RepoJournal
OpenAI

OpenAI

Codex, the SDKs, and the engine behind ChatGPT

Pick a date

Topics: AI / ML Full archive →

The Wire · Showcase

CODEX LOCKS DOWN MULTI-AGENT THREADS WHILE NODE AND PYTHON SDKS PATCH SECURITY GAPS

By RepoJournal · Filed · About OpenAI

Codex made parent-controlled sub-agent threads read-only in the TUI to prevent rejected server operations, while the Node and Python SDKs are closing security holes across GitHub Actions permissions, error handling, and dependency chains.

The Codex team shipped three high-impact changes that tighten control and visibility in multi-agent workflows. Parent-owned sub-agent threads now properly expose their read-only status through the new `Thread.canAcceptDirectInput` capability [1], preventing users from attempting input that the server would reject anyway. The team also added SessionEnd hooks for graceful thread teardown [2], letting operators run cleanup logic before archive or deletion with bounded execution (one second default timeout). Inline visualization links now render as browser-accessible fallbacks in the TUI [3], while managed network proxies on remote executors [4] handle loopback routing for spawned processes. Over in openai-node, the SDK just closed out 10 open Dependabot alerts by upgrading Next.js to 15.5, patching js-yaml and PostCSS transitives, and migrating Cloudflare from Wrangler 3 to 4 [5]. The team also addressed code scanning findings by restricting GitHub Actions to read-only permissions and removing stack traces from production error responses [6], then refreshed Vercel and Node toolchain fixtures to eliminate 105 of 115 remaining alerts [7]. Meanwhile, openai-python is requiring aiohttp 3.14.1+ and limiting the aiohttp backend to Python 3.10+, cutting off the vulnerable 3.13.x versions entirely [8], while CodeQL scanning now runs on pull requests and pushes to main [9].

Action items

References

  1. [1] Make parent-owned sub-agent threads read-only in the TUI ↗ openai/codex
  2. [2] Add SessionEnd hooks for thread teardown ↗ openai/codex
  3. [3] Render inline visualization links in the TUI (#33925) openai/codex
  4. [4] Launch managed network proxies on remote executors (#33906) openai/codex
  5. [5] fix: address remaining Dependabot alerts ↗ openai/openai-node
  6. [6] fix: address code scanning findings ↗ openai/openai-node
  7. [7] chore: refresh more ecosystem test dependencies ↗ openai/openai-node
  8. [8] fix(deps): require patched aiohttp on Python 3.10+ ↗ openai/openai-python
  9. [9] Set up CodeQL code scanning ↗ openai/openai-python

Quick answers

What shipped in OpenAI on July 18, 2026?
Codex made parent-controlled sub-agent threads read-only in the TUI to prevent rejected server operations, while the Node and Python SDKs are closing security holes across GitHub Actions permissions, error handling, and dependency chains. In total, 52 commits, 52 pull requests, and 2 releases landed.
Who contributed to OpenAI on July 18, 2026?
4 developers shipped this update, including Felipe Coury, viyatb-oai, copyberry, and jbeckwith-oai.
What were the notable OpenAI updates?
Make parent-owned sub-agent threads read-only in the TUI, Add SessionEnd hooks for thread teardown, and Render inline visualization links in the TUI (#33925).

More from OpenAI

Daily updates, in your inbox

Follow OpenAI

Codex, the SDKs, and the engine behind ChatGPT We'll email you a link to confirm first.

Free. Confirm via email. Unsubscribe in one click.

— or follow the whole beat:

Elsewhere on the wire