2025-10-03 09:22:12 -07:00
// - In the default output mode, it is paramount that the only thing written to
// stdout is the final message (if any).
// - In --json mode, stdout must be valid JSONL, one event per line.
// For both modes, any other output must be written to stderr.
#![ deny(clippy::print_stdout) ]
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
mod cli ;
2025-04-29 09:59:35 -07:00
mod event_processor ;
2025-07-17 15:10:15 -07:00
mod event_processor_with_human_output ;
Remove legacy codex exec --json format (#4525)
`codex exec --json` now maps to the behavior of `codex exec
--experimental-json` with new event and item shapes.
Thread events:
- thread.started
- turn.started
- turn.completed
- turn.failed
- item.started
- item.updated
- item.completed
Item types:
- assistant_message
- reasoning
- command_execution
- file_change
- mcp_tool_call
- web_search
- todo_list
- error
Sample output:
<details>
`codex exec "list my assigned github issues" --json | jq`
```
{
"type": "thread.started",
"thread_id": "01999ce5-f229-7661-8570-53312bd47ea3"
}
{
"type": "turn.started"
}
{
"type": "item.completed",
"item": {
"id": "item_0",
"item_type": "reasoning",
"text": "**Planning to list assigned GitHub issues**"
}
}
{
"type": "item.started",
"item": {
"id": "item_1",
"item_type": "mcp_tool_call",
"server": "github",
"tool": "search_issues",
"status": "in_progress"
}
}
{
"type": "item.completed",
"item": {
"id": "item_1",
"item_type": "mcp_tool_call",
"server": "github",
"tool": "search_issues",
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "item_2",
"item_type": "reasoning",
"text": "**Organizing final message structure**"
}
}
{
"type": "item.completed",
"item": {
"id": "item_3",
"item_type": "assistant_message",
"text": "**Assigned Issues**\n- openai/codex#3267 – “stream error: stream disconnected before completion…” (bug) – last update 2025-09-08\n- openai/codex#3257 – “You've hit your usage limit. Try again in 4 days 20 hours 9 minutes.” – last update 2025-09-23\n- openai/codex#3054 – “reqwest SSL panic (library has no ciphers)” (bug) – last update 2025-09-03\n- openai/codex#3051 – “thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:53:5:” (bug) – last update 2025-09-10\n- openai/codex#3004 – “Auto-compact when approaching context limit” (enhancement) – last update 2025-09-26\n- openai/codex#2916 – “Feature request: Add OpenAI service tier support for cost optimization” – last update 2025-09-12\n- openai/codex#1581 – “stream error: stream disconnected before completion: stream closed before response.complete; retrying...” (bug) – last update 2025-09-17"
}
}
{
"type": "turn.completed",
"usage": {
"input_tokens": 34785,
"cached_input_tokens": 12544,
"output_tokens": 560
}
}
```
</details>
2025-09-30 17:21:37 -07:00
pub mod event_processor_with_jsonl_output ;
Add explicit codex exec events (#4177)
This pull request add a new experimental format of JSON output.
You can try it using `codex exec --experimental-json`.
Design takes a lot of inspiration from Responses API items and stream
format.
# Session and items
Each invocation of `codex exec` starts or resumes a session.
Session contains multiple high-level item types:
1. Assistant message
2. Assistant thinking
3. Command execution
4. File changes
5. To-do lists
6. etc.
# Events
Session and items are going through their life cycles which is
represented by events.
Session is `session.created` or `session.resumed`
Items are `item.added`, `item.updated`, `item.completed`,
`item.require_approval` (or other item types like `item.output_delta`
when we need streaming).
So a typical session can look like:
<details>
```
{
"type": "session.created",
"session_id": "01997dac-9581-7de3-b6a0-1df8256f2752"
}
{
"type": "item.completed",
"item": {
"id": "itm_0",
"item_type": "assistant_message",
"text": "I’ll locate the top-level README and remove its first line. Then I’ll show a quick summary of what changed."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_1",
"item_type": "command_execution",
"command": "bash -lc ls -la | sed -n '1,200p'",
"aggregated_output": "pyenv: cannot rehash: /Users/pakrym/.pyenv/shims isn't writable\ntotal 192\ndrwxr-xr-x@ 33 pakrym staff 1056 Sep 24 14:36 .\ndrwxr-xr-x 41 pakrym staff 1312 Sep 24 09:17 ..\n-rw-r--r--@ 1 pakrym staff 6 Jul 9 16:16 .codespellignore\n-rw-r--r--@ 1 pakrym staff 258 Aug 13 09:40 .codespellrc\ndrwxr-xr-x@ 5 pakrym staff 160 Jul 23 08:26 .devcontainer\n-rw-r--r--@ 1 pakrym staff 6148 Jul 22 10:03 .DS_Store\ndrwxr-xr-x@ 15 pakrym staff 480 Sep 24 14:38 .git\ndrwxr-xr-x@ 12 pakrym staff 384 Sep 2 16:00 .github\n-rw-r--r--@ 1 pakrym staff 778 Jul 9 16:16 .gitignore\ndrwxr-xr-x@ 3 pakrym staff 96 Aug 11 09:37 .husky\n-rw-r--r--@ 1 pakrym staff 104 Jul 9 16:16 .npmrc\n-rw-r--r--@ 1 pakrym staff 96 Sep 2 08:52 .prettierignore\n-rw-r--r--@ 1 pakrym staff 170 Jul 9 16:16 .prettierrc.toml\ndrwxr-xr-x@ 5 pakrym staff 160 Sep 14 17:43 .vscode\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:37 2025-09-11\n-rw-r--r--@ 1 pakrym staff 5505 Sep 18 09:28 AGENTS.md\n-rw-r--r--@ 1 pakrym staff 92 Sep 2 08:52 CHANGELOG.md\n-rw-r--r--@ 1 pakrym staff 1145 Jul 9 16:16 cliff.toml\ndrwxr-xr-x@ 11 pakrym staff 352 Sep 24 13:03 codex-cli\ndrwxr-xr-x@ 38 pakrym staff 1216 Sep 24 14:38 codex-rs\ndrwxr-xr-x@ 18 pakrym staff 576 Sep 23 11:01 docs\n-rw-r--r--@ 1 pakrym staff 2038 Jul 9 16:16 flake.lock\n-rw-r--r--@ 1 pakrym staff 1434 Jul 9 16:16 flake.nix\n-rw-r--r--@ 1 pakrym staff 10926 Jul 9 16:16 LICENSE\ndrwxr-xr-x@ 465 pakrym staff 14880 Jul 15 07:36 node_modules\n-rw-r--r--@ 1 pakrym staff 242 Aug 5 08:25 NOTICE\n-rw-r--r--@ 1 pakrym staff 578 Aug 14 12:31 package.json\n-rw-r--r--@ 1 pakrym staff 498 Aug 11 09:37 pnpm-lock.yaml\n-rw-r--r--@ 1 pakrym staff 58 Aug 11 09:37 pnpm-workspace.yaml\n-rw-r--r--@ 1 pakrym staff 2402 Jul 9 16:16 PNPM.md\n-rw-r--r--@ 1 pakrym staff 4393 Sep 12 14:36 README.md\ndrwxr-xr-x@ 4 pakrym staff 128 Sep 18 09:28 scripts\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:34 tmp\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_2",
"item_type": "reasoning",
"text": "**Reviewing README.md file**\n\nI've located the README.md file at the root, and it’s 4393 bytes. Now, I need to remove the first line, but first, I should check its content to make sure I’m patching it correctly. I’ll use sed to display the first 20 lines. By reviewing those lines, I can determine exactly what needs to be removed before I proceed with the editing. Let's do this carefully!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_3",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,40p' README.md",
"aggregated_output": "<h1 align=\"center\">OpenAI Codex CLI</h1>\n\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n```shell\nnpm install -g @openai/codex\n```\n\nAlternatively, if you use Homebrew:\n\n```shell\nbrew install codex\n```\n\nThen simply run `codex` to get started:\n\n```shell\ncodex\n```\n\n<details>\n<summary>You can also go to the <a href=\"https://github.com/openai/codex/releases/latest\">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_4",
"item_type": "reasoning",
"text": "**Updating README file**\n\nThe user wants to update the README by removing the first line, which is an HTML h1 tag. I'll proceed to delete that line while keeping the rest intact. To do this, I need to use the apply_patch tool and create a patch in the diff format. I’ll take care to include context lines around the change. After removing the header, I’m considering whether to delete the following blank line as well to keep it tidy."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_5",
"item_type": "reasoning",
"text": "**Crafting the patch**\n\nThe user has asked to remove just the first line, without mentioning the blank lines. Technically, leaving a blank line at the start is acceptable, but it's not ideal. Ideally, I'd prefer to remove the first line while maintaining the subsequent blank line. However, if I can also remove that blank line, it could tidy things up even more. Still, since the user's request is strictly to remove only the first line, I'll stick to that and craft the patch accordingly."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_6",
"item_type": "assistant_message",
"text": "Applying the change by removing the first line from `README.md`."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_7",
"item_type": "file_change",
"changes": [
{
"path": "/Users/pakrym/code/codex/README.md",
"kind": "update"
}
],
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_8",
"item_type": "reasoning",
"text": "**Validating README Update**\n\nI updated the README.md and now I need to validate that the first line has been successfully removed. To do this, I'll check the first 10 lines of the document to ensure everything looks correct. It’s always good to double-check these kinds of changes, so I’m going to take that extra step to make sure the update was executed properly. Let's see what those initial lines say!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_9",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,20p' README.md",
"aggregated_output": "\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_10",
"item_type": "assistant_message",
"text": "- Updated `README.md:1` by removing the opening H1 line.\n- The README now starts with the install instructions paragraph.\n\nWant me to also remove the leading blank line at the top?"
}
}
```
</details>
The idea is to give users fully formatted items they can use directly in
their rendering/application logic and avoid having them building up
items manually based on events (unless they want to for streaming).
This PR implements only the `item.completed` payload for some event
types, more event types and item types to come.
---------
Co-authored-by: Michael Bolin <mbolin@openai.com>
2025-09-25 10:47:09 -07:00
pub mod exec_events ;
2025-04-29 09:59:35 -07:00
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
pub use cli ::Cli ;
2025-12-02 11:26:27 +00:00
pub use cli ::Command ;
pub use cli ::ReviewArgs ;
2026-03-08 18:43:55 -06:00
use codex_app_server_client ::DEFAULT_IN_PROCESS_CHANNEL_CAPACITY ;
use codex_app_server_client ::InProcessAppServerClient ;
use codex_app_server_client ::InProcessClientStartArgs ;
use codex_app_server_client ::InProcessServerEvent ;
use codex_app_server_protocol ::ChatgptAuthTokensRefreshResponse ;
use codex_app_server_protocol ::ClientRequest ;
use codex_app_server_protocol ::ConfigWarningNotification ;
use codex_app_server_protocol ::JSONRPCErrorError ;
use codex_app_server_protocol ::JSONRPCNotification ;
use codex_app_server_protocol ::McpServerElicitationAction ;
use codex_app_server_protocol ::McpServerElicitationRequestResponse ;
use codex_app_server_protocol ::RequestId ;
use codex_app_server_protocol ::ReviewStartParams ;
use codex_app_server_protocol ::ReviewStartResponse ;
use codex_app_server_protocol ::ReviewTarget as ApiReviewTarget ;
use codex_app_server_protocol ::ServerNotification ;
use codex_app_server_protocol ::ServerRequest ;
use codex_app_server_protocol ::ThreadResumeParams ;
use codex_app_server_protocol ::ThreadResumeResponse ;
use codex_app_server_protocol ::ThreadStartParams ;
use codex_app_server_protocol ::ThreadStartResponse ;
use codex_app_server_protocol ::ThreadUnsubscribeParams ;
use codex_app_server_protocol ::ThreadUnsubscribeResponse ;
use codex_app_server_protocol ::TurnInterruptParams ;
use codex_app_server_protocol ::TurnInterruptResponse ;
use codex_app_server_protocol ::TurnStartParams ;
use codex_app_server_protocol ::TurnStartResponse ;
2026-02-24 17:44:38 -08:00
use codex_arg0 ::Arg0DispatchPaths ;
2026-01-30 23:53:41 +00:00
use codex_cloud_requirements ::cloud_requirements_loader ;
2025-09-02 18:36:19 -07:00
use codex_core ::AuthManager ;
2025-11-17 14:49:09 -05:00
use codex_core ::LMSTUDIO_OSS_PROVIDER_ID ;
use codex_core ::OLLAMA_OSS_PROVIDER_ID ;
2025-10-20 08:50:54 -07:00
use codex_core ::auth ::enforce_login_restrictions ;
2026-02-13 10:33:40 -08:00
use codex_core ::check_execpolicy_for_warnings ;
2025-04-27 21:47:50 -07:00
use codex_core ::config ::Config ;
2026-01-30 23:53:41 +00:00
use codex_core ::config ::ConfigBuilder ;
2025-04-27 21:47:50 -07:00
use codex_core ::config ::ConfigOverrides ;
2025-11-17 14:49:09 -05:00
use codex_core ::config ::find_codex_home ;
use codex_core ::config ::load_config_as_toml_with_cli_overrides ;
use codex_core ::config ::resolve_oss_provider ;
2026-01-23 20:11:09 -08:00
use codex_core ::config_loader ::ConfigLoadError ;
2026-03-08 18:43:55 -06:00
use codex_core ::config_loader ::LoaderOverrides ;
2026-01-23 20:11:09 -08:00
use codex_core ::config_loader ::format_config_error_with_source ;
2026-02-13 10:33:40 -08:00
use codex_core ::format_exec_policy_error_with_source ;
2025-09-02 10:29:58 -07:00
use codex_core ::git_info ::get_git_repo_root ;
2026-03-08 18:43:55 -06:00
use codex_feedback ::CodexFeedback ;
2026-03-03 17:03:45 -08:00
use codex_otel ::set_parent_from_context ;
use codex_otel ::traceparent_context_from_env ;
2026-03-08 18:43:55 -06:00
use codex_protocol ::account ::PlanType as AccountPlanType ;
2025-08-18 09:36:57 -07:00
use codex_protocol ::config_types ::SandboxMode ;
2026-02-20 23:45:35 -08:00
use codex_protocol ::protocol ::AskForApproval ;
use codex_protocol ::protocol ::Event ;
use codex_protocol ::protocol ::EventMsg ;
use codex_protocol ::protocol ::ReviewRequest ;
use codex_protocol ::protocol ::ReviewTarget ;
2026-03-08 18:43:55 -06:00
use codex_protocol ::protocol ::SessionConfiguredEvent ;
2026-02-20 23:45:35 -08:00
use codex_protocol ::protocol ::SessionSource ;
2025-10-20 13:34:44 -07:00
use codex_protocol ::user_input ::UserInput ;
2025-12-19 20:11:27 -08:00
use codex_utils_absolute_path ::AbsolutePathBuf ;
2026-02-11 04:59:24 -08:00
use codex_utils_oss ::ensure_oss_provider_ready ;
use codex_utils_oss ::get_default_model_for_oss_provider ;
2025-07-17 15:10:15 -07:00
use event_processor_with_human_output ::EventProcessorWithHumanOutput ;
Remove legacy codex exec --json format (#4525)
`codex exec --json` now maps to the behavior of `codex exec
--experimental-json` with new event and item shapes.
Thread events:
- thread.started
- turn.started
- turn.completed
- turn.failed
- item.started
- item.updated
- item.completed
Item types:
- assistant_message
- reasoning
- command_execution
- file_change
- mcp_tool_call
- web_search
- todo_list
- error
Sample output:
<details>
`codex exec "list my assigned github issues" --json | jq`
```
{
"type": "thread.started",
"thread_id": "01999ce5-f229-7661-8570-53312bd47ea3"
}
{
"type": "turn.started"
}
{
"type": "item.completed",
"item": {
"id": "item_0",
"item_type": "reasoning",
"text": "**Planning to list assigned GitHub issues**"
}
}
{
"type": "item.started",
"item": {
"id": "item_1",
"item_type": "mcp_tool_call",
"server": "github",
"tool": "search_issues",
"status": "in_progress"
}
}
{
"type": "item.completed",
"item": {
"id": "item_1",
"item_type": "mcp_tool_call",
"server": "github",
"tool": "search_issues",
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "item_2",
"item_type": "reasoning",
"text": "**Organizing final message structure**"
}
}
{
"type": "item.completed",
"item": {
"id": "item_3",
"item_type": "assistant_message",
"text": "**Assigned Issues**\n- openai/codex#3267 – “stream error: stream disconnected before completion…” (bug) – last update 2025-09-08\n- openai/codex#3257 – “You've hit your usage limit. Try again in 4 days 20 hours 9 minutes.” – last update 2025-09-23\n- openai/codex#3054 – “reqwest SSL panic (library has no ciphers)” (bug) – last update 2025-09-03\n- openai/codex#3051 – “thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:53:5:” (bug) – last update 2025-09-10\n- openai/codex#3004 – “Auto-compact when approaching context limit” (enhancement) – last update 2025-09-26\n- openai/codex#2916 – “Feature request: Add OpenAI service tier support for cost optimization” – last update 2025-09-12\n- openai/codex#1581 – “stream error: stream disconnected before completion: stream closed before response.complete; retrying...” (bug) – last update 2025-09-17"
}
}
{
"type": "turn.completed",
"usage": {
"input_tokens": 34785,
"cached_input_tokens": 12544,
"output_tokens": 560
}
}
```
</details>
2025-09-30 17:21:37 -07:00
use event_processor_with_jsonl_output ::EventProcessorWithJsonOutput ;
2025-09-23 13:59:16 -07:00
use serde_json ::Value ;
2026-01-28 13:03:20 +00:00
use std ::collections ::HashSet ;
2026-03-08 18:43:55 -06:00
use std ::collections ::VecDeque ;
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
use std ::io ::IsTerminal ;
use std ::io ::Read ;
use std ::path ::PathBuf ;
2025-10-02 18:15:03 -07:00
use supports_color ::Stream ;
2026-03-08 18:43:55 -06:00
use tokio ::sync ::mpsc ;
2026-03-03 17:03:45 -08:00
use tracing ::Instrument ;
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
use tracing ::error ;
2026-03-03 17:03:45 -08:00
use tracing ::field ;
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
use tracing ::info ;
2026-03-03 17:03:45 -08:00
use tracing ::info_span ;
2026-01-28 13:03:20 +00:00
use tracing ::warn ;
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
use tracing_subscriber ::EnvFilter ;
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
use tracing_subscriber ::prelude ::* ;
2026-01-30 10:40:09 +00:00
use uuid ::Uuid ;
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
2025-09-14 19:33:19 -04:00
use crate ::cli ::Command as ExecCommand ;
2025-07-23 15:03:26 -07:00
use crate ::event_processor ::CodexStatus ;
2025-07-17 15:10:15 -07:00
use crate ::event_processor ::EventProcessor ;
2026-01-31 00:26:25 +00:00
use codex_core ::default_client ::set_default_client_residency_requirement ;
2025-09-29 20:59:19 -07:00
use codex_core ::default_client ::set_default_originator ;
2026-01-07 17:04:53 +00:00
use codex_core ::find_thread_path_by_id_str ;
2026-01-30 10:40:09 +00:00
use codex_core ::find_thread_path_by_name_str ;
2025-07-17 15:10:15 -07:00
2026-02-27 18:22:54 -08:00
const DEFAULT_ANALYTICS_ENABLED : bool = true ;
2025-12-02 11:26:27 +00:00
enum InitialOperation {
UserTurn {
items : Vec < UserInput > ,
output_schema : Option < Value > ,
} ,
Review {
review_request : ReviewRequest ,
} ,
}
2026-03-08 18:43:55 -06:00
struct RequestIdSequencer {
next : i64 ,
}
impl RequestIdSequencer {
fn new ( ) -> Self {
Self { next : 1 }
}
fn next ( & mut self ) -> RequestId {
let id = self . next ;
self . next + = 1 ;
RequestId ::Integer ( id )
}
2026-01-28 13:03:20 +00:00
}
2026-03-03 17:03:45 -08:00
struct ExecRunArgs {
2026-03-08 18:43:55 -06:00
in_process_start_args : InProcessClientStartArgs ,
2026-03-03 17:03:45 -08:00
command : Option < ExecCommand > ,
config : Config ,
cursor_ansi : bool ,
dangerously_bypass_approvals_and_sandbox : bool ,
exec_span : tracing ::Span ,
images : Vec < PathBuf > ,
json_mode : bool ,
last_message_file : Option < PathBuf > ,
model_provider : Option < String > ,
oss : bool ,
output_schema_path : Option < PathBuf > ,
prompt : Option < String > ,
skip_git_repo_check : bool ,
stderr_with_ansi : bool ,
}
fn exec_root_span ( ) -> tracing ::Span {
info_span! (
" codex.exec " ,
otel . kind = " internal " ,
thread . id = field ::Empty ,
turn . id = field ::Empty ,
)
}
2026-02-24 17:44:38 -08:00
pub async fn run_main ( cli : Cli , arg0_paths : Arg0DispatchPaths ) -> anyhow ::Result < ( ) > {
2025-10-07 14:06:41 -07:00
if let Err ( err ) = set_default_originator ( " codex_exec " . to_string ( ) ) {
2025-09-29 20:59:19 -07:00
tracing ::warn! ( ? err , " Failed to set codex exec originator override {err:?} " ) ;
}
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
let Cli {
2025-09-14 19:33:19 -04:00
command ,
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
images ,
2025-08-05 13:55:32 -07:00
model : model_cli_arg ,
2025-08-05 11:31:11 -07:00
oss ,
2025-11-17 14:49:09 -05:00
oss_provider ,
2025-05-13 16:52:52 -07:00
config_profile ,
fix: overhaul SandboxPolicy and config loading in Rust (#732)
Previous to this PR, `SandboxPolicy` was a bit difficult to work with:
https://github.com/openai/codex/blob/237f8a11e11fdcc793a09e787e48215676d9b95b/codex-rs/core/src/protocol.rs#L98-L108
Specifically:
* It was an `enum` and therefore options were mutually exclusive as
opposed to additive.
* It defined things in terms of what the agent _could not_ do as opposed
to what they _could_ do. This made things hard to support because we
would prefer to build up a sandbox config by starting with something
extremely restrictive and only granting permissions for things the user
as explicitly allowed.
This PR changes things substantially by redefining the policy in terms
of two concepts:
* A `SandboxPermission` enum that defines permissions that can be
granted to the agent/sandbox.
* A `SandboxPolicy` that internally stores a `Vec<SandboxPermission>`,
but externally exposes a simpler API that can be used to configure
Seatbelt/Landlock.
Previous to this PR, we supported a `--sandbox` flag that effectively
mapped to an enum value in `SandboxPolicy`. Though now that
`SandboxPolicy` is a wrapper around `Vec<SandboxPermission>`, the single
`--sandbox` flag no longer makes sense. While I could have turned it
into a flag that the user can specify multiple times, I think the
current values to use with such a flag are long and potentially messy,
so for the moment, I have dropped support for `--sandbox` altogether and
we can bring it back once we have figured out the naming thing.
Since `--sandbox` is gone, users now have to specify `--full-auto` to
get a sandbox that allows writes in `cwd`. Admittedly, there is no clean
way to specify the equivalent of `--full-auto` in your `config.toml`
right now, so we will have to revisit that, as well.
Because `Config` presents a `SandboxPolicy` field and `SandboxPolicy`
changed considerably, I had to overhaul how config loading works, as
well. There are now two distinct concepts, `ConfigToml` and `Config`:
* `ConfigToml` is the deserialization of `~/.codex/config.toml`. As one
might expect, every field is `Optional` and it is `#[derive(Deserialize,
Default)]`. Consistent use of `Optional` makes it clear what the user
has specified explicitly.
* `Config` is the "normalized config" and is produced by merging
`ConfigToml` with `ConfigOverrides`. Where `ConfigToml` contains a raw
`Option<Vec<SandboxPermission>>`, `Config` presents only the final
`SandboxPolicy`.
The changes to `core/src/exec.rs` and `core/src/linux.rs` merit extra
special attention to ensure we are faithfully mapping the
`SandboxPolicy` to the Seatbelt and Landlock configs, respectively.
Also, take note that `core/src/seatbelt_readonly_policy.sbpl` has been
renamed to `codex-rs/core/src/seatbelt_base_policy.sbpl` and that
`(allow file-read*)` has been removed from the `.sbpl` file as now this
is added to the policy in `core/src/exec.rs` when
`sandbox_policy.has_full_disk_read_access()` is `true`.
2025-04-29 15:01:16 -07:00
full_auto ,
2025-06-25 12:36:10 -07:00
dangerously_bypass_approvals_and_sandbox ,
2025-05-04 10:57:12 -07:00
cwd ,
2025-04-25 12:08:18 -07:00
skip_git_repo_check ,
2025-11-13 16:47:10 -05:00
add_dir ,
2026-02-05 15:49:57 +00:00
ephemeral ,
2025-04-29 09:59:35 -07:00
color ,
2025-05-19 16:08:18 -07:00
last_message_file ,
2025-07-17 15:10:15 -07:00
json : json_mode ,
feat: add support for --sandbox flag (#1476)
On a high-level, we try to design `config.toml` so that you don't have
to "comment out a lot of stuff" when testing different options.
Previously, defining a sandbox policy was somewhat at odds with this
principle because you would define the policy as attributes of
`[sandbox]` like so:
```toml
[sandbox]
mode = "workspace-write"
writable_roots = [ "/tmp" ]
```
but if you wanted to temporarily change to a read-only sandbox, you
might feel compelled to modify your file to be:
```toml
[sandbox]
mode = "read-only"
# mode = "workspace-write"
# writable_roots = [ "/tmp" ]
```
Technically, commenting out `writable_roots` would not be strictly
necessary, as `mode = "read-only"` would ignore `writable_roots`, but
it's still a reasonable thing to do to keep things tidy.
Currently, the various values for `mode` do not support that many
attributes, so this is not that hard to maintain, but one could imagine
this becoming more complex in the future.
In this PR, we change Codex CLI so that it no longer recognizes
`[sandbox]`. Instead, it introduces a top-level option, `sandbox_mode`,
and `[sandbox_workspace_write]` is used to further configure the sandbox
when when `sandbox_mode = "workspace-write"` is used:
```toml
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
```
This feels a bit more future-proof in that it is less tedious to
configure different sandboxes:
```toml
sandbox_mode = "workspace-write"
[sandbox_read_only]
# read-only options here...
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
[sandbox_danger_full_access]
# danger-full-access options here...
```
In this scheme, you never need to comment out the configuration for an
individual sandbox type: you only need to redefine `sandbox_mode`.
Relatedly, previous to this change, a user had to do `-c
sandbox.mode=read-only` to change the mode on the command line. With
this change, things are arguably a bit cleaner because the equivalent
option is `-c sandbox_mode=read-only` (and now `-c
sandbox_workspace_write=...` can be set separately).
Though more importantly, we introduce the `-s/--sandbox` option to the
CLI, which maps directly to `sandbox_mode` in `config.toml`, making
config override behavior easier to reason about. Moreover, as you can
see in the updates to the various Markdown files, it is much easier to
explain how to configure sandboxing when things like `--sandbox
read-only` can be used as an example.
Relatedly, this cleanup also made it straightforward to add support for
a `sandbox` option for Codex when used as an MCP server (see the changes
to `mcp-server/src/codex_tool_config.rs`).
Fixes https://github.com/openai/codex/issues/1248.
2025-07-07 22:31:30 -07:00
sandbox_mode : sandbox_mode_cli_arg ,
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
prompt ,
2025-09-23 13:59:16 -07:00
output_schema : output_schema_path ,
feat: add support for -c/--config to override individual config items (#1137)
This PR introduces support for `-c`/`--config` so users can override
individual config values on the command line using `--config
name=value`. Example:
```
codex --config model=o4-mini
```
Making it possible to set arbitrary config values on the command line
results in a more flexible configuration scheme and makes it easier to
provide single-line examples that can be copy-pasted from documentation.
Effectively, it means there are four levels of configuration for some
values:
- Default value (e.g., `model` currently defaults to `o4-mini`)
- Value in `config.toml` (e.g., user could override the default to be
`model = "o3"` in their `config.toml`)
- Specifying `-c` or `--config` to override `model` (e.g., user can
include `-c model=o3` in their list of args to Codex)
- If available, a config-specific flag can be used, which takes
precedence over `-c` (e.g., user can specify `--model o3` in their list
of args to Codex)
Now that it is possible to specify anything that could be configured in
`config.toml` on the command line using `-c`, we do not need to have a
custom flag for every possible config option (which can clutter the
output of `--help`). To that end, as part of this PR, we drop support
for the `--disable-response-storage` flag, as users can now specify `-c
disable_response_storage=true` to get the equivalent functionality.
Under the hood, this works by loading the `config.toml` into a
`toml::Value`. Then for each `key=value`, we create a small synthetic
TOML file with `value` so that we can run the TOML parser to get the
equivalent `toml::Value`. We then parse `key` to determine the point in
the original `toml::Value` to do the insert/replace. Once all of the
overrides from `-c` args have been applied, the `toml::Value` is
deserialized into a `ConfigToml` and then the `ConfigOverrides` are
applied, as before.
2025-05-27 23:11:44 -07:00
config_overrides ,
2026-02-24 16:00:19 -05:00
progress_cursor ,
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
} = cli ;
2026-02-24 16:00:19 -05:00
let ( _stdout_with_ansi , stderr_with_ansi ) = match color {
2025-04-29 09:59:35 -07:00
cli ::Color ::Always = > ( true , true ) ,
cli ::Color ::Never = > ( false , false ) ,
cli ::Color ::Auto = > (
2025-10-02 18:15:03 -07:00
supports_color ::on_cached ( Stream ::Stdout ) . is_some ( ) ,
supports_color ::on_cached ( Stream ::Stderr ) . is_some ( ) ,
2025-04-29 09:59:35 -07:00
) ,
} ;
2026-02-24 16:00:19 -05:00
let cursor_ansi = if progress_cursor {
true
} else {
match color {
cli ::Color ::Never = > false ,
cli ::Color ::Always = > true ,
cli ::Color ::Auto = > {
if stderr_with_ansi | | std ::io ::stderr ( ) . is_terminal ( ) {
true
} else {
match std ::env ::var ( " TERM " ) {
Ok ( term ) = > ! term . is_empty ( ) & & term ! = " dumb " ,
Err ( _ ) = > false ,
}
}
}
}
} ;
2025-04-28 21:42:06 -07:00
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
// Build fmt layer (existing logging) to compose with OTEL layer.
2025-07-29 10:06:05 -07:00
let default_level = " error " ;
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
// Build env_filter separately and attach via with_filter.
let env_filter = EnvFilter ::try_from_default_env ( )
. or_else ( | _ | EnvFilter ::try_new ( default_level ) )
. unwrap_or_else ( | _ | EnvFilter ::new ( default_level ) ) ;
let fmt_layer = tracing_subscriber ::fmt ::layer ( )
2025-07-29 10:06:05 -07:00
. with_ansi ( stderr_with_ansi )
. with_writer ( std ::io ::stderr )
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
. with_filter ( env_filter ) ;
2025-07-29 10:06:05 -07:00
feat: add support for --sandbox flag (#1476)
On a high-level, we try to design `config.toml` so that you don't have
to "comment out a lot of stuff" when testing different options.
Previously, defining a sandbox policy was somewhat at odds with this
principle because you would define the policy as attributes of
`[sandbox]` like so:
```toml
[sandbox]
mode = "workspace-write"
writable_roots = [ "/tmp" ]
```
but if you wanted to temporarily change to a read-only sandbox, you
might feel compelled to modify your file to be:
```toml
[sandbox]
mode = "read-only"
# mode = "workspace-write"
# writable_roots = [ "/tmp" ]
```
Technically, commenting out `writable_roots` would not be strictly
necessary, as `mode = "read-only"` would ignore `writable_roots`, but
it's still a reasonable thing to do to keep things tidy.
Currently, the various values for `mode` do not support that many
attributes, so this is not that hard to maintain, but one could imagine
this becoming more complex in the future.
In this PR, we change Codex CLI so that it no longer recognizes
`[sandbox]`. Instead, it introduces a top-level option, `sandbox_mode`,
and `[sandbox_workspace_write]` is used to further configure the sandbox
when when `sandbox_mode = "workspace-write"` is used:
```toml
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
```
This feels a bit more future-proof in that it is less tedious to
configure different sandboxes:
```toml
sandbox_mode = "workspace-write"
[sandbox_read_only]
# read-only options here...
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
[sandbox_danger_full_access]
# danger-full-access options here...
```
In this scheme, you never need to comment out the configuration for an
individual sandbox type: you only need to redefine `sandbox_mode`.
Relatedly, previous to this change, a user had to do `-c
sandbox.mode=read-only` to change the mode on the command line. With
this change, things are arguably a bit cleaner because the equivalent
option is `-c sandbox_mode=read-only` (and now `-c
sandbox_workspace_write=...` can be set separately).
Though more importantly, we introduce the `-s/--sandbox` option to the
CLI, which maps directly to `sandbox_mode` in `config.toml`, making
config override behavior easier to reason about. Moreover, as you can
see in the updates to the various Markdown files, it is much easier to
explain how to configure sandboxing when things like `--sandbox
read-only` can be used as an example.
Relatedly, this cleanup also made it straightforward to add support for
a `sandbox` option for Codex when used as an MCP server (see the changes
to `mcp-server/src/codex_tool_config.rs`).
Fixes https://github.com/openai/codex/issues/1248.
2025-07-07 22:31:30 -07:00
let sandbox_mode = if full_auto {
Some ( SandboxMode ::WorkspaceWrite )
2025-06-25 12:36:10 -07:00
} else if dangerously_bypass_approvals_and_sandbox {
feat: add support for --sandbox flag (#1476)
On a high-level, we try to design `config.toml` so that you don't have
to "comment out a lot of stuff" when testing different options.
Previously, defining a sandbox policy was somewhat at odds with this
principle because you would define the policy as attributes of
`[sandbox]` like so:
```toml
[sandbox]
mode = "workspace-write"
writable_roots = [ "/tmp" ]
```
but if you wanted to temporarily change to a read-only sandbox, you
might feel compelled to modify your file to be:
```toml
[sandbox]
mode = "read-only"
# mode = "workspace-write"
# writable_roots = [ "/tmp" ]
```
Technically, commenting out `writable_roots` would not be strictly
necessary, as `mode = "read-only"` would ignore `writable_roots`, but
it's still a reasonable thing to do to keep things tidy.
Currently, the various values for `mode` do not support that many
attributes, so this is not that hard to maintain, but one could imagine
this becoming more complex in the future.
In this PR, we change Codex CLI so that it no longer recognizes
`[sandbox]`. Instead, it introduces a top-level option, `sandbox_mode`,
and `[sandbox_workspace_write]` is used to further configure the sandbox
when when `sandbox_mode = "workspace-write"` is used:
```toml
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
```
This feels a bit more future-proof in that it is less tedious to
configure different sandboxes:
```toml
sandbox_mode = "workspace-write"
[sandbox_read_only]
# read-only options here...
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
[sandbox_danger_full_access]
# danger-full-access options here...
```
In this scheme, you never need to comment out the configuration for an
individual sandbox type: you only need to redefine `sandbox_mode`.
Relatedly, previous to this change, a user had to do `-c
sandbox.mode=read-only` to change the mode on the command line. With
this change, things are arguably a bit cleaner because the equivalent
option is `-c sandbox_mode=read-only` (and now `-c
sandbox_workspace_write=...` can be set separately).
Though more importantly, we introduce the `-s/--sandbox` option to the
CLI, which maps directly to `sandbox_mode` in `config.toml`, making
config override behavior easier to reason about. Moreover, as you can
see in the updates to the various Markdown files, it is much easier to
explain how to configure sandboxing when things like `--sandbox
read-only` can be used as an example.
Relatedly, this cleanup also made it straightforward to add support for
a `sandbox` option for Codex when used as an MCP server (see the changes
to `mcp-server/src/codex_tool_config.rs`).
Fixes https://github.com/openai/codex/issues/1248.
2025-07-07 22:31:30 -07:00
Some ( SandboxMode ::DangerFullAccess )
fix: overhaul SandboxPolicy and config loading in Rust (#732)
Previous to this PR, `SandboxPolicy` was a bit difficult to work with:
https://github.com/openai/codex/blob/237f8a11e11fdcc793a09e787e48215676d9b95b/codex-rs/core/src/protocol.rs#L98-L108
Specifically:
* It was an `enum` and therefore options were mutually exclusive as
opposed to additive.
* It defined things in terms of what the agent _could not_ do as opposed
to what they _could_ do. This made things hard to support because we
would prefer to build up a sandbox config by starting with something
extremely restrictive and only granting permissions for things the user
as explicitly allowed.
This PR changes things substantially by redefining the policy in terms
of two concepts:
* A `SandboxPermission` enum that defines permissions that can be
granted to the agent/sandbox.
* A `SandboxPolicy` that internally stores a `Vec<SandboxPermission>`,
but externally exposes a simpler API that can be used to configure
Seatbelt/Landlock.
Previous to this PR, we supported a `--sandbox` flag that effectively
mapped to an enum value in `SandboxPolicy`. Though now that
`SandboxPolicy` is a wrapper around `Vec<SandboxPermission>`, the single
`--sandbox` flag no longer makes sense. While I could have turned it
into a flag that the user can specify multiple times, I think the
current values to use with such a flag are long and potentially messy,
so for the moment, I have dropped support for `--sandbox` altogether and
we can bring it back once we have figured out the naming thing.
Since `--sandbox` is gone, users now have to specify `--full-auto` to
get a sandbox that allows writes in `cwd`. Admittedly, there is no clean
way to specify the equivalent of `--full-auto` in your `config.toml`
right now, so we will have to revisit that, as well.
Because `Config` presents a `SandboxPolicy` field and `SandboxPolicy`
changed considerably, I had to overhaul how config loading works, as
well. There are now two distinct concepts, `ConfigToml` and `Config`:
* `ConfigToml` is the deserialization of `~/.codex/config.toml`. As one
might expect, every field is `Optional` and it is `#[derive(Deserialize,
Default)]`. Consistent use of `Optional` makes it clear what the user
has specified explicitly.
* `Config` is the "normalized config" and is produced by merging
`ConfigToml` with `ConfigOverrides`. Where `ConfigToml` contains a raw
`Option<Vec<SandboxPermission>>`, `Config` presents only the final
`SandboxPolicy`.
The changes to `core/src/exec.rs` and `core/src/linux.rs` merit extra
special attention to ensure we are faithfully mapping the
`SandboxPolicy` to the Seatbelt and Landlock configs, respectively.
Also, take note that `core/src/seatbelt_readonly_policy.sbpl` has been
renamed to `codex-rs/core/src/seatbelt_base_policy.sbpl` and that
`(allow file-read*)` has been removed from the `.sbpl` file as now this
is added to the policy in `core/src/exec.rs` when
`sandbox_policy.has_full_disk_read_access()` is `true`.
2025-04-29 15:01:16 -07:00
} else {
feat: add support for --sandbox flag (#1476)
On a high-level, we try to design `config.toml` so that you don't have
to "comment out a lot of stuff" when testing different options.
Previously, defining a sandbox policy was somewhat at odds with this
principle because you would define the policy as attributes of
`[sandbox]` like so:
```toml
[sandbox]
mode = "workspace-write"
writable_roots = [ "/tmp" ]
```
but if you wanted to temporarily change to a read-only sandbox, you
might feel compelled to modify your file to be:
```toml
[sandbox]
mode = "read-only"
# mode = "workspace-write"
# writable_roots = [ "/tmp" ]
```
Technically, commenting out `writable_roots` would not be strictly
necessary, as `mode = "read-only"` would ignore `writable_roots`, but
it's still a reasonable thing to do to keep things tidy.
Currently, the various values for `mode` do not support that many
attributes, so this is not that hard to maintain, but one could imagine
this becoming more complex in the future.
In this PR, we change Codex CLI so that it no longer recognizes
`[sandbox]`. Instead, it introduces a top-level option, `sandbox_mode`,
and `[sandbox_workspace_write]` is used to further configure the sandbox
when when `sandbox_mode = "workspace-write"` is used:
```toml
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
```
This feels a bit more future-proof in that it is less tedious to
configure different sandboxes:
```toml
sandbox_mode = "workspace-write"
[sandbox_read_only]
# read-only options here...
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
[sandbox_danger_full_access]
# danger-full-access options here...
```
In this scheme, you never need to comment out the configuration for an
individual sandbox type: you only need to redefine `sandbox_mode`.
Relatedly, previous to this change, a user had to do `-c
sandbox.mode=read-only` to change the mode on the command line. With
this change, things are arguably a bit cleaner because the equivalent
option is `-c sandbox_mode=read-only` (and now `-c
sandbox_workspace_write=...` can be set separately).
Though more importantly, we introduce the `-s/--sandbox` option to the
CLI, which maps directly to `sandbox_mode` in `config.toml`, making
config override behavior easier to reason about. Moreover, as you can
see in the updates to the various Markdown files, it is much easier to
explain how to configure sandboxing when things like `--sandbox
read-only` can be used as an example.
Relatedly, this cleanup also made it straightforward to add support for
a `sandbox` option for Codex when used as an MCP server (see the changes
to `mcp-server/src/codex_tool_config.rs`).
Fixes https://github.com/openai/codex/issues/1248.
2025-07-07 22:31:30 -07:00
sandbox_mode_cli_arg . map ( Into ::< SandboxMode > ::into )
fix: overhaul SandboxPolicy and config loading in Rust (#732)
Previous to this PR, `SandboxPolicy` was a bit difficult to work with:
https://github.com/openai/codex/blob/237f8a11e11fdcc793a09e787e48215676d9b95b/codex-rs/core/src/protocol.rs#L98-L108
Specifically:
* It was an `enum` and therefore options were mutually exclusive as
opposed to additive.
* It defined things in terms of what the agent _could not_ do as opposed
to what they _could_ do. This made things hard to support because we
would prefer to build up a sandbox config by starting with something
extremely restrictive and only granting permissions for things the user
as explicitly allowed.
This PR changes things substantially by redefining the policy in terms
of two concepts:
* A `SandboxPermission` enum that defines permissions that can be
granted to the agent/sandbox.
* A `SandboxPolicy` that internally stores a `Vec<SandboxPermission>`,
but externally exposes a simpler API that can be used to configure
Seatbelt/Landlock.
Previous to this PR, we supported a `--sandbox` flag that effectively
mapped to an enum value in `SandboxPolicy`. Though now that
`SandboxPolicy` is a wrapper around `Vec<SandboxPermission>`, the single
`--sandbox` flag no longer makes sense. While I could have turned it
into a flag that the user can specify multiple times, I think the
current values to use with such a flag are long and potentially messy,
so for the moment, I have dropped support for `--sandbox` altogether and
we can bring it back once we have figured out the naming thing.
Since `--sandbox` is gone, users now have to specify `--full-auto` to
get a sandbox that allows writes in `cwd`. Admittedly, there is no clean
way to specify the equivalent of `--full-auto` in your `config.toml`
right now, so we will have to revisit that, as well.
Because `Config` presents a `SandboxPolicy` field and `SandboxPolicy`
changed considerably, I had to overhaul how config loading works, as
well. There are now two distinct concepts, `ConfigToml` and `Config`:
* `ConfigToml` is the deserialization of `~/.codex/config.toml`. As one
might expect, every field is `Optional` and it is `#[derive(Deserialize,
Default)]`. Consistent use of `Optional` makes it clear what the user
has specified explicitly.
* `Config` is the "normalized config" and is produced by merging
`ConfigToml` with `ConfigOverrides`. Where `ConfigToml` contains a raw
`Option<Vec<SandboxPermission>>`, `Config` presents only the final
`SandboxPolicy`.
The changes to `core/src/exec.rs` and `core/src/linux.rs` merit extra
special attention to ensure we are faithfully mapping the
`SandboxPolicy` to the Seatbelt and Landlock configs, respectively.
Also, take note that `core/src/seatbelt_readonly_policy.sbpl` has been
renamed to `codex-rs/core/src/seatbelt_base_policy.sbpl` and that
`(allow file-read*)` has been removed from the `.sbpl` file as now this
is added to the policy in `core/src/exec.rs` when
`sandbox_policy.has_full_disk_read_access()` is `true`.
2025-04-29 15:01:16 -07:00
} ;
2025-11-17 14:49:09 -05:00
// Parse `-c` overrides from the CLI.
let cli_kv_overrides = match config_overrides . parse_overrides ( ) {
Ok ( v ) = > v ,
#[ allow(clippy::print_stderr) ]
Err ( e ) = > {
eprintln! ( " Error parsing -c overrides: {e} " ) ;
std ::process ::exit ( 1 ) ;
}
} ;
2025-12-19 20:11:27 -08:00
let resolved_cwd = cwd . clone ( ) ;
let config_cwd = match resolved_cwd . as_deref ( ) {
Some ( path ) = > AbsolutePathBuf ::from_absolute_path ( path . canonicalize ( ) ? ) ? ,
None = > AbsolutePathBuf ::current_dir ( ) ? ,
} ;
2025-11-17 14:49:09 -05:00
// we load config.toml here to determine project state.
#[ allow(clippy::print_stderr) ]
2026-01-30 23:53:41 +00:00
let codex_home = match find_codex_home ( ) {
Ok ( codex_home ) = > codex_home ,
Err ( err ) = > {
eprintln! ( " Error finding codex home: {err} " ) ;
std ::process ::exit ( 1 ) ;
}
} ;
2025-11-17 14:49:09 -05:00
2026-01-30 23:53:41 +00:00
#[ allow(clippy::print_stderr) ]
let config_toml = match load_config_as_toml_with_cli_overrides (
& codex_home ,
& config_cwd ,
cli_kv_overrides . clone ( ) ,
)
. await
{
Ok ( config_toml ) = > config_toml ,
Err ( err ) = > {
let config_error = err
. get_ref ( )
. and_then ( | err | err . downcast_ref ::< ConfigLoadError > ( ) )
. map ( ConfigLoadError ::config_error ) ;
if let Some ( config_error ) = config_error {
eprintln! (
" Error loading config.toml: \n {} " ,
format_config_error_with_source ( config_error )
) ;
} else {
eprintln! ( " Error loading config.toml: {err} " ) ;
2025-11-17 14:49:09 -05:00
}
2026-01-30 23:53:41 +00:00
std ::process ::exit ( 1 ) ;
2025-11-17 14:49:09 -05:00
}
} ;
2026-01-30 23:53:41 +00:00
let cloud_auth_manager = AuthManager ::shared (
codex_home . clone ( ) ,
false ,
config_toml . cli_auth_credentials_store . unwrap_or_default ( ) ,
) ;
let chatgpt_base_url = config_toml
. chatgpt_base_url
. clone ( )
. unwrap_or_else ( | | " https://chatgpt.com/backend-api/ " . to_string ( ) ) ;
// TODO(gt): Make cloud requirements failures blocking once we can fail-closed.
2026-02-11 14:06:41 +00:00
let cloud_requirements =
cloud_requirements_loader ( cloud_auth_manager , chatgpt_base_url , codex_home . clone ( ) ) ;
2026-03-08 18:43:55 -06:00
let run_cli_overrides = cli_kv_overrides . clone ( ) ;
let run_loader_overrides = LoaderOverrides ::default ( ) ;
let run_cloud_requirements = cloud_requirements . clone ( ) ;
2026-01-30 23:53:41 +00:00
2025-11-17 14:49:09 -05:00
let model_provider = if oss {
let resolved = resolve_oss_provider (
oss_provider . as_deref ( ) ,
& config_toml ,
config_profile . clone ( ) ,
) ;
if let Some ( provider ) = resolved {
Some ( provider )
} else {
return Err ( anyhow ::anyhow! (
2026-02-03 11:31:57 +00:00
" No default OSS provider configured. Use --local-provider=provider or set oss_provider to one of: {LMSTUDIO_OSS_PROVIDER_ID}, {OLLAMA_OSS_PROVIDER_ID} in config.toml "
2025-11-17 14:49:09 -05:00
) ) ;
}
} else {
None // No OSS mode enabled
} ;
// When using `--oss`, let the bootstrapper pick the model based on selected provider
2025-08-05 13:55:32 -07:00
let model = if let Some ( model ) = model_cli_arg {
Some ( model )
} else if oss {
2025-11-17 14:49:09 -05:00
model_provider
. as_ref ( )
. and_then ( | provider_id | get_default_model_for_oss_provider ( provider_id ) )
. map ( std ::borrow ::ToOwned ::to_owned )
2025-08-05 11:31:11 -07:00
} else {
2025-08-05 13:55:32 -07:00
None // No model specified, will use the default.
2025-08-05 11:31:11 -07:00
} ;
2025-08-05 13:55:32 -07:00
2025-04-27 21:47:50 -07:00
// Load configuration and determine approval policy
let overrides = ConfigOverrides {
2025-04-29 09:59:35 -07:00
model ,
Review Mode (Core) (#3401)
## 📝 Review Mode -- Core
This PR introduces the Core implementation for Review mode:
- New op `Op::Review { prompt: String }:` spawns a child review task
with isolated context, a review‑specific system prompt, and a
`Config.review_model`.
- `EnteredReviewMode`: emitted when the child review session starts.
Every event from this point onwards reflects the review session.
- `ExitedReviewMode(Option<ReviewOutputEvent>)`: emitted when the review
finishes or is interrupted, with optional structured findings:
```json
{
"findings": [
{
"title": "<≤ 80 chars, imperative>",
"body": "<valid Markdown explaining *why* this is a problem; cite files/lines/functions>",
"confidence_score": <float 0.0-1.0>,
"priority": <int 0-3>,
"code_location": {
"absolute_file_path": "<file path>",
"line_range": {"start": <int>, "end": <int>}
}
}
],
"overall_correctness": "patch is correct" | "patch is incorrect",
"overall_explanation": "<1-3 sentence explanation justifying the overall_correctness verdict>",
"overall_confidence_score": <float 0.0-1.0>
}
```
## Questions
### Why separate out its own message history?
We want the review thread to match the training of our review models as
much as possible -- that means using a custom prompt, removing user
instructions, and starting a clean chat history.
We also want to make sure the review thread doesn't leak into the parent
thread.
### Why do this as a mode, vs. sub-agents?
1. We want review to be a synchronous task, so it's fine for now to do a
bespoke implementation.
2. We're still unclear about the final structure for sub-agents. We'd
prefer to land this quickly and then refactor into sub-agents without
rushing that implementation.
2025-09-12 16:25:10 -07:00
review_model : None ,
2025-05-13 16:52:52 -07:00
config_profile ,
2025-10-15 19:03:54 +01:00
// Default to never ask for approvals in headless mode. Feature flags can override.
2025-04-27 21:47:50 -07:00
approval_policy : Some ( AskForApproval ::Never ) ,
feat: add support for --sandbox flag (#1476)
On a high-level, we try to design `config.toml` so that you don't have
to "comment out a lot of stuff" when testing different options.
Previously, defining a sandbox policy was somewhat at odds with this
principle because you would define the policy as attributes of
`[sandbox]` like so:
```toml
[sandbox]
mode = "workspace-write"
writable_roots = [ "/tmp" ]
```
but if you wanted to temporarily change to a read-only sandbox, you
might feel compelled to modify your file to be:
```toml
[sandbox]
mode = "read-only"
# mode = "workspace-write"
# writable_roots = [ "/tmp" ]
```
Technically, commenting out `writable_roots` would not be strictly
necessary, as `mode = "read-only"` would ignore `writable_roots`, but
it's still a reasonable thing to do to keep things tidy.
Currently, the various values for `mode` do not support that many
attributes, so this is not that hard to maintain, but one could imagine
this becoming more complex in the future.
In this PR, we change Codex CLI so that it no longer recognizes
`[sandbox]`. Instead, it introduces a top-level option, `sandbox_mode`,
and `[sandbox_workspace_write]` is used to further configure the sandbox
when when `sandbox_mode = "workspace-write"` is used:
```toml
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
```
This feels a bit more future-proof in that it is less tedious to
configure different sandboxes:
```toml
sandbox_mode = "workspace-write"
[sandbox_read_only]
# read-only options here...
[sandbox_workspace_write]
writable_roots = [ "/tmp" ]
[sandbox_danger_full_access]
# danger-full-access options here...
```
In this scheme, you never need to comment out the configuration for an
individual sandbox type: you only need to redefine `sandbox_mode`.
Relatedly, previous to this change, a user had to do `-c
sandbox.mode=read-only` to change the mode on the command line. With
this change, things are arguably a bit cleaner because the equivalent
option is `-c sandbox_mode=read-only` (and now `-c
sandbox_workspace_write=...` can be set separately).
Though more importantly, we introduce the `-s/--sandbox` option to the
CLI, which maps directly to `sandbox_mode` in `config.toml`, making
config override behavior easier to reason about. Moreover, as you can
see in the updates to the various Markdown files, it is much easier to
explain how to configure sandboxing when things like `--sandbox
read-only` can be used as an example.
Relatedly, this cleanup also made it straightforward to add support for
a `sandbox` option for Codex when used as an MCP server (see the changes
to `mcp-server/src/codex_tool_config.rs`).
Fixes https://github.com/openai/codex/issues/1248.
2025-07-07 22:31:30 -07:00
sandbox_mode ,
2025-12-19 20:11:27 -08:00
cwd : resolved_cwd ,
2025-11-17 14:49:09 -05:00
model_provider : model_provider . clone ( ) ,
2026-03-03 02:35:09 -08:00
service_tier : None ,
2026-02-24 17:44:38 -08:00
codex_linux_sandbox_exe : arg0_paths . codex_linux_sandbox_exe . clone ( ) ,
main_execve_wrapper_exe : arg0_paths . main_execve_wrapper_exe . clone ( ) ,
2026-02-11 12:05:02 -08:00
js_repl_node_path : None ,
2026-02-17 23:29:49 -08:00
js_repl_node_module_dirs : None ,
feat(core): zsh exec bridge (#12052)
zsh fork PR stack:
- https://github.com/openai/codex/pull/12051
- https://github.com/openai/codex/pull/12052 👈
### Summary
This PR introduces a feature-gated native shell runtime path that routes
shell execution through a patched zsh exec bridge, removing MCP-specific
behavior from the shell hot path while preserving existing
CommandExecution lifecycle semantics.
When shell_zsh_fork is enabled, shell commands run via patched zsh with
per-`execve` interception through EXEC_WRAPPER. Core receives wrapper
IPC requests over a Unix socket, applies existing approval policy, and
returns allow/deny before the subcommand executes.
### What’s included
**1) New zsh exec bridge runtime in core**
- Wrapper-mode entrypoint (maybe_run_zsh_exec_wrapper_mode) for
EXEC_WRAPPER invocations.
- Per-execution Unix-socket IPC handling for wrapper requests/responses.
- Approval callback integration using existing core approval
orchestration.
- Streaming stdout/stderr deltas to existing command output event
pipeline.
- Error handling for malformed IPC, denial/abort, and execution
failures.
**2) Session lifecycle integration**
SessionServices now owns a `ZshExecBridge`.
Session startup initializes bridge state; shutdown tears it down
cleanly.
**3) Shell runtime routing (feature-gated)**
When `shell_zsh_fork` is enabled:
- Build execution env/spec as usual.
- Add wrapper socket env wiring.
- Execute via `zsh_exec_bridge.execute_shell_request(...)` instead of
the regular shell path.
- Non-zsh-fork behavior remains unchanged.
**4) Config + feature wiring**
- Added `Feature::ShellZshFork` (under development).
- Added config support for `zsh_path` (optional absolute path to patched
zsh):
- `Config`, `ConfigToml`, `ConfigProfile`, overrides, and schema.
- Session startup validates that `zsh_path` exists/usable when zsh-fork
is enabled.
- Added startup test for missing `zsh_path` failure mode.
**5) Seatbelt/sandbox updates for wrapper IPC**
- Extended seatbelt policy generation to optionally allow outbound
connection to explicitly permitted Unix sockets.
- Wired sandboxing path to pass wrapper socket path through to seatbelt
policy generation.
- Added/updated seatbelt tests for explicit socket allow rule and
argument emission.
**6) Runtime entrypoint hooks**
- This allows the same binary to act as the zsh wrapper subprocess when
invoked via `EXEC_WRAPPER`.
**7) Tool selection behavior**
- ToolsConfig now prefers ShellCommand type when shell_zsh_fork is
enabled.
- Added test coverage for precedence with unified-exec enabled.
2026-02-17 20:19:53 -08:00
zsh_path : None ,
2025-07-22 09:42:22 -07:00
base_instructions : None ,
2025-10-30 11:18:31 -07:00
developer_instructions : None ,
2026-01-31 20:38:06 -07:00
personality : None ,
2025-10-30 14:24:24 +00:00
compact_prompt : None ,
2025-10-04 19:16:36 -07:00
include_apply_patch_tool : None ,
2025-08-05 14:42:49 -07:00
show_raw_agent_reasoning : oss . then_some ( true ) ,
2025-08-23 22:58:56 -07:00
tools_web_search_request : None ,
2026-02-05 15:49:57 +00:00
ephemeral : ephemeral . then_some ( true ) ,
2025-11-13 16:47:10 -05:00
additional_writable_roots : add_dir ,
2025-04-27 21:47:50 -07:00
} ;
feat: add support for -c/--config to override individual config items (#1137)
This PR introduces support for `-c`/`--config` so users can override
individual config values on the command line using `--config
name=value`. Example:
```
codex --config model=o4-mini
```
Making it possible to set arbitrary config values on the command line
results in a more flexible configuration scheme and makes it easier to
provide single-line examples that can be copy-pasted from documentation.
Effectively, it means there are four levels of configuration for some
values:
- Default value (e.g., `model` currently defaults to `o4-mini`)
- Value in `config.toml` (e.g., user could override the default to be
`model = "o3"` in their `config.toml`)
- Specifying `-c` or `--config` to override `model` (e.g., user can
include `-c model=o3` in their list of args to Codex)
- If available, a config-specific flag can be used, which takes
precedence over `-c` (e.g., user can specify `--model o3` in their list
of args to Codex)
Now that it is possible to specify anything that could be configured in
`config.toml` on the command line using `-c`, we do not need to have a
custom flag for every possible config option (which can clutter the
output of `--help`). To that end, as part of this PR, we drop support
for the `--disable-response-storage` flag, as users can now specify `-c
disable_response_storage=true` to get the equivalent functionality.
Under the hood, this works by loading the `config.toml` into a
`toml::Value`. Then for each `key=value`, we create a small synthetic
TOML file with `value` so that we can run the TOML parser to get the
equivalent `toml::Value`. We then parse `key` to determine the point in
the original `toml::Value` to do the insert/replace. Once all of the
overrides from `-c` args have been applied, the `toml::Value` is
deserialized into a `ConfigToml` and then the `ConfigOverrides` are
applied, as before.
2025-05-27 23:11:44 -07:00
2026-01-30 23:53:41 +00:00
let config = ConfigBuilder ::default ( )
. cli_overrides ( cli_kv_overrides )
. harness_overrides ( overrides )
. cloud_requirements ( cloud_requirements )
. build ( )
. await ? ;
2026-02-13 10:33:40 -08:00
#[ allow(clippy::print_stderr) ]
match check_execpolicy_for_warnings ( & config . config_layer_stack ) . await {
Ok ( None ) = > { }
Ok ( Some ( err ) ) | Err ( err ) = > {
eprintln! (
" Error loading rules: \n {} " ,
format_exec_policy_error_with_source ( & err )
) ;
std ::process ::exit ( 1 ) ;
}
}
2026-01-31 00:26:25 +00:00
set_default_client_residency_requirement ( config . enforce_residency . value ( ) ) ;
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
2026-01-08 11:43:56 -08:00
if let Err ( err ) = enforce_login_restrictions ( & config ) {
2025-10-20 08:50:54 -07:00
eprintln! ( " {err} " ) ;
std ::process ::exit ( 1 ) ;
}
2026-01-13 18:57:09 -07:00
let otel = match std ::panic ::catch_unwind ( std ::panic ::AssertUnwindSafe ( | | {
2026-02-27 18:22:54 -08:00
codex_core ::otel_init ::build_provider (
& config ,
env! ( " CARGO_PKG_VERSION " ) ,
None ,
DEFAULT_ANALYTICS_ENABLED ,
)
2026-01-13 18:57:09 -07:00
} ) ) {
Ok ( Ok ( otel ) ) = > otel ,
Ok ( Err ( e ) ) = > {
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
eprintln! ( " Could not create otel exporter: {e} " ) ;
2026-01-13 18:57:09 -07:00
None
}
Err ( _ ) = > {
eprintln! ( " Could not create otel exporter: panicked during initialization " ) ;
None
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
}
} ;
2025-12-12 17:07:17 -08:00
let otel_logger_layer = otel . as_ref ( ) . and_then ( | o | o . logger_layer ( ) ) ;
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
2025-12-12 17:07:17 -08:00
let otel_tracing_layer = otel . as_ref ( ) . and_then ( | o | o . tracing_layer ( ) ) ;
let _ = tracing_subscriber ::registry ( )
. with ( fmt_layer )
. with ( otel_tracing_layer )
. with ( otel_logger_layer )
. try_init ( ) ;
OpenTelemetry events (#2103)
### Title
## otel
Codex can emit [OpenTelemetry](https://opentelemetry.io/) **log events**
that
describe each run: outbound API requests, streamed responses, user
input,
tool-approval decisions, and the result of every tool invocation. Export
is
**disabled by default** so local runs remain self-contained. Opt in by
adding an
`[otel]` table and choosing an exporter.
```toml
[otel]
environment = "staging" # defaults to "dev"
exporter = "none" # defaults to "none"; set to otlp-http or otlp-grpc to send events
log_user_prompt = false # defaults to false; redact prompt text unless explicitly enabled
```
Codex tags every exported event with `service.name = "codex-cli"`, the
CLI
version, and an `env` attribute so downstream collectors can distinguish
dev/staging/prod traffic. Only telemetry produced inside the
`codex_otel`
crate—the events listed below—is forwarded to the exporter.
### Event catalog
Every event shares a common set of metadata fields: `event.timestamp`,
`conversation.id`, `app.version`, `auth_mode` (when available),
`user.account_id` (when available), `terminal.type`, `model`, and
`slug`.
With OTEL enabled Codex emits the following event types (in addition to
the
metadata above):
- `codex.api_request`
- `cf_ray` (optional)
- `attempt`
- `duration_ms`
- `http.response.status_code` (optional)
- `error.message` (failures)
- `codex.sse_event`
- `event.kind`
- `duration_ms`
- `error.message` (failures)
- `input_token_count` (completion only)
- `output_token_count` (completion only)
- `cached_token_count` (completion only, optional)
- `reasoning_token_count` (completion only, optional)
- `tool_token_count` (completion only)
- `codex.user_prompt`
- `prompt_length`
- `prompt` (redacted unless `log_user_prompt = true`)
- `codex.tool_decision`
- `tool_name`
- `call_id`
- `decision` (`approved`, `approved_for_session`, `denied`, or `abort`)
- `source` (`config` or `user`)
- `codex.tool_result`
- `tool_name`
- `call_id`
- `arguments`
- `duration_ms` (execution time for the tool)
- `success` (`"true"` or `"false"`)
- `output`
### Choosing an exporter
Set `otel.exporter` to control where events go:
- `none` – leaves instrumentation active but skips exporting. This is
the
default.
- `otlp-http` – posts OTLP log records to an OTLP/HTTP collector.
Specify the
endpoint, protocol, and headers your collector expects:
```toml
[otel]
exporter = { otlp-http = {
endpoint = "https://otel.example.com/v1/logs",
protocol = "binary",
headers = { "x-otlp-api-key" = "${OTLP_TOKEN}" }
}}
```
- `otlp-grpc` – streams OTLP log records over gRPC. Provide the endpoint
and any
metadata headers:
```toml
[otel]
exporter = { otlp-grpc = {
endpoint = "https://otel.example.com:4317",
headers = { "x-otlp-meta" = "abc123" }
}}
```
If the exporter is `none` nothing is written anywhere; otherwise you
must run or point to your
own collector. All exporters run on a background batch worker that is
flushed on
shutdown.
If you build Codex from source the OTEL crate is still behind an `otel`
feature
flag; the official prebuilt binaries ship with the feature enabled. When
the
feature is disabled the telemetry hooks become no-ops so the CLI
continues to
function without the extra dependencies.
---------
Co-authored-by: Anton Panasenko <apanasenko@openai.com>
2025-09-29 19:30:55 +01:00
2026-03-03 17:03:45 -08:00
let exec_span = exec_root_span ( ) ;
if let Some ( context ) = traceparent_context_from_env ( ) {
set_parent_from_context ( & exec_span , context ) ;
}
2026-03-08 18:43:55 -06:00
let config_warnings : Vec < ConfigWarningNotification > = config
. startup_warnings
. iter ( )
. map ( | warning | ConfigWarningNotification {
summary : warning . clone ( ) ,
details : None ,
path : None ,
range : None ,
} )
. collect ( ) ;
let in_process_start_args = InProcessClientStartArgs {
arg0_paths ,
config : std ::sync ::Arc ::new ( config . clone ( ) ) ,
cli_overrides : run_cli_overrides ,
loader_overrides : run_loader_overrides ,
cloud_requirements : run_cloud_requirements ,
feedback : CodexFeedback ::new ( ) ,
config_warnings ,
session_source : SessionSource ::Exec ,
enable_codex_api_key_env : true ,
client_name : " codex-exec " . to_string ( ) ,
client_version : env ! ( " CARGO_PKG_VERSION " ) . to_string ( ) ,
experimental_api : true ,
opt_out_notification_methods : Vec ::new ( ) ,
channel_capacity : DEFAULT_IN_PROCESS_CHANNEL_CAPACITY ,
} ;
2026-03-03 17:03:45 -08:00
run_exec_session ( ExecRunArgs {
2026-03-08 18:43:55 -06:00
in_process_start_args ,
2026-03-03 17:03:45 -08:00
command ,
config ,
cursor_ansi ,
dangerously_bypass_approvals_and_sandbox ,
exec_span : exec_span . clone ( ) ,
images ,
json_mode ,
last_message_file ,
model_provider ,
oss ,
output_schema_path ,
prompt ,
skip_git_repo_check ,
stderr_with_ansi ,
} )
. instrument ( exec_span )
. await
}
async fn run_exec_session ( args : ExecRunArgs ) -> anyhow ::Result < ( ) > {
let ExecRunArgs {
2026-03-08 18:43:55 -06:00
in_process_start_args ,
2026-03-03 17:03:45 -08:00
command ,
config ,
cursor_ansi ,
dangerously_bypass_approvals_and_sandbox ,
exec_span ,
images ,
json_mode ,
last_message_file ,
model_provider ,
oss ,
output_schema_path ,
prompt ,
skip_git_repo_check ,
stderr_with_ansi ,
} = args ;
Remove legacy codex exec --json format (#4525)
`codex exec --json` now maps to the behavior of `codex exec
--experimental-json` with new event and item shapes.
Thread events:
- thread.started
- turn.started
- turn.completed
- turn.failed
- item.started
- item.updated
- item.completed
Item types:
- assistant_message
- reasoning
- command_execution
- file_change
- mcp_tool_call
- web_search
- todo_list
- error
Sample output:
<details>
`codex exec "list my assigned github issues" --json | jq`
```
{
"type": "thread.started",
"thread_id": "01999ce5-f229-7661-8570-53312bd47ea3"
}
{
"type": "turn.started"
}
{
"type": "item.completed",
"item": {
"id": "item_0",
"item_type": "reasoning",
"text": "**Planning to list assigned GitHub issues**"
}
}
{
"type": "item.started",
"item": {
"id": "item_1",
"item_type": "mcp_tool_call",
"server": "github",
"tool": "search_issues",
"status": "in_progress"
}
}
{
"type": "item.completed",
"item": {
"id": "item_1",
"item_type": "mcp_tool_call",
"server": "github",
"tool": "search_issues",
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "item_2",
"item_type": "reasoning",
"text": "**Organizing final message structure**"
}
}
{
"type": "item.completed",
"item": {
"id": "item_3",
"item_type": "assistant_message",
"text": "**Assigned Issues**\n- openai/codex#3267 – “stream error: stream disconnected before completion…” (bug) – last update 2025-09-08\n- openai/codex#3257 – “You've hit your usage limit. Try again in 4 days 20 hours 9 minutes.” – last update 2025-09-23\n- openai/codex#3054 – “reqwest SSL panic (library has no ciphers)” (bug) – last update 2025-09-03\n- openai/codex#3051 – “thread 'main' panicked at linux-sandbox/src/linux_run_main.rs:53:5:” (bug) – last update 2025-09-10\n- openai/codex#3004 – “Auto-compact when approaching context limit” (enhancement) – last update 2025-09-26\n- openai/codex#2916 – “Feature request: Add OpenAI service tier support for cost optimization” – last update 2025-09-12\n- openai/codex#1581 – “stream error: stream disconnected before completion: stream closed before response.complete; retrying...” (bug) – last update 2025-09-17"
}
}
{
"type": "turn.completed",
"usage": {
"input_tokens": 34785,
"cached_input_tokens": 12544,
"output_tokens": 560
}
}
```
</details>
2025-09-30 17:21:37 -07:00
let mut event_processor : Box < dyn EventProcessor > = match json_mode {
true = > Box ::new ( EventProcessorWithJsonOutput ::new ( last_message_file . clone ( ) ) ) ,
Add explicit codex exec events (#4177)
This pull request add a new experimental format of JSON output.
You can try it using `codex exec --experimental-json`.
Design takes a lot of inspiration from Responses API items and stream
format.
# Session and items
Each invocation of `codex exec` starts or resumes a session.
Session contains multiple high-level item types:
1. Assistant message
2. Assistant thinking
3. Command execution
4. File changes
5. To-do lists
6. etc.
# Events
Session and items are going through their life cycles which is
represented by events.
Session is `session.created` or `session.resumed`
Items are `item.added`, `item.updated`, `item.completed`,
`item.require_approval` (or other item types like `item.output_delta`
when we need streaming).
So a typical session can look like:
<details>
```
{
"type": "session.created",
"session_id": "01997dac-9581-7de3-b6a0-1df8256f2752"
}
{
"type": "item.completed",
"item": {
"id": "itm_0",
"item_type": "assistant_message",
"text": "I’ll locate the top-level README and remove its first line. Then I’ll show a quick summary of what changed."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_1",
"item_type": "command_execution",
"command": "bash -lc ls -la | sed -n '1,200p'",
"aggregated_output": "pyenv: cannot rehash: /Users/pakrym/.pyenv/shims isn't writable\ntotal 192\ndrwxr-xr-x@ 33 pakrym staff 1056 Sep 24 14:36 .\ndrwxr-xr-x 41 pakrym staff 1312 Sep 24 09:17 ..\n-rw-r--r--@ 1 pakrym staff 6 Jul 9 16:16 .codespellignore\n-rw-r--r--@ 1 pakrym staff 258 Aug 13 09:40 .codespellrc\ndrwxr-xr-x@ 5 pakrym staff 160 Jul 23 08:26 .devcontainer\n-rw-r--r--@ 1 pakrym staff 6148 Jul 22 10:03 .DS_Store\ndrwxr-xr-x@ 15 pakrym staff 480 Sep 24 14:38 .git\ndrwxr-xr-x@ 12 pakrym staff 384 Sep 2 16:00 .github\n-rw-r--r--@ 1 pakrym staff 778 Jul 9 16:16 .gitignore\ndrwxr-xr-x@ 3 pakrym staff 96 Aug 11 09:37 .husky\n-rw-r--r--@ 1 pakrym staff 104 Jul 9 16:16 .npmrc\n-rw-r--r--@ 1 pakrym staff 96 Sep 2 08:52 .prettierignore\n-rw-r--r--@ 1 pakrym staff 170 Jul 9 16:16 .prettierrc.toml\ndrwxr-xr-x@ 5 pakrym staff 160 Sep 14 17:43 .vscode\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:37 2025-09-11\n-rw-r--r--@ 1 pakrym staff 5505 Sep 18 09:28 AGENTS.md\n-rw-r--r--@ 1 pakrym staff 92 Sep 2 08:52 CHANGELOG.md\n-rw-r--r--@ 1 pakrym staff 1145 Jul 9 16:16 cliff.toml\ndrwxr-xr-x@ 11 pakrym staff 352 Sep 24 13:03 codex-cli\ndrwxr-xr-x@ 38 pakrym staff 1216 Sep 24 14:38 codex-rs\ndrwxr-xr-x@ 18 pakrym staff 576 Sep 23 11:01 docs\n-rw-r--r--@ 1 pakrym staff 2038 Jul 9 16:16 flake.lock\n-rw-r--r--@ 1 pakrym staff 1434 Jul 9 16:16 flake.nix\n-rw-r--r--@ 1 pakrym staff 10926 Jul 9 16:16 LICENSE\ndrwxr-xr-x@ 465 pakrym staff 14880 Jul 15 07:36 node_modules\n-rw-r--r--@ 1 pakrym staff 242 Aug 5 08:25 NOTICE\n-rw-r--r--@ 1 pakrym staff 578 Aug 14 12:31 package.json\n-rw-r--r--@ 1 pakrym staff 498 Aug 11 09:37 pnpm-lock.yaml\n-rw-r--r--@ 1 pakrym staff 58 Aug 11 09:37 pnpm-workspace.yaml\n-rw-r--r--@ 1 pakrym staff 2402 Jul 9 16:16 PNPM.md\n-rw-r--r--@ 1 pakrym staff 4393 Sep 12 14:36 README.md\ndrwxr-xr-x@ 4 pakrym staff 128 Sep 18 09:28 scripts\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:34 tmp\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_2",
"item_type": "reasoning",
"text": "**Reviewing README.md file**\n\nI've located the README.md file at the root, and it’s 4393 bytes. Now, I need to remove the first line, but first, I should check its content to make sure I’m patching it correctly. I’ll use sed to display the first 20 lines. By reviewing those lines, I can determine exactly what needs to be removed before I proceed with the editing. Let's do this carefully!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_3",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,40p' README.md",
"aggregated_output": "<h1 align=\"center\">OpenAI Codex CLI</h1>\n\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n```shell\nnpm install -g @openai/codex\n```\n\nAlternatively, if you use Homebrew:\n\n```shell\nbrew install codex\n```\n\nThen simply run `codex` to get started:\n\n```shell\ncodex\n```\n\n<details>\n<summary>You can also go to the <a href=\"https://github.com/openai/codex/releases/latest\">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_4",
"item_type": "reasoning",
"text": "**Updating README file**\n\nThe user wants to update the README by removing the first line, which is an HTML h1 tag. I'll proceed to delete that line while keeping the rest intact. To do this, I need to use the apply_patch tool and create a patch in the diff format. I’ll take care to include context lines around the change. After removing the header, I’m considering whether to delete the following blank line as well to keep it tidy."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_5",
"item_type": "reasoning",
"text": "**Crafting the patch**\n\nThe user has asked to remove just the first line, without mentioning the blank lines. Technically, leaving a blank line at the start is acceptable, but it's not ideal. Ideally, I'd prefer to remove the first line while maintaining the subsequent blank line. However, if I can also remove that blank line, it could tidy things up even more. Still, since the user's request is strictly to remove only the first line, I'll stick to that and craft the patch accordingly."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_6",
"item_type": "assistant_message",
"text": "Applying the change by removing the first line from `README.md`."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_7",
"item_type": "file_change",
"changes": [
{
"path": "/Users/pakrym/code/codex/README.md",
"kind": "update"
}
],
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_8",
"item_type": "reasoning",
"text": "**Validating README Update**\n\nI updated the README.md and now I need to validate that the first line has been successfully removed. To do this, I'll check the first 10 lines of the document to ensure everything looks correct. It’s always good to double-check these kinds of changes, so I’m going to take that extra step to make sure the update was executed properly. Let's see what those initial lines say!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_9",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,20p' README.md",
"aggregated_output": "\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_10",
"item_type": "assistant_message",
"text": "- Updated `README.md:1` by removing the opening H1 line.\n- The README now starts with the install instructions paragraph.\n\nWant me to also remove the leading blank line at the top?"
}
}
```
</details>
The idea is to give users fully formatted items they can use directly in
their rendering/application logic and avoid having them building up
items manually based on events (unless they want to for streaming).
This PR implements only the `item.completed` payload for some event
types, more event types and item types to come.
---------
Co-authored-by: Michael Bolin <mbolin@openai.com>
2025-09-25 10:47:09 -07:00
_ = > Box ::new ( EventProcessorWithHumanOutput ::create_with_ansi (
2026-02-24 16:00:19 -05:00
stderr_with_ansi ,
cursor_ansi ,
2025-07-17 15:10:15 -07:00
& config ,
2025-07-23 15:03:26 -07:00
last_message_file . clone ( ) ,
Add explicit codex exec events (#4177)
This pull request add a new experimental format of JSON output.
You can try it using `codex exec --experimental-json`.
Design takes a lot of inspiration from Responses API items and stream
format.
# Session and items
Each invocation of `codex exec` starts or resumes a session.
Session contains multiple high-level item types:
1. Assistant message
2. Assistant thinking
3. Command execution
4. File changes
5. To-do lists
6. etc.
# Events
Session and items are going through their life cycles which is
represented by events.
Session is `session.created` or `session.resumed`
Items are `item.added`, `item.updated`, `item.completed`,
`item.require_approval` (or other item types like `item.output_delta`
when we need streaming).
So a typical session can look like:
<details>
```
{
"type": "session.created",
"session_id": "01997dac-9581-7de3-b6a0-1df8256f2752"
}
{
"type": "item.completed",
"item": {
"id": "itm_0",
"item_type": "assistant_message",
"text": "I’ll locate the top-level README and remove its first line. Then I’ll show a quick summary of what changed."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_1",
"item_type": "command_execution",
"command": "bash -lc ls -la | sed -n '1,200p'",
"aggregated_output": "pyenv: cannot rehash: /Users/pakrym/.pyenv/shims isn't writable\ntotal 192\ndrwxr-xr-x@ 33 pakrym staff 1056 Sep 24 14:36 .\ndrwxr-xr-x 41 pakrym staff 1312 Sep 24 09:17 ..\n-rw-r--r--@ 1 pakrym staff 6 Jul 9 16:16 .codespellignore\n-rw-r--r--@ 1 pakrym staff 258 Aug 13 09:40 .codespellrc\ndrwxr-xr-x@ 5 pakrym staff 160 Jul 23 08:26 .devcontainer\n-rw-r--r--@ 1 pakrym staff 6148 Jul 22 10:03 .DS_Store\ndrwxr-xr-x@ 15 pakrym staff 480 Sep 24 14:38 .git\ndrwxr-xr-x@ 12 pakrym staff 384 Sep 2 16:00 .github\n-rw-r--r--@ 1 pakrym staff 778 Jul 9 16:16 .gitignore\ndrwxr-xr-x@ 3 pakrym staff 96 Aug 11 09:37 .husky\n-rw-r--r--@ 1 pakrym staff 104 Jul 9 16:16 .npmrc\n-rw-r--r--@ 1 pakrym staff 96 Sep 2 08:52 .prettierignore\n-rw-r--r--@ 1 pakrym staff 170 Jul 9 16:16 .prettierrc.toml\ndrwxr-xr-x@ 5 pakrym staff 160 Sep 14 17:43 .vscode\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:37 2025-09-11\n-rw-r--r--@ 1 pakrym staff 5505 Sep 18 09:28 AGENTS.md\n-rw-r--r--@ 1 pakrym staff 92 Sep 2 08:52 CHANGELOG.md\n-rw-r--r--@ 1 pakrym staff 1145 Jul 9 16:16 cliff.toml\ndrwxr-xr-x@ 11 pakrym staff 352 Sep 24 13:03 codex-cli\ndrwxr-xr-x@ 38 pakrym staff 1216 Sep 24 14:38 codex-rs\ndrwxr-xr-x@ 18 pakrym staff 576 Sep 23 11:01 docs\n-rw-r--r--@ 1 pakrym staff 2038 Jul 9 16:16 flake.lock\n-rw-r--r--@ 1 pakrym staff 1434 Jul 9 16:16 flake.nix\n-rw-r--r--@ 1 pakrym staff 10926 Jul 9 16:16 LICENSE\ndrwxr-xr-x@ 465 pakrym staff 14880 Jul 15 07:36 node_modules\n-rw-r--r--@ 1 pakrym staff 242 Aug 5 08:25 NOTICE\n-rw-r--r--@ 1 pakrym staff 578 Aug 14 12:31 package.json\n-rw-r--r--@ 1 pakrym staff 498 Aug 11 09:37 pnpm-lock.yaml\n-rw-r--r--@ 1 pakrym staff 58 Aug 11 09:37 pnpm-workspace.yaml\n-rw-r--r--@ 1 pakrym staff 2402 Jul 9 16:16 PNPM.md\n-rw-r--r--@ 1 pakrym staff 4393 Sep 12 14:36 README.md\ndrwxr-xr-x@ 4 pakrym staff 128 Sep 18 09:28 scripts\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:34 tmp\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_2",
"item_type": "reasoning",
"text": "**Reviewing README.md file**\n\nI've located the README.md file at the root, and it’s 4393 bytes. Now, I need to remove the first line, but first, I should check its content to make sure I’m patching it correctly. I’ll use sed to display the first 20 lines. By reviewing those lines, I can determine exactly what needs to be removed before I proceed with the editing. Let's do this carefully!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_3",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,40p' README.md",
"aggregated_output": "<h1 align=\"center\">OpenAI Codex CLI</h1>\n\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n```shell\nnpm install -g @openai/codex\n```\n\nAlternatively, if you use Homebrew:\n\n```shell\nbrew install codex\n```\n\nThen simply run `codex` to get started:\n\n```shell\ncodex\n```\n\n<details>\n<summary>You can also go to the <a href=\"https://github.com/openai/codex/releases/latest\">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_4",
"item_type": "reasoning",
"text": "**Updating README file**\n\nThe user wants to update the README by removing the first line, which is an HTML h1 tag. I'll proceed to delete that line while keeping the rest intact. To do this, I need to use the apply_patch tool and create a patch in the diff format. I’ll take care to include context lines around the change. After removing the header, I’m considering whether to delete the following blank line as well to keep it tidy."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_5",
"item_type": "reasoning",
"text": "**Crafting the patch**\n\nThe user has asked to remove just the first line, without mentioning the blank lines. Technically, leaving a blank line at the start is acceptable, but it's not ideal. Ideally, I'd prefer to remove the first line while maintaining the subsequent blank line. However, if I can also remove that blank line, it could tidy things up even more. Still, since the user's request is strictly to remove only the first line, I'll stick to that and craft the patch accordingly."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_6",
"item_type": "assistant_message",
"text": "Applying the change by removing the first line from `README.md`."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_7",
"item_type": "file_change",
"changes": [
{
"path": "/Users/pakrym/code/codex/README.md",
"kind": "update"
}
],
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_8",
"item_type": "reasoning",
"text": "**Validating README Update**\n\nI updated the README.md and now I need to validate that the first line has been successfully removed. To do this, I'll check the first 10 lines of the document to ensure everything looks correct. It’s always good to double-check these kinds of changes, so I’m going to take that extra step to make sure the update was executed properly. Let's see what those initial lines say!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_9",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,20p' README.md",
"aggregated_output": "\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_10",
"item_type": "assistant_message",
"text": "- Updated `README.md:1` by removing the opening H1 line.\n- The README now starts with the install instructions paragraph.\n\nWant me to also remove the leading blank line at the top?"
}
}
```
</details>
The idea is to give users fully formatted items they can use directly in
their rendering/application logic and avoid having them building up
items manually based on events (unless they want to for streaming).
This PR implements only the `item.completed` payload for some event
types, more event types and item types to come.
---------
Co-authored-by: Michael Bolin <mbolin@openai.com>
2025-09-25 10:47:09 -07:00
) ) ,
2025-07-17 15:10:15 -07:00
} ;
2026-02-06 17:14:37 +01:00
let required_mcp_servers : HashSet < String > = config
. mcp_servers
. get ( )
. iter ( )
. filter ( | ( _ , server ) | server . enabled & & server . required )
. map ( | ( name , _ ) | name . clone ( ) )
. collect ( ) ;
2025-07-17 15:10:15 -07:00
2025-08-05 13:55:32 -07:00
if oss {
2025-11-17 14:49:09 -05:00
// We're in the oss section, so provider_id should be Some
// Let's handle None case gracefully though just in case
let provider_id = match model_provider . as_ref ( ) {
Some ( id ) = > id ,
None = > {
error! ( " OSS provider unexpectedly not set when oss flag is used " ) ;
return Err ( anyhow ::anyhow! (
" OSS provider not set but oss flag was used "
) ) ;
}
} ;
ensure_oss_provider_ready ( provider_id , & config )
2025-08-05 13:55:32 -07:00
. await
. map_err ( | e | anyhow ::anyhow! ( " OSS setup failed: {e} " ) ) ? ;
}
2025-09-23 13:59:16 -07:00
let default_cwd = config . cwd . to_path_buf ( ) ;
2026-02-12 14:42:54 -08:00
let default_approval_policy = config . permissions . approval_policy . value ( ) ;
let default_sandbox_policy = config . permissions . sandbox_policy . get ( ) ;
2025-09-23 13:59:16 -07:00
let default_effort = config . model_reasoning_effort ;
2026-01-24 04:05:20 +08:00
// When --yolo (dangerously_bypass_approvals_and_sandbox) is set, also skip the git repo check
// since the user is explicitly running in an externally sandboxed environment.
if ! skip_git_repo_check
& & ! dangerously_bypass_approvals_and_sandbox
& & get_git_repo_root ( & default_cwd ) . is_none ( )
{
2025-08-07 09:27:38 -07:00
eprintln! ( " Not inside a trusted directory and --skip-git-repo-check was not specified. " ) ;
2025-05-04 11:39:10 -07:00
std ::process ::exit ( 1 ) ;
}
2026-03-08 18:43:55 -06:00
let mut request_ids = RequestIdSequencer ::new ( ) ;
let mut client = InProcessAppServerClient ::start ( in_process_start_args )
. await
. map_err ( | err | {
anyhow ::anyhow! ( " failed to initialize in-process app-server client: {err} " )
} ) ? ;
2025-09-14 19:33:19 -04:00
// Handle resume subcommand by resolving a rollout path and using explicit resume API.
2026-03-08 18:43:55 -06:00
let ( primary_thread_id , fallback_session_configured ) =
if let Some ( ExecCommand ::Resume ( args ) ) = command . as_ref ( ) {
let resume_path = resolve_resume_path ( & config , args ) . await ? ;
if let Some ( path ) = resume_path {
let response : ThreadResumeResponse = send_request_with_response (
& client ,
ClientRequest ::ThreadResume {
request_id : request_ids . next ( ) ,
params : thread_resume_params_from_config ( & config , Some ( path ) ) ,
} ,
" thread/resume " ,
)
. await
. map_err ( anyhow ::Error ::msg ) ? ;
let session_configured = session_configured_from_thread_resume_response ( & response )
. map_err ( anyhow ::Error ::msg ) ? ;
( session_configured . session_id , session_configured )
} else {
let response : ThreadStartResponse = send_request_with_response (
& client ,
ClientRequest ::ThreadStart {
request_id : request_ids . next ( ) ,
params : thread_start_params_from_config ( & config ) ,
} ,
" thread/start " ,
)
. await
. map_err ( anyhow ::Error ::msg ) ? ;
let session_configured = session_configured_from_thread_start_response ( & response )
. map_err ( anyhow ::Error ::msg ) ? ;
( session_configured . session_id , session_configured )
}
2025-09-14 19:33:19 -04:00
} else {
2026-03-08 18:43:55 -06:00
let response : ThreadStartResponse = send_request_with_response (
& client ,
ClientRequest ::ThreadStart {
request_id : request_ids . next ( ) ,
params : thread_start_params_from_config ( & config ) ,
} ,
" thread/start " ,
)
. await
. map_err ( anyhow ::Error ::msg ) ? ;
let session_configured = session_configured_from_thread_start_response ( & response )
. map_err ( anyhow ::Error ::msg ) ? ;
( session_configured . session_id , session_configured )
} ;
2026-03-03 17:03:45 -08:00
let primary_thread_id_for_span = primary_thread_id . to_string ( ) ;
2026-03-08 18:43:55 -06:00
let mut buffered_events = VecDeque ::new ( ) ;
// Use the start/resume response as the authoritative bootstrap payload.
// Waiting for a later streamed `SessionConfigured` event adds up to 10s of
// avoidable startup latency on the in-process path.
let session_configured = fallback_session_configured ;
2026-03-03 17:03:45 -08:00
exec_span . record ( " thread.id " , primary_thread_id_for_span . as_str ( ) ) ;
2026-03-08 18:43:55 -06:00
let ( initial_operation , prompt_summary ) = match ( command . as_ref ( ) , prompt , images ) {
2025-12-02 11:26:27 +00:00
( Some ( ExecCommand ::Review ( review_cli ) ) , _ , _ ) = > {
let review_request = build_review_request ( review_cli ) ? ;
let summary = codex_core ::review_prompts ::user_facing_hint ( & review_request . target ) ;
( InitialOperation ::Review { review_request } , summary )
}
( Some ( ExecCommand ::Resume ( args ) ) , root_prompt , imgs ) = > {
let prompt_arg = args
. prompt
. clone ( )
. or_else ( | | {
if args . last {
args . session_id . clone ( )
} else {
None
}
} )
. or ( root_prompt ) ;
let prompt_text = resolve_prompt ( prompt_arg ) ;
let mut items : Vec < UserInput > = imgs
. into_iter ( )
2026-03-08 18:43:55 -06:00
. chain ( args . images . iter ( ) . cloned ( ) )
2025-12-02 11:26:27 +00:00
. map ( | path | UserInput ::LocalImage { path } )
. collect ( ) ;
items . push ( UserInput ::Text {
text : prompt_text . clone ( ) ,
2026-01-19 23:49:34 -08:00
// CLI input doesn't track UI element ranges, so none are available here.
2026-01-14 16:41:50 -08:00
text_elements : Vec ::new ( ) ,
2025-12-02 11:26:27 +00:00
} ) ;
let output_schema = load_output_schema ( output_schema_path . clone ( ) ) ;
(
InitialOperation ::UserTurn {
items ,
output_schema ,
} ,
prompt_text ,
)
}
( None , root_prompt , imgs ) = > {
let prompt_text = resolve_prompt ( root_prompt ) ;
let mut items : Vec < UserInput > = imgs
. into_iter ( )
. map ( | path | UserInput ::LocalImage { path } )
. collect ( ) ;
items . push ( UserInput ::Text {
text : prompt_text . clone ( ) ,
2026-01-19 23:49:34 -08:00
// CLI input doesn't track UI element ranges, so none are available here.
2026-01-14 16:41:50 -08:00
text_elements : Vec ::new ( ) ,
2025-12-02 11:26:27 +00:00
} ) ;
let output_schema = load_output_schema ( output_schema_path ) ;
(
InitialOperation ::UserTurn {
items ,
output_schema ,
} ,
prompt_text ,
)
}
} ;
// Print the effective configuration and initial request so users can see what Codex
Add explicit codex exec events (#4177)
This pull request add a new experimental format of JSON output.
You can try it using `codex exec --experimental-json`.
Design takes a lot of inspiration from Responses API items and stream
format.
# Session and items
Each invocation of `codex exec` starts or resumes a session.
Session contains multiple high-level item types:
1. Assistant message
2. Assistant thinking
3. Command execution
4. File changes
5. To-do lists
6. etc.
# Events
Session and items are going through their life cycles which is
represented by events.
Session is `session.created` or `session.resumed`
Items are `item.added`, `item.updated`, `item.completed`,
`item.require_approval` (or other item types like `item.output_delta`
when we need streaming).
So a typical session can look like:
<details>
```
{
"type": "session.created",
"session_id": "01997dac-9581-7de3-b6a0-1df8256f2752"
}
{
"type": "item.completed",
"item": {
"id": "itm_0",
"item_type": "assistant_message",
"text": "I’ll locate the top-level README and remove its first line. Then I’ll show a quick summary of what changed."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_1",
"item_type": "command_execution",
"command": "bash -lc ls -la | sed -n '1,200p'",
"aggregated_output": "pyenv: cannot rehash: /Users/pakrym/.pyenv/shims isn't writable\ntotal 192\ndrwxr-xr-x@ 33 pakrym staff 1056 Sep 24 14:36 .\ndrwxr-xr-x 41 pakrym staff 1312 Sep 24 09:17 ..\n-rw-r--r--@ 1 pakrym staff 6 Jul 9 16:16 .codespellignore\n-rw-r--r--@ 1 pakrym staff 258 Aug 13 09:40 .codespellrc\ndrwxr-xr-x@ 5 pakrym staff 160 Jul 23 08:26 .devcontainer\n-rw-r--r--@ 1 pakrym staff 6148 Jul 22 10:03 .DS_Store\ndrwxr-xr-x@ 15 pakrym staff 480 Sep 24 14:38 .git\ndrwxr-xr-x@ 12 pakrym staff 384 Sep 2 16:00 .github\n-rw-r--r--@ 1 pakrym staff 778 Jul 9 16:16 .gitignore\ndrwxr-xr-x@ 3 pakrym staff 96 Aug 11 09:37 .husky\n-rw-r--r--@ 1 pakrym staff 104 Jul 9 16:16 .npmrc\n-rw-r--r--@ 1 pakrym staff 96 Sep 2 08:52 .prettierignore\n-rw-r--r--@ 1 pakrym staff 170 Jul 9 16:16 .prettierrc.toml\ndrwxr-xr-x@ 5 pakrym staff 160 Sep 14 17:43 .vscode\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:37 2025-09-11\n-rw-r--r--@ 1 pakrym staff 5505 Sep 18 09:28 AGENTS.md\n-rw-r--r--@ 1 pakrym staff 92 Sep 2 08:52 CHANGELOG.md\n-rw-r--r--@ 1 pakrym staff 1145 Jul 9 16:16 cliff.toml\ndrwxr-xr-x@ 11 pakrym staff 352 Sep 24 13:03 codex-cli\ndrwxr-xr-x@ 38 pakrym staff 1216 Sep 24 14:38 codex-rs\ndrwxr-xr-x@ 18 pakrym staff 576 Sep 23 11:01 docs\n-rw-r--r--@ 1 pakrym staff 2038 Jul 9 16:16 flake.lock\n-rw-r--r--@ 1 pakrym staff 1434 Jul 9 16:16 flake.nix\n-rw-r--r--@ 1 pakrym staff 10926 Jul 9 16:16 LICENSE\ndrwxr-xr-x@ 465 pakrym staff 14880 Jul 15 07:36 node_modules\n-rw-r--r--@ 1 pakrym staff 242 Aug 5 08:25 NOTICE\n-rw-r--r--@ 1 pakrym staff 578 Aug 14 12:31 package.json\n-rw-r--r--@ 1 pakrym staff 498 Aug 11 09:37 pnpm-lock.yaml\n-rw-r--r--@ 1 pakrym staff 58 Aug 11 09:37 pnpm-workspace.yaml\n-rw-r--r--@ 1 pakrym staff 2402 Jul 9 16:16 PNPM.md\n-rw-r--r--@ 1 pakrym staff 4393 Sep 12 14:36 README.md\ndrwxr-xr-x@ 4 pakrym staff 128 Sep 18 09:28 scripts\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:34 tmp\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_2",
"item_type": "reasoning",
"text": "**Reviewing README.md file**\n\nI've located the README.md file at the root, and it’s 4393 bytes. Now, I need to remove the first line, but first, I should check its content to make sure I’m patching it correctly. I’ll use sed to display the first 20 lines. By reviewing those lines, I can determine exactly what needs to be removed before I proceed with the editing. Let's do this carefully!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_3",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,40p' README.md",
"aggregated_output": "<h1 align=\"center\">OpenAI Codex CLI</h1>\n\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n```shell\nnpm install -g @openai/codex\n```\n\nAlternatively, if you use Homebrew:\n\n```shell\nbrew install codex\n```\n\nThen simply run `codex` to get started:\n\n```shell\ncodex\n```\n\n<details>\n<summary>You can also go to the <a href=\"https://github.com/openai/codex/releases/latest\">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_4",
"item_type": "reasoning",
"text": "**Updating README file**\n\nThe user wants to update the README by removing the first line, which is an HTML h1 tag. I'll proceed to delete that line while keeping the rest intact. To do this, I need to use the apply_patch tool and create a patch in the diff format. I’ll take care to include context lines around the change. After removing the header, I’m considering whether to delete the following blank line as well to keep it tidy."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_5",
"item_type": "reasoning",
"text": "**Crafting the patch**\n\nThe user has asked to remove just the first line, without mentioning the blank lines. Technically, leaving a blank line at the start is acceptable, but it's not ideal. Ideally, I'd prefer to remove the first line while maintaining the subsequent blank line. However, if I can also remove that blank line, it could tidy things up even more. Still, since the user's request is strictly to remove only the first line, I'll stick to that and craft the patch accordingly."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_6",
"item_type": "assistant_message",
"text": "Applying the change by removing the first line from `README.md`."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_7",
"item_type": "file_change",
"changes": [
{
"path": "/Users/pakrym/code/codex/README.md",
"kind": "update"
}
],
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_8",
"item_type": "reasoning",
"text": "**Validating README Update**\n\nI updated the README.md and now I need to validate that the first line has been successfully removed. To do this, I'll check the first 10 lines of the document to ensure everything looks correct. It’s always good to double-check these kinds of changes, so I’m going to take that extra step to make sure the update was executed properly. Let's see what those initial lines say!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_9",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,20p' README.md",
"aggregated_output": "\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_10",
"item_type": "assistant_message",
"text": "- Updated `README.md:1` by removing the opening H1 line.\n- The README now starts with the install instructions paragraph.\n\nWant me to also remove the leading blank line at the top?"
}
}
```
</details>
The idea is to give users fully formatted items they can use directly in
their rendering/application logic and avoid having them building up
items manually based on events (unless they want to for streaming).
This PR implements only the `item.completed` payload for some event
types, more event types and item types to come.
---------
Co-authored-by: Michael Bolin <mbolin@openai.com>
2025-09-25 10:47:09 -07:00
// is using.
2025-12-02 11:26:27 +00:00
event_processor . print_config_summary ( & config , & prompt_summary , & session_configured ) ;
Add explicit codex exec events (#4177)
This pull request add a new experimental format of JSON output.
You can try it using `codex exec --experimental-json`.
Design takes a lot of inspiration from Responses API items and stream
format.
# Session and items
Each invocation of `codex exec` starts or resumes a session.
Session contains multiple high-level item types:
1. Assistant message
2. Assistant thinking
3. Command execution
4. File changes
5. To-do lists
6. etc.
# Events
Session and items are going through their life cycles which is
represented by events.
Session is `session.created` or `session.resumed`
Items are `item.added`, `item.updated`, `item.completed`,
`item.require_approval` (or other item types like `item.output_delta`
when we need streaming).
So a typical session can look like:
<details>
```
{
"type": "session.created",
"session_id": "01997dac-9581-7de3-b6a0-1df8256f2752"
}
{
"type": "item.completed",
"item": {
"id": "itm_0",
"item_type": "assistant_message",
"text": "I’ll locate the top-level README and remove its first line. Then I’ll show a quick summary of what changed."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_1",
"item_type": "command_execution",
"command": "bash -lc ls -la | sed -n '1,200p'",
"aggregated_output": "pyenv: cannot rehash: /Users/pakrym/.pyenv/shims isn't writable\ntotal 192\ndrwxr-xr-x@ 33 pakrym staff 1056 Sep 24 14:36 .\ndrwxr-xr-x 41 pakrym staff 1312 Sep 24 09:17 ..\n-rw-r--r--@ 1 pakrym staff 6 Jul 9 16:16 .codespellignore\n-rw-r--r--@ 1 pakrym staff 258 Aug 13 09:40 .codespellrc\ndrwxr-xr-x@ 5 pakrym staff 160 Jul 23 08:26 .devcontainer\n-rw-r--r--@ 1 pakrym staff 6148 Jul 22 10:03 .DS_Store\ndrwxr-xr-x@ 15 pakrym staff 480 Sep 24 14:38 .git\ndrwxr-xr-x@ 12 pakrym staff 384 Sep 2 16:00 .github\n-rw-r--r--@ 1 pakrym staff 778 Jul 9 16:16 .gitignore\ndrwxr-xr-x@ 3 pakrym staff 96 Aug 11 09:37 .husky\n-rw-r--r--@ 1 pakrym staff 104 Jul 9 16:16 .npmrc\n-rw-r--r--@ 1 pakrym staff 96 Sep 2 08:52 .prettierignore\n-rw-r--r--@ 1 pakrym staff 170 Jul 9 16:16 .prettierrc.toml\ndrwxr-xr-x@ 5 pakrym staff 160 Sep 14 17:43 .vscode\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:37 2025-09-11\n-rw-r--r--@ 1 pakrym staff 5505 Sep 18 09:28 AGENTS.md\n-rw-r--r--@ 1 pakrym staff 92 Sep 2 08:52 CHANGELOG.md\n-rw-r--r--@ 1 pakrym staff 1145 Jul 9 16:16 cliff.toml\ndrwxr-xr-x@ 11 pakrym staff 352 Sep 24 13:03 codex-cli\ndrwxr-xr-x@ 38 pakrym staff 1216 Sep 24 14:38 codex-rs\ndrwxr-xr-x@ 18 pakrym staff 576 Sep 23 11:01 docs\n-rw-r--r--@ 1 pakrym staff 2038 Jul 9 16:16 flake.lock\n-rw-r--r--@ 1 pakrym staff 1434 Jul 9 16:16 flake.nix\n-rw-r--r--@ 1 pakrym staff 10926 Jul 9 16:16 LICENSE\ndrwxr-xr-x@ 465 pakrym staff 14880 Jul 15 07:36 node_modules\n-rw-r--r--@ 1 pakrym staff 242 Aug 5 08:25 NOTICE\n-rw-r--r--@ 1 pakrym staff 578 Aug 14 12:31 package.json\n-rw-r--r--@ 1 pakrym staff 498 Aug 11 09:37 pnpm-lock.yaml\n-rw-r--r--@ 1 pakrym staff 58 Aug 11 09:37 pnpm-workspace.yaml\n-rw-r--r--@ 1 pakrym staff 2402 Jul 9 16:16 PNPM.md\n-rw-r--r--@ 1 pakrym staff 4393 Sep 12 14:36 README.md\ndrwxr-xr-x@ 4 pakrym staff 128 Sep 18 09:28 scripts\ndrwxr-xr-x@ 2 pakrym staff 64 Sep 11 11:34 tmp\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_2",
"item_type": "reasoning",
"text": "**Reviewing README.md file**\n\nI've located the README.md file at the root, and it’s 4393 bytes. Now, I need to remove the first line, but first, I should check its content to make sure I’m patching it correctly. I’ll use sed to display the first 20 lines. By reviewing those lines, I can determine exactly what needs to be removed before I proceed with the editing. Let's do this carefully!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_3",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,40p' README.md",
"aggregated_output": "<h1 align=\"center\">OpenAI Codex CLI</h1>\n\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n```shell\nnpm install -g @openai/codex\n```\n\nAlternatively, if you use Homebrew:\n\n```shell\nbrew install codex\n```\n\nThen simply run `codex` to get started:\n\n```shell\ncodex\n```\n\n<details>\n<summary>You can also go to the <a href=\"https://github.com/openai/codex/releases/latest\">latest GitHub Release</a> and download the appropriate binary for your platform.</summary>\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_4",
"item_type": "reasoning",
"text": "**Updating README file**\n\nThe user wants to update the README by removing the first line, which is an HTML h1 tag. I'll proceed to delete that line while keeping the rest intact. To do this, I need to use the apply_patch tool and create a patch in the diff format. I’ll take care to include context lines around the change. After removing the header, I’m considering whether to delete the following blank line as well to keep it tidy."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_5",
"item_type": "reasoning",
"text": "**Crafting the patch**\n\nThe user has asked to remove just the first line, without mentioning the blank lines. Technically, leaving a blank line at the start is acceptable, but it's not ideal. Ideally, I'd prefer to remove the first line while maintaining the subsequent blank line. However, if I can also remove that blank line, it could tidy things up even more. Still, since the user's request is strictly to remove only the first line, I'll stick to that and craft the patch accordingly."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_6",
"item_type": "assistant_message",
"text": "Applying the change by removing the first line from `README.md`."
}
}
{
"type": "item.completed",
"item": {
"id": "itm_7",
"item_type": "file_change",
"changes": [
{
"path": "/Users/pakrym/code/codex/README.md",
"kind": "update"
}
],
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_8",
"item_type": "reasoning",
"text": "**Validating README Update**\n\nI updated the README.md and now I need to validate that the first line has been successfully removed. To do this, I'll check the first 10 lines of the document to ensure everything looks correct. It’s always good to double-check these kinds of changes, so I’m going to take that extra step to make sure the update was executed properly. Let's see what those initial lines say!"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_9",
"item_type": "command_execution",
"command": "bash -lc sed -n '1,20p' README.md",
"aggregated_output": "\n<p align=\"center\"><code>npm i -g @openai/codex</code><br />or <code>brew install codex</code></p>\n\n<p align=\"center\"><strong>Codex CLI</strong> is a coding agent from OpenAI that runs locally on your computer.\n</br>\n</br>If you want Codex in your code editor (VS Code, Cursor, Windsurf), <a href=\"https://developers.openai.com/codex/ide\">install in your IDE</a>\n</br>If you are looking for the <em>cloud-based agent</em> from OpenAI, <strong>Codex Web</strong>, go to <a href=\"https://chatgpt.com/codex\">chatgpt.com/codex</a></p>\n\n<p align=\"center\">\n <img src=\"./.github/codex-cli-splash.png\" alt=\"Codex CLI splash\" width=\"80%\" />\n </p>\n\n---\n\n## Quickstart\n\n### Installing and running Codex CLI\n\nInstall globally with your preferred package manager. If you use npm:\n\n",
"exit_code": 0,
"status": "completed"
}
}
{
"type": "item.completed",
"item": {
"id": "itm_10",
"item_type": "assistant_message",
"text": "- Updated `README.md:1` by removing the opening H1 line.\n- The README now starts with the install instructions paragraph.\n\nWant me to also remove the leading blank line at the top?"
}
}
```
</details>
The idea is to give users fully formatted items they can use directly in
their rendering/application logic and avoid having them building up
items manually based on events (unless they want to for streaming).
This PR implements only the `item.completed` payload for some event
types, more event types and item types to come.
---------
Co-authored-by: Michael Bolin <mbolin@openai.com>
2025-09-25 10:47:09 -07:00
2025-07-27 20:01:35 -07:00
info! ( " Codex initialized with event: {session_configured:?} " ) ;
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
2026-03-08 18:43:55 -06:00
let ( interrupt_tx , mut interrupt_rx ) = mpsc ::unbounded_channel ::< ( ) > ( ) ;
tokio ::spawn ( async move {
if tokio ::signal ::ctrl_c ( ) . await . is_ok ( ) {
tracing ::debug! ( " Keyboard interrupt " ) ;
let _ = interrupt_tx . send ( ( ) ) ;
}
} ) ;
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
2026-03-03 17:03:45 -08:00
let task_id = match initial_operation {
2025-12-02 11:26:27 +00:00
InitialOperation ::UserTurn {
2025-09-23 13:59:16 -07:00
items ,
2025-12-02 11:26:27 +00:00
output_schema ,
} = > {
2026-03-08 18:43:55 -06:00
let response : TurnStartResponse = send_request_with_response (
& client ,
ClientRequest ::TurnStart {
request_id : request_ids . next ( ) ,
params : TurnStartParams {
thread_id : primary_thread_id_for_span . clone ( ) ,
input : items . into_iter ( ) . map ( Into ::into ) . collect ( ) ,
cwd : Some ( default_cwd ) ,
approval_policy : Some ( default_approval_policy . into ( ) ) ,
sandbox_policy : Some ( default_sandbox_policy . clone ( ) . into ( ) ) ,
model : None ,
service_tier : None ,
effort : default_effort ,
summary : None ,
personality : None ,
output_schema ,
collaboration_mode : None ,
} ,
} ,
" turn/start " ,
)
. await
. map_err ( anyhow ::Error ::msg ) ? ;
let task_id = response . turn . id ;
2025-12-02 11:26:27 +00:00
info! ( " Sent prompt with event ID: {task_id} " ) ;
task_id
}
InitialOperation ::Review { review_request } = > {
2026-03-08 18:43:55 -06:00
let response : ReviewStartResponse = send_request_with_response (
& client ,
ClientRequest ::ReviewStart {
request_id : request_ids . next ( ) ,
params : ReviewStartParams {
thread_id : primary_thread_id_for_span . clone ( ) ,
target : review_target_to_api ( review_request . target ) ,
delivery : None ,
} ,
} ,
" review/start " ,
)
. await
. map_err ( anyhow ::Error ::msg ) ? ;
let task_id = response . turn . id ;
2025-12-02 11:26:27 +00:00
info! ( " Sent review request with event ID: {task_id} " ) ;
task_id
}
} ;
2026-03-03 17:03:45 -08:00
exec_span . record ( " turn.id " , task_id . as_str ( ) ) ;
2025-04-29 09:59:35 -07:00
// Run the loop until the task is complete.
2025-09-26 16:21:50 -07:00
// Track whether a fatal error was reported by the server so we can
// exit with a non-zero status for automation-friendly signaling.
let mut error_seen = false ;
2026-03-08 18:43:55 -06:00
let mut interrupt_channel_open = true ;
let primary_thread_id_for_requests = primary_thread_id . to_string ( ) ;
loop {
let server_event = if let Some ( event ) = buffered_events . pop_front ( ) {
Some ( event )
} else {
tokio ::select! {
maybe_interrupt = interrupt_rx . recv ( ) , if interrupt_channel_open = > {
if maybe_interrupt . is_none ( ) {
interrupt_channel_open = false ;
continue ;
}
if let Err ( err ) = send_request_with_response ::< TurnInterruptResponse > (
& client ,
ClientRequest ::TurnInterrupt {
request_id : request_ids . next ( ) ,
params : TurnInterruptParams {
thread_id : primary_thread_id_for_requests . clone ( ) ,
turn_id : task_id . clone ( ) ,
} ,
} ,
" turn/interrupt " ,
)
. await
{
warn! ( " turn/interrupt failed: {err} " ) ;
}
continue ;
}
maybe_event = client . next_event ( ) = > maybe_event ,
2026-02-06 17:14:37 +01:00
}
2026-03-08 18:43:55 -06:00
} ;
let Some ( server_event ) = server_event else {
break ;
} ;
match server_event {
InProcessServerEvent ::ServerRequest ( request ) = > {
handle_server_request (
& client ,
request ,
& config ,
& primary_thread_id_for_requests ,
& mut error_seen ,
)
. await ;
}
InProcessServerEvent ::ServerNotification ( notification ) = > {
if let ServerNotification ::Error ( payload ) = & notification
& & payload . thread_id = = primary_thread_id_for_requests
& & payload . turn_id = = task_id
& & ! payload . will_retry
{
error_seen = true ;
}
}
InProcessServerEvent ::LegacyNotification ( notification ) = > {
let decoded = match decode_legacy_notification ( notification ) {
Ok ( event ) = > event ,
Err ( err ) = > {
warn! ( " {err} " ) ;
continue ;
}
} ;
if decoded . conversation_id . as_deref ( )
! = Some ( primary_thread_id_for_requests . as_str ( ) )
& & decoded . conversation_id . is_some ( )
{
continue ;
}
let event = decoded . event ;
if matches! ( event . msg , EventMsg ::SessionConfigured ( _ ) ) {
continue ;
}
if matches! ( event . msg , EventMsg ::Error ( _ ) ) {
// The legacy bridge still carries fatal turn failures for
// exec. Preserve the non-zero exit behavior until this
// path is fully replaced by typed server notifications.
error_seen = true ;
}
match & event . msg {
EventMsg ::TurnComplete ( payload ) = > {
if payload . turn_id ! = task_id {
continue ;
}
}
EventMsg ::TurnAborted ( payload ) = > {
if payload . turn_id . as_deref ( ) ! = Some ( task_id . as_str ( ) ) {
continue ;
}
}
EventMsg ::McpStartupUpdate ( update ) = > {
if required_mcp_servers . contains ( & update . server )
& & let codex_protocol ::protocol ::McpStartupStatus ::Failed { error } =
& update . status
{
error_seen = true ;
eprintln! (
" Required MCP server '{}' failed to initialize: {error} " ,
update . server
) ;
if let Err ( err ) = request_shutdown (
& client ,
& mut request_ids ,
& primary_thread_id_for_requests ,
)
. await
{
warn! ( " thread/unsubscribe failed during shutdown: {err} " ) ;
}
break ;
}
}
_ = > { }
2026-02-06 17:14:37 +01:00
}
2026-03-08 18:43:55 -06:00
match event_processor . process_event ( event ) {
CodexStatus ::Running = > { }
CodexStatus ::InitiateShutdown = > {
if let Err ( err ) = request_shutdown (
& client ,
& mut request_ids ,
& primary_thread_id_for_requests ,
)
. await
{
warn! ( " thread/unsubscribe failed during shutdown: {err} " ) ;
}
break ;
}
CodexStatus ::Shutdown = > {
// `ShutdownComplete` does not identify which attached
// thread emitted it, so subagent shutdowns must not end
// the primary exec loop early.
}
}
}
InProcessServerEvent ::Lagged { skipped } = > {
let message = lagged_event_warning_message ( skipped ) ;
warn! ( " {message} " ) ;
let _ = event_processor . process_event ( Event {
id : String ::new ( ) ,
msg : EventMsg ::Warning ( codex_protocol ::protocol ::WarningEvent { message } ) ,
} ) ;
2025-07-23 15:03:26 -07:00
}
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
}
}
2026-03-08 18:43:55 -06:00
if let Err ( err ) = client . shutdown ( ) . await {
warn! ( " in-process app-server shutdown failed: {err} " ) ;
}
2025-10-02 14:17:42 -07:00
event_processor . print_final_output ( ) ;
2025-09-26 16:21:50 -07:00
if error_seen {
std ::process ::exit ( 1 ) ;
}
feat: initial import of Rust implementation of Codex CLI in codex-rs/ (#629)
As stated in `codex-rs/README.md`:
Today, Codex CLI is written in TypeScript and requires Node.js 22+ to
run it. For a number of users, this runtime requirement inhibits
adoption: they would be better served by a standalone executable. As
maintainers, we want Codex to run efficiently in a wide range of
environments with minimal overhead. We also want to take advantage of
operating system-specific APIs to provide better sandboxing, where
possible.
To that end, we are moving forward with a Rust implementation of Codex
CLI contained in this folder, which has the following benefits:
- The CLI compiles to small, standalone, platform-specific binaries.
- Can make direct, native calls to
[seccomp](https://man7.org/linux/man-pages/man2/seccomp.2.html) and
[landlock](https://man7.org/linux/man-pages/man7/landlock.7.html) in
order to support sandboxing on Linux.
- No runtime garbage collection, resulting in lower memory consumption
and better, more predictable performance.
Currently, the Rust implementation is materially behind the TypeScript
implementation in functionality, so continue to use the TypeScript
implmentation for the time being. We will publish native executables via
GitHub Releases as soon as we feel the Rust version is usable.
2025-04-24 13:31:40 -07:00
Ok ( ( ) )
}
2025-09-14 19:33:19 -04:00
2026-03-08 18:43:55 -06:00
fn sandbox_mode_from_policy (
sandbox_policy : & codex_protocol ::protocol ::SandboxPolicy ,
) -> Option < codex_app_server_protocol ::SandboxMode > {
match sandbox_policy {
codex_protocol ::protocol ::SandboxPolicy ::DangerFullAccess = > {
Some ( codex_app_server_protocol ::SandboxMode ::DangerFullAccess )
}
codex_protocol ::protocol ::SandboxPolicy ::ReadOnly { .. } = > {
Some ( codex_app_server_protocol ::SandboxMode ::ReadOnly )
}
codex_protocol ::protocol ::SandboxPolicy ::WorkspaceWrite { .. } = > {
Some ( codex_app_server_protocol ::SandboxMode ::WorkspaceWrite )
}
codex_protocol ::protocol ::SandboxPolicy ::ExternalSandbox { .. } = > None ,
}
}
fn thread_start_params_from_config ( config : & Config ) -> ThreadStartParams {
ThreadStartParams {
model : config . model . clone ( ) ,
model_provider : Some ( config . model_provider_id . clone ( ) ) ,
cwd : Some ( config . cwd . to_string_lossy ( ) . to_string ( ) ) ,
approval_policy : Some ( config . permissions . approval_policy . value ( ) . into ( ) ) ,
sandbox : sandbox_mode_from_policy ( config . permissions . sandbox_policy . get ( ) ) ,
ephemeral : Some ( config . ephemeral ) ,
.. ThreadStartParams ::default ( )
}
}
fn thread_resume_params_from_config ( config : & Config , path : Option < PathBuf > ) -> ThreadResumeParams {
ThreadResumeParams {
thread_id : " resume " . to_string ( ) ,
path ,
model : config . model . clone ( ) ,
model_provider : Some ( config . model_provider_id . clone ( ) ) ,
cwd : Some ( config . cwd . to_string_lossy ( ) . to_string ( ) ) ,
approval_policy : Some ( config . permissions . approval_policy . value ( ) . into ( ) ) ,
sandbox : sandbox_mode_from_policy ( config . permissions . sandbox_policy . get ( ) ) ,
.. ThreadResumeParams ::default ( )
}
}
async fn send_request_with_response < T > (
client : & InProcessAppServerClient ,
request : ClientRequest ,
method : & str ,
) -> Result < T , String >
where
T : serde ::de ::DeserializeOwned ,
{
client . request_typed ( request ) . await . map_err ( | err | {
if method . is_empty ( ) {
err . to_string ( )
} else {
format! ( " {method} : {err} " )
}
} )
}
fn session_configured_from_thread_start_response (
response : & ThreadStartResponse ,
) -> Result < SessionConfiguredEvent , String > {
session_configured_from_thread_response (
& response . thread . id ,
response . thread . name . clone ( ) ,
response . thread . path . clone ( ) ,
response . model . clone ( ) ,
response . model_provider . clone ( ) ,
response . service_tier ,
response . approval_policy . to_core ( ) ,
response . sandbox . to_core ( ) ,
response . cwd . clone ( ) ,
response . reasoning_effort ,
)
}
fn session_configured_from_thread_resume_response (
response : & ThreadResumeResponse ,
) -> Result < SessionConfiguredEvent , String > {
session_configured_from_thread_response (
& response . thread . id ,
response . thread . name . clone ( ) ,
response . thread . path . clone ( ) ,
response . model . clone ( ) ,
response . model_provider . clone ( ) ,
response . service_tier ,
response . approval_policy . to_core ( ) ,
response . sandbox . to_core ( ) ,
response . cwd . clone ( ) ,
response . reasoning_effort ,
)
}
#[ expect(
clippy ::too_many_arguments ,
reason = " session mapping keeps explicit fields "
) ]
/// Synthesizes startup session metadata from `thread/start` or `thread/resume`.
///
/// This is a compatibility bridge for the current in-process architecture.
/// Some session fields are not available synchronously from the start/resume
/// response, so callers must treat the result as a best-effort fallback until
/// a later `SessionConfigured` event proves otherwise.
/// TODO(architecture): stop synthesizing a partial `SessionConfiguredEvent`
/// here. Either return the authoritative session-configured payload from
/// `thread/start`/`thread/resume`, or introduce a smaller bootstrap type for
/// exec so this path cannot accidentally depend on placeholder fields.
fn session_configured_from_thread_response (
thread_id : & str ,
thread_name : Option < String > ,
rollout_path : Option < PathBuf > ,
model : String ,
model_provider_id : String ,
service_tier : Option < codex_protocol ::config_types ::ServiceTier > ,
approval_policy : AskForApproval ,
sandbox_policy : codex_protocol ::protocol ::SandboxPolicy ,
cwd : PathBuf ,
reasoning_effort : Option < codex_protocol ::openai_models ::ReasoningEffort > ,
) -> Result < SessionConfiguredEvent , String > {
let session_id = codex_protocol ::ThreadId ::from_string ( thread_id )
. map_err ( | err | format! ( " thread id ` {thread_id} ` is invalid: {err} " ) ) ? ;
Ok ( SessionConfiguredEvent {
session_id ,
forked_from_id : None ,
thread_name ,
model ,
model_provider_id ,
service_tier ,
approval_policy ,
sandbox_policy ,
cwd ,
reasoning_effort ,
history_log_id : 0 ,
history_entry_count : 0 ,
initial_messages : None ,
network_proxy : None ,
rollout_path ,
} )
}
fn review_target_to_api ( target : ReviewTarget ) -> ApiReviewTarget {
match target {
ReviewTarget ::UncommittedChanges = > ApiReviewTarget ::UncommittedChanges ,
ReviewTarget ::BaseBranch { branch } = > ApiReviewTarget ::BaseBranch { branch } ,
ReviewTarget ::Commit { sha , title } = > ApiReviewTarget ::Commit { sha , title } ,
ReviewTarget ::Custom { instructions } = > ApiReviewTarget ::Custom { instructions } ,
}
}
fn normalize_legacy_notification_method ( method : & str ) -> & str {
method . strip_prefix ( " codex/event/ " ) . unwrap_or ( method )
}
fn lagged_event_warning_message ( skipped : usize ) -> String {
format! ( " in-process app-server event stream lagged; dropped {skipped} events " )
}
struct DecodedLegacyNotification {
conversation_id : Option < String > ,
event : Event ,
}
fn decode_legacy_notification (
notification : JSONRPCNotification ,
) -> Result < DecodedLegacyNotification , String > {
let value = notification
. params
. unwrap_or_else ( | | serde_json ::Value ::Object ( serde_json ::Map ::new ( ) ) ) ;
let method = notification . method ;
let normalized_method = normalize_legacy_notification_method ( & method ) . to_string ( ) ;
let serde_json ::Value ::Object ( mut object ) = value else {
return Err ( format! (
" legacy notification `{method}` params were not an object "
) ) ;
} ;
let conversation_id = object
. get ( " conversationId " )
. and_then ( serde_json ::Value ::as_str )
. map ( str ::to_owned ) ;
let mut event_payload = if let Some ( serde_json ::Value ::Object ( msg_payload ) ) = object . get ( " msg " )
{
serde_json ::Value ::Object ( msg_payload . clone ( ) )
} else {
object . remove ( " conversationId " ) ;
serde_json ::Value ::Object ( object )
} ;
let serde_json ::Value ::Object ( ref mut object ) = event_payload else {
return Err ( format! (
" legacy notification `{method}` event payload was not an object "
) ) ;
} ;
object . insert (
" type " . to_string ( ) ,
serde_json ::Value ::String ( normalized_method ) ,
) ;
let msg : EventMsg = serde_json ::from_value ( event_payload )
. map_err ( | err | format! ( " failed to decode event: {err} " ) ) ? ;
Ok ( DecodedLegacyNotification {
conversation_id ,
event : Event {
id : String ::new ( ) ,
msg ,
} ,
} )
}
fn canceled_mcp_server_elicitation_response ( ) -> Result < Value , String > {
serde_json ::to_value ( McpServerElicitationRequestResponse {
action : McpServerElicitationAction ::Cancel ,
content : None ,
meta : None ,
} )
. map_err ( | err | format! ( " failed to encode mcp elicitation response: {err} " ) )
}
async fn request_shutdown (
client : & InProcessAppServerClient ,
request_ids : & mut RequestIdSequencer ,
thread_id : & str ,
) -> Result < ( ) , String > {
let request = ClientRequest ::ThreadUnsubscribe {
request_id : request_ids . next ( ) ,
params : ThreadUnsubscribeParams {
thread_id : thread_id . to_string ( ) ,
} ,
} ;
send_request_with_response ::< ThreadUnsubscribeResponse > ( client , request , " thread/unsubscribe " )
. await
. map ( | _ | ( ) )
}
async fn resolve_server_request (
client : & InProcessAppServerClient ,
request_id : RequestId ,
value : serde_json ::Value ,
method : & str ,
) -> Result < ( ) , String > {
client
. resolve_server_request ( request_id , value )
. await
. map_err ( | err | format! ( " failed to resolve ` {method} ` server request: {err} " ) )
}
async fn reject_server_request (
client : & InProcessAppServerClient ,
request_id : RequestId ,
method : & str ,
reason : String ,
) -> Result < ( ) , String > {
client
. reject_server_request (
request_id ,
JSONRPCErrorError {
code : - 32000 ,
message : reason ,
data : None ,
} ,
)
. await
. map_err ( | err | format! ( " failed to reject ` {method} ` server request: {err} " ) )
}
fn server_request_method_name ( request : & ServerRequest ) -> String {
serde_json ::to_value ( request )
. ok ( )
. and_then ( | value | {
value
. get ( " method " )
. and_then ( serde_json ::Value ::as_str )
. map ( str ::to_owned )
} )
. unwrap_or_else ( | | " unknown " . to_string ( ) )
}
async fn handle_server_request (
client : & InProcessAppServerClient ,
request : ServerRequest ,
config : & Config ,
_thread_id : & str ,
error_seen : & mut bool ,
2026-01-28 13:03:20 +00:00
) {
2026-03-08 18:43:55 -06:00
let method = server_request_method_name ( & request ) ;
let handle_result = match request {
ServerRequest ::McpServerElicitationRequest { request_id , .. } = > {
// Exec auto-cancels elicitation instead of surfacing it
// interactively. Preserve that behavior for attached subagent
// threads too so we do not turn a cancel into a decline/error.
match canceled_mcp_server_elicitation_response ( ) {
Ok ( value ) = > {
resolve_server_request (
client ,
request_id ,
value ,
" mcpServer/elicitation/request " ,
)
. await
2026-01-28 13:03:20 +00:00
}
2026-03-08 18:43:55 -06:00
Err ( err ) = > Err ( err ) ,
}
}
ServerRequest ::ChatgptAuthTokensRefresh { request_id , params } = > {
let refresh_result = tokio ::task ::spawn_blocking ( {
let config = config . clone ( ) ;
move | | local_external_chatgpt_tokens ( & config )
} )
. await ;
match refresh_result {
2026-01-28 13:03:20 +00:00
Err ( err ) = > {
2026-03-08 18:43:55 -06:00
reject_server_request (
client ,
request_id ,
& method ,
format! ( " local chatgpt auth refresh task failed in exec: {err} " ) ,
)
. await
}
Ok ( Err ( reason ) ) = > reject_server_request ( client , request_id , & method , reason ) . await ,
Ok ( Ok ( response ) ) = > {
if let Some ( previous_account_id ) = params . previous_account_id . as_deref ( )
& & previous_account_id ! = response . chatgpt_account_id
{
warn! (
" local auth refresh account mismatch: expected `{previous_account_id}`, got `{}` " ,
response . chatgpt_account_id
) ;
}
match serde_json ::to_value ( response ) {
Ok ( value ) = > {
resolve_server_request (
client ,
request_id ,
value ,
" account/chatgptAuthTokens/refresh " ,
)
. await
}
Err ( err ) = > Err ( format! (
" failed to serialize chatgpt auth refresh response: {err} "
) ) ,
}
2026-01-28 13:03:20 +00:00
}
}
}
2026-03-08 18:43:55 -06:00
ServerRequest ::CommandExecutionRequestApproval { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" command execution approval is not supported in exec mode for thread `{}` " ,
params . thread_id
) ,
)
. await
}
ServerRequest ::FileChangeRequestApproval { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" file change approval is not supported in exec mode for thread `{}` " ,
params . thread_id
) ,
)
. await
}
ServerRequest ::ToolRequestUserInput { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" request_user_input is not supported in exec mode for thread `{}` " ,
params . thread_id
) ,
)
. await
}
ServerRequest ::DynamicToolCall { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" dynamic tool calls are not supported in exec mode for thread `{}` " ,
params . thread_id
) ,
)
. await
}
ServerRequest ::ApplyPatchApproval { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" apply_patch approval is not supported in exec mode for thread `{}` " ,
params . conversation_id
) ,
)
. await
}
ServerRequest ::ExecCommandApproval { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" exec command approval is not supported in exec mode for thread `{}` " ,
params . conversation_id
) ,
)
. await
}
2026-03-08 20:23:06 -07:00
ServerRequest ::PermissionsRequestApproval { request_id , params } = > {
reject_server_request (
client ,
request_id ,
& method ,
format! (
" permissions approval is not supported in exec mode for thread `{}` " ,
params . thread_id
) ,
)
. await
}
2026-03-08 18:43:55 -06:00
} ;
2026-01-28 13:03:20 +00:00
2026-03-08 18:43:55 -06:00
if let Err ( err ) = handle_result {
* error_seen = true ;
warn! ( " {err} " ) ;
2026-02-24 16:00:19 -05:00
}
}
2026-03-08 18:43:55 -06:00
fn local_external_chatgpt_tokens (
config : & Config ,
) -> Result < ChatgptAuthTokensRefreshResponse , String > {
let auth_manager = AuthManager ::shared (
config . codex_home . clone ( ) ,
false ,
config . cli_auth_credentials_store_mode ,
) ;
auth_manager . set_forced_chatgpt_workspace_id ( config . forced_chatgpt_workspace_id . clone ( ) ) ;
auth_manager . reload ( ) ;
let auth = auth_manager
. auth_cached ( )
. ok_or_else ( | | " no cached auth available for local token refresh " . to_string ( ) ) ? ;
if ! auth . is_external_chatgpt_tokens ( ) {
return Err ( " external ChatGPT token auth is not active " . to_string ( ) ) ;
}
let access_token = auth
. get_token ( )
. map_err ( | err | format! ( " failed to read external access token: {err} " ) ) ? ;
let chatgpt_account_id = auth
. get_account_id ( )
. ok_or_else ( | | " external token auth is missing chatgpt account id " . to_string ( ) ) ? ;
let chatgpt_plan_type = auth . account_plan_type ( ) . map ( | plan_type | match plan_type {
AccountPlanType ::Free = > " free " . to_string ( ) ,
AccountPlanType ::Go = > " go " . to_string ( ) ,
AccountPlanType ::Plus = > " plus " . to_string ( ) ,
AccountPlanType ::Pro = > " pro " . to_string ( ) ,
AccountPlanType ::Team = > " team " . to_string ( ) ,
AccountPlanType ::Business = > " business " . to_string ( ) ,
AccountPlanType ::Enterprise = > " enterprise " . to_string ( ) ,
AccountPlanType ::Edu = > " edu " . to_string ( ) ,
AccountPlanType ::Unknown = > " unknown " . to_string ( ) ,
} ) ;
Ok ( ChatgptAuthTokensRefreshResponse {
access_token ,
chatgpt_account_id ,
chatgpt_plan_type ,
} )
2026-02-24 16:00:19 -05:00
}
2025-09-14 19:33:19 -04:00
async fn resolve_resume_path (
config : & Config ,
args : & crate ::cli ::ResumeArgs ,
) -> anyhow ::Result < Option < PathBuf > > {
if args . last {
2025-10-27 02:03:30 -07:00
let default_provider_filter = vec! [ config . model_provider_id . clone ( ) ] ;
2026-01-16 08:53:47 -08:00
let filter_cwd = if args . all {
None
} else {
Some ( config . cwd . as_path ( ) )
} ;
match codex_core ::RolloutRecorder ::find_latest_thread_path (
2026-02-10 19:25:07 +00:00
config ,
feat(app-server, core): return threads by created_at or updated_at (#9247)
Add support for returning threads by either `created_at` OR `updated_at`
descending. Previously core always returned threads ordered by
`created_at`.
This PR:
- updates core to be able to list threads by `updated_at` OR
`created_at` descending based on what the caller wants
- also update `thread/list` in app-server to expose this (default to
`created_at` if not specified)
All existing codepaths (app-server, TUI) still default to `created_at`,
so no behavior change is expected with this PR.
**Implementation**
To sort by `updated_at` is a bit nontrivial (whereas `created_at` is
easy due to the way we structure the folders and filenames on disk,
which are all based on `created_at`).
The most naive way to do this without introducing a cache file or sqlite
DB (which we have to implement/maintain) is to scan files in reverse
`created_at` order on disk, and look at the file's mtime (last modified
timestamp according to the filesystem) until we reach `MAX_SCAN_FILES`
(currently set to 10,000). Then, we can return the most recent N
threads.
Based on some quick and dirty benchmarking on my machine with ~1000
rollout files, calling `thread/list` with limit 50, the `updated_at`
path is slower as expected due to all the I/O:
- updated-at: average 103.10 ms
- created-at: average 41.10 ms
Those absolute numbers aren't a big deal IMO, but we can certainly
optimize this in a followup if needed by introducing more state stored
on disk.
**Caveat**
There's also a limitation in that any files older than `MAX_SCAN_FILES`
will be excluded, which means if a user continues a REALLY old thread,
it's possible to not be included. In practice that should not be too big
of an issue.
If a user makes...
- 1000 rollouts/day → threads older than 10 days won't show up
- 100 rollouts/day → ~100 days
If this becomes a problem for some reason, even more motivation to
implement an updated_at cache.
2026-01-16 12:58:55 -08:00
1 ,
None ,
codex_core ::ThreadSortKey ::UpdatedAt ,
2025-10-27 02:03:30 -07:00
& [ ] ,
Some ( default_provider_filter . as_slice ( ) ) ,
& config . model_provider_id ,
2026-01-16 08:53:47 -08:00
filter_cwd ,
2025-10-27 02:03:30 -07:00
)
. await
2025-10-02 13:06:21 -07:00
{
2026-01-16 08:53:47 -08:00
Ok ( path ) = > Ok ( path ) ,
2025-09-14 19:33:19 -04:00
Err ( e ) = > {
2026-01-07 17:04:53 +00:00
error! ( " Error listing threads: {e} " ) ;
2025-09-14 19:33:19 -04:00
Ok ( None )
}
}
} else if let Some ( id_str ) = args . session_id . as_deref ( ) {
2026-01-30 10:40:09 +00:00
if Uuid ::parse_str ( id_str ) . is_ok ( ) {
let path = find_thread_path_by_id_str ( & config . codex_home , id_str ) . await ? ;
Ok ( path )
} else {
let path = find_thread_path_by_name_str ( & config . codex_home , id_str ) . await ? ;
Ok ( path )
}
2025-09-14 19:33:19 -04:00
} else {
Ok ( None )
}
}
2025-09-23 13:59:16 -07:00
fn load_output_schema ( path : Option < PathBuf > ) -> Option < Value > {
let path = path ? ;
let schema_str = match std ::fs ::read_to_string ( & path ) {
Ok ( contents ) = > contents ,
Err ( err ) = > {
eprintln! (
" Failed to read output schema file {}: {err} " ,
path . display ( )
) ;
std ::process ::exit ( 1 ) ;
}
} ;
match serde_json ::from_str ::< Value > ( & schema_str ) {
Ok ( value ) = > Some ( value ) ,
Err ( err ) = > {
eprintln! (
" Output schema file {} is not valid JSON: {err} " ,
path . display ( )
) ;
std ::process ::exit ( 1 ) ;
}
}
}
2025-12-02 11:26:27 +00:00
2026-01-16 01:29:05 +08:00
#[ derive(Debug, Clone, PartialEq, Eq) ]
enum PromptDecodeError {
InvalidUtf8 { valid_up_to : usize } ,
InvalidUtf16 { encoding : & 'static str } ,
UnsupportedBom { encoding : & 'static str } ,
}
impl std ::fmt ::Display for PromptDecodeError {
fn fmt ( & self , f : & mut std ::fmt ::Formatter < '_ > ) -> std ::fmt ::Result {
match self {
PromptDecodeError ::InvalidUtf8 { valid_up_to } = > write! (
f ,
" input is not valid UTF-8 (invalid byte at offset {valid_up_to}). Convert it to UTF-8 and retry (e.g., `iconv -f <ENC> -t UTF-8 prompt.txt`). "
) ,
PromptDecodeError ::InvalidUtf16 { encoding } = > write! (
f ,
" input looked like {encoding} but could not be decoded. Convert it to UTF-8 and retry. "
) ,
PromptDecodeError ::UnsupportedBom { encoding } = > write! (
f ,
" input appears to be {encoding}. Convert it to UTF-8 and retry. "
) ,
}
}
}
fn decode_prompt_bytes ( input : & [ u8 ] ) -> Result < String , PromptDecodeError > {
let input = input . strip_prefix ( & [ 0xEF , 0xBB , 0xBF ] ) . unwrap_or ( input ) ;
if input . starts_with ( & [ 0xFF , 0xFE , 0x00 , 0x00 ] ) {
return Err ( PromptDecodeError ::UnsupportedBom {
encoding : " UTF-32LE " ,
} ) ;
}
if input . starts_with ( & [ 0x00 , 0x00 , 0xFE , 0xFF ] ) {
return Err ( PromptDecodeError ::UnsupportedBom {
encoding : " UTF-32BE " ,
} ) ;
}
if let Some ( rest ) = input . strip_prefix ( & [ 0xFF , 0xFE ] ) {
return decode_utf16 ( rest , " UTF-16LE " , u16 ::from_le_bytes ) ;
}
if let Some ( rest ) = input . strip_prefix ( & [ 0xFE , 0xFF ] ) {
return decode_utf16 ( rest , " UTF-16BE " , u16 ::from_be_bytes ) ;
}
std ::str ::from_utf8 ( input )
. map ( str ::to_string )
. map_err ( | e | PromptDecodeError ::InvalidUtf8 {
valid_up_to : e . valid_up_to ( ) ,
} )
}
fn decode_utf16 (
input : & [ u8 ] ,
encoding : & 'static str ,
decode_unit : fn ( [ u8 ; 2 ] ) -> u16 ,
) -> Result < String , PromptDecodeError > {
if ! input . len ( ) . is_multiple_of ( 2 ) {
return Err ( PromptDecodeError ::InvalidUtf16 { encoding } ) ;
}
let units : Vec < u16 > = input
. chunks_exact ( 2 )
. map ( | chunk | decode_unit ( [ chunk [ 0 ] , chunk [ 1 ] ] ) )
. collect ( ) ;
String ::from_utf16 ( & units ) . map_err ( | _ | PromptDecodeError ::InvalidUtf16 { encoding } )
}
2025-12-02 11:26:27 +00:00
fn resolve_prompt ( prompt_arg : Option < String > ) -> String {
match prompt_arg {
Some ( p ) if p ! = " - " = > p ,
maybe_dash = > {
let force_stdin = matches! ( maybe_dash . as_deref ( ) , Some ( " - " ) ) ;
if std ::io ::stdin ( ) . is_terminal ( ) & & ! force_stdin {
eprintln! (
" No prompt provided. Either specify one as an argument or pipe the prompt into stdin. "
) ;
std ::process ::exit ( 1 ) ;
}
if ! force_stdin {
eprintln! ( " Reading prompt from stdin... " ) ;
}
2026-01-16 01:29:05 +08:00
let mut bytes = Vec ::new ( ) ;
if let Err ( e ) = std ::io ::stdin ( ) . read_to_end ( & mut bytes ) {
2025-12-02 11:26:27 +00:00
eprintln! ( " Failed to read prompt from stdin: {e} " ) ;
std ::process ::exit ( 1 ) ;
2026-01-16 01:29:05 +08:00
}
let buffer = match decode_prompt_bytes ( & bytes ) {
Ok ( s ) = > s ,
Err ( e ) = > {
eprintln! ( " Failed to read prompt from stdin: {e} " ) ;
std ::process ::exit ( 1 ) ;
}
} ;
if buffer . trim ( ) . is_empty ( ) {
2025-12-02 11:26:27 +00:00
eprintln! ( " No prompt provided via stdin. " ) ;
std ::process ::exit ( 1 ) ;
}
buffer
}
}
}
2026-03-08 18:43:55 -06:00
fn build_review_request ( args : & ReviewArgs ) -> anyhow ::Result < ReviewRequest > {
2025-12-02 11:26:27 +00:00
let target = if args . uncommitted {
ReviewTarget ::UncommittedChanges
2026-03-08 18:43:55 -06:00
} else if let Some ( branch ) = args . base . clone ( ) {
2025-12-02 11:26:27 +00:00
ReviewTarget ::BaseBranch { branch }
2026-03-08 18:43:55 -06:00
} else if let Some ( sha ) = args . commit . clone ( ) {
2025-12-02 11:26:27 +00:00
ReviewTarget ::Commit {
sha ,
2026-03-08 18:43:55 -06:00
title : args . commit_title . clone ( ) ,
2025-12-02 11:26:27 +00:00
}
2026-03-08 18:43:55 -06:00
} else if let Some ( prompt_arg ) = args . prompt . clone ( ) {
2025-12-02 11:26:27 +00:00
let prompt = resolve_prompt ( Some ( prompt_arg ) ) . trim ( ) . to_string ( ) ;
if prompt . is_empty ( ) {
anyhow ::bail! ( " Review prompt cannot be empty " ) ;
}
ReviewTarget ::Custom {
instructions : prompt ,
}
} else {
anyhow ::bail! (
" Specify --uncommitted, --base, --commit, or provide custom review instructions "
) ;
} ;
Ok ( ReviewRequest {
target ,
user_facing_hint : None ,
} )
}
#[ cfg(test) ]
mod tests {
use super ::* ;
2026-03-03 17:03:45 -08:00
use codex_otel ::set_parent_from_w3c_trace_context ;
use opentelemetry ::trace ::TraceContextExt ;
use opentelemetry ::trace ::TraceId ;
use opentelemetry ::trace ::TracerProvider as _ ;
use opentelemetry_sdk ::trace ::SdkTracerProvider ;
2025-12-02 11:26:27 +00:00
use pretty_assertions ::assert_eq ;
2026-03-03 17:03:45 -08:00
use tracing_opentelemetry ::OpenTelemetrySpanExt ;
fn test_tracing_subscriber ( ) -> impl tracing ::Subscriber + Send + Sync {
let provider = SdkTracerProvider ::builder ( ) . build ( ) ;
let tracer = provider . tracer ( " codex-exec-tests " ) ;
tracing_subscriber ::registry ( ) . with ( tracing_opentelemetry ::layer ( ) . with_tracer ( tracer ) )
}
2025-12-02 11:26:27 +00:00
2026-02-27 18:22:54 -08:00
#[ test ]
fn exec_defaults_analytics_to_enabled ( ) {
assert_eq! ( DEFAULT_ANALYTICS_ENABLED , true ) ;
}
2026-03-03 17:03:45 -08:00
#[ test ]
fn exec_root_span_can_be_parented_from_trace_context ( ) {
let subscriber = test_tracing_subscriber ( ) ;
let _guard = tracing ::subscriber ::set_default ( subscriber ) ;
let parent = codex_protocol ::protocol ::W3cTraceContext {
traceparent : Some ( " 00-00000000000000000000000000000077-0000000000000088-01 " . into ( ) ) ,
tracestate : Some ( " vendor=value " . into ( ) ) ,
} ;
let exec_span = exec_root_span ( ) ;
assert! ( set_parent_from_w3c_trace_context ( & exec_span , & parent ) ) ;
let trace_id = exec_span . context ( ) . span ( ) . span_context ( ) . trace_id ( ) ;
assert_eq! (
trace_id ,
TraceId ::from_hex ( " 00000000000000000000000000000077 " ) . expect ( " trace id " )
) ;
}
2025-12-02 11:26:27 +00:00
#[ test ]
fn builds_uncommitted_review_request ( ) {
2026-03-08 18:43:55 -06:00
let args = ReviewArgs {
2025-12-02 11:26:27 +00:00
uncommitted : true ,
base : None ,
commit : None ,
commit_title : None ,
prompt : None ,
2026-03-08 18:43:55 -06:00
} ;
let request = build_review_request ( & args ) . expect ( " builds uncommitted review request " ) ;
2025-12-02 11:26:27 +00:00
let expected = ReviewRequest {
target : ReviewTarget ::UncommittedChanges ,
user_facing_hint : None ,
} ;
assert_eq! ( request , expected ) ;
}
#[ test ]
fn builds_commit_review_request_with_title ( ) {
2026-03-08 18:43:55 -06:00
let args = ReviewArgs {
2025-12-02 11:26:27 +00:00
uncommitted : false ,
base : None ,
commit : Some ( " 123456789 " . to_string ( ) ) ,
commit_title : Some ( " Add review command " . to_string ( ) ) ,
prompt : None ,
2026-03-08 18:43:55 -06:00
} ;
let request = build_review_request ( & args ) . expect ( " builds commit review request " ) ;
2025-12-02 11:26:27 +00:00
let expected = ReviewRequest {
target : ReviewTarget ::Commit {
sha : " 123456789 " . to_string ( ) ,
title : Some ( " Add review command " . to_string ( ) ) ,
} ,
user_facing_hint : None ,
} ;
assert_eq! ( request , expected ) ;
}
#[ test ]
fn builds_custom_review_request_trims_prompt ( ) {
2026-03-08 18:43:55 -06:00
let args = ReviewArgs {
2025-12-02 11:26:27 +00:00
uncommitted : false ,
base : None ,
commit : None ,
commit_title : None ,
prompt : Some ( " custom review instructions " . to_string ( ) ) ,
2026-03-08 18:43:55 -06:00
} ;
let request = build_review_request ( & args ) . expect ( " builds custom review request " ) ;
2025-12-02 11:26:27 +00:00
let expected = ReviewRequest {
target : ReviewTarget ::Custom {
instructions : " custom review instructions " . to_string ( ) ,
} ,
user_facing_hint : None ,
} ;
assert_eq! ( request , expected ) ;
}
2026-01-16 01:29:05 +08:00
#[ test ]
fn decode_prompt_bytes_strips_utf8_bom ( ) {
let input = [ 0xEF , 0xBB , 0xBF , b 'h' , b 'i' , b '\n' ] ;
let out = decode_prompt_bytes ( & input ) . expect ( " decode utf-8 with BOM " ) ;
assert_eq! ( out , " hi \n " ) ;
}
#[ test ]
fn decode_prompt_bytes_decodes_utf16le_bom ( ) {
// UTF-16LE BOM + "hi\n"
let input = [ 0xFF , 0xFE , b 'h' , 0x00 , b 'i' , 0x00 , b '\n' , 0x00 ] ;
let out = decode_prompt_bytes ( & input ) . expect ( " decode utf-16le with BOM " ) ;
assert_eq! ( out , " hi \n " ) ;
}
#[ test ]
fn decode_prompt_bytes_decodes_utf16be_bom ( ) {
// UTF-16BE BOM + "hi\n"
let input = [ 0xFE , 0xFF , 0x00 , b 'h' , 0x00 , b 'i' , 0x00 , b '\n' ] ;
let out = decode_prompt_bytes ( & input ) . expect ( " decode utf-16be with BOM " ) ;
assert_eq! ( out , " hi \n " ) ;
}
#[ test ]
fn decode_prompt_bytes_rejects_utf32le_bom ( ) {
// UTF-32LE BOM + "hi\n"
let input = [
0xFF , 0xFE , 0x00 , 0x00 , b 'h' , 0x00 , 0x00 , 0x00 , b 'i' , 0x00 , 0x00 , 0x00 , b '\n' , 0x00 ,
0x00 , 0x00 ,
] ;
let err = decode_prompt_bytes ( & input ) . expect_err ( " utf-32le should be rejected " ) ;
assert_eq! (
err ,
PromptDecodeError ::UnsupportedBom {
encoding : " UTF-32LE "
}
) ;
}
#[ test ]
fn decode_prompt_bytes_rejects_utf32be_bom ( ) {
// UTF-32BE BOM + "hi\n"
let input = [
0x00 , 0x00 , 0xFE , 0xFF , 0x00 , 0x00 , 0x00 , b 'h' , 0x00 , 0x00 , 0x00 , b 'i' , 0x00 , 0x00 ,
0x00 , b '\n' ,
] ;
let err = decode_prompt_bytes ( & input ) . expect_err ( " utf-32be should be rejected " ) ;
assert_eq! (
err ,
PromptDecodeError ::UnsupportedBom {
encoding : " UTF-32BE "
}
) ;
}
#[ test ]
fn decode_prompt_bytes_rejects_invalid_utf8 ( ) {
// Invalid UTF-8 sequence: 0xC3 0x28
let input = [ 0xC3 , 0x28 ] ;
let err = decode_prompt_bytes ( & input ) . expect_err ( " invalid utf-8 should fail " ) ;
assert_eq! ( err , PromptDecodeError ::InvalidUtf8 { valid_up_to : 0 } ) ;
}
2026-03-08 18:43:55 -06:00
#[ test ]
fn lagged_event_warning_message_is_explicit ( ) {
assert_eq! (
lagged_event_warning_message ( 7 ) ,
" in-process app-server event stream lagged; dropped 7 events " . to_string ( )
) ;
}
#[ test ]
fn decode_legacy_notification_preserves_conversation_id ( ) {
let decoded = decode_legacy_notification ( JSONRPCNotification {
method : " codex/event/error " . to_string ( ) ,
params : Some ( serde_json ::json! ( {
" conversationId " : " thread-123 " ,
" msg " : {
" message " : " boom "
}
} ) ) ,
} )
. expect ( " legacy notification should decode " ) ;
assert_eq! ( decoded . conversation_id . as_deref ( ) , Some ( " thread-123 " ) ) ;
assert! ( matches! (
decoded . event . msg ,
EventMsg ::Error ( codex_protocol ::protocol ::ErrorEvent {
message ,
codex_error_info : None ,
} ) if message = = " boom "
) ) ;
}
#[ test ]
fn canceled_mcp_server_elicitation_response_uses_cancel_action ( ) {
let value = canceled_mcp_server_elicitation_response ( )
. expect ( " mcp elicitation cancel response should serialize " ) ;
let response : McpServerElicitationRequestResponse =
serde_json ::from_value ( value ) . expect ( " cancel response should deserialize " ) ;
assert_eq! (
response ,
McpServerElicitationRequestResponse {
action : McpServerElicitationAction ::Cancel ,
content : None ,
meta : None ,
}
) ;
}
2025-12-02 11:26:27 +00:00
}
