# Fix CLI launcher on Windows by replacing `sh`-based entrypoint with
cross-platform Node script
## What's changed
* This PR attempts to replace the sh-based entry point with a node
script that works on all platforms including Windows Powershell and CMD
## Why
* Previously, when installing Codex globally via `npm i -g
@openai/codex`, Windows resulted in a broken CLI issue due to the `ps1`
launcher trying to execute `sh.exe`.
* If users don't have Unix-style shell, running the command will fail as
seen below since `sh.exe` can't be found
* Output:
```
& : The term 'sh.exe' is not recognized as the name of a cmdlet,
function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\Users\{user}\AppData\Roaming\npm\codex.ps1:24 char:7
+ & "sh$exe" "$basedir/node_modules/@openai/codex/bin/codex" $args
+ ~~~~~~~~
+ CategoryInfo : ObjectNotFound: (sh.exe:String) [],
CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
```
## How
* By using a Node based entry point that resolves the path to the compiled ESM bundle and dynamically loads it using native ESM
* Removed dependency on platform-specific launchers allowing a single entrypoint to work everywhere Node.js runs.
## Result
Codex CLI now supports cross-platform and launches correctly via:
* macOS / Linux
* Windows PowerShell
* GitBash
* CMD
* WSL
Directly addresses #316
Fix: Shift + Enter no longer prints “[27;2;13~” in the single‑line
input. Validated as working and necessary in Ghostty on Linux.
## Key points
- src/components/vendor/ink-text-input.tsx
- Added early handler that recognises the two modifyOtherKeys
escape‑sequences
- [13;<mod>u (mode 2 / CSI‑u)
- [27;<mod>;13~ (mode 1 / legacy CSI‑~)
- If Ctrl is held (hasCtrl flag) → call onSubmit() (same as plain
Enter).
- Otherwise → insert a real newline at the caret (same as Option+Enter).
- Prevents the raw sequence from being inserted into the buffer.
- src/components/chat/multiline-editor.tsx
- Replaced non‑breaking spaces with normal spaces to satisfy eslint
no‑irregular‑whitespace rule (no behaviour change).
All unit tests (114) and ESLint now pass:
npm test ✔️
npm run lint ✔️
closes#207
I'd be lying if I said I was familiar with these particulars more than a
couple hours ago, but after investigating and testing locally, this does
fix the go issue, I prefer it over #272 which is a lot of code and a one
off fix
----
cc @bolinfest do you mind taking a look here?
1. Seatbelt compares the paths it gets from the kernal to its policies
1. Go is attempting to write to the os.tmpdir, which we have
allowlisted.
1. The kernel rewrites /var/… to /private/var/… before the sandbox
check.
1. The policy still said /var/…, so writes were denied.
Fix: canonicalise every writable root we feed into the policy
(realpathSync(...)).
We do not have to touch runtime file paths—the kernel already
canonicalises those.
### before
see that the command exited 1, and that the command was reported to be
prohibited, despite using the allowlisted tmpdir
https://github.com/user-attachments/assets/23911101-0ec0-4a59-a0a1-423be04063f0
### after
command exits 0
https://github.com/user-attachments/assets/6ab2bcd6-68bd-4f89-82bb-2c8612e39ac3
This PR introduces a Nix flake configuration to enable reproducible
development environments:
- Adds flake.nix defining a devShell with necessary dependencies.
- Updates README.md with usage instructions for `nix develop`.
- Ensures CI compatibility with Nix for consistent builds.
### What is added?
I extend the if-else blocks with an additional condition where the
commands validity is checked. This only applies for entered inputs that
start with '/' and are a single word. This isn't necessarily restrictive
from the previous behavior of the program. When an invalid command is
detected, an error message is printed with a direction to retrieve
command list.
### Why is it added?
There are three main reasons for this change
**1. Model Hallucination**: When invalid commands are passed as prompts
to models, models hallucinate behavior. Since there was a fall through
in invalid commands, the models took these as prompts and hallucinated
that they completed the prompted task. An example of this behavior is
below. In the case of this example, the model though they had access to
`/clearhistory` tool where in reality that isn't the case.
A before and after effect of this tool is below:
**2. Saves Users Credits and Time**: Since false commands and invalid
commands aren't processed by the model, the user doesn't spend money on
stuff that could have been mitigated much easily. The time argument is
especially applicable for reasoning models.
**3. Saves GPU Time**: GPU time is valuable, and it is not necessary to
spend it on unnecessary/invalid requests.
### Code Explanation
If no command is matched, we check if the inputValue start with `/`
which indicated the input is a command (I will address the case where it
is isn't below). If the inputValue start with `/` we enter the else if
statement. I used a nested if statement for readability and further
extendability in the future.
There are alternative ways to check besides regex, but regex is a short
code and looks clean.
**Check Conditions**: The reason why I only check single word(command)
case is that to allow prompts where the user might decide to start with
`/` and aren't commands. The nested if statements also come in handy
where in the future other contributors might want to extend this
checking.
The code passes type, lint and test checks.
Added the ability to compact. Not sure if I should switch the model over
to gpt-4.1 for longer context or if keeping the current model is fine.
Also I'm not sure if setting the compacted to system is best practice,
would love feedback 😄
Mentioned in this issue: https://github.com/openai/codex/issues/230
Probably not the most exciting PR you’ll get today, but I noticed that
every file in the repo follows kebab-case… except one brave little
underscore in `cli_singlepass.tsx`.
So I made the world a little more consistent. Just a filename rename —
no logic changes, no semicolons harmed
Didn’t touch any code, I promise. Just bringing order to the filesystem
— one hyphen at a time.
This PR adds a shell wrapper in `codex-cli/bin/codex` to detect node or
bun as the runtime.
It updates:
- `package.json` bin entry
- published files list to include bin/
- README install instructions to include `bun install -g @openai/codex`
Hi, when I tried to run the tests in the cloned repo I got an error from
vitest trying to get the vite.config.ts from the parent folder. I don't
know why this it not happening to more people but this fixed it, so
maybe it is useful for someone else.
This PR replaces all hard‑coded patch markers in apply‑patch.ts with the
corresponding constants (now) exported from parse‑apply‑patch.ts.
Changes
• Import PATCH_PREFIX, PATCH_SUFFIX, ADD_FILE_PREFIX,
DELETE_FILE_PREFIX, UPDATE_FILE_PREFIX, MOVE_FILE_TO_PREFIX,
END_OF_FILE_PREFIX, and HUNK_ADD_LINE_PREFIX from parse‑apply‑patch.ts.
• Remove duplicate string literals for patch markers in apply‑patch.ts.
• Changed is_done() to trim the input to account for the slight
difference between the variables.
Why
• DRY & Consistency: Ensures a single source of truth for patch
prefixes.
• Maintainability: Simplifies future updates to prefix values by
centralizing them.
• Readability: Makes the code more declarative and self‑documenting.
All tests are passing, lint and format was ran.
Updated the position of the cursor on the user input box to be at the
end of the text when the user uses the arrow keys to navigate through
the input history in order to better match the behavior of a terminal.
This adds support for a new flag, `-w,--writable-root`, that can be
specified multiple times to _amend_ the list of folders that should be
configured as "writable roots" by the sandbox used in `full-auto` mode.
Values that are passed as relative paths will be resolved to absolute
paths.
Incidentally, this required updating a number of the `agent*.test.ts`
files: it feels like some of the setup logic across those tests could be
consolidated.
In my testing, it seems that this might be slightly out of distribution
for the model, as I had to explicitly tell it to run `apply_patch` and
that it had the permissions to write those files (initially, it just
showed me a diff and told me to apply it myself). Nevertheless, I think
this is a good starting point.
Add a note in Quickstart that you can drop your API key into a `.env`
file
(since dotenv support was introduced in 40266be#122).
✅ Ran `npm test && npm run lint && npm run typecheck` locally
I have read the CLA Document and I hereby sign the CLA
Signed-off-by: Dan Lewis <dglewi@gmail.com>
# Shell Command Explanation Option
## Description
This PR adds an option to explain shell commands when the user is
prompted to approve them (Fixes#110). When reviewing a shell command,
users can now select "Explain this command" to get a detailed
explanation of what the command does before deciding whether to approve
or reject it.
## Changes
- Added a new "EXPLAIN" option to the `ReviewDecision` enum
- Updated the command review UI to include an "Explain this command (x)"
option
- Implemented the logic to send the command to the LLM for explanation
using the same model as the agent
- Added a display for the explanation in the command review UI
- Updated all relevant components to pass the explanation through the
component tree
## Benefits
- Improves user understanding of shell commands before approving them
- Reduces the risk of approving potentially harmful commands
- Enhances the educational aspect of the tool, helping users learn about
shell commands
- Maintains the same workflow with minimal UI changes
## Testing
- Manually tested the explanation feature with various shell commands
- Verified that the explanation is displayed correctly in the UI
- Confirmed that the user can still approve or reject the command after
viewing the explanation
## Screenshots
## Additional Notes
The explanation is generated using the same model as the agent, ensuring
consistency in the quality and style of explanations.
---------
Signed-off-by: crazywolf132 <crazywolf132@gmail.com>
I think the retry issue is just that the regex is wrong, checkout the
reported error messages folks are seeing:
> message: 'Rate limit reached for o4-mini in organization
org-{redacted} on tokens per min (TPM): Limit 200000, Used 152566,
Requested 60651. Please try again in 3.965s. Visit
https://platform.openai.com/account/rate-limits to learn more.',
The error message uses `try again` not `retry again`
peep this regexpal: https://www.regexpal.com/?fam=155648
This PR adds a command history persistence feature to Codex CLI that:
1. **Stores command history**: Commands are saved to
`~/.codex/history.json` and persist between CLI sessions.
2. **Navigates history**: Users can use the up/down arrow keys to
navigate through command history, similar to a traditional shell.
3. **Filters sensitive data**: Built-in regex patterns prevent commands
containing API keys, passwords, or tokens from being saved.
4. **Configurable**: Added configuration options for history size,
enabling/disabling history, and custom regex patterns for sensitive
content.
5. **New command**: Added `/clearhistory` command to clear command
history.
## Code Changes
- Added `src/utils/storage/command-history.ts` with functions for
history management
- Extended config system to support history settings
- Updated terminal input components to use persistent history
- Added help text for the new `/clearhistory` command
- Added CLAUDE.md file for guidance when working with the codebase
## Testing
- All tests are passing
- Core functionality works with both input components (standard and
multiline)
- History navigation behaves correctly at line boundaries with the
multiline editor
**What**?
Add a `Tracing / Verbose Logging` section to the README
**Why**?
Enable easier troubleshooting by logging full API requests, responses,
and prompt details used during code generation.
**How**?
Inserted the new section between `Non‑interactive / CI mode` and `FAQ`.
## Fix Windows compatibility issues (#248)
This PR addresses the Windows compatibility issues reported in #248:
1. **Fix sandbox initialization failure on Windows**
- Modified `getSandbox()` to return `SandboxType.NONE` on Windows
instead of throwing an error
- Added a warning log message to inform the user that sandbox is not
available on Windows
2. **Fix Unix commands not working on Windows**
- Created a new module
[platform-commands.ts](cci:7://file:///c:/Users/HP%20840%20G6/workflow/codex/codex-cli/src/utils/agent/platform-commands.ts:0:0-0:0)
that automatically adapts Unix commands to their Windows equivalents
- Implemented a mapping table for common commands and their options
- Integrated this functionality into the command execution process
### Testing
Tested on Windows 10 with the following commands:
- `ls -R .` (now automatically translates to `dir /s .`)
- Other Unix commands like `grep`, `cat`, etc.
The CLI no longer crashes when running these commands on Windows.
I have read the CLA Document and I hereby sign the CLA
---------
Signed-off-by: Alpha Diop <alphakhoss@gmail.com>
I had Codex read #182 and draft a PR to fix it. This is its suggested
approach. I've tested it and it works. It removes the purple `thinking
for 386s` type lines entirely, and replaces them with a single yellow
`thinking for #s` line:
```
thinking for 31s
╭────────────────────────────────────────╮
│( ● ) Thinking..
╰────────────────────────────────────────╯
```
prompt. I've been using it that way via `npm run dev`, and prefer it.
## What
Empty "reasoning" updates were showing up as blank lines in the terminal
chat history. We now short-circuit and return `null` whenever
`message.summary` is empty, so those no-ops are suppressed.
## How
- In `TerminalChatResponseReasoning`, return early if `message.summary`
is falsy or empty.
- In `TerminalMessageHistory`, drop any reasoning items whose
`summary.length === 0`.
- Swapped out the loose `any` cast for a safer `unknown`-based cast.
- Rolled back the temporary Vitest script hacks that were causing stack
overflows.
## Why
Cluttering the chat with empty lines was confusing; this change ensures
only real reasoning text is rendered.
Reference: openai/codex#182
---------
Co-authored-by: Thibault Sottiaux <tibo@openai.com>
**What is added?**
Additional error handling functionality is added before the errors are
thrown to be handled by upstream handlers. The changes improves the user
experience and make the error handling smoother (and more informative).
**Why is it added?**
Before this addition, when a user tried to use a model they needed
previous setup for, the program crashed. This is not necessary here, and
informative message is sufficient and enhances user experience. This
adheres to the specifications stated in the code file as well by not
masking potential logical error detection. Following is before and
after:
Moreover, AFAIK no logic was present to handle this or a similar issue
in upstream handlers.
**How is it scoped? Why won't this mask other errors?**
The new brach triggers *only* for `invalid_request_error` events whose
`code` is model related (`model_not_found`)
This also doesn't prevent the detection (for the case of masking logical
errors) of wrong model names, as they would have been caught earlier on.
The code passes test, lint and type checks. I believe relevant
documentation is added, but I would be more than happy to do further
fixes in the code if necessary.
# Add Husky and lint-staged for automated code quality checks
## Description
This PR adds Husky Git hooks and lint-staged to automate code quality
checks during the development workflow.
## Features Added
- Pre-commit hook that runs lint-staged to check files before committing
- Pre-push hook that runs tests and type checking before pushing
- Configuration for lint-staged to format and lint different file types
- Documentation explaining the Husky setup and usage
- Updated README.md with information about Git hooks
## Benefits
- Ensures consistent code style across the project
- Prevents pushing code with failing tests or type errors
- Reduces the need for style-related code review comments
- Improves overall code quality
## Implementation Details
- Added Husky and lint-staged as dev dependencies
- Created pre-commit and pre-push hooks
- Added configuration for lint-staged
- Added documentation in HUSKY.md
- Updated README.md with a new section on Git hooks
## Testing
The hooks have been tested locally and work as expected:
- Pre-commit hook runs ESLint and Prettier on staged files
- Pre-push hook runs tests and type checking
I have read the CLA Document and I hereby sign the CLA
---------
Signed-off-by: Alpha Diop <alphakhoss@gmail.com>
## Problem
There's a security vulnerability in the current implementation where
shell commands are being executed without requesting user permission
even when in 'suggest' mode. According to our documentation:
> In **Suggest** mode (default): All file writes/patches and **ALL
shell/Bash commands** should require approval.
However, the current implementation in `approvals.ts` was auto-approving
commands deemed "safe" by the `isSafeCommand` function, bypassing the
user permission requirement. This is a security risk as users expect all
shell commands to require explicit approval in 'suggest' mode.
## Solution
This PR fixes the issue by modifying the `canAutoApprove` function in
`approvals.ts` to respect the 'suggest' mode policy for all shell
commands:
1. Added an early check at the beginning of `canAutoApprove` to
immediately return `{ type: "ask-user" }` when the policy is `suggest`,
regardless of whether the command is considered "safe" or not.
2. Added a similar check in the bash command handling section to ensure
bash commands also respect the 'suggest' mode.
3. Updated tests to verify the new behavior, ensuring that all shell
commands require approval in 'suggest' mode, while still being
auto-approved in 'auto-edit' and 'full-auto' modes when appropriate.
## Testing
All tests pass, confirming that the fix works as expected. The updated
tests verify that:
- All commands (even "safe" ones) require approval in 'suggest' mode
- Safe commands are still auto-approved in 'auto-edit' mode
- Bash commands with redirects still require approval in all modes
This change ensures that the behavior matches what's documented and what
users expect, improving security by requiring explicit permission for
all shell commands in the default 'suggest' mode.
This PR makes changes in the Dockerfile to reduce the final image size.
I'm sure this can be optimized further. But I didn't want to make too
many changes at once.
Original:
```
REPOSITORY TAG IMAGE ID CREATED SIZE
codex latest c8f66942ded3 4 minutes ago 1.91GB
```
Now:
```
REPOSITORY TAG IMAGE ID CREATED SIZE
codex latest 2a6d6450609c 4 minutes ago 747MB
```
**What?**
Add a section to the README documenting the current limitation for Codex
with Zero Data Retention (ZDR) organizations.
**Why?**
Users from ZDR organizations encounter errors due to the Responses API’s
requirement for `store:true`, which is incompatible with ZDR policies.
See #106 for more info.
**How?**
- Added a new section in the README, after FAQ and before Funding.
- Explained the error message and reason.
- Linked to documentation as linked in the issue.
## Description
This PR fixes the issue where the CLI can't continue after interrupting
the assistant with ESC ESC (Fixes#114). The problem was caused by
duplicate code in the `cancel()` method and improper state reset after
cancellation.
## Changes
- Fixed duplicate code in the `cancel()` method of the `AgentLoop` class
- Added proper reset of the `currentStream` property in the `cancel()`
method
- Created a new `AbortController` after aborting the current one to
ensure future tool calls work
- Added a system message to indicate the interruption to the user
- Added a comprehensive test to verify the fix
## Benefits
- Users can now continue using the CLI after interrupting the assistant
- Improved user experience by providing feedback when interruption
occurs
- Better state management in the agent loop
## Testing
- Added a dedicated test that verifies the agent can process new input
after cancellation
- Manually tested the fix by interrupting the assistant and confirming
that new input is processed correctly
---------
Signed-off-by: crazywolf132 <crazywolf132@gmail.com>
# Description
This PR fixes a typo where the prompt prefix for the agent loop was
missing the word "as"
# Changes
* Added missing word "as" within the agent loop prompt prefix
# Benefits
* The prompt is now grammatically correct and clearer
# Testing
* Manually tested the fix
