codex

New Features

• TUI markdown now keeps web links clickable with OSC 8 metadata, and cramped tables switch to readable key/value records without losing link targets. (#24472, #24636, #24825)
• Sessions can now be archived from the TUI with /archive or from the CLI with codex archive / codex unarchive; archived sessions are protected from resume/fork until restored. (#25027, #25021)
• App-server integrations can resume a thread with its initial turns page, see richer MCP server status, and launch stdio mode with codex app-server --stdio. (#23534, #24698, #24940)
• Remote execution setup now supports CODEX_API_KEY registration for approved OpenAI hosts, while remote-control websockets use short-lived server tokens instead of ChatGPT access tokens. (#24666, #24141)
• Windows admins get an alpha codex sandbox setup --elevated provisioning path, plus requirements support for allowed Windows sandbox implementations. (#24831, #23766)
• A feature-gated standalone image generation extension can run through the native Codex image artifact completion pipeline. (#24723, #24972)

Bug Fixes

• ChatGPT auth refreshes tokens before the five-minute expiry window and shows a relogin-required path for reused refresh tokens instead of collapsing into a generic cloud error. (#23546, #24830)
• Command-safety hardening prevents /diff from running repository-provided Git helpers/hooks, avoids PowerShell parser execution on non-Windows hosts, and rejects browser-origin exec-server websocket handshakes. (#24954, #24946, #24947)
• Sandboxed commands clean up more reliably after interruptions or denied Windows network attempts, and deny read rules stay enforced for safe-command and approval-bypass paths. (#22729, #19880, #23943)
• Resumed TUI sessions seed prompt history from the session transcript, multiline hook output renders as separate rows, and Vim normal-mode editing behaves correctly. (#24298, #24965, #25022)
• App-server filesystem watchers debounce later batches correctly, and standalone web search calls now show and restore completed search activity. (#24716, #24693)
• Bedrock auth now falls back to AWS_REGION / AWS_DEFAULT_REGION, and unsupported Bedrock GPT service tiers are no longer advertised or sent. (#25171, #25318)

Documentation

• Python SDK beta docs and package metadata now present the standard pip install openai-codex path, refreshed quickstarts, API reference, FAQ, and examples. (#24836, #24866, #24868, #24870)
• Python SDK examples and docs now use the public CodexConfig name for configuring Codex / AsyncCodex. (#24800)
• The bundled OpenAI Docs skill was updated with current Codex manual routing and a cached manual fetch helper. (#24914)
• Built-in tool schema descriptions now clarify defaults, optional fields, bounds, and enums across shell, Code Mode, MCP, image, goal, plan, multi-agent, and related tools. (#24794)
• App-server and exec-server docs now cover API-key remote registration, --stdio, runtime extra skill roots, and remote-control server-token behavior. (#24666, #24940, #24977, #24141)

Chores

• Python SDK releases can now be staged and published independently from runtime releases using python-v* tags while preserving the reviewed runtime dependency pin. (#24828, #24872)
• Updated MCP dependencies to rmcp 1.7.0 and refreshed compatibility code. (#24763)
• Refreshed Amazon Bedrock catalog metadata, including GPT-5.5, removal of unsupported OSS entries, and default-tier-only GPT model behavior. (#24701, #24960, #25318)
• Removed the stale app-server debug-client pieces and cleaned up the workspace after deletion. (#25063, #25064, #25065, #25066, #25067, #25068, #25069, #25070, #25075)
• Trimmed CI/build maintenance by moving Bazel Windows jobs to Codex runners, removing the libubsan workaround, and reverting the startup benchmark that broke musl builders. (#24952, #24782, #24937)

Changelog

Full Changelog: https://github.com/openai/codex/compare/rust-v0.135.0...rust-v0.136.0

• #22729 fix(linux-sandbox): preserve shell cleanup on interruption @viyatb-oai
• #24472 feat(tui): add OSC 8 web links to rich content @fcoury-oai
• #24636 feat(tui): render cramped markdown tables as key-value records [2 of 2] @fcoury-oai
• #24666 Allow API-key auth for remote exec-server registration @sdcoffey
• #24763 Update rmcp to 1.7.0 @anp-oai
• #24825 [codex] Fix hyperlink-aware key-value table rendering @sayan-oai
• #24800 [codex] Rename Python SDK AppServerConfig to CodexConfig @aibrahim-oai
• #24819 [codex] Remove redundant SQLite dynamic tool storage @sayan-oai
• #24828 [codex] Add independent beta release for the Python SDK @aibrahim-oai
• #24836 [codex] Prepare Python SDK beta documentation and package metadata @aibrahim-oai
• #24830 Treat refresh_token_reused 400s as relogin-required @alexsong-oai
• #24866 [codex] Simplify Python SDK install guidance @aibrahim-oai
• #24868 [codex] Remove Python SDK language classifiers @aibrahim-oai
• #24870 [codex] Remove Python SDK beta warning note @aibrahim-oai
• #24872 [codex] Stage Python SDK beta versions from release tags @aibrahim-oai
• #24758 Move memories root setup out of core config @jif-oai
• #24891 Stabilize Guardian client cache key handling @jif-oai
• #24892 Export Guardian prompt cache key helper @jif-oai
• #24893 Add Guardian review prompt cache key @jif-oai
• #24894 Assert Guardian prompt cache key reuse @jif-oai
• #24895 Thread Guardian cache key through session @jif-oai
• #24803 Use stable Guardian prompt cache keys @jif-oai
• #24902 [codex] Fix Guardian argument comment lint @jif-oai
• #24898 Fix memories namespace for Responses API tools @jif-oai
• #24897 Add Guardian review metrics @jif-oai
• #23546 [codex-cli] Refresh near-expiry ChatGPT access tokens before requests @cooper-oai
• #24915 Add thread start contributor facts @jif-oai
• #24916 Add turn error lifecycle contributor @jif-oai
• #24865 [codex] Store pending response items directly @pakrym-oai
• #24914 [codex] Update OpenAI Docs skill @vb-openai
• #24651 Add app-server startup benchmark crate @anp-oai
• #24925 Gate goal tools by thread eligibility @jif-oai
• #24782 Remove libubsan CI workaround @anp-oai
• #24813 extension-api: add TurnItemEmitter to tool calls @sayan-oai
• #23534 feat(app-server): include turns page on thread resume @btraut-openai
• #24698 Expose MCP server info as part of server status @gpeal
• #24903 Reap stale multi-agent slots @jif-oai
• #24936 Fix extension turn item emitter test event ordering @bolinfest
• #24700 [codex] Support ui visibility meta for tools @gpeal
• #24701 chore: add GPT-5.5 to the Amazon Bedrock catalog @celia-oai
• #23363 TUI: Unified mentions tweaks + polish mentions rendering @canvrno-oai
• #24937 Revert "Add app-server startup benchmark crate" @anp-oai
• #24928 Wire task completion into thread-idle lifecycle @jif-oai
• #24723 Add feature-gated standalone image generation extension @won-openai
• #24952 Move Bazel Windows jobs onto codex-runners @anp-oai
• #24940 Add codex app-server --stdio alias @anp-oai
• #24954 fix(tui): prevent repository-configured code execution in /diff @fcoury-oai
• #24949 [codex] Handle PowerShell UTF-8 setup failures @iceweasel-oai
• #24960 [codex] Remove Bedrock OSS models from catalog @celia-oai
• #23768 runtime: prepend zsh fork bin dir to PATH @bolinfest
• #19880 fix: cancel Windows sandbox on network denial @viyatb-oai
• #24947 fix(exec-server): reject websocket requests with Origin headers @viyatb-oai
• #24653 [codex] Add user input client ids @alexi-openai
• #23924 Surface filesystem permission profiles in prompt context @bolinfest
• #24108 windows-sandbox: pass workspace roots to runner @bolinfest
• #24974 windows-sandbox: fix capture cancellation test roots @bolinfest
• #24962 Tighten hook output event schemas @abhinav-oai
• #24141 feat(app-server): migrate remote control to server tokens @apanasenko-oai
• #24970 fix(config): use deny for Unix socket permissions @viyatb-oai
• #24946 [codex] Avoid PowerShell safety parsing off Windows @adrian-openai
• #24977 Add runtime extra skill roots API @xl-openai
• #24298 Seed prompt history from resumed messages @etraut-openai
• #23943 fix: preserve deny-read sandboxing for safe commands @bolinfest
• #24716 Fix fs/watch debounce batching @etraut-openai
• #24918 Use internal model context fragments for goal steering @jif-oai
• #24924 Use inject_if_running for active goal steering @jif-oai
• #25063 Drop the stale debug-client manifest @jif-oai
• #25064 Remove the generated debug-client README @jif-oai
• #25065 Delete debug-client app-server process plumbing @jif-oai
• #25066 Retire debug-client interactive command parsing @jif-oai
• #25067 Remove the debug-client CLI entrypoint @jif-oai
• #25068 Delete debug-client JSONL output helper @jif-oai
• #25069 Remove debug-client server event reader @jif-oai
• #25070 Drop debug-client prompt state tracking @jif-oai
• #25075 fix: main @jif-oai
• #24794 [codex] Improve built-in tool schema docs @jif-oai
• #25095 Handle goal usage limits from turn errors @jif-oai
• #25106 Remove stale rollout TODO tests @jif-oai
• #24965 Render multiline hook output in TUI @abhinav-oai
• #25031 [codex] Add model tool mode selector @aibrahim-oai
• #24693 Show activity for standalone web search calls @sayan-oai
• #25110 Move config document helpers into their own module @jif-oai
• #25013 feat: Add focused diagnostics for MCP HTTP send failures @xl-openai
• #24964 [codex] Wait for MCP readiness in core integration tests @anp-oai
• #24972 Route extension image generation through the native image completion pipeline @won-openai
• #24831 Add Windows sandbox provisioning setup command @iceweasel-oai
• #25017 Align TUI permissions labels with app @etraut-openai
• #25027 Add /archive slash command @etraut-openai
• #25035 Use session wording in /rename confirmation @etraut-openai
• #24161 Add subagent lineage metadata for responsesapi @owenlin0
• #25116 [exec-server] Kill dropped filesystem helpers @erichoracek
• #24180 code-mode: introduce durable session interface @cconger
• #23165 thread-store: store permission profiles @bolinfest
• #25131 [codex] Require model for standalone web search @sayan-oai
• #25134 ci: use issue triage environment for issue workflows @etraut-openai
• #25118 exec-server: preserve fs helper CoreFoundation env @starr-openai
• #25022 [codex] Fix Vim normal mode editing @jinghanx88
• #25161 Recommend Bazel VSCode extension. @anp-oai
• #24996 Filter plugin install suggestions by installed apps @nm-openai
• #23766 Constrain Windows sandbox requirements @abhinav-oai
• #25172 [codex] Update remote connector suggestions @ericning-o
• #25171 fix: Bedrock API key region fallback @celia-oai
• #24541 feat(config) experimental_request_user_input toggle @dylan-hurd-oai
• #25021 Add thread archive CLI commands @etraut-openai
• #25267 Rename multi-agent v2 assignment tool @jif-oai
• #25318 fix: Limit Bedrock GPT models to default service tier @owenlin0
• #25381 [codex] Avoid forced directory refresh during plugin install auth checks @xl-openai