OpenAI Codex release notes: 0.143.0-alpha.36 clarifies installs and plugin versions
Part of the series: OpenAI Codex release notes

This OpenAI Codex update is not a shiny new button. It is more useful than that in day-to-day operations: 0.143.0-alpha.36 makes the installer less brittle and makes remote plugin versions easier to see. For teams testing Codex CLI in real repositories, that is the difference between a controlled update and a vague "something failed" moment.
Codex CLI is OpenAI's local coding agent for the terminal. A coding agent can read code, propose edits, and run commands in the directory where you start it. In this release, 0.143.0-alpha.36 is still alpha, while the npm registry latest tag was still 0.142.5 when checked.
Sources: GitHub release 0.143.0-alpha.36, npm registry for @openai/codex
OpenAI Codex release notes: what changed in 0.143.0-alpha.36
Two changes are worth watching.
First, the standalone installer now reuses GitHub release metadata instead of making several separate unauthenticated GitHub API calls while resolving the version, package, checksum manifest, and asset digests. The PR says one install could previously make up to four metadata requests. When GitHub's shared unauthenticated limit was exhausted, valid releases could fail, and a 403 could be reported as if release assets were missing. The installer should now reuse one metadata response and report metadata failures as possible GitHub availability or rate-limit issues, not missing assets.
Source: openai/codex PR #31056, fix(install): reuse GitHub release metadata
Second, Codex exposes remote plugin versions. A plugin is an extension package that can give Codex extra capabilities or integrations. The PR adds PluginSummary.version for versions advertised by remote plugin marketplaces, preserves the backend release version in plugin/installed, and keeps localVersion as the version of the locally materialized package. That sounds dry. It is not dry if two developers are seeing different plugin behavior and nobody knows which version each one has.
Source: openai/codex PR #30981, expose remote plugin versions
There are two smaller operational signals in the same alpha: gzip feedback attachments get the right MIME type instead of being treated as text, and buffering UI can read metadata from response events. I would not build a whole rollout plan around those two alone, but they point in the same direction: Codex is getting more measurable, not only more capable.
Sources: PR #30796, MIME types for path-backed feedback attachments, PR #31064, buffering metadata from response events
Human step before testing the alpha track
OpenAI's CLI documentation says the standalone macOS/Linux install uses curl -fsSL https://chatgpt.com/codex/install.sh | sh, and that a standalone install is upgraded by rerunning the installer. That is a human step, not something to hide inside an agent prompt.
Because 0.143.0-alpha.36 is on the alpha track, teams should treat it as a test in a bounded workspace. Keep stable for production unless you actually want to verify installer behavior, plugin versions, and run receipts. If plugins touch repositories, issue trackers, or customer systems, use env vars or a secret manager, scoped tokens, approval gates, and a short audit log. That is enough structure without making the work timid.
Source: OpenAI Codex CLI documentation
Short example: use the new Codex feature
Human step first: open a test workspace where Codex is already installed on the channel you want to check. Do not run updates from the agent prompt.
Then paste this into Codex:
Inspect this Codex workspace for alpha 0.143.0-alpha.36 readiness. Do not edit files and do not run installs. Return one short receipt with: current Codex channel or version if visible, install path or runbook notes, whether installer failures would be logged as GitHub availability or rate-limit issues rather than missing assets, any remote plugins with explicit version information, and one human review step before a wider rollout.
Good output should:
- separate stable
0.142.5from alpha0.143.0-alpha.36 - show whether the team uses the standalone installer, npm, or another package route
- mention plugin versions without assuming every plugin is approved
- end with a clear human decision before broader rollout
What Hammer would test in a real automation workflow
For a Nordic team, the practical question is simple: can we update Codex and understand what happened if something fails? This alpha points to better installer diagnostics and better plugin inventory. In a Tool Forge setup, I would start with one update run in one repository, then capture the version receipt, plugin list, installer errors, and human approval in the same note. After that, the team can decide whether Codex should get more workflows, not just more prompts.
FAQ
What changed in OpenAI Codex 0.143.0-alpha.36?
The alpha release reuses GitHub release metadata in the installer, exposes remote plugin versions, and includes smaller operational fixes for feedback attachments and buffering metadata.
Is 0.143.0-alpha.36 the stable Codex CLI release?
No. At verification time, the npm latest tag was still 0.142.5, while 0.143.0-alpha.36 was on the alpha track. Test it in a bounded workspace before wider rollout.
The Forge newsletter
Get new articles in your inbox
Pick the topics you care about. No noise, at most one email a week.
We follow GDPR. Unsubscribe anytime.