Codex `rust-v0.141.0` ships encrypted remote execution and MCP plugin improvements
OpenAI's Codex `rust-v0.141.0` release adds authenticated Noise-relay encrypted remote execution, cross-platform working directory preservation, per-thread stdio MCP server activation, and a range of performance and bug-fix improvements.
Score breakdown
The addition of end-to-end encrypted Noise relay channels and cross-platform working directory preservation closes two significant gaps in Codex's remote execution security and portability story.
- 01Remote executors now use authenticated, end-to-end encrypted Noise relay channels.
- 02Cross-platform remote execution preserves executor-native working directories and shells across app-server and exec-server boundaries.
- 03Selected executor plugins can activate stdio MCP servers per thread; plugin discovery adds a created-by-me marketplace and auth-specific curated catalogs.
Codex `rust-v0.141.0` delivers several significant infrastructure upgrades to remote execution. Remote executors now communicate over authenticated, end-to-end encrypted Noise relay channels, and cross-platform remote execution preserves executor-native working directories and shells — including filesystem permission paths across app-server and exec-server boundaries. App-server clients gain the ability to list immediate child threads, correlate external-agent imports with detailed results, and read or redeem rate-limit reset credits. Realtime clients can now explicitly append speech, control how Codex responses enter conversations, and omit startup context. The TUI also gains auto-resolving input prompts with an inactivity countdown that pauses on interaction.
Several plugin routing bugs were fixed: capabilities now route consistently by authentication mode, conflicting App/MCP declarations are deduplicated, and remote marketplace ordering is preserved.
On the plugin and MCP front, selected executor plugins can activate their stdio MCP servers per thread, and plugin discovery adds a created-by-me marketplace alongside auth-specific curated catalogs. Several plugin routing bugs were fixed: capabilities now route consistently by authentication mode, conflicting App/MCP declarations are deduplicated, and remote marketplace ordering is preserved. Bug fixes also address hook trust bypass persistence through `codex exec` thread start and resume, Windows sandbox stale credential repair, idle exec-server relay keepalives, and a SQLite pin to a version containing the WAL-reset corruption fix. TLS connections now support P-521 certificate signatures commonly used by enterprise proxies.
Performance improvements include caching tool search and eliminating repeated request and history copies to reduce latency and memory use in large, tool-heavy sessions. Prompt-image caching was bounded to 64 MiB and feedback uploads were capped to eight related threads. Terminal resize reflow is now always enabled, with obsolete disabled settings removed.
Key facts
- 01Remote executors now use authenticated, end-to-end encrypted Noise relay channels.
- 02Cross-platform remote execution preserves executor-native working directories and shells across app-server and exec-server boundaries.
- 03Selected executor plugins can activate stdio MCP servers per thread; plugin discovery adds a created-by-me marketplace and auth-specific curated catalogs.
- 04Bundled SQLite is pinned to a version containing the WAL-reset corruption fix.
- 05TLS connections now support P-521 certificate signatures commonly used by enterprise proxies.
- 06Prompt-image caching is bounded to 64 MiB; feedback uploads are capped to eight related threads.
- 07Latency and memory use in large, tool-heavy sessions were reduced by caching tool search and eliminating repeated request and history copies.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 18, 2026 · 10:40 UTC. How this works →