Upstream merge: openai/codex@main into main#144
Closed
just-every-code wants to merge 148 commits into
Closed
Conversation
Since I can never seem to remember to add `--no-fail-fast` when running `cargo nextest run`, let's just create an alias for it.
Add in review changes from @bolinfest that were dropped due to auto-merge (openai#3345).
<img width="426" height="28" alt="image" src="https://github.com/user-attachments/assets/b281aca3-3c8d-4b88-a017-5d2f8ea9f3d5" />
- Prefer ours for TUI widget + docs to preserve UX and gating - Adopt upstream justfile tasks (nextest + mcp-server-run) - Verified with scripts/upstream-merge/verify.sh and ./build-fast.sh (ok)
Fix those 2 behaviors: 1. The model does not get saved if we don't CTRL + S 2. The reasoning effort get saved
## Summary Standardizes the shell description across sandbox_types, since we cover this in the prompt, and have moved necessary details (like network_access and writeable workspace roots) to EnvironmentContext messages. ## Test Plan - [x] updated unit tests
- Keep ours for TUI/core wiring and browser/agent/web_fetch gating - Adopt upstream in shared crates; incorporate new tests - verify.sh: PASS; build-fast.sh: PASS (no warnings)
…alue. (openai#3529) It turns out that we want slightly different behavior for the `SetDefaultModel` RPC because some models do not work with reasoning (like GPT-4.1), so we should be able to explicitly clear this value. Verified in `codex-rs/mcp-server/tests/suite/set_default_model.rs`.
- Preserve fork tooling: browser_*/agent_* gating and web_fetch exposure - Keep shell tool semantics; detailed WorkspaceWrite description, simple for others - Adopt upstream MCP protocol structs for compatibility (no server behavior change) - Honor purge policy; verify.sh + build-fast passed cleanly
Allow the reasoning effort to be optional
- Preserve forked TUI/core wiring and UA/version semantics - Reconcile protocol + rollout variants; add TS for Verbosity - Update MCP server (drop GetConfigToml; add fallback; extend NewConversationResponse) - Minimal fixes in common/config_summary and client reasoning param - ./build-fast.sh + verify.sh: passing
just-every-code
force-pushed
the
upstream-merge
branch
from
12a8dde to
7df1776
Compare
…ve dead code; silence unused warnings; build-fast ok
<img width="927" height="194" alt="image" src="https://github.com/user-attachments/assets/f4cb999b-16c3-448a-aed4-060bed8b96dd" /> <img width="1246" height="205" alt="image" src="https://github.com/user-attachments/assets/5d9ba5bd-0c02-46da-a809-b583a176528a" />
<img width="647" height="82" alt="image" src="https://github.com/user-attachments/assets/867eb5d9-3076-4018-846e-260a50408185" />
- Keep our TUI under codex-rs/tui/** (resolved conflicts to ours) - Adopt non-conflicting upstream changes; include new list_selection_view snapshots - Enforce merge policy (prefer_ours / prefer_theirs / purge globs) - Preserve tool gating/parity, screenshot queueing, UA/version, core re-exports Verification: - scripts/upstream-merge/verify.sh: OK - ./build-fast.sh: OK (zero warnings)
## Compact feature: 1. Stops the model when the context window become too large 2. Add a user turn, asking for the model to summarize 3. Build a bridge that contains all the previous user message + the summary. Rendered from a template 4. Start sampling again from a clean conversation with only that bridge
<img width="497" height="76" alt="image" src="https://github.com/user-attachments/assets/a1ad279d-1d01-41cd-ac14-b3343a392563" /> <img width="493" height="74" alt="image" src="https://github.com/user-attachments/assets/baf487ba-430e-40fe-8944-2071ec052962" />
- Prefer ours for TUI and core/codex.rs - Prefer theirs for conversation_history, model_info, tests, Cargo.lock - Add compat prompt, history.keep_last_messages, import get_model_info - Remove dead code to ensure zero warnings Build: ./build-fast.sh PASS (no warnings)
sometimes the model forgets to actually invoke `apply_patch` and puts a
patch as the script body. trying to execute this as bash sometimes
creates files named `,` or `{` or does other unknown things, so catch
this situation and return an error to the model.
Azure Responses API doesn't work well with store:false and response items. If store = false and id is sent an error is thrown that ID is not found If store = false and id is not sent an error is thrown that ID is required Add detection for Azure urls and add a workaround to preserve reasoning item IDs and send store:true
this adds some more capabilities to the default sandbox which I feel are safe. Most are in the [renderer.sb](https://source.chromium.org/chromium/chromium/src/+/main:sandbox/policy/mac/renderer.sb) sandbox for chrome renderers, which i feel is fair game for codex commands. Specific changes: 1. Allow processes in the sandbox to send signals to any other process in the same sandbox (e.g. child processes or daemonized processes), instead of just themselves. 2. Allow user-preference-read 3. Allow process-info* to anything in the same sandbox. This is a bit wider than Chromium allows, but it seems OK to me to allow anything in the sandbox to get details about other processes in the same sandbox. Bazel uses these to e.g. wait for another process to exit. 4. Allow all CPU feature detection, this seems harmless to me. It's wider than Chromium, but Chromium is concerned about fingerprinting, and tightly controls what CPU features they actually care about, and we don't have either that restriction or that advantage. 5. Allow new sysctl-reads: ``` (sysctl-name "vm.loadavg") (sysctl-name-prefix "kern.proc.pgrp.") (sysctl-name-prefix "kern.proc.pid.") (sysctl-name-prefix "net.routetable.") ``` bazel needs these for waiting on child processes and for communicating with its local build server, i believe. I wonder if we should just allow all (sysctl-read), as reading any arbitrary info about the system seems fine to me. 6. Allow iokit-open on RootDomainUserClient. This has to do with power management I believe, and Chromium allows renderers to do this, so okay. Bazel needs it to boot successfully, possibly for sleep/wake callbacks? 7. Mach lookup to `com.apple.system.opendirectoryd.libinfo`, which has to do with user data, and which Chrome allows. 8. Mach lookup to `com.apple.PowerManagement.control`. Chromium allows its GPU process to do this, but not its renderers. Bazel needs this to boot, probably relatedly to sleep/wake stuff.
Fix NUX UI
Fix the reasoning effort not being set to None in the UI
- Keep fork TUI/history ordering and agent/browse tooling - Adopt upstream Responses API Azure workaround; payload_json - Prefer upstream apply-patch heredoc detection; keep direct tool path - Merge macOS seatbelt allowances; dedupe blocks - Reconcile core tests to fork API; verify clean build Build: ./build-fast.sh ok; verify.sh ok
- Keep fork TUI and core invariants per policy - Adopt upstream improvements in common/exec/file-search - Add GPT5_HIGH_MODEL const from upstream Build: build-fast.sh PASS; verify.sh guards PASS
Changes: - skip the welcome animation when the terminal area is below 60x21 - skip the model upgrade animation when the terminal area is below 60x24 to avoid clipping --------- Co-authored-by: Michael Bolin <mbolin@openai.com>
- Adopt upstream exec session exit-status tracking (Arc<AtomicBool>) - Keep our TUI lib/new_model_popup to preserve ordering + branding - Prefer upstream in common/exec where compatible - Verify: scripts/upstream-merge/verify.sh PASS; build-fast.sh 0 warnings
<img width="885" height="177" alt="image" src="https://github.com/user-attachments/assets/d396e0a5-f303-494f-bab1-f7af57b88a3e" /> Fixes this.
…I, adopt upstream core updates (build ok)
…ectly (openai#3656) Reported height was `20` instead of `21`, so `area.height >= MIN_ANIMATION_HEIGHT` was `false` and therefore `show_animation` was `false`, so the animation never displayed.
uses OSC 9 to notify when a turn ends or approval is required. won't work in vs code or terminal.app but iterm2/kitty/wezterm supports it :)
…common/exec - Prefer ours: TUI, core openai_tools/codex.rs/agent_tool/default_client, protocol models - Prefer theirs: common, exec, file-search - Purge guarded assets unaffected; resolved TUI welcome.rs conflict keeping ours - verify.sh ok; build-fast.sh ok (no warnings)
- Preserve TUI and core tool invariants (browser_*, agent_*, web_fetch gating, screenshot queue, UA/version) - Incorporate upstream TUI notifications config and exec-tool flag mapping - Resolve core config conflicts; align tests with forked Config shape verify: scripts/upstream-merge/verify.sh ok; ./build-fast.sh ok
- Resolve .github/workflows/rust-release.yml (keep ours; remain deleted) - Fix cfg.tui moved-after-use in core config (clone before unwrap_or_default) - Apply bucket policy; purge list had no matches verify.sh: ok; build-fast.sh: ok (zero warnings)
…enai#3617) Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.143 to 1.0.145. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/json/releases">serde_json's releases</a>.</em></p> <blockquote> <h2>v1.0.145</h2> <ul> <li>Raise serde version requirement to >=1.0.220</li> </ul> <h2>v1.0.144</h2> <ul> <li>Switch serde dependency to serde_core (<a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/json/commit/efa66e3a1d61459ab2d325f92ebe3acbd6ca18b1"><code>efa66e3</code></a> Release 1.0.145</li> <li><a href="https://github.com/serde-rs/json/commit/23679e2b9d7e4dcaef797ca7c51a4ffb6fce9f36"><code>23679e2</code></a> Add serde version constraint</li> <li><a href="https://github.com/serde-rs/json/commit/fc27bafbf740abc5e5733ec1dd2b5ae25695f895"><code>fc27baf</code></a> Release 1.0.144</li> <li><a href="https://github.com/serde-rs/json/commit/caef3c6ea69e126d18ee8b43dcc2c89d81207815"><code>caef3c6</code></a> Ignore uninlined_format_args pedantic clippy lint</li> <li><a href="https://github.com/serde-rs/json/commit/81ba3aaaff5c3736dd8b762dd1a0cf992bf60593"><code>81ba3aa</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1285">#1285</a> from dtolnay/serdecore</li> <li><a href="https://github.com/serde-rs/json/commit/d21e8ce7a7cc0bab2d53293de42b6343ef1d9144"><code>d21e8ce</code></a> Switch serde dependency to serde_core</li> <li><a href="https://github.com/serde-rs/json/commit/6beb6cd596a00f8838dc0cfc8876ed8fd065896f"><code>6beb6cd</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/json/issues/1286">#1286</a> from dtolnay/up</li> <li><a href="https://github.com/serde-rs/json/commit/1dbc803749213eca37080cc7f29f5aee3ac18941"><code>1dbc803</code></a> Raise required compiler to Rust 1.61</li> <li><a href="https://github.com/serde-rs/json/commit/0bf5d87003aebbbb2b46c96e668283215971d98d"><code>0bf5d87</code></a> Enforce trybuild >= 1.0.108</li> <li><a href="https://github.com/serde-rs/json/commit/d12e943590208da738c092db92c34b39796a2538"><code>d12e943</code></a> Update actions/checkout@v4 -> v5</li> <li>See full diff in <a href="https://github.com/serde-rs/json/compare/v1.0.143...v1.0.145">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
With this change, dependabot should just have to update `Cargo.lock` for `serde`, e.g.: - openai#3617 - openai#3618
…ec/file-search; preserve fork invariants; fix cfg.tui move in core config (build-fast: ok)
…3618) Bumps [serde](https://github.com/serde-rs/serde) from 1.0.219 to 1.0.223. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/serde-rs/serde/releases">serde's releases</a>.</em></p> <blockquote> <h2>v1.0.223</h2> <ul> <li>Fix serde_core documentation links (<a href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a>)</li> </ul> <h2>v1.0.222</h2> <ul> <li>Make <code>serialize_with</code> attribute produce code that works if respanned to 2024 edition (<a href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a>, thanks <a href="https://github.com/aytey"><code>@aytey</code></a>)</li> </ul> <h2>v1.0.221</h2> <ul> <li>Documentation improvements (<a href="https://redirect.github.com/serde-rs/serde/issues/2973">#2973</a>)</li> <li>Deprecate <code>serde_if_integer128!</code> macro (<a href="https://redirect.github.com/serde-rs/serde/issues/2975">#2975</a>)</li> </ul> <h2>v1.0.220</h2> <ul> <li>Add a way for data formats to depend on serde traits without waiting for serde_derive compilation: <a href="https://docs.rs/serde_core">https://docs.rs/serde_core</a> (<a href="https://redirect.github.com/serde-rs/serde/issues/2608">#2608</a>, thanks <a href="https://github.com/osiewicz"><code>@osiewicz</code></a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/serde-rs/serde/commit/6c316d7cb5f3780d2a418d277a756516beeacc42"><code>6c316d7</code></a> Release 1.0.223</li> <li><a href="https://github.com/serde-rs/serde/commit/a4ac0c2bc6625ee83ddf4b35f11eca48f90ebae2"><code>a4ac0c2</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2978">#2978</a> from dtolnay/htmlrooturl</li> <li><a href="https://github.com/serde-rs/serde/commit/ed76364f877a6ebc653a0339dcea89b9e3cc7507"><code>ed76364</code></a> Change serde_core's html_root_url to docs.rs/serde_core</li> <li><a href="https://github.com/serde-rs/serde/commit/57e21a1afa280ae982f19aea2776318fbcd711be"><code>57e21a1</code></a> Release 1.0.222</li> <li><a href="https://github.com/serde-rs/serde/commit/bb58726133fb30b89ccea3e357eb91f4b2d460a0"><code>bb58726</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2950">#2950</a> from aytey/fix_lifetime_issue_2024</li> <li><a href="https://github.com/serde-rs/serde/commit/3f6925125bae7837d918da63f2dba6efabad8dec"><code>3f69251</code></a> Delete unneeded field of MapDeserializer</li> <li><a href="https://github.com/serde-rs/serde/commit/fd4decf2fe36a8e4408aefc493960141b8b0cd02"><code>fd4decf</code></a> Merge pull request <a href="https://redirect.github.com/serde-rs/serde/issues/2976">#2976</a> from dtolnay/content</li> <li><a href="https://github.com/serde-rs/serde/commit/00b1b6b2b5e6154eba81e2ad8c6a43b945583ad0"><code>00b1b6b</code></a> Move Content's Deserialize impl from serde_core to serde</li> <li><a href="https://github.com/serde-rs/serde/commit/cf141aa8c79a40fe7b7c5ac5dbfd28802f2e01f4"><code>cf141aa</code></a> Move Content's Clone impl from serde_core to serde</li> <li><a href="https://github.com/serde-rs/serde/commit/ff3aee490abff5267cac86f07e0301aa6d441760"><code>ff3aee4</code></a> Release 1.0.221</li> <li>Additional commits viewable in <a href="https://github.com/serde-rs/serde/compare/v1.0.219...v1.0.223">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Mode: by-bucket; applied prefer-ours/theirs + purge policy - Preserved fork invariants (browser_/agent_/web_fetch, UA/version, TUI UX) - Verified: scripts/upstream-merge/verify.sh OK; ./build-fast.sh OK
…3619) Bumps [wildmatch](https://github.com/becheran/wildmatch) from 2.4.0 to 2.5.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/becheran/wildmatch/releases">wildmatch's releases</a>.</em></p> <blockquote> <h2>v2.5.0</h2> <p><a href="https://redirect.github.com/becheran/wildmatch/pull/27">becheran/wildmatch#27</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/becheran/wildmatch/commit/b39902c120687e152f0835b21af51fa8e213231f"><code>b39902c</code></a> chore: Release wildmatch version 2.5.0</li> <li><a href="https://github.com/becheran/wildmatch/commit/87a8cf4c8056149da42443593b5535e1fbeaee66"><code>87a8cf4</code></a> Merge pull request <a href="https://redirect.github.com/becheran/wildmatch/issues/28">#28</a> from smichaku/micha/fix-unicode-case-insensitive-matching</li> <li><a href="https://github.com/becheran/wildmatch/commit/a3ab4903f58626c17adac6edcdb0bbeacee778d7"><code>a3ab490</code></a> fix: Fix unicode matching for non-ASCII characters</li> <li>See full diff in <a href="https://github.com/becheran/wildmatch/compare/v2.4.0...v2.5.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…n\n- Prefer ours for guarded core/TUI; prefer theirs for common/exec/file-search\n- Resolve core/Cargo.toml: keep fork deps; bump wildmatch to 2.5.0 from upstream\n- Purge images unchanged; workflows/docs preserved per policy\n\nBuild: ./build-fast.sh ok; verify.sh guards passed
- Prefer ours for guarded TUI; prefer theirs for common/exec/file-search - Add width-aware popup sizing + trait import; align composer calls - Keep tool/UA/version invariants; purge list unchanged Build: ./build-fast.sh ok; verify.sh guards passed
## Summary Splitting out this smaller fix from openai#2694 - fixes the sandbox permissions so Chat / read-only mode tool definition matches expectations ## Testing - [x] Tested locally <img width="1271" height="629" alt="Screenshot 2025-09-15 at 2 51 19 PM" src="https://github.com/user-attachments/assets/fcb247e4-30b6-4199-80d7-a2876d79ad7d" />
…pstream outside prefer-ours; keep fork invariants\n- Purge .github/codex-cli-*.png per policy\n- verify.sh: build_fast=ok api_check=ok guards=ok branding=ok
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR merges openai/codex@main into main.