Codex CLI is OpenAI’s terminal-based coding agent and alternative to Claude Code. The harness itself is really fast, as it’s built in Rust.
It runs locally, reads your repo, makes code changes, and runs shell commands (all based on how you manage approvals). This cheat sheet covers installation through some more advanced config.
Getting started
Prereqs: Node.js 18+, macOS or Linux (Windows via WSL, experimental)
Install
npm i -g @openai/codex
Auth
On first launch, auth in via ChatGPT OAuth (browser flow) or pipe in an API key:
export OPENAI_API_KEY="YOUR_API_KEY"
codex
ChatGPT authentication gives you access to the latest models. API key access has delayed access to new models but is better for CI automation.
Plans
Codex CLI doesn’t have a free tier. Most devs using it for casual/light assistance will benefit from the Plus plan. API ends up being more expensive than a subscription for normal to high use, so you might want to reserve it for CI tasks.
| Plan | Monthly | Usage (local msgs / 5 hrs) |
|---|---|---|
| Plus | $20 | 45–225 |
| Pro | $200 | 300–1500 + priority processing |
| Business | $30/user | Team workspace, SSO, MFA |
| Enterprise / Edu | Custom | Credits-based, no hard cap |
| API key | Pay-as-you-go | Token-based, no cloud features |
Basic usage
Launch and use Codex CLI from your terminal.
Interactive TUI:
codex
codex "refactor this module for clarity"
Non-interactive / scripting:
codex exec "update the changelog for this diff"
codex e "run tests and fix any failures" # short form
Resume a session:
codex resume # shows picker
codex resume --last # most recent
When you exit a Codex session, launching Codex will set you into a fresh session by default.
Models
Switch models with --model/-m or set a default in config.toml. You can change this mid-session with /model.
| Model | Use case | Access |
|---|---|---|
gpt-5.3-codex |
Flagship agentic coding model | All plans |
gpt-5.3-codex-spark |
Fast model, text-only | Pro (research preview) |
gpt-5.1-codex-max |
Previous gen advanced option | All plans |
Codex also supports any model with a Chat Completions or Responses API endpoint.
Configuration
The main config file lives at ~/.codex/config.toml. Flags and -c key=value overrides take priority over context/config files.
Example ~/.codex/config.toml:
model = "gpt-5.3-codex"
model_reasoning_effort = "high"
approval_policy = "on-request"
sandbox_mode = "workspace-write"
web_search = "cached"
[features]
multi_agent = true
shell_tool = true
Basic config fields
| Field | Values | Default |
|---|---|---|
model |
any model string | — |
model_reasoning_effort |
minimal low medium high xhigh |
— |
approval_policy |
untrusted on-request never reject |
untrusted |
sandbox_mode |
read-only workspace-write danger-full-access |
read-only |
web_search |
disabled cached live |
cached |
project_doc_fallback_filenames |
list of filenames | ["AGENTS.md"] |
project_doc_max_bytes |
integer | 32768 (32 KiB) |
Named profiles let you switch between configs per-project or per-task:
[profiles.ci]
approval_policy = "never"
sandbox_mode = "workspace-write"
[profiles.paranoid]
approval_policy = "untrusted"
sandbox_mode = "read-only"
Load with codex --profile ci.
Project trust:
[projects."/home/user/work/my-repo"]
trust_level = "trusted"
Admin enforcement (requirements.toml) lets ops teams constrain approval policy, sandbox mode, and MCP server allowlists across an org.
See the full config reference and advanced config docs.
AGENTS.md
AGENTS.md is Codex’s equivalent of CLAUDE.md, which is a set of project instructions loaded before any task. Files are prioritized in this order:
~/.codex/AGENTS.override.md~/.codex/AGENTS.md- Git root → current directory:
AGENTS.override.md, thenAGENTS.md, then fallback filenames
Files closer to the working directory take priority. When adding/editing, you might exceed the context cap, which is defined by project_doc_max_bytes (32 KiB default).
Generate a scaffold:
> /init
Example ~/.codex/AGENTS.md:
## Working agreements
- Always run `pnpm test` after modifying source files
- Prefer `pnpm` when installing dependencies
- Follow the ESLint config; do not disable rules inline
Example project-level AGENTS.md:
## Architecture
- Frontend: Next.js + TypeScript
- API: FastAPI (Python 3.12)
- DB: PostgreSQL via SQLAlchemy
## Conventions
- Use snake_case for Python, camelCase for TypeScript
- New endpoints need a corresponding integration test
Subsystem override (services/payments/AGENTS.override.md) overrides broader rules for that directory, which you might use for stricter rules.
You can also use TEAM_GUIDE.md or .agents.md as fallbacks by setting project_doc_fallback_filenames in config.toml.
See OpenAI’s AGENTS.md guide.
CLI flags
Use these flags outside a Codex CLI session to change its config.
Global flags
These flags apply to all subcommands.
| Flag | Description | Example |
|---|---|---|
--model/-m |
Override configured model | codex -m gpt-5.3-codex-spark |
--sandbox/-s |
Filesystem/shell policy | codex -s workspace-write |
--ask-for-approval/-a |
Approval timing | codex -a on-request |
--image/-i |
Attach image files | codex -i screenshot.png "fix this layout" |
--search |
Enable live web search | codex --search "check latest API for..." |
--profile/-p |
Load named config profile | codex -p ci |
--config/-c |
Inline key=value override (repeatable) | codex -c model=gpt-5.1-codex-max |
--full-auto |
on-request approvals + workspace-write sandbox |
codex --full-auto "refactor auth module" |
--cd/-C |
Set working directory | codex -C ./packages/api |
Codex exec flags
Add these flags to the codex exec command.
| Flag | Description |
|---|---|
--json |
Output newline-delimited JSON events (CI-friendly) |
--output-last-message/-o |
Write agent’s final message to file |
--ephemeral |
Don’t persist this session to disk |
--skip-git-repo-check |
Allow running outside git repos |
Resume from exec:
codex exec resume --last # resume most recent
codex exec resume SESSION_ID # resume by ID
Codex feature flags
You can manage optional feature flags (from codex features) persistently in config.toml:
codex features list
codex features enable multi_agent
codex features disable apply_patch_freeform
Interactive slash commands
Type / during a Codex session to access these.
Session
| Command | Description |
|---|---|
/new |
Start a fresh conversation |
/resume |
Reload a previous conversation |
/fork |
Clone current conversation into a new thread |
/compact |
Summarize conversation to free context tokens |
/status |
Show current model, policy, writable roots, token usage |
/quit / /exit |
Leave the CLI |
Config
| Command | Description |
|---|---|
/model |
Switch model |
/permissions |
Adjust approval mode (Auto, Read Only, etc.) |
/personality |
Change communication style (friendly, pragmatic, none) |
/plan |
Enter plan mode to review proposed steps before execution |
/experimental |
Toggle optional features (e.g., multi-agents) |
/debug-config |
Print config layer diagnostics |
/statusline |
Customize footer status items |
Dev tools
| Command | Description |
|---|---|
/diff |
Show Git changes including untracked files |
/review |
Request a working-tree analysis |
/mention |
Attach specific files to the conversation |
/init |
Generate an AGENTS.md scaffold |
/mcp |
List configured MCP tools |
/apps |
Browse available connectors |
Other
| Command | Description |
|---|---|
/feedback |
Submit logs to maintainers |
/logout |
Sign out |
Approval modes + sandbox
These modes are important for managing permissions, including Codex’s access to your filesystem. LLMs can hallucinate and delete files, install vulnerable packages, edit system files, etc. so make sure you review all agent actions. You can take more risks in sandboxes.
Approval policy
Sets when Codex pauses before executing:
| Mode | Behavior |
|---|---|
untrusted |
Prompt for every action |
on-request |
Prompt for risky operations |
never |
No prompts; runs fully autonomously (like Claude’s --dangerously-skip-permissions mode) |
reject |
Auto-reject specific prompt categories |
Sandbox mode
Sets filesystem and shell access:
| Mode | Access |
|---|---|
read-only |
Can read files; no writes or shell exec |
workspace-write |
Read/write within working directory |
danger-full-access |
Unrestricted; use in isolated envs only |
Combine --add-dir to grant access to specific directories instead of reaching for danger-full-access.
MCP integration
Extend Codex with Model Context Protocol servers. Configure them in config.toml:
[mcp_servers.my-db]
command = "/usr/local/bin/my-mcp-server"
env = { DB_URL = "postgres://..." }
timeout_secs = 30
List connected tools in-session with /mcp. Browse available connectors with /apps.
Here are some useful MCP servers that can make Codex more capable.
Scripting + CI
The exec subcommand runs Codex non-interactively (without the TUI or prompts, so final output will be stdout).
Pipe into a script:
codex exec "update CHANGELOG.md based on git log since last tag"
JSON output for CI parsing:
codex exec --json "run tests, summarize test failures" | jq '.message'
Save final response to file:
codex exec -o summary.md "generate a release summary for this diff"
In GitHub Actions:
- name: Auto-fix lint errors
run: codex exec --full-auto "fix any ESLint errors, don't change logic"
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
Sample workflows
Here are a few simple, common tasks that you can use Codex to tackle.
Code review
> /review
# or target a specific commit:
> review the changes in the last commit against main
Debug from a screenshot
codex -i error-screenshot.png "this UI is broken, investigate and fix it"
Refactor with guardrails
codex --full-auto -s workspace-write "migrate all fetch() calls to use the apiClient wrapper"
Feature from a design spec
codex -i figma-export.png "implement this component in React matching the design exactly"
Changelog automation
codex exec "write a CHANGELOG entry for the commits since v2.4.0 and append it to CHANGELOG.md"
Resources
Need real environments to test and preview the features you write with Codex CLI? Try Shipyard free for 30 days.
