Documentation 2026-05-28 18:58 UTC to 2026-05-29 18:58 UTC

1# Computer Use – Codex app1# Computer Use – Codex app

2 2 

3In the Codex app, computer use is currently available on macOS, except in the3In the Codex app, computer use is available on macOS and Windows, except in

4European Economic Area, the United Kingdom, and Switzerland at launch. Install4the European Economic Area, the United Kingdom, and Switzerland at launch.

5the Computer Use plugin, then grant Screen Recording and Accessibility5Install the Computer Use plugin. On macOS, grant Screen Recording and

6permissions when macOS prompts you.6Accessibility permissions when prompted.

7 7 

8With computer use, Codex can see and operate graphical user interfaces on macOS.8With computer use, Codex can see and operate graphical user interfaces on macOS

9Use it for tasks where command-line tools or structured integrations aren’t9or Windows. Use it for tasks where command-line tools or structured integrations

10enough, such as checking a desktop app, using a browser, changing app settings,10aren’t enough, such as checking a desktop app, using a browser, changing app

11working with a data source that isn’t available as a plugin, or reproducing a11settings, working with a data source that isn’t available as a plugin, or

12bug that only happens in a graphical user interface.12reproducing a bug that only happens in a graphical user interface.

13 13 

14Because computer use can affect app and system state outside your project14Because computer use can affect app and system state outside your project

15workspace, use it for scoped tasks and review permission prompts before15workspace, use it for scoped tasks and review permission prompts before

18## Set up computer use18## Set up computer use

19 19 

20In Codex settings, open **Computer Use** and click **Install** to install the20In Codex settings, open **Computer Use** and click **Install** to install the

21Computer Use plugin before you ask Codex to operate desktop apps. When macOS21Computer Use plugin before you ask Codex to operate desktop apps. On Windows,

22prompts for access, grant Screen Recording and Accessibility permissions if you22keep the target app visible on the active desktop while the task runs. On

23want Codex to see and interact with the target app.23macOS, grant Screen Recording and Accessibility permissions when prompted so

24Codex can see and interact with the target app.

24 25 

25To use computer use, grant:26On macOS, grant:

26 27 

27- **Screen Recording** permission so Codex can see the target app.28- **Screen Recording** permission so Codex can see the target app.

28- **Accessibility** permission so Codex can click, type, and navigate.29- **Accessibility** permission so Codex can click, type, and navigate.

34 35 

35Good fits include:36Good fits include:

36 37 

37- Testing a macOS app, an iOS simulator flow, or another desktop app that Codex38- Testing a macOS app, Windows app, iOS simulator flow, or another desktop app

38 is building.39 that Codex is building.

39- Performing a task that requires your web browser.40- Performing a task that requires your web browser.

40- Reproducing a bug that only appears in a graphical interface.41- Reproducing a bug that only appears in a graphical interface.

41- Changing app settings that require clicking through a UI.42- Changing app settings that require clicking through a UI.

42- Inspecting information in an app or data source that isn’t available through a43- Inspecting information in an app or data source that isn’t available through a

43 plugin.44 plugin.

44- Running a scoped task in the background while you keep working elsewhere.45- On macOS, running a scoped task in the background while you keep working

46 elsewhere.

45- Executing a workflow that spans more than one app.47- Executing a workflow that spans more than one app.

46 48 

47For web apps you are building locally, use the49For web apps you are building locally, use the

48[in-app browser](https://developers.openai.com/codex/app/browser) first.50[in-app browser](https://developers.openai.com/codex/app/browser) first.

49 51 

52### Windows foreground use

53 

54On Windows, computer use runs on the active desktop. It can’t operate in the

55background while you keep using the same Windows session, so expect Codex to

56move the pointer, type, and take over the foreground while the task runs.

57 

58For Windows tasks that should continue while you step away, keep the Windows

59device unlocked and connected to the internet. Use

60[remote control](https://developers.openai.com/codex/remote-connections) from your phone to check progress

61or send follow-up instructions, or run the Codex app inside a Windows virtual

62machine so computer use takes over the VM instead of your main desktop.

63 

50## Start a computer use task64## Start a computer use task

51 65 

52Mention `@Computer` or `@AppName` in your prompt, or ask Codex to use66Mention `@Computer` or `@AppName` in your prompt, or ask Codex to use

68 82 

69## Permissions and approvals83## Permissions and approvals

70 84 

71The macOS system permissions for computer use are separate from app approvals in85System permissions for computer use are separate from app approvals in Codex.

72Codex. The macOS permissions let Codex see and operate apps. App approvals86On macOS, Screen Recording and Accessibility permissions let Codex see and

73determine which apps you allow Codex to use. File reads, file edits, and shell87operate apps. App approvals determine which apps you allow Codex to use. File

74commands still follow the sandbox and approval settings for the thread.88reads, file edits, and shell commands still follow the sandbox and approval

89settings for the thread.

75 90 

76With computer use, Codex can see and take action only in the apps you allow.91With computer use, Codex can see and take action only in the apps you allow.

77During a task, Codex asks for your permission before it can use an app on your92During a task, Codex asks for your permission before it can use an app on your

85 100 

86If Codex can’t see or control an app, open **System Settings > Privacy &101If Codex can’t see or control an app, open **System Settings > Privacy &

87Security** and check **Screen Recording** and **Accessibility** for the Codex102Security** and check **Screen Recording** and **Accessibility** for the Codex

88app.103app on macOS. On Windows, make sure the target app is visible in the active

104desktop session.

89 105 

90## Locked use106## Locked use

91 107 

108Locked use is for macOS. On Windows, computer use works in the foreground.

109 

92Locked computer use lets Codex use Computer Use after your Mac locks, but only110Locked computer use lets Codex use Computer Use after your Mac locks, but only

93after you enable it. Use it when a Codex task needs to use desktop apps from a111after you enable it. Use it when a Codex task needs to use desktop apps from a

94connected device after the Mac locks.112connected device after the Mac locks.

135- Give Codex one clear target app or flow at a time.153- Give Codex one clear target app or flow at a time.

136- You can stop the task or take over your computer at any time.154- You can stop the task or take over your computer at any time.

137- Keep sensitive apps closed unless they’re required for the task.155- Keep sensitive apps closed unless they’re required for the task.

156- On Windows, expect Codex to take over foreground input while it works; use a

157 secondary device, a VM, or stop the task before using that desktop yourself.

138- Avoid tasks that require secrets unless you’re present and can approve each158- Avoid tasks that require secrets unless you’re present and can approve each

139 step.159 step.

140- Review app permission prompts before allowing Codex to use an app.160- Review app permission prompts before allowing Codex to use an app.

155 155 

156## Computer use156## Computer use

157 157 

158[Computer use](https://developers.openai.com/codex/app/computer-use) helps Codex operate a macOS app by158[Computer use](https://developers.openai.com/codex/app/computer-use) helps Codex operate a macOS or Windows

159seeing, clicking, and typing. This is useful for testing desktop apps, checking159app by seeing, clicking, and typing. This is useful for testing desktop apps,

160browser or simulator flows, working with data sources that aren’t available as160checking browser or simulator flows, working with data sources that aren’t

161plugins, changing app settings, and reproducing GUI-only bugs.161available as plugins, changing app settings, and reproducing GUI-only bugs.

162 162 

163Because computer use can affect app and system state outside your project163Because computer use can affect app and system state outside your project

164workspace, keep tasks narrow and review permission prompts before continuing.164workspace, keep tasks narrow and review permission prompts before continuing.

10require `Cmd`+`Enter` for multiline prompts or prevent sleep while a10require `Cmd`+`Enter` for multiline prompts or prevent sleep while a

11thread runs.11thread runs.

12 12 

13## Profile

14 

15Use **Profile** to review stats such as lifetime tokens, peak tokens, streaks,

16your longest task, and token activity. You can also update your profile details,

17such as your picture, display name, and username.

18 

13## Keyboard shortcuts19## Keyboard shortcuts

14 20 

15Open **Keyboard Shortcuts** to review commands, change bindings, or reset custom21Open **Keyboard Shortcuts** to review commands, change bindings, or reset custom

84## Browser use90## Browser use

85 91 

86Use these settings to install or enable the bundled Browser plugin, set up the92Use these settings to install or enable the bundled Browser plugin, set up the

87[Codex Chrome extension](https://developers.openai.com/codex/app/chrome-extension), and manage allowlisted93[Codex Chrome extension](https://developers.openai.com/codex/app/chrome-extension), and manage allowed and

88and blocklisted websites. Codex asks before using a website unless you’ve94blocked websites. Codex asks before using a website unless you’ve allowed it.

89allowlisted it. Removing a site from the blocklist lets Codex ask again before95Removing a blocked site lets Codex ask again before using it in the browser.

90using it in the browser.

91 96 

92See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and97See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and

93browser use workflows.98browser use workflows.

94 99 

95## Computer Use100## Computer Use

96 101 

97On macOS, check your Computer Use settings to review desktop-app access and related102Check your Computer Use settings to review desktop-app access and related

98preferences after setup. To revoke system-level access, update Screen Recording103preferences after setup. On macOS, revoke system-level access by updating Screen

99or Accessibility permissions in macOS Privacy & Security settings. The feature104Recording or Accessibility permissions in macOS Privacy & Security settings. The

100isn’t available in the EEA, the United Kingdom, or Switzerland at launch.105feature isn’t available in the EEA, the United Kingdom, or Switzerland at launch.

101 106 

102## Personalization107## Personalization

103 108 

76| `features.network_proxy.enabled` | `boolean` | Enable sandboxed networking. Defaults to `false`. |76| `features.network_proxy.enabled` | `boolean` | Enable sandboxed networking. Defaults to `false`. |

77| `features.network_proxy.proxy_url` | `string` | HTTP listener URL for sandboxed networking. Defaults to `"http://127.0.0.1:3128"`. |77| `features.network_proxy.proxy_url` | `string` | HTTP listener URL for sandboxed networking. Defaults to `"http://127.0.0.1:3128"`. |

78| `features.network_proxy.socks_url` | `string` | SOCKS5 listener URL. Defaults to `"http://127.0.0.1:8081"`. |78| `features.network_proxy.socks_url` | `string` | SOCKS5 listener URL. Defaults to `"http://127.0.0.1:8081"`. |

79| `features.network_proxy.unix_sockets` | `map<string, allow | none>` | Unix socket policy for sandboxed networking. Unset by default; add `allow` entries for permitted sockets. |79| `features.network_proxy.unix_sockets` | `map<string, allow | deny>` | Unix socket policy for sandboxed networking. Unset by default; add `allow` entries for permitted sockets. |

80| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |80| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

81| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |81| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

82| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |82| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

212| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |212| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

213| `permissions.<name>.network.proxy_url` | `string` | HTTP listener URL used when this permissions profile enables sandboxed networking. |213| `permissions.<name>.network.proxy_url` | `string` | HTTP listener URL used when this permissions profile enables sandboxed networking. |

214| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |214| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

215| `permissions.<name>.network.unix_sockets` | `table` | Unix socket allowlist overrides for sandboxed networking. Use socket paths as keys; `allow` adds a path, and `none` clears an inherited allow entry. |215| `permissions.<name>.network.unix_sockets` | `table` | Unix socket allowlist overrides for sandboxed networking. Use socket paths as keys; `allow` adds a path, and `deny` rejects it. |

216| `permissions.<name>.network.unix_sockets.<path>` | `allow | none` | Add an absolute Unix socket path to the effective allowlist with `allow`, or clear an inherited allow entry with `none`. `none` is not a separate deny-list decision. |216| `permissions.<name>.network.unix_sockets.<path>` | `allow | deny` | Add an absolute Unix socket path to the effective allowlist with `allow`, or reject it with `deny`. Denied entries are omitted from the effective allowlist. |

217| `permissions.<name>.workspace_roots` | `table` | Profile-defined workspace roots that receive `:workspace_roots` filesystem rules alongside the session's runtime workspace roots. |217| `permissions.<name>.workspace_roots` | `table` | Profile-defined workspace roots that receive `:workspace_roots` filesystem rules alongside the session's runtime workspace roots. |

218| `permissions.<name>.workspace_roots.<path>` | `boolean` | Opt a path into the profile's workspace root set when `true`. Disabled entries remain inactive. |218| `permissions.<name>.workspace_roots.<path>` | `boolean` | Opt a path into the profile's workspace root set when `true`. Disabled entries remain inactive. |

219| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |219| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

937 937 

938Type / Values938Type / Values

939 939 

940`map<string, allow | none>`940`map<string, allow | deny>`

941 941 

942Details942Details

943 943 

2573 2573 

2574Details2574Details

2575 2575 

2576Unix socket allowlist overrides for sandboxed networking. Use socket paths as keys; `allow` adds a path, and `none` clears an inherited allow entry.2576Unix socket allowlist overrides for sandboxed networking. Use socket paths as keys; `allow` adds a path, and `deny` rejects it.

2577 2577 

2578Key2578Key

2579 2579 

2581 2581 

2582Type / Values2582Type / Values

2583 2583 

2584`allow | none`2584`allow | deny`

2585 2585 

2586Details2586Details

2587 2587 

2588Add an absolute Unix socket path to the effective allowlist with `allow`, or clear an inherited allow entry with `none`. `none` is not a separate deny-list decision.2588Add an absolute Unix socket path to the effective allowlist with `allow`, or reject it with `deny`. Denied entries are omitted from the effective allowlist.

2589 2589 

2590Key2590Key

2591 2591 

3300| `experimental_network.http_port` | `integer` | Loopback HTTP listener port to use for `[experimental_network]` requirements. |3300| `experimental_network.http_port` | `integer` | Loopback HTTP listener port to use for `[experimental_network]` requirements. |

3301| `experimental_network.managed_allowed_domains_only` | `boolean` | When `true`, only administrator-managed allow rules remain effective while sandboxed networking requirements are active; user allowlist additions are ignored. Without managed allow rules, user-added domain allow rules do not remain effective. |3301| `experimental_network.managed_allowed_domains_only` | `boolean` | When `true`, only administrator-managed allow rules remain effective while sandboxed networking requirements are active; user allowlist additions are ignored. Without managed allow rules, user-added domain allow rules do not remain effective. |

3302| `experimental_network.socks_port` | `integer` | Loopback SOCKS5 listener port to use for `[experimental_network]` requirements. |3302| `experimental_network.socks_port` | `integer` | Loopback SOCKS5 listener port to use for `[experimental_network]` requirements. |

3303| `experimental_network.unix_sockets` | `map<string, allow | none>` | Administrator-managed Unix socket policy for sandboxed networking. |3303| `experimental_network.unix_sockets` | `map<string, allow | deny>` | Administrator-managed Unix socket policy for sandboxed networking. |

3304| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |3304| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

3305| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |3305| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

3306| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |3306| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3540 3540 

3541Type / Values3541Type / Values

3542 3542 

3543`map<string, allow | none>`3543`map<string, allow | deny>`

3544 3544 

3545Details3545Details

3546 3546 

159| `[permissions.<name>.network.domains]` | Table | None | Maps host patterns to `allow` or `deny`. If there are no `allow` entries, domain requests are blocked. Deny entries override allow entries. |159| `[permissions.<name>.network.domains]` | Table | None | Maps host patterns to `allow` or `deny`. If there are no `allow` entries, domain requests are blocked. Deny entries override allow entries. |

160| `permissions.<name>.network.domains."<pattern>"` | `allow` or `deny` | None | Supports exact hosts, `*.example.com` for subdomains, `**.example.com` for apex plus subdomains, and `*` as an allow-only global wildcard. Host patterns are normalized by trimming, lowercasing, stripping a trailing dot, and stripping simple ports or brackets. |160| `permissions.<name>.network.domains."<pattern>"` | `allow` or `deny` | None | Supports exact hosts, `*.example.com` for subdomains, `**.example.com` for apex plus subdomains, and `*` as an allow-only global wildcard. Host patterns are normalized by trimming, lowercasing, stripping a trailing dot, and stripping simple ports or brackets. |

161| `[permissions.<name>.network.unix_sockets]` | Table | None | Maps Unix socket allowlist overrides. Use only for local integrations such as Docker. |161| `[permissions.<name>.network.unix_sockets]` | Table | None | Maps Unix socket allowlist overrides. Use only for local integrations such as Docker. |

162| `permissions.<name>.network.unix_sockets."<path>"` | `allow` or `none` | None | Adds an absolute Unix socket path to the effective allowlist with `allow`, or clears an inherited allow entry with `none`. `none` is not a separate deny-list decision. |162| `permissions.<name>.network.unix_sockets."<path>"` | `allow` or `deny` | None | Adds an absolute Unix socket path to the effective allowlist with `allow`, or rejects it with `deny`. Denied entries are omitted from the effective allowlist. |

163| `permissions.<name>.network.proxy_url` | URL string | `http://127.0.0.1:3128` | HTTP proxy listener used for `HTTP_PROXY`, `HTTPS_PROXY`, websocket proxy variables, and related tool proxy environment variables. |163| `permissions.<name>.network.proxy_url` | URL string | `http://127.0.0.1:3128` | HTTP proxy listener used for `HTTP_PROXY`, `HTTPS_PROXY`, websocket proxy variables, and related tool proxy environment variables. |

164| `permissions.<name>.network.enable_socks5` | Boolean | `true` | Enables the SOCKS5 listener used for `ALL_PROXY` and FTP proxy variables. |164| `permissions.<name>.network.enable_socks5` | Boolean | `true` | Enables the SOCKS5 listener used for `ALL_PROXY` and FTP proxy variables. |

165| `permissions.<name>.network.socks_url` | URL string | `http://127.0.0.1:8081` | SOCKS5 listener address. |165| `permissions.<name>.network.socks_url` | URL string | `http://127.0.0.1:8081` | SOCKS5 listener address. |

366```366```

367[permissions.project-edit.network.unix_sockets]367[permissions.project-edit.network.unix_sockets]

368"/var/run/docker.sock" = "allow"368"/var/run/docker.sock" = "allow"

369"/tmp/old.sock" = "none"369"/tmp/old.sock" = "deny"

370```370```

371 371 

372Use `none` to clear a socket allow entry inherited from a lower-precedence372Use `deny` to reject a socket path, including an inherited allow entry. Denied

373configuration layer. It is not a domain-style deny rule.373socket paths are omitted from the effective allowlist.

374 374 

375When Unix sockets are enabled, keep proxy listeners bound to loopback addresses.375When Unix sockets are enabled, keep proxy listeners bound to loopback addresses.

376 376 

1# Remote connections – Codex1# Remote connections – Codex

2 2 

3Remote connections let you use Codex from another device or another machine.3Remote connections let you use Codex from another device or another machine.

4Use Codex in the ChatGPT mobile app to work with Codex on a connected Mac,4Use Codex in the ChatGPT mobile app to work with Codex on a connected Mac or

5continue work from another Codex App device, or connect the Codex App to5Windows device, continue work from another supported Codex App device, or connect

6projects on an SSH host.6the Codex App to projects on an SSH host.

7 7 

8Remote access uses the connected host’s projects, threads, files, credentials,8Remote access uses the connected host’s projects, threads, files, credentials,

9permissions, plugins, Computer Use, browser setup, and local tools.9permissions, plugins, Computer Use, browser setup, and local tools.

25 25 

26## Before you set up mobile access26## Before you set up mobile access

27 27 

28Codex mobile setup currently requires the Codex App for macOS. The Codex App28Codex mobile setup supports Codex App hosts on macOS and Windows. You can

29for Windows does not support mobile setup yet.29control a Windows host from ChatGPT on iOS or Android, or from a Mac running

30Codex. Windows can’t currently control another computer from the Codex App.

30 31 

31Make sure you have:32Make sure you have:

32 33 

33- Codex access in the ChatGPT account and workspace you want to use.34- Codex access in the ChatGPT account and workspace you want to use.

34- The latest ChatGPT mobile app on an iOS or Android device. If you do not see35- The latest ChatGPT mobile app on an iOS or Android device. If you don’t see

35 Codex in the ChatGPT mobile app, update ChatGPT first.36 Codex in the ChatGPT mobile app, update ChatGPT first.

36- The latest Codex App for macOS running on a Mac host that is awake, online,37- The latest Codex App for macOS or Windows running on a host that’s awake,

37 and signed in to the same account and workspace. Mobile setup starts from the38 online, and signed in to the same account and workspace. Mobile setup starts

38 Codex App; you cannot set it up from the Codex CLI or IDE Extension.39 from the Codex App; you can’t set it up from the Codex CLI or IDE Extension.

39- Any required multi-factor authentication, SSO, or passkey configuration for40- Any required multi-factor authentication, SSO, or passkey configuration for

40 that account or workspace.41 that account or workspace.

41 42 

67 devices. You can also choose whether to keep the computer awake, enable68 devices. You can also choose whether to keep the computer awake, enable

68 Computer Use, or install the Chrome extension.69 Computer Use, or install the Chrome extension.

69 70 

70![Connections settings showing devices that can control this Mac and remote access settings](/images/codex/app/mobile-control-this-mac-framed-light.webp)71![Connections settings showing devices that can control this host and remote access settings](/images/codex/app/mobile-control-this-mac-framed-light.webp)

71 72 

72## Choose what to connect73## Choose what to connect

73 74 

74Start with the Mac laptop or desktop where you already use Codex. Add an75Start with the laptop or desktop where you already use Codex. Add an always-on

75always-on Mac or SSH host when you need continuous access or a different76computer or SSH host when you need continuous access or a different environment.

76environment.

77 77 

78### Your Mac laptop or desktop78### Your laptop or desktop

79 79 

80Connect the Mac where you already run Codex day to day. This gives remote access80Connect the Mac or Windows PC where you already run Codex day to day. This gives

81to the same projects, threads, credentials, plugins, and local setup you already81remote access to the same projects, threads, credentials, plugins, and local

82use.82setup you already use.

83 83 

84If that Mac sleeps, loses network access, or closes Codex, remote access stops84If that computer sleeps, loses network access, or closes Codex, remote access

85until it is available again. If you use this computer as your host device, keep85stops until it’s available again. If you use this computer as your host device,

86it plugged in and turn on **Keep this Mac awake** in the host’s connection86keep it plugged in and use the host’s connection settings to keep it awake where

87settings.87available.

88 88 

89On a Mac laptop, remote access can stay available with the lid open while the89On a Mac laptop, remote access can stay available with the lid open and power

90computer is plugged in. With the lid closed, connect an external display as90connected. With the lid closed, connect an external display as well. Choosing

91well. Choosing **Sleep** still stops remote access.91**Sleep** still stops remote access.

92 92 

93### A dedicated always-on Mac93On a Windows host, keep the session unlocked and available for tasks that use

94[Computer Use](https://developers.openai.com/codex/app/computer-use). Computer use on Windows runs in the

95foreground, so remote control is best for starting or checking work while you

96dedicate the host desktop to the task.

94 97 

95Use a dedicated always-on Mac when you want Codex to stay reachable for98### A dedicated always-on computer

96longer-running work.99 

100Use a dedicated always-on Mac or Windows PC when you want Codex to stay

101reachable for longer-running work.

97 102 

98Install the projects, credentials, plugins, MCP servers, and tools Codex should103Install the projects, credentials, plugins, MCP servers, and tools Codex should

99use on that machine.104use on that machine.

100 105 

101### A remote development environment106### A remote development environment

102 107 

103Use an SSH host or managed devbox when the project already lives in a remote108Use an SSH host or managed remote development environment when the project

104environment. Connect the Codex App host to that environment first; your phone109already lives in a remote environment. Connect the Codex App host to that

105still connects to the Codex App host, and Codex works in the remote environment110environment first; your phone still connects to the Codex App host, and Codex

106with its dependencies, security policies, and compute resources.111works in the remote environment with its dependencies, security policies, and

112compute resources.

107 113 

108For SSH setup details, see [connect to an SSH host](#connect-to-an-ssh-host).114For SSH setup details, see [connect to an SSH host](#connect-to-an-ssh-host).

109 115 

110For browser or desktop tasks on an always-on Mac or remote host, enable116For browser or desktop tasks on an always-on computer or remote host, enable

111Computer Use and install the Chrome extension on that host.117Computer Use and install the Chrome extension on that host.

112 118 

113## What comes from the connected host119## What comes from the connected host

124 configuration.130 configuration.

125- Signed-in websites and desktop apps are available only when the host can131- Signed-in websites and desktop apps are available only when the host can

126 access them.132 access them.

127- Sandboxing, security controls, and action approvals still apply to the133- The sandboxing settings, security controls, and action approvals still apply

128 connected session.134 to the connected session.

129 135 

130Codex uses a secure relay layer to keep trusted machines reachable across your136Codex uses a secure relay layer to keep trusted machines reachable across your

131authorized ChatGPT devices without exposing them directly to the public137authorized ChatGPT devices without exposing them directly to the public

133 139 

134## Pick up work from another device140## Pick up work from another device

135 141 

136You can continue work from another signed-in Codex App device. For example, if142You can continue work from another signed-in Codex App device that supports

137your laptop is unavailable, you can start a thread from your phone on an143remote control. For example, if your laptop is unavailable, you can start

138always-on host, then later open Codex on your laptop and continue that same144a thread from your phone on an always-on host, then later open Codex on your

139thread there.145laptop and continue that same thread there.

140 146 

141In Codex on the laptop, use **Settings > Connections > Control other devices**147In Codex on a Mac, use **Settings > Connections > Control other devices** to add

142to add the other host. A device can allow remote access and control another148the other host. A device can allow remote access and control another device at

143device at the same time.149the same time. You can control Windows hosts from a Mac or from ChatGPT on iOS

150or Android, but you can’t use Windows to control another computer. For example,

151you can control a Windows device from your Mac or phone, but you can’t use a

152Windows device to control another Windows device.

144 153 

145![Connections settings showing another device available under Control other devices](/images/codex/app/mobile-control-other-devices-framed-light.webp)154![Connections settings showing another device available under Control other devices](/images/codex/app/mobile-control-other-devices-framed-light.webp)

146 155 

191 200 

192## Troubleshooting201## Troubleshooting

193 202 

194### You do not see the host on your phone203### You don’t see the host on your phone

195 204 

196Confirm that the Codex App is running on the host, **Allow other devices to205Confirm that the Codex App is running on the host, you’ve enabled **Allow other

197connect** is enabled, and the same ChatGPT account and workspace are selected on206devices to connect**, and both devices use the same ChatGPT account and

198both devices.207workspace.

199 208 

200### The approval request does not appear209### The approval request doesn’t appear

201 210 

202Open Codex in the ChatGPT mobile app. Confirm that the phone and host use the211Open Codex in the ChatGPT mobile app. Confirm that the phone and host use the

203same ChatGPT account and workspace, then scan the QR code again or restart setup212same ChatGPT account and workspace, then scan the QR code again or restart setup

204from the host. If you use a ChatGPT workspace, ask your admin to confirm that213from the host. If you use a ChatGPT workspace, ask your admin to confirm that

205Remote Control access is enabled.214they’ve enabled Remote Control access.

206 215 

207### The remote session disconnects216### The remote session disconnects

208 217 

214Complete the account or workspace authentication prompt shown during setup. If223Complete the account or workspace authentication prompt shown during setup. If

215your organization requires SSO, multi-factor authentication, or a passkey,224your organization requires SSO, multi-factor authentication, or a passkey,

216finish that flow before trying again. If setup still fails, ask your workspace225finish that flow before trying again. If setup still fails, ask your workspace

217admin to confirm that Remote Control access is enabled.226admin to confirm that they’ve enabled Remote Control access.

218 227 

219## See also228## See also

220 229