mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
157a16cefa343dfd0f093dd034df9904ad82845d
2157 Commits
-
[app-server] feat: add thread_id and turn_id to item and error notifications (#7124)
Add `thread_id` and `turn_id` to `item/started`, `item/completed`, and `error` notifications. Otherwise the client will have a hard time knowing which thread & turn (if multiple threads are running in parallel) a new item/error is for. Also add `thread_id` to `turn/started` and `turn/completed`.
Owen Lin ·
2025-11-25 08:05:47 -08:00 -
jif-oai ·
2025-11-25 10:35:35 +00:00 -
jif-oai ·
2025-11-25 09:29:38 +00:00 -
[app-server-test-client] add send-followup-v2 (#7271)
Add a new endpoint that allows us to test multi-turn behavior. Tested with running: ``` RUST_LOG=codex_app_server=debug CODEX_BIN=target/debug/codex \ cargo run -p codex-app-server-test-client -- \ send-follow-up-v2 "hello" "and now a follow-up question" ```Celia Chen ·
2025-11-25 08:04:27 +00:00 -
fix: Correct the stream error message (#7266)
Fixes a copy paste bug with the error handling in `try_run_turn` I have read the CLA Document and I hereby sign the CLA
Clifford Ressel ·
2025-11-24 20:16:29 -08:00 -
jif-oai ·
2025-11-24 21:14:24 +00:00 -
chore: dedup unified exec "waited" rendering (#7256)
From <img width="477" height="283" alt="Screenshot 2025-11-24 at 18 02 25" src="https://github.com/user-attachments/assets/724d1d68-c994-417e-9859-ada8eb173b4c" /> To <img width="444" height="174" alt="Screenshot 2025-11-24 at 18 02 40" src="https://github.com/user-attachments/assets/40f91247-6d55-4428-84d1-f39c912ac2e7" />
jif-oai ·
2025-11-24 20:45:40 +00:00 -
Windows Sandbox: treat <workspace_root>/.git as read-only in workspace-write mode (#7142)
this functionality is [supported](https://github.com/openai/codex/blob/main/codex-rs/protocol/src/protocol.rs#L421-L422) in the MacOs sandbox as well. Adding it to Windows for parity This PR also changes `rust-ci.yaml` to work around a github `hashFiles` issue. Others have done something [similar](https://github.com/openai/superassistant/pull/32156) today
iceweasel-oai ·
2025-11-24 12:41:21 -08:00 -
chore: add cargo-deny configuration (#7119)
- add GitHub workflow running cargo-deny on push/PR - document cargo-deny allowlist with workspace-dep notes and advisory ignores - align workspace crates to inherit version/edition/license for consistent checks
Josh McKinney ·
2025-11-24 12:22:18 -08:00 -
chore(ci): add cargo audit workflow and policy (#7108)
- add to ignore current unmaintained advisories (derivative, fxhash, paste) so audits gate new issues only - introduce GitHub Actions workflow to run on push/PR using to install cargo-audit Existing advisories (all "unmaintained"): - https://rustsec.org/advisories/RUSTSEC-2024-0388 - https://rustsec.org/advisories/RUSTSEC-2025-0057 - https://rustsec.org/advisories/RUSTSEC-2024-0436
Josh McKinney ·
2025-11-24 12:20:55 -08:00 -
fix: custom prompt expansion with large pastes (#7154)
### **Summary of Changes** **What?** Fix for slash commands (e.g., /prompts:code-review) not being recognized when large content (>3000 chars) is pasted. [Bug Report](https://github.com/openai/codex/issues/7047) **Why?** With large pastes, slash commands were ignored, so custom prompts weren't expanded and were submitted as literal text. **How?** Refactored the early return block in handle_key_event_without_popup (lines 957-968). Instead of returning early after replacing placeholders, the code now replaces placeholders in the textarea and continues to the normal submission flow. This reuses the existing slash command detection and custom prompt expansion logic (lines 981-1047), avoiding duplication. **Changes:** Modified codex-rs/tui/src/bottom_pane/chat_composer.rs: refactored early return block to continue to normal flow instead of returning immediately Added test: custom_prompt_with_large_paste_expands_correctly to verify the fix **Code Quality:** No lint warnings Code follows existing patterns and reuses existing logic Atomic change focused on the bug fix
Priyadarshini Tamilselvan ·
2025-11-24 12:18:32 -08:00 -
Allow enterprises to skip upgrade checks and messages (#7213)
This is a feature primarily for enterprises who centrally manage Codex updates.
Gabriel Peal ·
2025-11-24 15:04:49 -05:00 -
Added alternate form of
dependabotto CLA allow list (#7260)This fixes the CI check for CLA, which recently started to flag the GitHub dependabot as "not having signed the CLA".
Eric Traut ·
2025-11-24 12:04:27 -08:00 -
chore(deps): bump webbrowser from 1.0.5 to 1.0.6 in /codex-rs (#7225)
Bumps [webbrowser](https://github.com/amodm/webbrowser-rs) from 1.0.5 to 1.0.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/amodm/webbrowser-rs/releases">webbrowser's releases</a>.</em></p> <blockquote> <h2>v1.0.6</h2> <h3>Fixed</h3> <ul> <li>Windows: fix browser opening when unicode characters exist in path. See PR <a href="https://redirect.github.com/amodm/webbrowser-rs/issues/108">#108</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/amodm/webbrowser-rs/blob/main/CHANGELOG.md">webbrowser's changelog</a>.</em></p> <blockquote> <h2>[1.0.6] - 2025-10-15 <!-- raw HTML omitted --><!-- raw HTML omitted --></h2> <h3>Fixed</h3> <ul> <li>Windows: fix browser opening when unicode characters exist in path. See PR <a href="https://redirect.github.com/amodm/webbrowser-rs/issues/108">#108</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/amodm/webbrowser-rs/commit/659622914af8da27f4619fdcd704fcd616245a76"><code>6596229</code></a> Release v1.0.6 [skip ci]</li> <li><a href="https://github.com/amodm/webbrowser-rs/commit/44908ca5f33984b1a7d12408e799e3721b246d36"><code>44908ca</code></a> ios: fix lint for objc2 invocation #build-ios</li> <li><a href="https://github.com/amodm/webbrowser-rs/commit/b76a217a0749b9bae01f4411caa729892453984f"><code>b76a217</code></a> Merge branch 'Nodeigi-fix/107'</li> <li><a href="https://github.com/amodm/webbrowser-rs/commit/ee2b1cdf2ebe4d2ed135728d0be9c03def0686a2"><code>ee2b1cd</code></a> fix opening a browser that is located in a path that contains unicode characters</li> <li><a href="https://github.com/amodm/webbrowser-rs/commit/061e65e6b8139701f3783c1a68e9528e7d940fb8"><code>061e65e</code></a> ios: fix lints</li> <li><a href="https://github.com/amodm/webbrowser-rs/commit/85dd4a37fcfb30dc34ad8bcdea0d7cd3efd15f68"><code>85dd4a3</code></a> macos: fix lints</li> <li>See full diff in <a href="https://github.com/amodm/webbrowser-rs/compare/v1.0.5...v1.0.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-11-24 12:03:10 -08:00 -
chore(deps): bump libc from 0.2.175 to 0.2.177 in /codex-rs (#7224)
Bumps [libc](https://github.com/rust-lang/libc) from 0.2.175 to 0.2.177. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/releases">libc's releases</a>.</em></p> <blockquote> <h2>0.2.177</h2> <h3>Added</h3> <ul> <li>Apple: Add <code>TIOCGETA</code>, <code>TIOCSETA</code>, <code>TIOCSETAW</code>, <code>TIOCSETAF</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4736">#4736</a>)</li> <li>Apple: Add <code>pthread_cond_timedwait_relative_np</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4719">#4719</a>)</li> <li>BSDs: Add <code>_CS_PATH</code> constant (<a href="https://redirect.github.com/rust-lang/libc/pull/4738">#4738</a>)</li> <li>Linux-like: Add <code>SIGEMT</code> for mips* and sparc* architectures (<a href="https://redirect.github.com/rust-lang/libc/pull/4730">#4730</a>)</li> <li>OpenBSD: Add <code>elf_aux_info</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4729">#4729</a>)</li> <li>Redox: Add more sysconf constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4728">#4728</a>)</li> <li>Windows: Add <code>wcsnlen</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4721">#4721</a>)</li> </ul> <h3>Changed</h3> <ul> <li>WASIP2: Invert conditional to include p2 APIs (<a href="https://redirect.github.com/rust-lang/libc/pull/4733">#4733</a>)</li> </ul> <h2>0.2.176</h2> <h3>Support</h3> <ul> <li>The default FreeBSD version has been raised from 11 to 12. This matches <code>rustc</code> since 1.78. (<a href="https://redirect.github.com/rust-lang/libc/pull/2406">#2406</a>)</li> <li><code>Debug</code> is now always implemented, rather than being gated behind the <code>extra_traits</code> feature. (<a href="https://redirect.github.com/rust-lang/libc/pull/4624">#4624</a>)</li> </ul> <h3>Added</h3> <ul> <li>AIX: Restore some non-POSIX functions guarded by the <code>_KERNEL</code> macro. (<a href="https://redirect.github.com/rust-lang/libc/pull/4607">#4607</a>)</li> <li>FreeBSD 14: Add <code>st_fileref</code> to <code>struct stat</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4642">#4642</a>)</li> <li>Haiku: Add the <code>accept4</code> POSIX call (<a href="https://redirect.github.com/rust-lang/libc/pull/4586">#4586</a>)</li> <li>Introduce a wrapper for representing padding (<a href="https://redirect.github.com/rust-lang/libc/pull/4632">#4632</a>)</li> <li>Linux: Add <code>EM_RISCV</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4659">#4659</a>)</li> <li>Linux: Add <code>MS_NOSYMFOLLOW</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4389">#4389</a>)</li> <li>Linux: Add <code>backtrace_symbols(_fd)</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4668">#4668</a>)</li> <li>Linux: Add missing <code>SOL_PACKET</code> optnames (<a href="https://redirect.github.com/rust-lang/libc/pull/4669">#4669</a>)</li> <li>Musl s390x: Add <code>SYS_mseal</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4549">#4549</a>)</li> <li>NuttX: Add <code>__errno</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4687">#4687</a>)</li> <li>Redox: Add <code>dirfd</code>, <code>VDISABLE</code>, and resource consts (<a href="https://redirect.github.com/rust-lang/libc/pull/4660">#4660</a>)</li> <li>Redox: Add more <code>resource.h</code>, <code>fcntl.h</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4666">#4666</a>)</li> <li>Redox: Enable <code>strftime</code> and <code>mkostemp[s]</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4629">#4629</a>)</li> <li>Unix, Windows: Add <code>qsort_r</code> (Unix), and <code>qsort(_s)</code> (Windows) (<a href="https://redirect.github.com/rust-lang/libc/pull/4677">#4677</a>)</li> <li>Unix: Add <code>dlvsym</code> for Linux-gnu, FreeBSD, and NetBSD (<a href="https://redirect.github.com/rust-lang/libc/pull/4671">#4671</a>)</li> <li>Unix: Add <code>sigqueue</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4620">#4620</a>)</li> </ul> <h3>Changed</h3> <ul> <li>FreeBSD 15: Mark <code>kinfo_proc</code> as non-exhaustive (<a href="https://redirect.github.com/rust-lang/libc/pull/4553">#4553</a>)</li> <li>FreeBSD: Set the ELF symbol version for <code>readdir_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4694">#4694</a>)</li> <li>Linux: Correct the config for whether or not <code>epoll_event</code> is packed (<a href="https://redirect.github.com/rust-lang/libc/pull/4639">#4639</a>)</li> <li>Tests: Replace the old <code>ctest</code> with the much more reliable new implementation (<a href="https://redirect.github.com/rust-lang/libc/pull/4655">#4655</a> and many related PRs)</li> </ul> <h3>Fixed</h3> <ul> <li>AIX: Fix the type of the 4th arguement of <code>getgrnam_r</code> ([#4656](<a href="https://redirect.github.com/rust-lang/libc/pull/4656">rust-lang/libc#4656</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/libc/blob/0.2.177/CHANGELOG.md">libc's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/rust-lang/libc/compare/0.2.176...0.2.177">0.2.177</a> - 2025-10-09</h2> <h3>Added</h3> <ul> <li>Apple: Add <code>TIOCGETA</code>, <code>TIOCSETA</code>, <code>TIOCSETAW</code>, <code>TIOCSETAF</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4736">#4736</a>)</li> <li>Apple: Add <code>pthread_cond_timedwait_relative_np</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4719">#4719</a>)</li> <li>BSDs: Add <code>_CS_PATH</code> constant (<a href="https://redirect.github.com/rust-lang/libc/pull/4738">#4738</a>)</li> <li>Linux-like: Add <code>SIGEMT</code> for mips* and sparc* architectures (<a href="https://redirect.github.com/rust-lang/libc/pull/4730">#4730</a>)</li> <li>OpenBSD: Add <code>elf_aux_info</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4729">#4729</a>)</li> <li>Redox: Add more sysconf constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4728">#4728</a>)</li> <li>Windows: Add <code>wcsnlen</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4721">#4721</a>)</li> </ul> <h3>Changed</h3> <ul> <li>WASIP2: Invert conditional to include p2 APIs (<a href="https://redirect.github.com/rust-lang/libc/pull/4733">#4733</a>)</li> </ul> <h2><a href="https://github.com/rust-lang/libc/compare/0.2.175...0.2.176">0.2.176</a> - 2025-09-23</h2> <h3>Support</h3> <ul> <li>The default FreeBSD version has been raised from 11 to 12. This matches <code>rustc</code> since 1.78. (<a href="https://redirect.github.com/rust-lang/libc/pull/2406">#2406</a>)</li> <li><code>Debug</code> is now always implemented, rather than being gated behind the <code>extra_traits</code> feature. (<a href="https://redirect.github.com/rust-lang/libc/pull/4624">#4624</a>)</li> </ul> <h3>Added</h3> <ul> <li>AIX: Restore some non-POSIX functions guarded by the <code>_KERNEL</code> macro. (<a href="https://redirect.github.com/rust-lang/libc/pull/4607">#4607</a>)</li> <li>FreeBSD 14: Add <code>st_fileref</code> to <code>struct stat</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4642">#4642</a>)</li> <li>Haiku: Add the <code>accept4</code> POSIX call (<a href="https://redirect.github.com/rust-lang/libc/pull/4586">#4586</a>)</li> <li>Introduce a wrapper for representing padding (<a href="https://redirect.github.com/rust-lang/libc/pull/4632">#4632</a>)</li> <li>Linux: Add <code>EM_RISCV</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4659">#4659</a>)</li> <li>Linux: Add <code>MS_NOSYMFOLLOW</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4389">#4389</a>)</li> <li>Linux: Add <code>backtrace_symbols(_fd)</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4668">#4668</a>)</li> <li>Linux: Add missing <code>SOL_PACKET</code> optnames (<a href="https://redirect.github.com/rust-lang/libc/pull/4669">#4669</a>)</li> <li>Musl s390x: Add <code>SYS_mseal</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4549">#4549</a>)</li> <li>NuttX: Add <code>__errno</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4687">#4687</a>)</li> <li>Redox: Add <code>dirfd</code>, <code>VDISABLE</code>, and resource consts (<a href="https://redirect.github.com/rust-lang/libc/pull/4660">#4660</a>)</li> <li>Redox: Add more <code>resource.h</code>, <code>fcntl.h</code> constants (<a href="https://redirect.github.com/rust-lang/libc/pull/4666">#4666</a>)</li> <li>Redox: Enable <code>strftime</code> and <code>mkostemp[s]</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4629">#4629</a>)</li> <li>Unix, Windows: Add <code>qsort_r</code> (Unix), and <code>qsort(_s)</code> (Windows) (<a href="https://redirect.github.com/rust-lang/libc/pull/4677">#4677</a>)</li> <li>Unix: Add <code>dlvsym</code> for Linux-gnu, FreeBSD, and NetBSD (<a href="https://redirect.github.com/rust-lang/libc/pull/4671">#4671</a>)</li> <li>Unix: Add <code>sigqueue</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4620">#4620</a>)</li> </ul> <h3>Changed</h3> <ul> <li>FreeBSD 15: Mark <code>kinfo_proc</code> as non-exhaustive (<a href="https://redirect.github.com/rust-lang/libc/pull/4553">#4553</a>)</li> <li>FreeBSD: Set the ELF symbol version for <code>readdir_r</code> (<a href="https://redirect.github.com/rust-lang/libc/pull/4694">#4694</a>)</li> <li>Linux: Correct the config for whether or not <code>epoll_event</code> is packed (<a href="https://redirect.github.com/rust-lang/libc/pull/4639">#4639</a>)</li> <li>Tests: Replace the old <code>ctest</code> with the much more reliable new implementation (<a href="https://redirect.github.com/rust-lang/libc/pull/4655">#4655</a> and many related PRs)</li> </ul> <h3>Fixed</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-lang/libc/commit/9f598d245e18ecb243118cfde095f24598ec9d5b"><code>9f598d2</code></a> chore: release libc 0.2.177</li> <li><a href="https://github.com/rust-lang/libc/commit/329a5e77fd0666d9c2fda463eb005cfbb28c3e8c"><code>329a5e7</code></a> Add missing TIOCGETA/TIOCSETA constants for macOS</li> <li><a href="https://github.com/rust-lang/libc/commit/72a40e2550f924e8e5736a96afe71c71b988b08b"><code>72a40e2</code></a> add <code>pthread_cond_timedwait_relative_np</code></li> <li><a href="https://github.com/rust-lang/libc/commit/2914d6f735740b40b8abbbae251aad11daf48885"><code>2914d6f</code></a> linux_like: add SIGEMT for mips* and sparc*</li> <li><a href="https://github.com/rust-lang/libc/commit/ff2ff25f15bbd01c03482c0c1f49411b0b622957"><code>ff2ff25</code></a> openbsd add elf_aux_info</li> <li><a href="https://github.com/rust-lang/libc/commit/4ae44a44945ce5c2751aa198171bc1f47c292723"><code>4ae44a4</code></a> Update semver tests</li> <li><a href="https://github.com/rust-lang/libc/commit/d5737a01378862df540367c627b18d8a26dbdd0e"><code>d5737a0</code></a> Define _CS_PATH on the BSDs</li> <li><a href="https://github.com/rust-lang/libc/commit/fe277da53e919bb8272aa695e8df44b48aab95a3"><code>fe277da</code></a> redox: more sysconf constants</li> <li><a href="https://github.com/rust-lang/libc/commit/bdad4264ced348e8e1a8ffc25a9b493fae124fa9"><code>bdad426</code></a> wasip2: Invert conditional to include p2 APIs</li> <li><a href="https://github.com/rust-lang/libc/commit/0af069dcbfdb8ea80e437a50bc98ffd186915247"><code>0af069d</code></a> Windows: add <code>wcsnlen</code></li> <li>Additional commits viewable in <a href="https://github.com/rust-lang/libc/compare/0.2.175...0.2.177">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
dependabot[bot] ·
2025-11-24 12:02:48 -08:00 -
Removed
streamable_shellfrom docs (#7235)This config option no longer exists Addresses #7207
Eric Traut ·
2025-11-24 11:47:57 -08:00 -
fix: Fix build process-hardening build on NetBSD (#7238)
This fixes the build of codex on NetBSD.
Thomas Klausner ·
2025-11-24 11:46:43 -08:00 -
chore(deps): bump actions/checkout from 5 to 6 (#7230)
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>v6-beta by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li> <li>update readme/changelog for v6 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p> <h2>v6-beta</h2> <h2>What's Changed</h2> <p>Updated persist-credentials to store the credentials under <code>$RUNNER_TEMP</code> instead of directly in the local git config.</p> <p>This requires a minimum Actions Runner version of <a href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a> to access the persisted credentials for <a href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker container action</a> scenarios.</p> <h2>v5.0.1</h2> <h2>What's Changed</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>V5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>V4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome"><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180">actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777">actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872">actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739">actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697">actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774">actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776">actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732">actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller"><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703">actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694">actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696">actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695">actions/checkout#1695</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a> update readme/changelog for v6 (<a href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li> <li><a href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a> v6-beta (<a href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li> <li><a href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a> Persist creds to a separate file (<a href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li> <li><a href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a> Update README to include Node.js 24 support details and requirements (<a href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v5...v6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-24 11:45:57 -08:00 -
chore(deps): bump actions/upload-artifact from 4 to 5 (#7229)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README.md by <a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v5.0.0</code> by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/734">actions/upload-artifact#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR"><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/681">actions/upload-artifact#681</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/712">actions/upload-artifact#712</a></li> <li><a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/727">actions/upload-artifact#727</a></li> <li><a href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/725">actions/upload-artifact#725</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0">https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package & prepare for new upload-artifact release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685">actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2">https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> <h2>v4.6.1</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.2.2 package by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/673">actions/upload-artifact#673</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1">https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p> <h2>v4.6.0</h2> <h2>What's Changed</h2> <ul> <li>Expose env vars to control concurrency and timeout by <a href="https://github.com/yacaovsnc"><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/662">actions/upload-artifact#662</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0">https://github.com/actions/upload-artifact/compare/v4...v4.6.0</a></p> <h2>v4.5.0</h2> <h2>What's Changed</h2> <ul> <li>fix: deprecated <code>Node.js</code> version in action by <a href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li> <li>Add new <code>artifact-digest</code> output by <a href="https://github.com/bdehamer"><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/656">actions/upload-artifact#656</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hamirmahal"><code>@hamirmahal</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/578">actions/upload-artifact#578</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4"><code>330a01c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/734">#734</a> from actions/danwkennedy/prepare-5.0.0</li> <li><a href="https://github.com/actions/upload-artifact/commit/03f282445299bbefc96171af272a984663b63a26"><code>03f2824</code></a> Update <code>github.dep.yml</code></li> <li><a href="https://github.com/actions/upload-artifact/commit/905a1ecb5915b264cbc519e4eb415b5d82916018"><code>905a1ec</code></a> Prepare <code>v5.0.0</code></li> <li><a href="https://github.com/actions/upload-artifact/commit/2d9f9cdfa99fedaddba68e9b5b5c281eca26cc63"><code>2d9f9cd</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/725">#725</a> from patrikpolyak/patch-1</li> <li><a href="https://github.com/actions/upload-artifact/commit/9687587dec67f2a8bc69104e183d311c42af6d6f"><code>9687587</code></a> Merge branch 'main' into patch-1</li> <li><a href="https://github.com/actions/upload-artifact/commit/2848b2cda0e5190984587ec6bb1f36730ca78d50"><code>2848b2c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/727">#727</a> from danwkennedy/patch-1</li> <li><a href="https://github.com/actions/upload-artifact/commit/9b511775fd9ce8c5710b38eea671f856de0e70a7"><code>9b51177</code></a> Spell out the first use of GHES</li> <li><a href="https://github.com/actions/upload-artifact/commit/cd231ca1eda77976a84805c4194a1954f56b0727"><code>cd231ca</code></a> Update GHES guidance to include reference to Node 20 version</li> <li><a href="https://github.com/actions/upload-artifact/commit/de65e23aa2b7e23d713bb51fbfcb6d502f8667d8"><code>de65e23</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/712">#712</a> from actions/nebuk89-patch-1</li> <li><a href="https://github.com/actions/upload-artifact/commit/8747d8cd7632611ad6060b528f3e0f654c98869c"><code>8747d8c</code></a> Update README.md</li> <li>Additional commits viewable in <a href="https://github.com/actions/upload-artifact/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-24 11:45:29 -08:00 -
chore(deps): bump toml_edit from 0.23.4 to 0.23.5 in /codex-rs (#7223)
Bumps [toml_edit](https://github.com/toml-rs/toml) from 0.23.4 to 0.23.5. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/toml-rs/toml/commit/4695fb02fc3902345ffbfb54fd5df6adcc3bbd4d"><code>4695fb0</code></a> chore: Release</li> <li><a href="https://github.com/toml-rs/toml/commit/6a77ed71cf68369e823f7827b34eaa2a06d0126d"><code>6a77ed7</code></a> docs: Update changelog</li> <li><a href="https://github.com/toml-rs/toml/commit/c1e81979644a7a80141ab2d0ca284a4560eb4079"><code>c1e8197</code></a> refactor: Switch serde dependency to serde_core (<a href="https://redirect.github.com/toml-rs/toml/issues/1036">#1036</a>)</li> <li><a href="https://github.com/toml-rs/toml/commit/d85d6cd61cf122ee44db8834bc2a55e881bb0750"><code>d85d6cd</code></a> refactor: Switch serde dependency to serde_core</li> <li>See full diff in <a href="https://github.com/toml-rs/toml/compare/v0.23.4...v0.23.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-24 11:44:14 -08:00 -
chore(deps): bump regex from 1.11.1 to 1.12.2 in /codex-rs (#7222)
Bumps [regex](https://github.com/rust-lang/regex) from 1.11.1 to 1.12.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/regex/blob/master/CHANGELOG.md">regex's changelog</a>.</em></p> <blockquote> <h1>1.12.2 (2025-10-13)</h1> <p>This release fixes a <code>cargo doc</code> breakage on nightly when <code>--cfg docsrs</code> is enabled. This caused documentation to fail to build on docs.rs.</p> <p>Bug fixes:</p> <ul> <li>[BUG <a href="https://redirect.github.com/rust-lang/regex/issues/1305">#1305</a>](<a href="https://redirect.github.com/rust-lang/regex/issues/1305">rust-lang/regex#1305</a>): Switches the <code>doc_auto_cfg</code> feature to <code>doc_cfg</code> on nightly for docs.rs builds.</li> </ul> <h1>1.12.1 (2025-10-10)</h1> <p>This release makes a bug fix in the new <code>regex::Captures::get_match</code> API introduced in <code>1.12.0</code>. There was an oversight with the lifetime parameter for the <code>Match</code> returned. This is technically a breaking change, but given that it was caught almost immediately and I've yanked the <code>1.12.0</code> release, I think this is fine.</p> <h1>1.12.0 (2025-10-10)</h1> <p>This release contains a smattering of bug fixes, a fix for excessive memory consumption in some cases and a new <code>regex::Captures::get_match</code> API.</p> <p>Improvements:</p> <ul> <li>[FEATURE <a href="https://redirect.github.com/rust-lang/regex/issues/1146">#1146</a>](<a href="https://redirect.github.com/rust-lang/regex/issues/1146">rust-lang/regex#1146</a>): Add <code>Capture::get_match</code> for returning the overall match without <code>unwrap()</code>.</li> </ul> <p>Bug fixes:</p> <ul> <li>[BUG <a href="https://redirect.github.com/rust-lang/regex/issues/1083">#1083</a>](<a href="https://redirect.github.com/rust-lang/regex/issues/1083">rust-lang/regex#1083</a>): Fixes a panic in the lazy DFA (can only occur for especially large regexes).</li> <li>[BUG <a href="https://redirect.github.com/rust-lang/regex/issues/1116">#1116</a>](<a href="https://redirect.github.com/rust-lang/regex/issues/1116">rust-lang/regex#1116</a>): Fixes a memory usage regression for large regexes (introduced in <code>regex 1.9</code>).</li> <li>[BUG <a href="https://redirect.github.com/rust-lang/regex/issues/1195">#1195</a>](<a href="https://redirect.github.com/rust-lang/regex/issues/1195">rust-lang/regex#1195</a>): Fix universal start states in sparse DFA.</li> <li>[BUG <a href="https://redirect.github.com/rust-lang/regex/issues/1295">#1295</a>](<a href="https://redirect.github.com/rust-lang/regex/pull/1295">rust-lang/regex#1295</a>): Fixes a panic when deserializing a corrupted dense DFA.</li> <li><a href="https://github.com/rust-lang/regex/commit/8f5d9479d0f1da5726488a530d7fd66a73d05b80">BUG 8f5d9479</a>: Make <code>regex_automata::meta::Regex::find</code> consistently return <code>None</code> when <code>WhichCaptures::None</code> is used.</li> </ul> <h1>1.11.3 (2025-09-25)</h1> <p>This is a small patch release with an improvement in memory usage in some cases.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-lang/regex/commit/5ea3eb1e95f0338e283f5f0b4681f0891a1cd836"><code>5ea3eb1</code></a> 1.12.2</li> <li><a href="https://github.com/rust-lang/regex/commit/ab0b07171b82d1d4fdc8359505d12b2e818514d4"><code>ab0b071</code></a> regex-automata-0.4.13</li> <li><a href="https://github.com/rust-lang/regex/commit/691d51457db276bbdf9ca3de2cafe285c662c59f"><code>691d514</code></a> regex-syntax-0.8.8</li> <li><a href="https://github.com/rust-lang/regex/commit/1dd90777791dbc6bbf389157d05ac8176c6ad051"><code>1dd9077</code></a> docs: swap <code>doc_auto_cfg</code> with <code>doc_cfg</code></li> <li><a href="https://github.com/rust-lang/regex/commit/0089034cb37b0bf3785f2e0211f7eca74033f4d1"><code>0089034</code></a> regex-cli-0.2.3</li> <li><a href="https://github.com/rust-lang/regex/commit/140f8949da3f575490bac80ff23dfc29458b82c7"><code>140f894</code></a> regex-lite-0.1.8</li> <li><a href="https://github.com/rust-lang/regex/commit/27d6d65263cb80266a62e3189408a44f201a0975"><code>27d6d65</code></a> 1.12.1</li> <li><a href="https://github.com/rust-lang/regex/commit/85398ad5002048bbeaa90f1fe37fbb31df2bc0d6"><code>85398ad</code></a> changelog: 1.12.1</li> <li><a href="https://github.com/rust-lang/regex/commit/764efbd305d3a7b817ec8892ff0a656ec657d660"><code>764efbd</code></a> api: tweak the lifetime of <code>Captures::get_match</code></li> <li><a href="https://github.com/rust-lang/regex/commit/ee6aa55e01786e4d2c11eb1be805835bbb3bfa99"><code>ee6aa55</code></a> rure-0.2.4</li> <li>Additional commits viewable in <a href="https://github.com/rust-lang/regex/compare/1.11.1...1.12.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-24 11:43:57 -08:00 -
fix(windows) support apply_patch parsing in powershell (#7221)
## Summary Support powershell parsing of apply_patch ## Testing - [x] Enable apply_patch unit tests --------- Co-authored-by: jif-oai <jif@openai.com>
Dylan Hurd ·
2025-11-24 19:32:47 +00:00 -
[feedback] Add source info into feedback metadata. (#7140)
Verified the source info is correctly attached based on whether it's cli or vscode.
Matthew Zeng ·
2025-11-24 19:05:37 +00:00 -
jif-oai ·
2025-11-24 18:45:41 +00:00 -
consolidate world-writable-directories scanning. (#7234)
clean up the code for scanning for world writable directories One path (selecting a sandbox mode from /approvals) was using an incorrect method that did not use the new method of creating deny aces to prevent writing to those directories. Now all paths are the same.
iceweasel-oai ·
2025-11-24 09:51:58 -08:00 -
feat: unified exec basic pruning strategy (#7239)
LRU + exited sessions first
jif-oai ·
2025-11-24 17:22:32 +00:00 -
jif-oai ·
2025-11-24 16:59:09 +00:00 -
jif-oai ·
2025-11-24 16:51:47 +00:00 -
Account for encrypted reasoning for auto compaction (#7113)
- The total token used returned from the api doesn't account for the reasoning items before the assistant message - Account for those for auto compaction - Add the encrypted reasoning effort in the common tests utils - Add a test to make sure it works as expected
Ahmed Ibrahim ·
2025-11-22 03:06:45 +00:00 -
zhao-oai ·
2025-11-21 19:13:51 -05:00 -
feat: declare server capability in shell-tool-mcp (#7112)
This introduces a new feature to Codex when it operates as an MCP _client_ where if an MCP _server_ replies that it has an entry named `"codex/sandbox-state"` in its _server capabilities_, then Codex will send it an MCP notification with the following structure: ```json { "method": "codex/sandbox-state/update", "params": { "sandboxPolicy": { "type": "workspace-write", "network-access": false, "exclude-tmpdir-env-var": false "exclude-slash-tmp": false }, "codexLinuxSandboxExe": null, "sandboxCwd": "/Users/mbolin/code/codex2" } } ``` or with whatever values are appropriate for the initial `sandboxPolicy`. **NOTE:** Codex _should_ continue to send the MCP server notifications of the same format if these things change over the lifetime of the thread, but that isn't wired up yet. The result is that `shell-tool-mcp` can consume these values so that when it calls `codex_core::exec::process_exec_tool_call()` in `codex-rs/exec-server/src/posix/escalate_server.rs`, it is now sure to call it with the correct values (whereas previously we relied on hardcoded values). While I would argue this is a supported use case within the MCP protocol, the `rmcp` crate that we are using today does not support custom notifications. As such, I had to patch it and I submitted it for review, so hopefully it will be accepted in some form: https://github.com/modelcontextprotocol/rust-sdk/pull/556 To test out this change from end-to-end: - I ran `cargo build` in `~/code/codex2/codex-rs/exec-server` - I built the fork of Bash in `~/code/bash/bash` - I added the following to my `~/.codex/config.toml`: ```toml # Use with `codex --disable shell_tool`. [mcp_servers.execshell] args = ["--bash", "/Users/mbolin/code/bash/bash"] command = "/Users/mbolin/code/codex2/codex-rs/target/debug/codex-exec-mcp-server" ``` - From `~/code/codex2/codex-rs`, I ran `just codex --disable shell_tool` - When the TUI started up, I verified that the sandbox mode is `workspace-write` - I ran `/mcp` to verify that the shell tool from the MCP is there: <img width="1387" height="1400" alt="image" src="https://github.com/user-attachments/assets/1a8addcc-5005-4e16-b59f-95cfd06fd4ab" /> - Then I asked it: > what is the output of `gh issue list` because this should be auto-approved with our existing dummy policy: https://github.com/openai/codex/blob/af63e6eccc35783f1bf4dca3c61adb090efb6b8a/codex-rs/exec-server/src/posix.rs#L157-L164 And it worked: <img width="1387" height="1400" alt="image" src="https://github.com/user-attachments/assets/7568d2f7-80da-4d68-86d0-c265a6f5e6c1" />Michael Bolin ·
2025-11-21 16:11:01 -08:00 -
fix: start publishing @openai/codex-shell-tool-mcp to npm (#7123)
Start publishing as part of the normal release process.
Michael Bolin ·
2025-11-21 15:03:50 -08:00 -
bypass sandbox for policy approved commands (#7110)
allowing cmds greenlit by execpolicy to bypass sandbox + minor refactor for a world where we have execpolicy rules with specific sandbox requirements
zhao-oai ·
2025-11-21 18:03:23 -05:00 -
refactor: inline sandbox type lookup in process_exec_tool_call (#7122)
`process_exec_tool_call()` was taking `SandboxType` as a param, but in practice, the only place it was constructed was in `codex_message_processor.rs` where it was derived from the other `sandbox_policy` param, so this PR inlines the logic that decides the `SandboxType` into `process_exec_tool_call()`. --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/7122). * #7112 * __->__ #7122
Michael Bolin ·
2025-11-21 22:53:05 +00:00 -
support MCP elicitations (#6947)
No support for request schema yet, but we'll at least show the message and allow accept/decline. <img width="823" height="551" alt="Screenshot 2025-11-21 at 2 44 05 PM" src="https://github.com/user-attachments/assets/6fbb892d-ca12-4765-921e-9ac4b217534d" />
Jeremy Rose ·
2025-11-21 14:44:53 -08:00 -
fix(tui): Fail when stdin is not a terminal (#6382)
Piping to codex fails to do anything useful and locks up the process. We currently check for stdout, but not stdin ``` ❯ echo foo|just c cargo run --bin codex -- "$@" Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.21s Running `target/debug/codex` Error: stdin is not a terminal error: Recipe `codex` failed on line 10 with exit code 1 ```Josh McKinney ·
2025-11-21 14:17:40 -08:00 -
feat: support login as an option on shell-tool-mcp (#7120)
The unified exec tool has a `login` option that defaults to `true`: https://github.com/openai/codex/blob/3bdcbc72927acd3e0071da3df3247e1da7ec578c/codex-rs/core/src/tools/handlers/unified_exec.rs#L35-L36 This updates the `ExecParams` for `shell-tool-mcp` to support the same parameter. Note it is declared as `Option<bool>` to ensure it is marked optional in the generated JSON schema.
Michael Bolin ·
2025-11-21 22:14:41 +00:00 -
pakrym-oai ·
2025-11-21 22:10:52 +00:00 -
Windows: flag some invocations that launch browsers/URLs as dangerous (#7111)
Prevent certain Powershell/cmd invocations from reaching the sandbox when they are trying to launch a browser, or run a command with a URL, etc.
iceweasel-oai ·
2025-11-21 13:36:17 -08:00 -
[app-server] doc: approvals (#7105)
Add documentation for shell and apply_patch approvals
Owen Lin ·
2025-11-21 21:27:54 +00:00 -
Ahmed Ibrahim ·
2025-11-21 13:10:01 -08:00 -
Ahmed Ibrahim ·
2025-11-21 12:44:47 -08:00 -
[app-server] feat: expose gitInfo/cwd/etc. on Thread (#7060)
Port the new additions from https://github.com/openai/codex/pull/6337 on the legacy API to v2. Mainly need `gitInfo` and `cwd` for VSCE.
Owen Lin ·
2025-11-21 10:37:12 -08:00 -
fix(scripts) next_minor_version should reset patch number (#7050)
## Summary When incrementing the minor version, we should reset patch to 0, rather than keeping it. ## Testing - [x] tested locally with dry_run and `get_latest_release_version` mocked out --------- Co-authored-by: Michael Bolin <mbolin@openai.com>
Dylan Hurd ·
2025-11-21 10:17:12 -08:00 -
fix: clear out duplicate entries for
bashin the GitHub release (#7103)https://github.com/openai/codex/pull/7005 introduced a new part of the release process that added multiple files named `bash` in the `dist/` folder used as the basis of the GitHub Release. I believe that all file names in a GitHub Release have to be unique, which is why the recent release build failed: https://github.com/openai/codex/actions/runs/19577669780/job/56070183504 Based on the output of the **List** step, I believe these are the appropriate artifacts to delete as a quick fix.
Michael Bolin ·
2025-11-21 09:59:30 -08:00 -
jif-oai ·
2025-11-21 17:42:54 +00:00 -
[app-server] feat: add Declined status for command exec (#7101)
Add a `Declined` status for when we request an approval from the user and the user declines. This allows us to distinguish from commands that actually ran, but failed. This behaves similarly to apply_patch / FileChange, which does the same thing.
Owen Lin ·
2025-11-21 09:19:39 -08:00 -
feat: codex-shell-tool-mcp (#7005)
This adds a GitHub workflow for building a new npm module we are experimenting with that contains an MCP server for running Bash commands. The new workflow, `shell-tool-mcp`, is a dependency of the general `release` workflow so that we continue to use one version number for all artifacts across the project in one GitHub release. `.github/workflows/shell-tool-mcp.yml` is the primary workflow introduced by this PR, which does the following: - builds the `codex-exec-mcp-server` and `codex-execve-wrapper` executables for both arm64 and x64 versions of Mac and Linux (preferring the MUSL version for Linux) - builds Bash (dynamically linked) for a [comically] large number of platforms (both x64 and arm64 for most) with a small patch specified by `shell-tool-mcp/patches/bash-exec-wrapper.patch`: - `debian-11` - `debian-12` - `ubuntu-20.04` - `ubuntu-22.04` - `ubuntu-24.04` - `centos-9` - `macos-13` (x64 only) - `macos-14` (arm64 only) - `macos-15` (arm64 only) - builds the TypeScript for the [new] Node module declared in the `shell-tool-mcp/` folder, which creates `bin/mcp-server.js` - adds all of the native binaries to `shell-tool-mcp/vendor/` folder; `bin/mcp-server.js` does a runtime check to determine which ones to execute - uses `npm pack` to create the `.tgz` for the module - if `publish: true` is set, invokes the `npm publish` call with the `.tgz` The justification for building Bash for so many different operating systems is because, since it is dynamically linked, we want to increase our confidence that the version we build is compatible with the glibc whatever OS we end up running on. (Note this is less of a concern with `codex-exec-mcp-server` and `codex-execve-wrapper` on Linux, as they are statically linked.) This PR also introduces the code for the npm module in `shell-tool-mcp/` (the proposed module name is `@openai/codex-shell-tool-mcp`). Initially, I intended the module to be a single file of vanilla JavaScript (like [`codex-cli/bin/codex.js`](https://github.com/openai/codex/blob/ab5972d447da78d3e4dd8461cf7d43a22e5d2acb/codex-cli/bin/codex.js)), but some of the logic seemed a bit tricky, so I decided to port it to TypeScript and add unit tests. `shell-tool-mcp/src/index.ts` defines the `main()` function for the module, which performs runtime checks to determine the clang triple to find the path to the Rust executables within the `vendor/` folder (`resolveTargetTriple()`). It uses a combination of `readOsRelease()` and `resolveBashPath()` to determine the correct Bash executable to run in the environment. Ultimately, it spawns a command like the following: ``` codex-exec-mcp-server \ --execve codex-execve-wrapper \ --bash custom-bash "$@" ``` Note `.github/workflows/shell-tool-mcp-ci.yml` defines a fairly standard CI job for the module (`format`/`build`/`test`). To test this PR, I pushed this branch to my personal fork of Codex and ran the CI job there: https://github.com/bolinfest/codex/actions/runs/19564311320 Admittedly, the graph looks a bit wild now: <img width="5115" height="2969" alt="Screenshot 2025-11-20 at 11 44 58 PM" src="https://github.com/user-attachments/assets/cc5ef306-efc1-4ed7-a137-5347e394f393" /> But when it finished, I was able to download `codex-shell-tool-mcp-npm` from the **Artifacts** for the workflow in an empty temp directory, unzip the `.zip` and then the `.tgz` inside it, followed by `xattr -rc .` to remove the quarantine bits. Then I ran: ```shell npx @modelcontextprotocol/inspector node /private/tmp/foobar4/package/bin/mcp-server.js ``` which launched the MCP Inspector and I was able to use it as expected! This bodes well that this should work once the package is published to npm: ```shell npx @modelcontextprotocol/inspector npx @openai/codex-shell-tool-mcp ``` Also, to verify the package contains what I expect: ```shell /tmp/foobar4/package$ tree . ├── bin │ └── mcp-server.js ├── package.json ├── README.md └── vendor ├── aarch64-apple-darwin │ ├── bash │ │ ├── macos-14 │ │ │ └── bash │ │ └── macos-15 │ │ └── bash │ ├── codex-exec-mcp-server │ └── codex-execve-wrapper ├── aarch64-unknown-linux-musl │ ├── bash │ │ ├── centos-9 │ │ │ └── bash │ │ ├── debian-11 │ │ │ └── bash │ │ ├── debian-12 │ │ │ └── bash │ │ ├── ubuntu-20.04 │ │ │ └── bash │ │ ├── ubuntu-22.04 │ │ │ └── bash │ │ └── ubuntu-24.04 │ │ └── bash │ ├── codex-exec-mcp-server │ └── codex-execve-wrapper ├── x86_64-apple-darwin │ ├── bash │ │ └── macos-13 │ │ └── bash │ ├── codex-exec-mcp-server │ └── codex-execve-wrapper └── x86_64-unknown-linux-musl ├── bash │ ├── centos-9 │ │ └── bash │ ├── debian-11 │ │ └── bash │ ├── debian-12 │ │ └── bash │ ├── ubuntu-20.04 │ │ └── bash │ ├── ubuntu-22.04 │ │ └── bash │ └── ubuntu-24.04 │ └── bash ├── codex-exec-mcp-server └── codex-execve-wrapper 26 directories, 26 files ```
Michael Bolin ·
2025-11-21 08:16:36 -08:00 -
jif-oai ·
2025-11-21 11:40:02 +01:00 -
iceweasel-oai ·
2025-11-20 22:59:55 -08:00