Sign in Subscribe
openai

Codex CLI 0.122.0: Plugin Marketplace, Sandbox Security, Plan Mode

Codex CLI 0.122.0 ships plugin marketplace v2 with tabbed browsing and remote sources, tightens filesystem sandbox security with deny-read policies, and adds Plan Mode context preview. TUI improvements include /side conversations and proper stale prompt dismissal.

TL;DR

  • Plugin marketplace now supports tabbed browsing, inline toggles, and remote/cross-repo sources
  • Filesystem sandbox tightened with deny-read glob policies and isolated exec runs
  • Plan Mode can start fresh implementation with context usage preview before committing
  • Tool discovery and image generation enabled by default; stale TUI prompts now dismiss properly

New

  • Plugin marketplace v2 — Tabbed browsing, inline enable/disable toggles, marketplace removal, and support for remote, cross-repo, or local marketplace sources.
  • Filesystem permissions overhaul — Deny-read glob policies, managed deny-read requirements, platform sandbox enforcement, and isolated codex exec runs that ignore user config or rules.
  • Plan Mode context preview — Start implementation in a fresh context with context-usage shown before deciding whether to carry the planning thread forward.
  • TUI side conversations/side command opens quick side questions; queued input now supports slash commands and ! shell prompts while work is running.
  • Tool discovery and image generation enabled by default — Higher-detail image handling and original-detail metadata support for MCP and js_repl image outputs.
  • Standalone installer improvements — More self-contained; codex app now opens or installs Desktop correctly on Windows and Intel Macs.

Fixed

  • Stale app-server approvals, user-input prompts, and MCP elicitations now disappear from the TUI when another client resolves them.
  • Remote-control startup tolerates missing ChatGPT auth; MCP startup cancellation works again through app-server sessions.
  • Resumed and forked app-server threads replay token usage immediately so context/status UI starts with the restored state.
  • Security tightened: logout revokes managed ChatGPT tokens, project hooks and exec policies require trusted workspaces, Windows sandbox avoids broad user-profile and SSH-root grants.
  • Sandboxed apply_patch writes work correctly with split filesystem policies; file watchers now notice files created after watching begins.
  • TUI rough edges fixed: fatal skills-list failures, invalid resume hints, duplicate context statusline entries, /model menu loops, redundant memory notices, terminal title quoting in iTerm2.

Breaking Changes

  • Marketplace API changes for plugin loading and removal — see updated app-server docs for migration details.

Update via: npm install -g @openai/codex@0.122.0 or check the full release on GitHub.

Source: Codex

Read next