Update Codex CLI to version 0.78.0

[Copilot]

Updates the default Codex CLI version from 0.77.0 to 0.78.0, incorporating security hardening (sandbox write protection), bug fixes (firewall idempotency, multiple tool calls, /review cwd), and UX improvements (TUI2 scrollbar, MDM config support).

Changes

• Constants: Updated DefaultCodexVersion from "0.77.0" to "0.78.0" in pkg/constants/constants.go
• Tests: Updated version expectation in pkg/constants/constants_test.go
• Documentation: Updated version reference in specs/layout.md
• Workflow Compilation: Recompiled 9 workflow lock files using Codex engine

Affected Workflows

All workflows using engine: codex now install and reference version 0.78.0:

- name: Install Codex
  run: npm install -g --silent @openai/codex@0.78.0

Workflows updated:

• changeset.lock.yml
• daily-fact.lock.yml
• daily-issues-report.lock.yml
• daily-performance-summary.lock.yml
• deep-report.lock.yml
• duplicate-code-detector.lock.yml
• issue-arborist.lock.yml
• smoke-codex-firewall.lock.yml
• smoke-codex.lock.yml

Release Notes

Key improvements in 0.78.0:

• Security: Hardened sandbox to prevent writes to .codex/ directories
• Reliability: Fixed firewall rule creation/update idempotency
• Compatibility: Sanitized MCP tool names for Responses API
• UX: TUI2 scrollbar with auto-hide and drag support

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[ca] Update Codex CLI to version 0.78.0</issue_title>
<issue_description>## Version Update: Codex CLI 0.77.0 → 0.78.0

Previous Version: 0.77.0 (released December 21, 2025)
New Version: 0.78.0 (released January 6, 2026)
Release Timeline: ~16 days between releases
Commits in this release: 20 commits

---

Change Summary

Breaking Changes

None detected

New Features

• Firewall Rules API Enhancement: Added justification argument to prefix_rule() in *.rules files
• App Server API: Exposed outputSchema to user_turn/turn_start app server API endpoints
• TUI2 Scrollbar: New transcript scrollbar with auto-hide and drag functionality
• MacOS MDM Support: Added ability to load config requirements from MDM on macOS

Bug Fixes

• Sandbox Security: Fixed sandbox to never allow writes to .codex/ or .codex/.sandbox/ directories
• Firewall Setup: Improved idempotency for creating/updating firewall rules during setup
• Chat Tool Calls: Fixed handling of multiple tool calls in chat mode
• Review Command: Fixed /review command to respect session current working directory (cwd)
• Codex API: Fixed Chat Completions DONE sentinel handling
• Device Auth: Updated device auth prompt to use issuer URL

Security Improvements

• Sandbox User Privacy: Best effort implementation to "hide" sandbox users from system
• Sandbox Write Protection: Hardened protection against writes to .codex/ directories

Performance & Quality

• MCP Tool Names: Sanitized MCP tool names to ensure compatibility with Responses API
• GitHub Pager: Improved GitHub paging functionality
• Skills Rendering: Enhanced skills render section display
• TUI2 Selection: Copy selection now dismisses highlight for better UX

Dependency Updates

• insta: 1.44.3 → 1.46.0
• derive_more: 2.0.1 → 2.1.1
• tokio-stream: 0.1.17 → 0.1.18
• clap_complete: 4.5.57 → 4.5.64

---

CLI Changes Analysis

Result: No CLI interface changes detected between versions 0.77.0 and 0.78.0

The --help output for both the main command and all subcommands remains identical. All command-line flags, options, and arguments are unchanged.

---

Impact Assessment

Risk Level: Low

Affected Features:

• Sandbox security (improved protection)
• Firewall setup reliability
• TUI2 user experience enhancements
• MCP server compatibility

Migration Required: No

This is a maintenance release focused on bug fixes, security hardening, and incremental improvements. No breaking changes or significant behavioral changes that would affect gh-aw integration.

---

Merged Pull Requests

Key PRs included in this release:

1. Security & Sandbox:

   • never let sandbox write to .codex/ or .codex/.sandbox/ openai/codex#8683 - Prevent sandbox writes to .codex/ directories
   • best effort to "hide" Sandbox users openai/codex#8492 - Hide sandbox users from system
   • better idempotency for creating/updating firewall rules during setup. openai/codex#8686 - Improve firewall rule idempotency

2. Features:

   • feat: add justification arg to prefix_rule() in *.rules openai/codex#8751 - Add justification to prefix_rule() API
   • feat: expose outputSchema to user_turn/turn_start app_server API openai/codex#8377 - Expose outputSchema in app server API
   • feat(tui2): transcript scrollbar (auto-hide + drag) openai/codex#8728 - TUI2 scrollbar with auto-hide & drag
   • (MacOS) Load config requirements from MDM openai/codex#8743 - MacOS MDM config support

3. Bug Fixes:

   • fix: /review to respect session cwd openai/codex#8738 - Fix /review to respect session cwd
   • fix: chat multiple tool calls openai/codex#8556 - Fix chat multiple tool calls
   • fix(codex-api): handle Chat Completions DONE sentinel openai/codex#8708 - Fix Chat Completions DONE sentinel
   • Use issuer URL in device auth prompt link openai/codex#7858 - Use issuer URL in device auth

4. Quality Improvements:

   • [MCP] Sanitize MCP tool names to ensure they are compatible with the Responses APO openai/codex#8694 - Sanitize MCP tool names for Responses API
   • chore: GH pager openai/codex#8747 - Improve GH pager
   • chore: improve skills render section openai/codex#8459 - Improve skills render section
   • tui2: copy selection dismisses highlight openai/codex#8718 - TUI2 copy selection UX

5. Dependencies:

   • chore(deps): bump insta from 1.44.3 to 1.46.0 in /codex-rs openai/codex#8725 - Bump insta to 1.46.0
   • chore(deps): bump derive_more from 2.0.1 to 2.1.1 in /codex-rs openai/codex#8724 - Bump derive_more to 2.1.1
   • chore(deps): bump tokio-stream from 0.1.17 to 0.1.18 in /codex-rs openai/codex#8723 - Bump tokio-stream to 0.1.18
   • chore(deps): bump clap_complete from 4.5.57 to 4.5.64 in /codex-rs openai/codex#8721 - Bump clap_complete to 4.5.64

---

Package Links

• NPM Package: https://www.npmjs.com/package/`@openai/codex`
• Repository: https://github.com/openai/codex
• Release Notes: https://github.com/openai/codex/releases
• Specific Release: https://github.com/openai/codex/releases/tag/rust-v0.78.0

---

Update Status

✅ Updated: pkg/constants/constants.go - Changed DefaultCodexVersion from "0.77.0" to "0.78.0"
✅ Recompiled: 53 workflow files updated via make recompile
✅ Verified: All changes applied successfully

Files Modified: 53...

• Fixes [ca] Update Codex CLI to version 0.78.0 #9159

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

---

Changeset

• Type: patch
• Description: Bump Codex CLI default version to 0.78.0. Updates DefaultCodexVersion, tests, docs, and recompiled workflow lock files. Fixes [ca] Update Codex CLI to version 0.78.0 #9159

Ahoy! This treasure was crafted by 🏴‍☠️ Changeset Generator

[github-actions]

🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨

[github-actions]

📰 VERDICT: Smoke Copilot Playwright has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🤖 DIAGNOSTIC COMPLETE: Smoke Copilot No Firewall STATUS: ALL_UNITS_OPERATIONAL. MISSION_SUCCESS.

[github-actions]

✅ Firewall validation complete... Smoke Codex Firewall confirmed network sandboxing is operational. 🛡️

[github-actions]

📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤

[github-actions]

🎉 Yo ho ho! Changeset Generator found the treasure and completed successfully! ⚓💰

[github-actions]

🎉 Yo ho ho! Smoke Copilot Safe Inputs found the treasure and completed successfully! ⚓💰

[github-actions]

✨ The prophecy is fulfilled... Smoke Codex has completed its mystical journey. The stars align. 🌟

[github-actions]

Smoke Test Results

✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-copilot-20762126995.txt
✅ Bash Tool: Verified file content successfully
✅ Safe Input gh Tool: Executed gh pr list --state merged --limit 2

Overall Status: PASS

AI generated by Smoke Copilot Safe Inputs

[github-actions]

Copilot Engine Smoke Test Results

Last 2 Merged PRs:

• Security Fix: Suppress gosec warning for intentional error ignoring in semver.go (Alert #477) #9166: Security Fix: Suppress gosec warning for intentional error ignoring in semver.go
• Remove awmg gateway binary and build infrastructure #9160: Remove awmg gateway binary and build infrastructure

Tests:

• ✅ GitHub MCP (retrieved PRs)
• ✅ File writing (/tmp/gh-aw/agent/)
• ✅ Bash tools (file verification)
• ✅ GitHub MCP default toolsets (get_me correctly unavailable)
• ✅ Cache memory (/tmp/gh-aw/cache-memory/)
• ✅ Web fetch (GitHub API)
• ✅ Tools available (bash, view, edit, create, grep, glob, web_fetch, github-*, safe-outputs)

Overall: PASS

cc: @pelikhan @Copilot

AI generated by Smoke Copilot

[github-actions]

Smoke Test Results (Copilot Engine - No Firewall)

✅ Last 2 merged PRs reviewed: #9166 (Security fix), #9160 (Remove awmg gateway)
✅ Test file created: /tmp/gh-aw/agent/smoke-test-copilot-20762126990.txt
✅ GitHub.com navigation: Page title verified as "GitHub · Change is constant. GitHub keeps you ahead. · GitHub"
✅ GitHub API access: Successfully listed 3 open issues

All tests passed successfully.

AI generated by Smoke Copilot No Firewall

[github-actions]

Smoke Test Results: Claude Engine

Recent PRs:

• Security Fix: Suppress gosec warning for intentional error ignoring in semver.go (Alert #477) #9166: Security Fix: Suppress gosec warning for intentional error ignoring in semver.go
• Remove awmg gateway binary and build infrastructure #9160: Remove awmg gateway binary and build infrastructure

Test Results:

• ✅ GitHub MCP: Retrieved last 2 merged PRs
• ✅ File Writing: Created /tmp/gh-aw/agent/smoke-test-claude-20762126981.txt
• ✅ Bash Tool: Verified file contents successfully
• ✅ Playwright MCP: Navigated to GitHub, title contains "GitHub"
• ✅ Cache Memory: Created and verified /tmp/gh-aw/cache-memory/smoke-test-20762126981.txt
• ❌ Safe Input gh Tool: Not available in current environment

Overall Status: PASS (5/6 tests passed)

AI generated by Smoke Claude

[github-actions]

Security Fix: Suppress gosec warning for intentional error ignoring in semver.go (Alert #477) — ✅
Remove awmg gateway binary and build infrastructure — ✅
OpenAI curl blocked — ✅
Example.com blocked — ✅
File write/read — ✅
Network: SANDBOXED
Overall: PASS

AI generated by Smoke Codex Firewall

[github-actions]

Smoke Test Results

✅ Cache Memory: Created /tmp/gh-aw/cache-memory/smoke-test-20762126973.txt
⚠️ Playwright MCP: Inspector mode blocked automation (verified GitHub via curl)
❌ safeinputs-gh: Tool not found (gh safe-input command doesn't exist)

Overall Status: FAIL

Note: gh CLI requires GH_TOKEN environment variable in workflow context.

AI generated by Smoke Copilot Playwright

[github-actions]

PRs: Security Fix: Suppress gosec warning for intentional error ignoring in semver.go (Alert #477); Remove awmg gateway binary and build infrastructure
GitHub MCP ✅ | File write ✅ | Bash verify ✅ | Playwright title ✅ | Cache memory ✅ | safeinputs-gh ❌ (tool unavailable)
Overall: FAIL

AI generated by Smoke Codex