openai/codex rust-v0.64.0

0.64.0

on GitHub

Features

• Threads and turns now include git info, current working directory, CLI version, source metadata, and propagate thread and turn IDs on every item and error. They emit new notifications for diffs, plan updates, token-usage changes, and compaction events. File-change items provide output deltas, and ImageView items render images inline.
• Review flow is enhanced with a detached review mode, explicit enter and exit events, review thread IDs, and review history remains visible after rollout filtering changes.
• Execution gains an experimental “exp” model, unified exec pruning to limit session bloat, per-run custom environment injection, policy-approved command bypass, and Windows protections that flag risky browser or URL launches. History lookup now works on Windows and WSL, and model selection honors use_model.
• Safety defaults improve via consolidated world-writable scanning and workspace-write enforcement of read-only .git directories. Sandbox assessment and approval flows align with trust policies.
• MCP and shell tooling add shell-tool MCP login support, explicit capability declaration, sandbox awareness, publication to npm, and MCP elicitations. The rmcp client is upgraded to 0.10.0 for modern notifications.
• Observability increases as command items expose process IDs and threads and turns emit token-usage and compaction events. Feedback metadata captures source information.
• Tooling and ops gain follow-up v2 in the app-server test client, new config management utilities, and refreshed approvals documentation and quickstart placement.

Bug fixes

• PowerShell apply_patch parsing is corrected, and apply_patch tests now cover shell_command behavior.
• Sandbox assessment regression is fixed, policy-approved commands are honored, dangerous-command checks are tightened on Windows, and workspace-write enforces .git read-only.
• MCP startup tolerates missing type fields, stream error messages are clarified, and rmcp nix output hash issues are resolved.
• Delegate cancellation no longer hangs unified exec, early-exit sessions are cleaned up, and duplicate “waited” renderings are suppressed.
• recent_commits with limit zero now returns zero, and the NetBSD process-hardening build is unblocked.
• Review rollout filtering is disabled so history shows, approval presets respect workspace-write, /approvals trust detection is corrected, and sandbox command assessment edge cases are fixed.
• Compaction accounts for encrypted reasoning, handles token budgets accurately, and emits reliable token-usage and compaction events.
• TTY stdin is required, WSL clipboard paths are normalized, and stale conversations are dropped on /new to avoid conflicts.
• Custom prompt expansion with large pastes is fixed, example-config mistakes are corrected, and relative links and streamable_shell references are cleaned up. Upgrade messaging is corrected.
• Windows sandbox treats <workspace_root>/.git as read-only, and risky browser launches are flagged before execution.
• CLA allowlist now includes dependabot variants, and enterprises can skip upgrade checks and messages.
• Flaky tests are stabilized, session recycling is improved, and rollout session initialization surfaces errors for diagnosis.

Maintenance

• Security and CI add cargo-audit and cargo-deny. GitHub Actions are updated to checkout v6 and upload-artifact v5. macOS 13 builds are dropped. A flaky Ubuntu variant is skipped. The next_minor_version script now resets the patch number correctly.
• Dependencies are updated: libc 0.2.177, webbrowser 1.0.6, regex 1.12.2, toml_edit 0.23.5, arboard 3.6.1, serde_with 3.16.1, image 0.25.9, reqwest 0.12.24, tracing 0.1.43, and rmcp 0.10.0.
• Documentation is refreshed: approvals and config guidance, codex max and xhigh defaults, example-config fixes, CLA guidance, and removal of streamable_shell references.

PRs Merged

• fix(scripts) next_minor_version should reset patch number by @dylan-hurd-oai in #7050
• [app-server] feat: expose gitInfo/cwd/etc. on Thread by @owenlin0 in #7060
• feat: Add exp model to experiment with the tools by @aibrahim-oai in #7115
• enable unified exec for experiments by @aibrahim-oai in #7118
• [app-server] doc: approvals by @owenlin0 in #7105
• Windows: flag some invocations that launch browsers/URLs as dangerous by @iceweasel-oai in #7111
• Use use_model by @pakrym-oai in #7121
• feat: support login as an option on shell-tool-mcp by @bolinfest in #7120
• fix(tui): Fail when stdin is not a terminal by @joshka-oai in #6382
• support MCP elicitations by @nornagon-openai in #6947
• refactor: inline sandbox type lookup in process_exec_tool_call by @bolinfest in #7122
• bypass sandbox for policy approved commands by @zhao-oai in #7110
• fix: start publishing @openai/codex-shell-tool-mcp to npm by @bolinfest in #7123
• feat: declare server capability in shell-tool-mcp by @bolinfest in #7112
• move execpolicy quickstart by @zhao-oai in #7127
• Account for encrypted reasoning for auto compaction by @aibrahim-oai in #7113
• chore: use proxy for encrypted summary by @jif-oai in #7252
• fix: codex delegate cancellation by @jif-oai in #7092
• feat: unified exec basic pruning strategy by @jif-oai in #7239
• consolidate world-writable-directories scanning. by @iceweasel-oai in #7234
• fix: flaky test by @jif-oai in #7257
• [feedback] Add source info into feedback metadata. by @mzeng-openai in #7140
• fix(windows) support apply_patch parsing in powershell by @dylan-hurd-oai in #7221
• chore(deps): bump regex from 1.11.1 to 1.12.2 in /codex-rs by @dependabot[bot] in #7222
• chore(deps): bump toml_edit from 0.23.4 to 0.23.5 in /codex-rs by @dependabot[bot] in #7223
• chore(deps): bump actions/upload-artifact from 4 to 5 by @dependabot[bot] in #7229
• chore(deps): bump actions/checkout from 5 to 6 by @dependabot[bot] in #7230
• fix: Fix build process-hardening build on NetBSD by @0-wiz-0 in #7238
• Removed streamable_shell from docs by @etraut-openai in #7235
• chore(deps): bump libc from 0.2.175 to 0.2.177 in /codex-rs by @dependabot[bot] in #7224
• chore(deps): bump webbrowser from 1.0.5 to 1.0.6 in /codex-rs by @dependabot[bot] in #7225
• Added alternate form of dependabot to CLA allow list by @etraut-openai in #7260
• Allow enterprises to skip upgrade checks and messages by @gpeal in #7213
• fix: custom prompt expansion with large pastes by @Priya-753 in #7154
• chore(ci): add cargo audit workflow and policy by @joshka-oai in #7108
• chore: add cargo-deny configuration by @joshka-oai in #7119
• Windows Sandbox: treat <workspace_root>/.git as read-only in workspace-write mode by @iceweasel-oai in #7142
• chore: dedup unified exec "waited" rendering by @jif-oai in #7256
• fix: don't store early exit sessions by @jif-oai in #7263
• fix: Correct the stream error message by @CSRessel in #7266
• [app-server-test-client] add send-followup-v2 by @celia-oai in #7271
• feat[app-serve]: config management by @jif-oai in #7241
• feat: add custom env for unified exec process by @jif-oai in #7286
• [app-server] feat: add thread_id and turn_id to item and error notifications by @owenlin0 in #7124
• feat: add compaction event by @jif-oai in #7289
• [app-server] feat: add turn/diff/updated event by @owenlin0 in #7279
• fix: Drop MacOS 13 by @jif-oai in #7295
• fix: drop conversation when /new by @jif-oai in #7297
• chore: proper client extraction by @jif-oai in #6996
• tmp: drop flaky ubuntu by @jif-oai in #7300
• [app-server] add thread/tokenUsage/updated v2 event by @celia-oai in #7268
• correctly recognize WorkspaceWrite policy on /approvals by @iceweasel-oai in #7301
• feat: update process ID for event handling by @jif-oai in #7261
• Fixed regression in experimental "sandbox command assessment" feature by @etraut-openai in #7308
• nit: drop file by @jif-oai in #7314
• doc: fix relative links and add tips by @lionel-oai in #7319
• Fixes two bugs in example-config.md documentation by @etraut-openai in #7324
• chore: improve rollout session init errors by @jobchong in #7336
• feat: detached review by @jif-oai in #7292
• fix: other flaky tests by @jif-oai in #7372
• chore: better session recycling by @jif-oai in #7368
• chore(deps): bump arboard from 3.6.0 to 3.6.1 in /codex-rs by @dependabot[bot] in #7426
• chore(deps): bump serde_with from 3.14.0 to 3.16.1 in /codex-rs by @dependabot[bot] in #7422
• chore(deps): bump reqwest from 0.12.23 to 0.12.24 in /codex-rs by @dependabot[bot] in #7424
• chore(deps): bump tracing from 0.1.41 to 0.1.43 in /codex-rs by @dependabot[bot] in #7428
• Fixed CLA action to properly exempt dependabot by @etraut-openai in #7429
• chore(deps): bump image from 0.25.8 to 0.25.9 in /codex-rs by @dependabot[bot] in #7421
• [app-server] add turn/plan/updated event by @celia-oai in #7329
• fix: disable review rollout filtering by @jif-oai in #7371
• [app-server] fix: ensure thread_id and turn_id are on all events by @owenlin0 in #7408
• [app-server] fix: emit item/fileChange/outputDelta for file change items by @owenlin0 in #7399
• Fix recent_commits(limit=0) returning 1 commit instead of 0 by @Towaiji in #7334
• fix: nix build missing rmcp output hash by @Alb-O in #7436
• docs: clarify codex max defaults and xhigh availability by @kgruiz in #7449
• fix: prevent MCP startup failure on missing 'type' field by @linuxmetel in #7417
• chore: update to rmcp@0.10.0 to pick up support for custom client notifications by @bolinfest in #7462
• fix(apply_patch) tests for shell_command by @dylan-hurd-oai in #7307
• [app-server] Add ImageView item by @celia-oai in #7468
• fix(core): enable history lookup on windows by @stevemostovoy-openai in #7457
• fix(tui): handle WSL clipboard image paths by @manoelcalixto in #3990

Full Changelog: rust-v0.63.0...rust-v0.64.0