OpenAI Release Notes

Codex now supports Computer Use on Windows in the Codex app, so eligible users can ask Codex to see, click, and type in Windows applications while they test, debug, and refine what they are building. Users can start work on a Windows machine and use ChatGPT on iOS or Android, or Codex on Mac, to check progress, continue the thread, respond to prompts, and steer work while away from the desk; the Windows machine remains the host for project files, shell, app server, and local context.

This release also includes infrastructure updates that improve responsiveness and in-app browser speed, stability, and web compatibility, plus Codex Profiles for eligible users to see their Codex identity, activity over time, profile details, usage stats, and token activity. Computer Use on Windows is unavailable in the European Economic Area, the United Kingdom, and Switzerland at launch.

Learn more: Computer Use, Remote control, Profiles.

Codex updates: Computer use and remote control for Windows, usage profiles

Codex now supports Computer Use on Windows in the Codex app. Business users with Codex access can use Computer Use to let Codex see, click, and type in Windows applications. Users can also continue Windows workflows from ChatGPT on iOS or Android, or from Codex on Mac, to check progress, respond to prompts, and steer while away from the desk while the Windows machine remains the host for project files, shell, app server, and local context.

To try Computer Use on Windows, install the Computer Use plugin from the Plugins marketplace and invoke it using the @ mention, or Codex can use it when appropriate for the task.

This release also improves Codex app responsiveness and in-app browser speed, stability, and web compatibility, and adds gradually rolling out Codex profiles for eligible users. Profiles let users review and track their Codex identity, activity over time, profile details, usage stats, and token activity.

Computer Use on Windows is unavailable in the European Economic Area, the United Kingdom, and Switzerland at launch.

Learn more:
Computer Use, Remote control, Profiles.

Codex now supports Computer Use on Windows in the Codex app. Users with Codex access can use Computer Use to let Codex see, click, and type in Windows applications. With remote control, users can also continue Windows workflows from ChatGPT on iOS or Android, or from Codex on Mac, to check progress, respond to prompts, and steer while away from the desk while the Windows machine remains the host for project files, shell, app server, and local context.

Windows Computer Use and remote control are disabled for Enterprise users by default. To enable, contact your OpenAI account representative to be enrolled into early access.

For customer-hosted GitHub Enterprise Server repositories, workspace admins can set up and publish a GitHub Enterprise app from the ChatGPT app template so Codex can use the workspace-specific connector for Codex Web, Code Review, and Security Review.

Learn more: Computer Use, Remote control, Set up the GitHub Enterprise app template in ChatGPT.

New features

• Computer Use now works on Windows. Codex can operate Windows desktop apps by seeing, clicking, and typing in the foreground while it works.
• Remote control now supports Windows devices. You can start Codex work on a Windows device from ChatGPT on iOS or Android, or from a Mac running Codex, and check its progress remotely.
• The Profile section now shows your profile details, usage stats, and token activity.
• Added thread coordination for local projects and worktrees, including separate background threads when explicitly requested.
• Expanded search for past Codex app threads to include conversation content and Git branch names.

Performance improvements and bug fixes

• Additional performance improvements and bug fixes.

Advancing biological preparedness with trusted developers and government partners

AI is accelerating progress across biology and the life sciences, creating new opportunities to advance scientific discovery, strengthen public health, and build resilience against biological threats. As these capabilities become more powerful, the institutions working to prevent, detect, and respond to biological threats need equally powerful tools. We believe frontier AI should meaningfully advantage those defenders—and that doing so requires responsible deployment structures and trusted access models that put advanced capabilities in the hands of vetted partners who are building new biodefense applications, tools and initiatives to bolster societal resilience.

That’s why today we’re announcing two new steps to advance defensive acceleration in biology:

• Launching Rosalind Biodefense to help trusted developers to build new biodefense and pandemic preparedness capabilities. Apply here.
• Expanding trusted access to GPT‑Rosalind for select U.S. government and allied partners supporting public health and biodefense missions. Request access here.

The steps we're taking today are part of a broader strategy to ensure advanced AI meaningfully advantages those working to prevent, detect, and respond to biological threats. That strategy includes equipping defenders through trusted access to advanced AI tools, accelerating the development of medical countermeasures, building earlier warning systems, strengthening diagnostics, preparedness, and response capabilities, and supporting a robust evaluations ecosystem. We will continue to share more about our work across these areas in the coming weeks.

Building on our safety and resilience work

As AI models become more capable in biology, we have been working to ensure those capabilities are deployed in ways that advance science while strengthening safeguards. Our approach has focused on building layered resilience: investing in preparedness evaluations, bio-specific capability assessments, safer model behavior for dual-use biological requests, monitoring and enforcement, expert red teaming, and security controls for higher-risk capabilities.

In July 2025, we released ChatGPT agent, the first model we treated as High Capability in biology under our Preparedness Framework and activated robust safeguards to minimize the risk of harm. Since then, we have continued refining those safeguards and sharing detailed assessments⁠ (opens in a new window) as capabilities have continued to advance. We have also continued working closely with external testing groups on pre-deployment evaluations, whose findings help validate and inform our approach.

We have also worked closely with external experts and public-sector partners to strengthen the broader biosecurity ecosystem, including expert biologists, government organizations like the U.S. Center for AI Standards and Innovation (CAISI) and the UK AI Security Institute (UK AISI), Los Alamos National Laboratory, and the Frontier Model Forum. Today’s announcement builds on that work by expanding how trusted partners can use GPT‑Rosalind for high-impact defensive applications—both by supporting defenders building new countermeasures and by extending trusted access to government partners with public-health and biodefense missions.

Supporting defensive acceleration with Rosalind Biodefense

Defensive acceleration focuses on making sure frontier AI capabilities meaningfully advantage the people building society’s defenses. To help trusted developers turn frontier capabilities into practical defenses, we are launching Rosalind Biodefense, a new initiative to enable the development of high-impact defensive applications of AI in the life sciences leveraging GPT‑Rosalind, our frontier reasoning model built for life sciences research.

This program helps trusted developers apply frontier AI capabilities to operationalized biodefense tools that can strengthen preparedness before the next biological threat emerges. OpenAI will sponsor access to GPT‑Rosalind and provide launch support to trusted developers building frontier biosecurity applications that can bolster societal defenses and build pandemic preparedness. This includes work across areas such as epidemiological modeling, early detection, screening, preparedness, non-pharmaceutical interventions (NPIs) and other public-health-relevant capabilities.

At launch, we are supporting a first set of organizations building frontier applications across the biological defense stack with GPT‑Rosalind. Their work spans the lifecycle of biological threats—from prevention and early detection to societal resilience and medical countermeasure development—and helps demonstrate how frontier AI can support public-health teams, researchers, infrastructure operators, and communities in preparing for future biological risks, whether naturally occurring or synthetic.

Our goal is not only to accelerate life sciences research in the abstract, but to help create products and interventions that bolster societal resilience and show what responsible, high-impact biodefense can look like in practice. We’re especially interested in projects where advanced AI can materially improve the speed, quality, or scale of defensive research workflows, including literature synthesis, protocol design support, model-building, data harmonization, simulation, decision support, and scientific communication. We welcome applications from academic, nonprofit, government-affiliated, mission-driven companies and other qualified research teams working on projects with clear public benefit.

Working with government partners to strengthen biodefense

Strengthening biological preparedness requires a broad ecosystem of defenders. In addition to supporting trusted builders developing new defensive applications, we are also expanding access to the public institutions that play a central role in preventing, detecting, and responding to biological threats. Today, we are extending trusted access to GPT‑Rosalind for select U.S. government and allied partners with approved public health and biodefense missions, so qualified teams can apply frontier AI to high-impact workflows like early warning systems, outbreak response planning, diagnostics, preparedness, and medical countermeasure development.

Government public health and research institutions play an essential role in protecting communities, translating scientific evidence into action, and preparing for emerging biological challenges. By expanding access through a trusted access model, we can help qualified teams use GPT‑Rosalind for clearly beneficial defensive work while maintaining the safety, security, and accountability controls appropriate for advanced biological capabilities.

This expansion reflects our broader approach: advancing access to powerful tools in step with appropriate safeguards, while investing in the resilience of the wider ecosystem. Strong societal preparedness depends on collaboration across government, research institutions, industry, and technology providers. Making GPT‑Rosalind available to qualified public health and science partners is an important step toward helping that ecosystem prepare, respond, and defend more effectively.

Lawrence Livermore National Laboratory (LLNL) is applying AI to advance biopreparedness and bioresilience. Work at LLNL integrates AI, supercomputing, advanced simulation, and laboratory testing to support the design and evaluation of potential medical countermeasures for emerging biological threats. Its objective is to improve preparedness, accelerate response, and strengthen confidence in promising countermeasure development.

“Our program is designed to strengthen preparedness before biological threats emerge. Through our collaboration with OpenAI, we are examining how advanced AI tools can help scientists interpret complex data and existing knowledge, identify stronger candidates, and more efficiently connect design, simulation and experimental results. Together, these efforts may help strengthen the scientific foundation for more effective biodefense preparedness and resilience.”
– Shankar Sundaram, Ph.D. Director, Bioresilience Incubator Lawrence Livermore National Laboratory

We are also working with Johns Hopkins Applied Physics Laboratory, which intends to integrate GPT‑Rosalind into a protein‑engineering platform to accelerate screening of mutant enzymes for therapeutics, counter‑measure development, and emerging biothreat characterization. And we are extending access to GPT‑Rosalind to the Coalition for Epidemic Preparedness Innovations (CEPI), which is focused on its 100 Days Mission to accelerate the development of vaccines against epidemic and pandemic threats, including the current Ebola outbreak.

Looking ahead

Today’s announcement is an early step in a broader effort to use GPT‑Rosalind to strengthen public health, biodefense, and life sciences research. The Rosalind Biodefense Program is open to qualified applicants globally, and we are looking to support more organizations building defensive applications that can use GPT‑Rosalind to improve societal resilience.

We also expect to continue expanding how trusted government partners can engage with GPT‑Rosalind over time. As we learn from this initial set of deployments and continue conversations with partners in the U.S. and abroad, we will continue refining the access pathways, support models, and safeguards needed to help qualified institutions use frontier life sciences AI responsibly.

Advance your public health and biodefense mission

Request access to GPT-Rosalind or apply for sponsorship to build new biodefense capabilities.

We’re updating GPT-5.5 Instant in ChatGPT and the API to improve response style and quality. It’s now easier to read, more natural in everyday conversations, and better paced in practical help tasks, with fewer overly long or bullet-heavy responses.

With this update, canvas will no longer be available in GPT-5.5 Instant or GPT-5.5 Thinking. Writing and coding functionality is now supported directly in chat responses through writing blocks and code blocks. Paid users can continue using canvas for a limited time through legacy models until those models are sunset.

New Features

• codex doctor now reports richer environment, Git, terminal, app-server, and thread inventory diagnostics for support cases. (#24261, #24311, #24305)
• /status shows remote connection details and server version when the TUI is connected over a remote transport. (#24420)
• Vim mode gained text-object editing, improved word/line-end behavior, and a configurable interrupt-turn binding. (#24382, #24380, #24766)
• /permissions now understands named permission profiles and displays configured custom profiles. (#21559)
• Packaged Codex builds can discover and use the bundled patched zsh helper across supported macOS and Linux targets. (#23756, #24171)
• The Python SDK now exposes friendly Sandbox presets for thread and turn APIs. (#24772)
• install.sh / install.ps1 supports a non-interactive installation mode when CODEX_NON_INTERACTIVE=1 is set. (#21567)

Bug Fixes

• Markdown tables and multiline lists render more readably in the TUI, with better column sizing and app-style table formatting. (#24489, #24346, #24351)
• TUI output is more stable on macOS and Zellij, avoiding stderr/composer corruption and raw-output overlap. (#24459, #24479, #24593)
• Slash-command completion now preserves existing draft text for commands that accept inline arguments. (#23950)
• Older tmux/iTerm control-mode sessions no longer lose normal Ctrl-C handling from unsupported keyboard enhancement setup. (#24371)
• App mentions now exclude inaccessible or disabled apps instead of offering unusable $ suggestions. (#24625)
• Resume flows now include non-interactive exec sessions when requested and honor cwd overrides for idle cached threads. (#24503, #24528)

Documentation

• Clarified image-viewing tool detail behavior and removed stale TUI composer documentation references. (#23949, #24641)
• Updated Python SDK docs, examples, and notebook content to use the new sandbox preset API. (#24772)

Chores

• Updated Rust toolchain pins and SQLx/SQLite dependencies. (#24684, #24728)
• Moved memory runtime state into a dedicated SQLite database. (#24591)
• Removed remaining legacy config-profile consumers and routed more TUI config/plugin state through app-server-owned APIs. (#24076, #24254, #24255, #24265, #24266, #24257)
• Centralized Responses retry handling and MCP tool naming logic to reduce duplicated internal plumbing. (#24131, #21576)

Changelog

Full Changelog:
rust-v0.134.0...rust-v0.135.0

fix(remote-control): cap reconnect backoff (#24164) @apanasenko-oai
package: include zsh fork in Codex package (#23756) @bolinfest
Default function tools into tool hooks (#23757) @abhinav-oai
package: add x64 macOS codex-zsh artifact (#24171) @bolinfest
code-mode: merge stored values by key (#24159) @cconger
fix: plugin bundle archive handling for upload and install (#23983) @xl-openai
feat(doctor): add environment diagnostics (#24261) @fcoury-oai
Report app-server version in codex doctor (#24311) @etraut-openai
tui: label compact rate-limit percentages (#24314) @etraut-openai
Show remote connection details in /status (#24420) @etraut-openai
Respect hook trust bypass during TUI startup (#24317) @etraut-openai
TUI config cleanup: oss_provider (#24254) @etraut-openai
TUI config cleanup: trusted projects (#24255) @etraut-openai
TUI config cleanup: MCP inventory (#24265) @etraut-openai
Add doctor thread inventory audit (#24305) @etraut-openai
fix(tui): improve markdown table column allocation (#24346) @fcoury-oai
fix(tui): improve multiline markdown list readability (#24351) @fcoury-oai
fix(tui): prevent macos stderr from corrupting composer (#24459) @fcoury-oai
fix(process-hardening): preserve macos malloc diagnostics (#24479) @fcoury-oai
Log rollout writer OS errors (#24474) @etraut-openai
chore: stop consuming legacy config profiles (#24076) @jif-oai
centralize Responses retry policy (#24131) @rhan-oai
[wip] goal shift (#23858) @jif-oai
chore: drop orphaned codex memories MCP crate (#24555) @jif-oai
chore: move memory prompt builder into extension (#24558) @jif-oai
Add ad-hoc memory note tool (#24562) @jif-oai
Wire metrics client into memories extension (#24567) @jif-oai
fix: drop flake (#24588) @jif-oai
Add memory tool call metrics to memories extension (#24583) @jif-oai
Wire app-server extension event sink (#24586) @jif-oai
Use thread config for TUI MCP inventory (#24532) @etraut-openai
[codex] Make active turn task singular (#24105) @pakrym-oai
Move MCP tool naming mode into manager (#21576) @pakrym-oai
tui: include exec sessions in resume list (#24503) @etraut-openai
feat: gate dedicated memories tools in config (#24600) @jif-oai
tui: add named permission profile picker (#21559) @viyatb-oai
feat: add manual and remote_v2 tags to compaction metric (#24608) @jif-oai
test: clean up apply_patch allow-session artifact (#24611) @jif-oai
Remove reserved namespaces dedup (#24609) @pakrym-oai
Move slash input logic out of chat composer (#23964) @canvrno-oai
Add goal extension telemetry parity (#24615) @jif-oai
fix(tui): avoid modifyOtherKeys for unknown tmux formats (#24371) @fcoury-oai
fix: restore goal accounting after thread resume (#24626) @jif-oai
Move memory state to a dedicated SQLite DB (#24591) @jif-oai
standalone websearch extension (#23823) @sayan-oai
fix(tui): keep raw output above composer in zellij (#24593) @fcoury-oai
tui: keep inaccessible apps out of mentions (#24625) @canvrno-oai
Add experimental turn additional context (#24154) @pakrym-oai
fix(remote-control): surface websocket task stalls (#24473) @apanasenko-oai
Respect resume cwd overrides for idle cached threads (#24528) @etraut-openai
Add forked_from_thread_id turn metadata (#24160) @owenlin0
make direct only allowed caller for standalone websearch (#24646) @sayan-oai
Clarify view_image tool description (#23949) @fjord-oai
TUI config cleanup: plugin mentions (#24266) @etraut-openai
Avoid repeated marketplace upgrades for alternate layouts (#24320) @etraut-openai
windows-sandbox: remove SandboxPolicy runner plumbing (#23813) @bolinfest
[codex] remove plain image wrapper spans (#24652) @pakrym-oai
Attach Windows sandbox log to feedback reports (#24623) @iceweasel-oai
Restore legacy image detail values (#24644) @rhan-oai
[codex-analytics] add grouped session id to runtime events (#24655) @marksteinbrick-oai
[codex] Remove obsolete goal continuation turn marker (#24658) @pakrym-oai
fix: dont compact standalone websearch schema (#24660) @sayan-oai
fix(core): instrument stalled tool-listing handoff (#24667) @apanasenko-oai
Uprev Rust toolchain pins to 1.95.0 (#24684) @anp-oai
fix: add noninteractive install script mode (#21567) @efrazer-oai
Allow runtime enablement for remote plugins (#24707) @xl-openai
fix(auto-review) skip legacy notify for auto review threads (#24714) @dylan-hurd-oai
Revert "Add Bedrock Mantle GovCloud region (#23860)" (#24690) @celia-oai
feat: handle goal usage limits in goal extension (#24628) @jif-oai
Fix guardian review test user input (#24746) @jif-oai
feat: add thread idle lifecycle hook (#24744) @jif-oai
Drop startup context when truncating forked rollouts (#24751) @jif-oai
TUI config cleanup: plugin marketplace (#24257) @etraut-openai
fix(tui): complete vim word-end and line-end behavior (#24380) @fcoury-oai
Bump SQLx to pick up newer bundled SQLite (#24728) @jif-oai
feat(tui): add vim text object bindings (#24382) @fcoury-oai
feat(tui): make turn interruption keybind configurable (#24766) @fcoury-oai
feat(tui): render markdown tables in app style [1 of 2] (#24489) @fcoury-oai
chore: enable namespace tools for Bedrock (#24713) @celia-oai

Workspace admins and owners on Business plans can now use ChatGPT app templates to create workspace-specific apps for GitHub Enterprise, Snowflake, and Databricks. App templates provide a guided setup flow for provider-specific configuration such as OAuth credentials, callback URLs, webhook details, managed MCP server URLs, and workspace access controls before admins publish the app to members.

Use the new setup guides to understand the general app-template flow and the provider-specific steps for each template: ChatGPT app templates, GitHub Enterprise app template, Snowflake app template, and Databricks app template.

After publishing, admins can manage the resulting app from Workspace settings > Apps > Enabled, including role access, action controls, and action confirmation.

We’re rolling out new model, admin, app access, and response capabilities for ChatGPT workspace agents in Enterprise and Edu.

Workspace agents now support:

• GPT-5.5 and reasoning effort controls: When building an agent, creators can choose GPT-5.5 and set the reasoning effort the agent uses. We’ve also improved response speed across agents.
• Role-based publishing permissions: Workspace admins can control which roles can publish agents to the shared workspace directory.
• Guided agent setup: ChatGPT now asks setup questions to help users create useful agents more quickly.
• Speech output: Agents can now create audio files as part of their responses.
• Smarter Slack thread replies: Agents used in Slack can respond to relevant follow-up messages in a thread after the initial mention. Creators can choose whether an agent responds to relevant thread messages or only when it is mentioned.

We’re updating GPT-5.5 Instant in ChatGPT and the API to improve response style and quality. It’s now easier to read, more natural in everyday conversations, and better paced in practical help tasks, with fewer overly long or bullet-heavy responses.

With this update, canvas will no longer be available in GPT-5.5 Instant or GPT-5.5 Thinking. Writing and coding functionality is now supported directly in chat responses through writing blocks and code blocks. Paid users can continue using canvas for a limited time through legacy models until those models are sunset.

Skills governance, upload safety, and compliance updates

We’re rolling out new governance, safety, and compliance updates for Skills in ChatGPT Enterprise and Edu. Skills remain in early access and continue to be off by default for Enterprise and Edu workspaces.

Owners and admins now have more controls for managing skills across their workspace:

• A dedicated admin Skills page lets admins review workspace skills, update access, transfer ownership, and delete skills that should no longer be available.
• Additional permissions in Permissions & roles let workspace owners control who can use skills, upload skill files, share skills, publish skills to the workspace, and install skills for other members. These additional toggles are on by default after Skills is enabled.
• User uploaded skills are now scanned before they become available. Most are available immediately after scanning; those needing additional attention require user review, and potentially risky skills are blocked.
• Compliance Logs Platform support now includes list, export, and delete support for skills, plus skill_id in conversation event streams.

Learn more: Skills in ChatGPT and OpenAI Compliance Platform for Enterprise and Edu Customers.

New Features

• Added search across local conversation history, including case-insensitive content matches with result previews. (#23519, #23921)
• Made --profile the primary profile selector across CLI, TUI permissions, and sandbox flows, with legacy profile configs rejected through migration guidance. (#23708, #23883, #23890, #24051, #24055, #24059, #24067, #24110)
• Improved MCP setup with per-server environment targeting and OAuth options for streamable HTTP servers. (#23583, #24120)
• Made connector tool schemas more reliable by preserving local $ref / $defs structures and compacting oversized schemas before exposure. (#23357, #23904)
• Let read-only MCP tools run concurrently when they advertise readOnlyHint. (#23750)
• Added richer extension and hook context, including conversation history for extension tools and subagent identity in hook inputs. (#22882, #23963)

Bug Fixes

• Improved remote reliability by reconnecting stale exec-server websocket clients, retrying remote control immediately after auth recovery, and retrying remote compaction v2 streams. (#23867, #23775, #23951)
• Fixed Windows TUI rendering corruption by restoring virtual terminal mode before drawing. (#24082)
• Displayed workspace-specific usage-limit messages for credit and spend-cap failures. (#24114)
• Allowed plugin skills to reuse shared plugin-level icon assets. (#23776)
• Preserved active permission profile metadata when syncing auto-review runtime settings. (#23956)
• Ensured Node-based tools honor Codex’s managed network proxy environment. (#23905)

Documentation

• Documented the curl and PowerShell installer paths in the README. (#24106)
• Updated developer docs to prefer just test over direct cargo test for repo-local test runs. (#23910)

Chores

• Simplified release packaging around canonical native artifacts, reusable DotSlash fetching, and a new macOS x64 zsh artifact. (#23833, #23836, #24129, #24165)
• Added release-build support for Codex-produced V8 artifacts. (#23934)
• Added image re-encoding benchmarks and connector-style JSON schema policy fixtures. (#23935, #24152)
• Improved tracing and analytics for websocket requests, turn starts, and remote compaction v2. (#23581, #23980, #24146)

Changelog

Full Changelog:

rust-v0.133.0...rust-v0.134.0

New Features

• The Python SDK now supports first-class authentication, including API key login, ChatGPT browser and device-code flows, account inspection, and logout APIs. (#23093)
• Python turn APIs are easier to use for text-only workflows: you can pass a plain string as input, and handle-based runs now return a richer TurnResult with collected items, timing, and usage data. (#23151, #23162)
• codex exec resume now accepts --output-schema, so resumed automations can keep session context while still enforcing structured JSON output. (#23123)
• TUI startup is faster because terminal capability probes are now batched instead of waiting on several serial checks before the first interactive frame. (#23175)
• Remote executor registration can now use standard Codex auth instead of a separate registry credential flow. (#22769)
• App-server turns can preserve requested image fidelity, including original-resolution local images, across user inputs and image-producing tools. (#20693)

Bug Fixes

• Goal continuations now stop when they hit usage limits or a repeated blocker instead of looping and burning more tokens, and completion responses phrase usage more naturally. (#23094, #22907)
• The session picker is easier to trust: renamed threads now show name (thread-id) in resume hints, and pasted text works in the picker search box. (#23234, #23338)
• Multi-session TUI flows are more reliable: in-progress MCP calls stay marked as active during replay, and elicitation replies are sent back to the thread that requested them. (#23236, #23241)
• Remote sessions now keep websocket connections alive and show repo-relative diff paths again instead of /tmp/... -prefixed paths. (#23226, #23261)
• Windows installs are more robust: codex doctor now detects npm-managed installs correctly, and MSVC release binaries no longer depend on separately installed VC++ runtime DLLs. (#22967, #22905)
• TUI polish fixes include immediate shutdown feedback on exit, hiding the ChatGPT usage link for non-OpenAI providers, and keeping a cleared Fast tier from reappearing after side-thread resume. (#23323, #23127, #23121)

Documentation

• The Python SDK docs, FAQ, and examples were refreshed around the new auth flow and turn APIs, with clearer setup guidance and simpler text-only examples. (#22941, #23093, #23151, #23162)

Chores

• Memory summaries are now versioned and rebuilt when the stored format is stale, which should keep long-lived memory context leaner and more predictable. (#23148)

Changelog

Full Changelog:

rust-v0.131.0...rust-v0.132.0

New Features

• Goals are now enabled by default, backed by dedicated storage, and track progress across active turns. (#23300, #23685, #23696, #23732)
• codex remote-control now runs like a foreground command, waits for readiness, reports machine status, and keeps explicit daemon-style start / stop commands. (#22878)
• Permission profiles gained list APIs, inheritance, managed requirements.toml support, runtime refresh behavior, and stronger Windows sandbox integration. (#22928, #23412, #22270, #23433, #22931, #23715)
• Plugin discovery is easier to inspect, with marketplace-aware list output, installed versions, visible marketplace roots, and remote collection support. (#23372, #23584, #23727, #23730)
• Extensions can observe more lifecycle events, including subagent start/stop, tool execution, turn metadata, and async approval/turn processing. (#22782, #22873, #23309, #23688, #23690, #23692)

Bug Fixes

• Fixed TUI startup choosing the wrong working directory when reusing a local app-server socket. (#23538)
• Fixed plan-mode free-form answers so modified Enter keys, like Shift+Enter, no longer submit unexpectedly. (#23536)
• Removed stale background terminal poll events after a process exits. (#23231)
• Preserved raw code-mode exec output unless an explicit output token limit is requested. (#23564)
• Made AGENTS instruction loading more reliable, including local global reads and warnings for invalid UTF-8 instead of silent drops. (#23343, #23232)
• Fixed app-server startup/shutdown races, empty resume/fork paths, plugin upgrade failures, and realtime v1 websocket compatibility. (#23516, #23578, #23400, #23356, #23771)

Documentation

• Added clearer plugin-creator guidance for updating and reinstalling local personal plugins. (#23542)
• Expanded app-server/API docs and schema coverage around managed permission profile requirements. (#23433, #23555)

Chores

• Added a canonical Codex package archive pipeline and moved installers, npm packages, DotSlash, and SDK runtimes toward that shared layout. (#23513, #23582, #23586, #23596, #23635, #23636, #23637, #23786)
• Fixed Linux Python runtime wheel tags so glibc-based systems can install the runtime artifacts. (#21812)
• Improved release and CI reliability with package-builder tests, prebuilt resource packaging, DotSlash zstd handling, platform-sharded Rust tests, and Codex Linux release runners. (#23760, #23759, #23752, #23358, #23761)

Changelog

Full Changelog:

rust-v0.132.0...rust-v0.133.0