mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
1e4541b982c508cde72a9c94de9ce8cd2252099e
190 Commits
-
Use supports_color in codex exec (#4633)
It knows how to detect github actions
pakrym-oai ·
2025-10-03 01:15:03 +00:00 -
Minor cleanup of codex exec output (#4585)
<img width="850" height="723" alt="image" src="https://github.com/user-attachments/assets/2ae067bf-ba6b-47bf-9ffe-d1c3f3aa1870" /> <img width="872" height="547" alt="image" src="https://github.com/user-attachments/assets/9058be24-6513-4423-9dae-2d5fd4cbf162" />
pakrym-oai ·
2025-10-02 14:17:42 -07:00 -
canonicalize display of Agents.md paths on Windows. (#4577)
Canonicalize path on Windows to - remove unattractive path prefixes such as `\\?\` - simplify it (`../AGENTS.md` vs `C:\Users\iceweasel\code\coded\Agents.md`) before: <img width="1110" height="45" alt="Screenshot 2025-10-01 123520" src="https://github.com/user-attachments/assets/48920ae6-d89c-41b8-b4ea-df5c18fb5fad" /> after: <img width="585" height="46" alt="Screenshot 2025-10-01 123612" src="https://github.com/user-attachments/assets/70a1761a-9d97-4836-b14c-670b6f13e608" />
iceweasel-oai ·
2025-10-01 14:33:19 -07:00 -
fix: remove mcp-types from app server protocol (#4537)
We continue the separation between `codex app-server` and `codex mcp-server`. In particular, we introduce a new crate, `codex-app-server-protocol`, and migrate `codex-rs/protocol/src/mcp_protocol.rs` into it, renaming it `codex-rs/app-server-protocol/src/protocol.rs`. Because `ConversationId` was defined in `mcp_protocol.rs`, we move it into its own file, `codex-rs/protocol/src/conversation_id.rs`, and because it is referenced in a ton of places, we have to touch a lot of files as part of this PR. We also decide to get away from proper JSON-RPC 2.0 semantics, so we also introduce `codex-rs/app-server-protocol/src/jsonrpc_lite.rs`, which is basically the same `JSONRPCMessage` type defined in `mcp-types` except with all of the `"jsonrpc": "2.0"` removed. Getting rid of `"jsonrpc": "2.0"` makes our serialization logic considerably simpler, as we can lean heavier on serde to serialize directly into the wire format that we use now.
Michael Bolin ·
2025-10-01 02:16:26 +00:00 -
fix: use macros to ensure request/response symmetry (#4529)
Manually curating `protocol-ts/src/lib.rs` was error-prone, as expected. I finally asked Codex to write some Rust macros so we can ensure that: - For every variant of `ClientRequest` and `ServerRequest`, there is an associated `params` and `response` type. - All response types are included automatically in the output of `codex generate-ts`.
Michael Bolin ·
2025-09-30 18:06:05 -07:00 -
pakrym-oai ·
2025-09-30 22:33:28 +00:00 -
fix: clean up TypeScript exports (#4518)
Fixes: - Removed overdeclaration of types that were unnecessary because they were already included by induction. - Reordered list of response types to match the enum order, making it easier to identify what was missing. - Added `ExecArbitraryCommandResponse` because it was missing. - Leveraged `use codex_protocol::mcp_protocol::*;` to make the file more readable. - Removed crate dependency on `mcp-types` now that we have separate the app server from the MCP server: https://github.com/openai/codex/pull/4471 My next move is to come up with some scheme that ensures request types always have a response type and that the response type is automatically included with the output of `codex generate-ts`.
Michael Bolin ·
2025-09-30 14:08:43 -07:00 -
Add cloud tasks (#3197)
Adds a TUI for managing, applying, and creating cloud tasks
easong-openai ·
2025-09-30 10:10:33 +00:00 -
fix: separate
codex mcpintocodex mcp-serverandcodex app-server(#4471)This is a very large PR with some non-backwards-compatible changes. Historically, `codex mcp` (or `codex mcp serve`) started a JSON-RPC-ish server that had two overlapping responsibilities: - Running an MCP server, providing some basic tool calls. - Running the app server used to power experiences such as the VS Code extension. This PR aims to separate these into distinct concepts: - `codex mcp-server` for the MCP server - `codex app-server` for the "application server" Note `codex mcp` still exists because it already has its own subcommands for MCP management (`list`, `add`, etc.) The MCP logic continues to live in `codex-rs/mcp-server` whereas the refactored app server logic is in the new `codex-rs/app-server` folder. Note that most of the existing integration tests in `codex-rs/mcp-server/tests/suite` were actually for the app server, so all the tests have been moved with the exception of `codex-rs/mcp-server/tests/suite/mod.rs`. Because this is already a large diff, I tried not to change more than I had to, so `codex-rs/app-server/tests/common/mcp_process.rs` still uses the name `McpProcess` for now, but I will do some mechanical renamings to things like `AppServer` in subsequent PRs. While `mcp-server` and `app-server` share some overlapping functionality (like reading streams of JSONL and dispatching based on message types) and some differences (completely different message types), I ended up doing a bit of copypasta between the two crates, as both have somewhat similar `message_processor.rs` and `outgoing_message.rs` files for now, though I expect them to diverge more in the near future. One material change is that of the initialize handshake for `codex app-server`, as we no longer use the MCP types for that handshake. Instead, we update `codex-rs/protocol/src/mcp_protocol.rs` to add an `Initialize` variant to `ClientRequest`, which takes the `ClientInfo` object we need to update the `USER_AGENT_SUFFIX` in `codex-rs/app-server/src/message_processor.rs`. One other material change is in `codex-rs/app-server/src/codex_message_processor.rs` where I eliminated a use of the `send_event_as_notification()` method I am generally trying to deprecate (because it blindly maps an `EventMsg` into a `JSONNotification`) in favor of `send_server_notification()`, which takes a `ServerNotification`, as that is intended to be a custom enum of all notification types supported by the app server. So to make this update, I had to introduce a new variant of `ServerNotification`, `SessionConfigured`, which is a non-backwards compatible change with the old `codex mcp`, and clients will have to be updated after the next release that contains this PR. Note that `codex-rs/app-server/tests/suite/list_resume.rs` also had to be update to reflect this change. I introduced `codex-rs/utils/json-to-toml/src/lib.rs` as a small utility crate to avoid some of the copying between `mcp-server` and `app-server`.
Michael Bolin ·
2025-09-30 07:06:18 +00:00 -
Add MCP tool call item to codex exec (#4481)
No arguments/results for now. ``` { "type": "item.started", "item": { "id": "item_1", "item_type": "mcp_tool_call", "server": "github", "tool": "search_issues", "status": "in_progress" } } { "type": "item.completed", "item": { "id": "item_1", "item_type": "mcp_tool_call", "server": "github", "tool": "search_issues", "status": "completed" } } ```pakrym-oai ·
2025-09-29 19:45:11 -07:00 -
Rakesh/support device auth (#3531)
# External (non-OpenAI) Pull Request Requirements Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed: https://github.com/openai/codex/blob/main/docs/contributing.md If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes. # test ``` codex-rs % export CODEX_DEVICE_AUTH_BASE_URL=http://localhost:3007 codex-rs % cargo run --bin codex login --experimental_use-device-code Compiling codex-login v0.0.0 (/Users/rakesh/code/codex/codex-rs/login) Compiling codex-mcp-server v0.0.0 (/Users/rakesh/code/codex/codex-rs/mcp-server) Compiling codex-tui v0.0.0 (/Users/rakesh/code/codex/codex-rs/tui) Compiling codex-cli v0.0.0 (/Users/rakesh/code/codex/codex-rs/cli) Finished `dev` profile [unoptimized + debuginfo] target(s) in 2.90s Running `target/debug/codex login --experimental_use-device-code` To authenticate, enter this code when prompted: 6Q27-KBVRF with interval 5 ^C ``` The error in the last line is since the poll endpoint is not yet implemented
rakesh-oai ·
2025-09-30 02:34:57 +00:00 -
[mcp-server] Expose fuzzy file search in MCP (#2677)
## Summary Expose a simple fuzzy file search implementation for mcp clients to work with ## Testing - [x] Tested locally
Dylan ·
2025-09-29 12:19:09 -07:00 -
OpenTelemetry events (#2103)
### Title ## otel Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events** that describe each run: outbound API requests, streamed responses, user input, tool-approval decisions, and the result of every tool invocation. Export is **disabled by default** so local runs remain self-contained. Opt in by adding an `[otel]` table and choosing an exporter. ```toml [otel] environment = "staging" # defaults to "dev" exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled ``` Codex tags every exported event with `service.name = "codex-cli"`, the CLI version, and an `env` attribute so downstream collectors can distinguish dev/staging/prod traffic. Only telemetry produced inside the `codex_otel` crate—the events listed below—is forwarded to the exporter. ### Event catalog Every event shares a common set of metadata fields: `event.timestamp`, `conversation.id`, `app.version`, `auth_mode` (when available), `user.account_id` (when available), `terminal.type`, `model`, and `slug`. With OTEL enabled Codex emits the following event types (in addition to the metadata above): - `codex.api_request` - `cf_ray` (optional) - `attempt` - `duration_ms` - `http.response.status_code` (optional) - `error.message` (failures) - `codex.sse_event` - `event.kind` - `duration_ms` - `error.message` (failures) - `input_token_count` (completion only) - `output_token_count` (completion only) - `cached_token_count` (completion only, optional) - `reasoning_token_count` (completion only, optional) - `tool_token_count` (completion only) - `codex.user_prompt` - `prompt_length` - `prompt` (redacted unless `log_user_prompt = true`) - `codex.tool_decision` - `tool_name` - `call_id` - `decision` (`approved`, `approved_for_session`, `denied`, or `abort`) - `source` (`config` or `user`) - `codex.tool_result` - `tool_name` - `call_id` - `arguments` - `duration_ms` (execution time for the tool) - `success` (`"true"` or `"false"`) - `output` ### Choosing an exporter Set `otel.exporter` to control where events go: - `none` – leaves instrumentation active but skips exporting. This is the default. - `otlp-http` – posts OTLP log records to an OTLP/HTTP collector. Specify the endpoint, protocol, and headers your collector expects: ```toml [otel] exporter = { otlp-http = { endpoint = "https://otel.example.com/v1/logs", protocol = "binary", headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" } }} ``` - `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint and any metadata headers: ```toml [otel] exporter = { otlp-grpc = { endpoint = "https://otel.example.com:4317", headers = { "x-otlp-meta" = "abc123" } }} ``` If the exporter is `none` nothing is written anywhere; otherwise you must run or point to your own collector. All exporters run on a background batch worker that is flushed on shutdown. If you build Codex from source the OTEL crate is still behind an `otel` feature flag; the official prebuilt binaries ship with the feature enabled. When the feature is disabled the telemetry hooks become no-ops so the CLI continues to function without the extra dependencies. --------- Co-authored-by: Anton Panasenko <apanasenko@openai.com>
vishnu-oai ·
2025-09-29 11:30:55 -07:00 -
chore: remove responses-api-proxy from the multitool (#4404)
This removes the `codex responses-api-proxy` subcommand in favor of running it as a standalone CLI. As part of this change, we: - remove the dependency on `tokio`/`async/await` as well as `codex_arg0` - introduce the use of `pre_main_hardening()` so `CODEX_SECURE_MODE=1` is not required --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/4404). * #4406 * __->__ #4404 * #4403
Michael Bolin ·
2025-09-28 15:22:27 -07:00 -
Michael Bolin ·
2025-09-28 14:35:14 -07:00 -
[MCP] Add experimental support for streamable HTTP MCP servers (#4317)
This PR adds support for streamable HTTP MCP servers when the `experimental_use_rmcp_client` is enabled. To set one up, simply add a new mcp server config with the url: ``` [mcp_servers.figma] url = "http://127.0.0.1:3845/mcp" ``` It also supports an optional `bearer_token` which will be provided in an authorization header. The full oauth flow is not supported yet. The config parsing will throw if it detects that the user mixed and matched config fields (like command + bearer token or url + env). The best way to review it is to review `core/src` and then `rmcp-client/src/rmcp_client.rs` first. The rest is tests and propagating the `Transport` struct around the codebase. Example with the Figma MCP: <img width="5084" height="1614" alt="CleanShot 2025-09-26 at 13 35 40" src="https://github.com/user-attachments/assets/eaf2771e-df3e-4300-816b-184d7dec5a28" />
Gabriel Peal ·
2025-09-26 21:24:01 -04:00 -
[MCP] Introduce an experimental official rust sdk based mcp client (#4252)
The [official Rust SDK](https://github.com/modelcontextprotocol/rust-sdk/tree/57fc428c578a1a3fe851ee0838bf068bda120eb3) has come a long way since we first started our mcp client implementation 5 months ago and, today, it is much more complete than our own stdio-only implementation. This PR introduces a new config flag `experimental_use_rmcp_client` which will use a new mcp client powered by the sdk instead of our own. To keep this PR simple, I've only implemented the same stdio MCP functionality that we had but will expand on it with future PRs. --------- Co-authored-by: pakrym-oai <pakrym@openai.com>
Gabriel Peal ·
2025-09-26 13:13:37 -04:00 -
feat: introduce responses-api-proxy (#4246)
Details are in `responses-api-proxy/README.md`, but the key contribution of this PR is a new subcommand, `codex responses-api-proxy`, which reads the auth token for use with the OpenAI Responses API from `stdin` at startup and then proxies `POST` requests to `/v1/responses` over to `https://api.openai.com/v1/responses`, injecting the auth token as part of the `Authorization` header. The expectation is that `codex responses-api-proxy` is launched by a privileged user who has access to the auth token so that it can be used by unprivileged users of the Codex CLI on the same host. If the client only has one user account with `sudo`, one option is to: - run `sudo codex responses-api-proxy --http-shutdown --server-info /tmp/server-info.json` to start the server - record the port written to `/tmp/server-info.json` - relinquish their `sudo` privileges (which is irreversible!) like so: ``` sudo deluser $USER sudo || sudo gpasswd -d $USER sudo || true ``` - use `codex` with the proxy (see `README.md`) - when done, make a `GET` request to the server using the `PORT` from `server-info.json` to shut it down: ```shell curl --fail --silent --show-error "http://127.0.0.1:$PORT/shutdown" ``` To protect the auth token, we: - allocate a 1024 byte buffer on the stack and write `"Bearer "` into it to start - we then read from `stdin`, copying to the contents into the buffer after the prefix - after verifying the input looks good, we create a `String` from that buffer (so the data is now on the heap) - we zero out the stack-allocated buffer using https://crates.io/crates/zeroize so it is not optimized away by the compiler - we invoke `.leak()` on the `String` so we can treat its contents as a `&'static str`, as it will live for the rest of the processs - on UNIX, we `mlock(2)` the memory backing the `&'static str` - when using the `&'static str` when building an HTTP request, we use `HeaderValue::from_static()` to avoid copying the `&str` - we also invoke `.set_sensitive(true)` on the `HeaderValue`, which in theory indicates to other parts of the HTTP stack that the header should be treated with "special care" to avoid leakage: https://github.com/hyperium/http/blob/439d1c50d71e3be3204b6c4a1bf2255ed78e1f93/src/header/value.rs#L346-L376
Michael Bolin ·
2025-09-26 08:19:00 -07:00 -
ref: state - 2 (#4229)
Extracting tasks in a module and start abstraction behind a Trait (more to come on this but each task will be tackled in a dedicated PR) The goal was to drop the ActiveTask and to have a (potentially) set of tasks during each turn
jif-oai ·
2025-09-26 13:49:08 +00:00 -
Add codex exec testing helpers (#4254)
Add a shortcut to create working directories and run codex exec with fake server.
pakrym-oai ·
2025-09-25 17:12:45 -07:00 -
Add explicit codex exec events (#4177)
This pull request add a new experimental format of JSON output. You can try it using `codex exec --experimental-json`. Design takes a lot of inspiration from Responses API items and stream format. # Session and items Each invocation of `codex exec` starts or resumes a session. Session contains multiple high-level item types: 1. Assistant message 2. Assistant thinking 3. Command execution 4. File changes 5. To-do lists 6. etc. # Events Session and items are going through their life cycles which is represented by events. Session is `session.created` or `session.resumed` Items are `item.added`, `item.updated`, `item.completed`, `item.require_approval` (or other item types like `item.output_delta` when we need streaming). So a typical session can look like: <details> ``` { "type": "session.created", "session_id": "01997dac-9581-7de3-b6a0-1df8256f2752" } { "type": "item.completed", "item": { "id": "itm_0", "item_type": "assistant_message", "text": "I’ll locate the top-level README and remove its first line. Then I’ll show a quick summary of what changed." } } { "type": "item.completed", "item": { "id": "itm_1", "item_type": "command_execution", "command": "bash -lc ls -la | sed -n '1,200p'", "aggregated_output": "pyenv: cannot rehash: /Users/pakrym/.pyenv/shims isn't writable\ntotal 192\ndrwxr-xr-x@ 33 pakrym staff 1056 Sep 24 14:36 .\ndrwxr-xr-x 41 pakrym staff 1312 Sep 24 09:17 ..\n-rw-r--r--@ 1 pakrym staff 6 Jul 9 16:16 .codespellignore\n-rw-r--r--@ 1 pakrym staff 258 Aug 13 09:40 .codespellrc\ndrwxr-xr-x@ 5 pakrym staff 160 Jul 23 08:26 .devcontainer\n-rw-r--r--@ 1 pakrym staff 6148 Jul 22 10:03 .DS_Store\ndrwxr-xr-x@ 15 pakrym staff 480 Sep 24 14:38 .git\ndrwxr-xr-x@ 12 pakrym staff 384 Sep 2 16:00 .github\n-rw-r--r--@ 1 pakrym staff 778 Jul 9 16:16 .gitignore\ndrwxr-xr-x@ 3 pakrym staff 96 Aug 11 09:37 .husky\n-rw-r--r--@ 1 pakrym staff 104 Jul 9 16:16 .npmrc\n-rw-r--r--@ 1 pakrym staff 96 Sep 2 08:52 .prettierignore\n-rw-r--r--@ 1 pakrym staff 170 Jul 9 16:16 .prettierrc.toml\ndrwxr-xr-x@ 5 pakrym staff 160 Sep 14 17:43 .vscode\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:37 2025-09-11\n-rw-r--r--@ 1 pakrym staff 5505 Sep 18 09:28 AGENTS.md\n-rw-r--r--@ 1 pakrym staff 92 Sep 2 08:52 CHANGELOG.md\n-rw-r--r--@ 1 pakrym staff 1145 Jul 9 16:16 cliff.toml\ndrwxr-xr-x@ 11 pakrym staff 352 Sep 24 13:03 codex-cli\ndrwxr-xr-x@ 38 pakrym staff 1216 Sep 24 14:38 codex-rs\ndrwxr-xr-x@ 18 pakrym staff 576 Sep 23 11:01 docs\n-rw-r--r--@ 1 pakrym staff 2038 Jul 9 16:16 flake.lock\n-rw-r--r--@ 1 pakrym staff 1434 Jul 9 16:16 flake.nix\n-rw-r--r--@ 1 pakrym staff 10926 Jul 9 16:16 LICENSE\ndrwxr-xr-x@ 465 pakrym staff 14880 Jul 15 07:36 node_modules\n-rw-r--r--@ 1 pakrym staff 242 Aug 5 08:25 NOTICE\n-rw-r--r--@ 1 pakrym staff 578 Aug 14 12:31 package.json\n-rw-r--r--@ 1 pakrym staff 498 Aug 11 09:37 pnpm-lock.yaml\n-rw-r--r--@ 1 pakrym staff 58 Aug 11 09:37 pnpm-workspace.yaml\n-rw-r--r--@ 1 pakrym staff 2402 Jul 9 16:16 PNPM.md\n-rw-r--r--@ 1 pakrym staff 4393 Sep 12 14:36 README.md\ndrwxr-xr-x@ 4 pakrym staff 128 Sep 18 09:28 scripts\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:34 tmp\n", "exit_code": 0, "status": "completed" } } { "type": "item.completed", "item": { "id": "itm_2", "item_type": "reasoning", "text": "**Reviewing README.md file**\n\nI've located the README.md file at the root, and it’s 4393 bytes. Now, I need to remove the first line, but first, I should check its content to make sure I’m patching it correctly. I’ll use sed to display the first 20 lines. By reviewing those lines, I can determine exactly what needs to be removed before I proceed with the editing. Let's do this carefully!" } } { "type": "item.completed", "item": { "id": "itm_3", "item_type": "command_execution", "command": "bash -lc sed -n '1,40p' README.md", "aggregated_output": "<h1 align=\"center\">OpenAI Codex CLI</h1>\n\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n```shell\nnpm install -g @openai/codex\n```\n\nAlternatively, if you use Homebrew:\n\n```shell\nbrew install codex\n```\n\nThen simply run `codex` to get started:\n\n```shell\ncodex\n```\n\n<details>\n<summary>You can also go to the <a href=\"https://github.com/openai/codex/releases/latest\">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>\n\n", "exit_code": 0, "status": "completed" } } { "type": "item.completed", "item": { "id": "itm_4", "item_type": "reasoning", "text": "**Updating README file**\n\nThe user wants to update the README by removing the first line, which is an HTML h1 tag. I'll proceed to delete that line while keeping the rest intact. To do this, I need to use the apply_patch tool and create a patch in the diff format. I’ll take care to include context lines around the change. After removing the header, I’m considering whether to delete the following blank line as well to keep it tidy." } } { "type": "item.completed", "item": { "id": "itm_5", "item_type": "reasoning", "text": "**Crafting the patch**\n\nThe user has asked to remove just the first line, without mentioning the blank lines. Technically, leaving a blank line at the start is acceptable, but it's not ideal. Ideally, I'd prefer to remove the first line while maintaining the subsequent blank line. However, if I can also remove that blank line, it could tidy things up even more. Still, since the user's request is strictly to remove only the first line, I'll stick to that and craft the patch accordingly." } } { "type": "item.completed", "item": { "id": "itm_6", "item_type": "assistant_message", "text": "Applying the change by removing the first line from `README.md`." } } { "type": "item.completed", "item": { "id": "itm_7", "item_type": "file_change", "changes": [ { "path": "/Users/pakrym/code/codex/README.md", "kind": "update" } ], "status": "completed" } } { "type": "item.completed", "item": { "id": "itm_8", "item_type": "reasoning", "text": "**Validating README Update**\n\nI updated the README.md and now I need to validate that the first line has been successfully removed. To do this, I'll check the first 10 lines of the document to ensure everything looks correct. It’s always good to double-check these kinds of changes, so I’m going to take that extra step to make sure the update was executed properly. Let's see what those initial lines say!" } } { "type": "item.completed", "item": { "id": "itm_9", "item_type": "command_execution", "command": "bash -lc sed -n '1,20p' README.md", "aggregated_output": "\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n", "exit_code": 0, "status": "completed" } } { "type": "item.completed", "item": { "id": "itm_10", "item_type": "assistant_message", "text": "- Updated `README.md:1` by removing the opening H1 line.\n- The README now starts with the install instructions paragraph.\n\nWant me to also remove the leading blank line at the top?" } } ``` </details> The idea is to give users fully formatted items they can use directly in their rendering/application logic and avoid having them building up items manually based on events (unless they want to for streaming). This PR implements only the `item.completed` payload for some event types, more event types and item types to come. --------- Co-authored-by: Michael Bolin <mbolin@openai.com>pakrym-oai ·
2025-09-25 17:47:09 +00:00 -
feat: add support for CODEX_SECURE_MODE=1 to restrict process observability (#4220)
Because the `codex` process could contain sensitive information in memory, such as API keys, we add logic so that when `CODEX_SECURE_MODE=1` is specified, we avail ourselves of whatever the operating system provides to restrict observability/tampering, which includes: - disabling `ptrace(2)`, so it is not possible to attach to the process with a debugger, such as `gdb` - disabling core dumps Admittedly, a user with root privileges can defeat these safeguards. For now, we only add support for this in the `codex` multitool, but we may ultimately want to support this in some of the smaller CLIs that are buildable out of our Cargo workspace.
Michael Bolin ·
2025-09-25 10:02:28 -07:00 -
chore(deps): bump chrono from 0.4.41 to 0.4.42 in /codex-rs (#4028)
Bumps [chrono](https://github.com/chronotope/chrono) from 0.4.41 to 0.4.42. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/chronotope/chrono/releases">chrono's releases</a>.</em></p> <blockquote> <h2>0.4.42</h2> <h2>What's Changed</h2> <ul> <li>Add fuzzer for DateTime::parse_from_str by <a href="https://github.com/tyler92"><code>@tyler92</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1700">chronotope/chrono#1700</a></li> <li>Fix wrong amount of micro/milliseconds by <a href="https://github.com/nmlt"><code>@nmlt</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1703">chronotope/chrono#1703</a></li> <li>Add warning about MappedLocalTime and wasm by <a href="https://github.com/lutzky"><code>@lutzky</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1702">chronotope/chrono#1702</a></li> <li>Fix incorrect parsing of fixed-length second fractions by <a href="https://github.com/chris-leach"><code>@chris-leach</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1705">chronotope/chrono#1705</a></li> <li>Fix cfgs for <code>wasm32-linux</code> support by <a href="https://github.com/arjunr2"><code>@arjunr2</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1707">chronotope/chrono#1707</a></li> <li>Fix OpenHarmony's <code>tzdata</code> parsing by <a href="https://github.com/ldm0"><code>@ldm0</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1679">chronotope/chrono#1679</a></li> <li>Convert NaiveDate to/from days since unix epoch by <a href="https://github.com/findepi"><code>@findepi</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1715">chronotope/chrono#1715</a></li> <li>Add <code>?Sized</code> bound to related methods of <code>DelayedFormat::write_to</code> by <a href="https://github.com/Huliiiiii"><code>@Huliiiiii</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1721">chronotope/chrono#1721</a></li> <li>Add <code>from_timestamp_secs</code> method to <code>DateTime</code> by <a href="https://github.com/jasonaowen"><code>@jasonaowen</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1719">chronotope/chrono#1719</a></li> <li>Migrate to core::error::Error by <a href="https://github.com/benbrittain"><code>@benbrittain</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1704">chronotope/chrono#1704</a></li> <li>Upgrade to windows-bindgen 0.63 by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1730">chronotope/chrono#1730</a></li> <li>strftime: simplify error handling by <a href="https://github.com/djc"><code>@djc</code></a> in <a href="https://redirect.github.com/chronotope/chrono/pull/1731">chronotope/chrono#1731</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/chronotope/chrono/commit/f3fd15f976c8c8e56d97eda6237af4d485ba2297"><code>f3fd15f</code></a> Bump version to 0.4.42</li> <li><a href="https://github.com/chronotope/chrono/commit/5cf56035007f291b1b8f457fa3bfc79fb367419a"><code>5cf5603</code></a> strftime: add regression test case</li> <li><a href="https://github.com/chronotope/chrono/commit/a6231701ee934cbbeb595fe71328fcbbf1b584d5"><code>a623170</code></a> strftime: simplify error handling</li> <li><a href="https://github.com/chronotope/chrono/commit/36fbfb1221da05b1482eb9dd18254e6bd736cb31"><code>36fbfb1</code></a> strftime: move specifier handling out of match to reduce rightward drift</li> <li><a href="https://github.com/chronotope/chrono/commit/7f413c363b74e293d495dc6109335c02dda9d629"><code>7f413c3</code></a> strftime: yield None early</li> <li><a href="https://github.com/chronotope/chrono/commit/9d5dfe164098186bfff8af7d5eecbb05d7712d4d"><code>9d5dfe1</code></a> strftime: outline constants</li> <li><a href="https://github.com/chronotope/chrono/commit/e5f6be7db4a0c2756cad0a7c8186a5a180873f7a"><code>e5f6be7</code></a> strftime: move error() method below caller</li> <li><a href="https://github.com/chronotope/chrono/commit/d516c2764d74e467fa37e25e8e88d5633478bafa"><code>d516c27</code></a> strftime: merge impl blocks</li> <li><a href="https://github.com/chronotope/chrono/commit/0ee2172fb92df4e0be4cf7a733c860226eec37a0"><code>0ee2172</code></a> strftime: re-order items to keep impls together</li> <li><a href="https://github.com/chronotope/chrono/commit/757a8b0226e9c0a23b5334c7dc0986f1e487b8ac"><code>757a8b0</code></a> Upgrade to windows-bindgen 0.63</li> <li>Additional commits viewable in <a href="https://github.com/chronotope/chrono/compare/v0.4.41...v0.4.42">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-24 16:53:26 +00:00 -
chore(deps): bump unicode-width from 0.1.14 to 0.2.1 in /codex-rs (#2156)
Bumps [unicode-width](https://github.com/unicode-rs/unicode-width) from 0.1.14 to 0.2.1. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/unicode-rs/unicode-width/commit/0085e91db72ae9a4498e62030d9651f1c1d09b4f"><code>0085e91</code></a> Publish 0.2.1</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/6db0c14cbde54b1343335be38c7fdcb6451efb25"><code>6db0c14</code></a> Remove <code>compiler-builtins</code> from <code>rustc-dep-of-std</code> dependencies (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/77">#77</a>)</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/0bccd3f1b55b15e7796a5f591a9f24ef28889b1b"><code>0bccd3f</code></a> update copyright year (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/76">#76</a>)</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/7a7fcdc8134a67e0b8deaac7deb4f12559550eaf"><code>7a7fcdc</code></a> Support Unicode 16 (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/74">#74</a>)</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/82d7136b494ded1fe83a269e673fd85dfc4a92a6"><code>82d7136</code></a> Advertise and enforce MSRV (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/73">#73</a>)</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/e77b2929bc863841147786ef573b297581f94fe4"><code>e77b292</code></a> Make characters with <code>Line_Break=Ambiguous</code> ambiguous (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/61">#61</a>)</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/5a7fced663028d86d603cffbddcabedfdf7c7199"><code>5a7fced</code></a> Update version number in Readme (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/70">#70</a>)</li> <li><a href="https://github.com/unicode-rs/unicode-width/commit/79eab0d9fc2060783b43046f9611648dcd35172f"><code>79eab0d</code></a> Publish 0.2.0 with newlines treated as width 1 (<a href="https://redirect.github.com/unicode-rs/unicode-width/issues/68">#68</a>)</li> <li>See full diff in <a href="https://github.com/unicode-rs/unicode-width/compare/v0.1.14...v0.2.1">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days. Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-24 16:33:46 +00:00 -
chore: remove
once_celldependency from multiple crates (#4154)This commit removes the `once_cell` dependency from `Cargo.toml` files in the `codex-rs` and `apply-patch` directories, replacing its usage with `std::sync::LazyLock` and `std::sync::OnceLock` where applicable. This change simplifies the dependency tree and utilizes standard library features for lazy initialization. # External (non-OpenAI) Pull Request Requirements Before opening this Pull Request, please read the dedicated "Contributing" markdown file or your PR may be closed: https://github.com/openai/codex/blob/main/docs/contributing.md If your PR conforms to our contribution guidelines, replace this text with a detailed and high quality description of your changes.
Tien Nguyen ·
2025-09-24 09:15:57 -07:00 -
chore: extract readiness in a dedicated utils crate (#4140)
Create an `utils` directory for the small utils crates
jif-oai ·
2025-09-24 10:15:54 +00:00 -
chore(deps): bump tempfile from 3.20.0 to 3.22.0 in /codex-rs (#4030)
Bumps [tempfile](https://github.com/Stebalien/tempfile) from 3.20.0 to 3.22.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Stebalien/tempfile/blob/master/CHANGELOG.md">tempfile's changelog</a>.</em></p> <blockquote> <h2>3.22.0</h2> <ul> <li>Updated <code>windows-sys</code> requirement to allow version 0.61.x</li> <li>Remove <code>unstable-windows-keep-open-tempfile</code> feature.</li> </ul> <h2>3.21.0</h2> <ul> <li>Updated <code>windows-sys</code> requirement to allow version 0.60.x</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Stebalien/tempfile/commit/f720dbe098f847f3899d83305f565a5c46bb818d"><code>f720dbe</code></a> chore: release 3.22.0</li> <li><a href="https://github.com/Stebalien/tempfile/commit/55d742cb5d37d51c5ee107ae6c3898deeb0cc592"><code>55d742c</code></a> chore: remove deprecated unstable feature flag</li> <li><a href="https://github.com/Stebalien/tempfile/commit/bc41a0b586ec52da28971763378162e96d96be8a"><code>bc41a0b</code></a> build(deps): update windows-sys requirement from >=0.52, <0.61 to >=0.52, <0....</li> <li><a href="https://github.com/Stebalien/tempfile/commit/3c55387edee0d79041092f5abfbe899de4fbc8db"><code>3c55387</code></a> test: make sure we don't drop tempdirs early (<a href="https://redirect.github.com/Stebalien/tempfile/issues/373">#373</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/17bf644406959b75bf83d44fcfbd1dfa63d86730"><code>17bf644</code></a> doc(builder): clarify permissions (<a href="https://redirect.github.com/Stebalien/tempfile/issues/372">#372</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/c7423f1761f569c60c504ffed0ef6e124430b162"><code>c7423f1</code></a> doc(env): document the alternative to setting the tempdir (<a href="https://redirect.github.com/Stebalien/tempfile/issues/371">#371</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/5af60ca9e3ca42c5135cd41df3e8a2bd5341b9fc"><code>5af60ca</code></a> test(wasi): run a few tests that shouldn't have been disabled (<a href="https://redirect.github.com/Stebalien/tempfile/issues/370">#370</a>)</li> <li><a href="https://github.com/Stebalien/tempfile/commit/6c0c56198a274de88b877303fa28e6ad96699fa5"><code>6c0c561</code></a> fix(doc): temp_dir doesn't check if writable</li> <li><a href="https://github.com/Stebalien/tempfile/commit/48bff5f54c71a880ea7a9efb19e48be7b2eeb3d9"><code>48bff5f</code></a> test(tempdir): configure tempdir on wasi</li> <li><a href="https://github.com/Stebalien/tempfile/commit/704a1d27520735e8922c58e84cd193365ceaedaf"><code>704a1d2</code></a> test(tempdir): cleanup tempdir tests and run more tests on wasi</li> <li>Additional commits viewable in <a href="https://github.com/Stebalien/tempfile/compare/v3.20.0...v3.22.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-23 23:41:35 -07:00 -
chore(deps): bump log from 0.4.27 to 0.4.28 in /codex-rs (#4027)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [log](https://github.com/rust-lang/log) from 0.4.27 to 0.4.28. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/releases">log's releases</a>.</em></p> <blockquote> <h2>0.4.28</h2> <h2>What's Changed</h2> <ul> <li>ci: drop really old trick and ensure MSRV for all feature combo by <a href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li> <li>chore: fix some typos in comment by <a href="https://github.com/xixishidibei"><code>@xixishidibei</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li> <li>Unhide <code>#[derive(Debug)]</code> in example by <a href="https://github.com/ZylosLumen"><code>@ZylosLumen</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li> <li>Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by <a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li>Add <code>increment_severity()</code> and <code>decrement_severity()</code> methods for <code>Level</code> and <code>LevelFilter</code> by <a href="https://github.com/nebkor"><code>@nebkor</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> <li>Prepare for 0.4.28 release by <a href="https://github.com/KodrAus"><code>@KodrAus</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/695">rust-lang/log#695</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/xixishidibei"><code>@xixishidibei</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li> <li><a href="https://github.com/ZylosLumen"><code>@ZylosLumen</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li> <li><a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li><a href="https://github.com/nebkor"><code>@nebkor</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">https://github.com/rust-lang/log/compare/0.4.27...0.4.28</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/rust-lang/log/blob/master/CHANGELOG.md">log's changelog</a>.</em></p> <blockquote> <h2>[0.4.28] - 2025-09-02</h2> <h2>What's Changed</h2> <ul> <li>ci: drop really old trick and ensure MSRV for all feature combo by <a href="https://github.com/tisonkun"><code>@tisonkun</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li> <li>Chore: delete compare_exchange method for AtomicUsize on platforms without atomics by <a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li>Add <code>increment_severity()</code> and <code>decrement_severity()</code> methods for <code>Level</code> and <code>LevelFilter</code> by <a href="https://github.com/nebkor"><code>@nebkor</code></a> in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/xixishidibei"><code>@xixishidibei</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/677">rust-lang/log#677</a></li> <li><a href="https://github.com/ZylosLumen"><code>@ZylosLumen</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/688">rust-lang/log#688</a></li> <li><a href="https://github.com/HaoliangXu"><code>@HaoliangXu</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/690">rust-lang/log#690</a></li> <li><a href="https://github.com/nebkor"><code>@nebkor</code></a> made their first contribution in <a href="https://redirect.github.com/rust-lang/log/pull/692">rust-lang/log#692</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">https://github.com/rust-lang/log/compare/0.4.27...0.4.28</a></p> <h3>Notable Changes</h3> <ul> <li>MSRV is bumped to 1.61.0 in <a href="https://redirect.github.com/rust-lang/log/pull/676">rust-lang/log#676</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rust-lang/log/commit/6e1735597bb21c5d979a077395df85e1d633e077"><code>6e17355</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/695">#695</a> from rust-lang/cargo/0.4.28</li> <li><a href="https://github.com/rust-lang/log/commit/57719dbef54de1c9b91b986845e4285d09c9e644"><code>57719db</code></a> focus on user-facing source changes in the changelog</li> <li><a href="https://github.com/rust-lang/log/commit/e0630c6485c6ca6da22888c319d2c3d2e53cb1ae"><code>e0630c6</code></a> prepare for 0.4.28 release</li> <li><a href="https://github.com/rust-lang/log/commit/60829b11f50e34497f4dcaff44561ee908c796f9"><code>60829b1</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/692">#692</a> from nebkor/up-and-down</li> <li><a href="https://github.com/rust-lang/log/commit/95d44f8af52df35d78adb766bef79d8f489022a0"><code>95d44f8</code></a> change names of log-level-changing methods to be more descriptive</li> <li><a href="https://github.com/rust-lang/log/commit/2b63dfada6394c537682de4834ae45eaf3bad216"><code>2b63dfa</code></a> Add <code>up()</code> and <code>down()</code> methods for <code>Level</code> and <code>LevelFilter</code></li> <li><a href="https://github.com/rust-lang/log/commit/3aa1359e926a39f841791207d6e57e00da3e68e2"><code>3aa1359</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/690">#690</a> from HaoliangXu/master</li> <li><a href="https://github.com/rust-lang/log/commit/1091f2cbd21817872235eff67b8e0e68e5ec4e41"><code>1091f2c</code></a> Chore:delete compare_exchange method for AtomicUsize on platforms</li> <li><a href="https://github.com/rust-lang/log/commit/24c5f44efd0828ed1c6dcec5adf5aebf97f0f400"><code>24c5f44</code></a> Merge pull request <a href="https://redirect.github.com/rust-lang/log/issues/688">#688</a> from ZylosLumen/patch-1</li> <li><a href="https://github.com/rust-lang/log/commit/44984954670f3144af1d1f323e36690bb72788f4"><code>4498495</code></a> Unhide <code>#[derive(Debug)]</code> in example</li> <li>Additional commits viewable in <a href="https://github.com/rust-lang/log/compare/0.4.27...0.4.28">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-23 23:07:54 -07:00 -
chore(deps): bump serde from 1.0.224 to 1.0.226 in /codex-rs (#4031)
[//]: # (dependabot-start) ⚠️ **Dependabot is rebasing this PR** ⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Bumps [serde](https://github.com/serde-rs/serde) from 1.0.224 to 1.0.226. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.226</h2> <ul> <li>Deduplicate variant matching logic inside generated Deserialize impl for adjacently tagged enums (<a href="https://redirect.github.com/serde-rs/serde/issues/2935">#2935</a>, thanks <a href="https://github.com/Mingun"><code>@Mingun</code></a>)</li> </ul> <h2>v1.0.225</h2> <ul> <li>Avoid triggering a deprecation warning in derived Serialize and Deserialize impls for a data structure that contains its own deprecations (<a href="https://redirect.github.com/serde-rs/serde/issues/2879">#2879</a>, thanks <a href="https://github.com/rcrisanti"><code>@rcrisanti</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/serde/commit/179954784683f35942ac2e1f076e0361b47f8178"><code>1799547</code></a> Release 1.0.226</li> <li><a href="https://github.com/serde-rs/serde/commit/2dbeefb11bd7fb97aceb49a09e8ba5a25e268b2e"><code>2dbeefb</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2935">#2935</a> from Mingun/dedupe-adj-enums</li> <li><a href="https://github.com/serde-rs/serde/commit/8a3c29ff19126ca021c29039bfcd1e829b1dfab3"><code>8a3c29f</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2986">#2986</a> from dtolnay/didnotwork</li> <li><a href="https://github.com/serde-rs/serde/commit/defc24d361552d872f92d9e7b98afee64c414d6d"><code>defc24d</code></a> Remove "did not work" comment from test suite</li> <li><a href="https://github.com/serde-rs/serde/commit/23166107601322080d19e8600f9ac84f5ace8b9b"><code>2316610</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2929">#2929</a> from Mingun/flatten-enum-tests</li> <li><a href="https://github.com/serde-rs/serde/commit/c09e2bd690b2e12cd355e93ca4c9beb8b3ff98e9"><code>c09e2bd</code></a> Add tests for flatten unit variant in adjacently tagged (tag + content) enums</li> <li><a href="https://github.com/serde-rs/serde/commit/fe7dcc4cd8b74682c97f8d8fec18ca91c23c6177"><code>fe7dcc4</code></a> Test all possible orders of map entries for enum-flatten-in-struct representa...</li> <li><a href="https://github.com/serde-rs/serde/commit/a20e66e1313f64f1ebadd29da1e90eecfd06fdbd"><code>a20e66e</code></a> Check serialization in flatten::enum_::internally_tagged::unit_enum_with_unkn...</li> <li><a href="https://github.com/serde-rs/serde/commit/1c1a5d95cd32fa0d5bc1456098b5ebc113a97190"><code>1c1a5d9</code></a> Reorder struct_ and newtype tests of adjacently_tagged enums to match order i...</li> <li><a href="https://github.com/serde-rs/serde/commit/ee3c2372fbe0019ec19b6327213c6acfade435fe"><code>ee3c237</code></a> Opt in to generate-macro-expansion when building on docs.rs</li> <li>Additional commits viewable in <a href="https://github.com/serde-rs/serde/compare/v1.0.224...v1.0.226">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-23 23:06:30 -07:00 -
pakrym-oai ·
2025-09-23 13:31:36 -07:00 -
feat: readiness tool (#4090)
Readiness flag with token-based subscription and async wait function that waits for all the subscribers to be ready
jif-oai ·
2025-09-23 17:27:20 +01:00 -
feat: git tooling for undo (#3914)
## Summary Introduces a “ghost commit” workflow that snapshots the tree without touching refs. 1. git commit-tree writes an unreferenced commit object from the current index, optionally pointing to the current HEAD as its parent. 2. We then stash that commit id and use git restore --source <ghost> to roll the worktree (and index) back to the recorded snapshot later on. ## Details - Ghost commits live only as loose objects—we never update branches or tags—so the repo history stays untouched while still giving us a full tree snapshot. - Force-included paths let us stage otherwise ignored files before capturing the tree. - Restoration rehydrates both tracked and force-included files while leaving untracked/ignored files alone.
jif-oai ·
2025-09-23 16:59:52 +01:00 -
Add notifier tests (#4064)
Proposal: 1. Use anyhow for tests and avoid unwrap 2. Extract a helper for starting a test instance of codex
pakrym-oai ·
2025-09-23 14:25:46 +00:00 -
fix codex resume message at end of session (#3957)
This was only being printed when running the codex-tui executable directly, not via the codex-cli wrapper.
Jeremy Rose ·
2025-09-22 22:24:31 +00:00 -
chore: unify cargo versions (#4044)
Unify cargo versions at root
jif-oai ·
2025-09-22 16:47:01 +00:00 -
Add non_sandbox_test helper (#3880)
Makes tests shorter
pakrym-oai ·
2025-09-22 14:50:41 +00:00 -
Move responses mocking helpers to a shared lib (#3878)
These are generally useful
pakrym-oai ·
2025-09-18 17:53:14 -07:00 -
hint for codex resume on tui exit (#3757)
<img width="931" height="438" alt="Screenshot 2025-09-16 at 4 25 19 PM" src="https://github.com/user-attachments/assets/ccfb8df1-feaf-45b4-8f7f-56100de916d5" />
Jeremy Rose ·
2025-09-18 09:28:32 -07:00 -
chore(deps): bump wildmatch from 2.4.0 to 2.5.0 in /codex-rs (#3619)
Bumps [wildmatch](https://github.com/becheran/wildmatch) from 2.4.0 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/becheran/wildmatch/releases">wildmatch's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <p><a href="https://redirect.github.com/becheran/wildmatch/pull/27">becheran/wildmatch#27</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/becheran/wildmatch/commit/b39902c120687e152f0835b21af51fa8e213231f"><code>b39902c</code></a> chore: Release wildmatch version 2.5.0</li> <li><a href="https://github.com/becheran/wildmatch/commit/87a8cf4c8056149da42443593b5535e1fbeaee66"><code>87a8cf4</code></a> Merge pull request <a href="https://redirect.github.com/becheran/wildmatch/issues/28">#28</a> from smichaku/micha/fix-unicode-case-insensitive-matching</li> <li><a href="https://github.com/becheran/wildmatch/commit/a3ab4903f58626c17adac6edcdb0bbeacee778d7"><code>a3ab490</code></a> fix: Fix unicode matching for non-ASCII characters</li> <li>See full diff in <a href="https://github.com/becheran/wildmatch/compare/v2.4.0...v2.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-15 12:57:17 -07:00 -
chore(deps): bump serde from 1.0.219 to 1.0.223 in /codex-rs (#3618)
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.219 to 1.0.223. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.223</h2> <ul> <li>Fix serde_core documentation links (<a href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a>)</li> </ul> <h2>v1.0.222</h2> <ul> <li>Make <code>serialize_with</code> attribute produce code that works if respanned to 2024 edition (<a href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a>, thanks <a href="https://github.com/aytey"><code>@aytey</code></a>)</li> </ul> <h2>v1.0.221</h2> <ul> <li>Documentation improvements (<a href="https://redirect.github.com/serde-rs/serde/issues/2973">#2973</a>)</li> <li>Deprecate <code>serde_if_integer128!</code> macro (<a href="https://redirect.github.com/serde-rs/serde/issues/2975">#2975</a>)</li> </ul> <h2>v1.0.220</h2> <ul> <li>Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: <a href="https://docs.rs/serde_core">https://docs.rs/serde_core</a> (<a href="https://redirect.github.com/serde-rs/serde/issues/2608">#2608</a>, thanks <a href="https://github.com/osiewicz"><code>@osiewicz</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/serde/commit/6c316d7cb5f3780d2a418d277a756516beeacc42"><code>6c316d7</code></a> Release 1.0.223</li> <li><a href="https://github.com/serde-rs/serde/commit/a4ac0c2bc6625ee83ddf4b35f11eca48f90ebae2"><code>a4ac0c2</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a> from dtolnay/htmlrooturl</li> <li><a href="https://github.com/serde-rs/serde/commit/ed76364f877a6ebc653a0339dcea89b9e3cc7507"><code>ed76364</code></a> Change serde_core's html_root_url to docs.rs/serde_core</li> <li><a href="https://github.com/serde-rs/serde/commit/57e21a1afa280ae982f19aea2776318fbcd711be"><code>57e21a1</code></a> Release 1.0.222</li> <li><a href="https://github.com/serde-rs/serde/commit/bb58726133fb30b89ccea3e357eb91f4b2d460a0"><code>bb58726</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a> from aytey/fix_lifetime_issue_2024</li> <li><a href="https://github.com/serde-rs/serde/commit/3f6925125bae7837d918da63f2dba6efabad8dec"><code>3f69251</code></a> Delete unneeded field of MapDeserializer</li> <li><a href="https://github.com/serde-rs/serde/commit/fd4decf2fe36a8e4408aefc493960141b8b0cd02"><code>fd4decf</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2976">#2976</a> from dtolnay/content</li> <li><a href="https://github.com/serde-rs/serde/commit/00b1b6b2b5e6154eba81e2ad8c6a43b945583ad0"><code>00b1b6b</code></a> Move Content's Deserialize impl from serde_core to serde</li> <li><a href="https://github.com/serde-rs/serde/commit/cf141aa8c79a40fe7b7c5ac5dbfd28802f2e01f4"><code>cf141aa</code></a> Move Content's Clone impl from serde_core to serde</li> <li><a href="https://github.com/serde-rs/serde/commit/ff3aee490abff5267cac86f07e0301aa6d441760"><code>ff3aee4</code></a> Release 1.0.221</li> <li>Additional commits viewable in <a href="https://github.com/serde-rs/serde/compare/v1.0.219...v1.0.223">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-15 12:56:20 -07:00 -
chore(deps): bump serde_json from 1.0.143 to 1.0.145 in /codex-rs (#3617)
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.143 to 1.0.145. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.145</h2> <ul> <li>Raise serde version requirement to >=1.0.220</li> </ul> <h2>v1.0.144</h2> <ul> <li>Switch serde dependency to serde_core (<a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/efa66e3a1d61459ab2d325f92ebe3acbd6ca18b1"><code>efa66e3</code></a> Release 1.0.145</li> <li><a href="https://github.com/serde-rs/json/commit/23679e2b9d7e4dcaef797ca7c51a4ffb6fce9f36"><code>23679e2</code></a> Add serde version constraint</li> <li><a href="https://github.com/serde-rs/json/commit/fc27bafbf740abc5e5733ec1dd2b5ae25695f895"><code>fc27baf</code></a> Release 1.0.144</li> <li><a href="https://github.com/serde-rs/json/commit/caef3c6ea69e126d18ee8b43dcc2c89d81207815"><code>caef3c6</code></a> Ignore uninlined_format_args pedantic clippy lint</li> <li><a href="https://github.com/serde-rs/json/commit/81ba3aaaff5c3736dd8b762dd1a0cf992bf60593"><code>81ba3aa</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a> from dtolnay/serdecore</li> <li><a href="https://github.com/serde-rs/json/commit/d21e8ce7a7cc0bab2d53293de42b6343ef1d9144"><code>d21e8ce</code></a> Switch serde dependency to serde_core</li> <li><a href="https://github.com/serde-rs/json/commit/6beb6cd596a00f8838dc0cfc8876ed8fd065896f"><code>6beb6cd</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1286">#1286</a> from dtolnay/up</li> <li><a href="https://github.com/serde-rs/json/commit/1dbc803749213eca37080cc7f29f5aee3ac18941"><code>1dbc803</code></a> Raise required compiler to Rust 1.61</li> <li><a href="https://github.com/serde-rs/json/commit/0bf5d87003aebbbb2b46c96e668283215971d98d"><code>0bf5d87</code></a> Enforce trybuild >= 1.0.108</li> <li><a href="https://github.com/serde-rs/json/commit/d12e943590208da738c092db92c34b39796a2538"><code>d12e943</code></a> Update actions/checkout@v4 -> v5</li> <li>See full diff in <a href="https://github.com/serde-rs/json/compare/v1.0.143...v1.0.145">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-15 11:58:57 -07:00 -
feat: update splash (#3631)
- Update splash styling. - Add center truncation for long paths. (Uses new `center_truncate_path` utility.) - Update the suggested commands. ## New splash <img width="560" height="326" alt="image" src="https://github.com/user-attachments/assets/b80d7075-f376-4019-a464-b96a78b0676d" /> ## Example with truncation: <img width="524" height="317" alt="image" src="https://github.com/user-attachments/assets/b023c5cc-0bf0-4d21-9b98-bfea85546eda" />
ae ·
2025-09-15 06:44:40 -07:00 -
chore(deps): bump tracing-subscriber from 0.3.19 to 0.3.20 in /codex-rs (#3620)
Bumps [tracing-subscriber](https://github.com/tokio-rs/tracing) from 0.3.19 to 0.3.20. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/tracing/releases">tracing-subscriber's releases</a>.</em></p> <blockquote> <h2>tracing-subscriber 0.3.20</h2> <p><strong>Security Fix</strong>: ANSI Escape Sequence Injection (CVE-TBD)</p> <h2>Impact</h2> <p>Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:</p> <ul> <li>Manipulate terminal title bars</li> <li>Clear screens or modify terminal display</li> <li>Potentially mislead users through terminal manipulation</li> </ul> <p>In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.</p> <h2>Solution</h2> <p>Version 0.3.20 fixes this vulnerability by escaping ANSI control characters in when writing events to destinations that may be printed to the terminal.</p> <h2>Affected Versions</h2> <p>All versions of tracing-subscriber prior to 0.3.20 are affected by this vulnerability.</p> <h2>Recommendations</h2> <p>Immediate Action Required: We recommend upgrading to tracing-subscriber 0.3.20 immediately, especially if your application:</p> <ul> <li>Logs user-provided input (form data, HTTP headers, query parameters, etc.)</li> <li>Runs in environments where terminal output is displayed to users</li> </ul> <h2>Migration</h2> <p>This is a patch release with no breaking API changes. Simply update your Cargo.toml:</p> <pre lang="toml"><code>[dependencies] tracing-subscriber = "0.3.20" </code></pre> <h2>Acknowledgments</h2> <p>We would like to thank <a href="http://github.com/zefr0x">zefr0x</a> who responsibly reported the issue at <code>security@tokio.rs</code>.</p> <p>If you believe you have found a security vulnerability in any tokio-rs project, please email us at <code>security@tokio.rs</code>.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/tracing/commit/4c52ca5266a3920fc5dfeebda2accf15ee7fb278"><code>4c52ca5</code></a> fmt: fix ANSI escape sequence injection vulnerability (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3368">#3368</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/f71cebe41e4c12735b1d19ca804428d4ff7d905d"><code>f71cebe</code></a> subscriber: impl Clone for EnvFilter (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3360">#3360</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/3a1f571102b38bcdca13d59f3c454989d179055d"><code>3a1f571</code></a> Fix CI (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3361">#3361</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/e63ef57f3d686abe3727ddd586eb9af73d6715b7"><code>e63ef57</code></a> chore: prepare tracing-attributes 0.1.30 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3316">#3316</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/6e59a13b1a7bcdd78b8b5a7cbcf70a0b2cdd76f0"><code>6e59a13</code></a> attributes: fix tracing::instrument regression around shadowing (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3311">#3311</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/e4df76127538aa8370d7dee32a6f84bbec6bbf10"><code>e4df761</code></a> tracing: update core to 0.1.34 and attributes to 0.1.29 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3305">#3305</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/643f392ebb73c4fb856f56a78c066c82582dd22c"><code>643f392</code></a> chore: prepare tracing-attributes 0.1.29 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3304">#3304</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/d08e7a6eea1833810ea527e18ea03b08cd402c9d"><code>d08e7a6</code></a> chore: prepare tracing-core 0.1.34 (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3302">#3302</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/6e70c571d319a033d5f37c885ccf99aa675a9eac"><code>6e70c57</code></a> tracing-subscriber: count numbers of enters in <code>Timings</code> (<a href="https://redirect.github.com/tokio-rs/tracing/issues/2944">#2944</a>)</li> <li><a href="https://github.com/tokio-rs/tracing/commit/c01d4fd9def2fb061669a310598095c789ca0a32"><code>c01d4fd</code></a> fix docs and enable CI on <code>main</code> branch (<a href="https://redirect.github.com/tokio-rs/tracing/issues/3295">#3295</a>)</li> <li>Additional commits viewable in <a href="https://github.com/tokio-rs/tracing/compare/tracing-subscriber-0.3.19...tracing-subscriber-0.3.20">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-15 00:51:33 -07:00 -
chore(deps): bump slab from 0.4.10 to 0.4.11 in /codex-rs (#3635)
Bumps [slab](https://github.com/tokio-rs/slab) from 0.4.10 to 0.4.11. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/slab/releases">slab's releases</a>.</em></p> <blockquote> <h2>v0.4.11</h2> <ul> <li>Fix <code>Slab::get_disjoint_mut</code> out of bounds (<a href="https://redirect.github.com/tokio-rs/slab/issues/152">#152</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/tokio-rs/slab/blob/master/CHANGELOG.md">slab's changelog</a>.</em></p> <blockquote> <h1>0.4.11 (August 8, 2025)</h1> <ul> <li>Fix <code>Slab::get_disjoint_mut</code> out of bounds (<a href="https://redirect.github.com/tokio-rs/slab/issues/152">#152</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/tokio-rs/slab/commit/2e5779f8eb318827c78cad38007445a93ec04503"><code>2e5779f</code></a> Release v0.4.11 (<a href="https://redirect.github.com/tokio-rs/slab/issues/153">#153</a>)</li> <li><a href="https://github.com/tokio-rs/slab/commit/2d65c514bc964b192bab212ddf3c1fcea4ae96b8"><code>2d65c51</code></a> Fix get_disjoint_mut error condition (<a href="https://redirect.github.com/tokio-rs/slab/issues/152">#152</a>)</li> <li>See full diff in <a href="https://github.com/tokio-rs/slab/compare/v0.4.10...v0.4.11">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/openai/codex/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-09-15 00:48:53 -07:00 -
initial mcp add interface (#3543)
Adds `codex mcp add`, `codex mcp list`, `codex mcp remove`. Currently writes to global config.
easong-openai ·
2025-09-15 04:30:56 +00:00 -
enable-resume (#3537)
Adding the ability to resume conversations. we have one verb `resume`. Behavior: `tui`: `codex resume`: opens session picker `codex resume --last`: continue last message `codex resume <session id>`: continue conversation with `session id` `exec`: `codex resume --last`: continue last conversation `codex resume <session id>`: continue conversation with `session id` Implementation: - I added a function to find the path in `~/.codex/sessions/` with a `UUID`. This is helpful in resuming with session id. - Added the above mentioned flags - Added lots of testing
Ahmed Ibrahim ·
2025-09-14 19:33:19 -04:00 -
feat: context compaction (#3446)
## Compact feature: 1. Stops the model when the context window become too large 2. Add a user turn, asking for the model to summarize 3. Build a bridge that contains all the previous user message + the summary. Rendered from a template 4. Start sampling again from a clean conversation with only that bridge
jif-oai ·
2025-09-12 13:07:10 -07:00 -
Simplify auth flow and reconcile differences between ChatGPT and API Key auth (#3189)
This PR does the following: * Adds the ability to paste or type an API key. * Removes the `preferred_auth_method` config option. The last login method is always persisted in auth.json, so this isn't needed. * If OPENAI_API_KEY env variable is defined, the value is used to prepopulate the new UI. The env variable is otherwise ignored by the CLI. * Adds a new MCP server entry point "login_api_key" so we can implement this same API key behavior for the VS Code extension. <img width="473" height="140" alt="Screenshot 2025-09-04 at 3 51 04 PM" src="https://github.com/user-attachments/assets/c11bbd5b-8a4d-4d71-90fd-34130460f9d9" /> <img width="726" height="254" alt="Screenshot 2025-09-04 at 3 51 32 PM" src="https://github.com/user-attachments/assets/6cc76b34-309a-4387-acbc-15ee5c756db9" />
Eric Traut ·
2025-09-11 09:16:34 -07:00 -
feat: add UserInfo request to JSON-RPC server (#3428)
This adds a simple endpoint that provides the email address encoded in `$CODEX_HOME/auth.json`. As noted, for now, we do not hit the server to verify this is the user's true email address.
Michael Bolin ·
2025-09-10 17:03:35 -07:00 -
replace tui_markdown with a custom markdown renderer (#3396)
Also, simplify the streaming behavior. This fixes a number of display issues with streaming markdown, and paves the way for better markdown features (e.g. customizable styles, syntax highlighting, markdown-aware wrapping). Not currently supported: - footnotes - tables - reference-style links
Jeremy Rose ·
2025-09-10 12:13:53 -07:00