OpenAI's openai/codex repository houses Codex CLI, a lightweight, open source coding agent that runs locally in your terminal. It aims to help developers refactor, test, generate, and explain code with safe guardrails, while integrating cleanly into existing projects and CI pipelines. The project stands at the intersection of modern agentic tooling and practical software engineering workflows.
The problem and the direction of travel
Modern software work blends thinking, reading, scripting, glue code, and repetitive chores. Teams want help that is both powerful and predictable: an agent that can read code, propose changes, run commands, and show diffs, without unexpectedly pushing commits or exfiltrating secrets.
Codex CLI addresses this by pairing capable models with explicit, OS-level sandboxing and an approvals model. On Windows, it targets WSL2; on Linux and macOS it uses native mechanisms to constrain behavior as it executes model-suggested commands. In short, it is designed to be useful in real repos without demanding that you surrender control.
How the repository turns that into a solution
The README.md lays out two modes. In the interactive TUI, you launch codex in a folder and converse; the assistant proposes commands and file edits, and you approve or deny. In non-interactive mode (codex exec), it runs a single instruction end-to-end, which is ideal for CI.
The sandbox defaults to read-only and can be elevated to workspace-write or, in controlled environments, full access. Configuration lives in TOML, with profiles for quick switching between behaviors and providers. Memory is provided by project-level guidance in AGENTS.md, which Codex merges from global to repo to subfolder scopes.
npm install -g @openai/codex
# or: brew install codex
# Interactive usage
a) codex
b) codex "explain this codebase to me"
# Non-interactive (automation)
c) codex exec "write unit tests for utils/date.ts" Under the hood: Rust, sandboxing, and a clean config surface
The core implementation lives in codex-rs (Rust), with packaging and examples in codex-cli and docs in docs/. Rust gives the CLI performance, a strong type system, and straightforward integration with system APIs. The sandbox uses Apple Seatbelt on macOS and Landlock/seccomp on Linux.
That means commands can read broadly but cannot write or access the network unless your policy allows it. On macOS, Git metadata under .git/ remains read-only even when workspace writes are enabled, so git commit requires explicit approval or a policy change. If you are curious, Apple's Seatbelt is documented for sandbox-exec (see Apple, 2012), and Landlock is covered in the Linux kernel docs (Linux Kernel, 2022).
Configuration is clear and composable. The config.md file covers the full surface, from model providers to the approvals policy to environment filtering. Profiles let you toggle model and sandbox settings together; MCP servers can be defined to add tools via the Model Context Protocol. For logging, Codex honors RUST_LOG so you can dial verbosity up or down (Env Logger, 2024). There is also a DotSlash file in releases to lock an exact binary across platforms (DotSlash, 2023).
# ~/.codex/config.toml
# Choose a default model and approval policy
model = "o4-mini"
approval_policy = "on-request" # ask when the agent wants to escalate
# Sandbox policy
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
network_access = false # opt-in if you need outbound requests
# Provider overrides and an OSS model profile (e.g., with Ollama)
[model_providers.ollama]
name = "Ollama"
base_url = "http://localhost:11434/v1"
[profiles.local_oss]
model_provider = "ollama"
model = "mistral" What it can do today
Codex CLI focuses on first-mile and everyday tasks: refactors, test generation, quick scripts, reviews, and explanations. From the examples in the README, it can refactor React components, scaffold SQL migrations, write unit tests and iterate until they pass, bulk-rename assets safely with Git, interpret tricky regexes, propose crisp PRs after scanning a repo, and draft security review notes.
You can run it as an interactive partner or in headless mode for repeatable chores. Because it stores guidance in AGENTS.md, teams can encode norms and context that travel with the codebase. And if you prefer open source models, the --oss path points to an OpenAI-compatible host like Ollama with a single flag. The docs also note support for zero data retention organizations via disable_response_storage in config (OpenAI Docs, 2025).
Everyday power moves: refactor, migrate, test, review, and explain code across languages and frameworks, with safe defaults you can tighten or relax.
Use it responsibly, and in the right places
Codex CLI is intentionally conservative. Out of the box it runs with tight guardrails, asks for permission before risky actions, and can be restricted to read-only mode. That makes it a fit for version-controlled folders and team repos, where you can let it write files locally but require approval for Git operations or network access. In CI, codex exec provides a headless path for well-scoped tasks.
On Windows, the team recommends WSL2 rather than native execution. If you need to plug in different model providers, the configuration supports Responses and Chat Completions wire APIs and per-provider retry and timeout tuning.
Community, contribution, and releases
The repository is very active, with issues, discussions, and regular releases. Contribution guidance lives in the Contributing section of the README, which sets a high bar: start with an issue, add or update tests, document behavior, and keep commits atomic. There is a lightweight CLA via a comment on your PR.
The project follows standard Rust hygiene with cargo fmt, clippy, and tests before review. If you are curious about packaging, the release workflow is documented in GitHub Actions and described in the README. To learn how the agent reads long-lived team guidance, check the top-level AGENTS.md.
License and usage terms
Codex CLI is released under the Apache-2.0 License. In plain terms, you can use, modify, and redistribute the software, including in commercial settings, provided you include a copy of the license and preserve notices.
The license also grants a patent license from contributors and disclaims warranties. If you ship derivatives, make sure modified files carry notices and include any required attributions from the NOTICE file. This is a permissive license that suits enterprise use and open collaboration.
About OpenAI
OpenAI is an AI research and deployment company focused on building safe and broadly beneficial AGI. The organization develops frontier models and products like ChatGPT and supports developers through an API platform. You can learn more at openai.com/about.
Historically, OpenAI also introduced a Codex model in 2021 that translated natural language to code; that specific model was later deprecated in 2023 in favor of more capable families (OpenAI, 2021).
Impact and what comes next
Agentic coding is moving from demos to day-to-day work. Codex CLI's choices are pragmatic: default to safety, put approvals and sandboxing under your control, and integrate with the tools you already use. The MCP bridge opens a path to richer tool use. OSS model support lowers barriers to experimentation.
Combined with profiles, CI mode, and structured logs, this feels like a foundation teams can adopt incrementally. Expect tighter IDE links, deeper test orchestration, and more prescriptive policies over time. For an overview of coding with modern models, see OpenAI's developer guides (OpenAI Docs, 2025).
Closing thoughts
If you want an agent that respects your repo and your judgment, Codex CLI is worth a look. Start in a test branch, keep the sandbox conservative, and let the approvals flow shape how you use it. The code is approachable, contributions are welcome, and the license is permissive. Explore the repo, skim the README, and try a small chore that you are tired of doing by hand. It might surprise you how quickly the agent becomes a teammate.
Explore the repository on GitHub: https://github.com/openai/codex
Codex CLI: OpenAI's local coding agent, open-sourced