---
name: codex-app-server-upgrade
description: Safely check, update, or self-upgrade the host Codex app-server and Codex CLI binary for this project. Use when asked to upgrade Codex, run app-server update checks, restart Codex after an update, or let Codex invoke its own app-server upgrade through the project script.
---

# Codex App Server Upgrade

Use the project app-server script instead of manually replacing binaries. It is designed to be portable and self-upgrade-safe.

## Locate the Script

Work from the current project root when possible. The script is:

```bash
scripts/start-codex-app-server
```

If the current directory is not the project root, find the nearest repository containing `scripts/start-codex-app-server` and run commands from that directory. Do not hardcode absolute paths.

## Commands

Check status:

```bash
scripts/start-codex-app-server status
```

Check for updates without changing anything:

```bash
scripts/start-codex-app-server check-updates
```

Apply an upgrade non-interactively:

```bash
scripts/start-codex-app-server check-updates -y
```

`check-upgrade` is accepted as an alias for `check-updates`.

## Self-Upgrade Behavior

When the app-server is running, `check-updates -y` downloads and validates the new Codex binary first, then starts a detached worker to stop the app-server process group, replace the binary, and start the app-server again. This is the correct path even when Codex itself initiated the command.

Expect the current Codex connection or tool call to be interrupted after the handoff. After a short delay, verify the outcome with:

```bash
scripts/start-codex-app-server status
```

If needed, inspect the portable project-local upgrade log:

```bash
sed -n '1,160p' run/codex-app-server-upgrade.log
```

## Safety Rules

- Do not manually `kill`, `mv`, or overwrite the Codex binary for this workflow.
- Do not assume `/usr/local/bin/codex`, a specific home directory, or any machine-specific path.
- Use `CODEX_BIN=/absolute/path/to/codex` only when the user or environment explicitly requires a non-default binary.
- If the script reports that it cannot replace the binary without write permission, stop and report that non-interactive privileges or a writable `CODEX_BIN` are required.
- Do not run `check-updates -y` unless the user explicitly asked to upgrade or auto-approve the update.