OpenAI Codex release notes: CLI 0.141.0 secures remote execution

OpenAI Codex CLI 0.141.0 is not a shiny demo release. It is an operations release for teams that already let Codex work across remote environments, plugins, and MCP servers.

Codex CLI is OpenAI Codex's local coding agent in the terminal: it can read, change, and run code in the directory you select. A coding agent is an AI assistant that does not only answer questions, but can work inside a repo with tools, commands, and files. In 0.141.0, the useful signal is stronger remote execution, clearer plugin paths, and less brittle agent runs.

Source: OpenAI Codex changelog, June 18 2026, GitHub release rust-v0.141.0, Codex CLI documentation.

OpenAI Codex release notes: what CLI 0.141.0 changes

The main practical change is that remote executors now use authenticated, end-to-end encrypted Noise relay channels. A remote executor is the environment where Codex can run work away from your local terminal. OpenAI also says cross-platform remote execution now preserves the executor's own working directories, shells, and filesystem permission paths across app-server and exec-server boundaries.

That sounds low level, but the impact is simple: if a team runs Codex across Windows, Linux, local folders, and remote environments, Codex needs to know where the work actually happens. The wrong working directory or permission path can make an agent run hard to review.

OpenAI also says selected executor plugins can activate their stdio MCP servers per thread. MCP, Model Context Protocol, connects a model to external tools and context sources, such as documentation, browsers, or developer tools. Stdio MCP means the server runs locally as a process started by a command.

Source: OpenAI Codex changelog for CLI 0.141.0, Codex MCP documentation.

Why this matters for Nordic teams

For a small Swedish or Nordic team, 0.141.0 gets interesting when Codex stops being "one terminal on my laptop" and starts becoming a governed workbench: local files, remote execution, plugins, MCP servers, hooks, and app-server clients in one flow.

That does not reduce the need for human review. It moves review to the right place. If Codex can run more work remotely, you need to see which environment it used, which plugins were active, which permissions applied, and where it stopped for approval. An approval gate is a deliberate checkpoint where a human approves file changes, commands, permissions, or external-system access before the agent continues.

Hammer Automation would test this as a Tool Forge question: which workflows can Codex handle, which secrets live in environment variables or a secret manager, which API keys are scoped, which logs need redaction, and which decisions must always stay with a human?

Human step: upgrade and choose the right test environment

If you use the npm install path, OpenAI lists the upgrade command for this release as:

npm install -g @openai/[email protected]

Then choose a repo where you already have a sensible Codex setup. Do not make this kind of release your first test against production secrets or sensitive integrations. A workflow with existing or planned remote execution, selected plugins, or MCP connections is enough.

Source: OpenAI Codex changelog for CLI 0.141.0, npm registry for @openai/codex 0.141.0.

Short example: use the new Codex feature

Paste this into a Codex thread after you have opened the right repo and upgraded the CLI. The prompt does not ask Codex to install anything; it asks the agent to review the runtime you already chose.

Review this Codex project for CLI 0.141.0 remote execution readiness. Check working-directory assumptions, shell assumptions, selected plugins, MCP server usage, hooks, sandbox or approval boundaries, and where secrets come from. Produce a short run receipt with what is safe to test today, what needs a human decision, and what must not run until permissions are scoped. Do not edit files.

Good output should include:

• which parts of the flow run locally versus in a remote executor
• which plugins or MCP servers matter for the thread
• which permissions, secrets, or API keys need review before work starts
• a short test plan that can be reviewed before Codex edits files

What to watch next

0.141.0 also mentions app-server clients that can list immediate child threads, correlate external-agent imports with detailed results, and read or redeem rate-limit reset credits. Those details are worth tracking if you already build custom Codex workflows on top of the app server.

For most teams, the takeaway is less dramatic: upgrade, run one controlled test thread, and ask Codex for a run receipt before remote execution or plugins become everyday operations.