Codex CLI adds safer permissions, plugins

This is the kind of release that matters more than flashy demos: it shifts Codex CLI from “powerful local agent” toward “tool you can actually trust in daily workflows.”

• –Safer permissions and deny-read controls reduce the blast radius when the agent is operating on real codebases or sensitive files
• –Queued input and side conversations make the TUI better suited for long-running, multi-step coding sessions instead of one-shot prompts
• –Plugin support is the bigger strategic move, because it turns Codex CLI into a platform rather than a fixed interface
• –Amazon Bedrock compatibility matters for teams that need procurement flexibility, model choice, or AWS-centered infrastructure
• –The overall direction is clear: more control, more interoperability, less friction for constrained enterprise use