Codex CLI

Codex CLI is OpenAI's answer to the agentic coding assistant question — and the answer is fast. Like, noticeably faster than the competition. It's a terminal-based coding agent powered by OpenAI's latest models that takes natural language instructions and turns them into actual code changes in your repo. No GUI needed, no VS Code extension, just your terminal and an API key.

The core model is suggest-then-apply. By default, Codex shows you what it wants to change and waits for your approval. This is actually smart for a default — you see the diff, you approve or reject, you stay in control. But once you trust it, switch to full-auto mode with --full-auto and it just goes. Writes code, runs tests, fixes errors, commits. The whole loop.

The .codex/instructions.md file is where you make it smart about your project. This is your chance to tell it about your stack, your conventions, your testing setup, your deployment process. Codex reads this before every task, so it's not just guessing about how your project works — it actually knows. Think of it as the onboarding doc you wish every new hire would actually read.

Where Codex really shines is batch operations. Need to update 50 API endpoints to use a new auth pattern? Add error handling to every controller? Migrate a config format across an entire codebase? Codex handles the "do this repetitive thing 100 times" class of problems better than almost anything else. It's methodical, it doesn't get bored, and it doesn't miss edge cases on file 47 because it's tired.

Setup is clean: set your OPENAI_API_KEY, install with npm, run codex in your project directory. That's it. No config files to create, no workspace setup, no onboarding wizard. First run takes maybe 30 seconds from install to writing code. The simplicity is actually a feature — less ceremony means more actual work getting done.

The sandbox execution is a nice safety feature. Codex can run commands in a sandboxed environment so it can test its changes without touching your actual system. This means it can run your test suite, check build output, and validate its work without risk. For anything beyond trivial changes, this is the mode you want — it catches problems before they become your problems.

Model selection matters here. Codex supports OpenAI's full model lineup. Use the fast models for quick fixes and small tasks. Use the reasoning models for complex architecture decisions and debugging gnarly bugs. The difference in output quality between models is significant — don't cheap out on the hard problems.

The session history is stored locally in ~/.codex/sessions/. Every conversation, every change, every decision — it's all there. You can resume sessions, review what happened, and trace back why a particular change was made. This is way better than the "black box" approach where you just get a PR and have no idea what the AI was thinking.

Integration with OpenAI's ecosystem is tight. If you're already using OpenAI for other things — embeddings, fine-tuned models, batch processing — Codex fits naturally into that stack. The API key you're already using probably works. No new accounts, no new billing setups, no new vendor relationships.

Who's it for? Engineers who want speed and prefer OpenAI's models. Teams already in the OpenAI ecosystem who want an agentic tool that works with their existing setup. People doing bulk operations across large codebases. If you want the fastest path from "I need this changed" to "it's changed, tested, and committed" — Codex CLI is that path.

Release 0.126.0-alpha.17

View on GitHub ↗

.codex/instructions.md is your foundation

Write it once. Codex reads it every run. Put your stack, conventions, testing patterns, and rules here. It's the difference between a tool that guesses and one that knows your codebase.

exec for one-shot CI runs

Non-interactive mode. Perfect for automation, CI pipelines, and scripted tasks.

codex exec "run tests and fix any failing ones"

Approval mode determines autonomy

Three modes: suggest (show changes, ask), auto (apply without asking), full-auto (run commands too).

codex "task" --approval-mode auto

Commit before big tasks

Codex reads your git history as part of its context. A clean commit before a big task also gives you a clear rollback point.

Feed it the whole repo

Don't point Codex at one file. It builds a mental model of your whole codebase and makes better decisions when it has full context.

--quiet for clean script output

Suppresses the "thinking" output for cleaner integration into shell pipelines and CI logs.

codex --quiet exec "task"

🤖

Built-in sub-agent support

For large tasks, Codex can spawn parallel worker agents automatically. It handles the orchestration — you don't need to break the task up manually. Just describe the full scope and it figures out the parallelism.

🔗

Give it a URL — it fetches and reads

You can reference a URL in your task description and Codex will fetch and read it as context. Useful for "implement this API according to the spec at https://..."

🔄

Swap models with --model

Use a different model for different tasks without changing config. Fast model for exploration, smarter model for production code.

codex --model gpt-4o-mini "quick refactor of this function"

☠️

No instructions.md

Codex guesses your stack and conventions from scratch every run. Everything is slower and less accurate without it.

Create .codex/instructions.md before your first real task.

☠️

Using full-auto on unfamiliar code

full-auto runs shell commands without confirmation. In code you don't know well, this can delete files or run destructive migrations.

Use suggest on code you don't own. full-auto only for trusted, well-tested repos.

☠️

Skipping git commit before big tasks

If you don't like Codex's output, you need a clean commit to roll back to. Working with a dirty git state gives you no safety net.

git add -A && git commit -m "checkpoint" before every big Codex task.

CLI Flags

--full-auto Convenience alias for `--sandbox workspace-write --ask-for-approval on-request`. Best default for hands-off local edits inside the repo.

--dangerously-bypass-approvals-and-sandbox Disables both sandboxing and approval prompts. Highest-risk mode.

--sandbox Sets sandbox mode: `read-only`, `workspace-write`, or `danger-full-access`.

--ask-for-approval Controls when Codex asks before executing commands: `untrusted`, `on-request`, or `never` (plus deprecated `on-failure`).

--cd Sets the working root without manually changing directories.

--add-dir Adds extra writable roots alongside the primary workspace.

--skip-git-repo-check Allows `codex exec` to run outside a Git repository.

--json Streams newline-delimited JSON events instead of human-formatted output in `exec` mode.

--output-last-message Writes the final assistant message to a file in `exec` mode.

--output-schema Constrains the final response shape using a JSON Schema file.

--ephemeral Runs without persisting session files to disk.

--model Selects the model for the run or session.

--profile Loads a named config profile from `config.toml`.

--search Enables live web search instead of cached web results.

--image Attaches one or more images to the initial prompt.

--config One-off override for any config key; values are parsed as TOML.

Daily Workflows

Quick one-shot fix codex exec --full-auto "fix the failing test, run the narrowest relevant test, and summarize what changed"

Interactive debugging in a real repo codex "investigate why login sometimes fails after refresh; explain root cause before editing"

Plan first, then implement codex "propose a step-by-step plan to add rate limiting to the API; do not edit yet"

Resume yesterday's thread codex resume --last

Continue a past non-interactive run codex exec resume --last "implement the fix you proposed and run focused validation"

Review your local diff before commit codex exec review "review the current changes for correctness, regressions, and missing tests"

Patch across multiple directories safely codex --cd apps/frontend --add-dir ../backend --add-dir ../shared "implement the API + UI change end to end"

Headless/remote login setup codex login --device-auth

Machine-readable CI run codex exec --json -o /tmp/codex-last.txt "summarize the CI failure and propose the smallest fix"

Launch a Codex Cloud task from the terminal codex cloud exec --env ENV_ID "implement the feature described in the issue" codex cloud exec --env ENV_ID --attempts 3 "fix the bug with three candidate solutions"

⚡ Power Moves

Parallel worktree army git worktree add ../repo-bug-1 -b bug-1 && git worktree add ../repo-bug-2 -b bug-2 && (cd ../repo-bug-1 && codex exec --full-auto "fix bug A and run focused tests") & (cd ../repo-bug-2 && codex exec --full-auto "fix bug B and run focused tests") & wait

Plan → implement → review loop codex "plan the migration" # then /review after changes

Scoped autonomy instead of YOLO codex --cd services/api --add-dir ../shared "update the contract and consumers"

Codify your workflow in AGENTS.md codex # in a repo with AGENTS.md describing conventions and validation commands

Use `/compact` before the thread gets dumb /compact

JSON schema output for structured pipelines codex exec --output-schema ./result.schema.json "analyze the repo and return structured risks"

Multi-agent for bounded parallel work codex # ask: 'Spawn one agent per review point, wait for all, summarize' # Custom agent: .codex/agents/reviewer.toml with name/description/developer_instructions

Device auth + copied auth cache for remote boxes codex login --device-auth

Codex CLI

Power Tips

Quick Wins

Hidden Features

Common Mistakes

Command Reference