Commit Graph

2575 Commits

  • feat(tui): route employee feedback follow-ups to internal link (#10198)
    ## Problem
    OpenAI employees were sent to the public GitHub issue flow after
    `/feedback`, which is the wrong follow-up path internally.
    
    ## Mental model
    After feedback upload completes, we render a follow-up link/message.
    That link should be audience-aware but must not change the upload
    pipeline itself.
    
    ## Non-goals
    - Changing how feedback is captured or uploaded
    - Changing external user behavior
    
    ## Tradeoffs
    We detect employees via the authenticated account email suffix
    (`@openai.com`). If the email is unavailable (e.g., API key auth), we
    default to the external behavior.
    
    ## Architecture
    - Introduce `FeedbackAudience` and thread it from `App` -> `ChatWidget`
    -> `FeedbackNoteView`
    - Gate internal messaging/links on `FeedbackAudience::OpenAiEmployee`
    - Internal follow-up link is now `http://go/codex-feedback-internal`
    - External GitHub URL remains byte-for-byte identical
    
    ## Observability
    No new telemetry; this only changes rendered follow-up instructions.
    
    ## Tests
    - `just fmt`
    - `cargo test -p codex-tui --lib`
  • add error messages for the go plan type (#10181)
    Adds support for the Go plan type
    Updates rate limit error messages to point to the usage page
  • [feat] persist dynamic tools in session rollout file (#10130)
    Add dynamic tools to rollout file for persistence & read from rollout on
    resume. Ran a real example and spotted the following in the rollout
    file:
    ```
    {"timestamp":"2026-01-29T01:27:57.468Z","type":"session_meta","payload":{"id":"019c075d-3f0b-77e3-894e-c1c159b04b1e","timestamp":"2026-01-29T01:27:57.451Z","...."dynamic_tools":[{"name":"demo_tool","description":"Demo dynamic tool","inputSchema":{"additionalProperties":false,"properties":{"city":{"type":"string"}},"required":["city"],"type":"object"}}],"git":{"commit_hash":"ebc573f15c01b8af158e060cfedd401f043e9dfa","branch":"dev/cc/dynamic-tools","repository_url":"https://github.com/openai/codex.git"}}}
    ```
  • chore(app-server): document AuthMode (#10191)
    Explain what this is and what it's used for.
  • tui: add feature-gated /plan slash command to switch to Plan mode (#10103)
    ## Summary
    Adds a simple `/plan` slash command in the TUI that switches the active
    collaboration mode to Plan mode. The command is only available when the
    `collaboration_modes` feature is enabled.
    
    ## Changes
    - Add `plan_mask` helper in `codex-rs/tui/src/collaboration_modes.rs`
    - Add `SlashCommand::Plan` metadata in
    `codex-rs/tui/src/slash_command.rs`
    - Implement and hard-gate `/plan` dispatch in
    `codex-rs/tui/src/chatwidget.rs`
    - Hide `/plan` when collaboration modes are disabled in
    `codex-rs/tui/src/bottom_pane/slash_commands.rs`
    - Update command popup tests in
    `codex-rs/tui/src/bottom_pane/command_popup.rs`
    - Add a focused unit test for `/plan` in
    `codex-rs/tui/src/chatwidget/tests.rs`
    
    ## Behavior notes
    - `/plan` is now a no-op if `Feature::CollaborationModes` is disabled.
    - When enabled, `/plan` switches directly to Plan mode without opening
    the picker.
    
    ## Codex author
    `codex resume 019c05da-d7c3-7322-ae2c-3ca38d0ef702`
  • feat(app-server): support external auth mode (#10012)
    This enables a new use case where `codex app-server` is embedded into a
    parent application that will directly own the user's ChatGPT auth
    lifecycle, which means it owns the user’s auth tokens and refreshes it
    when necessary. The parent application would just want a way to pass in
    the auth tokens for codex to use directly.
    
    The idea is that we are introducing a new "auth mode" currently only
    exposed via app server: **`chatgptAuthTokens`** which consist of the
    `id_token` (stores account metadata) and `access_token` (the bearer
    token used directly for backend API calls). These auth tokens are only
    stored in-memory. This new mode is in addition to the existing `apiKey`
    and `chatgpt` auth modes.
    
    This PR reuses the shape of our existing app-server account APIs as much
    as possible:
    - Update `account/login/start` with a new `chatgptAuthTokens` variant,
    which will allow the client to pass in the tokens and have codex
    app-server use them directly. Upon success, the server emits
    `account/login/completed` and `account/updated` notifications.
    - A new server->client request called
    `account/chatgptAuthTokens/refresh` which the server can use whenever
    the access token previously passed in has expired and it needs a new one
    from the parent application.
    
    I leveraged the core 401 retry loop which typically triggers auth token
    refreshes automatically, but made it pluggable:
    - **chatgpt** mode refreshes internally, as usual.
    - **chatgptAuthTokens** mode calls the client via
    `account/chatgptAuthTokens/refresh`, the client responds with updated
    tokens, codex updates its in-memory auth, then retries. This RPC has a
    10s timeout and handles JSON-RPC errors from the client.
    
    Also some additional things:
    - chatgpt logins are blocked while external auth is active (have to log
    out first. typically clients will pick one OR the other, not support
    both)
    - `account/logout` clears external auth in memory
    - Ensures that if `forced_chatgpt_workspace_id` is set via the user's
    config, we respect it in both:
    - `account/login/start` with `chatgptAuthTokens` (returns a JSON-RPC
    error back to the client)
    - `account/chatgptAuthTokens/refresh` (fails the turn, and on next
    request app-server will send another `account/chatgptAuthTokens/refresh`
    request to the client).
  • [Codex][CLI] Show model-capacity guidance on 429 (#10118)
    ###### Problem
    Users get generic 429s with no guidance when a model is at capacity.
    ###### Solution
    Detect model-cap headers, surface a clear “try a different model”
    message, and keep behavior non‑intrusive (no auto‑switch).
    ###### Scope
    CLI/TUI only; protocol + error mapping updated to carry model‑cap info.
    ###### Tests
          - just fmt
          - cargo test -p codex-tui
    - cargo test -p codex-core --lib
    shell_snapshot::tests::try_new_creates_and_deletes_snapshot_file --
    --nocapture (ran in isolated env)
          - validate local build with backend
         
    <img width="719" height="845" alt="image"
    src="https://github.com/user-attachments/assets/1470b33d-0974-4b1f-b8e6-d11f892f4b54"
    />
  • updating comment to better indicate intent of skipping quit in the main slash command menu (#10186)
    Updates comment indicating intent for skipping `quit` in the main slash
    command dropdown.
  • Remove WebSocket wire format (#10179)
    I'd like WireApi to go away (when chat is removed) and WebSockets is
    still responses API just over a different transport.
  • fix: /approvals -> /permissions (#10184)
    I believe we should be recommending `/permissions` in light of
    https://github.com/openai/codex/pull/9561.
  • Add features enable/disable subcommands (#10180)
    ## Summary
    - add `codex features enable <feature>` and `codex features disable
    <feature>`
    - persist feature flag changes to `config.toml` (respecting profile)
    - print the under-development feature warning when enabling prerelease
    features
    - keep `features list` behavior unchanged and add unit/integration tests
    
    ## Testing
    - cargo test -p codex-cli
  • Better handling skill depdenencies on ENV VAR. (#9017)
    An experimental flow for env var skill dependencies. Skills can now
    declare required env vars in SKILL.md; if missing, the CLI prompts the
    user to get the value, and Core will store it in memory (eventually to a
    local persistent store)
    <img width="790" height="169" alt="image"
    src="https://github.com/user-attachments/assets/cd928918-9403-43cb-a7e7-b8d59bcccd9a"
    />
  • Fall back to http when websockets fail (#10139)
    I expect not all proxies work with websockets, fall back to http if
    websockets fail.
  • feat: reduce span exposition (#10171)
    This only avoids the creation of duplicates spans
  • chore: unify log queries (#10152)
    Unify log queries to only have SQLX code in the runtime and use it for
    both the log client and for tests
  • chore: improve client (#10149)
    <img width="883" height="84" alt="Screenshot 2026-01-29 at 11 13 12"
    src="https://github.com/user-attachments/assets/090a2fec-94ed-4c0f-aee5-1653ed8b1439"
    />
  • feat: log db client (#10087)
    ```
    just log -h
    if [ "${1:-}" = "--" ]; then shift; fi; cargo run -p codex-state --bin logs_client -- "$@"
        Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.21s
         Running `target/debug/logs_client -h`
    Tail Codex logs from state.sqlite with simple filters
    
    Usage: logs_client [OPTIONS]
    
    Options:
          --codex-home <CODEX_HOME>  Path to CODEX_HOME. Defaults to $CODEX_HOME or ~/.codex [env: CODEX_HOME=]
          --db <DB>                  Direct path to the SQLite database. Overrides --codex-home
          --level <LEVEL>            Log level to match exactly (case-insensitive)
          --from <RFC3339|UNIX>      Start timestamp (RFC3339 or unix seconds)
          --to <RFC3339|UNIX>        End timestamp (RFC3339 or unix seconds)
          --module <MODULE>          Substring match on module_path
          --file <FILE>              Substring match on file path
          --backfill <BACKFILL>      Number of matching rows to show before tailing [default: 200]
          --poll-ms <POLL_MS>        Poll interval in milliseconds [default: 500]
      -h, --help                     Print help
      ```
  • feat: add log db (#10086)
    Add a log DB. The goal is just to store our logs in a `.sqlite` DB to
    make it easier to crawl them and drop the oldest ones.
  • fix: remove references to corepack (#10138)
    Currently, our `npm publish` logic is failing.
    
    There were a number of things that were merged recently that seemed to
    contribute to this situation, though I think we have fixed most of them,
    but this one stands out:
    
    https://github.com/openai/codex/pull/10115
    
    As best I can tell, we tried to fix the pnpm version to a specific hash,
    but we did not do it consistently (though `shell-tool-mcp/package.json`
    had it specified twice...), so for this PR, I ran:
    
    ```
    $ git ls-files | grep package.json
    codex-cli/package.json
    codex-rs/responses-api-proxy/npm/package.json
    package.json
    sdk/typescript/package.json
    shell-tool-mcp/package.json
    ```
    
    and ensured that all of them now have this line:
    
    ```json
      "packageManager": "pnpm@10.28.2+sha512.41872f037ad22f7348e3b1debbaf7e867cfd448f2726d9cf74c08f19507c31d2c8e7a11525b983febc2df640b5438dee6023ebb1f84ed43cc2d654d2bc326264"
    ```
    
    I also went and deleted all of the `corepack` stuff that was added by
    https://github.com/openai/codex/pull/10115.
    
    If someone can explain why we need it and verify it does not break `npm
    publish`, then we can bring it back.
  • fix: ignore key release events during onboarding (#10131)
    ## Summary
    - guard onboarding key handling to ignore KeyEventKind::Release
    - handle key events at the onboarding screen boundary to avoid
    double-triggering widgets
    
    ## Related
    - https://github.com/ratatui/ratatui/issues/347
    
    ## Testing
    - cd codex-rs && just fmt
    - cd codex-rs && cargo test -p codex-tui
  • fix(tui) reorder personality command (#10134)
    ## Summary
    Reorder it down the list
    
    ## Testing 
    - [x] Tests pass
  • emit a metric when we can't spawn powershell (#10125)
    This will help diagnose and measure the impact of a user-reported bug
    with the elevated sandbox and powershell
  • chore(core) personality under development (#10133)
    ## Summary
    Have one or two more changes coming in for this.
  • [connectors] Support connectors part 2 - slash command and tui (#9728)
    - [x] Support `/apps` slash command to browse the apps in tui.
    - [x] Support inserting apps to prompt using `$`.
    - [x] Lots of simplification/renaming from connectors to apps.
  • removing quit from dropdown menu, but not autocomplete [cli] (#10128)
    Currently we have both `\quit` and `\exit` which do the same thing. This
    removes `\quit` from the slash command menu but allows it to still be an
    autocomplete option & working for those used to that command.
    
    `/quit` autocomplete:
    <img width="232" height="108" alt="Screenshot 2026-01-28 at 4 32 53 PM"
    src="https://github.com/user-attachments/assets/d71e079f-77f6-4edc-9590-44a01e2a4ff5"
    />
    
    slash command menu:
    <img width="425" height="191" alt="Screenshot 2026-01-28 at 4 32 36 PM"
    src="https://github.com/user-attachments/assets/a9458cff-1784-4ce0-927d-43ad13d2a97c"
    />
  • chore(config) Update personality instructions (#10114)
    ## Summary
    Add personality instructions so we can let users try it out, in tandem
    with making it an experimental feature
    
    ## Testing
    - [x] Tested locally
  • Add app-server compaction item notifications tests (#10123)
    - add v2 tests covering local + remote auto-compaction item
    started/completed notifications
  • chore(config) personality as a feature (#10116)
    ## Summary
    Sets up an explicit Feature flag for `/personality`, so users can now
    opt in to it via `/experimental`. #10114 also updates the config
    
    ## Testing
    - [x] Tested locally
  • Ensure auto-compaction starts after turn started (#10129)
    Start auto-compaction only after TurnStarted is emitted.\nAdd an
    integration test for deterministic ordering.
  • [bazel] Improve runfiles handling (#10098)
    we can't use runfiles directory on Windows due to path lengths, so swap
    to manifest strategy. Parsing the manifest is a bit complex and the
    format is changing in Bazel upstream, so pull in the official Rust
    library (via a small hack to make it importable...) and cleanup all the
    associated logic to work cleanly in both bazel and cargo without extra
    confusion
  • default enable compression, update test helpers (#10102)
    set `enable_request_compression` flag to default-enabled.
    
    update integration test helpers to decompress `zstd` if flag set.
  • Added tui.notifications_method config option (#10043)
    This PR adds a new `tui.notifications_method` config option that accepts
    values of "auto", "osc9" and "bel". It defaults to "auto", which
    attempts to auto-detect whether the terminal supports OSC 9 escape
    sequences and falls back to BEL if not.
    
    The PR also removes the inconsistent handling of notifications on
    Windows when WSL was used.
  • allow elevated sandbox to be enabled without base experimental flag (#10028)
    elevated flag = elevated sandbox
    experimental flag = non-elevated sandbox
    both = elevated
  • compaction (#10034)
    # External (non-OpenAI) Pull Request Requirements
    
    Before opening this Pull Request, please read the dedicated
    "Contributing" markdown file or your PR may be closed:
    https://github.com/openai/codex/blob/main/docs/contributing.md
    
    If your PR conforms to our contribution guidelines, replace this text
    with a detailed and high quality description of your changes.
    
    Include a link to a bug report or enhancement request.
  • chore: deprecate old web search feature flags (#10097)
    deprecate all old web search flags and aliases, including:
    - `[features].web_search_request` and `[features].web_search_cached`
    - `[tools].web_search`
    - `[features].web_search`
    
    slightly rework `legacy_usages` to enable pointing to non-features from
    deprecated features; we need to point to `web_search` (not under
    `[features]`) from things like `[features].web_search_cached` and
    `[features].web_search_request`.
    
    Added integration tests to confirm deprecation notice is shown on
    explicit enablement and disablement of deprecated flags.
  • file-search: improve file query perf (#9939)
    switch nucleo-matcher for nucleo and use a "file search session" w/ live
    updating query instead of a single hermetic run per query.
  • Upgrade to rust 1.93 (#10080)
    I needed to upgrade bazel one to get gnullvm artifacts and then noticed
    monorepo had drifted forward. They should move in lockstep. Also 1.93
    already shipped so we can try that instead.
  • Refine request_user_input TUI interactions and option UX (#10025)
    ## Summary
    Overhaul the ask‑user‑questions TUI to support “Other/None” answers,
    better notes handling, improved option selection
    UX, and a safer submission flow with confirmation for unanswered
    questions.
    
    Multiple choice (number keys for quick selection, up/down or jk for
    cycling through options):
    <img width="856" height="169" alt="Screenshot 2026-01-27 at 7 22 29 PM"
    src="https://github.com/user-attachments/assets/cabd1b0e-25e0-4859-bd8f-9941192ca274"
    />
    
    Tab to add notes:
    <img width="856" height="197" alt="Screenshot 2026-01-27 at 7 22 45 PM"
    src="https://github.com/user-attachments/assets/a807db5e-e966-412c-af91-6edc60062f35"
    />
    
    Freeform (also note enter tooltip is highlighted on last question to
    indicate questions UI will be exited upon submission):
    <img width="854" height="112" alt="Screenshot 2026-01-27 at 7 23 13 PM"
    src="https://github.com/user-attachments/assets/2e7b88bf-062b-4b9f-a9da-c9d8c8a59643"
    />
    
    Confirmation dialogue (submitting with unanswered questions):
    <img width="854" height="126" alt="Screenshot 2026-01-27 at 7 23 29 PM"
    src="https://github.com/user-attachments/assets/93965c8f-54ac-45bc-a660-9625bcd101f8"
    />
    
    ## Key Changes
    - **Options UI refresh**
    - Render options as numbered entries; allow number keys to select &
    submit.
    - Remove “Option X/Y” header and allow the question UI height to expand
    naturally.
    - Keep spacing between question, options, and notes even when notes are
    visible.
    - Hide the title line and render the question prompt in cyan **only when
    uncommitted**.
    
    - **“Other / None of the above” support**
      - Wire `isOther` to add “None of the above”.
      - Add guidance text: “Optionally, add details in notes (tab).”
    
    - **Notes composer UX**
    - Remove “Notes” heading; place composer directly under the selected
    option.
    - Preserve pending paste placeholders across question navigation and
    after submission.
      - Ctrl+C clears notes **only when the notes composer has focus**.
      - Ctrl+C now triggers an immediate redraw so the clear is visible.
    
    - **Committed vs uncommitted state**
      - Introduce a unified `answer_committed` flag per question.
    - Editing notes (including adding text or pastes) marks the answer
    uncommitted.
    - Changing the option highlight (j/k, up/down) marks the answer
    uncommitted.
      - Clearing options (Backspace/Delete) also clears pending notes.
      - Question prompt turns cyan only when the answer is uncommitted.
    
    - **Submission safety & confirmation**
      - Only submit notes/freeform text once explicitly committed.
    - Last-question submit with unanswered questions shows a confirmation
    dialog.
      - Confirmation options:
        1. **Proceed** (default)
        2. **Go back**
      - Description reflects count: “Submit with N unanswered question(s).”
      - Esc/Backspace in confirmation returns to first unanswered question.
      - Ctrl+C in confirmation interrupts and exits the overlay.
    
    - **Footer hints**
    - Cyan highlight restored for “enter to submit answer” / “enter to
    submit all”.
    
    ## Codex author
    `codex fork 019c00ed-323a-7000-bdb5-9f9c5a635bd9`
  • feat: sqlite 1 (#10004)
    Add a `.sqlite` database to be used to store rollout metatdata (and
    later logs)
    This PR is phase 1:
    * Add the database and the required infrastructure
    * Add a backfill of the database
    * Persist the newly created rollout both in files and in the DB
    * When we need to get metadata or a rollout, consider the `JSONL` as the
    source of truth but compare the results with the DB and show any errors
  • Add exec policy TOML representation (#10026)
    We'd like to represent these in `requirements.toml`. This just adds the
    representation and the tests, doesn't wire it up anywhere yet.
  • feat(core) RequestRule (#9489)
    ## Summary
    Instead of trying to derive the prefix_rule for a command mechanically,
    let's let the model decide for us.
    
    ## Testing
    - [x] tested locally
  • fix(core) info cleanup (#9986)
    ## Summary
    Simplify this logic a bit.
  • [skills] Auto install MCP dependencies when running skils with dependency specs. (#9982)
    Auto install MCP dependencies when running skils with dependency specs.