Note: Manually grant Accessibility and Screen Recording permissions for appshots (System Settings → Privacy & Security) so Computer Use screenshots can start.

Reusable patcher for packaged Codex.app builds. It forces the Computer Use plugin to stay visible in plugin UI and settings, keeps Browser/IAB and external browser (Google Chrome) Control availability enabled in the patched app, tolerates stale tool-call events, renders Computer Use calls through the generic MCP row to avoid the chat error screen, keeps the bundled marketplace entry present, installs the native Computer Use runtime into ~/.codex, updates Electron ASAR integrity, ad-hoc signs the app (preserving the runtime/automation/device entitlements Electron and Computer Use need), and clears the com.apple.quarantine attribute so Gatekeeper does not flag the re-signed app as damaged.

The patcher rewrites the shared plugin-availability hooks (use-is-plugins-enabled-*.js) so Computer Use, in-app browser, and external Google Chrome control all report as available. This removes the Control > Google Chrome > Disabled by your organization or unavailable in your region row that otherwise appears even on a patched app when the feature is gated by org policy, region, or a Statsig flag.

Warning: This project is for educational and research purposes only. Patching Codex.app is unsupported, may violate OpenAI/Codex terms or platform policies, can break app functionality, and could result in loss of access, account suspension, or a ban. Use at your own risk.

Ad-hoc signing removes the official OpenAI signature. The patcher keeps local Browser/IAB gates open, but patching a copy keeps /Applications/Codex.app untouched:

./patch-codex-computer-use.mjs --copy-to ~/Applications/Codex-Computer-Use.app /Applications/Codex.app

./patch-codex-computer-use.mjs /Applications/Codex.app

Safer test pass:

./patch-codex-computer-use.mjs --dry-run /Applications/Codex.app

Restore the latest full pre-patch backup before updating:

./unpatch-codex-computer-use.mjs /Applications/Codex.app

Check what restore points are available:

./patch-codex-computer-use.mjs --list-backups /Applications/Codex.app

Useful flags:

--copy-to PATH  copy Codex.app to PATH first, then patch the copy
--unpatch       restore the app from the latest pre-patch backup
--from PATH     restore from a specific backup directory or .app bundle
--list-backups  list known backups for the app and exit
--no-backup     skip the full pre-patch app backup
--no-codesign   skip ad-hoc codesign
--allow-missing keep going if any known patch point is missing

The patcher uses semantic markers instead of hashed bundle filenames, so it should survive renamed Vite chunks and small minifier changes in newer app versions. It fails by default if any known patch point disappears, which is safer than silently making a partial patch. Re-run it after installing or copying a newer Codex.app.

By default, patching now stores a full pre-patch app snapshot at Codex.app.patch-backups/<timestamp>/Codex.app. --unpatch restores that full app bundle with ditto and verifies the code signature afterward. Older file-only backups can still be restored, but they only replace app.asar and Info.plist; they cannot recreate the original OpenAI code signature, so use a full backup or reinstall the exact Codex version when an updater requires a truly untouched app.

The patcher also updates ~/.codex/config.toml so computer-use@openai-bundled, [features].computer_use, and the Computer Use turn-ended notify hook point at a stable signed runtime under ~/.codex/computer-use.

Quit and reopen Codex after patching. Already-open renderer processes keep the old JavaScript in memory.

This is macOS Gatekeeper, not a broken patch. A re-signed app is ad-hoc signed (not notarized), so if it still carries the com.apple.quarantine attribute Gatekeeper reports it as damaged and offers to move it to the Trash. The patcher now strips that attribute automatically, but if you already patched an app before this fix (or you copied/downloaded it again afterward), clear it manually:

xattr -dr com.apple.quarantine /Applications/Codex.app

If you already clicked "Move to Trash", drag Codex.app back out of the Trash first, then run the command above. On Apple Silicon, do not use --no-codesign: it leaves the original Developer ID signature over modified files, which the kernel rejects as damaged with no way to launch.

Codex starts the Computer Use MCP server (and the turn-ended notify hook) by launching the bundled Codex Computer Use.app helper from ~/.codex. The patcher copies that helper out of the app bundle before it de-quarantines the bundle, so on a freshly downloaded app the copies in ~/.codex could keep their com.apple.quarantine attribute and Gatekeeper flags the helper as broken every time Codex opens.

The patcher now strips quarantine from every installed helper copy (the stable runtime, the plugin cache, and the runtime marketplace). To repair an install that already hit this, just re-run the patcher (a pristine backup already exists, so skip making another):

./patch-codex-computer-use.mjs --no-backup /Applications/Codex.app

That reinstalls the de-quarantined helper into ~/.codex/computer-use and ~/.codex/plugins/cache, keeping its original OpenAI Developer ID signature (which it needs for its application-groups/apple-events entitlements). If the helper was moved to the Trash, the re-run restores it. Then quit and reopen Codex.