Skip to content

checkpoint: into wallentx/termux-target from release/0.136.0 @ 328b1e6d55a9#178

Merged
wallentx merged 112 commits into
wallentx/termux-targetfrom
checkpoint/wallentx_termux-target_from_release_0.136.0_328b1e6d55a9
Jun 1, 2026
Merged

checkpoint: into wallentx/termux-target from release/0.136.0 @ 328b1e6d55a9#178
wallentx merged 112 commits into
wallentx/termux-targetfrom
checkpoint/wallentx_termux-target_from_release_0.136.0_328b1e6d55a9

Conversation

@unemployabot

@unemployabot unemployabot Bot commented Jun 1, 2026

Copy link
Copy Markdown

Termux release checkpoint

  • Source branch: release/0.136.0
  • Source hash: 328b1e6d55a90b78eaddce4553c3261216d19adf
  • Destination branch: wallentx/termux-target
  • Remaining first-parent commits on source: 0

This PR carries release-train conflict fixes and follow-up changes back into the reusable Termux patch branch.

Merge conflicts

GitHub Actions could not create the checkpoint merge commit automatically, so this PR was created from the source branch state for manual conflict resolution.

Conflicted paths from the failed merge attempt:

  • .github/workflows/rust-ci-full.yml
  • codex-rs/Cargo.lock
  • codex-rs/Cargo.toml
  • codex-rs/core/src/codex_thread.rs
  • codex-rs/core/src/exec_tests.rs
  • codex-rs/core/src/goals.rs
  • codex-rs/core/src/session/input_queue.rs
  • codex-rs/core/src/session/tests.rs
  • codex-rs/core/src/session/turn.rs
  • codex-rs/core/src/tasks/review.rs
  • codex-rs/core/src/tools/code_mode/mod.rs
  • codex-rs/core/src/tools/handlers/extension_tools.rs
  • codex-rs/core/src/tools/runtimes/shell.rs
  • codex-rs/core/src/tools/runtimes/shell/unix_escalation.rs
  • codex-rs/ext/goal/src/extension.rs
  • codex-rs/ext/image-generation/Cargo.toml
  • codex-rs/ext/image-generation/src/extension.rs
  • codex-rs/ext/image-generation/src/tests.rs
  • codex-rs/ext/image-generation/src/tool.rs
  • codex-rs/model-provider/src/amazon_bedrock/catalog.rs
  • codex-rs/tools/src/lib.rs
  • codex-rs/tools/src/tool_call.rs

Release-only workflow files and metadata under .github were restored to the destination branch versions before opening this PR.

viyatb-oai and others added 30 commits May 27, 2026 12:59
)

## Why
Interrupted `shell_command` calls can race with the outer tool-dispatch
cancellation path. When that happens, the runtime future may be dropped
before the spawned process gets a chance to run `SIGTERM` cleanup. For
bwrapd-backed Linux sandbox commands, that can leave synthetic
protected-path mount bookkeeping such as `.git/.codex` registrations
under `/tmp` behind after a TUI interruption.

The relevant cancellation points are the outer dispatch race in
[`core/src/tools/parallel.rs`](https://github.com/openai/codex/blob/bd184ba84703cc924921ed883f0cf17d3dba60ff/codex-rs/core/src/tools/parallel.rs#L91-L132)
and the process shutdown logic in
[`core/src/exec.rs`](https://github.com/openai/codex/blob/bd184ba84703cc924921ed883f0cf17d3dba60ff/codex-rs/core/src/exec.rs#L1367-L1393).

## What changed
- Keep `shell_command` dispatch alive long enough for the runtime to
finish cancellation cleanup instead of immediately returning the
synthetic aborted response.
- Fold shell-turn cancellation into the existing `ExecExpiration` path
in
[`core/src/tools/runtimes/shell.rs`](https://github.com/openai/codex/blob/bd184ba84703cc924921ed883f0cf17d3dba60ff/codex-rs/core/src/tools/runtimes/shell.rs#L267-L274),
so cancellation and timeout behavior stay centralized.
- On cancellation, send `SIGTERM` first, wait briefly for cleanup to
run, then hard-kill any remaining descendants in the original process
group.
- Treat `ESRCH` as an already-gone process-group cleanup case in
`codex-utils-pty`, which keeps best-effort teardown from surfacing a
stale-process race as an error.

## Verification
- `cargo test -p codex-core cancellation`
- Added regression coverage for:
  - `shell_tool_cancellation_waits_for_runtime_cleanup`
  - `process_exec_tool_call_cancellation_allows_sigterm_cleanup`
## Why

Wrapped URLs in rich TUI output, especially URLs rendered inside
Markdown tables, are split across terminal rows. In terminals that
support OSC 8 hyperlinks, treating each visible fragment as part of the
complete destination enables reliable open-link and copy-link actions
even after table layout wraps the URL.

This addresses the semantic-link portion of openai#12200 and the behavior
described in
openai#12200 (comment). It
does not change ordinary drag-selection across bordered table rows.

## What Changed

- Added shared TUI OSC 8 support that validates `http://` and `https://`
destinations, sanitizes terminal payloads, and applies metadata
separately from visible line width/layout.
- Added semantic web-link annotations to assistant and proposed-plan
Markdown, including explicit web links and bare web URLs in prose and
table cells while excluding code and non-web Markdown destinations.
- Preserved complete URL targets through table wrapping, narrow pipe
fallback, streaming, transcript overlay rendering, history insertion,
and resize replay.
- Routed intentional Codex-owned links in notices,
status/setup/app-link, feedback, onboarding, MCP/plugin help, memories,
and update surfaces through the shared hyperlink handling.

## How to Test

1. Run Codex in a terminal with OSC 8 link support, such as Ghostty, and
request an assistant response containing a Markdown table whose last
column contains a long `https://` URL.
2. Make the terminal narrow enough for the URL to wrap across multiple
bordered table rows.
3. Use the terminal's open-link or copy-link action on more than one
wrapped URL fragment and confirm each fragment resolves to the complete
original URL.
4. Resize the terminal after the table is rendered and repeat the link
action to confirm the destination survives scrollback replay.
5. Open the transcript overlay while rich output is present and confirm
web links remain interactive there.
6. As a regression check, render inline/fenced code containing URL text
and a Markdown link such as
`[https://example.com](mailto:support@example.com)`; confirm these do
not acquire a web OSC 8 destination.

Targeted automated coverage exercised Markdown links and exclusions,
wrapped and pipe-fallback tables, streaming/transcript overlay
propagation, status-link truncation, and rendered word-wrapping cell
alignment. `just test -p codex-tui` was also run; it passed the
hyperlink coverage and reproduced two unrelated existing guardian
feature-flag test failures.
…2] (openai#24636)

## Stack

- **Base: openai#24489 [1 of 2]** - render markdown tables in app style.
- **Current: openai#24636 [2 of 2]** - render cramped markdown tables as
key/value records.

Review this PR against `fcoury/app-style-markdown-tables`; it contains
only the fallback behavior for cramped tables.

## Why

The row-separated markdown table rendering in openai#24489 remains readable
while columns have usable room. Once long links or multiple prose-heavy
columns are compressed into narrow allocations, however, the grid can
turn words and paths into tall vertical strips that are difficult to
scan. In those cases the content matters more than preserving the grid
shape.

## What Changed

<table>
<tr><td>
<p align="center"><b>
Normal
</b></p>
<img width="1722" height="619" alt="CleanShot 2026-05-27 at 14 32 57"
src="https://github.com/user-attachments/assets/d04f5fbd-6064-4acd-91bd-072d19b983df"
/>
</td></tr>
<tr><td>
<p align="center"><b>
Narrow
</b></p>
<img width="863" height="1013" alt="CleanShot 2026-05-27 at 14 33 12"
src="https://github.com/user-attachments/assets/6a7d2968-0a68-48fd-ab5d-209b3dbaf03e"
/>
</td></tr>
<tr><td>
<p align="center"><b>
Very narrow
</b></p>
<img width="435" height="746" alt="CleanShot 2026-05-27 at 14 33 47"
src="https://github.com/user-attachments/assets/f6a59e30-b1d2-4063-9c05-43933abc77d6"
/>
</td></tr>
</table>

- Detect tables whose grid allocation causes systemic token
fragmentation or starves multiple prose-heavy columns.
- Render those tables as repeated key/value records instead of retaining
an unreadable grid.
- Use aligned label/value records when there is useful horizontal room,
and switch to a stacked narrow-record layout where each label is
followed by a full-width value when width is especially constrained.
- Preserve the themed label color, rich inline formatting, links, and
the existing grid presentation for tables that remain readable.
- Add snapshot coverage for path-heavy narrow tables, prose-heavy issue
tables, systemic compact fragmentation, and a control case that should
continue to render as a grid.

## How to Test

1. Start Codex from this branch and render a normal multi-column
markdown table at a comfortable terminal width. Confirm it still appears
as the styled row-separated grid from openai#24489.
2. Render a table containing a long linked record identifier or
file-like value, then narrow the terminal until the grid would split the
value into vertical fragments. Confirm it switches to key/value records,
with labels above values at very narrow widths.
3. Render a table with multiple prose-heavy columns, such as an issue
summary table with `Issue`, `Activity`, `Complexity`, and `Why start`.
Confirm a cramped width switches to records rather than wrapping several
columns into hard-to-read strips.
4. Render a compact table where only one value wraps mildly. Confirm it
stays in grid form rather than switching prematurely.

## Validation

- Ran `just test -p codex-tui` while developing the fallback and
reviewed/accepted the intended new markdown-render snapshots. The
command still reports two unrelated existing guardian feature-flag test
failures outside this diff.
- Ran `just fix -p codex-tui` and `just fmt` after the Rust changes were
complete.
- `just argument-comment-lint` cannot reach source linting locally
because Bazel fails while resolving LLVM sanitizer headers; touched
positional literal callsites were inspected manually and annotated where
needed.
## Overview
Allow remote `codex exec-server` registration to use existing API-key
auth while restricting where those credentials can be sent.

- Accept `CodexAuth::ApiKey` for the normal `--remote` registration
path.
- Restrict API-key remote registration to HTTPS `openai.com` and
`openai.org` hosts and subdomains, with explicit HTTP loopback support
for local development.
- Disable registry registration redirects so credentials cannot be
forwarded to an unvalidated destination.
- Retain `--use-agent-identity-auth` as the explicit Agent Identity
path.
- Document remote registration using `CODEX_API_KEY`.

## Big picture
Callers can now provide an API key directly to `exec-server`
registration without first establishing ChatGPT login state:

```sh
CODEX_API_KEY="$OPENAI_API_KEY" \
codex exec-server \
  --remote "https://<host>.openai.org/api" \
  --environment-id "$ENVIRONMENT_ID"
```

## Validation
- `cargo fmt --all` (`just fmt` is not installed on this host)
- `cargo test -p codex-cli -p codex-exec-server`
WIll make it easier to uprev when the new draft spec is supported.

Also updates reqwest where needed for compatibility but doesn't update
it everywhere since this is already a large diff.

The new version of rmcp handles certain kinds of authentication failures
differently, this patch includes support for identifying the failing scope
in a WWW-Authenticate header.
## Why

The key/value markdown table renderer added in openai#24636 still operates on
`Line` values, while table cells and rendered table output now carry
`HyperlinkLine`. That mismatch breaks `codex-tui` compilation on `main`
and would risk losing semantic web-link annotations if corrected by
flattening the values.

## What changed

- Make key/value record rendering wrap and emit `HyperlinkLine` values
consistently with the existing grid renderer.
- Remap wrapped hyperlink ranges and shift them when value content is
prefixed by record-mode indentation or labels.
- Add focused coverage verifying key/value fallback output preserves
web-link destinations.

## Verification

- `just test -p codex-tui -E
'test(key_value_table_keeps_web_annotations) |
test(/table_renders_(key_value_records_when_compact_fragmentation_is_systemic_snapshot|stacked_key_value_records_when_path_column_becomes_too_narrow_snapshot|records_when_multiple_prose_columns_are_starved_snapshot)/)'`
## Why

`AppServerConfig` is exported as part of the ergonomic Python SDK
surface and passed to `Codex(...)` and `AsyncCodex(...)`. That name
exposes the underlying app-server transport at the same layer where
users are configuring the Codex client. `CodexConfig` makes the common
callsite read naturally and names the object it configures.

## What changed

- Renamed the public configuration dataclass from `AppServerConfig` to
`CodexConfig`.
- Updated `Codex`, `AsyncCodex`, and the transport clients to accept
`CodexConfig`.
- Updated binary-resolution messages, package exports, docs, examples,
and related coverage to use the new public name.

## API impact

```python
from openai_codex import Codex, CodexConfig

with Codex(config=CodexConfig(codex_bin="/path/to/codex")) as codex:
    ...
```

Callers should now import and construct `CodexConfig`; `AppServerConfig`
is no longer part of the Python SDK surface.

## Validation

- `uv run --frozen --extra dev ruff check src/openai_codex scripts
examples tests`
- Tests are deferred to online CI for this PR.
## Why

Dynamic tools are defined at thread start and already stored in rollout
`SessionMeta`, which restores resumed and forked sessions. Persisting
the same tools through SQLite creates a second runtime persistence path
that is unnecessary prework for the explicit namespace refactor.

## What changed

- Restore missing thread-start dynamic tools directly from rollout
history, including when SQLite is enabled.
- Remove SQLite dynamic-tool reads, writes, backfill, and thread
metadata patch plumbing.
- Add SQLite-enabled resume integration coverage that verifies a
rollout-defined dynamic tool is still sent after resume.

## Compatibility

The existing `thread_dynamic_tools` table is intentionally not dropped
even though it's now unused. Older Codex binaries are allowed to open
databases migrated by newer binaries and still reference this table;
dropping it would break that mixed-version path. See
[here](https://github.com/openai/codex/blob/main/codex-rs/state/src/migrations.rs#L10-L11).

## Verification

- `just test -p codex-state -p codex-rollout -p codex-thread-store`
- `just test -p codex-core --test all
resume_restores_dynamic_tools_from_rollout_with_sqlite_enabled`
## Why

`openai-codex` needs a beta release lifecycle without requiring beta
releases of its pinned runtime package. Previously, SDK staging rewrote
its runtime dependency to the SDK version, which made an SDK-only beta
impossible.

## What changed

- Set the initial SDK beta version to `0.1.0b1` and pin it to published
stable `openai-codex-cli-bin==0.132.0`.
- Decoupled SDK release staging from runtime versioning so it preserves
the reviewed exact runtime pin.
- Added a `python-v*` tag workflow that builds and publishes only
`openai-codex` through PyPI trusted publishing.
- Removed the Beta classifier from runtime package metadata for future
runtime publications.
- Regenerated protocol-derived SDK models from the selected stable
runtime package.

`0.132.0` is the newest stable runtime admitted by the checked-in
dependency date fence and retains the Linux wheel family currently used
by SDK CI.

## Release setup

Before pushing `python-v0.1.0b1`, configure PyPI trusted publishing for
the `openai-codex` project with workflow `python-sdk-release.yml`,
environment `pypi`, and job `publish-python-sdk`.

## Validation

- `uv run --frozen --extra dev ruff check src/openai_codex scripts
examples tests`
- Parsed `.github/workflows/python-sdk-release.yml` with PyYAML.
- Built staged release artifacts locally:
`openai_codex-0.1.0b1-py3-none-any.whl` and
`openai_codex-0.1.0b1.tar.gz`.
- Verified wheel metadata pins `openai-codex-cli-bin==0.132.0`.
- Tests are deferred to online CI for this PR.
…penai#24836)

## Why

The initial public `openai-codex` beta should read and install like a
normal published Python package before a release tag is created. This
follows merged PR openai#24828, which establishes the independent SDK beta
release plumbing and exact runtime dependency.

## What changed

- Rewrote `sdk/python/README.md` as a compact PyPI-facing beta package
page: published installation, one quickstart, short login examples,
built-in help, and links to deeper guides.
- Updated the getting-started guide, API reference, FAQ, and examples
index to present the published beta consistently without repeating
onboarding in the package landing page or reference page.
- Made `pip install openai-codex` the primary install path while beta
releases are the only published SDK releases, with `--pre` documented
for opting into prereleases after a stable release exists.
- Added curated `help()` / `pydoc` docstrings across the public API and
generated public convenience methods through
`scripts/update_sdk_artifacts.py`.
- Declared the repository `Apache-2.0` license expression and
Documentation URL in package metadata, without introducing a duplicated
SDK-local license file.
- Kept the source distribution focused on installable package material
(`src/openai_codex`, `README.md`, and `pyproject.toml`); the repository
docs and runnable examples remain linked from the PyPI README.
- Built release artifacts in an Alpine container on the Ubuntu runner,
matching Python SDK CI and allowing type generation to install the
published `musllinux` runtime wheel.
- Added `twine check --strict` to the release workflow so malformed PyPI
metadata or rendered README content fails before publishing.
- Added focused SDK assertions for beta metadata, the exact runtime pin,
source distribution contents, and the built-in Python documentation
surface.

## Validation

- Ran `uv run --frozen --extra dev ruff check
scripts/update_sdk_artifacts.py src/openai_codex
tests/test_public_api_signatures.py
tests/test_artifact_workflow_and_binaries.py` before the final
README-only reductions and review-fix follow-ups.
- Built `openai_codex-0.1.0b1-py3-none-any.whl` and
`openai_codex-0.1.0b1.tar.gz` before the final README-only reductions
and review-fix follow-ups.
- Ran `python -m twine check --strict` on both built artifacts before
the final README-only reductions and review-fix follow-ups.
- Verified artifact metadata reports `Apache-2.0` without a duplicated
SDK-local license file.
- Verified `inspect.getdoc(...)` resolves documentation for the package,
`Codex`, `CodexConfig`, and key generated thread methods.
- Rebased the documentation/readiness change onto merged PR openai#24828
without changing the intended SDK or workflow file contents.
- Final verification is delegated to online CI for this PR.
## Summary
- classify known refresh-token terminal failures from `/oauth/token` as
permanent even when the backend returns `400`
- preserve the existing relogin-required message for
`refresh_token_reused` instead of retrying and collapsing into a generic
cloud requirements error
- add regression coverage for `400 refresh_token_reused`

## Testing
- `just fmt`
- `cargo test -p codex-login`
## Summary
- Remove the exact-version install snippet from the PyPI-facing Python
SDK README.
- Remove the release-selection explanation so the install section
presents the standard `pip install openai-codex` path directly.

## Validation
- Not run locally; relying on online CI for this documentation-only
change.
## Summary
- Remove the Python language classifiers from the Python SDK package
metadata.
- Keep `requires-python = ">=3.10"` as the package's interpreter
compatibility constraint.
- Avoid presenting a curated version-support list in PyPI metadata.

## Validation
- Not run locally; relying on online CI for this metadata-only change.

## Release
- Land this change before publishing the next Python SDK beta.
## Summary
- Remove the beta warning callout from the PyPI-facing Python SDK
README.
- Keep the existing Beta title and install/usage guidance unchanged.

## Validation
- Not run locally; relying on online CI for this documentation-only
change.

## Release
- Land this change before publishing the next Python SDK beta.
## Summary
- Treat `sdk/python` as a development template with source version
`0.0.0-dev`, matching the existing Python runtime packaging pattern.
- Have `python-v*` tags supply the published SDK beta version through
the existing `stage-sdk --sdk-version` path.
- Remove the workflow check requiring a source version bump for each
beta release and remove its now-unused host Python setup step.
- Keep the reviewed runtime dependency pin at
`openai-codex-cli-bin==0.132.0`.
- Remove beta-number-specific documentation so it does not need editing
for each publish.

## Why
The package staging script already writes the release version into the
artifact. Requiring the checked-in SDK template version to match every
tag adds release-only source churn without changing the package users
receive.

## Validation
- Not run locally; relying on online CI for this workflow and metadata
change.

## Release
After this PR lands, publish the next beta by pushing tag
`python-v0.1.0b2` from merged `main`.
## Why

Config loading should not create or write-authorize the memories root
just because memory support exists. Memory startup is the code path that
actually materializes that tree.

## What

- Stop creating the memories root during Config load and remove it from
legacy workspace-write projections.
- Grant the memories root read access only when the memories feature and
use_memories are enabled.
- Create the memories root inside memories startup before seeding
extension instructions.
- Update config and startup tests around the ownership boundary.

## Tests

- just fmt
- just fix -p codex-core
- just fix -p codex-memories-write
- just test -p codex-core
memory_tool_makes_memories_root_readable_without_creating_or_widening_writes
workspace_write_includes_configured_writable_root_once_without_memories_root
permission_profile_override_keeps_memories_root_out_of_legacy_projection
permissions_profiles_allow_direct_write_roots_outside_workspace_root
default_permissions_profile_populates_runtime_sandbox_policy
- just test -p codex-memories-write memories_startup_creates_memory_root

Note: a broader just test -p codex-core run is not clean in this
sandbox; it hit missing test_stdio_server plus seatbelt, realtime, and
environment-sensitive failures. The changed config tests above pass.
Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/client.rs. Validation was not run per request; this
branch is expected to rely on the companion split PRs.
Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/guardian/mod.rs. Validation was not run per request;
this branch is expected to rely on the companion split PRs.
Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/guardian/review_session.rs. Validation was not run per
request; this branch is expected to rely on the companion split PRs.
Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/guardian/tests.rs. Validation was not run per request;
this branch is expected to rely on the companion split PRs.
Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/session/session.rs. Validation was not run per
request; this branch is expected to rely on the companion split PRs.
## Why

Guardian review sessions are reusable across forks when their
`GuardianReviewSessionReuseKey` is unchanged, but the underlying
Responses request was still using the child thread ID as
`prompt_cache_key`. That meant forked Guardian reviews that should share
cache context produced different cache keys, reducing prompt cache reuse
and weakening the reuse invariant.

## What Changed

- Adds a `ModelClient` prompt cache key override and uses it for
`ResponsesApiRequest.prompt_cache_key`.
- Computes Guardian review cache keys as
`guardian:<sha1(parent_thread_id:reuse_key)>`, scoped to the parent
thread plus the reuse-sensitive Guardian config.
- Wires session construction to apply that override only for Guardian
sub-agent sessions.

## Testing

- Added coverage that Guardian cache keys are stable for the same
parent/reuse key, change when either the parent thread or reuse key
changes, fit within the Responses API length limit, and are absent for
non-Guardian sessions.
- Extended the parallel review test to assert forked Guardian reviews
send the same `prompt_cache_key`.
## Summary
- Add the required `/*parent_thread_id*/` argument comment at the
Guardian review session test callsite flagged by CI.

## Validation
- `just fmt`
- Not run: clippy/tests, per request; CI will cover them.
## Why

Dedicated memories tools are exposed through a Responses API namespace
tool. The namespace itself has to be a valid tool identifier, so
`memories/` can fail validation before the model ever gets a chance to
call the memory tools.

## What changed

- Changed `MEMORY_TOOLS_NAMESPACE` from `memories/` to `memories`.
- Added `memory_tool_namespace_matches_responses_api_identifier` so the
namespace stays non-empty and limited to Responses-safe identifier
characters.

## Verification

- Added unit coverage for the namespace identifier shape in
`codex-rs/ext/memories/src/tests.rs`.
## Why

Guardian reviews already emit analytics events, but we do not expose
aggregate OpenTelemetry metrics for review volume, latency, token usage,
or terminal outcomes. That makes it harder to monitor Guardian behavior
during rollouts and to compare review outcomes by source, action type,
session kind, model, and failure mode.

## What Changed

- Added Guardian review metric names for count, total duration, time to
first token, and token usage in `codex-rs/otel`.
- Added `core/src/guardian/metrics.rs` to convert
`GuardianReviewAnalyticsResult` into sanitized metric tags covering
decision, terminal status, failure reason, approval request source,
reviewed action, session kind, risk/outcome, model, reasoning effort,
and context/truncation state.
- Emitted the new metrics from `track_guardian_review` for each terminal
Guardian review result.

## Testing

- Added
`guardian_review_metrics_record_counts_durations_and_token_usage`, which
verifies the emitted count, duration, TTFT, token usage histograms, and
tag set through the in-memory metrics exporter.
…openai#23546)

## Summary

- refresh managed ChatGPT auth during auth resolution when its access
token is inside ChatGPT web's five-minute near-expiry window
- cover refresh-window decisions while preserving the existing
expired-token refresh path

## Why

Codex already resolves managed ChatGPT auth before outbound requests and
refreshes expired access tokens there. This change adjusts the existing
predicate to refresh a still-valid access token once it is within the
same five-minute refresh window used by ChatGPT web, avoiding a request
with a token about to expire.

A cross-process serialization follow-up was explored in openai#24663 and
closed for now; we do not currently suspect cross-process refresh races
are a root cause of the refresh errors under investigation.

External-token, API-key, and Agent Identity auth modes remain unchanged.

## Validation

- `bazel test //codex-rs/login:login-all-test`
- `just fmt` runs Rust formatting successfully, then its Python SDK Ruff
step cannot install `openai-codex-cli-bin==0.131.0a4` on this Linux
environment because no compatible wheel is published.
Summary: add session source and persistent-state availability to
ThreadStartInput; populate them from session init; update existing goal
test harness constructors. Tests: just fmt; git diff --check. No full
tests or clippy run per request.
Summary
- Add TurnErrorInput and TurnLifecycleContributor::on_turn_error to the
extension API.
- Emit the turn-error lifecycle from core turn error paths, including
usage limit failures.
- Add direct lifecycle coverage for the emitted error facts and stores.

Tests
- just fmt
- git diff --check
- Not run: full tests or clippy (per instructions)
## Summary
- update the bundled `openai-docs` system skill to match the latest
`openai-docs-plus` content from `skills-internal`
- add the cached Codex manual fetch helper and expand the skill routing
for Codex self-knowledge
- keep the stable local skill identity and labels as `openai-docs`

## Why
The built-in OpenAI Docs skill needed to reflect the current upstream
guidance from `skills-internal` while preserving the local system-skill
name used by Codex.

## Impact
Codex now ships the newer OpenAI Docs skill behavior for Codex
self-knowledge and manual-first documentation lookups.

## Validation
- `just test -p codex-skills`
- exact directory diff against transformed `skills-internal`
`origin/main` was clean
etraut-openai and others added 24 commits May 29, 2026 11:07
## Why

TUI users can archive saved sessions from other surfaces, but there is
no in-session command for archiving the active session. Since archiving
the active session also exits the TUI, the command should ask for
explicit confirmation instead of firing immediately.

I'm also working on [a companion
PR](openai#25021) that adds `codex
archive` and `codex unarchive` top-level CLI commands.

## What changed

- Adds a new `/archive` slash command described as `archive this session
and exit`.
- Shows a confirmation dialog with `No, don't archive` selected first
and `Yes, archive and exit` as the explicit action.
- On confirmation, calls the existing `thread/archive` app-server RPC
for the active main session and exits after success.
- Keeps `/archive` disabled while a task is running and unavailable in
side conversations.

## Verification

Added focused TUI coverage for the `/archive` confirmation flow,
disabled-while-task-running behavior, and the `/ar` slash-command popup
snapshot.
## Why

The TUI `/rename` confirmation should use the term "session" for
consistency.
## Why

We recently added `forked_from_thread_id` which lets us trace where a
thread's _context_ comes from, but we also want to understand subagent
lineage (e.g. which parent thread spawned this subagent? what kind of
subagent is it?) which is orthogonal.

This PR adds `parent_thread_id` and `subagent_kind` to the
`x-codex-turn-metadata` header sent to ResponsesAPI.

## What changed

- Adds `parent_thread_id` and `subagent_kind` to core-owned
`x-codex-turn-metadata`.
- Restores persisted `SessionSource` and `ThreadSource` from resumed
session metadata so cold-resumed subagent threads keep their lineage on
later Responses API requests.
- Centralizes parent-thread extraction on `SessionSource` /
`SubAgentSource` and reuses it in the Responses client, analytics, agent
control, and state parsing paths.
- Extends reserved-key, git-enrichment, thread-spawn, and app-server v2
metadata coverage for the new lineage fields.

## Verification

- Not run locally per request.
- Added focused coverage in `core/src/turn_metadata_tests.rs` and
`app-server/tests/suite/v2/client_metadata.rs`.
## Summary
- terminate sandbox filesystem helpers when the Tokio child handle is
dropped

## Why
A sandbox filesystem helper can stall during process startup before
reading stdin. If the owning async operation is cancelled or torn down,
the spawned helper should not remain running as an orphaned process.

Setting `kill_on_drop(true)` gives the filesystem helper the cleanup
behavior that Tokio child processes otherwise do not enable by default.

This intentionally does not add a timeout. It does not detect or recover
an active hung file edit while the owning future remains alive. A more
precise startup-health mechanism can be handled separately.

## Validation
- `just test -p codex-exec-server` (186 tests passed; benchmark smoke
passed)
- `just fmt`
- `just fix -p codex-exec-server`
- `git diff --check`
## Summary

Introduce a `CodeModeSession` interface for executing and managing
code-mode cells.

This moves cell lifecycle, callback delegation, termination, and
shutdown behind a session abstraction, while continuing to use the
existing in-process implementation, and the ability to implement an
external process one behind this interface.

A Codex session owns one `CodeModeSession`, which in turn owns its
running cells and stored code-mode state. Each cell is represented to
the caller as a `StartedCell`, exposing its cell ID and initial
response.

It also introduces a `CodeModeSessionDelegate` callback interface. A
session uses the delegate to invoke nested host tools and emit
notifications while a cell is running, allowing the runtime to
communicate with its owning Codex session without depending directly on
core turn handling.

<img width="2121" height="1001" alt="image"
src="https://github.com/user-attachments/assets/c349a819-2a59-485c-bda4-2caf68ac4c31"
/>
## Why

`SandboxPolicy` is the legacy compatibility shape, but
`codex-thread-store` still exposed it through `StoredThread`,
`ThreadMetadataPatch`, and live metadata sync. That kept thread-store
consumers tied to the legacy representation and meant richer permission
profile data could not round-trip through thread metadata or cold
rollout reconciliation.

## What Changed

- Replaced thread-store `sandbox_policy` API fields with canonical
`PermissionProfile` fields.
- Persist new permission-profile metadata as canonical JSON in the
existing SQLite metadata slot while continuing to read older legacy
sandbox policy values.
- Updated local, in-memory, live metadata sync, and rollout extraction
paths to propagate `TurnContextItem::permission_profile()`.
- Re-materialize legacy permission metadata against the final rollout
cwd when rollout-derived metadata replaces stale SQLite summaries.
- Updated affected app-server and core test constructors to build
`PermissionProfile` values directly.

## Test Plan

- `cargo test -p codex-state`
- `cargo test -p codex-thread-store`
- `cargo test -p codex-app-server
summary_from_stored_thread_preserves_millisecond_precision --lib`
- `cargo test -p codex-core realtime_context --lib`
## Why

The standalone `/v1/alpha/search` request now requires a `model`, but
the `web.run` extension currently omits it.

Adds `model` to extension `ToolCall` invocation.

Follow-up to openai#23823.

## What changed

- Make `SearchRequest.model` required.
- Expose the effective per-turn model on extension tool calls and pass
it in standalone web-search requests.
- Assert the model is forwarded in the app-server round-trip test.

## Testing

- `just test -p codex-api -p codex-tools -p codex-web-search-extension
-p codex-memories-extension -p codex-goal-extension`
- `just test -p codex-core -E
'test(passes_turn_fields_and_scoped_turn_item_emitter_to_extension_call)'`
- `just test -p codex-app-server -E
'test(standalone_web_search_round_trips_encrypted_output)'`
## Summary

This adds `environment: issue-triage` to the Codex-calling issue
workflow jobs so they can read the GitHub Environment Secret while
staying on GitHub-hosted runners for public issue-triggered workflows.
## Summary
- preserve macOS `__CF_USER_TEXT_ENCODING` when launching the sandboxed
fs helper
- keep the fs-helper env narrow; this adds only the CoreFoundation
startup var instead of copying the broader MCP stdio baseline
- add focused coverage that the helper keeps that var without admitting
`HOME`

## Diagnosis
The sandboxed fs helper is not launched like a normal child process.
Exec-server rebuilds its environment from an allowlist, then calls
`env_clear()` before re-execing Codex with `--codex-run-as-fs-helper`.
That helper dispatches before the normal Codex startup path and only
needs to boot a small Tokio runtime, read one JSON request from stdin,
perform the direct filesystem operation, and write one JSON response.

The reported macOS hang sampled the helper before Rust main, in
CoreFoundation initialization while resolving the default text encoding:
`_CFStringGetUserDefaultEncoding -> getpwuid_r -> notify_register_check
-> bootstrap_look_up3 -> mach_msg2_trap`. The fs-helper allowlist kept
`PATH` and temp vars for runtime needs, but it dropped macOS
`__CF_USER_TEXT_ENCODING`. Other Codex subprocess launchers that
intentionally build a minimal Unix baseline, such as MCP stdio, already
preserve that variable.

My read is that stripping `__CF_USER_TEXT_ENCODING` forced this internal
helper down CoreFoundation's fallback user-lookup path, and that lookup
intermittently wedged on the affected machine before the helper could
read stdin or touch the target file. Preserving only this macOS startup
variable avoids that fallback without broadening the fs-helper
environment to shell-like vars such as `HOME`, `USER`, locale settings,
terminal settings, or proxy credentials.

Internal Slack thread omitted from the public PR body.

## Validation
- `cd codex-rs && just fmt`
- `git diff --check`
## Summary
- add Vim normal-mode `s` support to substitute the character under the
cursor and enter insert mode
- fix Vim normal-mode `o` so opening below the final line moves the
cursor onto the new blank line
- update keymap config/schema and keymap picker snapshots for the new
action

## Validation
- `just fmt`
- `just write-config-schema`
- `just test -p codex-config`
- focused `just test -p codex-tui` coverage for the Vim `s` and `o`
behavior, keymap conflict handling, and keymap picker snapshots
- `cargo insta pending-snapshots --manifest-path tui/Cargo.toml`
- `git diff --check`

## Notes
A full `just test -p codex-tui` run still has two unrelated Guardian
feature-flag failures in this checkout:
-
`app::tests::update_feature_flags_disabling_guardian_clears_review_policy_and_restores_default`
-
`app::tests::update_feature_flags_disabling_guardian_clears_manual_review_policy_without_history`
Provides starlark syntax highlighting and editor formatting.
## Summary

- Keep the original `TOOL_SUGGEST_DISCOVERABLE_PLUGIN_ALLOWLIST` as a
fallback seed list, so users with no installed plugins still get initial
install suggestions.
- Allow additional install suggestions from trusted marketplaces:
`openai-curated` and `openai-bundled`.
- Require non-fallback, non-configured marketplace candidates to share
`.app.json` connector IDs with already installed plugins.
- Preserve explicit configured plugin discoverables as an override,
while still omitting installed, disabled, and `NOT_AVAILABLE` plugins.

## Context

`list_available_plugins_to_install` controls which plugins the model can
trigger via `request_plugin_install`. We want a small starter set for
empty/new users, but we also want installed workflow plugins to unlock
relevant source plugins without maintaining every source plugin ID by
hand.

This keeps the legacy plugin ID allowlist only as the starter fallback.
For everything else, the trusted marketplace is the candidate boundary,
and installed app connector overlap is the relevance filter. For
example, an installed Sales plugin can make HubSpot and Granola
suggestible when those source plugins are in `openai-curated` and share
Sales app connector IDs, while an unrelated test-source plugin with an
app connector not declared by Sales stays hidden.

## Test Coverage

- Empty/no-installed-plugin case: returns the fallback seed plugins from
the original allowlist.
- Installed-app expansion: returns non-fallback marketplace plugins only
when their app connector IDs overlap with an installed plugin.
- Sales workflow case: installed Sales declares HubSpot and Granola
apps, so `hubspot@openai-curated` and `granola@openai-curated` are
returned.
- Sales negative case: `test-source@openai-curated` has an app connector
not declared by Sales, so it is not returned.
- Existing guardrails: installed plugins, disabled suggestions, and
`NOT_AVAILABLE` plugins remain omitted; explicit configured
discoverables still work as an override.

## Validation

- `just fmt`
- `just test -p codex-core plugins::discoverable::tests`
- `just test -p codex-core` was attempted earlier, but current `main` /
local env failed with unrelated existing failures around missing
`test_stdio_server`, CLI/code-mode MCP tool setup, and
unified_exec/shell snapshot flakes/timeouts. The touched discoverable
tests pass.
# Why

Managed requirements can already constrain sandbox policy choices, but
Windows sandbox implementation selection was still resolved
independently from those requirements. That left the TUI able to
continue through the unelevated fallback even when an organization wants
to require the elevated Windows sandbox implementation.

# What

- Add `[windows].allowed_sandbox_implementations` requirements support
for the Windows `elevated` and `unelevated` implementations.
- Apply that allowlist during core config resolution so disallowed
configured or feature-selected Windows sandbox implementations fall back
to an allowed implementation with the existing requirements warning
path.
- Reuse the existing TUI Windows setup prompts to block disallowed
unelevated continuation, keep required elevated setup in front of the
user, and refuse to persist a TUI-selected Windows sandbox mode that
requirements disallow.

# Semantics

| Allowed | Selected | Effective |
| --- | --- | --- |
| `["elevated"]` | `unelevated` / unset | `elevated` |
| `["unelevated"]` | `elevated` / unset | `unelevated` |
| `["elevated", "unelevated"]` | `elevated` | `elevated` |
| `["elevated", "unelevated"]` | `unelevated` | `unelevated` |
| `["elevated", "unelevated"]` | unset | `elevated` |

Availability is handled by interactive setup surfaces after allowlist
resolution. If the effective elevated implementation is not ready,
elevated-only requirements block on setup. When unelevated is also
allowed, the UI may offer the existing unelevated fallback.

## TUI Screens

If elevated setup is not already complete:
```
  Your organization requires the default Codex agent sandbox to continue. Set it up to protect your files and control
  network access.
  Learn more <https://developers.openai.com/codex/windows>

› 1. Set up default sandbox (requires Administrator permissions)
  2. Quit
```

If admin setup fails under `["elevated"]`:
```
  Couldn't set up your sandbox with Administrator permissions

  Your organization requires the default sandbox before Codex can continue.
  Learn more <https://developers.openai.com/codex/windows>

› 1. Try setting up admin sandbox again
  2. Quit
```

# Next Steps


- extend the requirements/readout surface, such as
`configRequirements/read`, so clients can inspect the loaded
`[windows].allowed_sandbox_implementations` requirement instead of
inferring it from Windows setup state
- consider extending `windowsSandbox/readiness` as well
- update the App startup guide, setup flow, and banner surfaces so an
elevated-only requirement omits any continue-unelevated escape hatch and
blocks startup until a permitted implementation is ready;
- preserve the existing unelevated fallback path when requirements allow
it, including the `["unelevated"]` case where elevated is disallowed
## Summary

- Use the session-loaded plugin app IDs as the source of connector
suggestion candidates.
- Remove the redundant plugin reload from
`tool_suggest_connector_ids()`.
- Add regression coverage for connectors declared by a loaded remote
plugin, using the Databricks app case.

## Context

Loaded remote plugins can declare app connector IDs in `.app.json`. The
session-owned `PluginsManager` already loads those plugins and exposes
their effective app IDs.

The connector suggestion path was creating a separate `PluginsManager`
and recomputing plugin app IDs. That new manager does not share the
session manager’s remote installed plugin cache, so app IDs from loaded
remote plugins were missing from connector suggestions.

## Fix

Pass the already-loaded effective app IDs into connector suggestion
generation and use them directly as the plugin-derived connector
candidate set.

Connector candidates are now built from:

- App IDs declared by loaded plugins
- Explicitly configured connector discoverables
- Existing disabled-suggestion filtering

This avoids a second plugin-manager lookup and keeps connector
suggestions aligned with the plugins actually loaded for the turn.

## Behavior

For example, when a plugin is loaded and its `.app.json` declares data
apps, `list_available_plugins_to_install` can now return those data
connectors.

This does not create plugin suggestions from the plugin itself. Plugin
suggestions still come from eligible uninstalled entries in the
marketplace catalog and require existing matching/filtering rules.

## Validation

- `just fmt`
- Added regression coverage for a loaded-plugin connector ID appearing
in discoverable tools
- Attempted `just test -p codex-core`; the command exited unsuccessfully
in the local test environment without useful failure detail captured in
the run output
## Why

Users following the Amazon Bedrock API-key setup can export
`AWS_BEARER_TOKEN_BEDROCK` and `AWS_REGION`, but Codex's bearer-token
auth path only accepted `model_providers.amazon-bedrock.aws.region`.
That made the documented env-based setup fail with a missing-region
error even though the standard AWS region environment variable was
present.

## What Changed

- Updates Bedrock bearer-token region resolution to use
`model_providers.amazon-bedrock.aws.region` first, then fall back to
`AWS_REGION`, then `AWS_DEFAULT_REGION`.
- Updates the missing-region error to list all supported region sources.
- Adds focused coverage for config precedence, `AWS_REGION`,
`AWS_DEFAULT_REGION`, and the missing-region failure.
## Summary
Experimental flag to allow toggling `request_user_input`:

```
tools.experimental_request_user_input = false
```

## Testing
- [x] Added unit tests
## Problem

Saved threads can already be archived through app-server RPCs, but the
command line did not expose direct archive or unarchive commands.

## Solution

Add `codex archive <thread>` and `codex unarchive <thread>`, resolving
UUIDs or exact thread names before calling the existing `thread/archive`
and `thread/unarchive` RPCs. The commands support scoped remote flags so
callers can target remote app-server endpoints when archiving or
unarchiving threads.

This also fixes a long-standing bug in `codex resume <thread id>` and
`codex fork <thread id>` that I found when testing the new commands.
These operations shouldn't be allowed on archived sessions. They now
fail with an error that tells the user to run `codex unarchive <thread
id>` first.

## Verification

Added app-server coverage for rejecting archived thread resume by id and
checking that the error includes the matching `codex unarchive <thread
id>` command.
## Summary
- rename the multi-agent v2 follow-up task tool surface to assign_task
- update core tests and spec-plan expectations
- keep rollout-trace classification backward-compatible with legacy
followup_task

## Tests
- just fmt
- just test -p codex-core
multi_agents_spec::tests::assign_task_tool_requires_message_and_has_no_output_schema
- just test -p codex-rollout-trace
- just fix -p codex-core
- just fix -p codex-rollout-trace

Note: a broad just test -p codex-core run was attempted locally, but
this sandbox produced unrelated environment failures around
sandbox-exec, missing test_stdio_server, and realtime timeouts.
## Description

Bedrock currently only supports the implicit `default` service tier for
GPT models. This PR strips non-default service tier metadata from
Bedrock model catalogs so Codex does not advertise or send unsupported
tiers.

## What changed

- Normalize both built-in and configured Bedrock catalogs to
default-only service tier behavior.
- Add regression coverage for built-in and configured Bedrock catalogs.

## Validation

- `just fmt`
- `just test -p codex-model-provider`
…cks (openai#25381)

## Summary
- Use normal directory loading for plugin install app metadata so
install avoids forced directory refresh while still loading metadata on
cold cache.
- Continue force-refreshing codex_apps tools for auth state.
- Add regression coverage that pre-warms the directory cache and asserts
install returns cached app metadata without extra directory requests.

## Validation
- just fmt
- git diff --check
- just test -p codex-app-server plugin_install_returns_apps_needing_auth
plugin_install_filters_disallowed_apps_needing_auth (blocked locally:
cargo-nextest is not installed)
* Release 0.132.0-alpha.1

* ## New Features
- The Python SDK now supports first-class authentication, including API key login, ChatGPT browser and device-code flows, account inspection, and logout APIs. (#23093)
- Python turn APIs are easier to use for text-only workflows: you can pass a plain string as input, and handle-based runs now return a richer `TurnResult` with collected items, timing, and usage data. (#23151, #23162)
- `codex exec resume` now accepts `--output-schema`, so resumed automations can keep session context while still enforcing structured JSON output. (#23123)
- TUI startup is faster because terminal capability probes are now batched instead of waiting on several serial checks before the first interactive frame. (#23175)
- Remote executor registration can now use standard Codex auth instead of a separate registry credential flow. (#22769)
- App-server turns can preserve requested image fidelity, including original-resolution local images, across user inputs and image-producing tools. (#20693)

## Bug Fixes
- Goal continuations now stop when they hit usage limits or a repeated blocker instead of looping and burning more tokens, and completion responses phrase usage more naturally. (#23094, #22907)
- The session picker is easier to trust: renamed threads now show `name (thread-id)` in resume hints, and pasted text works in the picker search box. (#23234, #23338)
- Multi-session TUI flows are more reliable: in-progress MCP calls stay marked as active during replay, and elicitation replies are sent back to the thread that requested them. (#23236, #23241)
- Remote sessions now keep websocket connections alive and show repo-relative diff paths again instead of `/tmp/...`-prefixed paths. (#23226, #23261)
- Windows installs are more robust: `codex doctor` now detects npm-managed installs correctly, and MSVC release binaries no longer depend on separately installed VC++ runtime DLLs. (#22967, #22905)
- TUI polish fixes include immediate shutdown feedback on exit, hiding the ChatGPT usage link for non-OpenAI providers, and keeping a cleared Fast tier from reappearing after side-thread resume. (#23323, #23127, #23121)

## Documentation
- The Python SDK docs, FAQ, and examples were refreshed around the new auth flow and turn APIs, with clearer setup guidance and simpler text-only examples. (#22941, #23093, #23151, #23162)

## Chores
- Memory summaries are now versioned and rebuilt when the stored format is stale, which should keep long-lived memory context leaner and more predictable. (#23148)

## Changelog

Full Changelog: https://github.com/openai/codex/compare/rust-v0.131.0...rust-v0.132.0

- #20693 Preserve image detail in app-server inputs @fjord-oai
- #22891 tui: pass active permission profiles through app commands @bolinfest
- #22924 app-server-protocol: remove PermissionProfile from API @bolinfest
- #22941 [codex] Refine Python SDK user-facing docs @aibrahim-oai
- #22967 Fix Windows doctor npm root probe @etraut-openai
- #22920 core: set permission profiles from snapshots @bolinfest
- #22939 [codex] Split Python SDK helper logic @aibrahim-oai
- #22907 Improve goal completion usage reporting @etraut-openai
- #23030 test: construct permission profiles directly @bolinfest
- #22769 exec-server: support auth-backed remote executor registration @miz-openai
- #22946 [codex] preserve MCP result meta in McpToolCallItemResult @miaolin-oai
- #23069 multiagent: trim model-visible description, cap to 5 models @sayan-oai
- #22913 [1 of 4] tui: route primary settings writes through app server @etraut-openai
- #23093 sdk/python: add first-class login support @aibrahim-oai
- #23151 [codex] Return TurnResult from Python turn handles @aibrahim-oai
- #23147 Make multi-agent v2 tool namespace configurable @jif-oai
- #23036 test: reduce core sandbox policy test setup @bolinfest
- #23162 [codex] Accept string input for Python turns @aibrahim-oai
- #23226 Add exec-server websocket keepalive @starr-openai
- #23148 Densify and version memory summaries @jif-oai
- #22448 [codex] Add installed-plugin mention API @xli-oai
- #23288 chore: goal ext skeleton @jif-oai
- #23291 Make extension lifecycle hooks async @jif-oai
- #23293 feat: add extension event sink capability @jif-oai
- #23295 chore: isolate thread goal storage behind GoalStore @jif-oai
- #23301 chore: goal resumed metrics @jif-oai
- #23305 chore: make token usage async @jif-oai
- #23306 Emit goal update events from goal extension tools @jif-oai
- #23121 tui: keep cleared Fast tier from reappearing after side-thread resume @etraut-openai
- #23123 Support --output-schema for exec resume @etraut-openai
- #23128 Fix TUI stream cleanup after turn errors @etraut-openai
- #23127 Hide ChatGPT usage link for non-OpenAI status @etraut-openai
- #23175 [1 of 2] Optimize TUI startup terminal probes @etraut-openai
- #22706 [codex] Remove legacy shell output formatting paths @pakrym-oai
- #23332 nit: read prompt @jif-oai
- #22905 windows: link MSVC release binaries with static CRT @iceweasel-oai
- #23323 fix(tui): show shutdown feedback on exit @fcoury-oai
- #23261 Fix remote turn diff display roots @starr-openai
- #22569 Simplify legacy Windows sandbox ACL persistence @iceweasel-oai
- #23273 Upload rust full CI JUnit reports @starr-openai
- #22893 fix: harden plugin creator sharing validation @efrazer-oai
- #23094 goal: pause continuation loops on usage limits and blockers @etraut-openai
- #23234 Clarify resume hints for renamed threads @etraut-openai
- #23241 TUI: route elicitation responses to request thread @etraut-openai
- #23236 TUI: replay in-progress MCP calls as started @etraut-openai
- #23088 goals: keep pause transitions explicit @etraut-openai
- #23338 feat(tui): handle paste in session picker @fcoury-oai
- #23335 feat(app-server): add optional thread_id to experimentalFeature/list @owenlin0

* Apply Termux compatibility patch

* Disable realtime audio on Android builds

(cherry picked from commit 337303c72c5c624386937c5f2aa9dc3a8dcfa2b4)

* Update Termux v8 dependency

* Release 0.133.0-alpha.1

* Seed Termux release automation

* Prepare Termux rust-v0.132.0

* Seed Termux release automation

* Prepare Termux rust-v0.133.0-alpha.1

* Release 0.133.0-alpha.3

* Seed Termux release automation

* Prepare Termux rust-v0.133.0-alpha.3

* ## New Features
- Goals are now enabled by default, backed by dedicated storage, and track progress across active turns. (#23300, #23685, #23696, #23732)
- `codex remote-control` now runs like a foreground command, waits for readiness, reports machine status, and keeps explicit daemon-style `start`/`stop` commands. (#22878)
- Permission profiles gained list APIs, inheritance, managed `requirements.toml` support, runtime refresh behavior, and stronger Windows sandbox integration. (#22928, #23412, #22270, #23433, #22931, #23715)
- Plugin discovery is easier to inspect, with marketplace-aware list output, installed versions, visible marketplace roots, and remote collection support. (#23372, #23584, #23727, #23730)
- Extensions can observe more lifecycle events, including subagent start/stop, tool execution, turn metadata, and async approval/turn processing. (#22782, #22873, #23309, #23688, #23690, #23692)

## Bug Fixes
- Fixed TUI startup choosing the wrong working directory when reusing a local app-server socket. (#23538)
- Fixed plan-mode free-form answers so modified Enter keys, like Shift+Enter, no longer submit unexpectedly. (#23536)
- Removed stale background terminal poll events after a process exits. (#23231)
- Preserved raw code-mode exec output unless an explicit output token limit is requested. (#23564)
- Made AGENTS instruction loading more reliable, including local global reads and warnings for invalid UTF-8 instead of silent drops. (#23343, #23232)
- Fixed app-server startup/shutdown races, empty resume/fork paths, plugin upgrade failures, and realtime v1 websocket compatibility. (#23516, #23578, #23400, #23356, #23771)

## Documentation
- Added clearer plugin-creator guidance for updating and reinstalling local personal plugins. (#23542)
- Expanded app-server/API docs and schema coverage around managed permission profile requirements. (#23433, #23555)

## Chores
- Added a canonical Codex package archive pipeline and moved installers, npm packages, DotSlash, and SDK runtimes toward that shared layout. (#23513, #23582, #23586, #23596, #23635, #23636, #23637, #23638, #23786)
- Fixed Linux Python runtime wheel tags so glibc-based systems can install the runtime artifacts. (#21812)
- Improved release and CI reliability with package-builder tests, prebuilt resource packaging, DotSlash zstd handling, platform-sharded Rust tests, and Codex Linux release runners. (#23760, #23759, #23752, #23358, #23761)

## Changelog

Full Changelog: https://github.com/openai/codex/compare/rust-v0.132.0...rust-v0.133.0

- #23343 codex: route global AGENTS reads through LOCAL_FS @starr-openai
- #22380 fix: default unknown tool schemas to empty schemas @celia-oai
- #23309 Add tool lifecycle extension contributor @jif-oai
- #23253 Reduce rust-ci-full Windows nextest timeout flakes @starr-openai
- #22878 Improve `codex remote-control` CLI UX @owenlin0
- #21812 Publish Linux runtime wheels with glibc-compatible tags @aibrahim-oai
- #22709 [codex] Trim unused TurnContextItem fields @pakrym-oai
- #23353 Include plugin id in plugin MCP tool metadata @mzeng-openai
- #22728 [codex] Move pending input into input queue @pakrym-oai
- #23371 fix(tui): warn on unsupported iTerm2 pet versions @fcoury-oai
- #23376 [codex-analytics] preserve user thread source for exec threads @marksteinbrick-oai
- #23360 app-server: use profile ids in v2 permission params @bolinfest
- #23384 [codex] Remove external websocket session resets @pakrym-oai
- #22721 cleanup: Remove skill env var dependency prompting @xl-openai
- #23389 Remove ToolSearch feature toggle @sayan-oai
- #23080 [1 of 7] Add thread settings to UserInput @etraut-openai
- #23081 [2 of 7] Remove UserInputWithTurnContext @etraut-openai
- #23075 [3 of 7] Remove UserTurn @etraut-openai
- #23396 [codex] Extract turn skill and plugin injections @pakrym-oai
- #23356 fix(plugins): keep version upgrades additive @iceweasel-oai
- #22508 [5 of 7] Replace OverrideTurnContext with ThreadSettings @etraut-openai
- #22086 CI: Customize v8 building @cconger
- #23390 Remove explicit connector tool undeferral @sayan-oai
- #22928 core: expose permission profile picker metadata @viyatb-oai
- #23352 Preserve context baselines for full-history agent forks @jif-oai
- #23300 feat: dedicated goal DB @jif-oai
- #22835 Remove ToolsConfig from tool planning @jif-oai
- #22870 Add `body_after_prefix` auto-compact token limit scope @jif-oai
- #23144 Defer v1 multi-agent tools behind tool search @jif-oai
- #23409 [codex] Allow empty turn/start requests @pakrym-oai
- #23388 [codex] Move hook request plumbing into hook runtime @pakrym-oai
- #23405 [codex] Preserve steer input as user input @pakrym-oai
- #22914 [2 of 4] tui: route app and skill enablement through app server @etraut-openai
- #23397 [codex] Make contextual user fragments dyn-renderable @pakrym-oai
- #23475 chore: namespace v1 sub-agent tools @jif-oai
- #23493 Make `deny` canonical for filesystem permission entries @viyatb-oai
- #22929 Harden CLI rate limit window labels @ase-openai
- #22782 Add SubagentStart hook @abhinav-oai
- #23513 build: add Codex package builder @bolinfest
- #23369 Make local environment optional in EnvironmentManager @starr-openai
- #23327 Refactor exec-server websocket pump @starr-openai
- #23536 fix(tui): preserve modified enter in plan questions @fcoury-oai
- #23400 Fix empty rollout path app-server handling @wiltzius-openai
- #23551 Route local-only app-server gating through processors @starr-openai
- #23372 Split plugin install discovery into list and request tools @mzeng-openai
- #23516 fix: serialize unix app-server startup @efrazer-oai
- #22169 [codex] Honor role-defined spawn service tiers @aibrahim-oai
- #23555 Add CUA requirements subsection for locked computer use @adams-oai
- #23538 Fix: TUI starting in wrong CWD @canvrno-oai
- #23526 build: fetch rg for Codex packages @bolinfest
- #23573 Remove unused ARC monitor path @mzeng-openai
- #23576 test: fix multi-agent service tier assertion @bolinfest
- #23541 build: default Codex package target and output @bolinfest
- #23358 Fan out rust-ci-full nextest by platform @starr-openai
- #23593 feat: expose codex-app-server version flag @bolinfest
- #23412 feat: add permission profile list api @viyatb-oai
- #23535 Move plugin and skill warmup into session startup @aibrahim-oai
- #23231 Fix stale background terminal poll events @etraut-openai
- #23564 [codex] Preserve raw code-mode exec output by default @aibrahim-oai
- #23232 Warn on invalid UTF-8 in AGENTS.md files @etraut-openai
- #23584 feat: Add vertical remote plugin collection support @xl-openai
- #23586 build: package prebuilt Codex entrypoints @bolinfest
- #23582 ci: build Codex package archives in release workflow @bolinfest
- #23596 runtime: detect Codex package layout @bolinfest
- #23500 add encryptedcontent to functioncalloutput @sayan-oai
- #23633 Migrate exec-server remote registration to environments @richardopenai
- #23451 Add timeout for remote compaction requests @jif-oai
- #23667 feat: rename 1 @jif-oai
- #23669 feat: rename 3 @jif-oai
- #23668 feat: rename 2 @jif-oai
- #23675 fix: main @jif-oai
- #23685 feat: wire goal extension tools to the dedicated goal store @jif-oai
- #23690 feat: async approval contrib @jif-oai
- #23692 feat: async turn item process @jif-oai
- #23688 feat: expose turn-start metadata to extensions @jif-oai
- #23605 [codex] Hide deferred tools from code mode prompt @pakrym-oai
- #23634 runtime: use install context for bundled bwrap @bolinfest
- #23635 release: publish Codex package archive checksums @bolinfest
- #23592 feat: Add btw alias for side slash command @anp-oai
- #23696 feat: account active goal progress in the goal extension @jif-oai
- #23176 [2 of 2] Start fresh TUI thread in background @etraut-openai
- #23578 fix(app-server): speed up shutdown @fcoury-oai
- #22896 windows-sandbox: add resolved permissions helper @bolinfest
- #23502 Add thread/settings/update app-server API @etraut-openai
- #23507 Sync TUI thread settings through app server @etraut-openai
- #23666 feat: add turn_id and truncation_policy to extension tool calls @jif-oai
- #23636 install: consume Codex package archives @bolinfest
- #23717 [codex] Preserve failed goal accounting flushes @jif-oai
- #23655 add standalone websearch api client @sayan-oai
- #23724 Fix thread settings clippy failure @etraut-openai
- #23637 npm: ship platform packages in Codex package layout @bolinfest
- #23729 fix(config): resolve cloud requirements deny-read globs @viyatb-oai
- #23638 dotslash: publish Codex entrypoints from package archives @bolinfest
- #22918 windows-sandbox: send permission profiles to elevated runner @bolinfest
- #23735 windows-sandbox: share bundled helper lookup @bolinfest
- #18868 Add MITM hook config model @evawong-oai
- #22270 feat(permissions): resolve permission profile inheritance @viyatb-oai
- #23719 cli: add strict config to exec-server @bolinfest
- #23542 [skills] Create a personal update flow for plugin creator @caseychow-oai
- #21272 Support compact SessionStart hooks @abhinav-oai
- #20659 Wire MITM hooks into runtime enforcement @evawong-oai
- #23752 release: use DotSlash zstd for package archives @bolinfest
- #22923 windows-sandbox: drive write roots from resolved permissions @bolinfest
- #23761 chore: use Codex Linux runners for Rust releases @bolinfest
- #23759 release: package prebuilt resource binaries @bolinfest
- #23167 windows-sandbox: feed setup from resolved permissions @bolinfest
- #22931 core: refresh active permission profiles at runtime @viyatb-oai
- #22873 Add SubagentStop hook @abhinav-oai
- #23727 feat(plugins): tabulate plugin list output @caseychow-oai
- #23732 Make goals feature on by default and no longer experimental @etraut-openai
- #23537 Honor client-resolved service tier defaults @shijie-oai
- #23771 [codex] Fix realtime v1 websocket compatibility @guinness-oai
- #23764 Remove Windows sandbox resource stamping @iceweasel-oai
- #23730 [codex] List marketplaces considered by plugin discovery @caseychow-oai
- #23760 ci: run Codex package builder tests @bolinfest
- #23737 [codex] Add plugin id to MCP tool call items @mzeng-openai
- #18240 Use named MITM permissions config @evawong-oai
- #23774 [codex] Reject read-only fallback with approvals disabled @viyatb-oai
- #23714 windows-sandbox: add profile-native elevated APIs @bolinfest
- #23433 feat: support managed permission profiles in requirements.toml @viyatb-oai
- #23715 core: pass permission profiles to Windows runner @bolinfest
- #23786 sdk: launch packaged Codex runtimes @bolinfest

* Seed Termux release automation

* Prepare Termux rust-v0.133.0

* Release 0.134.0-alpha.2

* Seed Termux release automation

* Prepare Termux rust-v0.134.0-alpha.2

* Release 0.134.0-alpha.3

* Seed Termux release automation

* Prepare Termux rust-v0.134.0-alpha.3

* ## New Features
- Added search across local conversation history, including case-insensitive content matches with result previews. (#23519, #23921)
- Made `--profile` the primary profile selector across CLI, TUI permissions, and sandbox flows, with legacy profile configs rejected through migration guidance. (#23708, #23883, #23890, #24051, #24055, #24059, #24067, #24110)
- Improved MCP setup with per-server environment targeting and OAuth options for streamable HTTP servers. (#23583, #24120)
- Made connector tool schemas more reliable by preserving local `$ref`/`$defs` structures and compacting oversized schemas before exposure. (#23357, #23904)
- Let read-only MCP tools run concurrently when they advertise `readOnlyHint`. (#23750)
- Added richer extension and hook context, including conversation history for extension tools and subagent identity in hook inputs. (#22882, #23963)

## Bug Fixes
- Improved remote reliability by reconnecting stale exec-server websocket clients, retrying remote control immediately after auth recovery, and retrying remote compaction v2 streams. (#23867, #23775, #23951)
- Fixed Windows TUI rendering corruption by restoring virtual terminal mode before drawing. (#24082)
- Displayed workspace-specific usage-limit messages for credit and spend-cap failures. (#24114)
- Allowed plugin skills to reuse shared plugin-level icon assets. (#23776)
- Preserved active permission profile metadata when syncing auto-review runtime settings. (#23956)
- Ensured Node-based tools honor Codex’s managed network proxy environment. (#23905)

## Documentation
- Documented the curl and PowerShell installer paths in the README. (#24106)
- Updated developer docs to prefer `just test` over direct `cargo test` for repo-local test runs. (#23910)
- Added profile migration documentation links to relevant config errors. (#23879)

## Chores
- Simplified release packaging around canonical native artifacts, reusable DotSlash fetching, and a new macOS x64 zsh artifact. (#23833, #23836, #24129, #24165)
- Added release-build support for Codex-produced V8 artifacts. (#23934)
- Added image re-encoding benchmarks and connector-style JSON schema policy fixtures. (#23935, #24152)
- Improved tracing and analytics for websocket requests, turn starts, and remote compaction v2. (#23581, #23980, #24146)

## Changelog

Full Changelog: https://github.com/openai/codex/compare/rust-v0.133.0...rust-v0.134.0

- #23581 Trace logical websocket request after untraced warmup @jif-oai
- #23718 [codex] Steer budget-limited goal extension turns @jif-oai
- #23861 fix: cargo lock @jif-oai
- #23728 feat: retain remote compaction truncation parity in v2 @jif-oai
- #23870 Make tool executor specs mandatory @jif-oai
- #23882 [codex] Stabilize subagent start hook test @jif-oai
- #23876 refactor: centralize tool exposure planning @jif-oai
- #23879 chore: link doc in profile error messages @jif-oai
- #23883 cli: rename profile v2 flag to --profile @jif-oai
- #23835 docs: add description to codex-cli/package.json @bolinfest
- #23583 Route MCP servers through explicit environments @starr-openai
- #23886 cli: remove legacy profile v1 plumbing @jif-oai
- #23708 tui: plumb permission profile selection @viyatb-oai
- #23833 packaging: move rg manifest out of npm bin @bolinfest
- #23796 Improve `/goal` error messages for ephemeral sessions @etraut-openai
- #23867 Reconnect disconnected exec-server websocket clients with fresh sessions @starr-openai
- #23792 TUI: skip goal replace prompt for completed goals @etraut-openai
- #23519 [codex] Add rollout-backed thread content search @fc-oai
- #22552 Remove plugin hooks feature flag @abhinav-oai
- #23836 npm: remove legacy package artifact synthesis @bolinfest
- #23921 [codex] Make thread search case-insensitive @fc-oai
- #23775 fix(remote-control): retry after auth recovery @apanasenko-oai
- #22882 Add subagent identity to hook inputs @abhinav-oai
- #22915 [3 of 4] tui: route feature and memory toggles through app server @etraut-openai
- #23776 fix: Allow plugin skills to share plugin-level icon assets @xl-openai
- #23860 Add Bedrock Mantle GovCloud region @CHARLESPALEN-OAI
- #23956 Fix auto-review permission profile override @etraut-openai
- #23357 feat: support local refs and defs in tool input schemas @celia-oai
- #23963 Expose conversation history to extension tools @sayan-oai
- #23904 feat: best-effort compact large tool schemas @celia-oai
- #23750 Allow parallel MCP tool calls when annotated readOnly @anp-oai
- #23905 [codex] Enable Node env proxy for managed network proxy @rreichel3-oai
- #23890 mcp: surface profile migration guidance under --profile @jif-oai
- #24051 config: remove legacy profile v1 resolution @jif-oai
- #24055 config: remove legacy profile write paths @jif-oai
- #24057 Avoid config snapshots in live agent subtree traversal @jif-oai
- #24061 otel: drop legacy profile usage telemetry @jif-oai
- #24059 fix: reject legacy profile selectors @jif-oai
- #23934 ci: Use codex produced v8 artifacts for release builds @cconger
- #24099 fix(app-server): fix optional bool annotations @owenlin0
- #23910 Prefer `just test` over `cargo test` in docs @anp-oai
- #23951 retry remote compaction v2 requests @rhan-oai
- #24081 tui: make `codex-tui.log` opt-in @jif-oai
- #24102 cli: infer host sandbox backend @bolinfest
- #24067 app-server: drop legacy profile config surface @jif-oai
- #23736 Add new enterprise requirement gate @adams-oai
- #24117 [codex] Use rolling files for Windows sandbox logs @iceweasel-oai
- #24106 docs: update README.md to mention curl-based installer @bolinfest
- #24082 fix(tui): restore Windows VT before TUI renders @fcoury-oai
- #24110 cli: support --profile for codex sandbox @bolinfest
- #23980 Add trace_id to TurnStartedEvent @mchen-oai
- #24120 Support OAuth options in codex mcp add @mzeng-openai
- #23989 Add typed Images client to codex-api @won-openai
- #24146 [codex-analytics] split compaction v2 analytics implementation @rhan-oai
- #24129 package: factor DotSlash executable fetching @bolinfest
- #24151 [codex] Use TurnInput for session task input @pakrym-oai
- #23935 [codex] Add image re-encoding benchmarks @anp-oai
- #24152 chore: add JSON schema policy fixture coverage @celia-oai
- #24157 [codex] Remove external client session reset plumbing @pakrym-oai
- #24114 Display workspace usage limit error copy from response header @dhruvgupta-oai
- #24165 release: build macOS x64 zsh artifact @bolinfest

* Seed Termux release automation

* Prepare Termux rust-v0.134.0

* Release 0.135.0-alpha.2

* Seed Termux release automation

* Prepare Termux rust-v0.135.0-alpha.2

* ## New Features
- `codex doctor` now reports richer environment, Git, terminal, app-server, and thread inventory diagnostics for support cases. (#24261, #24311, #24305)
- `/status` shows remote connection details and server version when the TUI is connected over a remote transport. (#24420)
- Vim mode gained text-object editing, improved word/line-end behavior, and a configurable interrupt-turn binding. (#24382, #24380, #24766)
- `/permissions` now understands named permission profiles and displays configured custom profiles. (#21559)
- Packaged Codex builds can discover and use the bundled patched zsh helper across supported macOS and Linux targets. (#23756, #24171)
- The Python SDK now exposes friendly `Sandbox` presets for thread and turn APIs. (#24772)

## Bug Fixes
- Markdown tables and multiline lists render more readably in the TUI, with better column sizing and app-style table formatting. (#24489, #24346, #24351)
- TUI output is more stable on macOS and Zellij, avoiding stderr/composer corruption and raw-output overlap. (#24459, #24479, #24593)
- Slash-command completion now preserves existing draft text for commands that accept inline arguments. (#23950)
- Older tmux/iTerm control-mode sessions no longer lose normal `Ctrl-C` handling from unsupported keyboard enhancement setup. (#24371)
- App mentions now exclude inaccessible or disabled apps instead of offering unusable `$` suggestions. (#24625)
- Resume flows now include non-interactive exec sessions when requested and honor cwd overrides for idle cached threads. (#24503, #24528)

## Documentation
- Clarified image-viewing tool detail behavior and removed stale TUI composer documentation references. (#23949, #24641)
- Updated Python SDK docs, examples, and notebook content to use the new sandbox preset API. (#24772)

## Chores
- Updated Rust toolchain pins and SQLx/SQLite dependencies. (#24684, #24728)
- Moved memory runtime state into a dedicated SQLite database. (#24591)
- Removed remaining legacy config-profile consumers and routed more TUI config/plugin state through app-server-owned APIs. (#24076, #24254, #24255, #24265, #24266, #24257)
- Centralized Responses retry handling and MCP tool naming logic to reduce duplicated internal plumbing. (#24131, #21576)

## Changelog

Full Changelog: https://github.com/openai/codex/compare/rust-v0.134.0...rust-v0.135.0

- #24164 fix(remote-control): cap reconnect backoff @apanasenko-oai
- #23756 package: include zsh fork in Codex package @bolinfest
- #23757 Default function tools into tool hooks @abhinav-oai
- #24171 package: add x64 macOS codex-zsh artifact @bolinfest
- #24159 code-mode: merge stored values by key @cconger
- #23983 fix: plugin bundle archive handling for upload and install @xl-openai
- #24261 feat(doctor): add environment diagnostics @fcoury-oai
- #24311 Report app-server version in codex doctor @etraut-openai
- #24314 tui: label compact rate-limit percentages @etraut-openai
- #24420 Show remote connection details in /status @etraut-openai
- #24317 Respect hook trust bypass during TUI startup @etraut-openai
- #24254 TUI config cleanup: oss_provider @etraut-openai
- #24255 TUI config cleanup: trusted projects @etraut-openai
- #24265 TUI config cleanup: MCP inventory @etraut-openai
- #24305 Add doctor thread inventory audit @etraut-openai
- #24346 fix(tui): improve markdown table column allocation @fcoury-oai
- #24351 fix(tui): improve multiline markdown list readability @fcoury-oai
- #24459 fix(tui): prevent macos stderr from corrupting composer @fcoury-oai
- #24479 fix(process-hardening): preserve macos malloc diagnostics @fcoury-oai
- #24474 Log rollout writer OS errors @etraut-openai
- #24076 chore: stop consuming legacy config profiles @jif-oai
- #24131 centralize Responses retry policy @rhan-oai
- #23858 [wip] goal shift @jif-oai
- #24555 chore: drop orphaned codex memories MCP crate @jif-oai
- #24558 chore: move memory prompt builder into extension @jif-oai
- #24562 Add ad-hoc memory note tool @jif-oai
- #24567 Wire metrics client into memories extension @jif-oai
- #24588 fix: drop flake @jif-oai
- #24583 Add memory tool call metrics to memories extension @jif-oai
- #24586 Wire app-server extension event sink @jif-oai
- #24532 Use thread config for TUI MCP inventory @etraut-openai
- #24105 [codex] Make active turn task singular @pakrym-oai
- #21576 Move MCP tool naming mode into manager @pakrym-oai
- #24503 tui: include exec sessions in resume list @etraut-openai
- #24600 feat: gate dedicated memories tools in config @jif-oai
- #21559 tui: add named permission profile picker @viyatb-oai
- #24608 feat: add manual and remote_v2 tags to compaction metric @jif-oai
- #24611 test: clean up apply_patch allow-session artifact @jif-oai
- #24609 Remove reserved namespaces dedup @pakrym-oai
- #23964 Move slash input logic out of chat composer @canvrno-oai
- #24615 Add goal extension telemetry parity @jif-oai
- #24371 fix(tui): avoid modifyOtherKeys for unknown tmux formats @fcoury-oai
- #24626 fix: restore goal accounting after thread resume @jif-oai
- #24591 Move memory state to a dedicated SQLite DB @jif-oai
- #23823 standalone websearch extension @sayan-oai
- #24593 fix(tui): keep raw output above composer in zellij @fcoury-oai
- #24625 tui: keep inaccessible apps out of mentions @canvrno-oai
- #24154 Add experimental turn additional context @pakrym-oai
- #24473 fix(remote-control): surface websocket task stalls @apanasenko-oai
- #24528 Respect resume cwd overrides for idle cached threads @etraut-openai
- #24160 Add forked_from_thread_id turn metadata @owenlin0
- #24646 make direct only allowed caller for standalone websearch @sayan-oai
- #23949 Clarify view_image tool description @fjord-oai
- #24266 TUI config cleanup: plugin mentions @etraut-openai
- #24320 Avoid repeated marketplace upgrades for alternate layouts @etraut-openai
- #23813 windows-sandbox: remove SandboxPolicy runner plumbing @bolinfest
- #24652 [codex] remove plain image wrapper spans @pakrym-oai
- #24623 Attach Windows sandbox log to feedback reports @iceweasel-oai
- #24644 Restore legacy image detail values @rhan-oai
- #24655 [codex-analytics] add grouped session id to runtime events @marksteinbrick-oai
- #24658 [codex] Remove obsolete goal continuation turn marker @pakrym-oai
- #24660 fix: dont compact standalone websearch schema @sayan-oai
- #24667 fix(core): instrument stalled tool-listing handoff @apanasenko-oai
- #24684 Uprev Rust toolchain pins to 1.95.0 @anp-oai
- #21567 fix: add noninteractive install script mode @efrazer-oai
- #24707 Allow runtime enablement for remote plugins @xl-openai
- #24714 fix(auto-review) skip legacy notify for auto review threads @dylan-hurd-oai
- #24690 Revert "Add Bedrock Mantle GovCloud region (#23860)" @celia-oai
- #24628 feat: handle goal usage limits in goal extension @jif-oai
- #24746 Fix guardian review test user input @jif-oai
- #24744 feat: add thread idle lifecycle hook @jif-oai
- #24751 Drop startup context when truncating forked rollouts @jif-oai
- #24257 TUI config cleanup: plugin marketplace @etraut-openai
- #24380 fix(tui): complete vim word-end and line-end behavior @fcoury-oai
- #24728 Bump SQLx to pick up newer bundled SQLite @jif-oai
- #24637 fix: run standalone updates noninteractively @efrazer-oai
- #24778 make vercel webhook url an env secret @sayan-oai
- #23950 fix: Preserve draft text when completing argument-taking slash commands @canvrno-oai
- #24641 [codex] Remove stale composer narrative doc references @canvrno-oai
- #24368 [codex] add compaction metadata to turn headers @ningyi-oai
- #24772 [codex] Add friendly Python SDK sandbox presets @aibrahim-oai
- #24382 feat(tui): add vim text object bindings @fcoury-oai
- #24766 feat(tui): make turn interruption keybind configurable @fcoury-oai
- #24489 feat(tui): render markdown tables in app style [1 of 2] @fcoury-oai
- #24713 chore: enable namespace tools for Bedrock @celia-oai

* Seed Termux release automation

* Prepare Termux rust-v0.135.0

* checkpoint: into wallentx/termux-target from release/0.136.0 @ 1e6e8b4b5d85 (#176)

* fix(linux-sandbox): preserve shell cleanup on interruption (#22729)

## Why
Interrupted `shell_command` calls can race with the outer tool-dispatch
cancellation path. When that happens, the runtime future may be dropped
before the spawned process gets a chance to run `SIGTERM` cleanup. For
bwrapd-backed Linux sandbox commands, that can leave synthetic
protected-path mount bookkeeping such as `.git/.codex` registrations
under `/tmp` behind after a TUI interruption.

The relevant cancellation points are the outer dispatch race in
[`core/src/tools/parallel.rs`](https://github.com/openai/codex/blob/bd184ba84703cc924921ed883f0cf17d3dba60ff/codex-rs/core/src/tools/parallel.rs#L91-L132)
and the process shutdown logic in
[`core/src/exec.rs`](https://github.com/openai/codex/blob/bd184ba84703cc924921ed883f0cf17d3dba60ff/codex-rs/core/src/exec.rs#L1367-L1393).

## What changed
- Keep `shell_command` dispatch alive long enough for the runtime to
finish cancellation cleanup instead of immediately returning the
synthetic aborted response.
- Fold shell-turn cancellation into the existing `ExecExpiration` path
in
[`core/src/tools/runtimes/shell.rs`](https://github.com/openai/codex/blob/bd184ba84703cc924921ed883f0cf17d3dba60ff/codex-rs/core/src/tools/runtimes/shell.rs#L267-L274),
so cancellation and timeout behavior stay centralized.
- On cancellation, send `SIGTERM` first, wait briefly for cleanup to
run, then hard-kill any remaining descendants in the original process
group.
- Treat `ESRCH` as an already-gone process-group cleanup case in
`codex-utils-pty`, which keeps best-effort teardown from surfacing a
stale-process race as an error.

## Verification
- `cargo test -p codex-core cancellation`
- Added regression coverage for:
  - `shell_tool_cancellation_waits_for_runtime_cleanup`
  - `process_exec_tool_call_cancellation_allows_sigterm_cleanup`

* feat(tui): add OSC 8 web links to rich content (#24472)

## Why

Wrapped URLs in rich TUI output, especially URLs rendered inside
Markdown tables, are split across terminal rows. In terminals that
support OSC 8 hyperlinks, treating each visible fragment as part of the
complete destination enables reliable open-link and copy-link actions
even after table layout wraps the URL.

This addresses the semantic-link portion of #12200 and the behavior
described in
https://github.com/openai/codex/issues/12200#issuecomment-4535452980. It
does not change ordinary drag-selection across bordered table rows.

## What Changed

- Added shared TUI OSC 8 support that validates `http://` and `https://`
destinations, sanitizes terminal payloads, and applies metadata
separately from visible line width/layout.
- Added semantic web-link annotations to assistant and proposed-plan
Markdown, including explicit web links and bare web URLs in prose and
table cells while excluding code and non-web Markdown destinations.
- Preserved complete URL targets through table wrapping, narrow pipe
fallback, streaming, transcript overlay rendering, history insertion,
and resize replay.
- Routed intentional Codex-owned links in notices,
status/setup/app-link, feedback, onboarding, MCP/plugin help, memories,
and update surfaces through the shared hyperlink handling.

## How to Test

1. Run Codex in a terminal with OSC 8 link support, such as Ghostty, and
request an assistant response containing a Markdown table whose last
column contains a long `https://` URL.
2. Make the terminal narrow enough for the URL to wrap across multiple
bordered table rows.
3. Use the terminal's open-link or copy-link action on more than one
wrapped URL fragment and confirm each fragment resolves to the complete
original URL.
4. Resize the terminal after the table is rendered and repeat the link
action to confirm the destination survives scrollback replay.
5. Open the transcript overlay while rich output is present and confirm
web links remain interactive there.
6. As a regression check, render inline/fenced code containing URL text
and a Markdown link such as
`[https://example.com](mailto:support@example.com)`; confirm these do
not acquire a web OSC 8 destination.

Targeted automated coverage exercised Markdown links and exclusions,
wrapped and pipe-fallback tables, streaming/transcript overlay
propagation, status-link truncation, and rendered word-wrapping cell
alignment. `just test -p codex-tui` was also run; it passed the
hyperlink coverage and reproduced two unrelated existing guardian
feature-flag test failures.

* feat(tui): render cramped markdown tables as key-value records [2 of 2] (#24636)

## Stack

- **Base: #24489 [1 of 2]** - render markdown tables in app style.
- **Current: #24636 [2 of 2]** - render cramped markdown tables as
key/value records.

Review this PR against `fcoury/app-style-markdown-tables`; it contains
only the fallback behavior for cramped tables.

## Why

The row-separated markdown table rendering in #24489 remains readable
while columns have usable room. Once long links or multiple prose-heavy
columns are compressed into narrow allocations, however, the grid can
turn words and paths into tall vertical strips that are difficult to
scan. In those cases the content matters more than preserving the grid
shape.

## What Changed

<table>
<tr><td>
<p align="center"><b>
Normal
</b></p>
<img width="1722" height="619" alt="CleanShot 2026-05-27 at 14 32 57"
src="https://github.com/user-attachments/assets/d04f5fbd-6064-4acd-91bd-072d19b983df"
/>
</td></tr>
<tr><td>
<p align="center"><b>
Narrow
</b></p>
<img width="863" height="1013" alt="CleanShot 2026-05-27 at 14 33 12"
src="https://github.com/user-attachments/assets/6a7d2968-0a68-48fd-ab5d-209b3dbaf03e"
/>
</td></tr>
<tr><td>
<p align="center"><b>
Very narrow
</b></p>
<img width="435" height="746" alt="CleanShot 2026-05-27 at 14 33 47"
src="https://github.com/user-attachments/assets/f6a59e30-b1d2-4063-9c05-43933abc77d6"
/>
</td></tr>
</table>

- Detect tables whose grid allocation causes systemic token
fragmentation or starves multiple prose-heavy columns.
- Render those tables as repeated key/value records instead of retaining
an unreadable grid.
- Use aligned label/value records when there is useful horizontal room,
and switch to a stacked narrow-record layout where each label is
followed by a full-width value when width is especially constrained.
- Preserve the themed label color, rich inline formatting, links, and
the existing grid presentation for tables that remain readable.
- Add snapshot coverage for path-heavy narrow tables, prose-heavy issue
tables, systemic compact fragmentation, and a control case that should
continue to render as a grid.

## How to Test

1. Start Codex from this branch and render a normal multi-column
markdown table at a comfortable terminal width. Confirm it still appears
as the styled row-separated grid from #24489.
2. Render a table containing a long linked record identifier or
file-like value, then narrow the terminal until the grid would split the
value into vertical fragments. Confirm it switches to key/value records,
with labels above values at very narrow widths.
3. Render a table with multiple prose-heavy columns, such as an issue
summary table with `Issue`, `Activity`, `Complexity`, and `Why start`.
Confirm a cramped width switches to records rather than wrapping several
columns into hard-to-read strips.
4. Render a compact table where only one value wraps mildly. Confirm it
stays in grid form rather than switching prematurely.

## Validation

- Ran `just test -p codex-tui` while developing the fallback and
reviewed/accepted the intended new markdown-render snapshots. The
command still reports two unrelated existing guardian feature-flag test
failures outside this diff.
- Ran `just fix -p codex-tui` and `just fmt` after the Rust changes were
complete.
- `just argument-comment-lint` cannot reach source linting locally
because Bazel fails while resolving LLVM sanitizer headers; touched
positional literal callsites were inspected manually and annotated where
needed.

* Allow API-key auth for remote exec-server registration (#24666)

## Overview
Allow remote `codex exec-server` registration to use existing API-key
auth while restricting where those credentials can be sent.

- Accept `CodexAuth::ApiKey` for the normal `--remote` registration
path.
- Restrict API-key remote registration to HTTPS `openai.com` and
`openai.org` hosts and subdomains, with explicit HTTP loopback support
for local development.
- Disable registry registration redirects so credentials cannot be
forwarded to an unvalidated destination.
- Retain `--use-agent-identity-auth` as the explicit Agent Identity
path.
- Document remote registration using `CODEX_API_KEY`.

## Big picture
Callers can now provide an API key directly to `exec-server`
registration without first establishing ChatGPT login state:

```sh
CODEX_API_KEY="$OPENAI_API_KEY" \
codex exec-server \
  --remote "https://<host>.openai.org/api" \
  --environment-id "$ENVIRONMENT_ID"
```

## Validation
- `cargo fmt --all` (`just fmt` is not installed on this host)
- `cargo test -p codex-cli -p codex-exec-server`

* Update rmcp to 1.7.0 (#24763)

WIll make it easier to uprev when the new draft spec is supported.

Also updates reqwest where needed for compatibility but doesn't update
it everywhere since this is already a large diff.

The new version of rmcp handles certain kinds of authentication failures
differently, this patch includes support for identifying the failing scope
in a WWW-Authenticate header.

* [codex] Fix hyperlink-aware key-value table rendering (#24825)

## Why

The key/value markdown table renderer added in #24636 still operates on
`Line` values, while table cells and rendered table output now carry
`HyperlinkLine`. That mismatch breaks `codex-tui` compilation on `main`
and would risk losing semantic web-link annotations if corrected by
flattening the values.

## What changed

- Make key/value record rendering wrap and emit `HyperlinkLine` values
consistently with the existing grid renderer.
- Remap wrapped hyperlink ranges and shift them when value content is
prefixed by record-mode indentation or labels.
- Add focused coverage verifying key/value fallback output preserves
web-link destinations.

## Verification

- `just test -p codex-tui -E
'test(key_value_table_keeps_web_annotations) |
test(/table_renders_(key_value_records_when_compact_fragmentation_is_systemic_snapshot|stacked_key_value_records_when_path_column_becomes_too_narrow_snapshot|records_when_multiple_prose_columns_are_starved_snapshot)/)'`

* [codex] Rename Python SDK AppServerConfig to CodexConfig (#24800)

## Why

`AppServerConfig` is exported as part of the ergonomic Python SDK
surface and passed to `Codex(...)` and `AsyncCodex(...)`. That name
exposes the underlying app-server transport at the same layer where
users are configuring the Codex client. `CodexConfig` makes the common
callsite read naturally and names the object it configures.

## What changed

- Renamed the public configuration dataclass from `AppServerConfig` to
`CodexConfig`.
- Updated `Codex`, `AsyncCodex`, and the transport clients to accept
`CodexConfig`.
- Updated binary-resolution messages, package exports, docs, examples,
and related coverage to use the new public name.

## API impact

```python
from openai_codex import Codex, CodexConfig

with Codex(config=CodexConfig(codex_bin="/path/to/codex")) as codex:
    ...
```

Callers should now import and construct `CodexConfig`; `AppServerConfig`
is no longer part of the Python SDK surface.

## Validation

- `uv run --frozen --extra dev ruff check src/openai_codex scripts
examples tests`
- Tests are deferred to online CI for this PR.

* [codex] Remove redundant SQLite dynamic tool storage (#24819)

## Why

Dynamic tools are defined at thread start and already stored in rollout
`SessionMeta`, which restores resumed and forked sessions. Persisting
the same tools through SQLite creates a second runtime persistence path
that is unnecessary prework for the explicit namespace refactor.

## What changed

- Restore missing thread-start dynamic tools directly from rollout
history, including when SQLite is enabled.
- Remove SQLite dynamic-tool reads, writes, backfill, and thread
metadata patch plumbing.
- Add SQLite-enabled resume integration coverage that verifies a
rollout-defined dynamic tool is still sent after resume.

## Compatibility

The existing `thread_dynamic_tools` table is intentionally not dropped
even though it's now unused. Older Codex binaries are allowed to open
databases migrated by newer binaries and still reference this table;
dropping it would break that mixed-version path. See
[here](https://github.com/openai/codex/blob/main/codex-rs/state/src/migrations.rs#L10-L11).

## Verification

- `just test -p codex-state -p codex-rollout -p codex-thread-store`
- `just test -p codex-core --test all
resume_restores_dynamic_tools_from_rollout_with_sqlite_enabled`

* [codex] Add independent beta release for the Python SDK (#24828)

## Why

`openai-codex` needs a beta release lifecycle without requiring beta
releases of its pinned runtime package. Previously, SDK staging rewrote
its runtime dependency to the SDK version, which made an SDK-only beta
impossible.

## What changed

- Set the initial SDK beta version to `0.1.0b1` and pin it to published
stable `openai-codex-cli-bin==0.132.0`.
- Decoupled SDK release staging from runtime versioning so it preserves
the reviewed exact runtime pin.
- Added a `python-v*` tag workflow that builds and publishes only
`openai-codex` through PyPI trusted publishing.
- Removed the Beta classifier from runtime package metadata for future
runtime publications.
- Regenerated protocol-derived SDK models from the selected stable
runtime package.

`0.132.0` is the newest stable runtime admitted by the checked-in
dependency date fence and retains the Linux wheel family currently used
by SDK CI.

## Release setup

Before pushing `python-v0.1.0b1`, configure PyPI trusted publishing for
the `openai-codex` project with workflow `python-sdk-release.yml`,
environment `pypi`, and job `publish-python-sdk`.

## Validation

- `uv run --frozen --extra dev ruff check src/openai_codex scripts
examples tests`
- Parsed `.github/workflows/python-sdk-release.yml` with PyYAML.
- Built staged release artifacts locally:
`openai_codex-0.1.0b1-py3-none-any.whl` and
`openai_codex-0.1.0b1.tar.gz`.
- Verified wheel metadata pins `openai-codex-cli-bin==0.132.0`.
- Tests are deferred to online CI for this PR.

* [codex] Prepare Python SDK beta documentation and package metadata (#24836)

## Why

The initial public `openai-codex` beta should read and install like a
normal published Python package before a release tag is created. This
follows merged PR #24828, which establishes the independent SDK beta
release plumbing and exact runtime dependency.

## What changed

- Rewrote `sdk/python/README.md` as a compact PyPI-facing beta package
page: published installation, one quickstart, short login examples,
built-in help, and links to deeper guides.
- Updated the getting-started guide, API reference, FAQ, and examples
index to present the published beta consistently without repeating
onboarding in the package landing page or reference page.
- Made `pip install openai-codex` the primary install path while beta
releases are the only published SDK releases, with `--pre` documented
for opting into prereleases after a stable release exists.
- Added curated `help()` / `pydoc` docstrings across the public API and
generated public convenience methods through
`scripts/update_sdk_artifacts.py`.
- Declared the repository `Apache-2.0` license expression and
Documentation URL in package metadata, without introducing a duplicated
SDK-local license file.
- Kept the source distribution focused on installable package material
(`src/openai_codex`, `README.md`, and `pyproject.toml`); the repository
docs and runnable examples remain linked from the PyPI README.
- Built release artifacts in an Alpine container on the Ubuntu runner,
matching Python SDK CI and allowing type generation to install the
published `musllinux` runtime wheel.
- Added `twine check --strict` to the release workflow so malformed PyPI
metadata or rendered README content fails before publishing.
- Added focused SDK assertions for beta metadata, the exact runtime pin,
source distribution contents, and the built-in Python documentation
surface.

## Validation

- Ran `uv run --frozen --extra dev ruff check
scripts/update_sdk_artifacts.py src/openai_codex
tests/test_public_api_signatures.py
tests/test_artifact_workflow_and_binaries.py` before the final
README-only reductions and review-fix follow-ups.
- Built `openai_codex-0.1.0b1-py3-none-any.whl` and
`openai_codex-0.1.0b1.tar.gz` before the final README-only reductions
and review-fix follow-ups.
- Ran `python -m twine check --strict` on both built artifacts before
the final README-only reductions and review-fix follow-ups.
- Verified artifact metadata reports `Apache-2.0` without a duplicated
SDK-local license file.
- Verified `inspect.getdoc(...)` resolves documentation for the package,
`Codex`, `CodexConfig`, and key generated thread methods.
- Rebased the documentation/readiness change onto merged PR #24828
without changing the intended SDK or workflow file contents.
- Final verification is delegated to online CI for this PR.

* Treat refresh_token_reused 400s as relogin-required (#24830)

## Summary
- classify known refresh-token terminal failures from `/oauth/token` as
permanent even when the backend returns `400`
- preserve the existing relogin-required message for
`refresh_token_reused` instead of retrying and collapsing into a generic
cloud requirements error
- add regression coverage for `400 refresh_token_reused`

## Testing
- `just fmt`
- `cargo test -p codex-login`

* [codex] Simplify Python SDK install guidance (#24866)

## Summary
- Remove the exact-version install snippet from the PyPI-facing Python
SDK README.
- Remove the release-selection explanation so the install section
presents the standard `pip install openai-codex` path directly.

## Validation
- Not run locally; relying on online CI for this documentation-only
change.

* [codex] Remove Python SDK language classifiers (#24868)

## Summary
- Remove the Python language classifiers from the Python SDK package
metadata.
- Keep `requires-python = ">=3.10"` as the package's interpreter
compatibility constraint.
- Avoid presenting a curated version-support list in PyPI metadata.

## Validation
- Not run locally; relying on online CI for this metadata-only change.

## Release
- Land this change before publishing the next Python SDK beta.

* [codex] Remove Python SDK beta warning note (#24870)

## Summary
- Remove the beta warning callout from the PyPI-facing Python SDK
README.
- Keep the existing Beta title and install/usage guidance unchanged.

## Validation
- Not run locally; relying on online CI for this documentation-only
change.

## Release
- Land this change before publishing the next Python SDK beta.

* [codex] Stage Python SDK beta versions from release tags (#24872)

## Summary
- Treat `sdk/python` as a development template with source version
`0.0.0-dev`, matching the existing Python runtime packaging pattern.
- Have `python-v*` tags supply the published SDK beta version through
the existing `stage-sdk --sdk-version` path.
- Remove the workflow check requiring a source version bump for each
beta release and remove its now-unused host Python setup step.
- Keep the reviewed runtime dependency pin at
`openai-codex-cli-bin==0.132.0`.
- Remove beta-number-specific documentation so it does not need editing
for each publish.

## Why
The package staging script already writes the release version into the
artifact. Requiring the checked-in SDK template version to match every
tag adds release-only source churn without changing the package users
receive.

## Validation
- Not run locally; relying on online CI for this workflow and metadata
change.

## Release
After this PR lands, publish the next beta by pushing tag
`python-v0.1.0b2` from merged `main`.

* Move memories root setup out of core config (#24758)

## Why

Config loading should not create or write-authorize the memories root
just because memory support exists. Memory startup is the code path that
actually materializes that tree.

## What

- Stop creating the memories root during Config load and remove it from
legacy workspace-write projections.
- Grant the memories root read access only when the memories feature and
use_memories are enabled.
- Create the memories root inside memories startup before seeding
extension instructions.
- Update config and startup tests around the ownership boundary.

## Tests

- just fmt
- just fix -p codex-core
- just fix -p codex-memories-write
- just test -p codex-core
memory_tool_makes_memories_root_readable_without_creating_or_widening_writes
workspace_write_includes_configured_writable_root_once_without_memories_root
permission_profile_override_keeps_memories_root_out_of_legacy_projection
permissions_profiles_allow_direct_write_roots_outside_workspace_root
default_permissions_profile_populates_runtime_sandbox_policy
- just test -p codex-memories-write memories_startup_creates_memory_root

Note: a broader just test -p codex-core run is not clean in this
sandbox; it hit missing test_stdio_server plus seatbelt, realtime, and
environment-sensitive failures. The changed config tests above pass.

* Stabilize Guardian client cache key handling (#24891)

Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/client.rs. Validation was not run per request; this
branch is expected to rely on the companion split PRs.

* Export Guardian prompt cache key helper (#24892)

Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/guardian/mod.rs. Validation was not run per request;
this branch is expected to rely on the companion split PRs.

* Add Guardian review prompt cache key (#24893)

Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/guardian/review_session.rs. Validation was not run per
request; this branch is expected to rely on the companion split PRs.

* Assert Guardian prompt cache key reuse (#24894)

Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/guardian/tests.rs. Validation was not run per request;
this branch is expected to rely on the companion split PRs.

* Thread Guardian cache key through session (#24895)

Split from the Guardian prompt cache key change. This PR only updates
codex-rs/core/src/session/session.rs. Validation was not run per
request; this branch is expected to rely on the companion split PRs.

* Use stable Guardian prompt cache keys (#24803)

## Why

Guardian review sessions are reusable across forks when their
`GuardianReviewSessionReuseKey` is unchanged, but the underlying
Responses request was still using the child thread ID as
`prompt_cache_key`. That meant forked Guardian reviews that should share
cache context produced different cache keys, reducing prompt cache reuse
and weakening the reuse invariant.

## What Changed

- Adds a `ModelClient` prompt cache key override and uses it for
`ResponsesApiRequest.prompt_cache_key`.
- Computes Guardian review cache keys as
`guardian:<sha1(parent_thread_id:reuse_key)>`, scoped to the parent
thread plus the reuse-sensitive Guardian config.
- Wires session construction to apply that override only for Guardian
sub-agent sessions.

## Testing

- Added coverage that Guardian cache keys are stable for the same
parent/reuse key, change when either the parent thread or reuse key
changes, fit within the Responses API length limit, and are absent for
non-Guardian sessions.
- Extended the parallel review test to assert forked Guardian reviews
send the same `prompt_cache_key`.

* [codex] Fix Guardian argument comment lint (#24902)

## Summary
- Add the required `/*parent_thread_id*/` argument comment at the
Guardian review session test callsite flagged by CI.

## Validation
- `just fmt`
- Not run: clippy/tests, per request; CI will cover them.

* Fix memories namespace for Responses API tools (#24898)

## Why

Dedicated memories tools are exposed through a Responses API namespace
tool. The namespace itself has to be a valid tool identifier, so
`memories/` can fail validation before the model ever gets a chance to
call the memory tools.

## What changed

- Changed `MEMORY_TOOLS_NAMESPACE` from `memories/` to `memories`.
- Added `memory_tool_namespace_matches_responses_api_identifier` so the
namespace stays non-empty and limited to Responses-safe identifier
characters.

## Verification

- Added unit coverage for the namespace identifier shape in
`codex-rs/ext/memories/src/tests.rs`.

* Add Guardian review metrics (#24897)

## Why

Guardian reviews already emit analytics events, but we do not expose
aggregate OpenTelemetry metrics for review volume, latency, token usage,
or terminal outcomes. That makes it harder to monitor Guardian behavior
during rollouts and to compare review outcomes by source, action type,
session kind, model, and failure mode.

## What Changed

- Added Guardian review metric names for count, total duration, time to
first token, and token usage in `codex-rs/otel`.
- Added `core/src/guardian/metrics.rs` to convert
`GuardianReviewAnalyticsResult` into sanitized metric tags covering
decision, terminal status, failure reason, approval request source,
reviewed action, session kind, risk/outcome, model, reasoning effort,
and context/truncation state.
- Emitted the new metrics from `track_guardian_review` for each terminal
Guardian review result.

## Testing

- Added
`guardian_review_metrics_record_counts_durations_and_token_usage`, which
verifies the emitted count, duration, TTFT, token usage histograms, and
tag set through the in-memory metrics exporter.

* [codex-cli] Refresh near-expiry ChatGPT access tokens before requests (#23546)

## Summary

- refresh managed ChatGPT auth during auth resolution when its access
token is inside ChatGPT web's five-minute near-expiry window
- cover refresh-window decisions while preserving the existing
expired-token refresh path

## Why

Codex already resolves managed ChatGPT auth before outbound requests and
refreshes expired access tokens there. This change adjusts the existing
predicate to refresh a still-valid access token once it is within the
same five-minute refresh window used by ChatGPT web, avoiding a request
with a token about to expire.

A cross-process serialization follow-up was explored in #24663 and
closed for now; we do not currently suspect cross-process refresh races
are a root cause of the refresh errors under investigation.

External-token, API-key, and Agent Identity auth modes remain unchanged.

## Validation

- `bazel test //codex-rs/login:login-all-test`
- `just fmt` runs Rust formatting successfully, then its Python SDK Ruff
step cannot install `openai-codex-cli-bin==0.131.0a4` on this Linux
environment because no compatible wheel is published.

* Add thread start contributor facts (#24915)

Summary: add session source and persistent-state availability to
ThreadStartInput; populate them from session init; update existing goal
test harness constructors. Tests: just fmt; git diff --check. No full
tests or clippy run per request.

* Add turn error lifecycle contributor (#24916)

Summary
- Add TurnErrorInput and TurnLifecycleContributor::on_turn_error to the
extension API.
- Emit the turn-error lifecycle from core turn error paths, including
usage limit failures.
- Add direct lifecycle coverage for the emitted error facts and stores.

Tests
- just fmt
- git diff --check
- Not run: full tests or clippy (per instructions)

* [codex] Store pending response items directly (#24865)

* [codex] Update OpenAI Docs skill (#24914)

## Summary
- update the bundled `openai-docs` system skill to match the latest
`openai-docs-plus` content from `skills-internal`
- add the cached Codex manual fetch helper and expand the skill routing
for Codex self-knowledge
- keep the stable local skill identity and labels as `openai-docs`

## Why
The built-in OpenAI Docs skill needed to reflect the current upstream
guidance from `skills-internal` while preserving the local system-skill
name used by Codex.

## Impact
Codex now ships the newer OpenAI Docs skill behavior for Codex
self-knowledge and manual-first documentation lookups.

## Validation
- `just test -p codex-skills`
- exact directory diff against transformed `skills-internal`
`origin/main` was clean

* Add app-server startup benchmark crate (#24651)

## Summary
- Add a new `app-server-start-bench` crate to measure app-server startup
performance
- Wire the benchmark into the workspace and Bazel build so it can be run
consistently
- Update lockfiles and repo automation to account for the new package

* Gate goal tools by thread eligibility (#24925)

## Why

Goal tools create and update goal state for a persistent thread. The
extension was only checking whether goals were enabled before
advertising those tools, which meant they could be surfaced in contexts
that should not receive thread goal controls: ephemeral threads without
persistent thread state and review subagents.

Those sessions can still run the goal extension lifecycle, but the
thread tools should only be visible when the current thread can safely
use them.

## What changed

- Adds a `GoalRuntimeConfig` that separates goal enablement from whether
goal tools are available for the current thread.
- Computes tool eligibility on thread start from
`persistent_thread_state_available` and `SessionSource`, hiding tools
for review subagents.
- Uses `GoalRuntimeHandle::tools_visible()` when contributing thread
tools so enabled runtime state does not automatically imply tool
exposure.
- Adds backend coverage for hiding goal tools on ephemeral threads and
review subagents.

## Testing

- Added `goal_tools_hidden_for_ephemeral_threads`.
- Added `goal_tools_hidden_for_review_subagents`.

* Remove libubsan CI workaround (#24782)

It seems that this was added to allow rustc to load proc macros that had
been compiled with UBSan enabled, which zig does for debug and
`ReleaseSafe` builds. When zig drives the link of the final binary it
knows to include the ubsan runtime, but our zig-built artifacts are
being linked into a binary whose linking rustc drives. This removes the
libubsan workaround we have and replaces it with
`-fno-sanitize=undefined` passed to zig.

The new argument is passed at the end of zig's args so should take
precedence over any earlier arguments from the script's caller.

* extension-api: add TurnItemEmitter to tool calls (#24813)

## Why
Extension-contributed tools need to emit visible turn items through
Codex's normal event and persistence pipeline.

## What
- Add `TurnItemEmitter` to extension `ToolCall`s and route the core
implementation through `Session::emit_turn_item_*`.
- Hold weak session and turn references so retained tool calls cannot
keep host state alive.
- Provide a no-op emitter for extension test callers.

## Test Plan
- `just test -p codex-core -E
'test(passes_turn_fields_and_scoped_turn_item_emitter_to_extension_call)'`

---------

Co-authored-by: jif-oai <jif@openai.com>

* feat(app-server): include turns page on thread resume (#23534)

## Summary

The client currently calls `thread/resume` to establish live updates and
immediately follows it with `thread/turns/list` to hydrate recent turns.
This lets `thread/resume` return that page directly, eliminating a round
trip and the ordering/deduplication gap between the two calls.

Experimental clients opt in with `initialTurnsPage: { limit,
sortDirection, itemsView }`. The response returns `initialTurnsPage` as
a `TurnsPage`, including cursors for paging further back in history.
Keeping the controls in a nested opt-in object provides the useful
`thread/turns/list` knobs without spreading page-specific parameters
across `thread/resume`.

## Verification

- `just fmt`
- `just write-app-server-schema --experimental`
- `just write-app-server-schema`
- `cargo test -p codex-app-server-protocol`
- `cargo test -p codex-app-server
thread_resume_initial_turns_page_matches_requested_turns_list_page
--tests`
- `cargo test -p codex-app-server
thread_resume_rejoins_running_thread_even_with_override_mismatch
--tests`
- `just fix -p codex-app-server-protocol -p codex-app-server`

* Expose MCP server info as part of server status (#24698)

# Summary

Expose MCP server info via App Server (when available) so apps can
render a richer MCP experience

* Reap stale multi-agent slots (#24903)

## Summary

- Let `close_agent` clean up an agent that is still registered in
`AgentRegistry` even when its underlying thread is already missing.
- Preserve the explicit-close boundary: for known stale thread-spawn
agents, mark the persisted spawn edge `Closed`, then treat
`ThreadNotFound` / `InternalAgentDied` as a successful close so the
registry slot can be released.
- Add a regression for MultiAgentV2 task-name targets where
`close_agent("worker")` succeeds after the worker thread has already
disappeared.

## Motivation

A worker can disappear from `ThreadManager` while its metadata still
exists in the root `AgentRegistry`. Before this change, the close tool
failed while trying to subscribe to the missing thread status, so it
never reached the cleanup path that releases the registered agent slot.
With `agents.max_threads = 1`, an explicit close of that stale task-name
agent could fail and leave the session unable to spawn a replacement.

## Scope

This PR intentionally does not add …
@unemployabot unemployabot Bot requested a review from wallentx June 1, 2026 00:55
@unemployabot unemployabot Bot added checkpoint Checkpoint merge termux-release Termux release automation labels Jun 1, 2026
…olve/pr-178

# Conflicts:
#	codex-rs/Cargo.lock
#	codex-rs/Cargo.toml
#	codex-rs/core/src/codex_thread.rs
#	codex-rs/core/src/exec_tests.rs
#	codex-rs/core/src/goals.rs
#	codex-rs/core/src/session/input_queue.rs
#	codex-rs/core/src/session/tests.rs
#	codex-rs/core/src/session/turn.rs
#	codex-rs/core/src/tasks/review.rs
#	codex-rs/core/src/tools/code_mode/mod.rs
#	codex-rs/core/src/tools/handlers/extension_tools.rs
#	codex-rs/core/src/tools/runtimes/shell.rs
#	codex-rs/core/src/tools/runtimes/shell/unix_escalation.rs
#	codex-rs/ext/goal/src/extension.rs
#	codex-rs/ext/image-generation/Cargo.toml
#	codex-rs/ext/image-generation/src/extension.rs
#	codex-rs/ext/image-generation/src/tests.rs
#	codex-rs/ext/image-generation/src/tool.rs
#	codex-rs/model-provider/src/amazon_bedrock/catalog.rs
#	codex-rs/tools/src/lib.rs
#	codex-rs/tools/src/tool_call.rs
@wallentx wallentx merged commit 4a58298 into wallentx/termux-target Jun 1, 2026
1 check passed
@wallentx wallentx deleted the checkpoint/wallentx_termux-target_from_release_0.136.0_328b1e6d55a9 branch June 1, 2026 02:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

checkpoint Checkpoint merge termux-release Termux release automation

Projects

None yet

Development

Successfully merging this pull request may close these issues.