Codex CLI 0.141.0: Encrypted Remote Execution & Large-Session Performance Improvements

Encrypted Noise Relay Channels for Remote Execution

All communication between the Codex app-server and remote executors now travels through authenticated, end-to-end encrypted Noise relay channels. The Noise Protocol Framework is used in WireGuard and Signal. Previously, remote transport defaulted to an unencrypted relay; the new default switches to Noise-encrypted channels for all new connections, with no configuration required.

Cross-Platform Remote Execution with Native Paths

Remote execution now correctly preserves executor-native working directories and shells across platform boundaries. When a user connects from a macOS app-server to a remote Linux executor, the executor sees its native Linux paths and shell environment. Filesystem permission paths are propagated correctly through the exec-server boundary.

Performance: Tool Search Caching and History Deduplication

Tool search results are cached per session, eliminating redundant lookups on every turn in sessions with many registered tools. Repeated copies of request input and conversation history are eliminated from the serialization path. Together these reduce latency and memory consumption in large sessions.

TUI Auto-Resolution Timer for Input Prompts

Input prompts that require a decision can now auto-resolve after a configurable inactivity period, with a countdown timer that pauses if the user interacts.

Additional Fixes

Windows sandbox sessions now automatically repair stale credentials; SQLite is pinned to a version with the WAL-reset corruption fix; and TLS connections gain support for P-521 certificate signatures.