OpenAI Codex release notes: 0.142.5 stops full WebSocket payloads in trace logs

Adam Olofsson HammareAdam Olofsson Hammare
OpenAI Codex release notes: 0.142.5 stops full WebSocket payloads in trace logs

OpenAI Codex release notes: why 0.142.5 is worth installing

OpenAI Codex CLI is OpenAI Codex as a local coding agent in the terminal. It can read code, edit files, and run local commands in the directory you choose, so the logs around the agent become part of the security work.

On July 1, 2026, OpenAI published Codex CLI 0.142.5. This is not a new button or workflow. It removes a trace log that could write full Responses WebSocket request payloads. A trace log is a detailed debugging log, and a WebSocket is a persistent connection where client and server can exchange messages during the same session.

Source: OpenAI Codex changelog and GitHub release 0.142.5.

What changed in the Codex changelog

The release note is short: "Prevented full Responses WebSocket request payloads from being written to trace logs." Pull request #30771 explains the practical issue: the full request payload was still being logged by a trace statement and was not covered by existing request-log filtering. The fix applies to the release/0.142 branch and does not change request behavior or the app-server API.

That is the kind of small release note people miss, but it matters when you let a coding agent work in real codebases. Codex can be useful without every prompt, file fragment, or debugging payload living in trace logs longer than intended.

Source: OpenAI Codex PR #30771, commit e019402, and npm @openai/codex 0.142.5.

Practical effect for Nordic teams

If you run Codex CLI in the terminal, in CI-like automation, or with MCP servers, treat 0.142.5 as a logging hygiene update. MCP, the Model Context Protocol, is a way to connect an AI agent to tools and data sources with clearer boundaries. The more tools the agent gets, the more important it is that logs do not collect more content than you meant to keep.

Human step: check how Codex is installed in your environment. OpenAI's changelog shows the npm command npm install -g @openai/[email protected] for this version. OpenAI's CLI documentation says standalone installs are upgraded by rerunning the installer script. Do that yourself, or through your normal endpoint management, before asking the agent to inspect the workspace.

For Hammer readers, the point is simple: integrate AI more safely by combining an updated client, environment variables or a secret manager for keys, scoped permissions, log redaction, approval gates for risky actions, and a short run log a human can review. That is Tool Forge in practice: not fear, just enough control to use the agent in real work.

Source: OpenAI Codex CLI docs.

Short example: use the new Codex feature

Human step first: update or verify Codex CLI 0.142.5 according to your installation method. Then run a read-only agent review, not an editing pass.

Inspect this repository's Codex logging and runbook notes after the 0.142.5 trace-log fix. Do not edit files. Identify where Codex traces or terminal transcripts are stored, what could still contain prompts, file snippets, API keys, or secrets, and return a one-page run receipt with upgrade status, remaining log risks, redaction points, and one reviewer action.

Good output should:

  • separate what 0.142.5 fixes from other logs that may still contain sensitive content
  • show where version checks, trace logs, and terminal transcripts are actually documented
  • mention environment variables, a secret manager, scoped keys, and log redaction when relevant
  • end with one concrete review action for a human

What to watch next

0.142.5 does not change how Codex sends requests, and it does not add a new agent workflow. It is still a signal: OpenAI is tightening the control plane around Codex. The next release notes worth watching are not only new features, but also changes to logging, MCP, sandboxing, approval gates, and how Codex handles tracing as the agent gets more tools.

FAQ

What changed in OpenAI Codex CLI 0.142.5?

Version 0.142.5 prevents full Responses WebSocket request payloads from being written to trace logs. OpenAI says the fix does not change request behavior or the app-server API.

Should teams using Codex CLI do anything?

Yes. If you run Codex with trace logs, terminal transcripts, or tool integrations, update the client and review log redaction, secret management, scoped permissions, and approval gates.

The Forge newsletter

Get new articles in your inbox

Pick the topics you care about. No noise, at most one email a week.

Get new articles in your inbox

We follow GDPR. Unsubscribe anytime.