backend features into target-specific sections in the affected crates: - Linux: linux-native-async-persistent - macOS: apple-native - Windows: windows-native - FreeBSD/OpenBSD: sync-secret-service - Process hardening: - Add pre_main_hardening_bsd() for FreeBSD/OpenBSD, applying: - Set RLIMIT_CORE to 0 - Clear LD_* environment variables - Simplify process-hardening Cargo deps to unconditional libc (avoid conflicting OS fragments). - No changes to CODEX_SANDBOX_* behavior. ## Rationale - Previously, enabling keyring native backends globally pulled Linux-only features on BSD, causing build errors. - Hardening logic was tailored for Linux/macOS; BSD builds lacked a gated path with equivalent safeguards. - Target-scoped features and BSD hardening make the crates portable across these OSes without affecting existing behavior elsewhere. ## Impact by Platform - Linux: No functional change; backends now selected via target cfg. - macOS: No functional change; explicit apple-native mapping. - Windows: No functional change; explicit windows-native mapping. - FreeBSD/OpenBSD: Builds succeed using sync-secret-service; BSD hardening applied during startup. ## Testing - Verified compilation across affected crates with target-specific features. - Smoke-checked that Linux/macOS/Windows feature sets remain identical functionally after scoping. - On BSD, confirmed keyring resolves to sync-secret-service and hardening compiles. ## Risks / Compatibility - Minimal risk: only feature scoping and OS-gated additions. - No public API changes in the crates; runtime behavior on non-BSD platforms is preserved. - On BSD, the new hardening clears LD_*; this is consistent with security posture on other Unix platforms. ## Reviewer Notes - Pay attention to target-specific sections for keyring in the affected Cargo.toml files. - Confirm pre_main_hardening_bsd() mirrors the safe subset of Linux/macOS hardening without introducing Linux-only calls. - Confirm no references to CODEX_SANDBOX_ENV_VAR or CODEX_SANDBOX_NETWORK_DISABLED_ENV_VAR were added/modified. ## Checklist - Disable keyring default features at workspace root. - Target-specific keyring features mapped per OS (Linux/macOS/Windows/BSD). - Add BSD hardening (RLIMIT_CORE=0, clear LD_*). - Simplify process-hardening dependencies to unconditional libc. - No changes to sandbox env var code. - Formatting and linting: just fmt + just fix -p for changed crates. - Project tests pass for changed crates; broader suite unchanged. --------- Co-authored-by: celia-oai <celia@openai.com>Xiao-Yong Jin ·
2025-11-17 05:07:34 +00:00 -
feat: add app-server-test-client crate for internal use (#5391)
For app-server development it's been helpful to be able to trigger some test flows end-to-end and print the JSON-RPC messages sent between client and server.
Owen Lin ·
2025-11-14 12:39:58 -08:00 -
jif-oai ·
2025-11-14 17:05:00 +01:00 -
Reasoning level update (#6586)
Automatically update reasoning levels when migrating between models
pakrym-oai ·
2025-11-13 06:24:36 +00:00 -
Fix wayland image paste error (#4824)
## Summary - log and surface clipboard failures instead of silently ignoring them when `Ctrl+V` pastes an image (`paste_image_to_temp_png()` now feeds an error history cell) - enable `arboard`’s `wayland-data-control` feature so native Wayland sessions can deliver image data without XWayland - keep the success path unchanged: valid images still attach and show the `[image …]` placeholder as before Fixes #4818 --------- Co-authored-by: Eric Traut <etraut@openai.com> Co-authored-by: Jeremy Rose <172423086+nornagon-openai@users.noreply.github.com>
George Nesterenok ·
2025-11-10 14:35:30 -08:00 -
fix: use generate_ts from app_server_protocol (#6407)
Update `codex generate-ts` to use the TS export code from `app-server-protocol/src/export.rs`. I realized there were two duplicate implementations of Typescript export code: - `app-server-protocol/src/export.rs` - the `codex-protocol-ts` crate The `codex-protocol-ts` crate that `codex generate-ts` uses is out of date now since it doesn't handle the V2 namespace from: https://github.com/openai/codex/pull/6212.
Owen Lin ·
2025-11-10 08:08:12 -08:00 -
chore(deps): bump zeroize from 1.8.1 to 1.8.2 in /codex-rs (#6444)
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.8.1 to 1.8.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/RustCrypto/utils/commit/c100874101bfd584870de5dde1b13dd92a17bf48"><code>c100874</code></a> zeroize v1.8.2 (<a href="https://redirect.github.com/RustCrypto/utils/issues/1229">#1229</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/3940ccbebdac7a519523b29b4ff3749863026b8f"><code>3940ccb</code></a> Switch from <code>doc_auto_cfg</code> to <code>doc_cfg</code> (<a href="https://redirect.github.com/RustCrypto/utils/issues/1228">#1228</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/c68a5204b2e66b0f60832d845e048fca96a81211"><code>c68a520</code></a> Fix Nightly warnings (<a href="https://redirect.github.com/RustCrypto/utils/issues/1080">#1080</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/b15cc6c1cddad1558d44b138ff869b0590d2ac55"><code>b15cc6c</code></a> cargo: point <code>repository</code> metadata to clonable URLs (<a href="https://redirect.github.com/RustCrypto/utils/issues/1079">#1079</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/3db6690f7be82e90a92e457d5becfd754fd10299"><code>3db6690</code></a> zeroize: fix <code>homepage</code>/<code>repository</code> in Cargo.toml (<a href="https://redirect.github.com/RustCrypto/utils/issues/1076">#1076</a>)</li> <li>See full diff in <a href="https://github.com/RustCrypto/utils/compare/zeroize-v1.8.1...zeroize-v1.8.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:03:36 -08:00 -
chore(deps): bump askama from 0.12.1 to 0.14.0 in /codex-rs (#6443)
Bumps [askama](https://github.com/askama-rs/askama) from 0.12.1 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/askama-rs/askama/releases">askama's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Added Features</h2> <ul> <li>Implement <code>Values</code> on tuple by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/391">askama-rs/askama#391</a></li> <li>Pass variables to sub-templates more reliably even if indirectly by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/397">askama-rs/askama#397</a></li> <li>Implement <code>first</code> and <code>blank</code> arguments for <code>|indent</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/401">askama-rs/askama#401</a></li> <li>Add named arguments for builtin filters by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/403">askama-rs/askama#403</a></li> <li>Add <code>unique</code> filter by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/405">askama-rs/askama#405</a></li> </ul> <h2>Bug Fixes And Consistency</h2> <ul> <li><code>askama_derive</code> accidentally exposed as a feature by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/384">askama-rs/askama#384</a></li> <li>Track config files by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/385">askama-rs/askama#385</a></li> <li>If using local variable as value when creating a new variable, do not put it behind a reference by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/392">askama-rs/askama#392</a></li> <li>generator: make <code>CARGO_MANIFEST_DIR</code> part of <code>ConfigKey</code> by <a href="https://github.com/strickczq"><code>@strickczq</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> <li>Do not put question mark initialization expressions behind a reference by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/400">askama-rs/askama#400</a></li> <li>Update to more current rust version on readthedocs by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/410">askama-rs/askama#410</a></li> <li>Fix <code>unique</code> filter implementation by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/417">askama-rs/askama#417</a></li> <li>Add <code>|titlecase</code> as alias for <code>|title</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/416">askama-rs/askama#416</a></li> </ul> <h2>Further Changes</h2> <ul> <li>book: add page about <code>FastWritable</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/407">askama-rs/askama#407</a></li> <li>Add throughput to derive benchmark by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/413">askama-rs/askama#413</a></li> <li>Move <code>FastWritable</code> into <code>askama</code> root by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/411">askama-rs/askama#411</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/strickczq"><code>@strickczq</code></a> made their first contribution in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/askama-rs/askama/compare/v0.13.0...v0.14.0">https://github.com/askama-rs/askama/compare/v0.13.0...v0.14.0</a></p> <h2>v0.13.1</h2> <h2>What's Changed</h2> <ul> <li><code>askama_derive</code> accidentally exposed as a feature by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/384">askama-rs/askama#384</a></li> <li>Track config files by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/385">askama-rs/askama#385</a></li> <li>Implement <code>Values</code> on tuple by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/391">askama-rs/askama#391</a></li> <li>generator: make <code>CARGO_MANIFEST_DIR</code> part of <code>ConfigKey</code> by <a href="https://github.com/strickczq"><code>@strickczq</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/strickczq"><code>@strickczq</code></a> made their first contribution in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/askama-rs/askama/compare/v0.13.0...v0.13.1">https://github.com/askama-rs/askama/compare/v0.13.0...v0.13.1</a></p> <h2>v0.13.0 – Rinja is Askama, again!</h2> <p>With this release, the <a href="https://blog.guillaume-gomez.fr/articles/2024-07-31+docs.rs+switching+jinja+template+framework+from+tera+to+rinja">fork</a> rinja got merged back into the main project. Please have a look at our <a href="https://blog.guillaume-gomez.fr/articles/2025-03-19+Askama+and+Rinja+merge">blog post</a> for more information about the split and the merge.</p> <h2>What's Changed</h2> <p>This release (v0.13.0), when <a href="https://github.com/askama-rs/askama/compare/0.12.1...v0.13.0">compared to</a> the last stable askama release (v0.12.1), consists of:</p> <ul> <li>over 1000 commits</li> <li>with changes in over 500 files</li> <li>with over 40k additions and 8000 deletions</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/askama-rs/askama/commit/95867ac8cedc80b69f4047dea9c1272a5bf947b3"><code>95867ac</code></a> Merge pull request <a href="https://redirect.github.com/askama-rs/askama/issues/416">#416</a> from Kijewski/pr-upgrading-0.14</li> <li><a href="https://github.com/askama-rs/askama/commit/61b74224971f3975da70e1fdaa0c7f49e315bf17"><code>61b7422</code></a> Add <code>|titlecase</code> as alias for <code>|title</code></li> <li><a href="https://github.com/askama-rs/askama/commit/79be27159326c5adfb181ae2afb55201a48ff43a"><code>79be271</code></a> Run doctests</li> <li><a href="https://github.com/askama-rs/askama/commit/72bbe3ede14b20ea3449408f49b6ab204cd1dc54"><code>72bbe3e</code></a> Bump version number to v0.14.0</li> <li><a href="https://github.com/askama-rs/askama/commit/57750338fa9a8d354404512cdbc8c118930923d6"><code>5775033</code></a> book: update <code>upgrading.md</code></li> <li><a href="https://github.com/askama-rs/askama/commit/a5b43c0aa2c98182a9a09940b2f6b7250e0a1b19"><code>a5b43c0</code></a> Fix <code>unique</code> filter implementation</li> <li><a href="https://github.com/askama-rs/askama/commit/7fccbdf1d7a8874ddd00f93620364971bc8aa88c"><code>7fccbdf</code></a> Remove usage of <code>nextest</code></li> <li><a href="https://github.com/askama-rs/askama/commit/6a16256f24915fcf857225fec2517c51ca1fd2c1"><code>6a16256</code></a> Fix new clippy lints</li> <li><a href="https://github.com/askama-rs/askama/commit/04a4d5b0206378244f397c0f85c4fd1a2a865d13"><code>04a4d5b</code></a> Update MSRV to 1.83</li> <li><a href="https://github.com/askama-rs/askama/commit/d2a788a740b4724a1f946b75d327974e7390cc75"><code>d2a788a</code></a> Add doc about <code>unique</code> filter</li> <li>Additional commits viewable in <a href="https://github.com/askama-rs/askama/compare/0.12.1...v0.14.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:02:26 -08:00 -
Windows Sandbox: Show Everyone-writable directory warning (#6283)
Show a warning when Auto Sandbox mode becomes enabled, if we detect Everyone-writable directories, since they cannot be protected by the current implementation of the Sandbox. This PR also includes changes to how we detect Everyone-writable to be *much* faster
iceweasel-oai ·
2025-11-06 10:44:42 -08:00 -
Update rmcp to 0.8.5 (#6261)
Picks up https://github.com/modelcontextprotocol/rust-sdk/pull/511 which should fix todoist and some other MCP server oauth and may further resolve issues in https://github.com/openai/codex/issues/5045
Gabriel Peal ·
2025-11-05 14:20:30 -05:00 -
Upgrade rmcp to 0.8.4 (#6234)
Picks up https://github.com/modelcontextprotocol/rust-sdk/pull/509 which fixes https://github.com/openai/codex/issues/6164
Gabriel Peal ·
2025-11-05 00:23:24 -05:00 -
tui: patch crossterm for better color queries (#5935)
See https://github.com/crossterm-rs/crossterm/compare/master...nornagon:crossterm:nornagon/color-query This patches crossterm to add support for querying fg/bg color as part of the crossterm event loop, which fixes some issues where this query would fight with other input. - dragging screenshots into the cli would sometimes paste half of the pathname instead of being recognized as an image (https://github.com/openai/codex/issues/5603) - Fixes https://github.com/openai/codex/issues/4945
Jeremy Rose ·
2025-10-31 16:36:41 -07:00 -
chore(deps): bump indexmap from 2.10.0 to 2.11.4 in /codex-rs (#4804)
Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.10.0 to 2.11.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md">indexmap's changelog</a>.</em></p> <blockquote> <h2>2.11.4 (2025-09-18)</h2> <ul> <li>Updated the <code>hashbrown</code> dependency to a range allowing 0.15 or 0.16.</li> </ul> <h2>2.11.3 (2025-09-15)</h2> <ul> <li>Make the minimum <code>serde</code> version only apply when "serde" is enabled.</li> </ul> <h2>2.11.2 (2025-09-15)</h2> <ul> <li>Switched the "serde" feature to depend on <code>serde_core</code>, improving build parallelism in cases where other dependents have enabled "serde/derive".</li> </ul> <h2>2.11.1 (2025-09-08)</h2> <ul> <li>Added a <code>get_key_value_mut</code> method to <code>IndexMap</code>.</li> <li>Removed the unnecessary <code>Ord</code> bound on <code>insert_sorted_by</code> methods.</li> </ul> <h2>2.11.0 (2025-08-22)</h2> <ul> <li>Added <code>insert_sorted_by</code> and <code>insert_sorted_by_key</code> methods to <code>IndexMap</code>, <code>IndexSet</code>, and <code>VacantEntry</code>, like customizable versions of <code>insert_sorted</code>.</li> <li>Added <code>is_sorted</code>, <code>is_sorted_by</code>, and <code>is_sorted_by_key</code> methods to <code>IndexMap</code> and <code>IndexSet</code>, as well as their <code>Slice</code> counterparts.</li> <li>Added <code>sort_by_key</code> and <code>sort_unstable_by_key</code> methods to <code>IndexMap</code> and <code>IndexSet</code>, as well as parallel counterparts.</li> <li>Added <code>replace_index</code> methods to <code>IndexMap</code>, <code>IndexSet</code>, and <code>VacantEntry</code> to replace the key (or set value) at a given index.</li> <li>Added optional <code>sval</code> serialization support.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indexmap-rs/indexmap/commit/03f9e58626ad7ef811b1522097bced2400c18b1a"><code>03f9e58</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/418">#418</a> from a1phyr/hashbrown_0.16</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/ee6080d480eea3b738757c6bff1bb21b440f3849"><code>ee6080d</code></a> Release 2.11.4</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/a7da8f181e81f8a37bc46936bf2d1d6db14edddc"><code>a7da8f1</code></a> Use a range for hashbrown</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/0cd5aefb4434fb495cb87ba5de50870d331558fc"><code>0cd5aef</code></a> Update <code>hashbrown</code> to 0.16</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/fd5c819daf8c3c62919ec0bbc777a571ee20ae5a"><code>fd5c819</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/417">#417</a> from cuviper/release-2.11.3</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/9321145e1f517f31969c0d9ab5a5171cc23c3daf"><code>9321145</code></a> Release 2.11.3</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/7b485688c299ed840d900b5a33aed33a1924a7c9"><code>7b48568</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/416">#416</a> from cuviper/release-2.11.2</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/49ce7fa4716e24cf9380653a40d88b5186f2f555"><code>49ce7fa</code></a> Release 2.11.2</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/58fd834804415879eb9be862291eba03e945e32a"><code>58fd834</code></a> Merge pull request <a href="https://redirect.github.com/indexmap-rs/indexmap/issues/414">#414</a> from DaniPopes/serde_core</li> <li><a href="https://github.com/indexmap-rs/indexmap/commit/5dc1d6ab3105739ae61039f422e5246f0eee4f64"><code>5dc1d6a</code></a> Depend on <code>serde_core</code> instead of <code>serde</code></li> <li>Additional commits viewable in <a href="https://github.com/indexmap-rs/indexmap/compare/2.10.0...2.11.4">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-10-31 10:15:52 -07:00 -
chore(deps): bump thiserror from 2.0.16 to 2.0.17 in /codex-rs (#4426)
Bumps [thiserror](https://github.com/dtolnay/thiserror) from 2.0.16 to 2.0.17. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dtolnay/thiserror/releases">thiserror's releases</a>.</em></p> <blockquote> <h2>2.0.17</h2> <ul> <li>Use differently named __private module per patch release (<a href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dtolnay/thiserror/commit/72ae716e6d6a7f7fdabdc394018c745b4d39ca45"><code>72ae716</code></a> Release 2.0.17</li> <li><a href="https://github.com/dtolnay/thiserror/commit/599fdce83aee7767eb87b5af7bb30c37f3ed61e5"><code>599fdce</code></a> Merge pull request <a href="https://redirect.github.com/dtolnay/thiserror/issues/434">#434</a> from dtolnay/private</li> <li><a href="https://github.com/dtolnay/thiserror/commit/9ec05f6b38041bfe1ff5a274caec6e054a459aca"><code>9ec05f6</code></a> Use differently named __private module per patch release</li> <li><a href="https://github.com/dtolnay/thiserror/commit/d2c492b5498a0134abcc1677101bec876fe0621a"><code>d2c492b</code></a> Raise minimum tested compiler to rust 1.76</li> <li><a href="https://github.com/dtolnay/thiserror/commit/fc3ab9501d4f2b6df2d7e495dc1cb37ab6e68363"><code>fc3ab95</code></a> Opt in to generate-macro-expansion when building on docs.rs</li> <li><a href="https://github.com/dtolnay/thiserror/commit/819fe29dbb6e41bb937e3fef0469917d7c476c60"><code>819fe29</code></a> Update ui test suite to nightly-2025-09-12</li> <li><a href="https://github.com/dtolnay/thiserror/commit/259f48c549a2b49c00d2d58a204c1a3b4d2fb29a"><code>259f48c</code></a> Enforce trybuild >= 1.0.108</li> <li><a href="https://github.com/dtolnay/thiserror/commit/470e6a681c073f12e29daf64dcec724bfd5871a9"><code>470e6a6</code></a> Update ui test suite to nightly-2025-08-24</li> <li><a href="https://github.com/dtolnay/thiserror/commit/544e191e6e7f2e7cc3ac34b77d9165c30d982463"><code>544e191</code></a> Update actions/checkout@v4 -> v5</li> <li><a href="https://github.com/dtolnay/thiserror/commit/cbc1ebad3e91621ee0f94cf56d131f12fee62a3c"><code>cbc1eba</code></a> Delete duplicate cap-lints flag from build script</li> <li>See full diff in <a href="https://github.com/dtolnay/thiserror/compare/2.0.16...2.0.17">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-10-30 19:00:00 -07:00 -
Windows Sandbox - Alpha version (#4905)
- Added the new codex-windows-sandbox crate that builds both a library entry point (run_windows_sandbox_capture) and a CLI executable to launch commands inside a Windows restricted-token sandbox, including ACL management, capability SID provisioning, network lockdown, and output capture (windows-sandbox-rs/src/lib.rs:167, windows-sandbox-rs/src/main.rs:54). - Introduced the experimental WindowsSandbox feature flag and wiring so Windows builds can opt into the sandbox: SandboxType::WindowsRestrictedToken, the in-process execution path, and platform sandbox selection now honor the flag (core/src/features.rs:47, core/src/config.rs:1224, core/src/safety.rs:19, core/src/sandboxing/mod.rs:69, core/src/exec.rs:79, core/src/exec.rs:172). - Updated workspace metadata to include the new crate and its Windows-specific dependencies so the core crate can link against it (codex-rs/ Cargo.toml:91, core/Cargo.toml:86). - Added a PowerShell bootstrap script that installs the Windows toolchain, required CLI utilities, and builds the workspace to ease development on the platform (scripts/setup-windows.ps1:1). - Landed a Python smoke-test suite that exercises read-only/workspace-write policies, ACL behavior, and network denial for the Windows sandbox binary (windows-sandbox-rs/sandbox_smoketests.py:1).iceweasel-oai ·
2025-10-30 15:51:57 -07:00 -
jif-oai ·
2025-10-29 20:46:45 +00:00 -
chore: merge git crates (#5909)
Merge `git-apply` and `git-tooling` into `utils/`
jif-oai ·
2025-10-29 12:11:44 +00:00 -
[Auth] Add keyring support for Codex CLI (#5591)
Follow-up PR to #5569. Add Keyring Support for Auth Storage in Codex CLI as well as a hybrid mode (default to persisting in keychain but fall back to file when unavailable.) It also refactors out the keyringstore implementation from rmcp-client [here](https://github.com/openai/codex/blob/main/codex-rs/rmcp-client/src/oauth.rs) to a new keyring-store crate. There will be a follow-up that picks the right credential mode depending on the config, instead of hardcoding `AuthCredentialsStoreMode::File`.
Celia Chen ·
2025-10-27 12:10:11 -07:00 -
feat: image resizing (#5446)
Add image resizing on the client side to reduce load on the API
jif-oai ·
2025-10-27 16:58:10 +00:00 -
Add CodexHttpClient wrapper with request logging (#5564)
## Summary - wrap the default reqwest::Client inside a new CodexHttpClient/CodexRequestBuilder pair and log the HTTP method, URL, and status for each request - update the auth/model/provider plumbing to use the new builder helpers so headers and bearer auth continue to be applied consistently - add the shared `http` dependency that backs the header conversion helpers ## Testing - `CODEX_SANDBOX=seatbelt CODEX_SANDBOX_NETWORK_DISABLED=1 cargo test -p codex-core` - `CODEX_SANDBOX=seatbelt CODEX_SANDBOX_NETWORK_DISABLED=1 cargo test -p codex-chatgpt` - `CODEX_SANDBOX=seatbelt CODEX_SANDBOX_NETWORK_DISABLED=1 cargo test -p codex-tui` ------ https://chatgpt.com/codex/tasks/task_i_68fa5038c17483208b1148661c5873be
pakrym-oai ·
2025-10-24 09:47:52 -07:00 -
[MCP] Update rmcp to 0.8.3 (#5542)
Picks up modelcontextprotocol/rust-sdk#497 which fixes #5208 by allowing 204 response to MCP initialize notifications instead of just 202.
Gabriel Peal ·
2025-10-23 20:45:29 -07:00 -
[MCP] Remove the legacy stdio client in favor of rmcp (#5529)
I haven't heard of any issues with the studio rmcp client so let's remove the legacy one and default to the new one. Any code changes are moving code from the adapter inline but there should be no meaningful functionality changes.
Gabriel Peal ·
2025-10-22 12:06:59 -07:00 -
jif-oai ·
2025-10-22 16:01:02 +01:00 -
[MCP] Bump rmcp to 0.8.2 (#5423)
[Release notes](https://github.com/modelcontextprotocol/rust-sdk/releases) Notably, this picks up two of my PRs that have four separate fixes for oauth dynamic client registration and auth https://github.com/modelcontextprotocol/rust-sdk/pull/489 https://github.com/modelcontextprotocol/rust-sdk/pull/476
Gabriel Peal ·
2025-10-20 21:19:05 -07:00 -
Reduce symbol size for tests (#5389)
Test executables were huge because of detailed debugging symbols. Switch to less rich debugging symbols.
pakrym-oai ·
2025-10-20 14:52:37 -07:00 -
fix terminal corruption that could happen when onboarding and update banner (#5269)
Instead of printing characters before booting the app, make the upgrade banner a history cell so it's well-behaved. <img width="771" height="586" alt="Screenshot 2025-10-16 at 4 20 51 PM" src="https://github.com/user-attachments/assets/90629d47-2c3d-4970-a826-283795ab34e5" /> --------- Co-authored-by: Josh McKinney <joshka@openai.com>
Jeremy Rose ·
2025-10-20 21:40:14 +00:00 -
[app-server] read rate limits API (#5302)
Adds a `GET account/rateLimits/read` API to app-server. This calls the codex backend to fetch the user's current rate limits. This would be helpful in checking rate limits without having to send a message. For calling the codex backend usage API, I generated the types and manually copied the relevant ones into `codex-backend-openapi-types`. It'll be nice to extend our internal openapi generator to support Rust so we don't have to run these manual steps. # External (non-OpenAI) Pull Request Requirements Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed: https://github.com/openai/codex/blob/main/docs/contributing.md If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.
Owen Lin ·
2025-10-20 14:11:54 -07:00 -
tui: drop citation rendering (#4855)
We don't instruct the model to use citations, so it never emits them. Further, ratatui [doesn't currently support rendering links into the terminal with OSC 8](https://github.com/ratatui/ratatui/issues/1028), so even if we did parse citations, we can't correctly render them. So, remove all the code related to rendering them.
Jeremy Rose ·
2025-10-20 21:08:19 +00:00 -
chore: rework tools execution workflow (#5278)
Re-work the tool execution flow. Read `orchestrator.rs` to understand the structure
jif-oai ·
2025-10-20 20:57:37 +01:00 -
Michael Bolin ·
2025-10-19 21:12:45 -07:00 -
pakrym-oai ·
2025-10-17 18:52:57 +00:00 -
pakrym-oai ·
2025-10-16 21:03:23 -07:00 -
test: reduce time dependency on test harness (#5053)
Tightened the CLI integration tests to stop relying on wall-clock sleeps—new fs watcher helper waits for session files instead of timing out, and SSE mocks/fixtures make the flows deterministic.
jif-oai ·
2025-10-15 09:56:59 +01:00 -
feat(tui): switch to tree-sitter-highlight bash highlighting (#4666)
use tree-sitter-highlight instead of custom logic over the tree-sitter tree to highlight bash.
Jeremy Rose ·
2025-10-07 16:20:12 -07:00 -
[MCP] Upgrade rmcp to 0.8 (#4774)
The version with the well-known discovery and my MCP client name change were just released https://github.com/modelcontextprotocol/rust-sdk/releases
Gabriel Peal ·
2025-10-05 18:12:37 -04:00 -
Use assert_matches (#4756)
assert_matches is soon to be in std but is experimental for now.
pakrym-oai ·
2025-10-05 21:12:31 +00:00 -
Fix oauth .well-known metadata discovery (#4677)
This picks up https://github.com/modelcontextprotocol/rust-sdk/pull/459 which is required for proper well-known metadata discovery for some MCPs such as Figma.
Gabriel Peal ·
2025-10-03 17:15:19 -04:00 -
[MCP] Add support for MCP Oauth credentials (#4517)
This PR adds oauth login support to streamable http servers when `experimental_use_rmcp_client` is enabled. This PR is large but represents the minimal amount of work required for this to work. To keep this PR smaller, login can only be done with `codex mcp login` and `codex mcp logout` but it doesn't appear in `/mcp` or `codex mcp list` yet. Fingers crossed that this is the last large MCP PR and that subsequent PRs can be smaller. Under the hood, credentials are stored using platform credential managers using the [keyring crate](https://crates.io/crates/keyring). When the keyring isn't available, it falls back to storing credentials in `CODEX_HOME/.credentials.json` which is consistent with how other coding agents handle authentication. I tested this on macOS, Windows, WSL (ubuntu), and Linux. I wasn't able to test the dbus store on linux but did verify that the fallback works. One quirk is that if you have credentials, during development, every build will have its own ad-hoc binary so the keyring won't recognize the reader as being the same as the write so it may ask for the user's password. I may add an override to disable this or allow users/enterprises to opt-out of the keyring storage if it causes issues. <img width="5064" height="686" alt="CleanShot 2025-09-30 at 19 31 40" src="https://github.com/user-attachments/assets/9573f9b4-07f1-4160-83b8-2920db287e2d" /> <img width="745" height="486" alt="image" src="https://github.com/user-attachments/assets/9562649b-ea5f-4f22-ace2-d0cb438b143e" />
Gabriel Peal ·
2025-10-03 13:43:12 -04:00 -
chore: refactor tool handling (#4510)
# Tool System Refactor - Centralizes tool definitions and execution in `core/src/tools/*`: specs (`spec.rs`), handlers (`handlers/*`), router (`router.rs`), registry/dispatch (`registry.rs`), and shared context (`context.rs`). One registry now builds the model-visible tool list and binds handlers. - Router converts model responses to tool calls; Registry dispatches with consistent telemetry via `codex-rs/otel` and unified error handling. Function, Local Shell, MCP, and experimental `unified_exec` all flow through this path; legacy shell aliases still work. - Rationale: reduce per‑tool boilerplate, keep spec/handler in sync, and make adding tools predictable and testable. Example: `read_file` - Spec: `core/src/tools/spec.rs` (see `create_read_file_tool`, registered by `build_specs`). - Handler: `core/src/tools/handlers/read_file.rs` (absolute `file_path`, 1‑indexed `offset`, `limit`, `L#: ` prefixes, safe truncation). - E2E test: `core/tests/suite/read_file.rs` validates the tool returns the requested lines. ## Next steps: - Decompose `handle_container_exec_with_params` - Add parallel tool calls
jif-oai ·
2025-10-03 13:21:06 +01:00 -
canonicalize display of Agents.md paths on Windows. (#4577)
Canonicalize path on Windows to - remove unattractive path prefixes such as `\\?\` - simplify it (`../AGENTS.md` vs `C:\Users\iceweasel\code\coded\Agents.md`) before: <img width="1110" height="45" alt="Screenshot 2025-10-01 123520" src="https://github.com/user-attachments/assets/48920ae6-d89c-41b8-b4ea-df5c18fb5fad" /> after: <img width="585" height="46" alt="Screenshot 2025-10-01 123612" src="https://github.com/user-attachments/assets/70a1761a-9d97-4836-b14c-670b6f13e608" />
iceweasel-oai ·
2025-10-01 14:33:19 -07:00 -
fix: remove mcp-types from app server protocol (#4537)
We continue the separation between `codex app-server` and `codex mcp-server`. In particular, we introduce a new crate, `codex-app-server-protocol`, and migrate `codex-rs/protocol/src/mcp_protocol.rs` into it, renaming it `codex-rs/app-server-protocol/src/protocol.rs`. Because `ConversationId` was defined in `mcp_protocol.rs`, we move it into its own file, `codex-rs/protocol/src/conversation_id.rs`, and because it is referenced in a ton of places, we have to touch a lot of files as part of this PR. We also decide to get away from proper JSON-RPC 2.0 semantics, so we also introduce `codex-rs/app-server-protocol/src/jsonrpc_lite.rs`, which is basically the same `JSONRPCMessage` type defined in `mcp-types` except with all of the `"jsonrpc": "2.0"` removed. Getting rid of `"jsonrpc": "2.0"` makes our serialization logic considerably simpler, as we can lean heavier on serde to serialize directly into the wire format that we use now.
Michael Bolin ·
2025-10-01 02:16:26 +00:00 -
fix: use macros to ensure request/response symmetry (#4529)
Manually curating `protocol-ts/src/lib.rs` was error-prone, as expected. I finally asked Codex to write some Rust macros so we can ensure that: - For every variant of `ClientRequest` and `ServerRequest`, there is an associated `params` and `response` type. - All response types are included automatically in the output of `codex generate-ts`.
Michael Bolin ·
2025-09-30 18:06:05 -07:00 -
Add cloud tasks (#3197)
Adds a TUI for managing, applying, and creating cloud tasks
easong-openai ·
2025-09-30 10:10:33 +00:00 -
fix: separate
codex mcpintocodex mcp-serverandcodex app-server(#4471)This is a very large PR with some non-backwards-compatible changes. Historically, `codex mcp` (or `codex mcp serve`) started a JSON-RPC-ish server that had two overlapping responsibilities: - Running an MCP server, providing some basic tool calls. - Running the app server used to power experiences such as the VS Code extension. This PR aims to separate these into distinct concepts: - `codex mcp-server` for the MCP server - `codex app-server` for the "application server" Note `codex mcp` still exists because it already has its own subcommands for MCP management (`list`, `add`, etc.) The MCP logic continues to live in `codex-rs/mcp-server` whereas the refactored app server logic is in the new `codex-rs/app-server` folder. Note that most of the existing integration tests in `codex-rs/mcp-server/tests/suite` were actually for the app server, so all the tests have been moved with the exception of `codex-rs/mcp-server/tests/suite/mod.rs`. Because this is already a large diff, I tried not to change more than I had to, so `codex-rs/app-server/tests/common/mcp_process.rs` still uses the name `McpProcess` for now, but I will do some mechanical renamings to things like `AppServer` in subsequent PRs. While `mcp-server` and `app-server` share some overlapping functionality (like reading streams of JSONL and dispatching based on message types) and some differences (completely different message types), I ended up doing a bit of copypasta between the two crates, as both have somewhat similar `message_processor.rs` and `outgoing_message.rs` files for now, though I expect them to diverge more in the near future. One material change is that of the initialize handshake for `codex app-server`, as we no longer use the MCP types for that handshake. Instead, we update `codex-rs/protocol/src/mcp_protocol.rs` to add an `Initialize` variant to `ClientRequest`, which takes the `ClientInfo` object we need to update the `USER_AGENT_SUFFIX` in `codex-rs/app-server/src/message_processor.rs`. One other material change is in `codex-rs/app-server/src/codex_message_processor.rs` where I eliminated a use of the `send_event_as_notification()` method I am generally trying to deprecate (because it blindly maps an `EventMsg` into a `JSONNotification`) in favor of `send_server_notification()`, which takes a `ServerNotification`, as that is intended to be a custom enum of all notification types supported by the app server. So to make this update, I had to introduce a new variant of `ServerNotification`, `SessionConfigured`, which is a non-backwards compatible change with the old `codex mcp`, and clients will have to be updated after the next release that contains this PR. Note that `codex-rs/app-server/tests/suite/list_resume.rs` also had to be update to reflect this change. I introduced `codex-rs/utils/json-to-toml/src/lib.rs` as a small utility crate to avoid some of the copying between `mcp-server` and `app-server`.
Michael Bolin ·
2025-09-30 07:06:18 +00:00 -
OpenTelemetry events (#2103)
### Title ## otel Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events** that describe each run: outbound API requests, streamed responses, user input, tool-approval decisions, and the result of every tool invocation. Export is **disabled by default** so local runs remain self-contained. Opt in by adding an `[otel]` table and choosing an exporter. ```toml [otel] environment = "staging" # defaults to "dev" exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled ``` Codex tags every exported event with `service.name = "codex-cli"`, the CLI version, and an `env` attribute so downstream collectors can distinguish dev/staging/prod traffic. Only telemetry produced inside the `codex_otel` crate—the events listed below—is forwarded to the exporter. ### Event catalog Every event shares a common set of metadata fields: `event.timestamp`, `conversation.id`, `app.version`, `auth_mode` (when available), `user.account_id` (when available), `terminal.type`, `model`, and `slug`. With OTEL enabled Codex emits the following event types (in addition to the metadata above): - `codex.api_request` - `cf_ray` (optional) - `attempt` - `duration_ms` - `http.response.status_code` (optional) - `error.message` (failures) - `codex.sse_event` - `event.kind` - `duration_ms` - `error.message` (failures) - `input_token_count` (completion only) - `output_token_count` (completion only) - `cached_token_count` (completion only, optional) - `reasoning_token_count` (completion only, optional) - `tool_token_count` (completion only) - `codex.user_prompt` - `prompt_length` - `prompt` (redacted unless `log_user_prompt = true`) - `codex.tool_decision` - `tool_name` - `call_id` - `decision` (`approved`, `approved_for_session`, `denied`, or `abort`) - `source` (`config` or `user`) - `codex.tool_result` - `tool_name` - `call_id` - `arguments` - `duration_ms` (execution time for the tool) - `success` (`"true"` or `"false"`) - `output` ### Choosing an exporter Set `otel.exporter` to control where events go: - `none` – leaves instrumentation active but skips exporting. This is the default. - `otlp-http` – posts OTLP log records to an OTLP/HTTP collector. Specify the endpoint, protocol, and headers your collector expects: ```toml [otel] exporter = { otlp-http = { endpoint = "https://otel.example.com/v1/logs", protocol = "binary", headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" } }} ``` - `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint and any metadata headers: ```toml [otel] exporter = { otlp-grpc = { endpoint = "https://otel.example.com:4317", headers = { "x-otlp-meta" = "abc123" } }} ``` If the exporter is `none` nothing is written anywhere; otherwise you must run or point to your own collector. All exporters run on a background batch worker that is flushed on shutdown. If you build Codex from source the OTEL crate is still behind an `otel` feature flag; the official prebuilt binaries ship with the feature enabled. When the feature is disabled the telemetry hooks become no-ops so the CLI continues to function without the extra dependencies. --------- Co-authored-by: Anton Panasenko <apanasenko@openai.com>
vishnu-oai ·
2025-09-29 11:30:55 -07:00 -
chore: remove responses-api-proxy from the multitool (#4404)
This removes the `codex responses-api-proxy` subcommand in favor of running it as a standalone CLI. As part of this change, we: - remove the dependency on `tokio`/`async/await` as well as `codex_arg0` - introduce the use of `pre_main_hardening()` so `CODEX_SECURE_MODE=1` is not required --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/4404). * #4406 * __->__ #4404 * #4403
Michael Bolin ·
2025-09-28 15:22:27 -07:00