OpenAI Codex release notes: 0.142.1 fixes Windows proxy sign-in
Part of the series: OpenAI Codex release notes

OpenAI Codex shipped a small release that is easy to skip unless you work behind a corporate proxy. For Windows teams with PAC, WPAD or static proxy rules, though, it can be the difference between "Codex cannot sign in" and "Codex follows the same route as the rest of the work laptop".
Codex CLI is OpenAI Codex as a local terminal agent: it can read, change and run code in the directory where you start it. A system proxy is the network route the operating system uses for outbound traffic. PAC is a proxy configuration file with routing rules, and WPAD is automatic discovery of those rules in Windows networks.
OpenAI Codex release notes: what 0.142.1 changes
OpenAI published Codex CLI 0.142.1 on June 25, 2026. The release notes say the version adds opt-in Windows system proxy support for authentication, including PAC, WPAD, static proxy settings and bypass rules.
Source: OpenAI Codex 0.142.1 release notes
The underlying pull request gives the useful detail. The feature is disabled by default, so existing client behavior stays unchanged. When respect_system_proxy is enabled, Codex-owned authentication clients on Windows can use the route Windows selects for each auth URL. If system resolution is unavailable, the shared contract falls back to explicit environment proxy variables and then a direct connection. Custom CA handling stays separate from proxy selection.
Source: PR #26708: PAC 3 - Add Windows system proxy resolver
Why Windows proxy support in OpenAI Codex matters
This is not a new agent superpower. It is plumbing, and plumbing is often what decides whether AI tooling works in a real organization.
A school, agency or industrial team may run Windows with central proxy rules. The browser works, while a terminal app gets stuck during sign-in. Codex 0.142.1 makes it possible to test authentication against the same PAC, WPAD, proxy and bypass logic Windows already uses, but only when the feature is explicitly enabled.
For Hammer readers, the practical point is simple: before you connect Codex to more internal repos, MCP servers or build environments, make sure sign-in, proxy routing, environment variables and the review log are understandable. That is Tool Forge work at a small scale: not more policy text, but a runnable checkpoint.
Short example: use the new Codex feature
Human step: update a Windows environment to Codex CLI 0.142.1 and enable the feature only if your IT or platform owner wants Codex authentication to follow the Windows system proxy. The PR shows the feature name as respect_system_proxy under [features].
[features]
respect_system_proxy = true
Source: PR #26708: end-user behavior for respect_system_proxy
Then paste this into Codex after the environment is already updated and configured:
Review this project's Codex sign-in flow for a Windows environment behind a corporate proxy. Assume respect_system_proxy is already enabled. Write a short test plan: how we confirm sign-in, which PAC/WPAD/static proxy and bypass cases to record, which proxy-related environment variables may affect the result, and where a human should approve the next step before Codex changes the repo or runs commands.
Good output should include:
- the version and config assumption, so the test is not confused with older Codex behavior
- a concrete check for PAC, WPAD, static proxy, bypass and environment proxy variables
- a clear line between authentication testing and real code changes
- a short log line or run receipt a human can save
What to watch next
0.142.1 is a narrow stable release. At the same time, the npm registry shows an alpha 0.143.0 track, but the latest alpha release bodies I checked were generic "Release 0.143.0-alpha" entries without their own user-facing text. So today's publishable OpenAI Codex changelog signal is Windows proxy authentication, not broad advice to jump onto alpha.
Source: npm registry for @openai/codex
FAQ
What changed in OpenAI Codex CLI 0.142.1?
Version 0.142.1 adds opt-in Windows system proxy support for authentication, including PAC, WPAD, static proxy settings and bypass rules.
Should every team enable respect_system_proxy?
No. The feature is disabled by default. It is mainly relevant for Windows environments where Codex sign-in should follow the organization’s system proxy.
Is this about code execution or sign-in?
The release notes and PR #26708 describe authentication clients. Treat it as a sign-in and network-control update, not a new coding-agent capability.
The Forge newsletter
Get new articles in your inbox
Pick the topics you care about. No noise, at most one email a week.
We follow GDPR. Unsubscribe anytime.