OpenAI shipped Codex CLI 0.134.0 stable on May 26 and 0.135.0 stable on May 28 — two calendar days apart. Between the two stable cuts, a pair of alpha tags appeared and resolved within 24 hours. With 0.136.0-alpha.1 already out on May 29, this is near-daily delivery. For teams running Codex in CI or production toolchains, the pace is fast enough that explicit version pinning is now a practical requirement. This brief covers what changed, what breaks, and what to watch next.
Two Stable Releases in 48 Hours
Codex CLI 0.134.0 landed as stable on May 26, 2026 . Forty-eight hours later, 0.135.0 stable followed on May 28 . In between, 0.135.0-alpha.1 and 0.135.0-alpha.2 both shipped on May 27, compressing the alpha-to-stable window to under 24 hours.
codex doctor diagnostic command. Pin versions in CI before upgrading.
The pattern continued: 0.136.0-alpha.1 appeared on May 29 . For context, 0.133.0 shipped May 21 — the gap between stable releases dropped from five days to two in a single cycle.
Alpha tags are now effectively CI artifacts rather than public previews. Both 0.135.0 alphas appeared on the same day; stable followed within 24 hours. Teams consuming Codex in any automated pipeline should pin to explicit version tags and validate on staging before promoting — silent breakage is a real risk at this velocity.
| Version | Date | Type | Days Since Previous Stable |
|---|---|---|---|
| 0.133.0 | May 21, 2026 | Stable | — |
| 0.134.0 | May 26, 2026 | Stable | 5 |
| 0.135.0-alpha.1 | May 27, 2026 | Alpha | 1 |
| 0.135.0-alpha.2 | May 27, 2026 | Alpha | 1 |
| 0.135.0 | May 28, 2026 | Stable | 2 |
| 0.136.0-alpha.1 | May 29, 2026 | Alpha | 1 |
Searchable Conversation History
0.134.0 adds local session history search with case-insensitive content matching and inline result previews . Developers can scan past sessions without leaving the TUI — useful for revisiting debugging workflows, reusing prompts, or auditing prior agent runs.
The feature targets a common workflow gap: LLM-assisted sessions are ephemeral by default, and recovering the exact prompt or context from a session three days ago typically meant manual log-digging. Inline previews let you confirm a match before opening the full session.
Per the official release notes, history is stored locally . No cloud sync is mentioned in current documentation. Session content stays on-device — relevant for teams with data-residency requirements who want to use the feature without changes to their data handling posture.
Profile v1 Removed: Required Configuration Update
The breaking change in 0.134.0: legacy profile v1 configurations are explicitly rejected at startup. The CLI emits an error with inline v2 upgrade instructions . There is no silent fallback — v1 entries are refused, not ignored or auto-converted.
--profile is now the sole authoritative selector across the CLI, TUI, permission flows, and sandbox workflows. Any team with scripts or CI configs that reference the old profile format will hit a hard failure on update. Audit --profile usage before rolling out 0.134.0.
| Aspect | Profile v1 (pre-0.134.0) | Profile v2 (0.134.0+) |
|---|---|---|
| Startup behavior | Accepted | Rejected with error + migration hint |
| CLI flag | Legacy format | --profile (authoritative) |
| Auto-conversion | N/A | No — manual migration required |
| Scope | Partial | CLI, TUI, permissions, sandbox |
| Named profile references | Not supported | Supported via /permissions (0.135.0+) |
According to Hammer Automation's release digest, the v2 migration path is documented inline in the error output, but teams with shared profile configs will need to update every consumer before bumping the version . This is especially relevant in monorepos or shared development containers where a single profile config is inherited across multiple engineers.
Note that 0.135.0 extends the /permissions command to recognize named permission profiles — allowing operators to reference stored configurations by name rather than inline. Teams planning a full migration should target both releases together.
MCP Enhancements: Per-Server Env Vars, OAuth, and Concurrent Execution
Model Context Protocol integration in 0.134.0 adds three targeted capabilities: per-server environment variable targeting, OAuth support for streamable HTTP MCP servers, and concurrent execution for read-only tools . Each addresses a distinct category of MCP workflow friction.
Per-server env var targeting means different MCP servers can receive different environment contexts. Previously, environment isolation between servers required wrapper scripts or external tooling. OAuth for streamable HTTP servers unlocks enterprise SSO and access to protected MCP server instances without embedding shared secrets in config files.
Concurrent read-only execution is the most operationally significant change for agent workflows. When a server sets readOnlyHint=true, Codex now runs eligible tools in parallel rather than sequentially. No client configuration is needed — the server advertises the capability, and Codex responds accordingly.
"Read-only MCP tools now execute concurrently when a server advertises
readOnlyHint, reducing latency for non-mutating tool calls." — OpenAI Codex team, Release Notes, May 2026
Schema handling also improved: connector tool schemas now preserve local $ref and $defs structures instead of flattening them . Oversized schemas are automatically compacted before agent processing, preventing context-window waste on large tool definitions.
codex doctor Gets a Diagnostic Overhaul
0.135.0 significantly expands the codex doctor command. It now reports on environment variables, Git state, terminal capabilities, app-server connectivity, and thread inventory in a single command . Previously, CI operators had to interrogate each of these surfaces separately — across the shell, config files, and server diagnostics.
"codex doctor now surfaces environment variables, Git state, terminal capabilities, app-server connectivity, and thread inventory — covering the most common CI environment discrepancy scenarios in one command." — OpenAI Codex team, Official Changelog, May 2026
| Category | What codex doctor Reports |
|---|---|
| Environment variables | Presence and values of Codex-relevant env vars |
| Git state | Repo status, current branch, dirty/clean state |
| Terminal capabilities | Terminal type, color support, virtual-terminal flags |
| App-server connectivity | Remote server reachability and response status |
| Thread inventory | Active threads and current session state |
The /status command was extended in parallel to display remote connection details and live server version information . Together, these changes make 0.135.0 particularly valuable for teams running Codex in ephemeral containers, GitHub Actions runners, or remote SSH environments where environment drift is a persistent debugging cost.
Vim Text Objects, TUI Stability, and Python Preset Constants
0.135.0 adds vim text-object editing to the TUI: ciw, da(, and standard motions now work natively . Configurable interrupt-turn keybindings and improved word/line-end behavior ship alongside. This makes Codex's TUI a viable primary editing surface for developers who rely on vim muscle memory, rather than a modal fallback.
Several TUI stability fixes ship in the same release. macOS virtual-terminal loss, Zellij sessions, older tmux, and iTerm2 Ctrl-C handling all receive targeted fixes. Slash-command completion no longer clobbers existing draft input — a daily-use friction point present since slash commands shipped. Resume flow for non-interactive exec sessions also gets a working-directory override correction.
On the SDK side, the Python SDK adds Sandbox preset constants for thread and turn APIs . These reduce boilerplate when setting sandbox execution modes programmatically. According to the Codex changelog directory, packaged Codex builds can now also discover bundled patched zsh helper scripts on both macOS and Linux.
Frequently Asked Questions
What breaks when upgrading to Codex CLI 0.134.0?
Profile v1 format is rejected at startup. The CLI emits an error with inline v2 upgrade instructions rather than falling back silently. Before updating, audit all --profile usage in scripts, CI configs, and shared development containers. Any config that references the old profile format will cause a hard failure on launch. There is no auto-conversion path — migration is manual, guided by the inline error message.
How does concurrent MCP tool execution work in 0.134.0?
Read-only MCP tools run in parallel when the server sets readOnlyHint=true. No extra client configuration is needed — the server advertises the capability, and the Codex client responds accordingly. Tools that mutate state are unaffected and continue to execute sequentially. The latency benefit scales with the number of parallel read-only calls an agent makes in a single turn. Server authors need to explicitly opt in by setting the hint on eligible tools.
What does codex doctor report after the 0.135.0 update?
After the 0.135.0 update, codex doctor reports across five categories: environment variables, Git state, terminal capabilities, app-server connectivity, and thread inventory. This covers the most common CI environment discrepancy scenarios in a single command, replacing the need to manually interrogate each surface. It is most useful in ephemeral containers, GitHub Actions runners, and remote SSH environments where environment drift between runs is a recurring issue.
Is it safe to upgrade to 0.135.0 stable immediately?
The stable designation applies, but the 48-hour window from the previous stable release is unusually short. The alpha-to-stable window for 0.135.0 was under 24 hours — a compressed validation cycle compared to prior releases. Standard practice: pin versions explicitly in CI, validate against a staging environment first, and audit profile configs before rolling out to production. Treat it as stable with standard caution, not as a candidate for accelerated rollout.
Does local conversation history in 0.134.0 sync anywhere?
Per the official release notes, history is stored locally. No cloud sync is mentioned in current documentation. Session content stays on-device under current documented behavior. Teams with data-residency or confidentiality requirements can use the feature without changes to their data handling posture — though behavior may evolve in future releases as the feature matures.
What to Watch in 0.136.0
0.136.0-alpha.1 appeared on May 29 — the day this article was written . No public changelog entry exists for it yet. Given the current cadence, a stable cut within two to five days is plausible. The key variable to track: whether the alpha-to-stable compression continues, and whether any further breaking changes trail the profile v1 removal.
The broader signal is that OpenAI has shifted Codex CLI into a continuous-delivery mode that treats minor version bumps the way others treat patch releases. The alpha tags now serve primarily as internal integration checkpoints, not public preview channels. For individual developers this is largely fine. For teams with shared toolchain configs, staging-first validation is the only safe operating posture at this release velocity.
Also unresolved: the detailed diff between 0.135.0-alpha.1, alpha.2, and the final stable has not been published separately — OpenAI collapses alpha notes into the stable release entry. It is unclear whether any alpha-specific experiments were dropped before the May 28 stable cut . Watch the official changelog for 0.136.0 detail as it lands.
Last updated: 2026-05-29. Based on official release notes and changelogs reviewed on the same date. 0.136.0-alpha.1 had no public changelog as of publication.
