Commit Graph

1436 Commits

  • Fix status usage ratio (#4584)
    1. Removes "Token usage" line for chatgpt sub users
    2. Adds the word "used" to the context window line
  • fix: handle JSON Schema in additionalProperties for MCP tools (#4454)
    Fixes #4176
    
    Some common tools provide a schema (even if just an empty object schema)
    as the value for `additionalProperties`. The parsing as it currently
    stands fails when it encounters this. This PR updates the schema to
    accept a schema object in addition to a boolean value, per the JSON
    Schema spec.
  • Support CODEX_API_KEY for codex exec (#4615)
    Allows to set API key per invocation of `codex exec`
  • fix: update the gpt-5-codex prompt to be more explicit that it should always used fenced code blocks info tags (#4569)
    We get spurrious reports that the model writes fenced code blocks
    without an info tag which then causes auto-language detection in the
    extension to incorrectly highlight the code and show the wrong language.
    The model should really always include a tag when it can.
  • Store settings on the thread instead of turn (#4579)
    It's much more common to keep the same settings for the entire
    conversation, we can add per-turn overrides later.
  • Include request ID in the error message (#4572)
    To help with issue debugging
    <img width="1414" height="253" alt="image"
    src="https://github.com/user-attachments/assets/254732df-44ac-4252-997a-6c5e0927355b"
    />
  • canonicalize display of Agents.md paths on Windows. (#4577)
    Canonicalize path on Windows to 
    - remove unattractive path prefixes such as `\\?\`
    - simplify it (`../AGENTS.md` vs
    `C:\Users\iceweasel\code\coded\Agents.md`)
    before: <img width="1110" height="45" alt="Screenshot 2025-10-01 123520"
    src="https://github.com/user-attachments/assets/48920ae6-d89c-41b8-b4ea-df5c18fb5fad"
    />
    
    after: 
    <img width="585" height="46" alt="Screenshot 2025-10-01 123612"
    src="https://github.com/user-attachments/assets/70a1761a-9d97-4836-b14c-670b6f13e608"
    />
  • rework patch/exec approval UI (#4573)
    | Scenario | Screenshot |
    | ---------------------- |
    ----------------------------------------------------------------------------------------------------------------------------------------------------
    |
    | short patch | <img width="1096" height="533" alt="short patch"
    src="https://github.com/user-attachments/assets/8a883429-0965-4c0b-9002-217b3759b557"
    /> |
    | short command | <img width="1096" height="533" alt="short command"
    src="https://github.com/user-attachments/assets/901abde8-2494-4e86-b98a-7cabaf87ca9c"
    /> |
    | long patch | <img width="1129" height="892" alt="long patch"
    src="https://github.com/user-attachments/assets/fa799a29-a0d6-48e6-b2ef-10302a7916d3"
    /> |
    | long command | <img width="1096" height="892" alt="long command"
    src="https://github.com/user-attachments/assets/11ddf79b-98cb-4b60-ac22-49dfa7779343"
    /> |
    | viewing complete patch | <img width="1129" height="892" alt="viewing
    complete patch"
    src="https://github.com/user-attachments/assets/81666958-af94-420e-aa66-b60d0a42b9db"
    /> |
  • Add initial set of doc comments to the SDK (#4513)
    Also perform minor code cleanup.
  • Explicit node imports (#4567)
    To help with compatibility
  • Fix hang on second oauth login attempt (#4568)
    This PR fixes a bug that results in a hang in the oauth login flow if a
    user logs in, then logs out, then logs in again without first closing
    the browser window.
    
    Root cause of problem: We use a local web server for the oauth flow, and
    it's implemented using the `tiny_http` rust crate. During the first
    login, a socket is created between the browser and the server. The
    `tiny_http` library creates worker threads that persist for as long as
    this socket remains open. Currently, there's no way to close the
    connection on the server side — the library provides no API to do this.
    The library also filters all "Connect: close" headers, which makes it
    difficult to tell the client browser to close the connection. On the
    second login attempt, the browser uses the existing connection rather
    than creating a new one. Since that connection is associated with a
    server instance that no longer exists, it is effectively ignored.
    
    I considered switching from `tiny_http` to a different web server
    library, but that would have been a big change with significant
    regression risk. This PR includes a more surgical fix that works around
    the limitation of `tiny_http` and sends a "Connect: close" header on the
    last "success" page of the oauth flow.
  • fix: use number instead of bigint for the generated TS for RequestId (#4575)
    Before this PR:
    
    ```typescript
    export type RequestId = string | bigint;
    ```
    
    After:
    
    ```typescript
    export type RequestId = string | number;
    ```
    
    `bigint` introduces headaches in TypeScript without providing any real
    value.
  • fix ctr-n hint (#4566)
    don't show or enable ctr-n to choose best of n while not in the composer
  • feat: add --emergency-version-override option to create_github_release script (#4556)
    I just had to use this like so:
    
    ```
    ./codex-rs/scripts/create_github_release --publish-alpha --emergency-version-override 0.43.0-alpha.10
    ```
    
    because the build for `0.43.0-alpha.9` failed:
    
    https://github.com/openai/codex/actions/runs/18167317356
  • SDK: support working directory and skipGitRepoCheck options (#4563)
    Make options not required, add support for working directory and
    skipGitRepoCheck options on the turn
  • Fall back to configured instruction files if AGENTS.md isn't available (#4544)
    Allow users to configure an agents.md alternative to consume, but warn
    the user it may degrade model performance.
    
    Fixes #4376
  • Show context window usage while tasks run (#4536)
    ## Summary
    - show the remaining context window percentage in `/status` alongside
    existing token usage details
    - replace the composer shortcut prompt with the context window
    percentage (or an unavailable message) while a task is running
    - update TUI snapshots to reflect the new context window line
    
    ## Testing
    - cargo test -p codex-tui
    
    ------
    https://chatgpt.com/codex/tasks/task_i_68dc6e7397ac8321909d7daff25a396c
  • Show placeholder for commands with no output (#4509)
    ## Summary
    - show a dim “(no output)” placeholder when an executed command produces
    no stdout or stderr so empty runs are visible
    - update TUI snapshots to include the new placeholder in history
    renderings
    
    ## Testing
    - cargo test -p codex-tui
    
    
    ------
    https://chatgpt.com/codex/tasks/task_i_68dc056c1d5883218fe8d9929e9b1657
  • Handle trailing backslash properly (#4559)
    **Summary**
    
    This PR fixes an issue in the device code login flow where trailing
    slashes in the issuer URL could cause malformed URLs during codex token
    exchange step
    
    
    **Test**
    
    
    Before the changes
    
    `Error logging in with device code: device code exchange failed: error
    decoding response body`
    
    After the changes
    
    `Successfully logged in`
  • implement command safety for PowerShell commands (#4269)
    Implement command safety for PowerShell commands on Windows
    
    This change adds a new Windows-specific command-safety module under
    `codex-rs/core/src/command_safety/windows_safe_commands.rs` to strictly
    sanitise PowerShell invocations. Key points:
    
    - Introduce `is_safe_command_windows()` to only allow explicitly
    read-only PowerShell calls.
    - Parse and split PowerShell invocations (including inline `-Command`
    scripts and pipelines).
    - Block unsafe switches (`-File`, `-EncodedCommand`, `-ExecutionPolicy`,
    unknown flags, call operators, redirections, separators).
    - Whitelist only read-only cmdlets (`Get-ChildItem`, `Get-Content`,
    `Select-Object`, etc.), safe Git subcommands (`status`, `log`, `show`,
    `diff`, `cat-file`), and ripgrep without unsafe options.
    - Add comprehensive unit tests covering allowed and rejected command
    patterns (nested calls, side effects, chaining, redirections).
    
    This ensures Codex on Windows can safely execute discover-only
    PowerShell workflows without risking destructive operations.
  • fix: pnpm/action-setup@v4 should run before actions/setup-node@v5 (#4555)
    `rust-release.yml` just failed:
    
    https://github.com/openai/codex/actions/runs/18167317356/job/51714366768
    
    The error is:
    
    > Error: Unable to locate executable file: pnpm. Please verify either
    the file path exists or the file can be found within a directory
    specified by the PATH environment variable. Also check the file mode to
    verify the file is executable.
    
    We need to install `pnpm` first like we do in `ci.yml`:
    
    
    https://github.com/openai/codex/blob/f815157dd9d02377f827c0b6cd1cd1d0386461f8/.github/workflows/ci.yml#L17-L25
  • chore: introduce publishing logic for @openai/codex-sdk (#4543)
    There was a bit of copypasta I put up with when were publishing two
    packages to npm, but now that it's three, I created some more scripts to
    consolidate things.
    
    With this change, I ran:
    
    ```shell
    ./scripts/stage_npm_packages.py --release-version 0.43.0-alpha.8 --package codex --package codex-responses-api-proxy --package codex-sdk
    ```
    
    Indeed when it finished, I ended up with:
    
    ```shell
    $ tree dist
    dist
    └── npm
        ├── codex-npm-0.43.0-alpha.8.tgz
        ├── codex-responses-api-proxy-npm-0.43.0-alpha.8.tgz
        └── codex-sdk-npm-0.43.0-alpha.8.tgz
    $ tar tzvf dist/npm/codex-sdk-npm-0.43.0-alpha.8.tgz
    -rwxr-xr-x  0 0      0    25476720 Oct 26  1985 package/vendor/aarch64-apple-darwin/codex/codex
    -rwxr-xr-x  0 0      0    29871400 Oct 26  1985 package/vendor/aarch64-unknown-linux-musl/codex/codex
    -rwxr-xr-x  0 0      0    28368096 Oct 26  1985 package/vendor/x86_64-apple-darwin/codex/codex
    -rwxr-xr-x  0 0      0    36029472 Oct 26  1985 package/vendor/x86_64-unknown-linux-musl/codex/codex
    -rw-r--r--  0 0      0       10926 Oct 26  1985 package/LICENSE
    -rw-r--r--  0 0      0    30187520 Oct 26  1985 package/vendor/aarch64-pc-windows-msvc/codex/codex.exe
    -rw-r--r--  0 0      0    35277824 Oct 26  1985 package/vendor/x86_64-pc-windows-msvc/codex/codex.exe
    -rw-r--r--  0 0      0        4842 Oct 26  1985 package/dist/index.js
    -rw-r--r--  0 0      0        1347 Oct 26  1985 package/package.json
    -rw-r--r--  0 0      0        9867 Oct 26  1985 package/dist/index.js.map
    -rw-r--r--  0 0      0          12 Oct 26  1985 package/README.md
    -rw-r--r--  0 0      0        4287 Oct 26  1985 package/dist/index.d.ts
    ```
  • chore: sanbox extraction (#4286)
    # Extract and Centralize Sandboxing
    - Goal: Improve safety and clarity by centralizing sandbox planning and
    execution.
      - Approach:
    - Add planner (ExecPlan) and backend registry (Direct/Seatbelt/Linux)
    with run_with_plan.
    - Refactor codex.rs to plan-then-execute; handle failures/escalation via
    the plan.
    - Delegate apply_patch to the codex binary and run it with an empty env
    for determinism.
  • Fix Callback URL for staging and prod environments (#4533)
    # External (non-OpenAI) Pull Request Requirements
    
    Before opening this Pull Request, please read the dedicated
    "Contributing" markdown file or your PR may be closed:
    https://github.com/openai/codex/blob/main/docs/contributing.md
    
    If your PR conforms to our contribution guidelines, replace this text
    with a detailed and high quality description of your changes.
  • fix: remove mcp-types from app server protocol (#4537)
    We continue the separation between `codex app-server` and `codex
    mcp-server`.
    
    In particular, we introduce a new crate, `codex-app-server-protocol`,
    and migrate `codex-rs/protocol/src/mcp_protocol.rs` into it, renaming it
    `codex-rs/app-server-protocol/src/protocol.rs`.
    
    Because `ConversationId` was defined in `mcp_protocol.rs`, we move it
    into its own file, `codex-rs/protocol/src/conversation_id.rs`, and
    because it is referenced in a ton of places, we have to touch a lot of
    files as part of this PR.
    
    We also decide to get away from proper JSON-RPC 2.0 semantics, so we
    also introduce `codex-rs/app-server-protocol/src/jsonrpc_lite.rs`, which
    is basically the same `JSONRPCMessage` type defined in `mcp-types`
    except with all of the `"jsonrpc": "2.0"` removed.
    
    Getting rid of `"jsonrpc": "2.0"` makes our serialization logic
    considerably simpler, as we can lean heavier on serde to serialize
    directly into the wire format that we use now.
  • Add executable detection and export Codex from the SDK (#4532)
    Executable detection uses the same rules as the codex wrapper.
  • fix: use macros to ensure request/response symmetry (#4529)
    Manually curating `protocol-ts/src/lib.rs` was error-prone, as expected.
    I finally asked Codex to write some Rust macros so we can ensure that:
    
    - For every variant of `ClientRequest` and `ServerRequest`, there is an
    associated `params` and `response` type.
    - All response types are included automatically in the output of `codex
    generate-ts`.
  • Remove legacy codex exec --json format (#4525)
    `codex exec --json` now maps to the behavior of `codex exec
    --experimental-json` with new event and item shapes.
    
    Thread events:
    - thread.started
    - turn.started
    - turn.completed
    - turn.failed
    - item.started
    - item.updated
    - item.completed
    
    Item types: 
    - assistant_message
    - reasoning
    - command_execution
    - file_change
    - mcp_tool_call
    - web_search
    - todo_list
    - error
    
    Sample output:
    
    <details>
    `codex exec "list my assigned github issues"  --json | jq`
    
    ```
    {
      "type": "thread.started",
      "thread_id": "01999ce5-f229-7661-8570-53312bd47ea3"
    }
    {
      "type": "turn.started"
    }
    {
      "type": "item.completed",
      "item": {
        "id": "item_0",
        "item_type": "reasoning",
        "text": "**Planning to list assigned GitHub issues**"
      }
    }
    {
      "type": "item.started",
      "item": {
        "id": "item_1",
        "item_type": "mcp_tool_call",
        "server": "github",
        "tool": "search_issues",
        "status": "in_progress"
      }
    }
    {
      "type": "item.completed",
      "item": {
        "id": "item_1",
        "item_type": "mcp_tool_call",
        "server": "github",
        "tool": "search_issues",
        "status": "completed"
      }
    }
    {
      "type": "item.completed",
      "item": {
        "id": "item_2",
        "item_type": "reasoning",
        "text": "**Organizing final message structure**"
      }
    }
    {
      "type": "item.completed",
      "item": {
        "id": "item_3",
        "item_type": "assistant_message",
        "text": "**Assigned Issues**\n- openai/codex#3267 – “stream error: stream disconnected before completion…” (bug) – last update 2025-09-08\n- openai/codex#3257 – “You've hit your usage limit. Try again in 4 days 20 hours 9 minutes.” – last update 2025-09-23\n- openai/codex#3054 – “reqwest SSL panic (library has no ciphers)” (bug) – last update 2025-09-03\n- openai/codex#3051 – “thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:53:5:” (bug) – last update 2025-09-10\n- openai/codex#3004 – “Auto-compact when approaching context limit” (enhancement) – last update 2025-09-26\n- openai/codex#2916 – “Feature request: Add OpenAI service tier support for cost optimization” – last update 2025-09-12\n- openai/codex#1581 – “stream error: stream disconnected before completion: stream closed before response.complete; retrying...” (bug) – last update 2025-09-17"
      }
    }
    {
      "type": "turn.completed",
      "usage": {
        "input_tokens": 34785,
        "cached_input_tokens": 12544,
        "output_tokens": 560
      }
    }
    ```
    
    </details>
  • wrap markdown at render time (#4506)
    This results in correctly indenting list items with long lines.
    
    <img width="1006" height="251" alt="Screenshot 2025-09-30 at 10 00
    48 AM"
    src="https://github.com/user-attachments/assets/0a076cf6-ca3c-4efb-b3af-dc07617cdb6f"
    />
  • fix: enable process hardening in Codex CLI for release builds (#4521)
    I don't believe there is any upside in making process hardening opt-in
    for Codex CLI releases. If you want to tinker with Codex CLI, then build
    from source (or run as `root`)?
  • fix: clean up TypeScript exports (#4518)
    Fixes:
    
    - Removed overdeclaration of types that were unnecessary because they
    were already included by induction.
    - Reordered list of response types to match the enum order, making it
    easier to identify what was missing.
    - Added `ExecArbitraryCommandResponse` because it was missing.
    - Leveraged `use codex_protocol::mcp_protocol::*;` to make the file more
    readable.
    - Removed crate dependency on `mcp-types` now that we have separate the
    app server from the MCP server:
    https://github.com/openai/codex/pull/4471
    
    My next move is to come up with some scheme that ensures request types
    always have a response type and that the response type is automatically
    included with the output of `codex generate-ts`.
  • fix: ensure every variant of ClientRequest has a params field (#4512)
    This ensures changes the generated TypeScript type for `ClientRequest`
    so that instead of this:
    
    ```typescript
    /**
     * Request from the client to the server.
     */
    export type ClientRequest =
      | { method: "initialize"; id: RequestId; params: InitializeParams }
      | { method: "newConversation"; id: RequestId; params: NewConversationParams }
      // ...
      | { method: "getUserAgent"; id: RequestId }
      | { method: "userInfo"; id: RequestId }
      // ...
    ```
    
    we have this:
    
    ```typescript
    /**
     * Request from the client to the server.
     */
    export type ClientRequest =
      | { method: "initialize"; id: RequestId; params: InitializeParams }
      | { method: "newConversation"; id: RequestId; params: NewConversationParams }
      // ...
      | { method: "getUserAgent"; id: RequestId; params: undefined }
      | { method: "userInfo"; id: RequestId; params: undefined }
      // ...
    ```
    
    which makes TypeScript happier when it comes to destructuring instances
    of `ClientRequest` because it does not complain about `params` not being
    guaranteed to exist anymore.
  • Wire up web search item (#4511)
    Add handling for web search events.
  • chore: prompt update to enforce good usage of apply_patch (#3846)
    Update prompt to prevent codex to use Python script or fancy commands to
    edit files.
    
    ## Testing:
    3 scenarios have been considered:
    1. Rename codex to meca_code. Proceed to the whole refactor file by
    file. Don't ask for approval at each step
    2. Add a description to every single function you can find in the repo
    3. Rewrite codex.rs in a more idiomatic way. Make sure to touch ONLY
    this file and that clippy does not complain at the end
    
    Before this update, 22% (estimation as it's sometimes hard to find all
    the creative way the model find to edit files) of the file editions
    where made using something else than a raw `apply_patch`
    
    After this update, not a single edition without `apply_patch` was found
    
    [EDIT]
    I managed to have a few `["bash", "-lc", "apply_path"]` when reaching <
    10% context left
  • Named args for custom prompts (#4474)
    Here's the logic:
    
    1. If text is empty and selector is open:
    - Enter on a prompt without args should autosubmit the prompt
    - Enter on a prompt with numeric args should add `/prompts:name ` to the
    text input
    - Enter on a prompt with named args should add `/prompts:name ARG1=""
    ARG2=""` to the text input
    2. If text is not empty but no args are passed:
    - For prompts with numeric args -> we allow it to submit (params are
    optional)
    - For prompts with named args -> we throw an error (all params should
    have values)
    
    <img width="454" height="246" alt="Screenshot 2025-09-23 at 2 23 21 PM"
    src="https://github.com/user-attachments/assets/fd180a1b-7d17-42ec-b231-8da48828b811"
    />
  • Add cloud tasks (#3197)
    Adds a TUI for managing, applying, and creating cloud tasks
  • fix: separate codex mcp into codex mcp-server and codex app-server (#4471)
    This is a very large PR with some non-backwards-compatible changes.
    
    Historically, `codex mcp` (or `codex mcp serve`) started a JSON-RPC-ish
    server that had two overlapping responsibilities:
    
    - Running an MCP server, providing some basic tool calls.
    - Running the app server used to power experiences such as the VS Code
    extension.
    
    This PR aims to separate these into distinct concepts:
    
    - `codex mcp-server` for the MCP server
    - `codex app-server` for the "application server"
    
    Note `codex mcp` still exists because it already has its own subcommands
    for MCP management (`list`, `add`, etc.)
    
    The MCP logic continues to live in `codex-rs/mcp-server` whereas the
    refactored app server logic is in the new `codex-rs/app-server` folder.
    Note that most of the existing integration tests in
    `codex-rs/mcp-server/tests/suite` were actually for the app server, so
    all the tests have been moved with the exception of
    `codex-rs/mcp-server/tests/suite/mod.rs`.
    
    Because this is already a large diff, I tried not to change more than I
    had to, so `codex-rs/app-server/tests/common/mcp_process.rs` still uses
    the name `McpProcess` for now, but I will do some mechanical renamings
    to things like `AppServer` in subsequent PRs.
    
    While `mcp-server` and `app-server` share some overlapping functionality
    (like reading streams of JSONL and dispatching based on message types)
    and some differences (completely different message types), I ended up
    doing a bit of copypasta between the two crates, as both have somewhat
    similar `message_processor.rs` and `outgoing_message.rs` files for now,
    though I expect them to diverge more in the near future.
    
    One material change is that of the initialize handshake for `codex
    app-server`, as we no longer use the MCP types for that handshake.
    Instead, we update `codex-rs/protocol/src/mcp_protocol.rs` to add an
    `Initialize` variant to `ClientRequest`, which takes the `ClientInfo`
    object we need to update the `USER_AGENT_SUFFIX` in
    `codex-rs/app-server/src/message_processor.rs`.
    
    One other material change is in
    `codex-rs/app-server/src/codex_message_processor.rs` where I eliminated
    a use of the `send_event_as_notification()` method I am generally trying
    to deprecate (because it blindly maps an `EventMsg` into a
    `JSONNotification`) in favor of `send_server_notification()`, which
    takes a `ServerNotification`, as that is intended to be a custom enum of
    all notification types supported by the app server. So to make this
    update, I had to introduce a new variant of `ServerNotification`,
    `SessionConfigured`, which is a non-backwards compatible change with the
    old `codex mcp`, and clients will have to be updated after the next
    release that contains this PR. Note that
    `codex-rs/app-server/tests/suite/list_resume.rs` also had to be update
    to reflect this change.
    
    I introduced `codex-rs/utils/json-to-toml/src/lib.rs` as a small utility
    crate to avoid some of the copying between `mcp-server` and
    `app-server`.
  • Move PR-style review to top (#4486)
    <img width="469" height="330" alt="Screenshot 2025-09-29 at 10 31 22 PM"
    src="https://github.com/user-attachments/assets/b5e20a08-85b4-4095-8a7f-0f58d1195b7e"
    />
  • SDK CI (#4483)
    Build debug codex in SDK configuration
  • Set originator for codex exec (#4485)
    Distinct from the main CLI.
  • Add MCP tool call item to codex exec (#4481)
    No arguments/results for now.
    ```
    {
      "type": "item.started",
      "item": {
        "id": "item_1",
        "item_type": "mcp_tool_call",
        "server": "github",
        "tool": "search_issues",
        "status": "in_progress"
      }
    }
    {
      "type": "item.completed",
      "item": {
        "id": "item_1",
        "item_type": "mcp_tool_call",
        "server": "github",
        "tool": "search_issues",
        "status": "completed"
      }
    }
    ```
  • Rakesh/support device auth (#3531)
    # External (non-OpenAI) Pull Request Requirements
    
    Before opening this Pull Request, please read the dedicated
    "Contributing" markdown file or your PR may be closed:
    https://github.com/openai/codex/blob/main/docs/contributing.md
    
    If your PR conforms to our contribution guidelines, replace this text
    with a detailed and high quality description of your changes.
    
    # test
    
    ```
    codex-rs % export CODEX_DEVICE_AUTH_BASE_URL=http://localhost:3007
    codex-rs % cargo run --bin codex login --experimental_use-device-code
       Compiling codex-login v0.0.0 (/Users/rakesh/code/codex/codex-rs/login)
       Compiling codex-mcp-server v0.0.0 (/Users/rakesh/code/codex/codex-rs/mcp-server)
       Compiling codex-tui v0.0.0 (/Users/rakesh/code/codex/codex-rs/tui)
       Compiling codex-cli v0.0.0 (/Users/rakesh/code/codex/codex-rs/cli)
        Finished `dev` profile [unoptimized + debuginfo] target(s) in 2.90s
         Running `target/debug/codex login --experimental_use-device-code`
    To authenticate, enter this code when prompted: 6Q27-KBVRF with interval 5
    ^C
    
    ```
    
    The error in the last line is since the poll endpoint is not yet
    implemented