OpenAI Codex release notes: CLI 0.140.0 adds better control

OpenAI Codex CLI 0.140.0 is not a shiny model announcement. It is more like the tool getting a cleaner desk: visible token usage, safer session deletion, import from Claude Code, and better credential handling.

OpenAI Codex release notes: what changes in CLI 0.140.0

Codex CLI is OpenAI's local terminal coding agent. It can read, edit, and run code in the directory you choose. An approval gate is the point where the agent needs your approval before sensitive changes or certain commands. MCP, Model Context Protocol, connects Codex to outside tools and context, such as documentation, browsers, or internal systems.

The practical changes in 0.140.0 are:

• /usage shows daily, weekly, and cumulative account token activity.
• /goal now preserves oversized text, large pasted blocks, and image attachments, including in remote app-server sessions.
• codex delete, /delete, and app-server thread/delete add permanent session deletion with confirmation safeguards and subagent cleanup.
• /import can selectively import setup, project configuration, and recent chats from Claude Code.
• @ now opens a unified mentions menu for files, plugins, and skills.
• The CLI adds managed Amazon Bedrock API-key authentication and encrypted local storage for CLI and MCP OAuth credentials.

Source: OpenAI Codex changelog, Codex CLI 0.140.0 and GitHub release rust-v0.140.0. Package version checked against the npm registry for @openai/codex.

Why this release note matters for working teams

This is a useful Codex version for teams that already let agents work in real repositories. When token usage, imported context, session deletion, and encrypted local credential storage become easier to see, Codex becomes easier to run as a work process, not just a chat tab.

For Nordic businesses and teams, the practical question is simple: what can the agent see, what can it do, and what trace does it leave behind? Connect Codex to real workflows with scoped API keys, environment variables, a secret manager, least-privilege access, redacted logs, and approval gates before changes to auth, payments, or customer data. That is Tool Forge thinking in practice: use the agent, but make the control reviewable.

Source: OpenAI Codex CLI documentation and OpenAI Codex MCP documentation.

Human step: verify before Codex works

Upgrade only if you want to test this exact 0.140.0 release:

npm install -g @openai/[email protected]

Then start Codex in the right project:

codex

In Codex, you can then check token usage with /usage, import from Claude Code with /import when relevant, and delete old sessions with codex delete or /delete when you are sure what should go. The changelog says deletion has confirmation safeguards. It does not say you should bulk-delete history, so treat deletion as reviewed cleanup, not a default routine.

Source for the install command and slash commands: OpenAI Codex changelog, 0.140.0. Source for starting the CLI with codex: OpenAI Codex CLI.

Short example: use the new Codex feature

After you upgrade and do the human steps above, give the agent a short task that uses the new control surface without starting file edits immediately:

Review this Codex project after I used /import. Check which files, plugins, skills, and approval rules matter for the next task. Produce a short operating receipt: imported context, useful @ mentions, sessions that may be safe to delete, credential or MCP risks, and the first small task you would run. Do not edit files.

Good output should:

• separate imported context from items that still need a human decision,
• point to relevant files, plugins, or skills without guessing,
• say whether credentials, MCP, or Bedrock authentication need review,
• end with a small next step and a clear approval gate before file edits.

What to watch next

0.141 alpha builds already exist in GitHub and npm, but their public release text is only short alpha notices. For production, 0.140.0 is the useful signal right now: measure usage, clean history deliberately, import only the context you need, and check access before Codex starts doing team work.

Source: GitHub releases for openai/codex and npm dist-tags for @openai/codex.