@openai/codex 0.19.0 → 0.21.0

package/README.md

@@ -18,6 +18,9 @@
 - [Quickstart](#quickstart)
   - [Installing and running Codex CLI](#installing-and-running-codex-cli)
   - [Using Codex with your ChatGPT plan](#using-codex-with-your-chatgpt-plan)
+  - [Connecting on a "Headless" Machine](#connecting-on-a-headless-machine)
+    - [Authenticate locally and copy your credentials to the "headless" machine](#authenticate-locally-and-copy-your-credentials-to-the-headless-machine)
+    - [Connecting through VPS or remote](#connecting-through-vps-or-remote)
   - [Usage-based billing alternative: Use an OpenAI API key](#usage-based-billing-alternative-use-an-openai-api-key)
   - [Choosing Codex's level of autonomy](#choosing-codexs-level-of-autonomy)
     - [**1. Read/write**](#1-readwrite)
@@ -98,16 +101,57 @@ Each archive contains a single entry with the platform baked into the name (e.g.
   <img src="./.github/codex-cli-login.png" alt="Codex CLI login" width="50%" />
   </p>
 
-After you run `codex` select Sign in with ChatGPT. You'll need a Plus, Pro, or Team ChatGPT account, and will get access to our latest models, including `gpt-5`, at no extra cost to your plan. (Enterprise is coming soon.)
+Run `codex` and select **Sign in with ChatGPT**. You'll need a Plus, Pro, or Team ChatGPT account, and will get access to our latest models, including `gpt-5`, at no extra cost to your plan. (Enterprise is coming soon.)
 
-> Important: If you've used the Codex CLI before, you'll need to follow these steps to migrate from usage-based billing with your API key:
+> Important: If you've used the Codex CLI before, follow these steps to migrate from usage-based billing with your API key:
 >
-> 1. Update the CLI with `codex update` and ensure `codex --version` is greater than 0.13
-> 2. Ensure that there is no `OPENAI_API_KEY` environment variable set. (Check that `env | grep 'OPENAI_API_KEY'` returns empty)
+> 1. Update the CLI and ensure `codex --version` is `0.20.0` or later
+> 2. Delete `~/.codex/auth.json` (this should be `C:\Users\USERNAME\.codex\auth.json` on Windows)
 > 3. Run `codex login` again
 
 If you encounter problems with the login flow, please comment on [this issue](https://github.com/openai/codex/issues/1243).
 
+### Connecting on a "Headless" Machine
+
+Today, the login process entails running a server on `localhost:1455`. If you are on a "headless" server, such as a Docker container or are `ssh`'d into a remote machine, loading `localhost:1455` in the browser on your local machine will not automatically connect to the webserver running on the _headless_ machine, so you must use one of the following workarounds:
+
+#### Authenticate locally and copy your credentials to the "headless" machine
+
+The easiest solution is likely to run through the `codex login` process on your local machine such that `localhost:1455` _is_ accessible in your web browser. When you complete the authentication process, an `auth.json` file should be available at `$CODEX_HOME/auth.json` (on Mac/Linux, `$CODEX_HOME` defaults to `~/.codex` whereas on Windows, it defaults to `%USERPROFILE%\.codex`).
+
+Because the `auth.json` file is not tied to a specific host, once you complete the authentication flow locally, you can copy the `$CODEX_HOME/auth.json` file to the headless machine and then `codex` should "just work" on that machine. Note to copy a file to a Docker container, you can do:
+
+```shell
+# substitute MY_CONTAINER with the name or id of your Docker container:
+CONTAINER_HOME=$(docker exec MY_CONTAINER printenv HOME)
+docker exec MY_CONTAINER mkdir -p "$CONTAINER_HOME/.codex"
+docker cp auth.json MY_CONTAINER:"$CONTAINER_HOME/.codex/auth.json"
+```
+
+whereas if you are `ssh`'d into a remote machine, you likely want to use [`scp`](https://en.wikipedia.org/wiki/Secure_copy_protocol):
+
+```shell
+ssh user@remote 'mkdir -p ~/.codex'
+scp ~/.codex/auth.json user@remote:~/.codex/auth.json
+```
+
+or try this one-liner:
+
+```shell
+ssh user@remote 'mkdir -p ~/.codex && cat > ~/.codex/auth.json' < ~/.codex/auth.json
+```
+
+#### Connecting through VPS or remote
+
+If you run Codex on a remote machine (VPS/server) without a local browser, the login helper starts a server on `localhost:1455` on the remote host. To complete login in your local browser, forward that port to your machine before starting the login flow:
+
+```bash
+# From your local machine
+ssh -L 1455:localhost:1455 <user>@<remote-host>
+```
+
+Then, in that SSH session, run `codex` and select "Sign in with ChatGPT". When prompted, open the printed URL (it will be `http://localhost:1455/...`) in your local browser. The traffic will be tunneled to the remote server.
+
 ### Usage-based billing alternative: Use an OpenAI API key
 
 If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API key by setting it as an environment variable:
@@ -116,7 +160,10 @@ If you prefer to pay-as-you-go, you can still authenticate with your OpenAI API
 export OPENAI_API_KEY="your-api-key-here"
 ```
 
-> Note: This command only sets the key for your current terminal session, which we recommend. To set it for all future sessions, you can also add the `export` line to your shell's configuration file (e.g., `~/.zshrc`).
+Notes:
+
+- This command only sets the key for your current terminal session, which we recommend. To set it for all future sessions, you can also add the `export` line to your shell's configuration file (e.g., `~/.zshrc`).
+- If you have signed in with ChatGPT, Codex will default to using your ChatGPT credits. If you wish to use your API key, use the `/logout` command to clear your ChatGPT authentication.
 
 ### Choosing Codex's level of autonomy
 

package/bin/codex.js

@@ -1,154 +1,123 @@
 #!/usr/bin/env node
 // Unified entry point for the Codex CLI.
-/*
- * Behavior
- * =========
- *   1. By default we import the JavaScript implementation located in
- *      dist/cli.js.
- *
- *   2. Developers can opt-in to a pre-compiled Rust binary by setting the
- *      environment variable CODEX_RUST to a truthy value (`1`, `true`, etc.).
- *      When that variable is present we resolve the correct binary for the
- *      current platform / architecture and execute it via child_process.
- *
- *      If the CODEX_RUST=1 is specified and there is no native binary for the
- *      current platform / architecture, an error is thrown.
- */
 
-import fs from "fs";
 import path from "path";
-import { fileURLToPath, pathToFileURL } from "url";
-
-// Determine whether the user explicitly wants the Rust CLI.
+import { fileURLToPath } from "url";
 
 // __dirname equivalent in ESM
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = path.dirname(__filename);
 
-// For the @native release of the Node module, the `use-native` file is added,
-// indicating we should default to the native binary. For other releases,
-// setting CODEX_RUST=1 will opt-in to the native binary, if included.
-const wantsNative = fs.existsSync(path.join(__dirname, "use-native")) ||
-  (process.env.CODEX_RUST != null
-    ? ["1", "true", "yes"].includes(process.env.CODEX_RUST.toLowerCase())
-    : false);
+const { platform, arch } = process;
+
+let targetTriple = null;
+switch (platform) {
+  case "linux":
+  case "android":
+    switch (arch) {
+      case "x64":
+        targetTriple = "x86_64-unknown-linux-musl";
+        break;
+      case "arm64":
+        targetTriple = "aarch64-unknown-linux-musl";
+        break;
+      default:
+        break;
+    }
+    break;
+  case "darwin":
+    switch (arch) {
+      case "x64":
+        targetTriple = "x86_64-apple-darwin";
+        break;
+      case "arm64":
+        targetTriple = "aarch64-apple-darwin";
+        break;
+      default:
+        break;
+    }
+    break;
+  case "win32":
+    switch (arch) {
+      case "x64":
+        targetTriple = "x86_64-pc-windows-msvc.exe";
+        break;
+      case "arm64":
+        // We do not build this today, fall through...
+      default:
+        break;
+    }
+    break;
+  default:
+    break;
+}
 
-// Try native binary if requested.
-if (wantsNative && process.platform !== 'win32') {
-  const { platform, arch } = process;
+if (!targetTriple) {
+  throw new Error(`Unsupported platform: ${platform} (${arch})`);
+}
 
-  let targetTriple = null;
-  switch (platform) {
-    case "linux":
-    case "android":
-      switch (arch) {
-        case "x64":
-          targetTriple = "x86_64-unknown-linux-musl";
-          break;
-        case "arm64":
-          targetTriple = "aarch64-unknown-linux-musl";
-          break;
-        default:
-          break;
-      }
-      break;
-    case "darwin":
-      switch (arch) {
-        case "x64":
-          targetTriple = "x86_64-apple-darwin";
-          break;
-        case "arm64":
-          targetTriple = "aarch64-apple-darwin";
-          break;
-        default:
-          break;
-      }
-      break;
-    default:
-      break;
+const binaryPath = path.join(__dirname, "..", "bin", `codex-${targetTriple}`);
+
+// Use an asynchronous spawn instead of spawnSync so that Node is able to
+// respond to signals (e.g. Ctrl-C / SIGINT) while the native binary is
+// executing. This allows us to forward those signals to the child process
+// and guarantees that when either the child terminates or the parent
+// receives a fatal signal, both processes exit in a predictable manner.
+const { spawn } = await import("child_process");
+
+const child = spawn(binaryPath, process.argv.slice(2), {
+  stdio: "inherit",
+  env: { ...process.env, CODEX_MANAGED_BY_NPM: "1" },
+});
+
+child.on("error", (err) => {
+  // Typically triggered when the binary is missing or not executable.
+  // Re-throwing here will terminate the parent with a non-zero exit code
+  // while still printing a helpful stack trace.
+  // eslint-disable-next-line no-console
+  console.error(err);
+  process.exit(1);
+});
+
+// Forward common termination signals to the child so that it shuts down
+// gracefully. In the handler we temporarily disable the default behavior of
+// exiting immediately; once the child has been signaled we simply wait for
+// its exit event which will in turn terminate the parent (see below).
+const forwardSignal = (signal) => {
+  if (child.killed) {
+    return;
   }
-
-  if (!targetTriple) {
-    throw new Error(`Unsupported platform: ${platform} (${arch})`);
+  try {
+    child.kill(signal);
+  } catch {
+    /* ignore */
   }
-
-  const binaryPath = path.join(__dirname, "..", "bin", `codex-${targetTriple}`);
-
-  // Use an asynchronous spawn instead of spawnSync so that Node is able to
-  // respond to signals (e.g. Ctrl-C / SIGINT) while the native binary is
-  // executing. This allows us to forward those signals to the child process
-  // and guarantees that when either the child terminates or the parent
-  // receives a fatal signal, both processes exit in a predictable manner.
-  const { spawn } = await import("child_process");
-
-  const child = spawn(binaryPath, process.argv.slice(2), {
-    stdio: "inherit",
-    env: { ...process.env, CODEX_MANAGED_BY_NPM: "1" },
-  });
-
-  child.on("error", (err) => {
-    // Typically triggered when the binary is missing or not executable.
-    // Re-throwing here will terminate the parent with a non-zero exit code
-    // while still printing a helpful stack trace.
-    // eslint-disable-next-line no-console
-    console.error(err);
-    process.exit(1);
-  });
-
-  // Forward common termination signals to the child so that it shuts down
-  // gracefully. In the handler we temporarily disable the default behavior of
-  // exiting immediately; once the child has been signaled we simply wait for
-  // its exit event which will in turn terminate the parent (see below).
-  const forwardSignal = (signal) => {
-    if (child.killed) {
-      return;
-    }
-    try {
-      child.kill(signal);
-    } catch {
-      /* ignore */
+};
+
+["SIGINT", "SIGTERM", "SIGHUP"].forEach((sig) => {
+  process.on(sig, () => forwardSignal(sig));
+});
+
+// When the child exits, mirror its termination reason in the parent so that
+// shell scripts and other tooling observe the correct exit status.
+// Wrap the lifetime of the child process in a Promise so that we can await
+// its termination in a structured way. The Promise resolves with an object
+// describing how the child exited: either via exit code or due to a signal.
+const childResult = await new Promise((resolve) => {
+  child.on("exit", (code, signal) => {
+    if (signal) {
+      resolve({ type: "signal", signal });
+    } else {
+      resolve({ type: "code", exitCode: code ?? 1 });
     }
-  };
-
-  ["SIGINT", "SIGTERM", "SIGHUP"].forEach((sig) => {
-    process.on(sig, () => forwardSignal(sig));
-  });
-
-  // When the child exits, mirror its termination reason in the parent so that
-  // shell scripts and other tooling observe the correct exit status.
-  // Wrap the lifetime of the child process in a Promise so that we can await
-  // its termination in a structured way. The Promise resolves with an object
-  // describing how the child exited: either via exit code or due to a signal.
-  const childResult = await new Promise((resolve) => {
-    child.on("exit", (code, signal) => {
-      if (signal) {
-        resolve({ type: "signal", signal });
-      } else {
-        resolve({ type: "code", exitCode: code ?? 1 });
-      }
-    });
   });
+});
 
-  if (childResult.type === "signal") {
-    // Re-emit the same signal so that the parent terminates with the expected
-    // semantics (this also sets the correct exit code of 128 + n).
-    process.kill(process.pid, childResult.signal);
-  } else {
-    process.exit(childResult.exitCode);
-  }
+if (childResult.type === "signal") {
+  // Re-emit the same signal so that the parent terminates with the expected
+  // semantics (this also sets the correct exit code of 128 + n).
+  process.kill(process.pid, childResult.signal);
 } else {
-  // Fallback: execute the original JavaScript CLI.
-
-  // Resolve the path to the compiled CLI bundle
-  const cliPath = path.resolve(__dirname, "../dist/cli.js");
-  const cliUrl = pathToFileURL(cliPath).href;
-
-  // Load and execute the CLI
-  try {
-    await import(cliUrl);
-  } catch (err) {
-    // eslint-disable-next-line no-console
-    console.error(err);
-    process.exit(1);
-  }
+  process.exit(childResult.exitCode);
 }
+

package/package.json

@@ -1,87 +1,18 @@
 {
   "name": "@openai/codex",
-  "version": "0.19.0",
+  "version": "0.21.0",
   "license": "Apache-2.0",
   "bin": {
     "codex": "bin/codex.js"
   },
   "type": "module",
   "engines": {
-    "node": ">=22"
-  },
-  "scripts": {
-    "format": "prettier --check src tests",
-    "format:fix": "prettier --write src tests",
-    "dev": "tsc --watch",
-    "lint": "eslint src tests --ext ts --ext tsx --report-unused-disable-directives --max-warnings 0",
-    "lint:fix": "eslint src tests --ext ts --ext tsx --fix",
-    "test": "vitest run",
-    "test:watch": "vitest --watch",
-    "typecheck": "tsc --noEmit",
-    "build": "node build.mjs",
-    "build:dev": "NODE_ENV=development node build.mjs --dev && NODE_OPTIONS=--enable-source-maps node dist/cli-dev.js",
-    "stage-release": "./scripts/stage_release.sh"
+    "node": ">=20"
   },
   "files": [
     "bin",
     "dist"
   ],
-  "dependencies": {
-    "@inkjs/ui": "^2.0.0",
-    "chalk": "^5.2.0",
-    "diff": "^7.0.0",
-    "dotenv": "^16.1.4",
-    "express": "^5.1.0",
-    "fast-deep-equal": "^3.1.3",
-    "fast-npm-meta": "^0.4.2",
-    "figures": "^6.1.0",
-    "file-type": "^20.1.0",
-    "https-proxy-agent": "^7.0.6",
-    "ink": "^5.2.0",
-    "js-yaml": "^4.1.0",
-    "marked": "^15.0.7",
-    "marked-terminal": "^7.3.0",
-    "meow": "^13.2.0",
-    "open": "^10.1.0",
-    "openai": "^4.95.1",
-    "package-manager-detector": "^1.2.0",
-    "react": "^18.2.0",
-    "shell-quote": "^1.8.2",
-    "strip-ansi": "^7.1.0",
-    "to-rotated": "^1.0.0",
-    "use-interval": "1.4.0",
-    "zod": "^3.24.3"
-  },
-  "devDependencies": {
-    "@eslint/js": "^9.22.0",
-    "@types/diff": "^7.0.2",
-    "@types/express": "^5.0.1",
-    "@types/js-yaml": "^4.0.9",
-    "@types/marked-terminal": "^6.1.1",
-    "@types/react": "^18.0.32",
-    "@types/semver": "^7.7.0",
-    "@types/shell-quote": "^1.7.5",
-    "@types/which": "^3.0.4",
-    "@typescript-eslint/eslint-plugin": "^7.18.0",
-    "@typescript-eslint/parser": "^7.18.0",
-    "boxen": "^8.0.1",
-    "esbuild": "^0.25.2",
-    "eslint-plugin-import": "^2.31.0",
-    "eslint-plugin-react": "^7.32.2",
-    "eslint-plugin-react-hooks": "^4.6.0",
-    "eslint-plugin-react-refresh": "^0.4.19",
-    "husky": "^9.1.7",
-    "ink-testing-library": "^3.0.0",
-    "prettier": "^3.5.3",
-    "punycode": "^2.3.1",
-    "semver": "^7.7.1",
-    "ts-node": "^10.9.1",
-    "typescript": "^5.0.3",
-    "vite": "^6.3.4",
-    "vitest": "^3.1.2",
-    "whatwg-url": "^14.2.0",
-    "which": "^5.0.0"
-  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/openai/codex.git"