Codex provides multiple automation methods that can be used in scripts, pipelines, and server-side applications.
Non-Interactive Mode (exec)
The exec command is used in scripts and automation scenarios without opening the TUI.
Basic Usage
exec Command
# Execute a single task
codex exec "Review code and output report"
# Output to file
codex exec -o review.md "Review src/auth.py"
# Use a specific model
codex exec -m gpt-5.4-mini "Analyze project structure"
# Fully automatic execution
codex exec --full-auto "Run tests and fix failures"
Common Parameters
| Parameter | Description |
|---|---|
-m |
Specify model |
-o |
Output results to file |
--full-auto |
Fully automatic execution |
--ephemeral |
Do not save session files |
--json |
JSON Lines output format |
--output-schema |
Output in JSON Schema format |
--sandbox |
Set sandbox mode |
Reading from Standard Input
stdin Input
# Read from pipe
echo "Explain this error" | codex exec -
# Read from file
codex exec - < task.txt
# Multi-line task
cat <<EOF | codex exec -
Analyze src/ directory
Find potential bugs
Output fix suggestions
EOF
Resuming Sessions
Resume Execution
# Resume the most recent session
codex exec resume --last "Continue fixing bugs"
# Resume a specific session
codex exec resume --session abc123 "Next task"
By default, exec runs in a read-only sandbox and will not modify files.
Codex SDK
The Codex SDK provides a programming interface for calling Agent capabilities in code.
Installing the SDK
Install SDK
npm install @openai/codex-sdk
Usage Example
SDK Basic Usage
import { Codex } from '@openai/codex-sdk';
// Create Codex client
const codex = new Codex({
apiKey: process.env.OPENAI_API_KEY
});
// Execute task
const thread = await codex.run({
prompt: 'Review src/auth.py file',
model: 'gpt-5.4'
});
// Get results
console.log(thread.messages);
// Continue task
const followUp = await codex.run({
threadId: thread.id,
prompt: 'Fix the discovered bugs'
});
SDK Use Cases
- Integrating into CI/CD pipelines
- Creating custom Agent applications
- Automating internal tools
- Batch processing tasks
GitHub Action
The official Codex GitHub Action is available to trigger tasks in CI pipelines.
Basic Workflow
GitHub Action Example
name: Codex Review
on:
jobs:
codex-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Run Codex Review
uses: openai/codex-action@v1
with:
prompt-file: '.github/codex-review.md'
model: 'gpt-5.4'
sandbox: 'workspace-write'
output-file: 'review.md'
- name: Post Review
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const review = fs.readFileSync('review.md', 'utf8');
github.rest.pulls.createReview({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
body: review,
event: 'COMMENT'
});
Action Parameters
| Parameter | Description |
|---|---|
prompt |
Directly specify task description |
prompt-file |
Specify task file path |
model |
Model to use |
sandbox |
Sandbox mode |
output-file |
Output file path |
codex-args |
Additional CLI parameters |
Security Configuration
Security Settings
- name: Run Codex
uses: openai/codex-action@v1
with:
prompt: 'Review changes'
safety-strategy: 'drop-sudo'
unprivileged-user: 'codex-runner'
allow-users: ['maintainers']
When using GitHub Action, ensure the API Key is stored as Secrets and not hardcoded.
App Server
The App Server exposes Codex capabilities as a server-side API.
Starting the App Server
Start Service
# Start App Server
codex app-server
# Specify port
codex app-server --port 3000
# Remote access
codex --remote ws://server:3000
Use Cases
- Team sharing of Codex capabilities
- Remote CI/CD invocation
- Integration into internal platforms
MCP Server
Provide Codex as an MCP tool for other Agents to call.
Configuring Codex MCP
MCP Server Configuration
# In other Agent configurations
[mcp_servers.codex]
command = "codex"
args =
Best Practices
Security
- Use read-only sandbox mode
- Store API Key as Secrets
- Limit trigger conditions (specific events only)
- Review output before applying changes
Reliability
- Set reasonable timeout values
- Use
--ephemeralto avoid state residue - Verify task success before continuing
- Handle rollback in case of failure
FAQ
Q: What is the difference between exec and interactive mode?
Exec exits after a single execution, suitable for automation; interactive mode maintains continuous conversation.
Q: How to authenticate in CI/CD?
Use the CODEX_API_KEY environment variable, stored as Secrets.
Q: Can GitHub Action modify files?
Yes, set sandbox: workspace-write.
Q: How to use in Docker?
Install Codex into the image, configure authentication, and then call it.
YouTip