Commit Graph

5219 Commits

  • feat: /resume per ID/name (#17222)
    Support `/resume 00000-0000-0000-00000000` from the TUI (equivalent for
    the name)
  • [codex] Defer steering until after sampling the model post-compaction (#17163)
    ## Summary
    - keep pending steered input buffered until the active user prompt has
    received a model response
    - keep steering pending across auto-compact when there is real
    model/tool continuation to resume
    - allow queued steering to follow compaction immediately when the prior
    model response was already final
    - keep pending-input follow-up owned by `run_turn` instead of folding it
    into `SamplingRequestResult`
    - add regression coverage for mid-turn compaction, final-response
    compaction, and compaction triggered before the next request after tool
    output
    
    ## Root Cause
    Steered input was drained at the top of every `run_turn` loop. After
    auto-compaction, the loop continued and immediately appended any pending
    steer after the compact summary, making a queued prompt look like the
    newest task instead of letting the model first resume interrupted
    model/tool work.
    
    ## Implementation Notes
    This patch keeps the follow-up signals separated:
    
    - `SamplingRequestResult.needs_follow_up` means model/tool continuation
    is needed
    - `sess.has_pending_input().await` means queued user steering exists
    - `run_turn` computes the combined loop condition from those two signals
    
    In `run_turn`:
    
    ```rust
    let has_pending_input = sess.has_pending_input().await;
    let needs_follow_up = model_needs_follow_up || has_pending_input;
    ```
    
    After auto-compact we choose whether the next request may drain
    steering:
    
    ```rust
    can_drain_pending_input = !model_needs_follow_up;
    ```
    
    That means:
    
    - model/tool continuation + pending steer: compact -> resume once
    without draining steer
    - completed model answer + pending steer: compact -> drain/send the
    steer immediately
    - fresh user prompt: do not drain steering before the model has answered
    the prompt once
    
    The drain is still only `sess.get_pending_input().await`; when
    `can_drain_pending_input` is false, core uses an empty local vec and
    leaves the steer pending in session state.
    
    ## Validation
    - PASS `cargo test -p codex-core --test all steered_user_input --
    --nocapture`
    - PASS `just fmt`
    - PASS `git diff --check`
    - NOT PASSING HERE `just fix -p codex-core` currently stops before
    linting this change on an unrelated mainline test-build error:
    `core/src/tools/spec_tests.rs` initializes `ToolsConfigParams` without
    `image_generation_tool_auth_allowed`; this PR does not touch that file.
  • make webrtc the default experience (#17188)
    ## Summary
    - make realtime default to the v2 WebRTC path
    - keep partial realtime config tables inheriting
    `RealtimeConfig::default()`
    
    ## Validation
    - CI found a stale config-test expectation; fixed in 974ba51bb3
    - just fmt
    - git diff --check
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Skip update prompts for source builds (#17186)
    Addresses #17166
    
    Problem: Source builds report version 0.0.0, so the TUI update path can
    treat any released Codex version as upgradeable and show startup or
    popup prompts.
    
    Solution: Skip both TUI update prompt entry points when the running CLI
    version is the source-build sentinel 0.0.0.
  • Default realtime startup to v2 model (#17183)
    - Default realtime sessions to v2 and gpt-realtime-1.5 when no override
    is configured.
    - Add Op::RealtimeConversationStart integration coverage and keep
    v1-specific tests explicit.
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Add TUI notification condition config (#17175)
    Problem: TUI desktop notifications are hard-gated on terminal focus, so
    terminal/IDE hosts that want in-focus notifications cannot opt in.
    
    Solution: Add a flat `[tui] notification_condition` setting (`unfocused`
    by default, `always` opt-in), carry grouped TUI notification settings
    through runtime config, apply method + condition together in the TUI,
    and regenerate the config schema.
  • Add realtime voice selection (#17176)
    - Add realtime voice selection for realtime/start.
    - Expose the supported v1/v2 voice lists and cover explicit, configured,
    default, and invalid voice paths.
  • Move default realtime prompt into core (#17165)
    - Adds a core-owned realtime backend prompt template and preparation
    path.
    - Makes omitted realtime start prompts use the core default, while null
    or empty prompts intentionally send empty instructions.
    - Covers the core realtime path and app-server v2 path with integration
    coverage.
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Fix stale thread-name resume lookups (#16646)
    Addresses #15943
    
    Problem: Name-based resume could stop on a newer session_index entry
    whose rollout was never persisted, shadowing an older saved thread with
    the same name.
    
    Solution: Materialize rollouts before indexing thread names and make
    name lookup skip unresolved entries until it finds a persisted rollout.
  • Support Warp for OSC 9 notifications (#17174)
    Problem: Warp supports OSC 9 notifications, but the TUI's automatic
    notification backend selection did not recognize its
    `TERM_PROGRAM=WarpTerminal` environment value.
    
    Solution: Treat `TERM_PROGRAM=WarpTerminal` as OSC 9-capable when
    choosing the TUI desktop notification backend.
  • Add WebRTC realtime app-server e2e tests (#17093)
    Summary:
    - add app-server WebRTC realtime e2e harness
    - cover v1 handoff and v2 codex tool delegation over sideband
    
    Validation:
    - just fmt
    - git diff --check
    - local tests not run; relying on PR CI
  • Auto-approve MCP server elicitations in Full Access mode (#17164)
    Currently, when a MCP server sends an elicitation to Codex running in
    Full Access (`sandbox_policy: DangerFullAccess` + `approval_policy:
    Never`), the elicitations are auto-cancelled.
    
    This PR updates the automatic handling of MCP elicitations to be
    consistent with other approvals in full-access, where they are
    auto-approved. Because MCP elicitations may actually require user input,
    this mechanism is limited to empty form elicitations.
    
    ## Changeset
    - Add policy helper shared with existing MCP tool call approval
    auto-approve
    - Update `ElicitationRequestManager` to auto-approve elicitations in
    full access when `can_auto_accept_elicitation` is true.
    - Add tests
    
    Co-authored-by: Codex <noreply@openai.com>
  • Update guardian output schema (#17061)
    ## Summary
    - Update guardian output schema to separate risk, authorization,
    outcome, and rationale.
    - Feed guardian rationale into rejection messages.
    - Split the guardian policy into template and tenant-config sections.
    
    ## Validation
    - `cargo test -p codex-core mcp_tool_call`
    - `env -u CODEX_SANDBOX_NETWORK_DISABLED INSTA_UPDATE=always cargo test
    -p codex-core guardian::`
    
    ---------
    
    Co-authored-by: Owen Lin <owen@openai.com>
  • Add top-level exec-server subcommand (#17162)
    ## Summary
    - add a top-level `codex exec-server` subcommand, marked experimental in
    CLI help
    - launch an adjacent or PATH-provided `codex-exec-server`, with a
    source-tree `cargo run -p codex-exec-server --` fallback
    - cover the new subcommand parser path
    
    ## Validation
    - `just fmt`
    - `git diff --check`
    - not run: Rust test suite
    
    Co-authored-by: Codex <noreply@openai.com>
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Attach WebRTC realtime starts to sideband websocket (#17057)
    Summary:
    - parse the realtime call Location header and join that call over the
    direct realtime WebSocket
    - keep WebRTC starts alive on the existing realtime conversation path
    
    Validation:
    - just fmt
    - git diff --check
    - cargo check -p codex-api
    - cargo check -p codex-core --tests
    - local cargo tests not run; relying on PR CI
  • Wire realtime WebRTC native media into Bazel (#17145)
    - Builds codex-realtime-webrtc through the normal Bazel Rust macro so
    native macOS WebRTC sources are included.\n- Shares the macOS -ObjC link
    flag with Bazel targets that can link libwebrtc.
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Fix ToolsConfigParams initializer in tool registry test (#17154)
    ## Summary
    - add the missing `image_generation_tool_auth_allowed` field to the new
    tool registry plan test initializer
    
    ## Validation
    - `just fmt`
    - `cargo test -p codex-tools image_generation`
    - `cargo test -p codex-tools --no-run`
  • Fix missing fields (#17149)
    Fix missing `image_generation_tool_auth_allowed` in two locations.
  • [codex] Support remote exec cwd in TUI startup (#17142)
    When running with remote executor the cwd is the remote path. Today we
    check for existence of a local directory on startup and attempt to load
    config from it.
    
    For remote executors don't do that.
  • Add sandbox support to filesystem APIs (#16751)
    ## Summary
    - add optional `sandboxPolicy` support to the app-server filesystem
    request surface
    - thread sandbox-aware filesystem options through app-server and
    exec-server adapters
    - enforce sandboxed read/write access in the filesystem abstraction with
    focused local and remote coverage
    
    ## Validation
    - `cargo test -p codex-app-server-protocol`
    - `cargo test -p codex-exec-server file_system`
    - `cargo test -p codex-app-server suite::v2::fs`
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • release ready, enabling only for siwc users (#17046)
    **Disabling Image-Gen for Non-SIWC Codex Users**
    
    We are only enabling image-gen feature for SIWC Codex users until there
    comes a fix in ResponsesAPI to omit output from responses.completed, to
    prevent the following issues:
    
    1. websocket blows up due to heavier load (images) than before (text) 
    2. http parser streams through n^2 of n-base64 bytes (sum of base64s of
    all images generated in turn) that causes long delays in
    turn_completion.
  • fix(debug-config, guardian): fix /debug-config rendering and guardian… (#17138)
    ## Description
    
    This PR fixes `/debug-config` so it shows more of the active
    requirements state, including reviewer requirements and managed feature
    pins. This made it clear that legacy MDM config was setting
    `approvals_reviewer = "guardian_subagent"` and that we were translating
    that into a requirements constraint.
    
    Also, translate `approvals_reviewer = "guardian_subagent"` (from legacy
    managed_config.toml) to `allowed_approvals_reviewers: guardian_subagent,
    user` instead of `allowed_approvals_reviewers: guardian_subagent`.
    
    Example `/debug-config`:
    ```
    Config layer stack (lowest precedence first):
      1. system (/etc/codex/config.toml) (enabled)
      2. user (/Users/owen/.codex/config.toml) (enabled)
      3. project (/Users/owen/repos/codex/.codex/config.toml) (enabled)
      4. legacy managed_config.toml (MDM) (enabled)
         MDM value:
           ...
    
           # Enable Guardian Mode
           features.guardian_approval = true
           approvals_reviewer = "guardian_subagent"
    
    Requirements:
      - allowed_approvals_reviewers: guardian_subagent, user (source: MDM managed_config.toml (legacy))
      - features: apps=true, plugins=true (source: cloud requirements)
    ```
    
    Before this PR, the `Requirements` section showed None.
  • Use AbsolutePathBuf for exec cwd plumbing (#17063)
    ## Summary
    - Carry `AbsolutePathBuf` through tool cwd parsing/resolution instead of
    resolving workdirs to raw `PathBuf`s.
    - Type exec/sandbox request cwd fields as `AbsolutePathBuf` through
    `ExecParams`, `ExecRequest`, `SandboxCommand`, and unified exec runtime
    requests.
    - Keep `PathBuf` conversions at external/event boundaries and update
    existing tests/fixtures for the typed cwd.
    
    ## Validation
    - `cargo check -p codex-core --tests`
    - `cargo check -p codex-sandboxing --tests`
    - `cargo test -p codex-sandboxing`
    - `cargo test -p codex-core --lib tools::handlers::`
    - `just fix -p codex-sandboxing`
    - `just fix -p codex-core`
    - `just fmt`
    
    Full `codex-core` test suite was not run locally; per repo guidance I
    kept local validation targeted.
  • Add WebRTC media transport to realtime TUI (#17058)
    Adds the `[realtime].transport = "webrtc"` TUI media path using a new
    `codex-realtime-webrtc` crate, while leaving app-server as the
    signaling/event source.\n\nLocal checks: fmt, diff-check, dependency
    tree only; test signal should come from CI.
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • [mcp] Support server-driven elicitations (#17043)
    - [x] Enables MCP elicitation for custom servers, not just Codex Apps
    - [x] Adds an RMCP service wrapper to preserve elicitation _meta
    - [x] Round-trips response _meta for persist/approval choices
    - [x] Updates TUI empty-schema elicitations into message-only approval
    prompts
  • Add realtime transport config (#17097)
    Adds realtime.transport config with websocket as the default and webrtc
    wired through the effective config.
    
    Co-authored-by: Codex <noreply@openai.com>
  • Skip MCP auth probing for disabled servers (#17098)
    Addresses #16971
    
    Problem: Disabled MCP servers were still queried for streamable HTTP
    auth status during MCP inventory, so unreachable disabled entries could
    add startup latency.
    
    Solution: Return `Unsupported` immediately for disabled MCP server
    configs before bearer token/OAuth status discovery.
  • Fix TUI crash when resuming the current thread (#17086)
    Problem: Resuming the live TUI thread through `/resume` could
    unsubscribe and reconnect the same app-server thread, leaving the UI
    crashed or disconnected.
    
    Solution: No-op `/resume` only when the selected thread is the currently
    attached active thread; keep the normal resume path for
    stale/displayed-only threads so recovery and reattach still work.
  • Show global AGENTS.md in /status (#17091)
    Addresses #3793
    
    Problem: /status only reported project-level AGENTS files, so sessions
    with a loaded global $CODEX_HOME/AGENTS.md still showed Agents.md as
    <none>.
    
    Solution: Track the global instructions file loaded during config
    initialization and prepend that path to the /status Agents.md summary,
    with coverage for AGENTS.md, AGENTS.override.md, and global-plus-project
    ordering.
  • Configure multi_agent_v2 spawn agent hints (#17071)
    Allow multi_agent_v2 features to have its own temporary configuration
    under `[features.multi_agent_v2]`
    
    ```
    [features.multi_agent_v2]
    enabled = true
    usage_hint_enabled = false
    usage_hint_text = "Custom delegation guidance."
    hide_spawn_agent_metadata = true
    ```
    
    Absent `usage_hint_text` means use the default hint.
    
    ```
    [features]
    multi_agent_v2 = true
    ```
    
    still works as the boolean shorthand.
  • codex debug 14 (guardian approved) (#17130)
    Removes lines 92-98 from core/templates/agents/orchestrator.md.
  • codex debug 12 (guardian approved) (#17128)
    Removes lines 78-84 from core/templates/agents/orchestrator.md.
  • codex debug 10 (guardian approved) (#17126)
    Removes lines 64-70 from core/templates/agents/orchestrator.md.
  • codex debug 8 (guardian approved) (#17124)
    Removes lines 50-56 from core/templates/agents/orchestrator.md.
  • codex debug 6 (guardian approved) (#17122)
    Removes lines 36-42 from core/templates/agents/orchestrator.md.
  • codex debug 4 (guardian approved) (#17120)
    Removes lines 22-28 from core/templates/agents/orchestrator.md.
  • codex debug 2 (guardian approved) (#17118)
    Removes lines 8-14 from core/templates/agents/orchestrator.md.
  • codex debug 15 (guardian approved) (#17131)
    Removes lines 99-106 from core/templates/agents/orchestrator.md.
  • codex debug 13 (guardian approved) (#17129)
    Removes lines 85-91 from core/templates/agents/orchestrator.md.
  • codex debug 11 (guardian approved) (#17127)
    Removes lines 71-77 from core/templates/agents/orchestrator.md.
  • codex debug 9 (guardian approved) (#17125)
    Removes lines 57-63 from core/templates/agents/orchestrator.md.
  • codex debug 7 (guardian approved) (#17123)
    Removes lines 43-49 from core/templates/agents/orchestrator.md.
  • codex debug 5 (guardian approved) (#17121)
    Removes lines 29-35 from core/templates/agents/orchestrator.md.
  • codex debug 3 (guardian approved) (#17119)
    Removes lines 15-21 from core/templates/agents/orchestrator.md.
  • codex debug 1 (guardian approved) (#17117)
    Removes lines 1-7 from core/templates/agents/orchestrator.md.
  • feat: single app-server bootstrap in TUI (#16582)
    Before this, the TUI was starting 2 app-server. One to check the login
    status and one to actually start the session
    
    This PR make only one app-server startup and defer the login check in
    async, outside of the frame rendering path
    
    ---------
    
    Co-authored-by: Codex <noreply@openai.com>
  • Support anyOf and enum in JsonSchema (#16875)
    This brings us into better alignment with the JSON schema subset that is
    supported in
    <https://developers.openai.com/api/docs/guides/structured-outputs#supported-schemas>,
    and also allows us to render richer function signatures in code mode
    (e.g., anyOf{null, OtherObjectType})
  • Remove obsolete codex-cli README (#17096)
    Problem: codex-cli/README.md is obsolete and confusing to keep around.
    
    Solution: Delete codex-cli/README.md so the stale README is no longer
    present in the repository.