OpenAI Codex release notes: Codex CLI 0.134.0 tightens profiles and MCP

OpenAI Codex has a new CLI release from May 26: 0.134.0. It is not as flashy as last week's Appshots or Goal mode update, but it matters more for teams trying to use Codex in normal work.

Codex CLI is the terminal version of OpenAI Codex, a coding agent that can read files, propose changes and run tools inside a controlled environment. This release is mostly about control: profiles, MCP connections, history and better signals from hooks.

OpenAI Codex changelog: what 0.134.0 changes

OpenAI lists Codex CLI 0.134.0 as published on 2026-05-26. The same version is also the latest release in the npm registry for @openai/codex, with publish time 2026-05-26T19:33:51Z.

The practical changes:

• Local conversation history search, with case-insensitive content matching and result previews.
• --profile becomes the primary profile selector across the CLI, TUI permissions and sandbox flows. Legacy profile configs are rejected with migration guidance.
• MCP setup gets per-server environment targeting and OAuth options for streamable HTTP servers. MCP, Model Context Protocol, is a way to connect an AI agent to external tools and data sources in a more structured format.
• Connector schemas become more reliable because Codex preserves local $ref and $defs, and compacts oversized schemas before the agent sees them.
• Read-only MCP tools can run concurrently when the server advertises readOnlyHint.
• Hooks and extensions get more context, including conversation history for extension tools and subagent identity in hook inputs.

Source: OpenAI Codex changelog, Codex CLI 0.134.0

Source: GitHub release rust-v0.134.0

Source: npm registry for @openai/codex

Why this matters for Swedish teams

This is a control release. Not boring, just less demo-friendly.

If you use Codex for customer portals, internal integrations or automation around documents and cases, you do not want every run to live in one loose default setup. Profiles make it easier to separate a pilot environment from a more sensitive one. The MCP changes point in the same direction: connect useful tools, but give them clear boundaries.

In practice, that means:

• Use separate profiles for pilots, demos and sharper work.
• Put secrets in environment variables or a secret manager, not in chat.
• Give MCP servers the least access they need and separate read-only tools from write-capable tools.
• Use approval gates for actions that can change code, data, payment flows or customer information.
• Keep logs so a human can review what the agent did afterward.

This fits a Tool Forge engagement: build a small, controlled Codex environment before asking the agent to handle larger workflows.

Source: OpenAI Codex MCP documentation

What you can test today

Human step: Upgrade Codex CLI to the version OpenAI lists in the changelog and start a scoped profile for the test.

npm install -g @openai/[email protected]
codex --profile pilot

OpenAI's documentation says codex features enable <feature> writes to ~/.codex/config.toml, but to $CODEX_HOME/profile-name.config.toml when the CLI is launched with --profile profile-name. That small detail is what makes profiles useful for safer experiments.

Source: OpenAI Codex CLI features

Short example: use the new Codex feature

Run this prompt after you have started Codex in the profile you want to test:

Review this repo session as a Codex 0.134.0 profile pilot. Identify which MCP servers and tools are read-only versus write-capable, suggest a profile name for a limited test, and give me a short checklist before I run any changes. Do not modify files.

Good output should:

• Separate read-only MCP tools from tools that can write or run commands,
• suggest a small pilot profile instead of one broad default profile,
• mention which actions should require human approval,
• confirm that no files were changed.

Watch the next Codex release notes

0.134.0 is a useful signal for where Codex is going: less magic, more work environment. The next thing to watch is whether OpenAI keeps making profiles, MCP and hook context easier to review for teams that need traceability.