Codex CLI
Type: full-code · Vendor: OpenAI · Language: Rust, TypeScript · License: Apache-2.0 · Status: active · Status in practice: mature · First released: 2025-04-13
OpenAI's first-party terminal coding agent: a lightweight Rust CLI that runs models from OpenAI inside a sandbox with a configurable approval policy, AGENTS.md project memory, MCP, and an apply_patch primitive for safe diff application.
Description. Codex CLI is the terminal version of OpenAI's Codex agent. It runs locally, signs in via ChatGPT subscription or API key, and operates inside a layered sandbox where the user picks both a sandbox mode (read-only / workspace-write / danger-full-access) and an approval policy (untrusted / on-request / never). The agent reads AGENTS.md files for project conventions, calls MCP servers in both the CLI and IDE extension, and applies edits via the apply_patch tool. A /plan slash command proposes an execution plan before implementation, and /resume continues prior sessions.
Agent loop shape. ReAct-style tool-use loop running entirely inside a sandbox. Each turn: model proposes an action; the sandbox+approval policy decides whether to execute, ask, or refuse; the action runs; output goes back to the model; repeat. AGENTS.md files are read at startup to assemble a layered instruction chain. apply_patch is the diff-editing primitive; /plan switches into a planning mode; /resume picks up a saved conversation.
Primary use cases
- terminal-native coding agent with sandboxed execution
- approval-gated automation across sandbox modes
- MCP-tool integration in the CLI and IDE extension
- shared AGENTS.md project conventions across editors
- plan-then-execute and session resume workflows
Key concepts
- Sandbox modes → sandbox-isolation (docs) — read-only / workspace-write / danger-full-access selectors gate filesystem and network reach.
- Approval policies → approval-queue (docs) — untrusted / on-request / never decide when the user is asked.
- AGENTS.md → cross-session-memory — Layered project instructions read at startup.
- MCP → mcp (docs) — First-class MCP client; shared config between CLI and IDE.
- apply_patch → code-as-action (docs) — Structured-diff tool for create/update/delete file operations.
- Slash commands — /permissions, /mcp, /plan, /resume in the TUI.
Patterns this full-code implements —
- ★Agent-Computer Interface
Terminal-native ACI.
- ★★Agent Resumption
/resume continues prior CLI sessions.
- ★★Approval Queue
Three approval policies — untrusted / on-request / never — switchable mid-session via /permissions.
- ★Code-as-Action Agent
apply_patch is the diff-application primitive; model emits structured create/update/delete operations.
- ★★Code Execution
workspace-write mode lets Codex edit files and run local commands inside the sandbox boundary.
- ★★Model Context Protocol
First-class MCP client across CLI and IDE extension.
- ★★Plan-and-Execute
/plan switches into a planning mode that proposes execution plans before implementation.
- ★★Sandbox Isolation
Three sandbox modes form an explicit isolation matrix.
- ★★Cross-Session Memory
AGENTS.md project conventions are read at startup and concatenated into a layered instruction chain.
- ★★Tool Use
Native tools (Bash, apply_patch, file edit) + MCP-server-backed tools.
- ★Computer Use
Computer Use is documented on the Codex Desktop app surface (macOS), not the CLI itself: GUI control via screenshots, browser, app interaction. CLI surface is file+shell only.
Neighbourhood
Click any neighbour to follow the lineage. Scroll to zoom, drag to pan.
Instantiates
Alternatives & relatives
Listed as alternative by (7)
References
Provenance
- Last analyzed:
- Last updated:
- Verification status: verified