Codex Release Notes

New Features

• Added WS_PROXY / WSS_PROXY environment support (including lowercase variants) for websocket proxying in the network proxy. (#11784)

• App-server v2 now emits notifications when threads are archived or unarchived, enabling clients to react without polling. (#12030)

• Protocol/core now carry distinct approval IDs for command approvals to support multiple approvals within a single shell command execution flow. (#12051)

Bug Fixes

• Ctrl+C / Ctrl+D now cleanly exits the cwd-change prompt during resume/fork flows instead of implicitly selecting an option. (#12040)

• Reduced false-positive safety-check downgrade behavior by relying on the response header model (and websocket top-level events) rather than the response body model slug. (#12061)

Documentation

• Updated docs and schemas to cover websocket proxy configuration, new thread archive/unarchive notifications, and the command approval ID plumbing. (#11784, #12030, #12051)

Chores

• Made the Rust release workflow resilient to npm publish attempts for an already-published version. (#12044)

• Standardized remote compaction test mocking and refreshed related snapshots to align with the default production-shaped behavior. (#12050)

Changelog

Full Changelog: rust-v0.103.0...rust-v0.104.0

• feat(network-proxy): add websocket proxy env support (@viyatb-oai)

• don't fail if an npm publish attempt is for an existing version. (@iceweasel-oai)

• tui: exit session on Ctrl+C in cwd change prompt (@charley-oai)

• app-server: Emit thread archive/unarchive notifications (@euroelessar)

• Chore: remove response model check and rely on header model for downgrade (@shijie-oai)

• feat(core): plumb distinct approval ids for command approvals (@owenlin0)

• Unify remote compaction snapshot mocks around default endpoint behavior (@charley-oai)

Bug Fixes

• Model resolution now preserves the requested model slug when selecting by prefix, so model references stay stable instead of being rewritten. (#11602)
• Developer messages are now excluded from phase-1 memory input, reducing noisy or irrelevant content entering memory. (#11608)
• Memory phase processing concurrency was reduced to make consolidation/staging more stable under load. (#11614)

Chores

• Cleaned and simplified the phase-1 memory pipeline code paths. (#11605)
• Minor repository maintenance: formatting and test-suite hygiene updates in remote model tests. (#11619)

Changelog

Full Changelog

rust-v0.100.0...rust-v0.101.0

• chore: drop and clean from phase 1 (#11605) @jif-oai
• fix(core) model_info preserves slug (#11602) @dylan-hurd-oai
• exclude developer messages from phase-1 memory input (#11608) @wendyjiao-openai
• Add cwd to memory files (#11591) @wendyjiao-openai
• chore: reduce concurrency of memories (#11614) @jif-oai
• fix: fmt (#11619) @jif-oai

New Features

• Added an experimental, feature-gated JavaScript REPL runtime (js_repl) that can persist state across tool calls, with optional runtime path overrides. (#10674)
• Added support for multiple simultaneous rate limits across the protocol, backend client, and TUI status surfaces. (#11260)
• Reintroduced app-server websocket transport with a split inbound/outbound architecture, plus connection-aware thread resume subscriptions. (#11370, #11474)
• Added memory management slash commands in the TUI (/m_update, /m_drop) and expanded memory-read/metrics plumbing. (#11569, #11459, #11593)
• Enabled Apps SDK apps in ChatGPT connector handling. (#11486)
• Promoted sandbox capabilities on both Linux and Windows, and introduced a new ReadOnlyAccess policy shape for configurable read access. (#11381, #11341, #11387)

Bug Fixes

• Fixed websocket incremental output duplication, prevented appends after response.completed, and treated response.incomplete as an error path. (#11383, #11402, #11558)
• Improved websocket session stability by continuing ping handling when idle and suppressing noisy first-retry errors during quick reconnects. (#11413, #11548)
• Fixed stale thread entries by dropping missing rollout files and cleaning stale DB metadata during thread listing. (#11572)
• Fixed Windows multi-line paste reliability in terminals (especially VS Code integrated terminal) by increasing paste burst timing tolerance. (#9348)
• Fixed incorrect inheritance of limit_name when merging partial rate-limit updates. (#11557)
• Reduced repeated skill parse-error spam during active edits by increasing file-watcher debounce from 1s to 10s. (#11494)

Documentation

• Added JS REPL documentation and config/schema guidance for enabling and configuring the feature. (#10674)
• Updated app-server websocket transport documentation in the app-server README. (#11370)

Chores

• Split codex-common into focused codex-utils-* crates to simplify dependency boundaries across Rust workspace components. (#11422)
• Improved Rust release pipeline throughput and reliability for Windows and musl targets, including parallel Windows builds and musl link fixes. (#11488, #11500, #11556)
• Prevented GitHub release asset upload collisions by excluding duplicate cargo-timing.html artifacts. (#11564)

Changelog

Full Changelog:
rust-v0.99.0...rust-v0.100.0

• Do not resend output items in incremental websockets connections (#11383) @pakrym-oai
• chore: persist turn_id in rollout session and make turn_id uuid based (#11246) @celia-oai
• feat: support multiple rate limits (#11260) @xl-openai
• tui: show non-file layer content in /debug-config (#11412) @bolinfest
• Remove test-support feature from codex-core and replace it with explicit test toggles (#11405) @bolinfest
• fix: flaky test (#11428) @jif-oai
• feat: improve thread listing (#11429) @jif-oai
• feat: split codex-common into smaller utils crates (#11422) @bolinfest
• feat: new memory prompts (#11439) @jif-oai
• Cache cloud requirements (#11305) @gt-oai
• nit: increase max raw memories (#11452) @jif-oai
• feat: close mem agent after consolidation (#11455) @jif-oai
• fix: optional schema of memories (#11454) @jif-oai
• feat: set policy for phase 2 memory (#11449) @jif-oai
• chore: rename disable_websockets -> websockets_disabled (#11420) @sayan-oai
• Do not attempt to append after response.completed (#11402) @pakrym-oai
• clean: memory rollout recorder (#11462) @jif-oai
• feat(core): promote Linux bubblewrap sandbox to Experimental (#11381) @viyatb-oai
• Extract codex-config from codex-core (#11389) @bolinfest
• Reapply "Add app-server transport layer with websocket support" (#11370) @maxj-oai
• feat: panic if Constrained does not support Disabled (#11470) @bolinfest
• feat: remove "cargo check individual crates" from CI (#11475) @bolinfest
• feat: memory read path (#11459) @jif-oai
• chore: clean rollout extraction in memories (#11471) @jif-oai
• fix(tui): increase paste burst char interval on Windows to 30ms (#9348) @yuvrajangadsingh
• chore: sub-agent never ask for approval (#11464) @jif-oai
• Linkify feedback link (#11414) @pakrym-oai
• chore: update mem prompt (#11480) @jif-oai
• fix: Constrained import (#11485) @owenlin0
• Promote Windows Sandbox (#11341) @iceweasel-oai
• Add feature-gated freeform js_repl core runtime (#10674) @fjord-oai
• refactor: codex app-server ThreadState (#11419) @maxj-oai
• Pump pings (#11413) @pakrym-oai
• feat: use more powerful machines for building Windows releases (#11488) @bolinfest
• nit: memory truncation (#11479) @jif-oai
• Increased file watcher debounce duration from 1s to 10s (#11494) @etraut-openai
• Add AfterToolUse hook (#11335) @gt-oai
• feat: build windows support binaries in parallel (#11500) @bolinfest
• chore(tui) Simplify /status Permissions (#11290) @dylan-hurd-oai
• Make codex-sdk depend on openai/codex (#11503) @pakrym-oai
• app-server: thread resume subscriptions (#11474) @maxj-oai
• Added seatbelt policy rule to allow os.cpus (#11277) @etraut-openai
• chore: inject originator/residency headers to ws client (#11506) @apanasenko-oai
• Hydrate previous model across resume/fork/rollback/task start (#11497) @aibrahim-oai
• feat: try to fix bugs I saw in the wild in the resource parsing logic (#11513) @bolinfest
• Consolidate search_tool feature into apps (#11509) @apanasenko-oai
• change model cap to server overload (#11388) @willwang-openai
• Pre-sampling compact with previous model context (#11504) @aibrahim-oai
• Clamp auto-compact limit to context window (#11516) @aibrahim-oai
• Update context window after model switch (#11520) @aibrahim-oai
• Use slug in tui (#11519) @pakrym-oai
• fix: add --test_verbose_timeout_warnings to bazel.yml (#11522) @bolinfest
• fix: remove errant Cargo.lock files (#11526) @bolinfest
• test(app-server): stabilize app/list thread feature-flag test by using file-backed MCP OAuth creds (#11521) @bolinfest
• feat: make sandbox read access configurable with ReadOnlyAccess (#11387) @bolinfest
• [apps] Allow Apps SDK apps. (#11486) @mzeng-openai
• fix compilation (#11532) @sayan-oai
• Teach codex to test itself (#11531) @pakrym-oai
• ci: remove actions/cache from rust release workflows (#11540) @bolinfest
• ci(windows): use DotSlash for zstd in rust-release-windows (#11542) @bolinfest
• build(linux-sandbox): always compile vendored bubblewrap on Linux; remove CODEX_BWRAP_ENABLE_FFI (#11498) @viyatb-oai
• fix: make project_doc skill-render tests deterministic (#11545) @bolinfest
• ci: capture cargo timings in Rust CI and release workflows (#11543) @bolinfest
• Bump rmcp to 0.15 (#11539) @gpeal
• Hide the first websocket retry (#11548) @pakrym-oai
• Add logs to model cache (#11551) @aibrahim-oai
• Fix rust-release failures in musl linking and release asset upload (#11556) @bolinfest
• Handle response.incomplete (#11558) @pakrym-oai
• fix: stop inheriting rate-limit limit_name (#11557) @xl-openai
• rust-release: exclude cargo-timing.html from release assets (#11564) @bolinfest
• fix: update memory writing prompt (#11546) @zuxin-oai
• Fix test flake (#11448) @gt-oai
• feat: mem slash commands (#11569) @jif-oai
• Fix flaky pre_sampling_compact switch test (#11573) @jif-oai
• feat: mem drop cot (#11571) @jif-oai
• Ensure list_threads drops stale rollout files (#11572) @jif-oai
• fix: db stuff mem (#11575) @jif-oai
• nit: upgrade DB version (#11581) @jif-oai
• chore: clean consts (#11593) @jif-oai
• feat: metrics to memories (#11590) @jif-oai
• Fix config test on macOS (#11579) @gt-oai
• feat: add sanitizer to redact secrets (#11600) @jif-oai
• chore: drop mcp validation of dynamic tools (#11609) @jif-oai

New Features

• Running direct shell commands no longer interrupts an in-flight turn; commands can execute concurrently when a turn is active. (#10513)
• Added /statusline to configure which metadata appears in the TUI footer interactively. (#10546)
• The TUI resume picker can now toggle sort order between creation time and last-updated time with an in-picker mode indicator. (#10752)
• App-server clients now get dedicated APIs for steering active turns, listing experimental features, resuming agents, and opting out of specific notifications. (#10721, #10821, #10903, #11319)
• Enterprise/admin requirements can now restrict web search modes and define network constraints through requirements.toml. (#10964, #10958)
• Image attachments now accept GIF and WebP inputs in addition to existing formats. (#11237)
• Enable snapshotting of the shell environment and rc files (#11172)

Bug Fixes

• Fixed a Windows startup issue where buffered keypresses could cause the TUI sign-in flow to exit immediately. (#10729)
• Required MCP servers now fail fast during start/resume flows instead of continuing in a broken state. (#10902)
• Fixed a file-watcher bug that emitted spurious skills reload events and could generate very large log files. (#11217)
• Improved TUI input reliability: long option labels wrap correctly, Tab submits in steer mode when idle, history recall keeps cursor placement consistent, and stashed drafts restore image placeholders correctly. (#11123, #10035, #11295, #9040)
• Fixed model-modality edge cases by surfacing clearer view_image errors on text-only models and stripping unsupported image history during model switches. (#11336, #11349)
• Reduced false approval mismatches for wrapped/heredoc shell commands and guarded against empty command lists in exec policy evaluation. (#10941, #11397)

Documentation

• Expanded app-server docs and protocol references for turn/steer, experimental-feature discovery, resume_agent, notification opt-outs, and null developer_instructions normalization. (#10721, #10821, #10903, #10983, #11319)
• Updated TUI composer docs to reflect draft/image restoration, steer-mode Tab submit behavior, and history-navigation cursor semantics. (#9040, #10035, #11295)

Chores

• Reworked npm release packaging so platform-specific binaries are distributed via @openai/codex dist-tags, reducing package-size pressure while preserving platform-specific installs (including @alpha). (#11318, #11339)
• Pulled in a security-driven dependency update for time (RUSTSEC-2026-0009). (#10876)

Changelog

Full Changelog:
rust-v0.98.0...rust-v0.99.0

• fix(tui): flush input buffer on init to prevent early exit on Windows (#10729) @Ashutosh0x
• fix: flaky landlock (#10689) @jif-oai
• Allow user shell commands to run alongside active turns (#10513) @jif-oai
• nit: backfill stronger (#10738) @jif-oai
• adding fork information (UI) when forking (#10246) @pap-openai
• Update explorer role default model (#10748) @jif-oai
• Include real OS info in metrics. (#10425) @iceweasel-oai
• feat: resumable backfill (#10745) @jif-oai
• feat: wire ephemeral in codex exec (#10758) @jif-oai
• chore: handle shutdown correctly in tui (#10756) @jif-oai
• feat: add memory tool (#10637) @jif-oai
• feat: repair DB in case of missing lines (#10751) @jif-oai
• nit: add DB version in discrepancy recording (#10762) @jif-oai
• Leverage state DB metadata for thread summaries (#10621) @jif-oai
• Add hooks implementation and wire up to notify (#10546) @gt-oai
• feat(tui): add /statusline command for interactive status line configuration (#10546) @fcoury
• feat(tui): add sortable resume picker with created/updated timestamp toggle (#10752) @fcoury
• fix(tui): fix resume_picker_orders_by_updated_at test (#10769) @owenlin0
• fix(auth): isolate chatgptAuthTokens concept to auth manager and app-server (#10423) @owenlin0
• nit: gpt-5.3-codex announcement (#10775) @jif-oai
• nit: gpt-5.3-codex announcement 2 (#10782) @jif-oai
• add sandbox policy and sandbox name to codex.tool.call metrics (#10711) @iceweasel-oai
• chore: rm web-search-eligible header (#10660) @sayan-oai
• fix: announcement in prio (#10783) @jif-oai
• [app-server] Add a method to list experimental features. (#10721) @mzeng-openai
• chore: limit update to 0.98.0 NUX to < 0.98.0 ver (#10787) @sayan-oai
• Add analytics for /rename and /fork (#10655) @pap-openai
• feat: wait for backfill to be ready (#10790) @jif-oai
• Add app-server transport layer with websocket support (#10693) @maxj-oai
• other announcement (#10818) @jif-oai
• Sync app-server requirements API with refreshed cloud loader (#10815) @xl-openai
• go back to auto-enabling web_search for azure (#10820) @sayan-oai
• Send beta header with websocket connects (#10727) @pakrym-oai
• updates: use brew api for version check (#10809) @magus
• Add stage field for experimental flags. (#10793) @mzeng-openai
• feat(app-server): turn/steer API (#10821) @owenlin0
• Print warning when config does not meet requirements (#10792) @gt-oai
• feat: expose detailed metrics to runtime metrics (#10699) @apanasenko-oai
• Gate app tooltips to macOS (#10784) @aibrahim-oai
• Log an event (info only) when we receive a file watcher event (#10843) @etraut-openai
• Personality setting is no longer available in experimental menu (#10852) @etraut-openai
• Removed the "remote_compaction" feature flag (#10840) @etraut-openai
• sec: fix time of time to prevent vulnerability (#10876) @jif-oai
• nit: test an (#10892) @jif-oai
• feat: backfill async again (#10894) @jif-oai
• Handle required MCP startup failures across components (#10902) @jif-oai
• Removed "exec_policy" feature flag (#10851) @etraut-openai
• Queue nudges while plan generating (#10457) @charley-oai
• Add app configs to config.toml (#10822) @canvrno-oai
• feat(linux-sandbox): block io_uring syscalls in no-network seccomp policy (#10814) @viyatb-oai
• core: preconnect Responses websocket for first turn (#10698) @joshka-oai
• core: refresh developer instructions after compaction replacement history (#10574) @charley-oai
• chore(app-server): update AGENTS.md for config + optional collection guidance (#10914) @owenlin0
• chore(app-server): add experimental annotation to relevant fields (#10928) @owenlin0
• Treat compaction failure as failure state (#10927) @aibrahim-oai
• Support alternative websocket API (#10861) @by-openai
• TUI/Core: preserve duplicate skill/app mention selection across submit + resume (#10855) @daniel-oai
• app-server: print help message to console when starting websockets server (#10943) @JaviSoto
• Mark Config.apps as experimental, correct schema generation issue (#10938) @canvrno-oai
• fix(tui): conditionally restore status indicator using message phase (#10947) @sayan-oai
• refactor(network-proxy): flatten network config under [network] (#10965) @viyatb-oai
• Fixed a flaky test (#10970) @etraut-openai
• Process-group cleanup for stdio MCP servers to prevent orphan process storms (#10710) @etraut-openai
• feat: add support for allowed_web_search_modes in requirements.toml (#10964) @bolinfest
• fix: use expected line ending in codex-rs/core/config.schema.json (#10977) @bolinfest
• Do not poll for usage when using API Key auth (#10973) @etraut-openai
• Show left/right arrows to navigate in tui request_user_input (#10921) @charley-oai
• fix(tui): rehydrate drafts and restore image placeholders (#10824) @Chriss4123
• Fallback to HTTP on UPGRADE_REQUIRED (#10826) @pakrym-oai
• Defer persistence of rollout file (#11028) @etraut-openai
• fix: remove config.schema.json from tag check (#10980) @bolinfest
• Gate view_image tool by model input_modalities (#11051) @wiltzius-openai
• [bazel] Upgrade some rulesets in preparation for enabling windows (#11109) @zbarsky-openai
• chore: refactor network-proxy so that ConfigReloader is injectable behavior (#11114) @bolinfest
• feat: include [experimental_network] in (#11044) @bolinfest
• tui: avoid no-op status-line redraws (#11155) @rakan-oai
• feat: do not close unified exec processes across turns (#10799) @jif-oai
• chore: enable shell snapshot (#11172) @jif-oai
• fix: do not show closed agents in /agent (#11175) @jif-oai
• chore: enable sub agents (#11173) @jif-oai
• Deflake mixed parallel tools timing test (#11193) @gt-oai
• Load requirements on windows (#10770) @gt-oai
• core: account for all post-response items in auto-compact token checks (#11132) @charley-oai
• tools: remove get_memory tool and tests (#11198) @jif-oai
• Translate websocket errors (#10937) @rasmusrygaard
• Fixed bug in file watcher that results in spurious skills update events and large log files (#11217) @etraut-openai
• Move warmup to the task level (#11216) @pakrym-oai
• Try to stop small helper methods (#11203) @pakrym-oai
• [bazel] Upgrade some rulesets in preparation for enabling windows, part 2 (#11197) @zbarsky-openai
  ...

New Features

• Introducing GPT-5.3-Codex. Learn More
• Steer mode is now stable and enabled by default, so Enter sends immediately during running tasks while Tab explicitly queues follow-up input. (#10690)

Bug Fixes

• Fixed resumeThread() argument ordering in the TypeScript SDK so resuming with local images no longer starts an unintended new session. (#10709)
• Fixed model-instruction handling when changing models mid-conversation or resuming with a different model, ensuring the correct developer instructions are applied. (#10651, #10719)
• Fixed a remote compaction mismatch where token pre-estimation and compact payload generation could use different base instructions, improving trim accuracy and avoiding context overflows. (#10692)
• Cloud requirements now reload immediately after login instead of requiring a later refresh path to take effect. (#10725)

Chores

• Restored the default assistant personality to Pragmatic across config and related tests/UI snapshots. (#10705)
• Unified collaboration mode naming and metadata across prompts, tools, protocol types, and TUI labels for more consistent mode behavior and messaging. (#10666)

Changelog

Full Changelog:
rust-v0.97.0...rust-v0.98.0

• fix: ensure resume args precede image args (#10709) @cryptonerdcn
• chore(config) Default Personality Pragmatic (#10705) @dylan-hurd-oai
• fix(core) switching model appends model instructions (#10651) @dylan-hurd-oai
• Sync collaboration mode naming across Default prompt, tools, and TUI (#10666) @charley-oai
• Make steer stable by default (#10690) @aibrahim-oai
• Fix remote compaction estimator/payload instruction small mismatch (#10692) @charley-oai
• Reload cloud requirements after user login (#10725) @xl-openai
• fix(core,app-server) resume with different model (#10719) @dylan-hurd-oai

New Features

• Added a session-scoped “Allow and remember” option for MCP/App tool approvals, so repeated calls to the same tool can be auto-approved during the session. (#10584)
• Added live skill update detection, so skill file changes are picked up without restarting. (#10478)
• Added support for mixed text and image content in dynamic tool outputs for app-server integrations. (#10567)
• Added a new /debug-config slash command in the TUI to inspect effective configuration. (#10642)
• Introduced initial memory plumbing (API client + local persistence) to support thread memory summaries. (#10629, #10634)
• Added configurable log_dir so logs can be redirected (including via -c overrides) more easily. (#10678)

Bug Fixes

• Fixed jitter in the TUI apps/connectors picker by stabilizing description-column rendering. (#10593)
• Restored and stabilized the TUI “working” status indicator/shimmer during preamble and early exec flows. (#10700, #10701)
• Improved cloud requirements reliability with higher timeouts, retries, and corrected precedence over MDM settings. (#10631, #10633, #10659)
• Persisted pending-input user events more consistently for mid-turn injected input handling. (#10656)

Documentation

• Documented how to opt in to the experimental app-server API. (#10667)
• Updated docs/schema coverage for new log_dir configuration behavior. (#10678)

Chores

• Migrated state DB helpers to a versioned SQLite filename scheme and cleaned up legacy state files during runtime initialization. (#10623)
• Expanded runtime telemetry with websocket timing metrics and simplified internal metadata flow in core client plumbing. (#10577, #10589)

Changelog

Full Changelog:
rust-v0.96.0...rust-v0.97.0

• Stop client from being state carrier (#10595) @pakrym-oai
• Add option to approve and remember MCP/Apps tool usage (#10584) @canvrno-oai
• fix: flaky test (#10644) @jif-oai
• feat: add phase 1 mem client (#10629) @jif-oai
• feat: add phase 1 mem db (#10634) @jif-oai
• Fix jitter in TUI apps/connectors picker (#10593) @canvrno-oai
• [apps] Cache MCP actions from apps. (#10662) @mzeng-openai
• feat: add phase 1 mem db (#10649) @gt-oai
• Fix test_shell_command_interruption flake (#10642) @gt-oai
• feat: add seatbelt policy rule to allow os.cpus (#11277) @etraut-openai
• chore: inject originator/residency headers to ws client (#11506) @apanasenko-oai
• Hydrate previous model across resume/fork/rollback/task start (#11497) @aibrahim-oai
• feat: try to fix bugs I saw in the wild in the resource parsing logic (#11513) @bolinfest
• Consolidate search_tool feature into apps (#11509) @apanasenko-oai
• change model cap to server overload (#11388) @willwang-openai
• Pre-sampling compact with previous model context (#11504) @aibrahim-oai
• Clamp auto-compact limit to context window (#11516) @aibrahim-oai
• Update context window after model switch (#11520) @aibrahim-oai
• Use slug in tui (#11519) @pakrym-oai
• fix: add --test_verbose_timeout_warnings to bazel.yml (#11522) @bolinfest
• fix: remove errant Cargo.lock files (#11526) @bolinfest
• test(app-server): stabilize app/list thread feature-flag test by using file-backed MCP OAuth creds (#11521) @bolinfest
• feat: make sandbox read access configurable with ReadOnlyAccess (#11387) @bolinfest
• [apps] Allow Apps SDK apps. (#11486) @mzeng-openai
• fix compilation (#11532) @sayan-oai
• Teach codex to test itself (#11531) @pakrym-oai
• ci: remove actions/cache from rust release workflows (#11540) @bolinfest
• ci(windows): use DotSlash for zstd in rust-release-windows (#11542) @bolinfest
• build(linux-sandbox): always compile vendored bubblewrap on Linux; remove CODEX_BWRAP_ENABLE_FFI (#11498) @viyatb-oai
• fix: make project_doc skill-render tests deterministic (#11545) @bolinfest
• ci: capture cargo timings in Rust CI and release workflows (#11543) @bolinfest
• Bump rmcp to 0.15 (#11539) @gpeal
• Hide the first websocket retry (#11548) @pakrym-oai
• Add logs to model cache (#11551) @aibrahim-oai
• Fix rust-release failures in musl linking and release asset upload (#11556) @bolinfest
• Handle response.incomplete (#11558) @pakrym-oai
• fix: stop inheriting rate-limit limit_name (#11557) @xl-openai
• rust-release: exclude cargo-timing.html from release assets (#11564) @bolinfest
• fix: update memory writing prompt (#11546) @zuxin-oai
• Fix test flake (#11448) @gt-oai
• feat: mem slash commands (#11569) @jif-oai
• Fix flaky pre_sampling_compact switch test (#11573) @jif-oai
• feat: mem drop cot (#11571) @jif-oai
• Ensure list_threads drops stale rollout files (#11572) @jif-oai
• fix: db stuff mem (#11575) @jif-oai
• nit: upgrade DB version (#11581) @jif-oai
• chore: clean consts (#11593) @jif-oai
• feat: metrics to memories (#11590) @jif-oai
• Fix config test on macOS (#11579) @gt-oai
• feat: add sanitizer to redact secrets (#11600) @jif-oai
• chore: drop mcp validation of dynamic tools (#11609) @jif-oai

New Features

• Added thread/compact to the v2 app-server API as an async trigger RPC, so clients can start compaction immediately and track completion separately. (#10445)
• Added websocket-side rate limit signaling via a new codex.rate_limits event, with websocket parity for ETag/reasoning metadata handling. (#10324)
• Enabled unified_exec on all non-Windows platforms. (#10641)
• Constrained requirement values now include source provenance, enabling source-aware config debugging in UI flows like /debug-config. (#10568)

Bug Fixes

• Fixed Esc handling in the TUI request_user_input overlay: when notes are open, Esc now exits notes mode instead of interrupting the session. (#10569)
• Thread listing now queries the state DB first (including archived threads) and falls back to filesystem traversal only when needed, improving listing correctness and resilience. (#10544)
• Fixed thread path lookup to require that the resolved file actually exists, preventing invalid thread-id resolutions. (#10618)
• Dynamic tool injection now runs in a single transaction to avoid partial state updates. (#10614)
• Refined request_rule guidance used in approval-policy prompting to correct rule behavior. (#10379, #10598)

Documentation

• Updated app-server docs for thread/compact to clarify its asynchronous behavior and thread-busy lifecycle. (#10445)
• Updated TUI docs to match the mode-specific Esc behavior in request_user_input. (#10569)

Chores

• Migrated state DB helpers to a versioned SQLite filename scheme and cleaned up legacy state files during runtime initialization. (#10623)
• Expanded runtime telemetry with websocket timing metrics and simplified internal metadata flow in core client plumbing. (#10577, #10589)

Changelog

Full Changelog:
rust-v0.95.0...rust-v0.96.0

• tui: make Esc clear request_user_input notes while notes are shown (#10569) @charley-oai
• feat: log webscocket timing into runtime metrics (#10577) @apanasenko-oai
• Add thread/compact v2 (#10445) @aibrahim-oai
• Move metadata calculation out of client (#10589) @pakrym-oai
• fix(core) updated request_rule guidance (#10598) @dylan-hurd-oai
• fix(core) Request Rule guidance tweak (#10598) @dylan-hurd-oai
• Prefer state DB thread listings before filesystem (#10544) @jif-oai
• single transaction for dyn tools injection (#10614) @jif-oai
• Requirements: add source to constrained requirement values (#10568) @gt-oai
• chore: simplify user message detection (#10611) @jif-oai
• Expanded runtime telemetry with websocket timing metrics (#10577) @apanasenko-oai
• fix: make sure file exist in find_thread_path_by_id_str_in_subdir (#10618) @jif-oai
• nit: cleaning (#10619) @jif-oai
• Add a codex.rate_limits event for websockets (#10324) @rasmusrygaard
• Migrate state DB path helpers to versioned filename (#10623) @jif-oai
• Update tests to stop using sse_completed fixture (#10638) @pakrym-oai
• feat: land unified_exec (#10641) @jif-oai

New Features

• Added codex app on macOS to launch Codex Desktop from the CLI, with automatic DMG download if it is missing. (#10418)
• Added personal skill loading from ~/.agents/skills (with ~/.codex/skills compatibility), plus app-server APIs/events to list and download public remote skills. (#10437, #10448)
• /plan now accepts inline prompt arguments and pasted images, and slash-command editing/highlighting in the TUI is more polished. (#10269)
• Shell-related tools can now run in parallel, improving multi-command execution throughput. (#10505)
• Shell executions now receive CODEX_THREAD_ID, so scripts and skills can detect the active thread/session. (#10096)
• Added vendored Bubblewrap + FFI wiring in the Linux sandbox as groundwork for upcoming runtime integration. (#10413)

Bug Fixes

• Hardened Git command safety so destructive or write-capable invocations no longer bypass approval checks. (#10258)
• Improved resume/thread browsing reliability by correctly showing saved thread names and fixing thread listing behavior. (#10340, #10383)
• Fixed first-run trust-mode handling so sandbox mode is reported consistently, and made $PWD/.agents read-only like $PWD/.codex. (#10415, #10524)
• Fixed codex exec hanging after interrupt in websocket/streaming flows; interrupted turns now shut down cleanly. (#10519)
• Fixed review-mode approval event wiring so requestApproval IDs align with the corresponding command execution items. (#10416)
• Improved 401 error diagnostics by including server message/body details plus cf-ray and requestId. (#10508)

Documentation

• Expanded TUI chat composer docs to cover slash-command arguments and attachment handling in plan/review flows. (#10269)
• Refreshed issue templates and labeler prompts to better separate CLI/app bug reporting and feature requests. (#10411, #10453, #10548, #10552)

Chores

• Completed migration off the deprecated mcp-types crate to rmcp-based protocol types/adapters, then removed the legacy crate. (#10356, #10349, #10357)
• Updated the bytes dependency for a security advisory and cleaned up resolved advisory configuration. (#10525)

Changelog

Full Changelog:
rust-v0.94.0...rust-v0.95.0

• Session picker shows thread_name if set (#10340) @pap-openai
• chore: collab experimental (#10381) @jif-oai
• feat: experimental flags (#10231) @jif-oai
• feat: Support loading skills from .agents/skills (#10382) @jif-oai
• nit: shell snapshot retention to 3 days (#10383) @jif-oai
• fix: thread listing (#10383) @jif-oai
• fix: Rfc3339 casting (#10386) @jif-oai
• feat: add MCP protocol types and rmcp adapters (#10644) @bolinfest
• fix: flaky test (#10644) @jif-oai
• feat: add phase 1 mem client (#10629) @jif-oai
• feat: add phase 1 mem db (#10634) @jif-oai
• fix: flaky landlock (#10689) @jif-oai
• feat: add memory tool (#10637) @jif-oai
• fix: flaky landlock (#10689) @jif-oai
• feat: add seatbelt policy rule to allow os.cpus (#11277) @etraut-openai
• chore: inject originator/residency headers to ws client (#11506) @apanasenko-oai
• Hydrate previous model across resume/fork/rollback/task start (#11497) @aibrahim-oai
• feat: try to fix bugs I saw in the wild in the resource parsing logic (#11513) @bolinfest
• Consolidate search_tool feature into apps (#11509) @apanasenko-oai
• change model cap to server overload (#11388) @willwang-openai
• Pre-sampling compact with previous model context (#11504) @aibrahim-oai
• Clamp auto-compact limit to context window (#11516) @aibrahim-oai
• Update context window after model switch (#11520) @aibrahim-oai
• Use slug in tui (#11519) @pakrym-oai
• fix: add --test_verbose_timeout_warnings to bazel.yml (#11522) @bolinfest
• fix: remove errant Cargo.lock files (#11526) @bolinfest
• test(app-server): stabilize app/list thread feature-flag test by using file-backed MCP OAuth creds (#11521) @bolinfest
• feat: make sandbox read access configurable with ReadOnlyAccess (#11387) @bolinfest
• [apps] Allow Apps SDK apps. (#11486) @mzeng-openai
• fix compilation (#11532) @sayan-oai
• Teach codex to test itself (#11531) @pakrym-oai
• ci: remove actions/cache from rust release workflows (#11540) @bolinfest
• ci(windows): use DotSlash for zstd in rust-release-windows (#11542) @bolinfest
• build(linux-sandbox): always compile vendored bubblewrap on Linux; remove CODEX_BWRAP_ENABLE_FFI (#11498) @viyatb-oai
• fix: make project_doc skill-render tests deterministic (#11545) @bolinfest
• ci: capture cargo timings in Rust CI and release workflows (#11543) @bolinfest
• Bump rmcp to 0.15 (#11539) @gpeal
• Hide the first websocket retry (#11548) @pakrym-oai
• Add logs to model cache (#11551) @aibrahim-oai
• Fix rust-release failures in musl linking and release asset upload (#11556) @bolinfest
• Handle response.incomplete (#11558) @pakrym-oai
• fix: stop inheriting rate-limit limit_name (#11557) @xl-openai
• rust-release: exclude cargo-timing.html from release assets (#11564) @bolinfest
• fix: update memory writing prompt (#11546) @zuxin-oai
• Fix test flake (#11448) @gt-oai
• feat: mem slash commands (#11569) @jif-oai
• Fix flaky pre_sampling_compact switch test (#11573) @jif-oai
• feat: mem drop cot (#11571) @jif-oai
• Ensure list_threads drops stale rollout files (#11572) @jif-oai
• fix: db stuff mem (#11575) @jif-oai
• nit: upgrade DB version (#11581) @jif-oai
• chore: clean consts (#11593) @jif-oai
• feat: metrics to memories (#11590) @jif-oai
• Fix config test on macOS (#11579) @gt-oai
• feat: add sanitizer to redact secrets (#11600) @jif-oai
• chore: drop mcp validation of dynamic tools (#11609) @jif-oai

New Features

• Plan mode is now enabled by default with updated interaction guidance in the plan prompt. (#10313, #10308, #10329)
• Personality configuration is now stable: default is friendly, the config key is personality, and existing settings migrate forward. (#10305, #10314, #10310, #10307)
• Skills can be loaded from .agents/skills, with clearer relative-path instructions and nested-folder markers supported. (#10317, #10282, #10350)
• Console output now includes runtime metrics for easier diagnostics. (#10278)

Bug Fixes

• Unarchiving a thread updates its timestamp so sidebar ordering refreshes. (#10280)
• Conversation rules output is capped and prefix rules are deduped to avoid repeated rules. (#10351, #10309)
• Override turn context no longer appends extra items. (#10354)

Documentation

• Fixed a broken image link in the npm README. (#10303)

Chores

• Completed migration off the deprecated mcp-types crate to rmcp-based protocol types/adapters, then removed the legacy crate. (#10356, #10349, #10357)
• Updated the bytes dependency for a security advisory and cleaned up resolved advisory configuration. (#10525)

Changelog

Full Changelog:

rust-v0.93.0...rust-v0.94.0

• feat: show runtime metrics in console (#10278) @apanasenko-oai
• display promo message in usage error (#10285) @willwang-openai
• fix(nix): update flake for newer Rust toolchain requirements (#10302) @douglaz
• chore(features) remove Experimental tag from UTF8 (#10296) @dylan-hurd-oai
• Fix npm README image link (#10303) @fouad-openai
• chore(app-server) add personality update test (#10306) @dylan-hurd-oai
• chore(core) Default to friendly personality (#10305) @dylan-hurd-oai
• feat(core,tui,app-server) personality migration (#10307) @dylan-hurd-oai
• enable plan mode (#10313) @aibrahim-oai
• feat: fire tracking events for skill invocation (#10120) @alexsong-oai
• feat: Support loading skills from .agents/skills (#10317) @gverma-openai
• Make skills prompt explicit about relative-path lookup (#10282) @xl-openai
• Add websocket telemetry metrics and labels (#10314) @apanasenko-oai
• chore(config) Rename config setting to personality (#10310) @dylan-hurd-oai
• chore(features) Personality => Stable (#10307) @dylan-hurd-oai
• feat: add seatbelt policy rule to allow os.cpus (#11277) @etraut-openai
• chore: inject originator/residency headers to ws client (#11506) @apanasenko-oai
• Hydrate previous model across resume/fork/rollback/task start (#11497) @aibrahim-oai
• feat: try to fix bugs I saw in the wild in the resource parsing logic (#11513) @bolinfest
• Consolidate search_tool feature into apps (#11509) @apanasenko-oai
• change model cap to server overload (#11388) @willwang-openai
• Pre-sampling compact with previous model context (#11504) @aibrahim-oai
• Clamp auto-compact limit to context window (#11516) @aibrahim-oai
• Update context window after model switch (#11520) @aibrahim-oai
• Use slug in tui (#11519) @pakrym-oai
• fix: add --test_verbose_timeout_warnings to bazel.yml (#11522) @bolinfest
• fix: remove errant Cargo.lock files (#11526) @bolinfest
• test(app-server): stabilize app/list thread feature-flag test by using file-backed MCP OAuth creds (#11521) @bolinfest
• feat: make sandbox read access configurable with ReadOnlyAccess (#11387) @bolinfest
• [apps] Allow Apps SDK apps. (#11486) @mzeng-openai
• fix compilation (#11532) @sayan-oai
• Teach codex to test itself (#11531) @pakrym-oai
• ci: remove actions/cache from rust release workflows (#11540) @bolinfest
• ci(windows): use DotSlash for zstd in rust-release-windows (#11542) @bolinfest
• build(linux-sandbox): always compile vendored bubblewrap on Linux; remove CODEX_BWRAP_ENABLE_FFI (#11498) @viyatb-oai
• fix: make project_doc skill-render tests deterministic (#11545) @bolinfest
• ci: capture cargo timings in Rust CI and release workflows (#11543) @bolinfest
• Bump rmcp to 0.15 (#11539) @gpeal
• Hide the first websocket retry (#11548) @pakrym-oai
• Add logs to model cache (#11551) @aibrahim-oai
• Fix rust-release failures in musl linking and release asset upload (#11556) @bolinfest
• Handle response.incomplete (#11558) @pakrym-oai
• fix: stop inheriting rate-limit limit_name (#11557) @xl-openai
• rust-release: exclude cargo-timing.html from release assets (#11564) @bolinfest
• fix: update memory writing prompt (#11546) @zuxin-oai
• Fix test flake (#11448) @gt-oai
• feat: mem slash commands (#11569) @jif-oai
• Fix flaky pre_sampling_compact switch test (#11573) @jif-oai
• feat: mem drop cot (#11571) @jif-oai
• Ensure list_threads drops stale rollout files (#11572) @jif-oai
• fix: db stuff mem (#11575) @jif-oai
• nit: upgrade DB version (#11581) @jif-oai
• chore: clean consts (#11593) @jif-oai
• feat: metrics to memories (#11590) @jif-oai
• Fix config test on macOS (#11579) @gt-oai
• feat: add sanitizer to redact secrets (#11600) @jif-oai
• chore: drop mcp validation of dynamic tools (#11609) @jif-oai

New Features

• Added an optional SOCKS5 proxy listener with policy enforcement and config gating. (#9803)
• Plan mode now streams proposed plans into a dedicated TUI view, plus a feature-gated /plan shortcut for quick mode switching. (#9786, #10103)
• Added /apps to browse connectors in TUI and $ insertion for app prompts. (#9728)
• App-server can now run in external auth mode, accepting ChatGPT auth tokens from a host app and requesting refreshes when needed. (#10012)
• Smart approvals are now enabled by default, with explicit approval prompts for MCP tool calls. (#10286, #10200)
• Introduced a SQLite-backed log database with an improved logs client, thread-id filtering, retention, and heuristic coloring. (#10086, #10087, #10150, #10151, #10229, #10228)

Bug Fixes

• MCP tool image outputs render reliably even when image blocks aren’t first or are partially malformed. (#9815)
• Input history recall now restores local image attachments and rich text elements. (#9628)
• File search now tracks session CWD changes and supports multi-root traversal with better performance. (#9279, #9939, #10240)
• Resuming a thread no longer updates updated_at until the first turn actually starts. (#9950)
• Shell snapshots no longer inherit stdin, avoiding hangs from startup scripts. (#9735)
• Connections fall back to HTTP when WebSocket proxies fail. (#10139)

Documentation

• Documented app-server AuthMode usage and behavior. (#10191)

Full Changelog

rust-v0.92.0...rust-v0.93.0