Image from OpenAI Codex 0.136.0: Session Archiving, Amazon Bedrock, and a Round of Security Fixes
OpenAI's June 1 Codex CLI release adds session archiving, Amazon Bedrock as a model provider, clickable TUI links, and security hardening that blocks repository-provided Git hooks from running inside /diff.
OpenAI released Codex 0.136.0 on June 1. The full changelog is on GitHub. Here is what is actually worth knowing about this one.
Session Archiving
You can now archive sessions from inside the TUI with /archive, or from the command line with codex archive and codex unarchive. Archived sessions are protected from being resumed or forked until you explicitly restore them.
This fills a gap that came up often: sessions you want to keep for reference but do not want showing up in your active list or accidentally getting resumed. The archive is permanent storage, not a trash bin.
Amazon Bedrock Support
Codex now works with Amazon Bedrock as a model provider. Authentication falls back to AWS_REGION or AWS_DEFAULT_REGION when no explicit region is set. GPT models in Bedrock are restricted to supported tiers only. The model catalog was also cleaned up, removing OSS entries that Bedrock does not actually serve.
This extends the pattern Codex established with Vertex AI and Azure support, letting teams route inference through their cloud provider of choice rather than hitting the OpenAI API directly.
TUI Improvements
Markdown rendering in the TUI now preserves OSC 8 hyperlinks so web links stay clickable in terminals that support it. Tables that were too narrow to render properly now switch automatically to a key-value record format, which keeps the data readable and keeps links functional even in cramped layouts.
Prompt history is now seeded from the session transcript when you resume a session, so vim normal-mode navigation through history works correctly after picking up a previous conversation.
Security Fixes
Three security-related changes landed in this release:
/diff no longer runs repository-provided Git helpers or hooks when generating a diff. A malicious repository could previously use .git/hooks/ to run arbitrary code during what looks like a read-only operation. That path is now blocked.
The exec-server rejects WebSocket connections that include an Origin header, which prevents browser-origin requests from hijacking the local execution server.
PowerShell safety parsing is no longer applied on non-Windows hosts, removing a code path that was not needed outside Windows and that had no corresponding protection.
App-Server and Python SDK
The app-server integration can now resume threads with their initial turns visible, see richer MCP server status, and launch in stdio mode with codex app-server --stdio. This is mostly relevant for teams building on top of Codex through the API rather than using the CLI directly.
The Python SDK graduated from experimental to a documented beta. Install path is pip install openai-codex. The public class for configuring the client is now CodexConfig (previously AppServerConfig). OpenAI published refreshed quickstarts, API reference docs, and examples alongside the release.
What’s Next
An alpha pre-release, 0.137.0-alpha.4, dropped on June 3. No release notes are available yet, but the tag is live on GitHub if you want to track what is moving.