Codex 0.136.0: Archived Sessions, Safer Diffs, Clickable Links
We break down Codex 0.136.0’s new session archiving flow, which locks past runs into read-only history and requires an explicit step to unarchive them. The episode also covers diff-command hardening, elevated Windows sandbox setup, and OSC 8 terminal links for a smoother daily workflow.
Is this your podcast and want to remove this banner? Click here.
Chapter 1
The Architecture of Session Archiving in Codex 0.136.0
Ethan Park
Hey Maya, I spent the morning digging into the release notes for Codex version 0.136.0, and they've finally addressed a massive headache for anyone running automated agent workflows: session mutation. Thanks to Jellypod to help make this daily show a reality. [warmly] Powered by Jellypod AI, we're unpacking how they did it.
Maya
Oh, the classic "accidentally resumed an old run and corrupted my entire state" disaster? [laughs] I can't tell you how many times we had testers run into state corruption because an old session was forked or resumed by mistake during collaborative debugging.
Ethan Park
Exactly. In 0.136.0, they've introduced explicit session archiving. If you're on the CLI, you run `codex archive`, or if you prefer the TUI, you just type `/archive`. It completely freezes the session history.
Maya
So once it's frozen, it's read-only? [curious] No accidental restarts, no appending new agent steps?
Ethan Park
Exactly. It blocks resumption and forking completely. If you actually want to modify it later, you have to run an explicit `codex unarchive` first. It forces a deliberate, manual speed bump.
Maya
Which is perfect, honestly. [matter-of-fact] From a QA perspective, safety shouldn't rely on developers remembering not to press a button. But how does this affect state storage? Is it actually compressing the history, or just setting a metadata flag?
Ethan Park
It's primarily a state-locking metadata layer, but it prevents any write operations to that specific session path. Let's say you're working in a shared team environment where multiple devs are querying agent run history—this guarantees the integrity of those past runs without worrying about someone polluting the token history or memory buffers.
Maya
Right, because if another team member pulls down your session to analyze how the agent solved a complex problem, they might run a command that triggers a fresh execution loop by mistake. That `/archive` command ensures that history remains a pure, untouched record.
Chapter 2
Command-Safety Hardening, Elevated Sandbox Setup, and OSC 8 Links
Ethan Park
Exactly. Now, speaking of security and integrity, version 0.136.0 also does some serious hardening on the security side, specifically around the `/diff` command.
Maya
Wait, `/diff`? [skeptical] Isn't that just showing file differences? How do you get an execution vector out of a diff command?
Ethan Park
Well, malicious repositories can craft custom git configurations or file headers that trick diff parsers into executing arbitrary commands. Version 0.136.0 completely blocks those repository-provided execution vectors.
Maya
Ah, git exploit vectors. [thoughtfully] That makes sense. If you're pulling down an untrusted open-source repo to review it, the last thing you want is the agent's code review command executing arbitrary shell scripts hidden in the diff metadata.
Ethan Park
Precisely. Codex is limiting what can be parsed and executed when inspecting external repositories. And speaking of execution environments, if you're on Windows, they've introduced an alpha path for sandbox provisioning. You run `codex sandbox setup --elevated`.
Maya
Wait, `--elevated`? [skeptical] Does that mean it needs full Administrator privileges to spin up the container sandbox?
Ethan Park
It does. Because Windows sandbox APIs and Hyper-V features require admin privileges to configure network bridges and virtual machines properly. It's a bit of a hurdle, but it's a huge step toward parity with Linux container sandboxes.
Maya
Right, but running commands with admin privileges always makes security teams sweat. Is there any plan to allow non-elevated setups later, or is this just the price of admission for native Windows sandboxing?
Ethan Park
They're calling this an alpha path specifically because of that complexity. For now, it's about getting the Hyper-V containers provisioned securely, and they'll likely refine the permission model in later releases.
Maya
Fair enough. [chuckles] But hey, let's talk about something a bit more satisfying for the terminal daily-drivers: OSC 8 links.
Ethan Park
Yes! The terminal experience is getting a massive upgrade. They've integrated OSC 8 metadata, which means when Codex outputs markdown with links, your terminal actually renders them as native, clickable hyperlinks.
Maya
Finally! [excited] No more dragging my mouse to copy-paste an entire long URL from a terminal pane into a browser window. If my terminal emulator supports OSC 8, I can just Ctrl-click it.
Ethan Park
It's a tiny detail, but for a tool you live in all day, it's a huge quality-of-life win. That's version 0.136.0 for you: locking down past runs, securing your diffs, and making the terminal just a little less painful.
Maya
I'll take clickable links and locked histories any day. [warmly] Let's see how that sandbox setup behaves on our Windows test suite next.