Codex CLI 0.112.0: Plugin Mentions & Sandbox Hardening
Plugin mentions, sandbox hardening, and JS REPL state fixes in Codex CLI 0.112.0. Safer execution and smoother iterative workflows.
TL;DR
- @plugin mentions let you reference plugins directly in chat with auto-included context
- Sandbox isolation hardened for Linux and macOS with stricter permission handling
- JS REPL state now persists after failed cells, reducing restart friction
New
- @plugin mentions — Reference plugins directly in chat and auto-include their MCP/app/skill context without manual setup.
- Model selection surface update — Latest model catalog changes now surface in the TUI picker flow.
- Per-turn sandbox policy for zsh-fork — Merged executable permission profiles into sandbox execution for safer, additive privilege handling.
Fixed
- JS REPL state persistence — Previously-initialized bindings now persist after a failed cell, eliminating brittle restarts during iterative sessions.
- Graceful app-server shutdown — SIGTERM now behaves like Ctrl-C for clean websocket shutdown instead of abrupt termination.
- JS REPL image hardening — emitImage now accepts only data: URLs, preventing external URL forwarding vulnerabilities.
- Linux sandbox isolation — bubblewrap always unshares the user namespace, keeping isolation consistent even for root-owned invocations.
- macOS Seatbelt reliability — Improved network and unix-socket handling in constrained subprocess environments.
- Diagnostics visibility — Connectivity and diagnostics now surface earlier in the workflow.
Documentation
- JS REPL image guidance — Clarified emission and encoding semantics, including repeated emitImage call patterns.
Update: npm install -g @openai/codex-cli@0.112.0 or check the full release on GitHub.
Source: Codex
