mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
fb0aaf94de7db12e22a293f5b0dd26aa6c8d6a8e
3718 Commits
-
feat: shell_command tool (#6510)
This adds support for a new variant of the shell tool behind a flag. To test, run `codex` with `--enable shell_command_tool`, which will register the tool with Codex under the name `shell_command` that accepts the following shape: ```python { command: str workdir: str | None, timeout_ms: int | None, with_escalated_permissions: bool | None, justification: str | None, } ``` This is comparable to the existing tool registered under `shell`/`container.exec`. The primary difference is that it accepts `command` as a `str` instead of a `str[]`. The `shell_command` tool executes by running `execvp(["bash", "-lc", command])`, though the exact arguments to `execvp(3)` depend on the user's default shell. The hypothesis is that this will simplify things for the model. For example, on Windows, instead of generating: ```json {"command": ["pwsh.exe", "-NoLogo", "-Command", "ls -Name"]} ``` The model could simply generate: ```json {"command": "ls -Name"} ``` As part of this change, I extracted some logic out of `user_shell.rs` as `Shell::derive_exec_args()` so that it can be reused in `codex-rs/core/src/tools/handlers/shell.rs`. Note the original code generated exec arg lists like: ```javascript ["bash", "-lc", command] ["zsh", "-lc", command] ["pwsh.exe", "-NoProfile", "-Command", command] ``` Using `-l` for Bash and Zsh, but then specifying `-NoProfile` for PowerShell seemed inconsistent to me, so I changed this in the new implementation while also adding a `use_login_shell: bool` option to make this explicit. If we decide to add a `login: bool` to `ShellCommandToolCallParams` like we have for unified exec: https://github.com/openai/codex/blob/807e2c27f0a9f2e85c50e7e6df5533f0d9b853c7/codex-rs/core/src/tools/handlers/unified_exec.rs#L33-L34 Then this should make it straightforward to support.Michael Bolin ·
2025-11-12 08:18:57 -08:00 -
feat: warning switch model on resume (#6507)
<img width="1259" height="40" alt="Screenshot 2025-11-11 at 14 01 41" src="https://github.com/user-attachments/assets/48ead3d2-d89c-4d8a-a578-82d9663dbd88" />
jif-oai ·
2025-11-12 11:13:37 +00:00 -
Re-add prettier log-level=warn to generate-ts (#6528)
I added it in https://github.com/openai/codex/pull/6342 but it was removed in https://github.com/openai/codex/pull/5063/files#diff-e2aa6dad1e886b7765158a27aefd1be5de99baa71b44f6bc5ce3fe462b9ae5d3R135 as a result of a bad diamond merge
Gabriel Peal ·
2025-11-11 21:30:01 -05:00 -
Update full-auto description with on-request (#6523)
This PR fixes #6522 by correcting the comment for `full-auto` in both `codex-rs/exec/src/cli.rs` and `codex-rs/tui/src/cli.rs` from `-a on-failure` to `-a on-request` to make it coherent with `codex-rs/tui/src/lib.rs:97-105`: ```rust pub async fn run_main( mut cli: Cli, codex_linux_sandbox_exe: Option<PathBuf>, ) -> std::io::Result<AppExitInfo> { let (sandbox_mode, approval_policy) = if cli.full_auto { ( Some(SandboxMode::WorkspaceWrite), Some(AskForApproval::OnRequest), ) ``` Running `just codex --help` or `just codex exec --help` should now yield the correct description of `full-auto` CLI argument. Signed-off-by: lionelchg <lionel.cheng@hotmail.fr>
Lionel Cheng ·
2025-11-11 15:59:20 -08:00 -
[app-server] add item started/completed events for turn items (#6517)
This one should be quite straightforward, as it's just a translation of TurnItem events we already emit to ThreadItem that app-server exposes to customers. To test, cp my change to owen/app_server_test_client and do the following: ``` cargo build -p codex-cli RUST_LOG=codex_app_server=info CODEX_BIN=target/debug/codex cargo run -p codex-app-server-test-client -- send-message-v2 "hello" ``` example event before (still kept there for backward compatibility): ``` { < "method": "codex/event/item_completed", < "params": { < "conversationId": "019a74cc-fad9-7ab3-83a3-f42827b7b074", < "id": "0", < "msg": { < "item": { < "Reasoning": { < "id": "rs_03d183492e07e20a016913a936eb8c81a1a7671a103fee8afc", < "raw_content": [], < "summary_text": [ < "Hey! What would you like to work on? I can explore the repo, run specific tests, or implement a change. Let's keep it short and straightforward. There's no need for a lengthy introduction or elaborate planning, just a friendly greeting and an open offer to help. I want to make sure the user feels welcomed and understood right from the start. It's all about keeping the tone friendly and concise!" < ] < } < }, < "thread_id": "019a74cc-fad9-7ab3-83a3-f42827b7b074", < "turn_id": "0", < "type": "item_completed" < } < } < } ``` after (v2): ``` < { < "method": "item/completed", < "params": { < "item": { < "id": "rs_03d183492e07e20a016913a936eb8c81a1a7671a103fee8afc", < "text": "Hey! What would you like to work on? I can explore the repo, run specific tests, or implement a change. Let's keep it short and straightforward. There's no need for a lengthy introduction or elaborate planning, just a friendly greeting and an open offer to help. I want to make sure the user feels welcomed and understood right from the start. It's all about keeping the tone friendly and concise!", < "type": "reasoning" < } < } < } ```Celia Chen ·
2025-11-11 22:43:24 +00:00 -
Add unified exec escalation handling and tests (#6492)
Similar implementation to the shell tool
pakrym-oai ·
2025-11-11 08:19:35 -08:00 -
jif-oai ·
2025-11-11 13:37:06 +00:00 -
Enable ghost_commit feature by default (#6041)
## Summary - enable the ghost_commit feature flag by default ## Testing - just fmt ------ https://chatgpt.com/codex/tasks/task_i_6904ce2d0370832dbb3c2c09a90fb188
jif-oai ·
2025-11-11 09:20:46 +00:00 -
[hygiene][app-server] have a helper function for duplicate code in turn APIs (#6488)
turn_start and turn_interrupt have some logic that can be shared. have a helper function for it.
Celia Chen ·
2025-11-11 02:44:47 +00:00 -
Colocate more of bash parsing (#6489)
Move a few callsites that were detecting `bash -lc` into a shared helper.
pakrym-oai ·
2025-11-11 02:38:36 +00:00 -
Use codex-linux-sandbox in unified exec (#6480)
Unified exec isn't working on Linux because we don't provide the correct arg0. The library we use for pty management doesn't allow setting arg0 separately from executable. Use the same aliasing strategy we use for `apply_patch` for `codex-linux-sandbox`. Use `#[ctor]` hack to dispatch codex-linux-sandbox calls. Addresses https://github.com/openai/codex/issues/6450
pakrym-oai ·
2025-11-10 17:17:09 -08:00 -
flip rate limit status bar (#6482)
flipping rate limit status bar to match chat.com/codex/settings/usage <img width="848" height="420" alt="Screenshot 2025-11-10 at 4 53 41 PM" src="https://github.com/user-attachments/assets/e326db3f-4405-412d-9e62-337282ec9a35" />
zhao-oai ·
2025-11-11 01:13:10 +00:00 -
upload Windows .exe file artifacts for CLI releases (#6478)
This PR is to unlock future WinGet installation. WinGet struggles to create command aliases when installing from nested ZIPs on some clients, so adding raw Windows x64/Arm64 executables lets the manifest use InstallerType: portable with direct EXEs, which reliably registers the codex alias. This makes “winget install → codex” work out of the box without PATH changes. --------- Co-authored-by: Michael Bolin <mbolin@openai.com>
iceweasel-oai ·
2025-11-10 23:31:06 +00:00 -
[app-server] update macro to make renaming methods less boilerplate-y (#6470)
We already do this for notification definitions and it's really nice. Verified there are no changes to actual exported files by diff'ing before and after this change.
Owen Lin ·
2025-11-10 15:15:08 -08:00 -
refactor(tui): job-control for Ctrl-Z handling (#6477)
- Moved the unix-only suspend/resume logic into a dedicated job_control module housing SuspendContext, replacing scattered cfg-gated fields and helpers in tui.rs. - Tui now holds a single suspend_context (Arc-backed) instead of multiple atomics, and the event stream uses it directly for Ctrl-Z handling. - Added detailed docs around the suspend/resume flow, cursor tracking, and the Arc/atomic ownership model for the 'static event stream. - Renamed the process-level SIGTSTP helper to suspend_process and the cursor tracker to set_cursor_y to better reflect their roles.
Josh McKinney ·
2025-11-10 23:13:43 +00:00 -
add codex debug seatbelt --log-denials (#4098)
This adds a debugging tool for analyzing why certain commands fail to execute under the sandbox. Example output: ``` $ codex debug seatbelt --log-denials bash -lc "(echo foo > ~/foo.txt)" bash: /Users/nornagon/foo.txt: Operation not permitted === Sandbox denials === (bash) file-write-data /dev/tty (bash) file-write-data /dev/ttys001 (bash) sysctl-read kern.ngroups (bash) file-write-create /Users/nornagon/foo.txt ``` It operates by: 1. spawning `log stream` to watch system logs, and 2. tracking all descendant PIDs using kqueue + proc_listchildpids. this is a "best-effort" technique, as `log stream` may drop logs(?), and kqueue + proc_listchildpids isn't atomic and can end up missing very short-lived processes. But it works well enough in my testing to be useful :)
Jeremy Rose ·
2025-11-10 22:48:14 +00:00 -
Fix wayland image paste error (#4824)
## Summary - log and surface clipboard failures instead of silently ignoring them when `Ctrl+V` pastes an image (`paste_image_to_temp_png()` now feeds an error history cell) - enable `arboard`’s `wayland-data-control` feature so native Wayland sessions can deliver image data without XWayland - keep the success path unchanged: valid images still attach and show the `[image …]` placeholder as before Fixes #4818 --------- Co-authored-by: Eric Traut <etraut@openai.com> Co-authored-by: Jeremy Rose <172423086+nornagon-openai@users.noreply.github.com>
George Nesterenok ·
2025-11-10 14:35:30 -08:00 -
[app-server] chore: move initialize out of deprecated API section (#6468)
Self-explanatory - `initialize` is not a deprecated API and works equally well with the v2 APIs.
Owen Lin ·
2025-11-10 20:24:36 +00:00 -
jif-oai ·
2025-11-10 19:53:36 +00:00 -
Add user command event types (#6246)
adding new user command event, logic in TUI to render user command events
zhao-oai ·
2025-11-10 19:18:45 +00:00 -
Add opt-out for rate limit model nudge (#6433)
## Summary - add a `hide_rate_limit_model_nudge` notice flag plus config edit plumbing so the rate limit reminder preference is persisted and documented - extend the chat widget prompt with a "never show again" option, and wire new app events so selecting it hides future nudges immediately and writes the config - add unit coverage and refresh the snapshot for the three-option prompt ## Testing - `just fmt` - `just fix -p codex-tui` - `just fix -p codex-core` - `cargo test -p codex-tui` - `cargo test -p codex-core` *(fails at `exec::tests::kill_child_process_group_kills_grandchildren_on_timeout`: grandchild process still alive)* ------ [Codex Task](https://chatgpt.com/codex/tasks/task_i_6910d7f407748321b2661fc355416994)
Ahmed Ibrahim ·
2025-11-10 09:21:53 -08:00 -
fix: update brew auto update version check (#6238)
### Summary * Use `https://github.com/Homebrew/homebrew-cask/blob/main/Casks/c/codex.rb` to get the latest available version for brew usage.
Shijie Rao ·
2025-11-10 09:05:00 -08:00 -
[app-server] feat: add command to generate json schema (#6406)
Add a `codex generate-json-schema` command for generating a JSON schema bundle of app-server types, analogous to the existing `codex generate-ts` command for Typescript.
Owen Lin ·
2025-11-10 16:59:14 +00:00 -
Don't lock PRs that have been closed without merging (#6422)
The CLA action is designed to automatically lock a PR when it is closed. This preserves the CLA agreement statements, preventing the contributor from deleting them after the fact. However, this action is currently locking PRs that are closed without merging. I'd like to keep such PRs open so the contributor can respond with additional comments. I'm currently manually unlocking PRs that I close, but I'd like to eliminate this manual step.
Eric Traut ·
2025-11-10 08:46:11 -08:00 -
Support exiting from the login menu (#6419)
I recently fixed a bug in [this PR](https://github.com/openai/codex/pull/6285) that prevented Ctrl+C from dismissing the login menu in the TUI and leaving the user unauthed. A [user pointed out](https://github.com/openai/codex/issues/6418) that this makes Ctrl+C can no longer be used to exit the app. This PR changes the behavior so we exit the app rather than ignoring the Ctrl+C.
Eric Traut ·
2025-11-10 08:43:11 -08:00 -
fix: use generate_ts from app_server_protocol (#6407)
Update `codex generate-ts` to use the TS export code from `app-server-protocol/src/export.rs`. I realized there were two duplicate implementations of Typescript export code: - `app-server-protocol/src/export.rs` - the `codex-protocol-ts` crate The `codex-protocol-ts` crate that `codex generate-ts` uses is out of date now since it doesn't handle the V2 namespace from: https://github.com/openai/codex/pull/6212.
Owen Lin ·
2025-11-10 08:08:12 -08:00 -
Updated docs to reflect recent changes in
web_searchconfiguration (#6376)This is a simplified version of [a PR](https://github.com/openai/codex/pull/6134) supplied by a community member. It updates the docs to reflect a recent config deprecation.
Eric Traut ·
2025-11-10 07:57:56 -08:00 -
jif-oai ·
2025-11-10 11:59:48 +00:00 -
Fix config documentation: correct TOML parsing description (#6424)
The CLI help text and inline comments incorrectly stated that -c key=value flag parses values as JSON, when the implementation actually uses TOML parsing via parse_toml_value(). This caused confusion when users attempted to configure MCP servers using JSON syntax based on the documentation. Changes: - Updated help text to correctly state TOML parsing instead of JSON Fixes #4531
Raduan A. ·
2025-11-09 22:58:32 -08:00 -
Fix warning message phrasing (#6446)
Small fix for sentence phrasing in the warning message Co-authored-by: AndrewNikolin <877163+AndrewNikolin@users.noreply.github.com>
Andrew Nikolin ·
2025-11-09 22:12:28 -08:00 -
chore(deps): bump zeroize from 1.8.1 to 1.8.2 in /codex-rs (#6444)
Bumps [zeroize](https://github.com/RustCrypto/utils) from 1.8.1 to 1.8.2. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/RustCrypto/utils/commit/c100874101bfd584870de5dde1b13dd92a17bf48"><code>c100874</code></a> zeroize v1.8.2 (<a href="https://redirect.github.com/RustCrypto/utils/issues/1229">#1229</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/3940ccbebdac7a519523b29b4ff3749863026b8f"><code>3940ccb</code></a> Switch from <code>doc_auto_cfg</code> to <code>doc_cfg</code> (<a href="https://redirect.github.com/RustCrypto/utils/issues/1228">#1228</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/c68a5204b2e66b0f60832d845e048fca96a81211"><code>c68a520</code></a> Fix Nightly warnings (<a href="https://redirect.github.com/RustCrypto/utils/issues/1080">#1080</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/b15cc6c1cddad1558d44b138ff869b0590d2ac55"><code>b15cc6c</code></a> cargo: point <code>repository</code> metadata to clonable URLs (<a href="https://redirect.github.com/RustCrypto/utils/issues/1079">#1079</a>)</li> <li><a href="https://github.com/RustCrypto/utils/commit/3db6690f7be82e90a92e457d5becfd754fd10299"><code>3db6690</code></a> zeroize: fix <code>homepage</code>/<code>repository</code> in Cargo.toml (<a href="https://redirect.github.com/RustCrypto/utils/issues/1076">#1076</a>)</li> <li>See full diff in <a href="https://github.com/RustCrypto/utils/compare/zeroize-v1.8.1...zeroize-v1.8.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:03:36 -08:00 -
chore(deps): bump askama from 0.12.1 to 0.14.0 in /codex-rs (#6443)
Bumps [askama](https://github.com/askama-rs/askama) from 0.12.1 to 0.14.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/askama-rs/askama/releases">askama's releases</a>.</em></p> <blockquote> <h2>v0.14.0</h2> <h2>Added Features</h2> <ul> <li>Implement <code>Values</code> on tuple by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/391">askama-rs/askama#391</a></li> <li>Pass variables to sub-templates more reliably even if indirectly by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/397">askama-rs/askama#397</a></li> <li>Implement <code>first</code> and <code>blank</code> arguments for <code>|indent</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/401">askama-rs/askama#401</a></li> <li>Add named arguments for builtin filters by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/403">askama-rs/askama#403</a></li> <li>Add <code>unique</code> filter by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/405">askama-rs/askama#405</a></li> </ul> <h2>Bug Fixes And Consistency</h2> <ul> <li><code>askama_derive</code> accidentally exposed as a feature by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/384">askama-rs/askama#384</a></li> <li>Track config files by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/385">askama-rs/askama#385</a></li> <li>If using local variable as value when creating a new variable, do not put it behind a reference by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/392">askama-rs/askama#392</a></li> <li>generator: make <code>CARGO_MANIFEST_DIR</code> part of <code>ConfigKey</code> by <a href="https://github.com/strickczq"><code>@strickczq</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> <li>Do not put question mark initialization expressions behind a reference by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/400">askama-rs/askama#400</a></li> <li>Update to more current rust version on readthedocs by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/410">askama-rs/askama#410</a></li> <li>Fix <code>unique</code> filter implementation by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/417">askama-rs/askama#417</a></li> <li>Add <code>|titlecase</code> as alias for <code>|title</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/416">askama-rs/askama#416</a></li> </ul> <h2>Further Changes</h2> <ul> <li>book: add page about <code>FastWritable</code> by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/407">askama-rs/askama#407</a></li> <li>Add throughput to derive benchmark by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/413">askama-rs/askama#413</a></li> <li>Move <code>FastWritable</code> into <code>askama</code> root by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/411">askama-rs/askama#411</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/strickczq"><code>@strickczq</code></a> made their first contribution in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/askama-rs/askama/compare/v0.13.0...v0.14.0">https://github.com/askama-rs/askama/compare/v0.13.0...v0.14.0</a></p> <h2>v0.13.1</h2> <h2>What's Changed</h2> <ul> <li><code>askama_derive</code> accidentally exposed as a feature by <a href="https://github.com/Kijewski"><code>@Kijewski</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/384">askama-rs/askama#384</a></li> <li>Track config files by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/385">askama-rs/askama#385</a></li> <li>Implement <code>Values</code> on tuple by <a href="https://github.com/GuillaumeGomez"><code>@GuillaumeGomez</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/391">askama-rs/askama#391</a></li> <li>generator: make <code>CARGO_MANIFEST_DIR</code> part of <code>ConfigKey</code> by <a href="https://github.com/strickczq"><code>@strickczq</code></a> in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/strickczq"><code>@strickczq</code></a> made their first contribution in <a href="https://redirect.github.com/askama-rs/askama/pull/395">askama-rs/askama#395</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/askama-rs/askama/compare/v0.13.0...v0.13.1">https://github.com/askama-rs/askama/compare/v0.13.0...v0.13.1</a></p> <h2>v0.13.0 – Rinja is Askama, again!</h2> <p>With this release, the <a href="https://blog.guillaume-gomez.fr/articles/2024-07-31+docs.rs+switching+jinja+template+framework+from+tera+to+rinja">fork</a> rinja got merged back into the main project. Please have a look at our <a href="https://blog.guillaume-gomez.fr/articles/2025-03-19+Askama+and+Rinja+merge">blog post</a> for more information about the split and the merge.</p> <h2>What's Changed</h2> <p>This release (v0.13.0), when <a href="https://github.com/askama-rs/askama/compare/0.12.1...v0.13.0">compared to</a> the last stable askama release (v0.12.1), consists of:</p> <ul> <li>over 1000 commits</li> <li>with changes in over 500 files</li> <li>with over 40k additions and 8000 deletions</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/askama-rs/askama/commit/95867ac8cedc80b69f4047dea9c1272a5bf947b3"><code>95867ac</code></a> Merge pull request <a href="https://redirect.github.com/askama-rs/askama/issues/416">#416</a> from Kijewski/pr-upgrading-0.14</li> <li><a href="https://github.com/askama-rs/askama/commit/61b74224971f3975da70e1fdaa0c7f49e315bf17"><code>61b7422</code></a> Add <code>|titlecase</code> as alias for <code>|title</code></li> <li><a href="https://github.com/askama-rs/askama/commit/79be27159326c5adfb181ae2afb55201a48ff43a"><code>79be271</code></a> Run doctests</li> <li><a href="https://github.com/askama-rs/askama/commit/72bbe3ede14b20ea3449408f49b6ab204cd1dc54"><code>72bbe3e</code></a> Bump version number to v0.14.0</li> <li><a href="https://github.com/askama-rs/askama/commit/57750338fa9a8d354404512cdbc8c118930923d6"><code>5775033</code></a> book: update <code>upgrading.md</code></li> <li><a href="https://github.com/askama-rs/askama/commit/a5b43c0aa2c98182a9a09940b2f6b7250e0a1b19"><code>a5b43c0</code></a> Fix <code>unique</code> filter implementation</li> <li><a href="https://github.com/askama-rs/askama/commit/7fccbdf1d7a8874ddd00f93620364971bc8aa88c"><code>7fccbdf</code></a> Remove usage of <code>nextest</code></li> <li><a href="https://github.com/askama-rs/askama/commit/6a16256f24915fcf857225fec2517c51ca1fd2c1"><code>6a16256</code></a> Fix new clippy lints</li> <li><a href="https://github.com/askama-rs/askama/commit/04a4d5b0206378244f397c0f85c4fd1a2a865d13"><code>04a4d5b</code></a> Update MSRV to 1.83</li> <li><a href="https://github.com/askama-rs/askama/commit/d2a788a740b4724a1f946b75d327974e7390cc75"><code>d2a788a</code></a> Add doc about <code>unique</code> filter</li> <li>Additional commits viewable in <a href="https://github.com/askama-rs/askama/compare/0.12.1...v0.14.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:02:26 -08:00 -
chore(deps): bump taiki-e/install-action from 2.60.0 to 2.62.49 (#6438)
Bumps [taiki-e/install-action](https://github.com/taiki-e/install-action) from 2.60.0 to 2.62.49. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/releases">taiki-e/install-action's releases</a>.</em></p> <blockquote> <h2>2.62.49</h2> <ul> <li> <p>Update <code>cargo-binstall@latest</code> to 1.15.11.</p> </li> <li> <p>Update <code>cargo-auditable@latest</code> to 0.7.2.</p> </li> <li> <p>Update <code>vacuum@latest</code> to 0.20.2.</p> </li> </ul> <h2>2.62.48</h2> <ul> <li> <p>Update <code>mise@latest</code> to 2025.11.3.</p> </li> <li> <p>Update <code>cargo-audit@latest</code> to 0.22.0.</p> </li> <li> <p>Update <code>vacuum@latest</code> to 0.20.1.</p> </li> <li> <p>Update <code>uv@latest</code> to 0.9.8.</p> </li> <li> <p>Update <code>cargo-udeps@latest</code> to 0.1.60.</p> </li> <li> <p>Update <code>zizmor@latest</code> to 1.16.3.</p> </li> </ul> <h2>2.62.47</h2> <ul> <li> <p>Update <code>vacuum@latest</code> to 0.20.0.</p> </li> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.111.</p> </li> <li> <p>Update <code>cargo-shear@latest</code> to 1.6.2.</p> </li> </ul> <h2>2.62.46</h2> <ul> <li> <p>Update <code>vacuum@latest</code> to 0.19.5.</p> </li> <li> <p>Update <code>syft@latest</code> to 1.37.0.</p> </li> <li> <p>Update <code>mise@latest</code> to 2025.11.2.</p> </li> <li> <p>Update <code>knope@latest</code> to 0.21.5.</p> </li> </ul> <h2>2.62.45</h2> <ul> <li> <p>Update <code>zizmor@latest</code> to 1.16.2.</p> </li> <li> <p>Update <code>cargo-binstall@latest</code> to 1.15.10.</p> </li> <li> <p>Update <code>ubi@latest</code> to 0.8.4.</p> </li> <li> <p>Update <code>mise@latest</code> to 2025.11.1.</p> </li> <li> <p>Update <code>cargo-semver-checks@latest</code> to 0.45.0.</p> </li> </ul> <h2>2.62.44</h2> <ul> <li>Update <code>mise@latest</code> to 2025.11.0.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md">taiki-e/install-action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>This project adheres to <a href="https://semver.org">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased]</h2> <h2>[2.62.49] - 2025-11-09</h2> <ul> <li> <p>Update <code>cargo-binstall@latest</code> to 1.15.11.</p> </li> <li> <p>Update <code>cargo-auditable@latest</code> to 0.7.2.</p> </li> <li> <p>Update <code>vacuum@latest</code> to 0.20.2.</p> </li> </ul> <h2>[2.62.48] - 2025-11-08</h2> <ul> <li> <p>Update <code>mise@latest</code> to 2025.11.3.</p> </li> <li> <p>Update <code>cargo-audit@latest</code> to 0.22.0.</p> </li> <li> <p>Update <code>vacuum@latest</code> to 0.20.1.</p> </li> <li> <p>Update <code>uv@latest</code> to 0.9.8.</p> </li> <li> <p>Update <code>cargo-udeps@latest</code> to 0.1.60.</p> </li> <li> <p>Update <code>zizmor@latest</code> to 1.16.3.</p> </li> </ul> <h2>[2.62.47] - 2025-11-05</h2> <ul> <li> <p>Update <code>vacuum@latest</code> to 0.20.0.</p> </li> <li> <p>Update <code>cargo-nextest@latest</code> to 0.9.111.</p> </li> <li> <p>Update <code>cargo-shear@latest</code> to 1.6.2.</p> </li> </ul> <h2>[2.62.46] - 2025-11-04</h2> <ul> <li> <p>Update <code>vacuum@latest</code> to 0.19.5.</p> </li> <li> <p>Update <code>syft@latest</code> to 1.37.0.</p> </li> <li> <p>Update <code>mise@latest</code> to 2025.11.2.</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/taiki-e/install-action/commit/44c6d64aa62cd779e873306675c7a58e86d6d532"><code>44c6d64</code></a> Release 2.62.49</li> <li><a href="https://github.com/taiki-e/install-action/commit/3a701df4c2a3e11596a1c5a65eb0e69c79ee4a82"><code>3a701df</code></a> Update <code>cargo-binstall@latest</code> to 1.15.11</li> <li><a href="https://github.com/taiki-e/install-action/commit/4242e04eb80c4492261074808c18d638aa247de0"><code>4242e04</code></a> Update <code>cargo-auditable@latest</code> to 0.7.2</li> <li><a href="https://github.com/taiki-e/install-action/commit/3df5533ef842d100d27dbd43c2fbd8aa0cccddcc"><code>3df5533</code></a> Update <code>vacuum@latest</code> to 0.20.2</li> <li><a href="https://github.com/taiki-e/install-action/commit/e797ba6a25dbd8669057e123b02812e16138589e"><code>e797ba6</code></a> Release 2.62.48</li> <li><a href="https://github.com/taiki-e/install-action/commit/bcf91e02acc5cc0ed84eac8d763b7328a3c7cd3f"><code>bcf91e0</code></a> Update <code>mise@latest</code> to 2025.11.3</li> <li><a href="https://github.com/taiki-e/install-action/commit/e78113b60c103d89241857d78e2610df1305cffd"><code>e78113b</code></a> Update <code>cargo-audit@latest</code> to 0.22.0</li> <li><a href="https://github.com/taiki-e/install-action/commit/0ef486444ebe65689986d037f4b61d8292b5a4ed"><code>0ef4864</code></a> Update <code>vacuum@latest</code> to 0.20.1</li> <li><a href="https://github.com/taiki-e/install-action/commit/5eda7b198531ad7024688974dd308f7ea0bd21aa"><code>5eda7b1</code></a> Update <code>uv@latest</code> to 0.9.8</li> <li><a href="https://github.com/taiki-e/install-action/commit/3853a413e6de756806bca9b522388e2d2b5abbd6"><code>3853a41</code></a> Update <code>cargo-udeps@latest</code> to 0.1.60</li> <li>Additional commits viewable in <a href="https://github.com/taiki-e/install-action/compare/0c5db7f7f897c03b771660e91d065338615679f4...44c6d64aa62cd779e873306675c7a58e86d6d532">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 22:00:08 -08:00 -
chore(deps): bump codespell-project/actions-codespell from 2.1 to 2.2 (#6437)
Bumps [codespell-project/actions-codespell](https://github.com/codespell-project/actions-codespell) from 2.1 to 2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/codespell-project/actions-codespell/releases">codespell-project/actions-codespell's releases</a>.</em></p> <blockquote> <h2>v2.2</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <ul> <li>Add the config file option and tests by <a href="https://github.com/rdimaio"><code>@rdimaio</code></a> in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/80">codespell-project/actions-codespell#80</a></li> <li>Use <code>pip install</code> with <code>--no-cache-dir</code> in the Dockerfile by <a href="https://github.com/PeterDaveHello"><code>@PeterDaveHello</code></a> in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/89">codespell-project/actions-codespell#89</a></li> <li>Upgrade to Python 3.13 by <a href="https://github.com/candrews"><code>@candrews</code></a> in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/82">codespell-project/actions-codespell#82</a></li> <li>Add checkout action and problem matcher to README by <a href="https://github.com/vadi2"><code>@vadi2</code></a> in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/32">codespell-project/actions-codespell#32</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/rdimaio"><code>@rdimaio</code></a> made their first contribution in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/80">codespell-project/actions-codespell#80</a></li> <li><a href="https://github.com/PeterDaveHello"><code>@PeterDaveHello</code></a> made their first contribution in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/89">codespell-project/actions-codespell#89</a></li> <li><a href="https://github.com/candrews"><code>@candrews</code></a> made their first contribution in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/82">codespell-project/actions-codespell#82</a></li> <li><a href="https://github.com/vadi2"><code>@vadi2</code></a> made their first contribution in <a href="https://redirect.github.com/codespell-project/actions-codespell/pull/32">codespell-project/actions-codespell#32</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/codespell-project/actions-codespell/compare/v2...v2.2">https://github.com/codespell-project/actions-codespell/compare/v2...v2.2</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/codespell-project/actions-codespell/commit/8f01853be192eb0f849a5c7d721450e7a467c579"><code>8f01853</code></a> MAINT: Release notes</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/23a4abea248a30208f0b9d8682ac515b5714cd3e"><code>23a4abe</code></a> Add checkout action and problem matcher to README (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/32">#32</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/906f13fba196b1478f876bf3fdc4f9798c77b6f3"><code>906f13f</code></a> Upgrade to Python 3.13 (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/82">#82</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/df0bba344d8a1022f611728aa58c5fdfd7c094b1"><code>df0bba3</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/85">#85</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/c460eef33ec1d5171b201b66ffc77bbdbdbb6b2a"><code>c460eef</code></a> Use <code>pip install</code> with <code>--no-cache-dir</code> in the Dockerfile (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/89">#89</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/037a23a348b32d9060fe3b94ddf99986b779de2c"><code>037a23a</code></a> Add the config file option and tests (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/80">#80</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/8d1a4b1bd974b8082be0842c2e7e57c8bf6b9b63"><code>8d1a4b1</code></a> Bump actions/setup-python from 5 to 6 (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/92">#92</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/71286cb40fe09b3222aff820311357b4e67cc206"><code>71286cb</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/91">#91</a>)</li> <li><a href="https://github.com/codespell-project/actions-codespell/commit/fad9339798e1ee3fe979ae0a022c931786a408b8"><code>fad9339</code></a> [pre-commit.ci] pre-commit autoupdate (<a href="https://redirect.github.com/codespell-project/actions-codespell/issues/84">#84</a>)</li> <li>See full diff in <a href="https://github.com/codespell-project/actions-codespell/compare/406322ec52dd7b488e48c1c4b82e2a8b3a1bf630...8f01853be192eb0f849a5c7d721450e7a467c579">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot[bot] ·
2025-11-09 21:58:51 -08:00 -
For npm upgrade on Windows, go through cmd.exe to get path traversal working (#6387)
On Windows, `npm` by itself does not resolve under std::process::Command which does not consider PATHEXT to resolve it to `npm.cmd` in the PATH. By running the npm upgrade command via cmd.exe we get proper path semantics so it actually works.
iceweasel-oai ·
2025-11-09 21:07:44 -08:00 -
fix(cloud-tasks): respect cli_auth_credentials_store config (#5856)
## Problem `codex cloud` always instantiated `AuthManager` with `File` mode, ignoring the user's actual `cli_auth_credentials_store` setting. This caused users with `cli_auth_credentials_store = "keyring"` (or `"auto"`) to see "Not signed in" errors even when they had valid credentials stored in the system keyring. ## Root cause The code called `Config::load_from_base_config_with_overrides()` with an empty `ConfigToml::default()`, which always returned `File` as the default store mode instead of loading the actual user configuration. ## Solution - **Added `util::load_cli_auth_manager()` helper** Properly loads user config via `load_config_as_toml_with_cli_overrides()` and extracts the `cli_auth_credentials_store` setting before creating `AuthManager`. - **Updated callers** - `init_backend()` - used when starting cloud tasks UI - `build_chatgpt_headers()` - used for API requests ## Testing - ✅ `just fmt` - ✅ `just fix -p codex-cloud-tasks` - ✅ `cargo test -p codex-cloud-tasks` ## Files changed - `codex-rs/cloud-tasks/src/lib.rs` - `codex-rs/cloud-tasks/src/util.rs` ## Verification Users with keyring-based auth can now run `codex cloud` successfully without "Not signed in" errors. --------- Co-authored-by: Eric Traut <etraut@openai.com> Co-authored-by: celia-oai <celia@openai.com>
kinopeee ·
2025-11-10 00:35:08 +00:00 -
fix(seatbelt): Allow reading hw.physicalcpu (#6421)
Allow reading `hw.physicalcpu` so numpy can be imported when running in the sandbox. resolves #6420
Oliver Mannion ·
2025-11-09 08:53:36 -08:00 -
Fix SDK documentation: replace 'file diffs' with 'file change notifications' (#6425)
The TypeScript SDK's README incorrectly claimed that runStreamed() emits "file diffs". However, the FileChangeItem type only contains metadata (path, kind, status) without actual diff content. Updated line 36 to accurately describe the SDK as providing "file change notifications" instead of "file diffs" to match the actual implementation in items.ts. Fixes #5850
Raduan A. ·
2025-11-09 08:37:16 -08:00 -
more world-writable warning improvements (#6389)
3 improvements: 1. show up to 3 actual paths that are world-writable 2. do the scan/warning for Read-Only mode too, because it also applies there 3. remove the "Cancel" option since it doesn't always apply (like on startup)
iceweasel-oai ·
2025-11-08 11:35:43 -08:00 -
feat(tui): Display keyboard shortcuts inline for approval options (#5889)
Shows single-key shortcuts (y, a, n) next to approval options to make them more discoverable. Previously these shortcuts worked but were hidden, making the feature hard to discover. Changes: - "Yes, proceed" now shows "y" shortcut - "Yes, and don't ask again" now shows "a" shortcut - "No, and tell Codex..." continues to show "esc" shortcut This improves UX by surfacing the quick keyboard shortcuts that were already functional but undiscoverable in the UI. --- Update: added parentheses for better visual clarity <img width="1540" height="486" alt="CleanShot 2025-11-05 at 11 47 07@2x" src="https://github.com/user-attachments/assets/f951c34a-9ec8-4b81-b151-7b2ccba94658" /> --------- Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Eric Traut <etraut@openai.com>
Raduan A. ·
2025-11-08 09:08:42 -08:00 -
Improve world-writable scan (#6381)
1. scan many more directories since it's much faster than the original implementation 2. limit overall scan time to 2s 3. skip some directories that are noisy - ApplicationData, Installer, etc.
iceweasel-oai ·
2025-11-07 21:28:55 -08:00 -
Kill shell tool process groups on timeout (#5258)
## Summary - launch shell tool processes in their own process group so Codex owns the full tree - on timeout or ctrl-c, send SIGKILL to the process group before terminating the tracked child - document that the default shell/unified_exec timeout remains 1000 ms ## Original Bug Long-lived shell tool commands hang indefinitely because the timeout handler only terminated the direct child process; any grandchildren it spawned kept running and held the PTY open, preventing Codex from regaining control. ## Repro Original Bug Install next.js and run `next dev` (which is a long-running shell process with children). On openai:main, it will cause the agent to permanently get stuck here until human intervention. On this branch, this command will be terminated successfully after timeout_ms which will unblock the agent. This is a critical fix for unmonitored / lightly monitored agents that don't have immediate human observation to unblock them. --------- Co-authored-by: Michael Bolin <mbolin@openai.com> Co-authored-by: Michael Bolin <bolinfest@gmail.com>
Luca King ·
2025-11-07 17:54:35 -08:00 -
pakrym-oai ·
2025-11-07 16:36:04 -08:00 -
core: replace Cloudflare 403 HTML with friendly message (#6252)
### Motivation When Codex is launched from a region where Cloudflare blocks access (for example, Russia), the CLI currently dumps Cloudflare’s entire HTML error page. This isn’t actionable and makes it hard for users to understand what happened. We want to detect the Cloudflare block and show a concise, user-friendly explanation instead. ### What Changed - Added CLOUDFLARE_BLOCKED_MESSAGE and a friendly_message() helper to UnexpectedResponseError. Whenever we see a 403 whose body contains the Cloudflare block notice, we now emit a single-line message (Access blocked by Cloudflare…) while preserving the HTTP status and request id. All other responses keep the original behaviour. - Added two focused unit tests: - unexpected_status_cloudflare_html_is_simplified ensures the Cloudflare HTML case yields the friendly message. - unexpected_status_non_html_is_unchanged confirms plain-text 403s still return the raw body. ### Testing - cargo build -p codex-cli - cargo test -p codex-core - just fix -p codex-core - cargo test --all-features --------- Co-authored-by: Eric Traut <etraut@openai.com>
Alexander Smirnov ·
2025-11-07 15:55:16 -08:00 -
refactor(terminal): cleanup deprecated flush logic (#6373)
Removes flush logic that was leftover to test against ratatui's flush Cleaned up the flush logic so it's a bit more intent revealing. DrawCommand now owns the Cells that it draws as this works around a borrow checker problem.
Josh McKinney ·
2025-11-07 15:54:07 -08:00 -
[App-server] add initialization to doc (#6377)
Address comments in #6353.
Celia Chen ·
2025-11-07 23:52:20 +00:00 -
fix(wsl): normalize Windows paths during update (#6086) (#6097)
When running under WSL, the update command could receive Windows-style absolute paths (e.g., `C:\...`) and pass them to Linux processes unchanged, which fails because WSL expects those paths in `/mnt/<drive>/...` form. This patch adds a tiny helper in the CLI (`cli/src/wsl_paths.rs`) that: - Detects WSL (`WSL_DISTRO_NAME` or `"microsoft"` in `/proc/version`) - Converts `X:\...` → `/mnt/x/...` `run_update_action` now normalizes the package-manager command and arguments under WSL before spawning. Non-WSL platforms are unaffected. Includes small unit tests for the converter. **Fixes:** #6086, #6084 Co-authored-by: Eric Traut <etraut@openai.com>
Jakob Malmo ·
2025-11-07 14:49:17 -08:00 -
[SDK] Add network_access and web_search options to TypeScript SDK (#6367)
## Summary This PR adds two new optional boolean fields to `ThreadOptions` in the TypeScript SDK: - **`networkAccess`**: Enables network access in the sandbox by setting `sandbox_workspace_write.network_access` config - **`webSearch`**: Enables the web search tool by setting `tools.web_search` config These options map to existing Codex configuration options and are properly threaded through the SDK layers: 1. `ThreadOptions` (threadOptions.ts) - User-facing API 2. `CodexExecArgs` (exec.ts) - Internal execution args 3. CLI flags via `--config` in the `codex exec` command ## Changes - `sdk/typescript/src/threadOptions.ts`: Added `networkAccess` and `webSearch` fields to `ThreadOptions` type - `sdk/typescript/src/exec.ts`: Added fields to `CodexExecArgs` and CLI flag generation - `sdk/typescript/src/thread.ts`: Pass options through to exec layer ## Test Plan - [x] Build succeeds (`pnpm build`) - [x] Linter passes (`pnpm lint`) - [x] Type definitions are properly exported - [ ] Manual testing with sample code (to be done by reviewer) --------- Co-authored-by: Claude <noreply@anthropic.com>
Dan Hernandez ·
2025-11-07 13:19:34 -08:00 -
feat: add --promote-alpha option to create_github_release script (#6370)
Historically, running `create_github_release --publish-release` would always publish a new release from latest `main`, which isn't always the best idea. We should really publish an alpha, let it bake, and then promote it. This PR introduces a new flag, `--promote-alpha`, which does exactly that. It also works with `--dry-run`, so you can sanity check the commit it will use as the base commit for the new release before running it for real. ```shell $ ./codex-rs/scripts/create_github_release --dry-run --promote-alpha 0.56.0-alpha.2 Publishing version 0.56.0 Running gh api GET /repos/openai/codex/git/refs/tags/rust-v0.56.0-alpha.2 Running gh api GET /repos/openai/codex/git/tags/7d4ef77bc35b011aa0c76c5cbe6cd7d3e53f1dfe Running gh api GET /repos/openai/codex/compare/main...8b49211e67d3c863df5ecc13fc5f88516a20fa69 Would publish version 0.56.0 using base commit
62474a30e8derived from rust-v0.56.0-alpha.2. ```Michael Bolin ·
2025-11-07 20:05:22 +00:00 -
Jeremy Rose ·
2025-11-07 18:17:52 +00:00