RepoJournal
OpenAI

OpenAI

Codex, the SDKs, and the engine behind ChatGPT

Pick a date

The Wire · Showcase

CODEX HARDENS THREADING AND TIGHTENS CREDENTIAL SYNC

By RepoJournal · Filed · About OpenAI

copyberry
1 person shipped this

Codex locked down concurrent OAuth refreshes and added permission-hook control over auto-review routing in five infrastructure hardening changes.

The centerpiece is a serialization lock for MCP OAuth credential refreshes [1], which prevents concurrent processes from stomping each other's rotating tokens and leaving in-memory state out of sync with persistent storage. That ships alongside a new permission-hook gate that runs before strict auto-review decisions [2], letting you intercept and approve shell commands without invoking the automated reviewer. On the execution side, Codex now supports pending remote environment registration [3], so lazy clients can wait for provisioning to finish and grab the exec-server WebSocket URL instead of failing early. Under the hood, a generic ReverseJsonlScanner [4] extracts reverse session-index lookups into reusable infrastructure that reads JSONL from the end in bounded chunks without breaking on malformed records. Rounding out the batch is tighter WebSocket timing telemetry [5] that preserves fractional-millisecond precision in histograms while keeping trace events opt-in and out of diagnostic uploads.

Action items

References

  1. [1] Serialize MCP OAuth credential refreshes ↗ openai/codex
  2. [2] Let permission hooks resolve strict auto-review requests ↗ openai/codex
  3. [3] Support pending remote environment registration ↗ openai/codex
  4. [4] Extract reverse JSONL scanning from session indexing ↗ openai/codex
  5. [5] Improve Responses WebSocket timing telemetry ↗ openai/codex

More from OpenAI

Daily updates, in your inbox

Follow OpenAI

Codex, the SDKs, and the engine behind ChatGPT We'll email you a link to confirm first.

Free. Confirm via email. Unsubscribe in one click.

— or follow the whole beat:

Elsewhere on the wire