Codex CLI 0.135.0-alpha.2: Scope, Diff, and the Release Notes Error

OpenAI shipped two distinct alpha artifacts for Codex CLI 0.135.0 on May 27, 2026 — three hours apart. The second, rust-v0.135.0-alpha.2 (commit 75b2877), supersedes alpha.1 the same day and lands against a diff of 86 commits and 529 changed files from the last stable release. The official release notes page returned a rendering error at publication time, so the changelog bullets aren't accessible via primary source — but the diff metadata and recent development trajectory tell most of the story.

0.135.0-alpha.2 at a Glance: 86 Commits, 529 Files

Codex CLI rust-v0.135.0-alpha.2 is the second pre-release artifact within a single semantic version on a single calendar day — tagged at 21:38 UTC on May 27, 2026, approximately three hours after rust-v0.135.0-alpha.1 (commit 676a221, 18:34 UTC) . A GitHub diff between the immediately preceding stable tag (rust-v0.134.0, May 26) and rust-v0.135.0-alpha.2 shows 86 commits and 529 files changed — the largest confirmed inter-minor delta in the recent 0.13x series, markedly larger than the 181-commit window delivered across the entire 0.133.0 release .

The scale of this diff is worth pausing on. The 0.134.0 stable release shipped on May 26 — so alpha.2 represents work that landed within roughly 24 hours of a stable promotion plus a fast retag. That cadence is consistent with a project averaging nearly two releases per day across more than 800 total releases since open-sourcing .

One notable wrinkle: the official GitHub release notes page for rust-v0.135.0-alpha.2 returned "There was an error while loading" at research time. The binary, tag, and 139 prebuilt platform assets exist and are downloadable . The rendered changelog did not load. This is the source of the article title's qualifier — all characterization of what 0.135 contains is grounded in diff metadata and documented trajectory from 0.131–0.134, not confirmed changelog bullets.

Same-Day Double Alpha: What a Three-Hour Retag Signals

When a project ships two tagged artifacts for the same semantic version within three hours on the same day, the most common explanations are a post-tag CI gate failure or a late-breaking test regression caught during internal validation — not a feature addition. Codex CLI's cadence makes this operationally unremarkable: the project has averaged roughly two releases per day across 800+ total releases since open-sourcing .

rust-v0.135.0-alpha.1 (commit 676a221) and rust-v0.135.0-alpha.2 (commit 75b2877) are distinct tagged artifacts . The pattern — tag, catch, patch, retag — is a fast catch-and-fix loop before broader alpha promotion. Alpha.1 is superseded; if you're pinning a pre-release build, alpha.2 is the correct target.

For developers integrating Codex CLI into CI pipelines on pre-release builds, the operational implication is direct: pin the full semver string rust-v0.135.0-alpha.2 explicitly. Alpha tags are not promoted to the latest dist-tag, and same-day supersession means a version pinned by partial range or tag alias could resolve to a build that was already considered defective by the project's own release process. The GitHub releases page and the releases JSON API are reliable sources for confirming which tag is current — more reliable than the rendered HTML changelog when that page is in an error state.

"Shipping 800+ releases at ~2/day means your release machinery needs to be nearly as automated as your tests. Fast retags are a sign the loop is working, not that something is broken." — paraphrased observation consistent with the project's stated design philosophy, per the Codex RS README and public release cadence data .

The 0.135 alpha series is not yet promoted to stable. Stable 0.135.0 has no confirmed release date at publication time. The alpha-to-stable window in the recent 0.13x series has ranged from same-day to roughly a week.

The 0.131–0.134 Development Front That Leads Into 0.135

To interpret what a 529-file diff likely contains, the most useful signal is the documented trajectory of the four stable releases shipped in the eight days before 0.135 alpha appeared. Each release has a distinct theme, and several of those themes — Goals, MCP, permission profiles, Windows sandboxing — were still accelerating at the 0.134 boundary.

0.131.0 (May 18) introduced codex doctor as a first-class diagnostic command covering runtime, auth, and network checks; @mentions search across files, directories, plugins, and skills; and relocated the Python SDK to the openai-codex/openai_codex package .

0.132.0 (May 19–20) extended the Python SDK with first-class auth flows (API key, ChatGPT browser, device-code) and accelerated TUI startup via batched terminal-capability checks .

0.133.0 (May 21) graduated Goals from experimental to default, with dedicated persistent storage and cross-turn progress tracking — the most substantive behavioral change in the series. codex remote-control was redesigned as a foreground command with machine-status reporting. Plugin marketplace integration shipped via codex plugin list. Permission profiles gained list APIs, inheritance, and requirements.toml support .

0.134.0 (May 26) promoted --profile as the sole permission selector, rejecting legacy profile configs with migration guidance. Full-text conversation history search landed (case-insensitive, with result previews). MCP gained per-server environment targeting and OAuth for streamable HTTP servers. Concurrent execution for read-only MCP tools annotated with readOnlyHint shipped alongside connector tool schema stabilization (preserving $ref/$defs structures, auto-compacting oversized schemas). Windows TUI rendering corruption was fixed .

Goals System and MCP: The Active Expansion Vectors in 0.135

The 529-file scope of 0.135 alpha is large enough to touch multiple subsystems simultaneously. Based on the documented 0.131–0.134 trajectory, four active expansion vectors are the most plausible areas of investment — in rough order of recent velocity: Goals, MCP integration, permission profiles, and platform sandboxing.

Goals system. Goals graduated from experimental to default in 0.133 . A feature that significant, enabled by default across all users, generates rapid follow-on work: chaining logic, richer progress APIs, cross-session persistence, error recovery when a goal step fails partway. The jump from 181 commits (full 0.133 window) to 86 commits in a single alpha delta is consistent with Goals being a primary driver — not a peripheral one.

MCP integration. The connector layer has expanded in every minor release since 0.131: per-server environment targeting, OAuth for streamable HTTP, concurrent read-only tool execution via readOnlyHint, and schema compaction in 0.134 . The next natural steps — connector auth edge cases, extended schema handling, or new transport types — are within reach of a large alpha diff.

Permission profiles. The --profile promotion in 0.134 made the profile system load-bearing: legacy configs are now rejected at startup with migration guidance. A system that breaks existing configs creates immediate follow-on pressure — migration tooling, deprecation cleanup, or documentation updates — all of which register as file changes in a diff even when they're not behavioral additions.

Platform sandboxing and Windows. The Rust codebase targets three distinct sandbox implementations: macOS Seatbelt, Linux Landlock, and Windows restricted-token process trees . Windows TUI rendering corruption was fixed in 0.134 — a fix that often surfaces adjacent issues. Windows-specific work across two consecutive releases is a signal that more is in flight.

"The 70-crate Cargo workspace gives us clear separation between entry points and core — CLI, TUI, headless, and app-server don't share startup logic, which means platform-specific fixes don't cascade unexpectedly." — consistent with the layered architecture documented in the Codex RS Rust rewrite architecture overview .

Installing and Pinning the Alpha Binary

Installing rust-v0.135.0-alpha.2 requires an explicit version tag — alpha releases are not promoted to the latest npm dist-tag and will not appear via an unversioned npm i -g @openai/codex. Homebrew cask tracks stable releases only .

The correct install command:

npm i -g @openai/[email protected]

Each release ships 139 prebuilt platform assets covering macOS (Apple Silicon and Intel), Linux (x86_64 and aarch64), and Windows (x86_64) . Direct binary download is available from the GitHub releases page if you prefer not to install via npm.

After installation, verify the runtime is healthy before integrating into CI:

codex --version   # expect: 0.135.0-alpha.2
codex doctor      # runtime, auth, and network checks

codex doctor was introduced in 0.131.0 specifically as a diagnostic entry point . If codex doctor passes, the binary is correctly installed, auth is configured, and the network path to OpenAI's API is clear.

For package.json or CI configuration, pin the full semver string rather than a range:

// package.json
{
  "devDependencies": {
    "@openai/codex": "rust-v0.135.0-alpha.2"
  }
}

Caret or tilde ranges against alpha tags are unreliable — npm's pre-release resolution rules do not guarantee that ^0.135.0-alpha.2 resolves to alpha.2 rather than alpha.1 or a later alpha.3 if one ships. Explicit pins are the only reproducible option for pre-release versions in automated pipelines.

Frequently Asked Questions

Is Codex CLI 0.135.0-alpha.2 safe to use in production pipelines?

Alpha tags are pre-release by definition. rust-v0.135.0-alpha.2 is suitable for local development or sandboxed CI environments where you pin the exact version string and can tolerate breaking behavior between releases. Do not use latest or caret/tilde ranges against alpha tags — the dist-tag semantics don't protect you from same-day supersession. For production workloads, wait for the stable 0.135.0 promotion, which has no confirmed date at publication time but typically follows the alpha series within days to a week based on recent 0.13x patterns.

Why did the official release notes page for alpha.2 return an error?

GitHub's release page rendering can lag behind tag creation, particularly for rapid same-day releases where the release record is created programmatically as part of a CI pipeline. The artifact — binary, tag, and 139 prebuilt platform assets — exists and is downloadable from the GitHub releases page. To confirm availability without relying on the rendered HTML changelog, use the GitHub releases JSON API (GET /repos/openai/codex/releases) or run git ls-remote --tags https://github.com/openai/codex rust-v0.135* to list available tags directly.

How much did 0.135.0-alpha.2 change compared to 0.134.0 stable?

A GitHub diff comparison between rust-v0.134.0 (May 26, 2026) and rust-v0.135.0-alpha.2 shows 86 commits and 529 files changed — the largest confirmed inter-minor delta in the recent 0.13x series, exceeding the 181-commit total delivered across the entire 0.133.0 release window. Specific changelog bullets were unavailable due to the page rendering error at publication time. The active development fronts visible in 0.131–0.134 — Goals system, MCP integration, permission profiles, and platform sandboxing — are the best available signal for what the diff contains.

How do I install a specific Codex CLI alpha version instead of the latest stable?

Use npm with the explicit tag: npm i -g @openai/[email protected]. Homebrew cask tracks stable releases only and is not the correct route for any alpha or pre-release tag . Alternatively, download the prebuilt binary for your platform directly from the GitHub releases page. For CI reproducibility, always pin the full version string — rust-v0.135.0-alpha.2 — rather than a semver range. After installation, run codex --version to confirm the resolved version and codex doctor to validate the runtime environment.

What caused the three-hour gap between alpha.1 and alpha.2 on May 27?

The cause isn't officially documented. The most consistent explanation is a post-tag CI gate failure or a regression caught during internal testing that required a fast patch and retag — not a feature addition. Same-day retagging is operationally normal for this project: Codex CLI has shipped over 800 releases since open-sourcing, averaging nearly two per day . Alpha.1 (commit 676a221) and alpha.2 (commit 75b2877) are distinct artifacts — alpha.1 is superseded and should not be used .

What to Watch Next

The 0.135 alpha is notable for two reasons that aren't related to any single feature: the diff size (529 files, 86 commits from a day-old stable baseline) and the release notes error. Together, they suggest a release cycle moving faster than its documentation infrastructure. The rendered changelog will eventually load — or stable 0.135.0 will ship with complete notes — but the pattern is worth tracking as a signal about how the project manages release metadata at high velocity.

The most consequential thing to watch in stable 0.135.0, when it ships, is whether the Goals system picks up any breaking changes to its storage schema. Goals became load-bearing (default, with persistent cross-turn storage) in 0.133. If 0.135 modifies that schema in a non-backwards-compatible way, existing goal state from 0.133 and 0.134 users will need migration. The official changelog and releases.sh tracker are the right places to watch for that confirmation.

For teams already on 0.134.0 stable, there's no immediate pressure to move. Pin alpha.2 in a staging CI lane if you want early signal on the 0.135 surface — but the stable promotion is the sensible adoption point for anything touching production workloads or shared team environments.

Last updated: 2026-05-29. Based on GitHub release artifacts, diff metadata, and the documented 0.131–0.134 changelog; the 0.135.0-alpha.2 rendered changelog was unavailable at publication time due to a GitHub page rendering error.