OpenAI Codex CLI: A Practical Guide for Enterprise Developers

TL;DR

Install with brew install openai/tap/codex-cli (macOS) or via the GitHub releases page.

Authenticate via codex auth login and configure your default model: codex config set model=codex-4.

Use approval modes (--suggest, --auto-edit, --full-auto) to control code edits.

Enterprise-grade features include sandboxed execution and project-wide refactoring.

1. Installation and Authentication

Prerequisites

OpenAI API Key: Required for authentication.
Supported OS: macOS, Linux, or Windows (via Scoop).
Dependencies: Python 3.9+ for plugins (GitHub README).

Install the CLI

macOS (Homebrew)

brew tap openai/tap
brew install openai/tap/codex-cli

Linux

Download the latest binary from the GitHub releases page:

curl -LO https://github.com/openai/codex/releases/latest/download/codex-cli-linux-amd64
chmod +x codex-cli-linux-amd64
sudo mv codex-cli-linux-amd64 /usr/local/bin/codex

Windows (Scoop)

scoop install codex

Scoop

Authenticate with OpenAI

Run:
```
codex auth login
```
Paste your API key when prompted.

Verify:

codex auth status

Expected output:

✅ Authenticated
Default Model: code-davinci-002

Configure Defaults

Set the default model (recommended: codex-4):

codex config set model=codex-4

Official Installation Guide

2. Core Commands and Workflows

Generate Code

codex generate --file script.py "Write a Python script to parse CSV files and output JSON"

GitHub README

Explain Code

codex explain --file complex_module.py

GitHub README

Fix Bugs

codex fix --file buggy.py "The loop skips the last item in the list"

OpenAI Codex CLI Official Documentation

Refactor Projects

codex refactor --file legacy.py --context . "Modernize to Python 3.10 with type hints"

GitHub README

3. Approval Modes for Safe Edits

Mode	Flag	Use Case
Suggest	`--suggest`	Review changes as a diff before applying.
Auto-Edit	`--auto-edit`	Apply changes automatically but require confirmation.
Full-Auto	`--full-auto`	Apply changes without confirmation (use in CI/CD with caution).

OpenAI Codex CLI Official Documentation

Example: Suggest Mode

codex generate --file app.py --suggest "Add a FastAPI endpoint for user authentication"

Example: Full-Auto Mode

codex refactor --file utils.py --full-auto "Convert all functions to async"

Warning: Always back up your project before using --full-auto.

4. Sandbox and Security

Sandbox Configuration

Codex CLI executes untrusted code in a sandbox. View settings:

codex sandbox info

OpenAI Codex CLI Official Documentation

Customize Rules

Edit ~/.codex/config.toml:

[sandbox]
timeout = "30s"
network = false
allowed_syscalls = ["read", "write", "open"]

GitHub README

Test Sandboxed Code

codex run --sandbox --file script.py "args: ['--input', 'data.json']"

OpenAI Codex CLI Official Documentation

5. Enterprise Use Cases

1. Legacy Code Modernization

codex refactor --file old_system.pl --to python "Convert Perl to Python with type hints"

2. Security Audits

codex analyze --context . "Identify hardcoded secrets and SQL injection risks"

OpenAI Codex CLI Official Documentation

3. CI/CD Integration

# In your GitHub Actions workflow:
- name: Auto-generate tests
  run: codex generate --file test_*.py --context . "Write pytest tests for all modules" --full-auto

4. Documentation Generation

codex doc --file src/ "Generate Sphinx docstrings for all public functions"

6. Pricing and Limits

Cost: Pricing details are available in the OpenAI Developer Forum.
Rate Limits: Monitor usage via the OpenAI dashboard.
Context Window: 10,000 tokens max per request (GitHub README).

Tip: Use codex token-count --file large_project/ to estimate costs before running tasks.

7. Troubleshooting

Common Issues

Error	Solution
`Authentication failed`	Run `codex auth login` again (GitHub Issues).
`Sandbox timeout`	Increase `timeout` in `~/.codex/config.toml`.
`Unsupported language`	Check supported languages in GitHub README.

Debugging

codex --verbose generate --file debug.py "Fix the memory leak"

OpenAI Developer Forum

Key Takeaways for Enterprise Teams

Start Small: Use --suggest mode to review changes before applying.
Enforce Sandboxing: Restrict syscalls and network access in config.toml.
Monitor Costs: Track usage via the OpenAI Developer Forum.
Integrate Gradually: Pilot with non-critical repositories first.

For teams adopting AI-driven development at scale, Hyperion Consulting designs tailored workflows to integrate tools like Codex CLI while addressing security, compliance, and cost optimization.

AI Disclosure: This article was created with AI assistance and reviewed by Mohammed Cherifi. AI tools were used in research, drafting, and editing.

Sources

Share:

Mohammed Cherifi

Founder & Principal Consultant

Weekly AI Insights

The 30% Report

70% of AI pilots never reach production. Get the playbook for the 30% that does.

Unsubscribe anytime. No spam, ever.

Want to Discuss These Ideas?

Book a free consultation call to explore how these concepts apply to your specific situation.

OpenAI Codex CLI: A Practical Guide for Enterprise Developers

1. Installation and Authentication

Prerequisites

Install the CLI

macOS (Homebrew)

Linux

Windows (Scoop)

Authenticate with OpenAI

Configure Defaults

2. Core Commands and Workflows

Generate Code

Explain Code

Fix Bugs

Refactor Projects

3. Approval Modes for Safe Edits

Example: Suggest Mode

Example: Full-Auto Mode

4. Sandbox and Security

Sandbox Configuration

Customize Rules

Test Sandboxed Code

5. Enterprise Use Cases

1. Legacy Code Modernization

2. Security Audits

3. CI/CD Integration

4. Documentation Generation

6. Pricing and Limits

7. Troubleshooting

Common Issues

Debugging

Key Takeaways for Enterprise Teams

Sources

The 30% Report

Related Articles

Want to Discuss These Ideas?

Claude Code Tool Guide: Enterprise Setup and Practical Workflows

Claude Code Guide 2026: EU Data Residency for Enterprises