TL;DR
- Install with
brew install openai/tap/codex-cli(macOS) or via the GitHub releases page.- Authenticate via
codex auth loginand configure your default model:codex config set model=codex-4.- Use approval modes (
--suggest,--auto-edit,--full-auto) to control code edits.- Enterprise-grade features include sandboxed execution and project-wide refactoring.
1. Installation and Authentication
Prerequisites
- OpenAI API Key: Required for authentication.
- Supported OS: macOS, Linux, or Windows (via Scoop).
- Dependencies: Python 3.9+ for plugins (GitHub README).
Install the CLI
macOS (Homebrew)
brew tap openai/tap
brew install openai/tap/codex-cli
Linux
Download the latest binary from the GitHub releases page:
curl -LO https://github.com/openai/codex/releases/latest/download/codex-cli-linux-amd64
chmod +x codex-cli-linux-amd64
sudo mv codex-cli-linux-amd64 /usr/local/bin/codex
Windows (Scoop)
scoop install codex
Authenticate with OpenAI
-
Run:
codex auth loginPaste your API key when prompted.
-
Verify:
codex auth statusExpected output:
✅ Authenticated Default Model: code-davinci-002
Configure Defaults
Set the default model (recommended: codex-4):
codex config set model=codex-4
2. Core Commands and Workflows
Generate Code
codex generate --file script.py "Write a Python script to parse CSV files and output JSON"
Explain Code
codex explain --file complex_module.py
Fix Bugs
codex fix --file buggy.py "The loop skips the last item in the list"
OpenAI Codex CLI Official Documentation
Refactor Projects
codex refactor --file legacy.py --context . "Modernize to Python 3.10 with type hints"
3. Approval Modes for Safe Edits
| Mode | Flag | Use Case |
|---|---|---|
| Suggest | --suggest | Review changes as a diff before applying. |
| Auto-Edit | --auto-edit | Apply changes automatically but require confirmation. |
| Full-Auto | --full-auto | Apply changes without confirmation (use in CI/CD with caution). |
OpenAI Codex CLI Official Documentation
Example: Suggest Mode
codex generate --file app.py --suggest "Add a FastAPI endpoint for user authentication"
Example: Full-Auto Mode
codex refactor --file utils.py --full-auto "Convert all functions to async"
Warning: Always back up your project before using
--full-auto.
4. Sandbox and Security
Sandbox Configuration
Codex CLI executes untrusted code in a sandbox. View settings:
codex sandbox info
OpenAI Codex CLI Official Documentation
Customize Rules
Edit ~/.codex/config.toml:
[sandbox]
timeout = "30s"
network = false
allowed_syscalls = ["read", "write", "open"]
Test Sandboxed Code
codex run --sandbox --file script.py "args: ['--input', 'data.json']"
OpenAI Codex CLI Official Documentation
5. Enterprise Use Cases
1. Legacy Code Modernization
codex refactor --file old_system.pl --to python "Convert Perl to Python with type hints"
2. Security Audits
codex analyze --context . "Identify hardcoded secrets and SQL injection risks"
OpenAI Codex CLI Official Documentation
3. CI/CD Integration
# In your GitHub Actions workflow:
- name: Auto-generate tests
run: codex generate --file test_*.py --context . "Write pytest tests for all modules" --full-auto
4. Documentation Generation
codex doc --file src/ "Generate Sphinx docstrings for all public functions"
6. Pricing and Limits
- Cost: Pricing details are available in the OpenAI Developer Forum.
- Rate Limits: Monitor usage via the OpenAI dashboard.
- Context Window: 10,000 tokens max per request (GitHub README).
Tip: Use
codex token-count --file large_project/to estimate costs before running tasks.
7. Troubleshooting
Common Issues
| Error | Solution |
|---|---|
Authentication failed | Run codex auth login again (GitHub Issues). |
Sandbox timeout | Increase timeout in ~/.codex/config.toml. |
Unsupported language | Check supported languages in GitHub README. |
Debugging
codex --verbose generate --file debug.py "Fix the memory leak"
Key Takeaways for Enterprise Teams
- Start Small: Use
--suggestmode to review changes before applying. - Enforce Sandboxing: Restrict syscalls and network access in
config.toml. - Monitor Costs: Track usage via the OpenAI Developer Forum.
- Integrate Gradually: Pilot with non-critical repositories first.
For teams adopting AI-driven development at scale, Hyperion <a href="/services/coaching-vs-consulting">consulting</a> designs tailored workflows to integrate tools like Codex CLI while addressing security, compliance, and cost optimization.
