OpenAI Codex CLI
Last reviewed
May 16, 2026
Sources
37 citations
Review status
Source-backed
Revision
v1 ยท 3,715 words
Improve this article
Add missing citations, update stale details, or suggest a clearer explanation.
Suggest edit
CtrlK
Last reviewed
May 16, 2026
Sources
37 citations
Review status
Source-backed
Revision
v1 ยท 3,715 words
Add missing citations, update stale details, or suggest a clearer explanation.
OpenAI Codex CLI is an open-source, terminal-based coding agent developed by OpenAI and released on April 16, 2025.[1][2] The tool runs locally on a developer's machine and lets OpenAI's reasoning models read, modify, and execute code inside a chosen project directory, with the agent's actions constrained by operating-system level sandboxing and a configurable approval policy.[3][4] Although the project shipped initially as a TypeScript and Node.js application, OpenAI began a full rewrite to Rust in mid-2025; by April 2026 roughly 95% of the codebase was Rust, with Node only retained for the npm install wrapper.[5][6]
Codex CLI is distinct from the original 2021 Codex model, a GPT-3 derivative that powered the first version of GitHub Copilot, and from Codex Cloud, the hosted multi-agent service that OpenAI launched a month later at chatgpt.com/codex.[7][8] The CLI is the local component of OpenAI's broader Codex product family and is licensed under Apache 2.0.[9] By April 2026 OpenAI reported that the wider Codex product, of which the CLI is the most heavily used surface, had reached roughly 3 million weekly active users; that figure rose to about 4 million two weeks later.[10][11]
The Codex name has a layered history at OpenAI. The original Codex was a code-specialised version of GPT-3 introduced in July 2021. It powered the first generation of GitHub Copilot and was retired as a standalone API in March 2023, with its capabilities absorbed into later general-purpose models.[7] The brand sat dormant for two years before OpenAI reused it in April 2025 for an agentic coding push that now spans three related products: Codex CLI (this article), Codex Cloud at chatgpt.com/codex, and the IDE extension that ships for Cursor, VS Code, and Windsurf.[3][8]
The CLI was the first of these to ship. OpenAI announced it on April 16, 2025, alongside the launches of the o3 and o4-mini reasoning models and GPT-4.1.[1][2] The framing at launch was modest. OpenAI described Codex CLI as "a small step" toward what the company called the "agentic software engineer," a longer-term ambition of building systems that could take a high-level brief and ship working software with minimal supervision.[2] Alongside the release, OpenAI set aside a $1 million Codex Open Source Fund offering API credits to qualifying open-source projects, distributed in $25,000 blocks.[12]
A month later, on May 16, 2025, OpenAI shipped the second Codex product: Codex Cloud, a hosted version of the agent that runs each task in a remote container with a copy of the user's repository.[8] The cloud product was powered at launch by codex-1, a variant of o3 fine-tuned on real pull requests, and was made available inside ChatGPT for Pro, Team, and Enterprise plans.[8] The CLI and the cloud product are complementary rather than duplicative. Codex CLI is for interactive, local work where the developer wants to watch each step; Codex Cloud is for delegated tasks that the developer wants to launch and walk away from. The CLI can drive both, since codex cloud triages and applies cloud results without leaving the terminal.[13]
The TypeScript origin of the CLI was a velocity decision rather than a long-term commitment. In June 2025 OpenAI opened a discussion thread on GitHub announcing that Codex CLI was "going native" with a Rust rewrite, citing Node.js as a hard installation dependency, garbage collection pauses inside a long-running agent process, and a desire for tighter integration with platform-native sandbox APIs as the main reasons.[5][6] By the time the GPT-5 family of models began shipping in late 2025, the Rust crate (codex-rs) had reached effective parity, and the TypeScript implementation was scheduled for retirement.[6]
Codex CLI is laid out as a Cargo workspace of specialised Rust crates. A core/ crate holds the agent loop and tool dispatch, a tui/ crate built on Ratatui handles the interactive terminal interface, an exec/ crate provides non-interactive execution for scripts and CI, and a cli/ crate is the multitool entry point that ties the others together.[14] The project also exposes an experimental MCP server (codex mcp-server) and an MCP client mode so that other agentic frameworks can either drive Codex or expose external tools to it.[14]
On the model side, Codex CLI talks to OpenAI's hosted inference endpoints via either the Chat Completions API or the newer Responses API, with the Responses API recommended for agentic workflows.[15] The CLI itself does not run a local LLM; the bet, as one analyst put it, is on frontier cloud models rather than local inference.[16] The Rust binary is therefore mostly orchestration: managing the conversation, dispatching tool calls, enforcing the sandbox, formatting diffs, and persisting session state on disk so a developer can resume an earlier thread with codex resume.[17]
The sandbox is a defining feature of the design. Codex CLI uses platform-native enforcement rather than its own implementation: Apple's Seatbelt framework on macOS, bubblewrap user-namespace isolation on Linux and WSL2 (with a bundled fallback helper that needs unprivileged user namespaces), and the native Windows sandbox when running in PowerShell.[18] Three sandbox policies are exposed:
| Sandbox mode | What the agent can do | Typical use |
|---|---|---|
read-only | Inspect files only; every edit or command requires approval | First runs in unfamiliar repos, audit reviews |
workspace-write | Read and edit files inside the project directory and run routine local commands; reaching outside the workspace or making network calls requires approval | Default low-friction local development |
danger-full-access | No filesystem or network restrictions | Containerised or disposable environments where the agent is expected to run anything |
Sandbox modes pair with a separate approval policy that controls when the agent must stop and ask before doing something it is technically allowed to do.[4] The approval modes are untrusted (auto-approve known-safe reads, ask for everything else, including destructive Git operations), on-request (ask whenever the agent would escalate beyond its sandbox), and never (skip prompts entirely while still respecting the sandbox boundary). An older on-failure mode remains in the configuration reference but is deprecated in favour of on-request for interactive sessions and never for non-interactive runs.[4]
The two layers are intentionally orthogonal. Sandbox mode says what the agent can do; approval policy says when the agent must pause and ask. Running with --sandbox read-only --ask-for-approval never produces a hard technical limit that no approval prompt can override; running with --sandbox workspace-write --ask-for-approval on-request produces a softer setup where the agent is technically capable of more but routes the decision through the developer.[4]
Configuration lives in a TOML file (config.toml) inside the user's Codex directory, plus environment variables for things like custom CA certificates (SSL_CERT_FILE) so the tool works behind corporate TLS-inspecting proxies.[19] Authentication is offered in two paths. The first run prompts for either a ChatGPT account sign-in via an OAuth flow in the browser, or an OpenAI API key.[3] ChatGPT-based sign-in is the more common path for individual developers because it bundles model usage into an existing Plus, Pro, Business, Edu, or Enterprise subscription rather than billing per token; an enterprise-friendly device-code sign-in was added in version 0.116.0 for environments where opening a browser is impractical.[20]
The Rust workspace is published as the @openai/codex npm package on the JavaScript side (the npm release is a thin wrapper that downloads the right platform binary) and as Homebrew formula codex on macOS. Direct binary downloads from GitHub Releases are also available for macOS on Apple Silicon and x86_64, and for Linux on x86_64 and arm64.[9]
The Codex CLI is model-agnostic in design but tuned for the latest OpenAI models. At launch in April 2025 the supported set was o3 and o4-mini, with o4-mini as the default for latency reasons.[1][21] In the months that followed, OpenAI shipped a series of Codex-specific tunings of its frontier models:
| Model | Released | Notes |
|---|---|---|
| o3, o4-mini | April 16, 2025 | Initial launch defaults for Codex CLI[1][2] |
| codex-1 (cloud) and codex-mini-latest (CLI) | May 16, 2025 | codex-1 is a fine-tune of o3 for cloud tasks; codex-mini is the corresponding lighter variant for the CLI[8][22] |
| GPT-5 family | August 7, 2025 | Base GPT-5 released, available in Codex CLI[23] |
| GPT-5-Codex | September 15, 2025 (system card); API access September 23, 2025 | Variant of GPT-5 further trained on real pull requests and code reviews; selectable in CLI[24] |
| GPT-5.2-Codex | Late 2025 / early 2026 | Successor codex tuning of GPT-5.2[25] |
| GPT-5.3-Codex | 2026 | Industry-leading agentic coding tuning; remains the recommended Codex-specific model[26] |
| GPT-5.4 | March 5, 2026 | Flagship frontier model, became default for Codex CLI[27] |
| GPT-5.5 | April 23, 2026 | New default frontier model for Codex CLI on launch[27][28] |
The CLI also exposes a gpt-5.3-codex-spark text-only research preview tuned for very low latency interactive coding, available to ChatGPT Pro subscribers, and gpt-5.4-mini for cheap subagent work.[27] Models can be switched mid-session with the /model slash command in the interactive TUI.[15]
Pricing falls into two camps. ChatGPT subscribers (Plus, Pro, Business, Edu, Enterprise) authenticate the CLI with their account and consume usage against the subscription's existing weekly limits, with no separate API bill.[3] Developers who prefer to pay per token authenticate with an API key and are billed at standard OpenAI rates, with the codex-mini-latest model historically priced around $1.50 per million input tokens and $6 per million output tokens, plus the usual 90% discount on cached prompt prefixes.[22]
Codex CLI is built around a full-screen Ratatui terminal interface that displays a transcript, syntax-highlighted diffs, and the agent's running plan, with optional theme support and Vim-style editing in the prompt composer (added in version 0.129.0).[29][14] The non-interactive surface is the codex exec subcommand, which runs a single prompt to completion and is the integration point for shell scripts, CI jobs, and the official GitHub Action for automated pull-request review.[3]
The table below summarises the major capabilities surfaced in the official documentation and shipped versions.
| Capability | Description | Source |
|---|---|---|
| Interactive TUI | Full-screen terminal interface with diffs, plan display, slash commands, and resumable sessions | Official docs[15] |
Non-interactive exec | One-shot prompt execution for CI and scripting | Official docs[3] |
| Sandbox enforcement | OS-level isolation via Seatbelt, bubblewrap, or Windows sandbox | Sandbox docs[18] |
| Approval policy | Three modes (untrusted, on-request, never) decoupled from sandbox mode | Approvals docs[4] |
| ChatGPT account sign-in | OAuth and device-code authentication for Plus, Pro, Business, Edu, Enterprise | CLI docs[3] |
| API key authentication | Standard OpenAI key for per-token billing | CLI docs[3] |
| Model Context Protocol client and server | Connect to MCP servers for extra tools; expose Codex itself via codex mcp-server | codex-rs README[14] |
| Multimodal input | Attach screenshots, sketches, or design specs to a prompt | Launch blog[2] |
| Image generation | Generate images as part of an agent run | Upgrade post[10] |
| Web search tool | Look up current information during a task | Features docs[15] |
| Subagents | Spawn parallel subagents for fan-out work | Features docs[15] |
/review command | Diff-only review pass that produces prioritised findings without writing files | Features docs[15] |
codex cloud | Triage and apply Codex Cloud tasks from inside the CLI | CLI docs[13] |
| GitHub Action | Automated pull-request review and triage in repositories | GitHub repo[9] |
| Plugin and hooks system | User-prompt hooks, plugin marketplace, workspace sharing | Augment Code[20], changelog[29] |
| Custom CA / proxy support | TLS-inspection friendly via SSL_CERT_FILE and proxy allowlists | Config docs[19] |
| Notification scripts | Run a user-defined script when a task finishes | codex-rs README[14] |
| Resume and fork | Pick up a prior session or branch from any point in the transcript | Changelog 0.129.0[29] |
| Remote control | Headless app-server mode that other clients can drive over WebSocket | Changelog 0.130.0[29] |
A developer typically starts work by running codex inside a repository. The TUI opens, the agent reads enough of the project to ground itself, the developer types an instruction in plain English, and the agent either makes edits in place (writing diffs against the working tree) or runs commands inside the sandbox. The agent will pause and ask for confirmation whenever it wants to go beyond what the current sandbox plus approval combination allows, and the developer can accept, reject, or edit the proposed action before it runs.
Codex CLI ships at an unusually high cadence. By mid-April 2026 the GitHub releases page listed more than 700 versions, averaging close to two releases per day across the project's first year.[30] The full release history is published on GitHub rather than in a checked-in CHANGELOG file; the table below covers a handful of notable milestones rather than the full list.
| Version | Date | Notes |
|---|---|---|
| Initial release | April 16, 2025 | TypeScript and Node implementation; o3 and o4-mini support; Apache 2.0[1][2] |
| Rust rewrite announced | June 2025 | OpenAI publishes a "Codex CLI is Going Native" discussion thread on GitHub[5] |
| GPT-5-Codex integration | September 2025 | GPT-5-Codex selectable in CLI alongside the standard GPT-5 model[24] |
| 0.116.0 | March 19, 2026 | ChatGPT device-code sign-in, user-prompt hook, plugin setup improvements[20] |
| 0.125.0 | April 2026 | Plugin marketplace and remote bundle caching[29] |
| 0.128.0 | April 30, 2026 | Persisted workflow goals, configurable TUI keymaps, expanded permission profiles[29] |
| 0.129.0 | May 7, 2026 | Vim editing in composer, redesigned resume/fork picker, status-line theme-aware colours[29] |
| 0.130.0 | May 8, 2026 | codex remote-control headless entrypoint, plugin hook sharing controls[29] |
The v0.116.0 release in March 2026 is particularly worth flagging because it pivots the CLI toward enterprise use. The device-code sign-in lets administrators provision Codex on machines without a browser, the user-prompt hook lets a security team intercept or rewrite prompts before they reach the model, and the surrounding configuration work added sandbox shell-escalation controls and network proxy allowlists.[20]
The terminal-agent space has consolidated around a handful of mature tools. The table below summarises sourced, factual differences between Codex CLI and three commonly compared alternatives. Benchmark numbers are from public reporting in April 2026; the comparison is intentionally narrow to capabilities and architecture rather than subjective quality.
| Feature | OpenAI Codex CLI | Claude Code | Cursor | Aider |
|---|---|---|---|---|
| Released | April 16, 2025[1] | February 24, 2025 (preview), May 22, 2025 (GA)[31] | Cursor IDE: March 2023; agent features added across 2024 to 2026 | May 2023 |
| Surface | Terminal TUI plus IDE extension | Terminal CLI plus IDE extensions | Standalone editor (VS Code fork) | Terminal CLI |
| Primary language | Rust (95%+ of codebase by April 2026)[6] | TypeScript[32] | TypeScript / Electron | Python |
| License | Apache 2.0[9] | Proprietary | Proprietary | Apache 2.0 |
| Default model | GPT-5.5 (as of April 2026)[27] | Claude Opus 4.7 (as of April 2026)[31] | User-selectable; supports OpenAI and Anthropic models | User-selectable; supports OpenAI and Anthropic models |
| Auth options | ChatGPT account or OpenAI API key[3] | Claude account or Anthropic API key[31] | Cursor account | API keys per provider |
| Sandbox | OS-level: Seatbelt (macOS), bubblewrap (Linux/WSL2), Windows sandbox[18] | Process-level controls inside Claude Code[32] | None at the agent level | None at the agent level |
| MCP support | Client and server[14] | Client[32] | Client | Limited |
| Terminal-Bench 2.0 (Apr 2026 reporting) | GPT-5.4 at 75.1%, GPT-5.3-Codex at 77.3%[33] | Opus 4.7 at 69.4%[33] | n/a | n/a |
| SWE-bench Verified (Apr 2026 reporting) | GPT-5-Codex baseline around 74.9%[33] | Opus 4.7 at 87.6%[33] | n/a | n/a |
The high-level picture from third-party reviewers in 2026 is that the four tools occupy different niches rather than competing head-on. Codex CLI is the daily driver for long-running, autonomous refactors and codebase-wide tasks where developers want to launch the agent and come back later; the rate limits on ChatGPT plans are relatively generous, which makes "set it and forget it" work feasible.[34] Claude Code tends to be picked for complex multi-component logic and benefits from Anthropic's lead on SWE-bench Verified, while Cursor is the obvious choice for developers who want their agent inside a full IDE rather than a terminal.[34][35] Aider remains a strong budget option for incremental edits because it is model-agnostic and works well with cheaper open models.[35]
It is worth noting what Codex CLI does not do, since the comparison literature sometimes blurs the lines. Codex CLI is not the same product as Devin, the autonomous engineering agent from Cognition that runs entirely in the cloud, although they share an "agentic software engineer" framing.[36] Codex CLI is also not the original 2021 Codex model: the two share only a name. The underlying technology, target user, and product surface are different.
Adoption of Codex CLI accelerated sharply once the GPT-5 family of models shipped in late 2025 and once OpenAI bundled CLI access into existing ChatGPT subscriptions rather than requiring a separate API budget. Sam Altman publicly confirmed on April 8, 2026 that the wider Codex product had reached 3 million weekly active users, up from around 600,000 at the start of the year, a roughly fivefold increase in three months.[10] OpenAI followed two weeks later with a 4 million weekly users figure, citing 70% month-over-month growth.[11]
The GitHub repository tracks the same curve. By April 10, 2026 the project had roughly 74,500 stars and 10,500 forks, with about 4.4 million binary downloads from GitHub Releases.[37] The npm package, used by the JavaScript installer wrapper, hit 14.5 million monthly downloads in March 2026, compared to roughly 82,000 in the launch month of April 2025; that is a 177-fold growth in monthly installs over the project's first year.[37] By May 2026 GitHub star counts were reported at around 82,900.[9]
The Rust rewrite was widely covered by trade press in 2025, both as a technical case study (a long-running agent process is a bad fit for garbage-collected runtimes) and as a security and supply-chain argument (a single Rust binary has a smaller attack surface than a Node.js application with a transitive dependency tree).[5][6][16] Industry response was mixed at the time, with some commentators describing it as the latest entry in a series of "another Rust rewrite" stories and others treating it as a vote of confidence in the language for systems-adjacent tooling.[6][16]
On the developer-experience side, third-party reviewers tend to converge on a handful of themes. Codex CLI's strengths in late 2025 and 2026 reporting are endurance and patience, with the agent comfortably handling multi-hour autonomous runs; weaknesses are mostly around quality on complex, multi-component application logic, where reviewers often hand the same brief to Claude Code instead.[34][35] The benchmark picture supports a similar split: GPT-5.3-Codex and GPT-5.4 lead on Terminal-Bench 2.0 (the agent-style benchmark), while Anthropic's Claude Opus 4.7 leads on SWE-bench Verified (the GitHub-issue benchmark).[33]
The enterprise pivot in early 2026 was also reflected in usage. OpenAI reported in March 2026 that usage of Codex inside ChatGPT Business and Enterprise environments had grown sixfold since January, and that Codex usage overall had grown 10x since August 2025.[10][20] The combination of the v0.116.0 enterprise hooks, custom CA certificate support, and Python SDK plus app-server primitives made it noticeably easier for security and platform teams to embed Codex inside existing CI and review workflows behind a corporate firewall.[20]