Commit Graph

261 Commits

  • fix: handle invalid commands (#304)
    ### What is added?
    
    I extend the if-else blocks with an additional condition where the
    commands validity is checked. This only applies for entered inputs that
    start with '/' and are a single word. This isn't necessarily restrictive
    from the previous behavior of the program. When an invalid command is
    detected, an error message is printed with a direction to retrieve
    command list.
    
    ### Why is it added?
    
    There are three main reasons for this change 
    
    **1. Model Hallucination**: When invalid commands are passed as prompts
    to models, models hallucinate behavior. Since there was a fall through
    in invalid commands, the models took these as prompts and hallucinated
    that they completed the prompted task. An example of this behavior is
    below. In the case of this example, the model though they had access to
    `/clearhistory` tool where in reality that isn't the case.
    A before and after effect of this tool is below:
    
    ![img](https://github.com/user-attachments/assets/3166f151-d5d0-46d6-9ba7-c7e64ff35e4a)
    
    ![img2](https://github.com/user-attachments/assets/69934306-af68-423d-a5f0-9d922be01d27)
    
    
    **2. Saves Users Credits and Time**: Since false commands and invalid
    commands aren't processed by the model, the user doesn't spend money on
    stuff that could have been mitigated much easily. The time argument is
    especially applicable for reasoning models.
    
    **3. Saves GPU Time**: GPU time is valuable, and it is not necessary to
    spend it on unnecessary/invalid requests.
    
    ### Code Explanation
    
    If no command is matched, we check if the inputValue start with `/`
    which indicated the input is a command (I will address the case where it
    is isn't below). If the inputValue start with `/` we enter the else if
    statement. I used a nested if statement for readability and further
    extendability in the future.
    
    There are alternative ways to check besides regex, but regex is a short
    code and looks clean.
    
    **Check Conditions**: The reason why I only check single word(command)
    case is that to allow prompts where the user might decide to start with
    `/` and aren't commands. The nested if statements also come in handy
    where in the future other contributors might want to extend this
    checking.
    
    The code passes type, lint and test checks.
  • feat: add /compact (#289)
    Added the ability to compact. Not sure if I should switch the model over
    to gpt-4.1 for longer context or if keeping the current model is fine.
    Also I'm not sure if setting the compacted to system is best practice,
    would love feedback 😄
    
    Mentioned in this issue: https://github.com/openai/codex/issues/230
  • bump(version): 0.1.2504161551 (#254)
    Bump version
    
    ---------
    
    Signed-off-by: Fouad Matin <fouad@openai.com>
    Co-authored-by: Jon Church <me@jonchurch.com>
  • fix: standardize filename to kebab-case 🐍➡️🥙 (#302)
    Probably not the most exciting PR you’ll get today, but I noticed that
    every file in the repo follows kebab-case… except one brave little
    underscore in `cli_singlepass.tsx`.
    
    So I made the world a little more consistent. Just a filename rename —
    no logic changes, no semicolons harmed
    
    Didn’t touch any code, I promise. Just bringing order to the filesystem
    — one hyphen at a time.
  • feat(bin): support bun fallback runtime for codex CLI (#282)
    This PR adds a shell wrapper in `codex-cli/bin/codex` to detect node or
    bun as the runtime.
    
    It updates:
    - `package.json` bin entry
    - published files list to include bin/
    - README install instructions to include `bun install -g @openai/codex`
  • fix: add empty vite config file to prevent resolving to parent (#273)
    Hi, when I tried to run the tests in the cloned repo I got an error from
    vitest trying to get the vite.config.ts from the parent folder. I don't
    know why this it not happening to more people but this fixed it, so
    maybe it is useful for someone else.
  • chore: consolidate patch prefix constants in apply‑patch.ts (#274)
    This PR replaces all hard‑coded patch markers in apply‑patch.ts with the
    corresponding constants (now) exported from parse‑apply‑patch.ts.
    
    Changes
    • Import PATCH_PREFIX, PATCH_SUFFIX, ADD_FILE_PREFIX,
    DELETE_FILE_PREFIX, UPDATE_FILE_PREFIX, MOVE_FILE_TO_PREFIX,
    END_OF_FILE_PREFIX, and HUNK_ADD_LINE_PREFIX from parse‑apply‑patch.ts.
    	•	Remove duplicate string literals for patch markers in apply‑patch.ts.
    • Changed is_done() to trim the input to account for the slight
    difference between the variables.
    
    Why
    • DRY & Consistency: Ensures a single source of truth for patch
    prefixes.
    • Maintainability: Simplifies future updates to prefix values by
    centralizing them.
    	•	Readability: Makes the code more declarative and self‑documenting.
    
    All tests are passing, lint and format was ran.
  • fix: duplicated message on model change (#276)
    Problem:
    Pressing "Enter" could trigger the selection logic twice—once from the
    text box and once from the list of options—causing the model to switch
    twice.
    
    Fix:
    Now, the text box only handles "Enter" if there are no options in the
    list. If options are present, only the list handles "Enter." This
    prevents the selection from happening twice.
    
    before:
    
    
    https://github.com/user-attachments/assets/ae02f864-2f33-42c0-bd99-dee2d0d107ad
    
    after:
    
    
    https://github.com/user-attachments/assets/b656ed19-32a2-4218-917b-9af630a4fb2f
  • feat: update position of cursor when navigating input history with arrow keys to the end of the text (#255)
    Updated the position of the cursor on the user input box to be at the
    end of the text when the user uses the arrow keys to navigate through
    the input history in order to better match the behavior of a terminal.
  • feat: add notifications for MacOS using Applescript (#160)
    yolo'ed it with codex. Let me know if this looks good to you.
    
    https://github.com/openai/codex/issues/148
    
    tested with:
    ```
    npm run build:dev
    ```
    
    <img width="377" alt="Screenshot 2025-04-16 at 18 12 01"
    src="https://github.com/user-attachments/assets/79aa799b-b0b9-479d-84f1-bfb83d34bfb9"
    />
  • feat: enhance image path detection in input processing (#189)
    I wanted to be able to drag and drop images while in the chat. Here it
    is.
    
    I have read the CLA Document and I hereby sign the CLA
  • add support for -w,--writable-root to add more writable roots for sandbox (#263)
    This adds support for a new flag, `-w,--writable-root`, that can be
    specified multiple times to _amend_ the list of folders that should be
    configured as "writable roots" by the sandbox used in `full-auto` mode.
    Values that are passed as relative paths will be resolved to absolute
    paths.
    
    Incidentally, this required updating a number of the `agent*.test.ts`
    files: it feels like some of the setup logic across those tests could be
    consolidated.
    
    In my testing, it seems that this might be slightly out of distribution
    for the model, as I had to explicitly tell it to run `apply_patch` and
    that it had the permissions to write those files (initially, it just
    showed me a diff and told me to apply it myself). Nevertheless, I think
    this is a good starting point.
  • feat: shell command explanation option (#173)
    # Shell Command Explanation Option
    
    ## Description
    This PR adds an option to explain shell commands when the user is
    prompted to approve them (Fixes #110). When reviewing a shell command,
    users can now select "Explain this command" to get a detailed
    explanation of what the command does before deciding whether to approve
    or reject it.
    
    ## Changes
    - Added a new "EXPLAIN" option to the `ReviewDecision` enum
    - Updated the command review UI to include an "Explain this command (x)"
    option
    - Implemented the logic to send the command to the LLM for explanation
    using the same model as the agent
    - Added a display for the explanation in the command review UI
    - Updated all relevant components to pass the explanation through the
    component tree
    
    ## Benefits
    - Improves user understanding of shell commands before approving them
    - Reduces the risk of approving potentially harmful commands
    - Enhances the educational aspect of the tool, helping users learn about
    shell commands
    - Maintains the same workflow with minimal UI changes
    
    ## Testing
    - Manually tested the explanation feature with various shell commands
    - Verified that the explanation is displayed correctly in the UI
    - Confirmed that the user can still approve or reject the command after
    viewing the explanation
    
    ## Screenshots
    
    ![improved_shell_explanation_demo](https://github.com/user-attachments/assets/05923481-29db-4eba-9cc6-5e92301d2be0)
    
    
    ## Additional Notes
    The explanation is generated using the same model as the agent, ensuring
    consistency in the quality and style of explanations.
    
    ---------
    
    Signed-off-by: crazywolf132 <crazywolf132@gmail.com>
  • fix: update regex to better match the retry error messages (#266)
    I think the retry issue is just that the regex is wrong, checkout the
    reported error messages folks are seeing:
    
    > message: 'Rate limit reached for o4-mini in organization
    org-{redacted} on tokens per min (TPM): Limit 200000, Used 152566,
    Requested 60651. Please try again in 3.965s. Visit
    https://platform.openai.com/account/rate-limits to learn more.',
    
    The error message uses `try again` not `retry again`
    
    peep this regexpal: https://www.regexpal.com/?fam=155648
  • feat: add command history persistence (#152)
    This PR adds a command history persistence feature to Codex CLI that:
    
    1. **Stores command history**: Commands are saved to
    `~/.codex/history.json` and persist between CLI sessions.
    2. **Navigates history**: Users can use the up/down arrow keys to
    navigate through command history, similar to a traditional shell.
    3. **Filters sensitive data**: Built-in regex patterns prevent commands
    containing API keys, passwords, or tokens from being saved.
    4. **Configurable**: Added configuration options for history size,
    enabling/disabling history, and custom regex patterns for sensitive
    content.
    5. **New command**: Added `/clearhistory` command to clear command
    history.
    
      ## Code Changes
    
    - Added `src/utils/storage/command-history.ts` with functions for
    history management
      - Extended config system to support history settings
      - Updated terminal input components to use persistent history
      - Added help text for the new `/clearhistory` command
      - Added CLAUDE.md file for guidance when working with the codebase
    
      ## Testing
    
      - All tests are passing
    - Core functionality works with both input components (standard and
    multiline)
    - History navigation behaves correctly at line boundaries with the
    multiline editor
  • fix: improve Windows compatibility for CLI commands and sandbox (#261)
    ## Fix Windows compatibility issues (#248)
    
    This PR addresses the Windows compatibility issues reported in #248:
    
    1. **Fix sandbox initialization failure on Windows**
    - Modified `getSandbox()` to return `SandboxType.NONE` on Windows
    instead of throwing an error
    - Added a warning log message to inform the user that sandbox is not
    available on Windows
    
    2. **Fix Unix commands not working on Windows**
    - Created a new module
    [platform-commands.ts](cci:7://file:///c:/Users/HP%20840%20G6/workflow/codex/codex-cli/src/utils/agent/platform-commands.ts:0:0-0:0)
    that automatically adapts Unix commands to their Windows equivalents
       - Implemented a mapping table for common commands and their options
       - Integrated this functionality into the command execution process
    
    ### Testing
    Tested on Windows 10 with the following commands:
    - `ls -R .` (now automatically translates to `dir /s .`)
    - Other Unix commands like `grep`, `cat`, etc.
    
    The CLI no longer crashes when running these commands on Windows.
    
    I have read the CLA Document and I hereby sign the CLA
    
    ---------
    
    Signed-off-by: Alpha Diop <alphakhoss@gmail.com>
  • docs: clarify sandboxing situation on Linux (#103)
    There doesn't appear to actually be any sandboxing on Linux. Correct the
    README.
    
    Signed-off-by: Christopher Cooper <christopher@cg505.com>
  • bugfix: remove redundant thinking updates and put a thinking timer above the prompt instead (#216)
    I had Codex read #182 and draft a PR to fix it. This is its suggested
    approach. I've tested it and it works. It removes the purple `thinking
    for 386s` type lines entirely, and replaces them with a single yellow
    `thinking for #s` line:
    ```
    thinking for 31s
    ╭────────────────────────────────────────╮
    │(  ●   )  Thinking..      
    ╰────────────────────────────────────────╯
    ```
    prompt. I've been using it that way via `npm run dev`, and prefer it.
    
    ## What
    
    Empty "reasoning" updates were showing up as blank lines in the terminal
    chat history. We now short-circuit and return `null` whenever
    `message.summary` is empty, so those no-ops are suppressed.
    
    ## How
    
    - In `TerminalChatResponseReasoning`, return early if `message.summary`
    is falsy or empty.
    - In `TerminalMessageHistory`, drop any reasoning items whose
    `summary.length === 0`.
    - Swapped out the loose `any` cast for a safer `unknown`-based cast.
    - Rolled back the temporary Vitest script hacks that were causing stack
    overflows.
    
    ## Why
    
    Cluttering the chat with empty lines was confusing; this change ensures
    only real reasoning text is rendered.
    Reference: openai/codex#182
    
    ---------
    
    Co-authored-by: Thibault Sottiaux <tibo@openai.com>
  • bugfix: additional error handling logic for model errors that occur in stream (#203)
    **What is  added?**
    
    Additional error handling functionality is added before the errors are
    thrown to be handled by upstream handlers. The changes improves the user
    experience and make the error handling smoother (and more informative).
    
    **Why is it added?**
    Before this addition, when a user tried to use a model they needed
    previous setup for, the program crashed. This is not necessary here, and
    informative message is sufficient and enhances user experience. This
    adheres to the specifications stated in the code file as well by not
    masking potential logical error detection. Following is before and
    after:
    
    
    ![first](https://github.com/user-attachments/assets/0ce7c57d-8159-4cf7-8a53-3062cfd04dc8)
    
    ![second](https://github.com/user-attachments/assets/a9f24410-d76d-43d4-a0e2-ec513026843d)
    
    Moreover, AFAIK no logic was present to handle this or a similar issue
    in upstream handlers.
    
    **How is it scoped? Why won't this mask other errors?**
    The new brach triggers *only* for `invalid_request_error` events whose
    `code` is model related (`model_not_found`)
    
    This also doesn't prevent the detection (for the case of masking logical
    errors) of wrong model names, as they would have been caught earlier on.
    
    The code passes test, lint and type checks. I believe relevant
    documentation is added, but I would be more than happy to do further
    fixes in the code if necessary.
  • Feat/add husky (#223)
    # Add Husky and lint-staged for automated code quality checks
    
    ## Description
    This PR adds Husky Git hooks and lint-staged to automate code quality
    checks during the development workflow.
    
    ## Features Added
    - Pre-commit hook that runs lint-staged to check files before committing
    - Pre-push hook that runs tests and type checking before pushing
    - Configuration for lint-staged to format and lint different file types
    - Documentation explaining the Husky setup and usage
    - Updated README.md with information about Git hooks
    
    ## Benefits
    - Ensures consistent code style across the project
    - Prevents pushing code with failing tests or type errors
    - Reduces the need for style-related code review comments
    - Improves overall code quality
    
    ## Implementation Details
    - Added Husky and lint-staged as dev dependencies
    - Created pre-commit and pre-push hooks
    - Added configuration for lint-staged
    - Added documentation in HUSKY.md
    - Updated README.md with a new section on Git hooks
    
    ## Testing
    The hooks have been tested locally and work as expected:
    - Pre-commit hook runs ESLint and Prettier on staged files
    - Pre-push hook runs tests and type checking
    
    I have read the CLA Document and I hereby sign the CLA
    
    ---------
    
    Signed-off-by: Alpha Diop <alphakhoss@gmail.com>
  • fix(security): Shell commands auto-executing in 'suggest' mode without permission (#197)
    ## Problem
    
    There's a security vulnerability in the current implementation where
    shell commands are being executed without requesting user permission
    even when in 'suggest' mode. According to our documentation:
    
    > In **Suggest** mode (default): All file writes/patches and **ALL
    shell/Bash commands** should require approval.
    
    However, the current implementation in `approvals.ts` was auto-approving
    commands deemed "safe" by the `isSafeCommand` function, bypassing the
    user permission requirement. This is a security risk as users expect all
    shell commands to require explicit approval in 'suggest' mode.
    
    ## Solution
    
    This PR fixes the issue by modifying the `canAutoApprove` function in
    `approvals.ts` to respect the 'suggest' mode policy for all shell
    commands:
    
    1. Added an early check at the beginning of `canAutoApprove` to
    immediately return `{ type: "ask-user" }` when the policy is `suggest`,
    regardless of whether the command is considered "safe" or not.
    
    2. Added a similar check in the bash command handling section to ensure
    bash commands also respect the 'suggest' mode.
    
    3. Updated tests to verify the new behavior, ensuring that all shell
    commands require approval in 'suggest' mode, while still being
    auto-approved in 'auto-edit' and 'full-auto' modes when appropriate.
    
    ## Testing
    
    All tests pass, confirming that the fix works as expected. The updated
    tests verify that:
    - All commands (even "safe" ones) require approval in 'suggest' mode
    - Safe commands are still auto-approved in 'auto-edit' mode
    - Bash commands with redirects still require approval in all modes
    
    This change ensures that the behavior matches what's documented and what
    users expect, improving security by requiring explicit permission for
    all shell commands in the default 'suggest' mode.
  • fix: check workdir before spawn (#221)
    The workdir used to spawn a agent command is provide by the agent tool,
    we need to ensure its existence and fallback to process.cwd when not.
    
    fix #212
  • fix: typos in prompts and comments (#195)
    Used Codex and https://github.com/crate-ci/typos to identify + fix typos
    
    Signed-off-by: Jatan Loya <jatanloya@gmail.com>
  • chore: reduce docker image size (#194)
    This PR makes changes in the Dockerfile to reduce the final image size.
    I'm sure this can be optimized further. But I didn't want to make too
    many changes at once.
    
    Original: 
    ```
    REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
    codex        latest    c8f66942ded3   4 minutes ago   1.91GB
    ```
    
    Now: 
    ```
    REPOSITORY   TAG       IMAGE ID       CREATED         SIZE
    codex        latest    2a6d6450609c   4 minutes ago   747MB
    ```
  • fix: allow continuing after interrupting assistant (#178)
    ## Description
    This PR fixes the issue where the CLI can't continue after interrupting
    the assistant with ESC ESC (Fixes #114). The problem was caused by
    duplicate code in the `cancel()` method and improper state reset after
    cancellation.
    
    ## Changes
    - Fixed duplicate code in the `cancel()` method of the `AgentLoop` class
    - Added proper reset of the `currentStream` property in the `cancel()`
    method
    - Created a new `AbortController` after aborting the current one to
    ensure future tool calls work
    - Added a system message to indicate the interruption to the user
    - Added a comprehensive test to verify the fix
    
    ## Benefits
    - Users can now continue using the CLI after interrupting the assistant
    - Improved user experience by providing feedback when interruption
    occurs
    - Better state management in the agent loop
    
    ## Testing
    - Added a dedicated test that verifies the agent can process new input
    after cancellation
    - Manually tested the fix by interrupting the assistant and confirming
    that new input is processed correctly
    
    ---------
    
    Signed-off-by: crazywolf132 <crazywolf132@gmail.com>
  • fix: add missing "as" in prompt prefix in agent loop (#186)
    # Description
    
    This PR fixes a typo where the prompt prefix for the agent loop was
    missing the word "as"
    
    # Changes
    
    * Added missing word "as" within the agent loop prompt prefix
    
    # Benefits
    
    * The prompt is now grammatically correct and clearer
    
    # Testing
    
    * Manually tested the fix
  • fix: correct typos in thinking texts (transcendent & parroting) (#108)
    Ran codex on its own source code to find mistakes & commit, even though
    they are commented out.
  • feat: --config/-c flag to open global instructions in nvim (#158)
    I promised I'd never write JavaScript code, but I never said anything
    about using AI to write it for me...entirely authored with `codex`. No
    idea how good the code is, didn't read it (sorta joking but I really
    don't know js/ts)
    
    closes #154
    
    
    https://github.com/user-attachments/assets/94cf2276-bfcf-4ba1-ad2f-aaefebbf8f06
  • (feat) expontential back-off when encountering rate limit errors (#153)
    ...and try to parse the suggested time from the error message while we
    don't yet have this in a structured way
    
    ---------
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
  • feat: add shell completion subcommand (#138)
    Why
    ---
    Improves the usability of the `codex` CLI by adding shell completion for
    file paths. This allows users to quickly complete file arguments using
    tab completion in bash, zsh, and fish shells. Enable via `eval "$(codex
    completion <shell>)"`.
  • fix(text-buffer): correct word deletion logic for trailing spaces (Ctrl+Backspace) (#131)
    ## Description
    This fix resolves a bug where Ctrl+Backspace (hex 0x17) deletes the
    entire line when the cursor is positioned after a trailing space.
    
    ## Problem
    When the user has a line like "I want you to refactor my view " (with a
    space at the end) and the cursor is after that space, Ctrl+Backspace
    deletes the entire line instead of just removing the word "view".
    
    ## Solution
    - Added a check to detect if the cursor is after spaces
    - Modified the logic to delete only one space at a time in this case
    - Added a unit test to verify this behavior
    
    ## Tests
    All tests pass, including the new test that verifies the corrected
    behavior.
    
    ---------
    
    Signed-off-by: Alpha Diop <alphakhoss@gmail.com>
    Co-authored-by: Thibault Sottiaux <tibo@openai.com>
  • refactor: improve performance of renderFilesToXml using Array.join (#127)
    ### Summary
    
    Refactored the `renderFilesToXml` function to improve performance and
    readability by replacing iterative string concatenation with
    `Array.map().join()`.
    
    ### Changes
    
    - Replaced the `for...of` loop with `files.map(...).join('')`
    - Reduced number of string mutation operations
    - Preserved the existing XML structure and CDATA safety
    
    ### Why
    
    Using `join` avoids repeated string concatenation in loops, which can
    improve performance, especially when rendering a large number of files.
    It also results in more concise and idiomatic code.
    
    
    I have read the CLA Document and I hereby sign the CLA
    ---
    
    Let me know if this needs any adjustments!
    
    Signed-off-by: yonatanlavy <yehonatanmind@gmail.com>
  • chore: fixed gramatical errors in prompt examples (#136)
    Fixed minor gramatical errors in the prompt engineering examples.
  • Removes computeAutoApproval() and tightens up canAutoApprove() as the source of truth (#126)
    Previously, `parseToolCall()` was using `computeAutoApproval()`, which
    was a somewhat parallel implementation of `canAutoApprove()` in order to
    get `SafeCommandReason` metadata for presenting information to the user.
    The only function that was using `SafeCommandReason` was
    `useMessageGrouping()`, but it turns out that function was unused, so
    this PR removes `computeAutoApproval()` and all code related to it.
    
    More importantly, I believe this fixes
    https://github.com/openai/codex/issues/87 because
    `computeAutoApproval()` was calling `parse()` from `shell-quote` without
    wrapping it in a try-catch. This PR updates `canAutoApprove()` to use a
    tighter try-catch block that is specific to `parse()` and returns an
    appropriate `SafetyAssessment` in the event of an error, based on the
    `ApprovalPolicy`.
    
    Signed-off-by: Michael Bolin <mbolin@openai.com>
  • dotenv support (#122)
    Signed-off-by: Aron Jones <aron.jones@gmail.com>
  • update: release (#109)
    Signed-off-by: Fouad Matin <fouad@openai.com>
  • (feat) basic retries when hitting rate limit errors (#105)
    * w
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
    
    * w
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
    
    * w
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
    
    * w
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
    
    * w
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
    
    ---------
    
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>
  • add: release script (#96)
    * add: release script
    
    * add: src to npm module
    
    * fix: readme
    
    Signed-off-by: Fouad Matin <fouad@openai.com>
    
    ---------
    
    Signed-off-by: Fouad Matin <fouad@openai.com>
  • fix: prompt typo (#81)
    * fix: developer typo
    
    * fix: typo
  • (feat) gracefully handle invalid commands (#79)
    * handle invalid commands
    * better test
    * format
  • (fix) update Docker container scripts (#47)
    * Fix Docker container scripts
    
    Signed-off-by:: Eric Burke <eburke@openai.com>
    
    * Build codex TGZ
    
    * fix run_in_container
    
    ---------
    
    Co-authored-by: Kyle Kosic <kylekosic@openai.com>
  • remove rg requirement (#50)
    Signed-off-by: Thibault Sottiaux <tibo@openai.com>