RepoJournal
OpenAI

OpenAI

Codex, the SDKs, and the engine behind ChatGPT

Pick a date

  1. Sat 2 may
  2. Sun 3 may
  3. Mon 4 may
  4. Tue 5 may
  5. Wed 6 may
  6. Thu 7 may
  7. Fri 8 may
  8. Sat 9 may
  9. Sun 10 may
  10. Mon 11 may
  11. Tue 12 may
  12. Wed 13 may
  13. Thu 14 may
  14. Sat 16 may
  15. Sun 17 may
  16. Tue 19 may
  17. Wed 20 may
  18. Thu 21 may
  19. Sat 23 may
  20. Mon 25 may
  21. Tue 26 may
  22. Wed 27 may
  23. Thu 28 may
  24. Fri 29 may
  25. Sat 30 may
  26. Sun 31 may
  27. Mon 1 jun
  28. Mon 8 jun
  29. Tue 9 jun
  30. Today 10 jun

The Wire · Showcase

CODEX HARDENS APP-SERVER INTEGRATION AND TIGHTENS ADMIN CONTROLS

By RepoJournal · Filed · About OpenAI

Codex shipped deterministic integration tests that prove the SDK, app-server runtime, and public clients work together end-to-end, plus three security and capability wins for managed deployments.

The SDK integration harness [1] closes a critical testing gap — behavioral tests could catch wrapper mistakes, but they never validated that the pinned app-server process, request routing, and sync/async clients actually worked together in production. This PR starts the real app-server and mocks only at the HTTP boundary, giving you the confidence that SDK changes won't break at runtime. On the capability side, auth elicitation now advertises itself properly [2] when enabled behind the feature flag, ensuring backward compatibility and giving servers explicit signal before they send elicitations. Admins got the tool approval win they needed: managed requirements can now enforce per-tool approval rules centrally [3], closing the gap where only normal config could express those constraints. Security-critical: managed filesystem deny-read restrictions now survive escalation paths [4] — explicit escalations, prefix-rule allows, and sandbox-denial retries can no longer rebuild the runtime policy and expose paths an administrator locked down. On the client side, remote iOS and Android clients no longer bloat `thread/resume` responses with MCP tool call payloads and image-generation results [5]; this is a temporary redaction layer while the team builds toward paginated SQLite-backed APIs.

Action items

References

  1. [1] [7/8] Add Python SDK app-server integration harness (#22014) openai/codex
  2. [2] [elicitation] Advertise new url elicitation capability when auth_elicitation is enabled. ↗ openai/codex
  3. [3] feat(connectors): support managed app tool approval requirements ↗ openai/codex
  4. [4] fix(permissions): preserve managed deny-read during escalation ↗ openai/codex
  5. [5] fix(app-server): thread history redaction for remote clients ↗ openai/codex

FAQ

What changed in OpenAI on May 12, 2026?
Codex shipped deterministic integration tests that prove the SDK, app-server runtime, and public clients work together end-to-end, plus three security and capability wins for managed deployments.
What should OpenAI teams do about it?
Merge and deploy the integration harness [ref:1] before next SDK release cycle • Verify auth_elicitation flag is set correctly in your deployment [ref:2] • Review managed requirements configs — per-tool approval rules are now available [ref:3]
Which OpenAI repositories shipped on May 12, 2026?
openai/codex

Related across the cluster

For your repos

The showcase is a teaser.
Your wire is the product.

Same engine. Different stack. Below: what changes when the wire is yours.

Showcase wire

  • 14 famous open source orgs
  • One wire per day
  • Public, generic
  • Read on the web, when you remember

Your wire

  • Up to 1,500 of your repos - orgs, deps, vendors
  • Morning and evening briefs
  • Action items routed to your team
  • Slack delivery, email, breaking-news CVE alerts

Want a hands-on demo first? Ask a current user for an invite link.