Codex in Your Terminal: OpenAI's Rust Coding Agent, Explained
OpenAI's Codex is a coding agent that lives in your terminal and edits your repo directly. Here is what it does, how to run it, and where the guardrails sit.
Codex is OpenAI's coding agent that runs in your terminal instead of a browser tab. You point it at a repo, describe what you want, and it reads files, writes code, and runs commands to get there. The project is open source under Apache-2.0, and the bulk of it is written in Rust, so the binary is small and starts fast. If you have used a chat window to copy-paste code back and forth, this collapses that loop: the agent works inside the actual project.
Why this matters for you: the painful part of agentic coding is not the model, it is the plumbing around it. File access, command execution, and knowing when to stop and ask. Codex ships that plumbing with sane defaults, so you can get an agent touching real files in a couple of minutes without wiring anything up yourself.
Install it
Pick whichever fits your setup. On Mac and Linux there is an install script; npm and Homebrew both work too. After it lands, you sign in with a ChatGPT plan (Plus, Pro, Business, Edu, or Enterprise) or use an API key, which needs a little extra setup.
npm install -g @openai/codexcurl -fsSL https://chatgpt.com/codex/install.sh | shRun it
- 1Run 'codex' inside a project to open the full-screen terminal UI, or pass a task straight in with 'codex "refactor this module"'.
- 2For automation and CI, use the non-interactive mode: 'codex exec "fix the CI failure"' runs without prompts and pipes output to stdout.
- 3Pick a model with '--model', for example 'codex --model gpt-5.5', or switch mid-session with the '/model' command.
- 4Resume earlier work with 'codex resume', 'codex resume --last', or 'codex resume <SESSION_ID>'.
- 5Use slash commands inside a session, like '/review' to review changes and '/permissions' to change how much autonomy the agent has.
The autonomy modes are the important part
Codex separates two controls that people often confuse: the sandbox and the approval policy. The sandbox sets the technical boundary of what the agent can touch. The approval policy decides when it has to stop and ask you before crossing that line. You switch between three modes with '/permissions':
- Auto (the default): reads, edits, and runs routine commands inside your working directory, and asks before touching the network or going outside the project.
- Read-only: the agent can look but not change anything, so every edit needs your approval. Good for a first pass on unfamiliar code.
- Full Access: no prompts, unrestricted access to your machine. Useful for tight loops you trust, dangerous everywhere else.
On macOS the sandbox uses the built-in Seatbelt framework and works out of the box. On Linux and WSL2 you install bubblewrap first, and Codex picks up the 'bwrap' binary from your PATH. The practical effect of the default mode: file writes stay in your workspace and network access pauses for a yes/no.
When to reach for it, and when not to
Codex earns its keep on contained, well-scoped jobs: fixing a failing test, threading a small feature through an existing pattern, or churning through a refactor you have already mapped out. The 'codex exec' mode is genuinely useful in CI, where you can hand it a known failure and read the result from stdout. Keep it in Auto or Read-only while you build trust on a codebase.
Be deliberate about Full Access. It removes the prompts that stand between the agent and your filesystem, your credentials, and the network, so only use it on work you can throw away or roll back. Commit often, run it on a branch, and treat every agent run as a diff to review rather than a result to accept. The agent is fast. Your review is the quality gate.
Want the next drop first?
New builds and skills land in the Vault every week.
Follow for the weekly drops