codex

New Features

• Realtime V2 can now stream background agent progress while work is still running and queue follow-up responses until the active response completes (#17264, #17306)
• Hook activity in the TUI is easier to scan, with live running hooks shown separately and completed hook output kept only when useful (#17266)
• Custom TUI status lines can include the renamed thread title (#17187)
• Code-mode tool declarations now include MCP outputSchema details so structured tool results are typed more precisely (#17210)
• SessionStart hooks can distinguish sessions created by /clear from fresh startup or resume sessions (#17073)

Bug Fixes

• Fixed Windows elevated sandbox handling for split filesystem policies, including read-only carveouts under writable roots (#14568)
• Fixed sandbox permission handling for symlinked writable roots and carveouts, preventing failures in shell and apply_patch workflows (#15981)
• Fixed codex --remote wss://... panics by installing the Rustls crypto provider before TLS websocket connections (#17288)
• Preserved tool search result ordering instead of alphabetically reordering results (#17263)
• Fixed live Stop-hook prompts so they appear immediately instead of only after thread history reloads (#17189)
• Fixed app-server MCP cleanup on disconnect so unsubscribed threads and resources are torn down correctly (#17223)

Documentation

• Documented the elevated vs restricted-token Windows sandbox support split in the core README (#14568)
• Updated app-server protocol documentation for the new /clear SessionStart source (#17073)

Chores

• Made rollout recording more reliable by retrying failed flushes and surfacing durability failures instead of dropping buffered items (#17214)
• Added analytics schemas and metadata wiring for compaction and Guardian review events (#17155, #17055)
• Improved Guardian follow-up efficiency by sending transcript deltas instead of repeatedly resending full history (#17269)
• Added stable Guardian review IDs across app-server events and internal approval state (#17298)

Changelog

Full Changelog: https://github.com/openai/codex/compare/rust-v0.119.0...rust-v0.120.0

• #17268 remove windows gate that disables hooks @iceweasel-oai
• #17267 Stop Realtime V2 response.done delegation @aibrahim-oai
• #14568 fix: support split carveouts in windows elevated sandbox @viyatb-oai
• #17263 preserve search results order in tool_search_output @sayan-oai
• #17189 Emit live hook prompts before raw-event filtering @abhinav-oai
• #17288 Install rustls provider for remote websocket client @etraut-openai
• #16969 Option to Notify Workspace Owner When Usage Limit is Reached @richardopenai
• #17278 Rename Realtime V2 tool to background_agent @aibrahim-oai
• #17280 Extract realtime input task handlers @aibrahim-oai
• #17249 adding parent_thread_id in guardian @won-openai
• #17264 Stream Realtime V2 background agent progress @aibrahim-oai
• #17210 Add output_schema to code mode render @vivi
• #16344 feat: move exec-server ownership @jif-oai
• #17214 feat: make rollout recorder reliable against errors @jif-oai
• #17223 fix: MCP leaks in app-server @jif-oai
• #17338 feat: description multi-agent v2 @jif-oai
• #17269 feat(guardian): send only transcript deltas on guardian followups @owenlin0
• #17306 Queue Realtime V2 response.create while active @aibrahim-oai
• #17352 fix: main @jif-oai
• #17363 Strengthen realtime backend delegation prompt @aibrahim-oai
• #17155 [codex-analytics] add compaction analytics event @rhan-oai
• #17187 Add thread title to configurable TUI status line @canvrno-oai
• #17194 add parent-id to guardian context @won-openai
• #17266 [codex] Improve hook status rendering @abhinav-oai
• #17073 Support clear SessionStart source @abhinav-oai
• #17298 fix(guardian, app-server): introduce guardian review ids @owenlin0
• #17391 Revert "Option to Notify Workspace Owner When Usage Limit is Reached" @shijie-oai
• #17371 app-server: add pipelined config rpc regression test @euroelessar
• #15981 fix(permissions): fix symlinked writable roots in sandbox permissions @viyatb-oai
• #17055 feat(analytics): add guardian review event schema @owenlin0