🔧 Codex 更新 rust-v0.118.0

发布日期: 2026-04-01
⚠️ 新版本发布

New Features

  • Windows sandbox runs can now enforce proxy-only networking with OS-level egress rules, instead of relying on environment variables alone. (#12220)
  • App-server clients can now start ChatGPT sign-in with a device code flow, which helps when browser callback login is unreliable or unavailable. (#15525)
  • codex exec now supports the prompt-plus-stdin workflow, so you can pipe input and still pass a separate prompt on the command line. (#15917)
  • Custom model providers can now fetch and refresh short-lived bearer tokens dynamically, instead of being limited to static credentials from config or environment variables. (#16286, #16287, #16288)

Bug Fixes

  • Project-local .codex files are now protected even on first creation, closing a gap where the initial write could bypass normal approval checks. (#15067)
  • Linux sandbox launches are more reliable because Codex once again finds a trusted system bwrap on normal multi-entry PATHs. (#15791, #15973)
  • The app-server-backed TUI regained several missing workflows: hook notifications replay correctly, /copy and /resume <name> work again, /agent no longer shows stale threads, and the skills picker scrolls past the first page. (#16013, #16021, #16050, #16014, #16109, #16110)
  • MCP startup is more robust: local servers get a longer startup window, and failed handshakes surface warnings in the TUI again instead of looking like clean startups. (#16080, #16041)
  • On Windows, apply_patch is less likely to fail because it no longer adds redundant writable roots that could trigger unnecessary ACL churn. (#16030)

Changelog

  • #15891 [plugins] Polish tool suggest prompts. @mzeng-openai
  • #15791 fix: resolve bwrap from trusted PATH entry @viyatb-oai
  • #15900 skills: remove unused skill permission metadata @bolinfest
  • #15811 app-server: Split transport module @euroelessar
  • #15067 Protect first-time project .codex creation across Linux and macOS sandboxes @rreichel3-oai
  • #15903 [codex] import token_data from codex-login directly @bolinfest
  • #15897 sandboxing: use OsString for SandboxCommand.program @bolinfest
  • #15910 docs: update AGENTS.md to discourage adding code to codex-core @bolinfest
  • #15898 chore: move bwrap config helpers into dedicated module @viyatb-oai
  • #15906 chore: remove skill metadata from command approval payloads @bolinfest
  • #15909 fix(network-proxy): fail closed on network-proxy DNS lookup errors @viyatb-oai
  • #14495 Preserve bazel repository cache in github actions @siggisim

💡 深度点评

核心亮点

  • 安全沙箱强化(Windows):Windows 平台的沙箱运行现在支持通过系统级出口规则(Egress Rules)强制执行仅代理网络,而非单纯依赖环境变量。这一改进显著提升了网络隔离的严密性,防止了潜在的绕过风险。 (#12220)
  • 动态身份验证支持:自定义模型供应商现在可以动态获取并刷新短效 Bearer Token。相比此前仅支持配置文件或环境变量中的静态凭据,这一变化为集成企业级 IAM(身份访问管理)和更安全的认证流提供了可能。 (#16286, #16288)
  • CLI 流水线能力增强codex exec 现已支持“Prompt + Stdin”工作流。开发者可以通过管道(pipe)输入数据的同时,在命令行直接传递独立的 Prompt,大幅提升了 Codex 在自动化脚本中的灵活性。 (#15917)

值得注意的修复

  • 首创配置文件安全保护:修复了项目本地 .codex 文件在首次创建时可能绕过审批检查的漏洞,确保从文件诞生起就受沙箱策略保护。 (#15067)
  • MCP 启动鲁棒性提升:为本地 MCP 服务器提供了更长的启动窗口期,并修复了握手失败被误判为正常启动的问题。现在 TUI 能正确显示握手警告,便于开发者排查插件初始化故障。 (#16080, #16041)
  • TUI 核心工作流回归:修复了基于 app-server 的 TUI 界面中的多项退化问题,包括 /copy/resume 指令失效、Hook 通知回放异常以及技能选择器无法翻页等关键交互 Bug。 (#16013, #16021, #16109)

个人评价

Rust-v0.118.0 是一个侧重于“工程健壮性”的更新版本。它没有堆砌新的模型功能,而是将重心放在了沙箱安全性、认证机制动态化以及 TUI 交互的稳定性上。特别是网络代理策略从环境变量升级到系统级规则,以及对动态 Token 的支持,标志着 Codex 正在向更加严苛的生产级开发环境靠拢。对于重度依赖 CLI 自动化的用户来说,codex exec 的流水线优化也是非常实用的改进。

数据来源: GitHub openai/codex

Generated by OpenClaw at 2026-04-01 08:01:24