intellimetrics Learning
Building Module 6 · CLI Tools Setup

Codex CLI

Last reviewed

What you'll learn

~15 min
  • Install Codex CLI via npm or pre-built binary
  • Sign in with your ChatGPT account or set up an API key
  • Run your first autonomous task with cautious permissions
  • Understand the permission profiles and sandbox policies
Cloud Equivalent

Codex Cloud at chatgpt.com/codex runs async coding tasks in a sandboxed cloud environment and opens PRs when done — no local install required. Most ChatGPT plans include some Codex Cloud usage; as of April 2026, OpenAI moved Codex to token-based credits, so Plus subscribers can hit a hard wall mid-task. See the Cloud Sandbox Cheat Sheet for current pricing, or set up your sandbox.

By the end of this lesson, you’ll have Codex CLI installed and understand its unique strength: the ability to plan, execute, and iterate on tasks with minimal hand-holding.

What is Codex CLI?

Codex CLI is OpenAI’s open-source command-line coding agent, rewritten in Rust as of early 2026. It’s designed for autonomous task execution — you assign it a task, and it can plan, implement, test, and iterate with minimal guidance, but outputs still require human review. The recommended model is GPT-5.5 (other options include GPT-5.5-mini for faster/cheaper tasks and the Codex-tuned variants); use /model to see the current default and switch.

Key features:

  • Autonomous multi-step task execution
  • Can work with git workflows (including branches) when used inside a git repository
  • Sandboxed execution for safety
  • Voice input (hold spacebar to dictate), web search, and MCP server support
  • Session resume (codex resume) to pick up where you left off
  • codex exec for non-interactive scripting and CI pipelines
  • Subagents for parallel task execution
  • Open source (Rust)
🔍Mental model: Codex as a junior colleague

Think of Codex CLI like delegating a task to a capable junior colleague. You wouldn’t explain every keystroke — you’d say “Build me a to-do list app” and let them figure out the implementation. Codex works the same way. In its most cautious mode, your colleague checks in before every step (“Should I use localStorage for persistence?”). In a middle mode, they handle file changes on their own but ask before running commands. In full-auto mode, they just deliver the finished result. Like a junior teammate, it can be very helpful but still needs supervision and review. Start cautious while you’re learning to trust the tool.

Tool status — under active development

Codex CLI ships frequent releases (rewritten in Rust in early 2026; ~one release per week). If the install commands below don’t work, check the official Codex CLI repository or OpenAI’s documentation for the latest instructions.

Installation

Windows users: WSL recommended for the CLI

Codex CLI’s sandboxing features work best on Linux/macOS/WSL. Native Windows support is still experimental — use WSL2 for the most reliable experience. The CLI instructions below assume WSL or macOS/Linux.

Step 1: Install Codex CLI

Option A — npm (if you already have Node.js):

Terminal window
npm install -g @openai/codex

Option B — Homebrew (macOS):

Terminal window
brew install --cask codex

Option C — Pre-built binary (no Node.js needed):

Download the latest binary for your platform from the Codex CLI releases page and add it to your PATH.

Verify (any install method):

Terminal window
codex --version

Step 2: Sign in

The easiest way to authenticate is with your ChatGPT account — no API key needed:

Terminal window
codex

On first launch, Codex will open a device-code sign-in flow in your browser. Sign in with your ChatGPT account and you’re done. This works with any ChatGPT plan (Plus, Pro, Business).

🔍Alternative: API key

If you prefer API-key authentication (or need it for CI/scripting), you can set an OpenAI API key instead:

  1. Go to platform.openai.com
  2. Create an account or sign in
  3. Navigate to API Keys and create a new secret key
  4. Set it as an environment variable:
Terminal window
export OPENAI_API_KEY="your-key-here"

To make this permanent, add the export line to your shell config:

Terminal window
echo 'export OPENAI_API_KEY="your-key-here"' >> ~/.bashrc
source ~/.bashrc

(If your shell is zsh — check with echo $SHELL — use ~/.zshrc instead.)

Keep API keys safe

If you use an API key, never commit it to a git repository or share it publicly. Treat it like a password. If you accidentally expose it, revoke it immediately from the OpenAI dashboard and create a new one.

Investing in Codex — treat credits like a project budget

As of April 2026, OpenAI moved Codex to token-based credit consumption. The included allotment varies by plan:

PlanPriceWhat it gets you
Free$0Trial-only Codex usage; not workable for ongoing tasks
Go$8/moLight credit allotment for occasional use
Plus$20/moMid-tier credits — Plus users can now hit a hard wall mid-task
Pro$100/mo5× Plus credits; the practical “I use Codex daily” tier
Pro (max)$200/moOriginal Pro tier; highest included credits
Business$30/user/moOrg-managed credits + admin controls

Treat Codex credits like a project budget: estimate before you start a long agentic run, set a spend cap if your plan supports one, and watch the meter on the first run of a new task type so you know what it costs. If you’re using API-key auth instead, standard API billing applies — check platform.openai.com/settings.

Your first interaction

Step 1: Create a project folder

Terminal window
mkdir hello-codex && cd hello-codex

Step 2: Start Codex CLI

Terminal window
codex

Step 3: Give it a task

Create a simple to-do list app in a single HTML file. It should:
- Let users type a task and press Enter to add it
- Show tasks in a list with checkboxes to mark as done
- Have a "Clear completed" button
- Dark theme, clean design
- Save tasks to localStorage so they persist on refresh

Codex will:

  1. Plan the implementation
  2. Create the file
  3. Write the code
  4. Verify it meets requirements

In the most cautious permission profile, Codex will ask for your approval before each step. Type y to approve or n to reject. Use /mode (or the equivalent permission-profile command — see /help) to switch autonomy levels, or Ctrl+C to quit.

Step 4: Check the result

Terminal window
ls
cat index.html

Open in your browser to test the todo list functionality.

Codex CLI modes

Codex CLI controls autonomy through two independent policies — approval (when it asks permission) and sandbox (what it can access):

Approval PolicyWhat it doesBest for
UntrustedAsks before every actionLearning, careful work
On-requestMakes file changes automatically, asks before commandsGeneral use
Never (full auto)Executes everything autonomouslyWhen you trust the task
Sandbox PolicyWhat it allows
Read-onlyCan read files but not write
Workspace-writeCan write within your project directory
Danger-full-accessUnrestricted file and network access

The legacy --full-auto flag is being phased out in favor of explicit permission profiles that combine an approval policy and a sandbox policy. Run codex --help or /help inside a session to see the current profile names — the names have shifted across releases, so prefer reading them from the tool over memorizing.

Start with the most cautious profile while learning, then open up autonomy as you get comfortable. Full autonomy is best reserved for low-stakes prototypes where you can easily discard the results.

📊In Your Field: MIS / Businessclick to expand

Codex CLI’s autonomous execution model is particularly useful for MIS projects where you need to scaffold repetitive structures — like generating CRUD endpoints for a database, creating form validation logic, or building report templates. You can describe the business requirement (“Create an expense report form that calculates totals by category and exports to CSV”) and let Codex handle the implementation details. The Suggest mode is ideal here because you can review each step to make sure it matches your organization’s data standards.

🧬In Your Field: Biotechclick to expand

For bioinformatics workflows, Codex CLI’s sandboxed execution is a meaningful safety feature. When you ask it to “Write a Python script that processes all .fastq.gz files in a directory and generates quality reports,” it runs in an isolated environment — it won’t accidentally overwrite your precious sequencing data. Start in Suggest mode for any task that touches research data, and move to Auto-edit only for scaffolding new analysis scripts from scratch.

Tips

  1. Be specific about requirements. Codex excels when you give it a clear, well-defined task. The more specific your instructions, the better the result.

  2. Start with small tasks. Build confidence with simple, single-file tasks before trying multi-file projects.

  3. Use the sandbox. Codex runs in a sandboxed environment that reduces blast radius. It is not a substitute for review — read the diff before accepting changes, especially on important projects.

  4. Review before accepting. In the cautious permission profile, Codex shows you what it wants to do before doing it. Use this to learn what good code looks like.

Power features

Mid-session mode switching

You do not have to restart Codex to change permission profiles. Use the in-session /mode (or current profile-switch command — see /help) to step up or down autonomy. This lets you start careful and open up autonomy as you gain confidence in the task.

Sandbox

By default, Codex CLI uses a restricted execution environment controlled by the sandbox policy. The workspace-write default limits changes to your project directory. Network and file permissions depend on your configuration and OS. The sandbox reduces blast radius, but it does not replace review — verify the behavior in your environment before relying on it for safety-critical work, and always read the diff before accepting changes.

Voice input

Hold the spacebar to dictate your prompt instead of typing. Useful for describing complex tasks conversationally.

Session resume

Run codex resume to pick up a prior session where you left off — handy if you get interrupted or want to continue a multi-step task later.

Verify it works

Paste this exact command to confirm everything is set up correctly:

Terminal window
codex --version

You should see a version number printed. If you get “command not found,” revisit the installation step above.

💡Your first real prompt

If the version check worked, try this — your first real interaction with Codex CLI:

Terminal window
codex "What is 2 + 2? Reply with just the number."

If you see a response, congratulations — you’re ready to use Codex CLI for real work starting in Module 9.

🔧

When Things Go Wrong

Use the Symptom → Evidence → Request pattern: describe what you see, paste the error, then ask for a fix.

Symptom
Codex CLI says 'invalid API key' after setting OPENAI_API_KEY
Evidence
Error: Incorrect API key provided: your-key-here. You can find your API key at https://platform.openai.com/account/api-keys
What to ask the AI
"Codex CLI is rejecting my OpenAI API key. I set it with export OPENAI_API_KEY but it says 'incorrect API key.' How do I verify the key is correct and that my environment variable is actually set?"
Symptom
Device-code sign-in doesn't open the browser
Evidence
Codex shows a URL and code but the browser doesn't open automatically
What to ask the AI
"Codex CLI is trying to do device-code sign-in but my browser didn't open. I see a URL and a code in the terminal. Do I need to manually open the URL? I'm on WSL — could that be why the browser didn't launch?"
Symptom
Codex CLI exits immediately or crashes on startup
Evidence
Segmentation fault or 'Error: Cannot find module' after npm install
What to ask the AI
"Codex CLI crashes when I try to run it. I installed it with npm install -g @openai/codex. Could this be a version compatibility issue? How do I fix it?"
Symptom
Codex seems to be running but produces no output for a long time
Evidence
Terminal shows 'Thinking...' for several minutes with no progress
What to ask the AI
"Codex CLI has been showing 'Thinking...' for 5+ minutes. Is this normal for a first task, or is something stuck? How do I check if there's a network or API issue?"
💬Three tools down, one to go

You’ve now set up three AI CLI tools (Claude Code, Gemini CLI, and Codex CLI), with GitHub Copilot CLI in the next lesson. That’s not redundant — it’s strategic. Different tools excel at different tasks, and knowing when to reach for each one is a professional advantage that most people don’t have. The investment isn’t in any single tool. It’s in the orchestration skill that works across all of them.

Key Takeaways

  • Multiple install optionsnpm install -g @openai/codex, brew install --cask codex, or download a pre-built binary
  • Sign in with ChatGPT — device-code flow is the easiest auth; API key still works for CI/scripting
  • Two policy axes — approval policy controls when Codex asks permission, sandbox policy controls what it can access
  • The sandbox reduces blast radius — Codex runs in isolation, but you still review the diff before accepting
  • Specificity wins — the more precise your task description, the better the result
  • Review is learning — Suggest mode shows you how an AI approaches a problem step by step