The Wire · Showcase
CODEX LOCKS DOWN MULTI-AGENT THREADS WHILE NODE AND PYTHON SDKS PATCH SECURITY GAPS
By RepoJournal · Filed · About OpenAI
Codex made parent-controlled sub-agent threads read-only in the TUI to prevent rejected server operations, while the Node and Python SDKs are closing security holes across GitHub Actions permissions, error handling, and dependency chains.
The Codex team shipped three high-impact changes that tighten control and visibility in multi-agent workflows. Parent-owned sub-agent threads now properly expose their read-only status through the new `Thread.canAcceptDirectInput` capability [1], preventing users from attempting input that the server would reject anyway. The team also added SessionEnd hooks for graceful thread teardown [2], letting operators run cleanup logic before archive or deletion with bounded execution (one second default timeout). Inline visualization links now render as browser-accessible fallbacks in the TUI [3], while managed network proxies on remote executors [4] handle loopback routing for spawned processes. Over in openai-node, the SDK just closed out 10 open Dependabot alerts by upgrading Next.js to 15.5, patching js-yaml and PostCSS transitives, and migrating Cloudflare from Wrangler 3 to 4 [5]. The team also addressed code scanning findings by restricting GitHub Actions to read-only permissions and removing stack traces from production error responses [6], then refreshed Vercel and Node toolchain fixtures to eliminate 105 of 115 remaining alerts [7]. Meanwhile, openai-python is requiring aiohttp 3.14.1+ and limiting the aiohttp backend to Python 3.10+, cutting off the vulnerable 3.13.x versions entirely [8], while CodeQL scanning now runs on pull requests and pushes to main [9].
Action items
- → Review SessionEnd hook implementation for your thread lifecycle workflows in Codex openai/codex [plan]
- → Upgrade openai-node to pick up the code scanning and Dependabot fixes openai/openai-node [plan]
- → Update openai-python pin to aiohttp 3.14.1+ if you use the aiohttp backend on Python 3.10+ openai/openai-python [plan]
- → Monitor Codex plugin installation interstitial requirements for client implementations openai/codex [monitor]
References
- [1] Make parent-owned sub-agent threads read-only in the TUI ↗ openai/codex
- [2] Add SessionEnd hooks for thread teardown ↗ openai/codex
- [3] Render inline visualization links in the TUI (#33925) openai/codex
- [4] Launch managed network proxies on remote executors (#33906) openai/codex
- [5] fix: address remaining Dependabot alerts ↗ openai/openai-node
- [6] fix: address code scanning findings ↗ openai/openai-node
- [7] chore: refresh more ecosystem test dependencies ↗ openai/openai-node
- [8] fix(deps): require patched aiohttp on Python 3.10+ ↗ openai/openai-python
- [9] Set up CodeQL code scanning ↗ openai/openai-python