Codex CLI 0.128.0: workflows that hold up

The situation

Codex CLI 0.128.0 is a workflow release. It touches instruction discovery, persisted work, permissions, plugins, and the reliability of resume and review loops. If you use Codex in a real repo, the question is not “what’s new?” but “what should change in how we run it?”

This release matters most for teams that already rely on AGENTS.md, sandboxed execution, and reviewable diffs. The changelog points to a stronger operating model: Codex can carry more state across turns, show more control in the TUI, and make policy and plugin behavior more explicit. That only helps if repo instructions are already clear enough to be found and followed.

It also matters for teams connecting Codex to external systems. The changelog adds plugin and external-agent workflow support, plus permission-profile controls that make the active operating context easier to see. That shifts the work back to the team: define the boundary, verify it, and keep the diff small enough to review.

For the official docs, start with the Codex docs and the CLI guide. For the instruction layer, the AGENTS.md guide is the main reference. For shared tool packaging, the OpenAI skills repository is the place to study the pattern. For workflow context, see cli workflows.

What to change

Start with repo instructions before you lean on the new workflow features. Codex reads AGENTS.md, so the first win is usually a short file at the repo root and narrower overrides where needed. Keep the root file on durable rules: how to run tests, where to place changes, and what not to touch. Use nested files for local exceptions instead of one large policy blob.

---
description: Repo rules for Codex CLI work
---

- Prefer small, reviewable diffs.
- Run the repo's test command before asking for review.
- If a task touches a nested package, check for a local AGENTS.md first.
- Do not change deployment settings without an explicit request.

Use the persisted workflow support to keep long tasks legible. The changelog calls out persisted /goal workflows, app-server APIs, runtime continuation, and TUI controls for create, pause, resume, and clear. In practice, that means you can keep a task alive across interruptions, but each resumed turn should still be a checkpoint. Resume only after you can restate the goal, the current branch, and the verification step.

Make verification a first-class loop, not a final step. A good Codex CLI loop is: ask for the change, inspect the diff, run the narrowest relevant test, then ask for a second pass if the output is noisy or incomplete. For production codebases, the reviewable artifact is the diff plus the test result, not the chat transcript. If the change touches shell behavior, permissions, or network access, verify those boundaries explicitly.

1. Update AGENTS.md with the repo rule that matters most.
2. Run Codex on one scoped task.
3. Review the diff before any follow-up prompt.
4. Run the smallest test or lint command that proves the change.
5. Resume only if the next step is clear and bounded.

Treat permission profiles as part of the workflow, not a hidden setting. The release expands built-in defaults, sandbox profile selection, cwd controls, and active-profile metadata. That is useful when teams need to know which policy was active during a run. Document which profile is allowed for which repo area, then check that the active profile matches the task before trusting the output.

Use plugins and external-agent imports only when they reduce manual setup. The changelog adds marketplace installation, remote bundle caching, plugin-bundled hooks, hook enablement state, and external-agent config import. That suggests a cleaner packaging model, but it also raises the review bar. A plugin should bundle a working operating model, not a pile of loosely related commands. If you install one, inspect what it changes in hooks, permissions, and agent definitions before you let it touch production work.

Keep MCP boundaries explicit. MCP is the connector layer for external systems, and the official docs describe it as a standard way to connect AI apps to tools and data. In Codex, that means connector scope should be reviewed like any other integration. A simple boundary note in the repo is often enough:

- MCP connectors may read issue metadata and docs.
- MCP connectors may not write to production systems.
- Any new connector requires a review of scope, auth, and rollback.

If your team uses skills, make them easy to discover and hard to misuse. The release mentions model tools and workflow improvements around skills, and the shared skills repo is the right reference point for packaging. The practical test is whether a teammate can tell when to invoke a skill explicitly, what it changes, and how to verify the result. If not, the skill description is too vague.

A useful checkpoint here is the Review step: Codex 0.128.0 gives you more ways to keep work alive, but review still has to happen on the diff, not in the model loop.

Tradeoffs and limits

The new controls help only if your repo already has discipline. Persisted workflows can also preserve confusion if the goal is vague, the instruction chain is messy, or the verification step is skipped. More state is not the same as more correctness.

Permission profiles and active-profile metadata improve visibility, but they do not replace policy. Teams still need to decide which directories, commands, and connectors are allowed for which tasks. If that is not written down, the tool cannot infer it safely.

Plugin installation and external-agent imports can speed up adoption, but they also widen the review surface. Treat them like code: inspect the bundle, check hook behavior, and confirm what changes are local versus shared. The same applies to MCP. A connector that is convenient for one task can become a governance problem if its scope is broader than the repo needs.

The changelog also includes fixes around resume, interruption, TUI layout, and managed network behavior. That is a reminder to keep your own workflow resilient: save the branch, keep tasks small, and verify after every meaningful state change. If a resumed run cannot be explained in one sentence, it is too large.

Starter checklist

• Tighten AGENTS.md before using new workflow features.
• Keep one clear rule for tests, one for scope, and one for files to avoid.
• Use a narrow Codex task, then review the diff before the next prompt.
• Verify the smallest test or lint command that proves the change.
• Write down permission-profile and MCP boundaries in the repo.
• Treat plugins and skills as reviewable artifacts, not shortcuts.

Further reading

• Codex docs
• Codex CLI guide
• AGENTS.md guide
• OpenAI skills repository
• MCP introduction
• Related training topic