Commit Graph

2989 Commits

  • Reduce burst testing flake (#9549)
    ## Summary
    
    - make paste-burst tests deterministic by injecting explicit timestamps
    instead of relying on wall clock timing
    - add time-aware helpers for input/submission paths so tests can drive
    the burst heuristic precisely
    - update burst-related tests to flush using computed timeouts while
    preserving behavior assertions
    - increase timeout slack in
    shell_tools_start_before_response_completed_when_stream_delayed to
    reduce flakiness
  • feat: publish config schema on release (#9572)
    Follow up to #8956; publish schema on new release to stable URL.
    
    Also canonicalize schema (sort keys) when writing. This avoids reliance
    on default `schema_rs` behavior and makes the schema easier to read.
  • fix(tui) turn timing incremental (#9599)
    ## Summary
    When we send multiple assistant messages, reset the timer so "Worked for
    2m 36s" is the time since the last time we showed the message, rather
    than an ever-increasing number.
    
    We could instead change the copy so it's more clearly a running counter.
    
    ## Testing
    - [x] ran locally
    
    <img width="903" height="732" alt="Screenshot 2026-01-21 at 1 42 51 AM"
    src="https://github.com/user-attachments/assets/bb4d827b-3a0e-48ba-bd6a-d8cd65d8e892"
    />
  • feat: better sorting of shell commands (#9629)
    This PR changes the way we sort slash command by going in this order:
    1. Exact match
    2. Prefix
    3. Fuzzy
    
    As a result, we you type `/ps` the default command is not `/approvals`
  • Add layered config.toml support to app server (#9510)
    This PR adds support for chained (layered) config.toml file merging for
    clients that use the app server interface. This feature already exists
    for the TUI, but it does not work for GUI clients.
    
    It does the following:
    * Changes code paths for new thread, resume thread, and fork thread to
    use the effective config based on the cwd.
    * Updates the `config/read` API to accept an optional `cwd` parameter.
    If specified, the API returns the effective config based on that cwd
    path. Also optionally includes all layers including project config
    files. If cwd is not specified, the API falls back on its older behavior
    where it considers only the global (non-project) config files when
    computing the effective config.
    
    The changes in codex_message_processor.rs look deceptively large. They
    mostly just involve moving existing blocks of code to a later point in
    some functions so it can use the cwd to calculate the config.
    
    This PR builds upon #9509 and should be reviewed and merged after that
    PR.
    
    Tested:
    * Verified change with (dependent, as-yet-uncommitted) changes to IDE
    Extension and confirmed correct behavior
    
    The full fix requires additional changes in the IDE Extension code base,
    but they depend on this PR.
  • Add collaboration_mode to TurnContextItem (#9583)
    ## Summary
    - add optional `collaboration_mode` to `TurnContextItem` in rollouts
    - persist the current collaboration mode when recording turn context
    (sampling + compaction)
    
    ## Rationale
    We already persist turn context data for resume logic. Capturing
    collaboration mode in the rollout gives us the mode context for each
    turn, enabling follow‑up work to diff mode instructions correctly on
    resume.
    
    ## Changes
    - protocol: add optional `collaboration_mode` field to `TurnContextItem`
    - core: persist collaboration mode alongside other turn context settings
    in rollouts
  • Chore: update plan mode output in prompt (#9592)
    ### Summary
    * Update plan prompt output
    * Update requestUserInput response to be a single key value pair
    `answer: String`.
  • Add websockets logging (#9633)
    To help with debugging.
  • [bazel] Upgrade llvm toolchain and enable remote repo cache (#9616)
    On bazel9 this lets us avoid performing some external repo downloads if
    they've been previously uploaded to remote cache, downloads are deferred
    until they are actually needed to execute an uncached action
  • Update skills/list protocol readme (#9623)
    Updates readme example for `skills/list` to reflect latest response
    spec.
  • define/emit some metrics for windows sandbox setup (#9573)
    This should give us visibility into how users are using the elevated
    sandbox nux flow, and the timing of the elevated setup.
  • fix: Fix tilde expansion to avoid absolute-path escape (#9621)
    ### Motivation
    - Prevent inputs like `~//` or `~///etc` from expanding to arbitrary
    absolute paths (e.g. `/`) because `Path::join` discards the left side
    when the right side is absolute, which could allow config values to
    escape `HOME` and broaden writable roots.
    
    ### Description
    - In `codex-rs/utils/absolute-path/src/lib.rs` update
    `maybe_expand_home_directory` to trim leading separators from the suffix
    and return `home` when the remainder is empty so tilde expansion stays
    rooted under `HOME`.
    - Add a non-Windows unit test
    `home_directory_double_slash_on_non_windows_is_expanded_in_deserialization`
    that validates `"~//code"` expands to `home.join("code")`.
    
    ### Testing
    - Ran `just fmt` successfully.
    - Ran `just fix -p codex-utils-absolute-path` (Clippy autofix)
    successfully.
    - Ran `cargo test -p codex-utils-absolute-path` and all tests passed.
    
    ------
    [Codex
    Task](https://chatgpt.com/codex/tasks/task_i_697007481cac832dbeb1ee144d1e4cbe)
  • chore: defensive shell snapshot (#9609)
    This PR adds 2 defensive mechanisms for shell snapshotting:
    * Filter out invalid env variables (containing `-` for example) without
    dropping the whole snapshot
    * Validate the snapshot before considering it as valid by running a mock
    command with a shell snapshot
  • nit: better collab tui (#9551)
    <img width="478" height="304" alt="Screenshot 2026-01-21 at 11 53 50"
    src="https://github.com/user-attachments/assets/e2ef70de-2fff-44e0-a574-059177966ed2"
    />
  • Added "codex." prefix to "conversation.turn.count" metric name (#9594)
    All other metrics names start with "codex.", so I presume this was an
    unintended omission.
  • feat: max threads config (#9483)
    # External (non-OpenAI) Pull Request Requirements
    
    Before opening this Pull Request, please read the dedicated
    "Contributing" markdown file or your PR may be closed:
    https://github.com/openai/codex/blob/main/docs/contributing.md
    
    If your PR conforms to our contribution guidelines, replace this text
    with a detailed and high quality description of your changes.
    
    Include a link to a bug report or enhancement request.
  • Add request-user-input overlay (#9585)
    - Add request-user-input overlay and routing in the TUI
  • don't ask for approval for just fix (#9586)
    It blocks all my skills from executing because it asks to run just fmt.
    It's quick command that doesn't need approval.
    
    
    <img width="967" height="120" alt="image"
    src="https://github.com/user-attachments/assets/f8e6ca76-a650-49e9-beb2-ce98ba48d310"
    />
  • Reject ask user question tool in Execute and Custom (#9560)
    ## Summary
    - Keep `request_user_input` in the tool list but reject it at runtime in
    Execute/Custom modes with a clear model-facing error.
    - Add a session accessor for current collaboration mode and enforce the
    gate in the request_user_input handler.
    - Update core/app-server tests to use Plan mode for success and add
    Execute/Custom rejection coverage.
  • Prompt Expansion: Preserve Text Elements (#9518)
    Summary
    - Preserve `text_elements` through custom prompt argument parsing and
    expansion (named and numeric placeholders).
    - Translate text element ranges through Shlex parsing using sentinel
    substitution, and rehydrate text + element ranges per arg.
    - Drop image attachments when their placeholder does not survive prompt
    expansion, keeping attachments consistent with rendered elements.
    - Mirror changes in TUI2 and expand tests for prompt parsing/expansion
    edge cases.
    
    Tests
    - placeholders with spaces as single tokens (positional + key=value,
    quoted + unquoted),
      - prompt expansion with image placeholders,
      - large paste + image arg combinations,
      - unused image arg dropped after expansion.
  • feat: rename experimental_instructions_file to model_instructions_file (#9555)
    A user who has `experimental_instructions_file` set will now see this:
    
    <img width="888" height="660" alt="image"
    src="https://github.com/user-attachments/assets/51c98312-eb9b-4881-81f1-bea6677e158d"
    />
    
    And a `codex exec` would include this warning:
    
    <img width="888" height="660" alt="image"
    src="https://github.com/user-attachments/assets/a89f62be-1edf-4593-a75e-e0b4a762ed7d"
    />
  • Show session header before configuration (#9568)
    We were skipping if we know the model. We shouldn't
  • feat(tui2): add /experimental menu (#9562)
    Adds an /experimental slash command and bottom-pane view to toggle beta
    features.
    
    Persists feature-flag updates to config.toml, matching tui behavior.
  • [codex-tui] exit when terminal is dumb (#9293)
    Using terminal with TERM=dumb specifically mean that TUIs and the like
    don't work. Ensure that codex doesn't run in these environments and exit
    with odd errors like crossterm's "Error: The cursor position could not
    be read within a normal duration"
    
    ---------
    
    Co-authored-by: Josh McKinney <joshka@openai.com>
  • fix(core): require approval for force delete on Windows (#8590)
    ### What
    Implemented detection for dangerous "force delete" commands on Windows
    to trigger the user approval prompt when `--ask-for-approval on-request`
    is set. This aligns Windows behavior with the existing safety checks for
    `rm -rf` on Linux.
    
    ### Why
    Fixes #8567 - a critical safety gap where destructive Windows commands
    could bypass the approval prompt. This prevents accidental data loss by
    ensuring the user explicitly confirms operations that would otherwise
    suppress the OS's native confirmation prompts.
    
    ### How
    Updated the Windows command safety module to identify and flag the
    following patterns as dangerous:
    *   **PowerShell**:
    * Detects `Remove-Item` (and aliases `rm`, `ri`, `del`, `erase`, `rd`,
    `rmdir`) when used with the `-Force` flag.
    * Uses token-based analysis to robustly detect these patterns even
    inside script blocks (`{...}`), sub-expression `(...)`, or
    semicolon-chained sequences.
    *   **CMD**:
        *   Detects `del /f` (force delete files).
        *   Detects `rd /s /q` (recursive delete quiet).
    * **Command Chaining**: Added support for analyzing chained commands
    (using `&`, `&&`, `|`, `||`) to separate and check individual commands
    (e.g., catching `del /f` hidden in `echo log & del /f data`).
    
    ### Testing
    Added comprehensive unit tests covering:
    * **PowerShell**: `Remove-Item -Path 'test' -Recurse -Force` (Exact
    reproduction case).
    * **Complex Syntax**: Verified detection inside blocks (e.g., `if
    ($true) { rm -Force }`) and with trailing punctuation.
    *   **CMD**:
        *   `del /f` (Flagged).
        *   `rd /s /q` (Flagged).
        *   Chained commands: `echo hi & del /f file` (Flagged).
    *   **False Positives**:
        *   `rd /s` (Not flagged - relies on native prompt).
        *   Standard deletions without force flags.
    
    Verified with `cargo test` and `cargo clippy`.
    
    ---------
    
    Co-authored-by: Eric Traut <etraut@openai.com>
  • Improve UI spacing for queued messages (#9162)
    Despite good spacing between queued messages and assistant message text:
    <img width="462" height="322" alt="Screenshot 2026-01-12 at 4 54 50 PM"
    src="https://github.com/user-attachments/assets/e8b46252-0b33-40d2-b431-cb73b9a3bd2e"
    />
    
    Codex has confusing spacing between queued messages and shimmering
    status text (making the queued message seem like a sub-item of the
    shimmering status text)
    <img width="615" height="217" alt="Screenshot 2026-01-12 at 4 54 18 PM"
    src="https://github.com/user-attachments/assets/ee5e6095-8fe9-4863-88d2-10472cab8bd6"
    />
    
    This PR changes the spacing between the queued message(s) and shimmering
    status text to make it less confusing:
    <img width="440" height="240" alt="Screenshot 2026-01-13 at 11 20 36 AM"
    src="https://github.com/user-attachments/assets/02dcc690-cbe9-4943-87de-c7300ef51120"
    />
    
    While working on the status/queued spacing change, we noticed two
    paste‑burst tests were timing‑sensitive and could fail
    on slower CI. We added a small test‑only helper to keep the paste‑burst
    state active and refreshed during these tests. This
    removes dependence on tight timing and makes the tests deterministic
    without affecting runtime behavior.
  • fix(cli): add execute permission to bin/codex.js (#9532)
    ## Summary
    Fixes #9520
    
    The `bin/codex.js` file was missing execute permissions (`644` instead
    of `755`), causing the `codex` command to fail after npm global
    installation.
    
    ## Changes
    - Added execute permission (`+x`) to `codex-cli/bin/codex.js`
    
    ## Verification
    After this fix, npm tarballs will include the correct file permissions:
    ```bash
    # Before: -rw-r--r-- (644)
    # After:  -rwxr-xr-x (755)
    ```
    
    ---
    🤖 Generated with Claude Code
    
    Co-authored-by: Claude <noreply@anthropic.com>
  • Add total (non-partial) TextElement placeholder accessors (#9545)
    ## Summary
    - Make `TextElement` placeholders private and add a text-backed accessor
    to avoid assuming `Some`.
    - Since they are optional in the protocol, we want to make sure any
    accessors properly handle the None case (getting the placeholder using
    the byte range in the text)
    - Preserve placeholders during protocol/app-server conversions using the
    accessor fallback.
    - Update TUI composer/remap logic and tests to use the new
    constructor/accessor.
  • merge remote models (#9547)
    We have `models.json` and `/models` response
    Behavior:
    1. New models from models endpoint gets added
    2. Shared models get replaced by remote ones
    3. Existing models in `models.json` but not `/models` are kept
    4. Mark highest priority as default
  • fix(windows-sandbox): parse PATH list entries for audit roots (#9319)
    ## Summary
    - Use `std::env::split_paths` to parse PATH entries in audit candidate
    collection
    - Add a unit test covering multiple PATH entries (including spaces)
    
    ## Testing
    - `cargo test -p codex-windows-sandbox` (Windows)
    
    Fixes #9317
  • fix(windows-sandbox): deny .git file entries under writable roots (#9314)
    ## Summary
    - Deny `.git` entries under writable roots even when `.git` is a file
    (worktrees/submodules)
    - Add a unit test for `.git` file handling
    
    ## Testing
    - `cargo test -p codex-windows-sandbox` (Windows)
    
    Fixes #9313
  • lookup system SIDs instead of hardcoding English strings. (#9552)
    The elevated setup does not work on non-English windows installs where
    Users/Administrators/etc are in different languages. This PR uses the
    well-known SIDs instead, which do not vary based on locale
  • fix(core): don't update the file's mtime on resume (#9553)
    Remove `FileTimes::new().set_modified(SystemTime::now())` when resuming
    a thread.
    
    Context: It's awkward in UI built on top of app-server that resuming a
    thread bumps the `updated_at` timestamp, even if no message is sent. So
    if you open a thread (perhaps to just view its contents), it
    automatically reorders it to the top which is almost certainly not what
    you want.
  • fix: prevent repeating interrupted turns (#9043)
    ## What
    Record a model-visible `<turn_aborted>` marker in history when a turn is
    interrupted, and treat it as a session prefix.
    
    ## Why
    When a turn is interrupted, Codex emits `TurnAborted` but previously did
    not persist anything model-visible in the conversation history. On the
    next user turn, the model can’t tell the previous work was aborted and
    may resume/repeat earlier actions (including duplicated side effects
    like re-opening PRs).
    
    Fixes: https://github.com/openai/codex/issues/9042
    
    ## How
    On `TurnAbortReason::Interrupted`, append a hidden user message
    containing a `<turn_aborted>…</turn_aborted>` marker and flush.
    Treat `<turn_aborted>` like `<environment_context>` for session-prefix
    filtering.
    Add a regression test to ensure follow-up turns don’t repeat side
    effects from an aborted turn.
    
    ## Testing
    `just fmt`
    `just fix -p codex-core`
    `cargo test -p codex-core -- --test-threads=1`
    `cargo test --all-features -- --test-threads=1`
    
    ---------
    
    Co-authored-by: Skylar Graika <sgraika127@gmail.com>
    Co-authored-by: jif-oai <jif@openai.com>
    Co-authored-by: Eric Traut <etraut@openai.com>
  • Fixed config merging issue with profiles (#9509)
    This PR fixes a small issue with chained (layered) config.toml file
    merging. The old logic didn't properly handle profiles.
    
    In particular, if a lower-layer config overrides a profile defined in a
    higher-layer config, the override did not take effect. This prevents
    users from having project-specific profile overrides and contradicts the
    (soon-to-be) documented behavior of config merging.
    
    The change adds a unit test for this case. It also exposes a function
    from the config crate that is needed by the app server code paths to
    implement support for layered configs.
  • fix: memory leak issue (#9543)
    Co-authored-by: Josh McKinney <joshka@openai.com>