Codex CLI: Self-Update Command & --full-auto Flag Deprecated
CodexCodex CLI 0.128.0 shipped two notable operational changes for everyday users. First, a new codex update command enables one-step self-updates from within the CLI β detecting the user's install method (npm, Homebrew, or standalone binary) and running the correct updater automatically. Second, the --full-auto flag has been deprecated in favor of explicit permission profiles, with a compatibility warning printed when the old flag is used. Users relying on --full-auto in scripts should migrate to codex exec --sandbox workspace-write or an equivalent explicit trust profile.
Sources & Mentions
5 external resources covering this update
Release rust-v0.128.0 Β· openai/codex
GitHub
Feature request: add codex update command for one-step self-update Β· Issue #11169
GitHub
OpenAI updates Codex and prepares Remote Control feature
Testing Catalog
Codex by OpenAI β April 2026 Latest Updates
Releasebot
Codex CLI 0.128.0 adds /goal
Simon Willison's Weblog
codex update: One-Step CLI Self-Updating
One of the most persistently requested quality-of-life improvements in the Codex CLI community has finally landed in version 0.128.0: the codex update command. Previously, updating the CLI required users to remember their installation method and manually run the appropriate command (npm install -g @openai/codex, brew upgrade codex, etc.). This friction was compounded by the fact that the CLI is distributed through multiple channels.
The new codex update command removes that friction entirely. It auto-detects the installation method and runs the correct update mechanism. For npm users, it runs the npm upgrade; for Homebrew users, it runs the brew formula update; for standalone binary installs, it fetches the latest binary directly. The command also supports codex update --check to display the current version versus the latest available β a useful check before committing to an update in production environments.
This feature was tracked in GitHub issues #9274 and #11169, both of which accumulated significant community interest, reflecting how often developers hit friction when keeping their Codex installation current.
--full-auto Flag Deprecated
The --full-auto flag β which had previously granted Codex full automation permissions in a single shorthand β is now deprecated in version 0.128.0. OpenAI's rationale is that the blanket flag encouraged implicit, hard-to-audit permission grants. The new direction favors explicit permission profiles, which give users and organizations fine-grained control over what Codex can do in any given context.
When --full-auto is invoked, the CLI now prints a deprecation warning and continues to work as a compatibility path. The recommended migration is:
- For non-interactive automation runs: use
codex exec --sandbox workspace-write - For broader trust needs: configure an explicit permission profile in the Codex config
This change aligns with OpenAI's broader permission system evolution across recent releases (0.124.0 and 0.125.0 already introduced persistent permission profiles). The deprecation of --full-auto is the final push to move all users onto the explicit-profile model.
Additional TUI Improvements
The 0.128.0 release also includes configurable TUI keymaps, giving power users the ability to remap keyboard shortcuts to match their preferences. Alongside this, plan-mode nudges surface contextual suggestions when the agent detects it may benefit from a planning step before executing. Action-required terminal titles update the terminal window/tab title when Codex needs user input, making it easier to notice when the agent is waiting β particularly useful when running multiple Codex sessions simultaneously.