Documentation 2026-05-30 07:08 UTC to 2026-06-02 19:22 UTC

1# Use Codex with Amazon Bedrock

2 

3Configure Codex to use OpenAI models available through Amazon Bedrock. In this

4setup, Codex runs locally and sends model requests to Bedrock using

5AWS-managed authentication and access controls.

6 

7## How it works

8 

9When you configure Codex with Amazon Bedrock as the model provider, the

10OpenAI-hosted Responses API isn’t in the request path. Codex sends model

11requests to Amazon Bedrock, and Bedrock provides an OpenAI-compatible Responses

12API implementation for supported OpenAI models.

13 

14Authentication is AWS-native. Users authenticate with a Bedrock API key or AWS

15IAM credentials. They do not use ChatGPT sign-in or `OPENAI_API_KEY` for this

16provider.

17 

18## Before you start

19 

20Make sure you have:

21 

22- Access to supported OpenAI models in Amazon Bedrock.

23- An AWS Region where the selected model is available.

24- Authentication for the Amazon Bedrock Mantle path configured for the AWS

25 account.

26 

27## Configure Codex

28 

29Add the `amazon-bedrock` model provider for the Amazon Bedrock Mantle path to

30`~/.codex/config.toml`. Supplying a model is optional. Select a supported model

31explicitly when needed.

32 

33```

34model_provider = "amazon-bedrock"

35```

36 

37This guide covers the Amazon Bedrock Mantle path in supported commercial AWS

38Regions. Codex doesn’t support Bedrock Mantle endpoints in AWS GovCloud

39Regions.

40 

41## Authentication options

42 

43Codex supports two Bedrock authentication paths. It checks them in this order:

44 

451. Bedrock API key.

462. AWS SDK credential chain.

47 

48### Option 1: Bedrock API key

49 

50Set the Bedrock API key in the environment Codex reads. You must specify a

51Region when using API-key authentication.

52 

53```

54export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>

55export AWS_REGION=us-east-2

56```

57 

58### Option 2: AWS SDK credentials

59 

60Use this path when your organization manages Bedrock access through the AWS SDK

61credential chain. Codex can use these standard AWS SDK credential sources:

62 

631. Shared AWS `config` and `credentials` files.

64 

65 ```

66 aws configure

67 ```

682. Environment variables.

69 

70 ```

71 export AWS_ACCESS_KEY_ID=<your-access-key-id>

72 export AWS_SECRET_ACCESS_KEY=<your-secret-access-key>

73 export AWS_SESSION_TOKEN=<your-session-token>

74 ```

753. AWS Management Console credentials.

76 

77 ```

78 aws login

79 ```

804. AWS SSO or a named profile.

81 

82 ```

83 aws sso login --profile codex-bedrock

84 export AWS_PROFILE=codex-bedrock

85 ```

865. Federated identity configured with `credential_process`. For corporate SSO or

87 OIDC federation, configure the AWS profile outside Codex and let the AWS SDK

88 resolve credentials. Put browser login, token exchange, caching, and refresh

89 in your AWS profile’s `credential_process` helper.

90 

91## Desktop app and VS Code extension

92 

93Desktop apps and IDE extensions may not inherit environment variables from the

94shell. Put required values in `~/.codex/.env`, then restart the app or

95extension.

96 

97```

98export AWS_BEARER_TOKEN_BEDROCK=<your-bedrock-api-key>

99export AWS_REGION=us-east-2

100```

101 

102## Verify setup

103 

104- In Codex CLI, open `/status` and confirm Codex is using the

105 `amazon-bedrock` model provider.

106- In the desktop app or VS Code extension, start a new session after restarting

107 the app.

108- Confirm the selected model is available in the configured AWS Region and that

109 the AWS identity has permission to access it.

110 

111## Supported models

112 

113Use exact model IDs:

114 

115```

116openai.gpt-5.5

117openai.gpt-5.4

118```

119 

120Model availability varies by AWS Region. Before selecting a model, see [model

121support by AWS

122Region](https://docs.aws.amazon.com/bedrock/latest/userguide/models-region-compatibility.html).

123 

124## Feature availability

125 

126This configuration supports local Codex workflows. Some features that depend on

127OpenAI-hosted cloud services, hosted tools, or cloud-managed discovery aren’t

128currently available.

129 

130Fast Mode isn’t available with Amazon Bedrock. Fast Mode uses priority

131processing, and the initial Amazon Bedrock offering supports on-demand

132inference only.

133 

134Detailed feature availability

135 

136| Feature | Amazon Bedrock |

137| --- | --- |

138| Access and surfaces | |

139| --- | --- |

140| [Codex web](https://developers.openai.com/codex/cloud) | — |

141| [Codex app for local tasks](https://developers.openai.com/codex/app) | |

142| [Codex CLI](https://developers.openai.com/codex/cli) | |

143| [IDE extension](https://developers.openai.com/codex/ide) | |

144| [Codex SDK, `codex exec`, and scriptable workflows](https://developers.openai.com/codex/sdk) | |

145| Models and multimodal | |

146| [Bedrock-backed inference with supported OpenAI models](https://developers.openai.com/codex/amazon-bedrock) | |

147| [Fast mode](https://developers.openai.com/codex/speed) | — |

148| [Image generation and editing](https://developers.openai.com/codex/app/features#image-generation) | — |

149| [Voice dictation](https://developers.openai.com/codex/app/features#voice-dictation) | — |

150| [Web search](https://developers.openai.com/codex/app/features#web-search) | — |

151| Local features | |

152| [Local code review with `/review`](https://developers.openai.com/codex/workflows#do-a-local-code-review) | |

153| [Auto-review for approval requests](https://developers.openai.com/codex/concepts/sandboxing/auto-review) | |

154| [Sandboxing and permission controls](https://developers.openai.com/codex/permissions) | |

155| [Project and standalone app automations](https://developers.openai.com/codex/app/automations) | |

156| [Automations](https://developers.openai.com/codex/app/automations) | |

157| [Worktrees and built-in Git tools](https://developers.openai.com/codex/app/worktrees) | |

158| [Local environments and repeatable actions](https://developers.openai.com/codex/app/local-environments) | |

159| [Appshots](https://developers.openai.com/codex/appshots) | |

160| Browser and remote control | |

161| [In-app browser previews and comments](https://developers.openai.com/codex/app/browser) | |

162| [Browser Use automation](https://developers.openai.com/codex/app/browser#browser-use) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |

163| [Chrome extension browser control](https://developers.openai.com/codex/app/chrome-extension) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |

164| [Computer Use](https://developers.openai.com/codex/app/computer-use) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |

165| [SSH remote connections](https://developers.openai.com/codex/remote-connections#connect-to-an-ssh-host) | |

166| [Mobile remote control](https://developers.openai.com/codex/remote-connections) | — |

167| Customization and extensions | |

168| [Custom instructions with `AGENTS.md`](https://developers.openai.com/codex/guides/agents-md) | |

169| [Skills](https://developers.openai.com/codex/skills) | |

170| [Plugins](https://developers.openai.com/codex/plugins) | [Limited†](#codex-plan-plugin-limits "Available with plugin limits") |

171| [Plugin sharing](https://developers.openai.com/codex/plugins/build#share-a-local-plugin-with-your-workspace) | — |

172| [App connectors](https://developers.openai.com/codex/plugins) | — |

173| [MCP](https://developers.openai.com/codex/mcp) | |

174| [Subagents and custom agents](https://developers.openai.com/codex/subagents) | |

175| [Memories](https://developers.openai.com/codex/memories) | [Limited\*](#codex-plan-region-limits "Available with regional limits") |

176| [Chronicle](https://developers.openai.com/codex/memories/chronicle) | — |

177| Cloud and integrations | |

178| [Codex cloud tasks](https://developers.openai.com/codex/cloud) | — |

179| [Sites](https://developers.openai.com/codex/sites) | — |

180| [GitHub issue and PR delegation with `@codex`](https://developers.openai.com/codex/integrations/github#give-codex-other-tasks) | — |

181| [GitHub code review and automatic PR reviews](https://developers.openai.com/codex/integrations/github) | — |

182| [Slack cloud integration](https://developers.openai.com/codex/integrations/slack) | — |

183| [Linear cloud integration](https://developers.openai.com/codex/integrations/linear) | — |

184| Admin, security, and analytics | |

185| [SAML SSO, MFA, and workspace user management](https://developers.openai.com/codex/enterprise/admin-setup) | — |

186| [`requirements.toml` managed config](https://developers.openai.com/codex/enterprise/managed-configuration) | |

187| [Cloud-managed config policies](https://developers.openai.com/codex/enterprise/managed-configuration#cloud-managed-requirements) | — |

188| [Codex RBAC and custom roles](https://developers.openai.com/codex/enterprise/admin-setup#step-2-set-up-custom-roles-rbac) | — |

189| [SCIM, EKM, and domain verification](https://developers.openai.com/codex/enterprise/admin-setup#enterprise-grade-security-and-privacy) | — |

190| [Enterprise retention and residency controls](https://developers.openai.com/codex/enterprise/admin-setup#enterprise-grade-security-and-privacy) | — |

191| [No training on API or business data by default](https://openai.com/business-data/) | |

192| [Analytics dashboard](https://developers.openai.com/codex/enterprise/governance#analytics-dashboard) | — |

193| [Analytics API](https://developers.openai.com/codex/enterprise/governance#analytics-api) | — |

194| [Compliance API and audit logs](https://developers.openai.com/codex/enterprise/governance#compliance-api) | — |

195| [Codex Security for connected GitHub repositories](https://developers.openai.com/codex/security) | — |

196 

197\* Feature is currently limited to only specific regions. Check

198the individual feature documentation to learn more about geo restrictions.

199 

200† Some first party plugins are not available.

201 

202## Troubleshooting

203 

204If setup fails, check the following:

205 

206- The model ID exactly matches a supported model.

207- You specify an AWS Region where the model is available.

208- The Bedrock API key or AWS credentials are valid and not expired.

209- The AWS identity has permission to access the selected Bedrock model.

210- `AWS_BEARER_TOKEN_BEDROCK` isn’t set to an expired or unintended key.

211- For desktop app or VS Code extension usage, required environment variables

212 are present in `~/.codex/.env`.

213 

214## Support boundaries

215 

216OpenAI Support can help with Codex client setup, configuration, local CLI

217behavior, desktop app behavior, IDE extension behavior, and the local Codex

218product experience.

219 

220For AWS credentials, IAM permissions, Bedrock model access, quotas, billing,

221regional availability, Bedrock request failures, AWS service logs, or Bedrock

222service behavior, contact the customer’s AWS administrator or AWS Support.

223 

12 12 

13The Codex app is available on macOS and Windows.13The Codex app is available on macOS and Windows.

14 14 

15Most Codex app features are available on both platforms. Platform-specific15Most Codex app features are available on both platforms. The relevant docs

16exceptions are noted in the relevant docs.16describe platform-specific exceptions.

17 17 

181. Download and install the Codex app181. Download and install the Codex app

19 19 

30 30 

31 Once you downloaded and installed the Codex app, open it and sign in with your ChatGPT account or an OpenAI API key.31 Once you downloaded and installed the Codex app, open it and sign in with your ChatGPT account or an OpenAI API key.

32 32 

33 If you sign in with an OpenAI API key, some functionality such as [cloud threads](https://developers.openai.com/codex/prompting#threads) might not be available.33 If you sign in with an OpenAI API key, [some functionality might not be available](https://developers.openai.com/codex/pricing#feature-availability).

343. Select a project343. Select a project

35 35 

36 Choose a project folder that you want Codex to work in.36 Choose a project folder that you want Codex to work in.

83 83 

84Follow plans, sources, task summaries, and generated file previews.](https://developers.openai.com/codex/app/features#richer-outputs-and-artifacts)[### Plugins84Follow plans, sources, task summaries, and generated file previews.](https://developers.openai.com/codex/app/features#richer-outputs-and-artifacts)[### Plugins

85 85 

86Connect apps, skills, and MCP servers to extend what Codex can do.](https://developers.openai.com/codex/plugins)[### IDE Extension sync86Connect apps, skills, and MCP servers to extend what Codex can do.](https://developers.openai.com/codex/plugins)[### Sites

87 

88Build and deploy hosted websites, web apps, and games with the Sites plugin.](https://developers.openai.com/codex/sites)[### IDE Extension sync

87 89 

88Share Auto Context and active threads across app and IDE sessions.](https://developers.openai.com/codex/app/features#sync-with-the-ide-extension)90Share Auto Context and active threads across app and IDE sessions.](https://developers.openai.com/codex/app/features#sync-with-the-ide-extension)

89 91 

33 33 

34OpenAI bills API key usage through your OpenAI Platform account at standard API rates. See the [API pricing page](https://openai.com/api/pricing/).34OpenAI bills API key usage through your OpenAI Platform account at standard API rates. See the [API pricing page](https://openai.com/api/pricing/).

35 35 

36Features that rely on ChatGPT credits, such as [fast mode](https://developers.openai.com/codex/speed), are36API key authentication supports local Codex workflows, but some features that

37available only when you sign in with ChatGPT. If you sign in with an API key,37rely on ChatGPT workspace access or cloud services are limited or unavailable.

38Codex uses standard API pricing instead.38Compare support by plan in

39[Feature availability](https://developers.openai.com/codex/pricing#feature-availability).

40 

41When you sign in with an API key, Codex uses standard API pricing instead of

42included ChatGPT plan credits.

39 43 

40We recommend API key authentication for programmatic Codex CLI workflows, such44We recommend API key authentication for programmatic Codex CLI workflows, such

41as CI/CD jobs. Don’t expose Codex execution in untrusted or public environments.45as CI/CD jobs. Don’t expose Codex execution in untrusted or public environments.

72codex app-server --listen ws://0.0.0.0:4500 --ws-auth capability-token --ws-token-file "$TOKEN_FILE"72codex app-server --listen ws://0.0.0.0:4500 --ws-auth capability-token --ws-token-file "$TOKEN_FILE"

73```73```

74 74 

75`--remote` accepts explicit `ws://host:port` and `wss://host:port` addresses.75`--remote` accepts explicit `ws://host:port`, `wss://host:port`, `unix://`, and

76Plain WebSocket connections are appropriate for localhost and SSH76`unix://PATH` addresses. Use `unix://` for Codex’s default local Unix socket or

77port-forwarding workflows. For non-local clients, use WebSocket auth and put the77`unix://PATH` for an explicit local socket path. Plain WebSocket connections are

78connection behind TLS.78appropriate for localhost and SSH port-forwarding workflows. For non-local

79clients, use WebSocket auth and put the connection behind TLS.

79 80 

80Codex supports these WebSocket authentication modes:81Codex supports these WebSocket authentication modes:

81 82 

87 88 

88The TUI sends the remote auth token as an `Authorization: Bearer <token>` header89The TUI sends the remote auth token as an `Authorization: Bearer <token>` header

89during the WebSocket handshake. Codex only accepts remote auth tokens over90during the WebSocket handshake. Codex only accepts remote auth tokens over

90`wss://` URLs or loopback `ws://` URLs.91`wss://` URLs or local-only `ws://` URLs.

91 92 

92```93```

93export CODEX_REMOTE_TOKEN="$(cat "$TOKEN_FILE")"94export CODEX_REMOTE_TOKEN="$(cat "$TOKEN_FILE")"

101 102 

102## Models and reasoning103## Models and reasoning

103 104 

104For most tasks in Codex, `gpt-5.5` is the recommended model. It is OpenAI’s newest frontier model for complex coding, computer105For most tasks in Codex, `gpt-5.5` is the recommended model. It’s OpenAI’s newest frontier model for complex coding, computer

105use, knowledge work, and research workflows, with stronger planning, tool use,106use, knowledge work, and research workflows, with stronger planning, tool use,

106and follow-through on multi-step tasks. For extra fast tasks, ChatGPT Pro subscribers have107and follow-through on multi-step tasks. For extra fast tasks, ChatGPT Pro subscribers have

107access to the GPT-5.3-Codex-Spark model in research preview.108access to the GPT-5.3-Codex-Spark model in research preview.

124codex features disable shell_snapshot125codex features disable shell_snapshot

125```126```

126 127 

127`codex features enable <feature>` and `codex features disable <feature>` write to `~/.codex/config.toml`. If you launch Codex with `--profile profile-name`, Codex writes to `$CODEX_HOME/profile-name.config.toml` instead.128`codex features enable <feature>` and `codex features disable <feature>` write

129to `$CODEX_HOME/config.toml`. The `features` subcommand doesn’t accept

130`--profile`.

128 131 

129## Subagents132## Subagents

130 133 

16| `--add-dir` | `path` | Grant additional directories write access alongside the main workspace. Repeat for multiple paths. |16| `--add-dir` | `path` | Grant additional directories write access alongside the main workspace. Repeat for multiple paths. |

17| `--ask-for-approval, -a` | `untrusted | on-request | never` | Control when Codex pauses for human approval before running a command. `on-failure` is deprecated; prefer `on-request` for interactive runs or `never` for non-interactive runs. |17| `--ask-for-approval, -a` | `untrusted | on-request | never` | Control when Codex pauses for human approval before running a command. `on-failure` is deprecated; prefer `on-request` for interactive runs or `never` for non-interactive runs. |

18| `--cd, -C` | `path` | Set the working directory for the agent before it starts processing your request. |18| `--cd, -C` | `path` | Set the working directory for the agent before it starts processing your request. |

19| `--config, -c` | `key=value` | Override configuration values. Values parse as JSON if possible; otherwise the literal string is used. |19| `--config, -c` | `key=value` | Override configuration values. Values parse as TOML if possible; otherwise the literal string is used. |

20| `--dangerously-bypass-approvals-and-sandbox, --yolo` | `boolean` | Run every command without approvals or sandboxing. Only use inside an externally hardened environment. |20| `--dangerously-bypass-approvals-and-sandbox, --yolo` | `boolean` | Run every command without approvals or sandboxing. Only use inside an externally hardened environment. |

21| `--dangerously-bypass-hook-trust` | `boolean` | Run enabled hooks without requiring persisted hook trust for this invocation. Intended only for automation that already vets hook sources. |21| `--dangerously-bypass-hook-trust` | `boolean` | Run enabled hooks without requiring persisted hook trust for this invocation. Intended only for automation that already vets hook sources. |

22| `--disable` | `feature` | Force-disable a feature flag (translates to `-c features.<name>=false`). Repeatable. |22| `--disable` | `feature` | Force-disable a feature flag (translates to `-c features.<name>=false`). Repeatable. |

26| `--no-alt-screen` | `boolean` | Disable alternate screen mode for the TUI (overrides `tui.alternate_screen` for this run). |26| `--no-alt-screen` | `boolean` | Disable alternate screen mode for the TUI (overrides `tui.alternate_screen` for this run). |

27| `--oss` | `boolean` | Use the local open source model provider (equivalent to `-c model_provider="oss"`). Validates that Ollama is running. |27| `--oss` | `boolean` | Use the local open source model provider (equivalent to `-c model_provider="oss"`). Validates that Ollama is running. |

28| `--profile, -p` | `string` | Layer `$CODEX_HOME/profile-name.config.toml` on top of the base user config. |28| `--profile, -p` | `string` | Layer `$CODEX_HOME/profile-name.config.toml` on top of the base user config. |

29| `--remote` | `ws://host:port | wss://host:port` | Connect the interactive TUI to a remote app-server WebSocket endpoint. Supported for `codex`, `codex resume`, and `codex fork`; other subcommands reject remote mode. |29| `--remote` | `ws://host:port | wss://host:port | unix:// | unix://PATH` | Connect the interactive TUI to a remote app-server endpoint over WebSocket or a Unix socket. Supported for `codex`, `codex resume`, and `codex fork`; other subcommands reject remote mode. |

30| `--remote-auth-token-env` | `ENV_VAR` | Read a bearer token from this environment variable and send it when connecting with `--remote`. Requires `--remote`; tokens are only sent over `wss://` URLs or `ws://` URLs whose host is `localhost`, `127.0.0.1`, or `::1`. |30| `--remote-auth-token-env` | `ENV_VAR` | Read a bearer token from this environment variable and send it when connecting with `--remote`. Requires `--remote`; tokens are only sent over `wss://` URLs or local-only `ws://` URLs. |

31| `--sandbox, -s` | `read-only | workspace-write | danger-full-access` | Select the sandbox policy for model-generated shell commands. |31| `--sandbox, -s` | `read-only | workspace-write | danger-full-access` | Select the sandbox policy for model-generated shell commands. |

32| `--search` | `boolean` | Enable live web search (sets `web_search = "live"` instead of the default `"cached"`). |32| `--search` | `boolean` | Enable live web search (sets `web_search = "live"` instead of the default `"cached"`). |

33| `--strict-config` | `boolean` | Error when `config.toml` contains fields this Codex version does not recognize. Supported by runtime commands such as `codex`, `exec`, `review`, `resume`, `fork`, `app-server`, `mcp-server`, and `exec-server`. |

33| `PROMPT` | `string` | Optional text instruction to start the session. Omit to launch the TUI without a pre-filled message. |34| `PROMPT` | `string` | Optional text instruction to start the session. Omit to launch the TUI without a pre-filled message. |

34 35 

35Key36Key

78 79 

79Details80Details

80 81 

81Override configuration values. Values parse as JSON if possible; otherwise the literal string is used.82Override configuration values. Values parse as TOML if possible; otherwise the literal string is used.

82 83 

83Key84Key

84 85 

194 195 

195Type / Values196Type / Values

196 197 

197`ws://host:port | wss://host:port`198`ws://host:port | wss://host:port | unix:// | unix://PATH`

198 199 

199Details200Details

200 201 

201Connect the interactive TUI to a remote app-server WebSocket endpoint. Supported for `codex`, `codex resume`, and `codex fork`; other subcommands reject remote mode.202Connect the interactive TUI to a remote app-server endpoint over WebSocket or a Unix socket. Supported for `codex`, `codex resume`, and `codex fork`; other subcommands reject remote mode.

202 203 

203Key204Key

204 205 

210 211 

211Details212Details

212 213 

213Read a bearer token from this environment variable and send it when connecting with `--remote`. Requires `--remote`; tokens are only sent over `wss://` URLs or `ws://` URLs whose host is `localhost`, `127.0.0.1`, or `::1`.214Read a bearer token from this environment variable and send it when connecting with `--remote`. Requires `--remote`; tokens are only sent over `wss://` URLs or local-only `ws://` URLs.

214 215 

215Key216Key

216 217 

238 239 

239Key240Key

240 241 

242`--strict-config`

243 

244Type / Values

245 

246`boolean`

247 

248Details

249 

250Error when `config.toml` contains fields this Codex version does not recognize. Supported by runtime commands such as `codex`, `exec`, `review`, `resume`, `fork`, `app-server`, `mcp-server`, and `exec-server`.

251 

252Key

253 

241`PROMPT`254`PROMPT`

242 255 

243Type / Values256Type / Values

250 263 

251Expand to view all264Expand to view all

252 265 

253These options apply to the base `codex` command and propagate to each subcommand unless a section below specifies otherwise.266These options apply to the base `codex` command. Most propagate to commands;

254When you run a subcommand, place global flags after it (for example, `codex exec --oss ...`) so Codex applies them as intended.267see the notes above or the relevant command help for exceptions. For propagated

268flags, follow the relevant command help. For example, `codex exec --oss ...`

269applies `--oss` to `exec`.

255 270 

256## Command overview271## Command overview

257 272 

269| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |284| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |

270| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |285| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |

271| [`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models) | Experimental | Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog. |286| [`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models) | Experimental | Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog. |

287| [`codex doctor`](https://developers.openai.com/codex/cli/reference#codex-doctor) | Stable | Generate a diagnostic report for local installation, config, auth, runtime, Git, terminal, app-server, and thread inventory issues. |

272| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |288| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |

273| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |289| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |

274| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |290| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |

381 397 

382Key398Key

383 399 

400[`codex doctor`](https://developers.openai.com/codex/cli/reference#codex-doctor)

401 

402Maturity

403 

404Stable

405 

406Details

407 

408Generate a diagnostic report for local installation, config, auth, runtime, Git, terminal, app-server, and thread inventory issues.

409 

410Key

411 

384[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)412[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)

385 413 

386Maturity414Maturity

543 571 

544Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing. For low-friction local work, use `--sandbox workspace-write --ask-for-approval on-request`.572Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing. For low-friction local work, use `--sandbox workspace-write --ask-for-approval on-request`.

545 573 

546Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication.574Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. For a local Unix socket, use `--remote unix://` for the default socket or `--remote unix://PATH` for an explicit path. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication.

547 575 

548### `codex app-server`576### `codex app-server`

549 577 

558| `--ws-issuer` | `string` | Expected `iss` claim for signed bearer tokens. Requires `--ws-auth signed-bearer-token`. |586| `--ws-issuer` | `string` | Expected `iss` claim for signed bearer tokens. Requires `--ws-auth signed-bearer-token`. |

559| `--ws-max-clock-skew-seconds` | `number` | Clock skew allowance when validating signed bearer token `exp` and `nbf` claims. Requires `--ws-auth signed-bearer-token`. |587| `--ws-max-clock-skew-seconds` | `number` | Clock skew allowance when validating signed bearer token `exp` and `nbf` claims. Requires `--ws-auth signed-bearer-token`. |

560| `--ws-shared-secret-file` | `absolute path` | File containing the HMAC shared secret used to validate signed JWT bearer tokens. Required with `--ws-auth signed-bearer-token`. |588| `--ws-shared-secret-file` | `absolute path` | File containing the HMAC shared secret used to validate signed JWT bearer tokens. Required with `--ws-auth signed-bearer-token`. |

561| `--ws-token-file` | `absolute path` | File containing the shared capability token. Required with `--ws-auth capability-token`. |589| `--ws-token-file` | `absolute path` | File containing the shared capability token. Use with `--ws-auth capability-token` unless you provide `--ws-token-sha256` instead. |

590| `--ws-token-sha256` | `hexadecimal SHA-256 digest` | Expected SHA-256 digest for capability-token authentication. Use instead of `--ws-token-file` when the client token comes from another source. |

562 591 

563Key592Key

564 593 

654 683 

655Details684Details

656 685 

657File containing the shared capability token. Required with `--ws-auth capability-token`.686File containing the shared capability token. Use with `--ws-auth capability-token` unless you provide `--ws-token-sha256` instead.

687 

688Key

689 

690`--ws-token-sha256`

691 

692Type / Values

693 

694`hexadecimal SHA-256 digest`

695 

696Details

697 

698Expected SHA-256 digest for capability-token authentication. Use instead of `--ws-token-file` when the client token comes from another source.

658 699 

659`codex app-server --listen stdio://` keeps the default JSONL-over-stdio behavior. `--listen ws://IP:PORT` enables WebSocket transport for app-server clients. The server accepts `ws://` listen URLs; use TLS termination or a secure proxy when clients connect with `wss://`. Use `--listen unix://` to accept WebSocket handshakes on Codex’s default Unix socket, or `--listen unix:///absolute/path.sock` to choose a socket path. If you generate schemas for client bindings, add `--experimental` to include gated fields and methods.700`codex app-server --listen stdio://` keeps the default JSONL-over-stdio behavior. `--listen ws://IP:PORT` enables WebSocket transport for app-server clients. The server accepts `ws://` listen URLs; use TLS termination or a secure proxy when clients connect with `wss://`. Use `--listen unix://` to accept WebSocket handshakes on Codex’s default Unix socket, or `--listen unix:///absolute/path.sock` to choose a socket path. If you generate schemas for client bindings, add `--experimental` to include gated fields and methods.

660 701 

897 938 

898Shell to generate completions for. Output prints to stdout.939Shell to generate completions for. Output prints to stdout.

899 940 

941### `codex doctor`

942 

943Generate a local diagnostic report before filing a support issue or

944while investigating a broken Codex installation. The report checks installation,

945configuration, authentication, runtime, Git, terminal, app-server, and thread

946inventory health.

947 

948| Key | Type / Values | Details |

949| --- | --- | --- |

950| `--all` | `boolean` | Expand long lists in the detailed human-readable report. |

951| `--ascii` | `boolean` | Use ASCII status labels and separators in human-readable output. |

952| `--json` | `boolean` | Emit a redacted machine-readable support report. |

953| `--no-color` | `boolean` | Disable ANSI color in human-readable output. |

954| `--summary` | `boolean` | Show grouped check rows and the final count summary only. |

955 

956Key

957 

958`--all`

959 

960Type / Values

961 

962`boolean`

963 

964Details

965 

966Expand long lists in the detailed human-readable report.

967 

968Key

969 

970`--ascii`

971 

972Type / Values

973 

974`boolean`

975 

976Details

977 

978Use ASCII status labels and separators in human-readable output.

979 

980Key

981 

982`--json`

983 

984Type / Values

985 

986`boolean`

987 

988Details

989 

990Emit a redacted machine-readable support report.

991 

992Key

993 

994`--no-color`

995 

996Type / Values

997 

998`boolean`

999 

1000Details

1001 

1002Disable ANSI color in human-readable output.

1003 

1004Key

1005 

1006`--summary`

1007 

1008Type / Values

1009 

1010`boolean`

1011 

1012Details

1013 

1014Show grouped check rows and the final count summary only.

1015 

900### `codex features`1016### `codex features`

901 1017 

902Manage feature flags stored in `~/.codex/config.toml` or the selected profile file. The `enable` and `disable` commands persist changes so they apply to future sessions. When you launch with `--profile profile-name`, Codex writes to `$CODEX_HOME/profile-name.config.toml` instead of the base user config.1018Manage feature flags stored in `$CODEX_HOME/config.toml`. The `enable` and

1019`disable` commands persist changes so they apply to future sessions. The

1020`features` subcommand doesn’t accept `--profile`.

903 1021 

904| Key | Type / Values | Details |1022| Key | Type / Values | Details |

905| --- | --- | --- |1023| --- | --- | --- |

906| `Disable subcommand` | `codex features disable <feature>` | Persistently disable a feature flag in the active config file. With `--profile profile-name`, writes to `$CODEX_HOME/profile-name.config.toml`. |1024| `Disable subcommand` | `codex features disable <feature>` | Persistently disable a feature flag in `$CODEX_HOME/config.toml`. |

907| `Enable subcommand` | `codex features enable <feature>` | Persistently enable a feature flag in the active config file. With `--profile profile-name`, writes to `$CODEX_HOME/profile-name.config.toml`. |1025| `Enable subcommand` | `codex features enable <feature>` | Persistently enable a feature flag in `$CODEX_HOME/config.toml`. |

908| `List subcommand` | `codex features list` | Show known feature flags, their maturity stage, and their effective state. |1026| `List subcommand` | `codex features list` | Show known feature flags, their maturity stage, and their effective state. |

909 1027 

910Key1028Key

917 1035 

918Details1036Details

919 1037 

920Persistently disable a feature flag in the active config file. With `--profile profile-name`, writes to `$CODEX_HOME/profile-name.config.toml`.1038Persistently disable a feature flag in `$CODEX_HOME/config.toml`.

921 1039 

922Key1040Key

923 1041 

929 1047 

930Details1048Details

931 1049 

932Persistently enable a feature flag in the active config file. With `--profile profile-name`, writes to `$CODEX_HOME/profile-name.config.toml`.1050Persistently enable a feature flag in `$CODEX_HOME/config.toml`.

933 1051 

934Key1052Key

935 1053 

1476| --- | --- | --- |1594| --- | --- | --- |

1477| `--bearer-token-env-var` | `ENV_VAR` | Environment variable whose value is sent as a bearer token when connecting to a streamable HTTP server. |1595| `--bearer-token-env-var` | `ENV_VAR` | Environment variable whose value is sent as a bearer token when connecting to a streamable HTTP server. |

1478| `--env KEY=VALUE` | `repeatable` | Environment variable assignments applied when launching a stdio server. |1596| `--env KEY=VALUE` | `repeatable` | Environment variable assignments applied when launching a stdio server. |

1597| `--oauth-client-id` | `CLIENT_ID` | OAuth client identifier for a streamable HTTP MCP server. Requires `--url`. |

1598| `--oauth-resource` | `RESOURCE` | OAuth resource parameter to include during login for a streamable HTTP MCP server. Requires `--url`. |

1479| `--url` | `https://…` | Register a streamable HTTP server instead of stdio. Mutually exclusive with `COMMAND...`. |1599| `--url` | `https://…` | Register a streamable HTTP server instead of stdio. Mutually exclusive with `COMMAND...`. |

1480| `COMMAND...` | `stdio transport` | Executable plus arguments to launch the MCP server. Provide after `--`. |1600| `COMMAND...` | `stdio transport` | Executable plus arguments to launch the MCP server. Provide after `--`. |

1481 1601 

1505 1625 

1506Key1626Key

1507 1627 

1628`--oauth-client-id`

1629 

1630Type / Values

1631 

1632`CLIENT_ID`

1633 

1634Details

1635 

1636OAuth client identifier for a streamable HTTP MCP server. Requires `--url`.

1637 

1638Key

1639 

1640`--oauth-resource`

1641 

1642Type / Values

1643 

1644`RESOURCE`

1645 

1646Details

1647 

1648OAuth resource parameter to include during login for a streamable HTTP MCP server. Requires `--url`.

1649 

1650Key

1651 

1508`--url`1652`--url`

1509 1653 

1510Type / Values1654Type / Values

1695| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |1839| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |

1696| `--log-denials` | `boolean` | Capture macOS sandbox denials with `log stream` while the command runs and print them after exit. |1840| `--log-denials` | `boolean` | Capture macOS sandbox denials with `log stream` while the command runs and print them after exit. |

1697| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |1841| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1842| `--profile, -p` | `NAME` | Layer `$CODEX_HOME/NAME.config.toml` on top of the base user config. |

1698| `COMMAND...` | `var-args` | Shell command to execute under macOS Seatbelt. Everything after `--` is forwarded. |1843| `COMMAND...` | `var-args` | Shell command to execute under macOS Seatbelt. Everything after `--` is forwarded. |

1699 1844 

1700Key1845Key

1771 1916 

1772Key1917Key

1773 1918 

1919`--profile, -p`

1920 

1921Type / Values

1922 

1923`NAME`

1924 

1925Details

1926 

1927Layer `$CODEX_HOME/NAME.config.toml` on top of the base user config.

1928 

1929Key

1930 

1774`COMMAND...`1931`COMMAND...`

1775 1932 

1776Type / Values1933Type / Values

1789| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |1946| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |

1790| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |1947| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |

1791| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |1948| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1949| `--profile, -p` | `NAME` | Layer `$CODEX_HOME/NAME.config.toml` on top of the base user config. |

1792| `COMMAND...` | `var-args` | Command to execute under Landlock + seccomp. Provide the executable after `--`. |1950| `COMMAND...` | `var-args` | Command to execute under Landlock + seccomp. Provide the executable after `--`. |

1793 1951 

1794Key1952Key

1841 1999 

1842Key2000Key

1843 2001 

2002`--profile, -p`

2003 

2004Type / Values

2005 

2006`NAME`

2007 

2008Details

2009 

2010Layer `$CODEX_HOME/NAME.config.toml` on top of the base user config.

2011 

2012Key

2013 

1844`COMMAND...`2014`COMMAND...`

1845 2015 

1846Type / Values2016Type / Values

1859| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |2029| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |

1860| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |2030| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |

1861| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |2031| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

2032| `--profile, -p` | `NAME` | Layer `$CODEX_HOME/NAME.config.toml` on top of the base user config. |

1862| `COMMAND...` | `var-args` | Command to execute under the native Windows sandbox. Provide the executable after `--`. |2033| `COMMAND...` | `var-args` | Command to execute under the native Windows sandbox. Provide the executable after `--`. |

1863 2034 

1864Key2035Key

1911 2082 

1912Key2083Key

1913 2084 

2085`--profile, -p`

2086 

2087Type / Values

2088 

2089`NAME`

2090 

2091Details

2092 

2093Layer `$CODEX_HOME/NAME.config.toml` on top of the base user config.

2094 

2095Key

2096 

1914`COMMAND...`2097`COMMAND...`

1915 2098 

1916Type / Values2099Type / Values

55| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |55| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |

56| [`/stop`](#stop-background-terminals-with-stop) | Stop all background terminals. | Cancel background terminal work started by the current session. |56| [`/stop`](#stop-background-terminals-with-stop) | Stop all background terminals. | Cancel background terminal work started by the current session. |

57| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |57| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |

58| [`/side`](#start-a-side-conversation-with-side) | Start an ephemeral side conversation. | Ask a focused follow-up without disrupting the main thread’s transcript. |58| [`/side`, `/btw`](#start-a-side-conversation-with-side) | Start an ephemeral side conversation. | Ask a focused follow-up without disrupting the main thread’s transcript. |

59| [`/raw`](#toggle-raw-scrollback-with-raw) | Toggle raw scrollback mode. | Make terminal selection and copying less formatted while reviewing long output. |59| [`/raw`](#toggle-raw-scrollback-with-raw) | Toggle raw scrollback mode. | Make terminal selection and copying less formatted while reviewing long output. |

60| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |60| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |

61| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |61| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |

192 192 

1931. Type `/permissions` and press Enter.1931. Type `/permissions` and press Enter.

1942. Select the approval preset that matches your comfort level, for example1942. Select the approval preset that matches your comfort level, for example

195 `Auto` for hands-off runs or `Read Only` to review edits.195 `Auto` for hands-off runs or `Read Only` to review edits. When named

196 permission profiles are active, the picker also shows configured custom

197 profiles and their descriptions.

196 198 

197Expected: Codex announces the updated policy. Future actions respect the199Expected: Codex announces the updated policy. Future actions respect the

198updated approval mode until you change it again.200updated approval mode until you change it again.

248### Inspect the session with `/status`250### Inspect the session with `/status`

249 251 

2501. In any conversation, type `/status`.2521. In any conversation, type `/status`.

2512. Review the output for the active model, approval policy, writable roots, and current token usage.2532. Review the output for the active model, approval policy, writable roots, and

254 current token usage. When the TUI connects remotely, the output also

255 shows the remote address and the server version.

252 256 

253Expected: You see a summary like what `codex status` prints in the shell,257Expected: Codex prints a summary confirming that it’s operating where you

254confirming Codex is operating where you expect.258expect.

255 259 

256### Inspect config layers with `/debug-config`260### Inspect config layers with `/debug-config`

257 261 

223If you omit `profile`, Codex uses the standard AWS credential chain. Set223If you omit `profile`, Codex uses the standard AWS credential chain. Set

224`region` to the supported Bedrock region that should handle requests.224`region` to the supported Bedrock region that should handle requests.

225 225 

226For the full setup flow, authentication options, supported models, and feature

227availability, see [Use Codex with Amazon Bedrock](https://developers.openai.com/codex/amazon-bedrock).

228 

226## OSS mode (local providers)229## OSS mode (local providers)

227 230 

228Codex can run against a local “open source” provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.231Codex can run against a local “open source” provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.

120 120 

121#### TUI keymap121#### TUI keymap

122 122 

123Customize terminal shortcuts under `tui.keymap`. Context-specific bindings override `tui.keymap.global`, and an empty list unbinds the action.123Customize terminal shortcuts under `tui.keymap`. Selected composer actions fall back to matching `tui.keymap.global` bindings; context-specific bindings take precedence when supported. An empty list unbinds the action.

124 124 

125```125```

126[tui.keymap.global]126[tui.keymap.global]

128 128 

129[tui.keymap.composer]129[tui.keymap.composer]

130submit = ["enter", "ctrl-m"]130submit = ["enter", "ctrl-m"]

131 

132[tui.keymap.chat]

133interrupt_turn = "f12"

131```134```

132 135 

133#### Command environment136#### Command environment

254| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |254| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

255| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |255| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

256| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |256| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

257| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |257| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `vim_normal`, `vim_operator`, `vim_text_object`, `pager`, `list`, and `approval`. Selected composer actions fall back to matching `tui.keymap.global` bindings; context-specific bindings take precedence when supported. |

258| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, `page-down`, or `minus`. |258| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, `page-down`, or `minus`. |

259| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |259| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

260| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |260| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

3077 3077 

3078Details3078Details

3079 3079 

3080Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.3080Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `vim_normal`, `vim_operator`, `vim_text_object`, `pager`, `list`, and `approval`. Selected composer actions fall back to matching `tui.keymap.global` bindings; context-specific bindings take precedence when supported.

3081 3081 

3082Key3082Key

3083 3083 

1086107110861071

1087107210871072

1088107310881073

10891074

10901075

10911076

10921077

1089# Codex example configuration (config.toml)1093# Codex example configuration (config.toml)

1090#1094#

1091# This file lists the main keys Codex reads from config.toml, along with default1095# This file lists the main keys Codex reads from config.toml, along with default

1662 1666 

1663# theme = "catppuccin-mocha"1667# theme = "catppuccin-mocha"

1664 1668 

1665# Custom key bindings. Context-specific bindings override [tui.keymap.global].1669# Custom key bindings. Selected composer actions fall back to matching [tui.keymap.global] bindings.

1666 1670 

1667# Use [] to unbind an action.1671# Use [] to unbind an action.

1668 1672 

1678 1682 

1679# submit = ["enter", "ctrl-m"]1683# submit = ["enter", "ctrl-m"]

1680 1684 

1685# [tui.keymap.chat]

1686 

1687# interrupt_turn = "f12"

1688 

1681# Internal tooltip state keyed by model slug. Usually managed by Codex.1689# Internal tooltip state keyed by model slug. Usually managed by Codex.

1682 1690 

1683# [tui.model_availability_nux]1691# [tui.model_availability_nux]

37 37 

38![Access token access permission in ChatGPT workspace RBAC settings](/images/codex/enterprise/rbac_access_token_access_permission.png)38![Access token access permission in ChatGPT workspace RBAC settings](/images/codex/enterprise/rbac_access_token_access_permission.png)

39 39 

401. Go to [Workspace Settings > Settings and Permissions](https://chatgpt.com/admin/settings).401. Go to [Workspace Settings > Permissions & roles](https://chatgpt.com/admin/settings).

412. In the Codex Local section, make sure **Allow members to use Codex Local** is turned on.412. In the Codex Local section, make sure **Allow members to use Codex Local** is turned on.

423. Turn on **Allow members to use Codex access tokens** if all allowed members should be able to create access tokens.423. Turn on **Allow members to use Codex access tokens** if all allowed members should be able to create access tokens.

434. If you use custom roles for a narrower rollout, assign the access token permission only to groups that need to create tokens.434. If you use custom roles for a narrower rollout, assign the access token permission only to groups that need to create tokens.

44 44 

45Keep access token creation limited to people or service owners who understand where the token will be stored, which automation will use it, and how it will be rotated.45Keep access token creation limited to people or service owners who understand where the token will be stored, which automation will use it, and how it will be rotated.

46 46 

47## Set an access token expiration limit

48 

49Workspace owners and admins can set the longest expiration that members can choose when they create a Codex access token. Go to [Workspace Settings > Permissions & roles](https://chatgpt.com/admin/settings), then set **Access token expiration limit** in the Codex Local section.

50 

51![Access token expiration limit in ChatGPT workspace permissions settings](/images/codex/enterprise/access_token_expiration_limit.png)

52 

53The limit applies to new access tokens. Existing tokens keep their current expiration.

54 

47## Create an access token55## Create an access token

48 56 

49Use the Access tokens page to name the token and choose when it expires.57Use the Access tokens page to name the token and choose when it expires.

52 52 

53This enables use of the Codex app, CLI, and IDE extension for allowed users.53This enables use of the Codex app, CLI, and IDE extension for allowed users.

54 54 

55If members need programmatic Codex local workflows, also turn on **Allow members to use Codex access tokens** or grant the access token permission through a custom role. For setup and permission details, see [Access tokens](https://developers.openai.com/codex/enterprise/access-tokens).55If members need programmatic Codex local workflows, also turn on **Allow members to use Codex access tokens** or grant the access token permission through a custom role. Workspace owners and admins can use **Access token expiration limit** to set the longest expiration members can choose for new tokens. For setup and permission details, see [Access tokens](https://developers.openai.com/codex/enterprise/access-tokens).

56 56 

57If the Codex Local toggle is off, users who attempt to use the Codex app, CLI, or IDE will see the following error: “403 - Unauthorized. Contact your ChatGPT administrator for access.”57If the Codex Local toggle is off, users who attempt to use the Codex app, CLI, or IDE will see the following error: “403 - Unauthorized. Contact your ChatGPT administrator for access.”

58 58 

13- Install the Google Drive plugin to work across Drive, Docs, Sheets, and13- Install the Google Drive plugin to work across Drive, Docs, Sheets, and

14 Slides.14 Slides.

15- Install the Slack plugin to summarize channels or draft replies.15- Install the Slack plugin to summarize channels or draft replies.

16- Install [Sites](https://developers.openai.com/codex/sites) to create and deploy hosted websites,

17 web apps, and games.

16 18 

17A plugin can contain:19A plugin can contain:

18 20 

26 26 

27 Once you downloaded and installed the Codex app, open it and sign in with your ChatGPT account or an OpenAI API key.27 Once you downloaded and installed the Codex app, open it and sign in with your ChatGPT account or an OpenAI API key.

28 28 

29 If you sign in with an OpenAI API key, some functionality such as [cloud threads](https://developers.openai.com/codex/prompting#threads) might not be available.29 If you sign in with an OpenAI API key, [some functionality might not be available](https://developers.openai.com/codex/pricing#feature-availability).

303. Select a project303. Select a project

31 31 

32 Choose a project folder that you want Codex to work in.32 Choose a project folder that you want Codex to work in.

60 60 

61## Python library61## Python library

62 62 

63The Python SDK is experimental and controls the local Codex app-server over JSON-RPC. It requires Python 3.10 or later and a local checkout of the open-source Codex repo.63The Python SDK controls the local Codex app-server over JSON-RPC. It requires Python 3.10 or later. Published SDK builds include a pinned Codex CLI runtime dependency.

64 64 

65### Installation65### Installation

66 66 

67From the Codex repo root, install the SDK in editable mode:67To install the SDK run:

68 68 

69```69```

70cd sdk/python70pip install openai-codex

71python -m pip install -e .

72```71```

73 72 

74For manual local SDK usage, pass `AppServerConfig(codex_bin=...)` to point at a local `codex` binary, or use the repo examples and notebook bootstrap.73Published SDK builds automatically use their pinned runtime. Pass `AppServerConfig(codex_bin=...)` only when you intentionally want to run against a specific local app-server binary.

75 74 

76### Usage75### Usage

77 76 

78Start Codex, create a thread, and run a prompt:77Start Codex, create a thread, and run a prompt:

79 78 

80```79```

81from codex_app_server import Codex80from openai_codex import Codex, Sandbox

82 81 

83with Codex() as codex:82with Codex() as codex:

84 thread = codex.thread_start(model="gpt-5.4")83 thread = codex.thread_start(

84 model="gpt-5.4",

85 sandbox=Sandbox.workspace_write,

86 )

85 result = thread.run("Make a plan to diagnose and fix the CI failures")87 result = thread.run("Make a plan to diagnose and fix the CI failures")

86 print(result.final_response)88 print(result.final_response)

87```89```

91```93```

92import asyncio94import asyncio

93 95 

94from codex_app_server import AsyncCodex96from openai_codex import AsyncCodex

95 97 

96async def main() -> None:98async def main() -> None:

97 async with AsyncCodex() as codex:99 async with AsyncCodex() as codex:

102asyncio.run(main())104asyncio.run(main())

103```105```

104 106 

107### Sandbox presets

108 

109Use the same `Sandbox` presets when creating a thread or changing its filesystem

110access for a later turn:

111 

112```

113from openai_codex import Codex, Sandbox

114 

115with Codex() as codex:

116 thread = codex.thread_start(sandbox=Sandbox.workspace_write)

117 thread.run("Make the requested change.")

118 review = thread.run("Review the diff only.", sandbox=Sandbox.read_only)

119```

120 

121Available presets:

122 

123- `Sandbox.read_only`: Read files without allowing writes.

124- `Sandbox.workspace_write`: Read files and write inside the workspace and configured writable roots.

125- `Sandbox.full_access`: Run without filesystem access restrictions.

126 

127When you omit `sandbox=`, app-server uses its configured default. A sandbox

128passed to `run(...)` or `turn(...)` applies to that turn and later turns

129on the thread.

130 

105For more details, check out the [Python repo](https://github.com/openai/codex/tree/main/sdk/python).131For more details, check out the [Python repo](https://github.com/openai/codex/tree/main/sdk/python).

106 132 

1# Sites – Codex

2 

3Sites lets Codex create, save, deploy, and inspect websites, web apps, and

4games hosted by OpenAI. Use the **Sites** plugin when you want to turn a prompt

5or a compatible existing project into a hosted site without setting up a

6separate deployment workflow.

7 

8Every Sites deployment URL is a production deployment. If you want to review a

9build before it becomes live, ask Codex to save a version without deploying

10it.

11 

12## Get started with Sites

13 

14Sites is in preview and currently available for ChatGPT Business and Enterprise

15workspaces, with more plans rolling out later. For ChatGPT Enterprise

16workspaces, an admin must turn it on through role-based access control (RBAC)

17before members can use it. Compare support by plan in

18[Feature availability](https://developers.openai.com/codex/pricing#feature-availability).

19 

201. Enable Sites for an Enterprise workspace

21 

22 If you use ChatGPT Enterprise, ask your workspace admin to open the RBAC

23 controls in [ChatGPT admin settings](https://chatgpt.com/admin/settings) and

24 turn on Sites for the appropriate role. ChatGPT Business workspaces can skip

25 this step because Sites is enabled by default.

262. Add the Sites plugin

27 

28 If **Sites** isn’t already available, open **Plugins** in the Codex app, find

29 **Sites**, and add it to Codex. Start a new thread after installing a plugin.

303. Start a Sites task

31 

32 In a thread, describe the site you want to create or publish. You can name

33 the plugin explicitly with `@Sites`, especially when your task should end in

34 a hosted deployment.

35 

36 ![Codex app composer with the Sites plugin and connected apps mentioned in a prompt](/images/codex/sites/prompt-input-light.jpg)

374. Review whether to save or deploy

38 

39 Ask Codex to validate the site’s build. Then tell it either to save a

40 deployable version for review or to deploy the approved saved version.

415. Return to deployed sites

42 

43 Open **Sites** in the app sidebar to return to your Sites projects. You can

44 also ask Codex to inspect saved versions, check deployment status, or change

45 who can access a deployed site.

46 

47 ![Sites project list in the Codex app](/images/codex/sites/sites-list-light.jpg)

48 

49## Prompt Sites for common tasks

50 

51For a new website, dashboard, or internal tool, include the audience, core

52experience, and required data:

53 

54```

55@Sites Build a project request dashboard for my operations team. Let team

56members submit requests, see who owns each one, update the status, and filter

57the list. Require people to sign in with their workspace account, and keep the

58request data saved between visits.

59```

60 

61For an existing project, ask Sites to prepare and publish the current app:

62 

63```

64@Sites Deploy this project. Check whether it is compatible with Sites, make any

65required changes, and give me the deployment URL.

66```

67 

68When a site needs durable application data or uploaded files, say so in the

69request:

70 

71```

72@Sites Add persistent player scores and avatar uploads to this game. Use

73the appropriate Sites storage and deploy the updated game.

74```

75 

76Browse the [Sites showcase](/showcase/sites) for deployed internal apps and

77the full prompts used to create them.

78 

79## Understand projects, versions, and deployments

80 

81A Sites project links a local source project to hosting managed through Sites.

82Codex stores that linkage and optional storage binding names in

83`.openai/hosting.json`. A newly created local starter can begin without a

84`project_id`; Sites adds one after it provisions the hosted project.

85 

86For example, a provisioned site that uses a relational database binding and no

87file storage can contain:

88 

89```

90{

91 "project_id": "<project-id>",

92 "d1": "DB",

93 "r2": null

94}

95```

96 

97Sites publishing has two separate stages:

98 

991. **Save a version.** Codex builds the deployable site and associates that

100 version with the source Git commit used for the build. Use this stage when

101 you want a reviewable deployment candidate.

1022. **Deploy a version.** Codex publishes a saved version and reports the

103 production URL when deployment succeeds. Use this only when you intend for

104 the selected audience to access the site.

105 

106Ask Codex to list or inspect saved versions when you need to identify a

107previous deployment candidate.

108 

109## Choose a supported site shape

110 

111Sites hosts projects that build Cloudflare Worker-compatible output as ES

112modules. For new projects, the Sites workflow can start with its recommended

113site starter. For an existing site, ask Codex to confirm that the project’s

114build can produce compatible deployment artifacts before you request a

115deployment.

116 

117Tell Codex about the product behavior you need so it can select the appropriate

118site shape:

119 

120| Site need | What to ask Sites for |

121| --- | --- |

122| Content-led website or landing page | A site with no persistent application state unless the experience requires it |

123| Saved records, user progress, or game scores | D1, a relational database for durable structured data |

124| Images, documents, audio, video, or other uploads | R2, object storage for files |

125| Uploaded files with searchable metadata | D1 for metadata and R2 for file contents |

126| Internal site that needs the current workspace user’s identity | Workspace-authenticated user identity |

127| Public sign-in or an external identity provider | An authentication-enabled Sites project |

128 

129Don’t request durable storage for temporary presentation state, such as a

130theme choice or a dismissed banner. Do request it for product data that people

131expect the hosted site to remember.

132 

133## Control access and secrets

134 

135Set the audience before you share a deployed URL. For a new site, keep access

136limited to the owner and workspace admins until you have reviewed the content,

137data handling, and expected audience.

138 

139You can ask Sites to apply one of these access modes:

140 

141| Access mode | Who can access the site |

142| --- | --- |

143| Owner and admins (`admins_only`) | The site owner and workspace admins |

144| Workspace (`workspace_all`) | All active users in the workspace |

145| Custom (`custom`) | Specific active users or workspace groups that you choose; Sites continues to allow the owner |

146 

147For example:

148 

149```

150@Sites Change this deployed site's access to everyone in my workspace after

151showing me the current site and confirming the deployment URL.

152```

153 

154### Configure runtime environment values

155 

156Open **Sites** in the app sidebar and select a project to add, update, or remove

157hosted environment variables and secrets in the Sites panel. Don’t store these

158values in `.openai/hosting.json`. Keep local `.env` and `.env.example` files

159aligned with the keys needed for local development, and don’t commit secret

160values.

161 

162When you add, update, or remove hosted environment values, ask Codex to

163redeploy the approved saved version so the next deployment uses the updated

164configuration.

165 

166## Review before you share

167 

168Before you deploy or widen access:

169 

170- Review the source changes and any database migrations in the Codex

171 [review pane](https://developers.openai.com/codex/app/review).

172- Confirm that the build succeeded and that the selected saved version is the

173 version you intend to publish.

174- Check that only the intended audience can access the site.

175- Confirm that you configured runtime secret values through Sites and didn’t

176 commit them in source files.

177- After deployment, ask Codex to confirm deployment status and the production

178 URL before you share it.

179 

180## Related documentation

181 

182- [Plugins](https://developers.openai.com/codex/plugins) explains how to install and invoke Codex plugins.

183- [Codex app](https://developers.openai.com/codex/app) introduces app navigation and project threads.

184- [Review and ship changes](https://developers.openai.com/codex/app/review) explains how to inspect source

185 changes before publishing them.

186 

446 446 

447Automation Integrations](https://developers.openai.com/codex/use-cases/verified-operations-workflows)447Automation Integrations](https://developers.openai.com/codex/use-cases/verified-operations-workflows)

448 448 

449[![](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps.webp)

450 

451### Build and deploy internal apps

452 

453Turn a team workflow into a hosted internal app with Sites.

454 

455Front-end Integrations](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps)

456 

449[![](https://developers.openai.com/codex/use-cases/zoom-meeting-follow-ups.webp)457[![](https://developers.openai.com/codex/use-cases/zoom-meeting-follow-ups.webp)

450 458 

451### Turn meetings into follow-ups459### Turn meetings into follow-ups

1# Build and deploy internal apps | Codex use cases

2 

3Codex use cases

4 

5![](/assets/OpenAI-black-wordmark.svg)

6 

7![Codex](/assets/OAI_Codex-Lockup_Fallback_Black.svg)

8 

9Codex use case

10 

11# Build and deploy internal apps

12 

13Turn a team workflow into a hosted internal app with Sites.

14 

15Difficulty **Intermediate**

16 

17Time horizon **30m**

18 

19Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and auth context.

20 

21## Best for

22 

23- Teams that want to turn recurring workflows into interactive apps.

24- Apps that need lightweight structured persistence, file uploads, or workspace-oriented sharing.

25- Internal tools that benefit from building, testing, deploying, and iterating in one Codex thread.

26 

27# Contents

28 

29[← All use cases](https://developers.openai.com/codex/use-cases)

30 

31Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps/?export=pdf)

32 

33Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and auth context.

34 

35Intermediate

36 

3730m

38 

39Related links

40 

41[Sites documentation](https://developers.openai.com/codex/sites) [Sites showcase](/showcase/sites)

42 

43## Best for

44 

45- Teams that want to turn recurring workflows into interactive apps.

46- Apps that need lightweight structured persistence, file uploads, or workspace-oriented sharing.

47- Internal tools that benefit from building, testing, deploying, and iterating in one Codex thread.

48 

49## Skills & Plugins

50 

51- [Sites](https://chatgpt.com/plugins/share/sites)

52 

53 Build, test, and deploy a static site or full-stack web app from Codex.

54 

55| Skill | Why use it |

56| --- | --- |

57| [Sites](https://chatgpt.com/plugins/share/sites) | Build, test, and deploy a static site or full-stack web app from Codex. |

58 

59## Starter prompt

60 

61Use @sites to build and deploy an internal app for [team or workflow].

62Goal:

63- [what the app should help people do]

64- [who should use it]

65- [source docs, data, or connected services Codex should inspect]

66Requirements:

67- Keep the first version focused on one useful workflow.

68- Use D1 for structured data persistence.

69- Use R2 for user-uploaded files if needed.

70- Test the main flow, persistence, and responsive layout before deploying.

71Make it available to all workspace users.

72 

73[Open in the Codex app](codex://threads/new?prompt=Use+%40sites+to+build+and+deploy+an+internal+app+for+%5Bteam+or+workflow%5D.%0A%0AGoal%3A%0A-+%5Bwhat+the+app+should+help+people+do%5D%0A-+%5Bwho+should+use+it%5D%0A-+%5Bsource+docs%2C+data%2C+or+connected+services+Codex+should+inspect%5D%0A%0ARequirements%3A%0A-+Keep+the+first+version+focused+on+one+useful+workflow.%0A-+Use+D1+for+structured+data+persistence.%0A-+Use+R2+for+user-uploaded+files+if+needed.%0A-+Test+the+main+flow%2C+persistence%2C+and+responsive+layout+before+deploying.%0A%0AMake+it+available+to+all+workspace+users. "Open in the Codex app")

74 

75Use @sites to build and deploy an internal app for [team or workflow].

76Goal:

77- [what the app should help people do]

78- [who should use it]

79- [source docs, data, or connected services Codex should inspect]

80Requirements:

81- Keep the first version focused on one useful workflow.

82- Use D1 for structured data persistence.

83- Use R2 for user-uploaded files if needed.

84- Test the main flow, persistence, and responsive layout before deploying.

85Make it available to all workspace users.

86 

87## Build and deploy from one thread

88 

89Sites is a plugin and managed hosting service for things you build with Codex. Ask Codex to create an app, and it can build the project, run it for testing, deploy it, and return a URL you can share.

90 

91The scope ranges from simple static sites to full-stack JavaScript or TypeScript web apps. That makes Sites a good fit for focused internal tools: onboarding dashboards, enablement hubs, searchable resource libraries, lightweight workflow apps, and reporting views.

92 

93See the [Sites documentation](https://developers.openai.com/codex/sites) for setup, storage, deployment, and access guidance.

94 

95Start with one useful workflow. A clear first version is easier to review, deploy, and improve than a broad request to recreate an entire internal system.

96 

97## Give Codex the workflow context

98 

99Tell Codex who the app is for, what people should accomplish, which source material it should inspect, and what should persist between sessions. Be explicit about the intended sharing scope and ask Codex to test the main flow before it deploys.

100 

101You can also leverage [Plugins](https://developers.openai.com/codex/plugins) to fetch or refresh data from internal sources.

102 

103If you need live data fetching, you can connect to a 3rd party tool using an

104API key. But if you want to leverage app connections, you can create a [thread

105automation](https://developers.openai.com/codex/app/automations#thread-automations) to fetch data with

106plugins on a set schedule, update the app and redeploy it.

107 

108## Choose storage deliberately

109 

110Many internal apps need persistence. Sites supports two storage primitives:

111 

112- Use D1, a SQLite-compatible database, for structured data such as checklist state, bookmarks, filters, annotations, configuration, and file metadata.

113- Use R2 object storage for file bytes such as uploaded documents, images, or other assets that should persist.

114 

115Keep structured metadata in D1 and larger file objects in R2. A read-only resource page or static microsite may not need either one.

116 

117## Manage and share your projects

118 

119You can manage who has access to your deployed projects.

120 

121By default, they will only available to you (owner) and workspace admins.

122 

123But you can allow access to either:

124 

125- All workspace users (`workspace_all`)

126 or

127- Specific active users or groups (`custom`)

128 

129To change access, you can manage your projects from the Sites page in Codex or ask Codex directly to update access to either:

130 

131@Sites Change this site's access to everyone in my workspace.

132 

133## Examples

134 

135The [Sites showcase](/showcase/sites) includes sites examples with full prompts.

136 

137- **[Onboarding Hub](/showcase/onboarding-hub)** combines a first-week checklist, resources, notes, and uploaded documents. It uses D1 for user state and file metadata, and R2 for uploaded file bytes.

138- **[Enablement Hub](/showcase/enablement-hub)** provides a searchable training library with filters and saved bookmarks backed by D1.

139- **[Pulse Dashboard](/showcase/pulse-dashboard)** presents metrics, trends, and lineage details while using D1 for configuration and cached snapshots.

140- **[Sparkboard](/showcase/idea-intake)** turns employee idea intake into a workflow with authenticated submissions, voting, comments, status boards, and contributor rankings.

141- **[Launch Cal](/showcase/launch-cal)** organizes upcoming product launches into a monthly calendar with filters, risk signals, checklists, and connected-source references.

142- **[Event Planning Hub](/showcase/event-planning-hub)** combines event requests, approvals, templates, milestones, policy readiness, and connected planning resources.

143 

144Use those examples as starting points, then narrow the prompt around your team’s workflow and source material.

145 

146## Related use cases

147 

148[![](https://developers.openai.com/codex/use-cases/deploy-app-or-website.webp)

149 

150### Deploy an app or website

151 

152Use Codex with Build Web Apps and Vercel to turn a repo, screenshot, design, or rough app...

153 

154Front-end Integrations](https://developers.openai.com/codex/use-cases/deploy-app-or-website)[![](https://developers.openai.com/codex/use-cases/chatgpt-apps.webp)

155 

156### Bring your app to ChatGPT

157 

158Build one narrow ChatGPT app outcome end to end: define the tools, scaffold the MCP server...

159 

160Integrations Code](https://developers.openai.com/codex/use-cases/chatgpt-apps)[![](https://developers.openai.com/codex/use-cases/complete-tasks-from-messages.webp)

161 

162### Complete tasks from messages

163 

164Use Computer Use to read one Messages thread, complete the task, and draft a reply.

165 

166Knowledge Work Integrations](https://developers.openai.com/codex/use-cases/complete-tasks-from-messages)

167 

117 117 

118## Related use cases118## Related use cases

119 119 

120[![](https://developers.openai.com/codex/use-cases/chatgpt-apps.webp)120[![](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps.webp)

121 

122### Build and deploy internal apps

123 

124Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and...

125 

126Front-end Integrations](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps)[![](https://developers.openai.com/codex/use-cases/chatgpt-apps.webp)

121 127 

122### Bring your app to ChatGPT128### Bring your app to ChatGPT

123 129 

129 135 

130Use `/goal` when a task needs Codex to keep working across turns toward a verifiable...136Use `/goal` when a task needs Codex to keep working across turns toward a verifiable...

131 137 

132Engineering Automation](https://developers.openai.com/codex/use-cases/follow-goals)[![](https://developers.openai.com/codex/use-cases/idea-to-proof-of-concept.webp)138Engineering Automation](https://developers.openai.com/codex/use-cases/follow-goals)

133 

134### Get from idea to proof of concept

135 

136Use Codex with ImageGen to turn a rough idea into a visual direction, implement the smallest...

137 

138Front-end Engineering](https://developers.openai.com/codex/use-cases/idea-to-proof-of-concept)

139 139 

131 131 

132Ask Codex to inspect your AI application, identify the behavior you want to evaluate, and...132Ask Codex to inspect your AI application, identify the behavior you want to evaluate, and...

133 133 

134Evaluation Quality](https://developers.openai.com/codex/use-cases/ai-app-evals)[![](https://developers.openai.com/codex/use-cases/react-native-expo-apps.webp)134Evaluation Quality](https://developers.openai.com/codex/use-cases/ai-app-evals)[![](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps.webp)

135 135 

136### Build React Native apps with Expo136### Build and deploy internal apps

137 137 

138Use Codex with the Expo plugin to scaffold React Native apps, stay inside Expo Router and...138Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and...

139 139 

140Mobile Engineering](https://developers.openai.com/codex/use-cases/react-native-expo-apps)[![](https://developers.openai.com/codex/use-cases/agent-friendly-clis.webp)140Front-end Integrations](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps)[![](https://developers.openai.com/codex/use-cases/react-native-expo-apps.webp)

141 141 

142### Create a CLI Codex can use142### Build React Native apps with Expo

143 143 

144Ask Codex to create a composable CLI it can run from any folder, combine with repo scripts...144Use Codex with the Expo plugin to scaffold React Native apps, stay inside Expo Router and...

145 145 

146Engineering Code](https://developers.openai.com/codex/use-cases/agent-friendly-clis)146Mobile Engineering](https://developers.openai.com/codex/use-cases/react-native-expo-apps)

147 147 

88 88 

89## Related use cases89## Related use cases

90 90 

91[![](https://developers.openai.com/codex/use-cases/deploy-app-or-website.webp)91[![](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps.webp)

92 

93### Build and deploy internal apps

94 

95Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and...

96 

97Front-end Integrations](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps)[![](https://developers.openai.com/codex/use-cases/deploy-app-or-website.webp)

92 98 

93### Deploy an app or website99### Deploy an app or website

94 100 

100 106 

101Use Codex to normalize inputs, run approved scripts or APIs, retry bounded failures, and...107Use Codex to normalize inputs, run approved scripts or APIs, retry bounded failures, and...

102 108 

103Automation Integrations](https://developers.openai.com/codex/use-cases/verified-operations-workflows)[![](https://developers.openai.com/codex/use-cases/ai-app-evals.webp)109Automation Integrations](https://developers.openai.com/codex/use-cases/verified-operations-workflows)

104 

105### Add evals to your AI application

106 

107Ask Codex to inspect your AI application, identify the behavior you want to evaluate, and...

108 

109Evaluation Quality](https://developers.openai.com/codex/use-cases/ai-app-evals)

110 110 

67 67 

68## Related use cases68## Related use cases

69 69 

70[![](https://developers.openai.com/codex/use-cases/complete-tasks-from-messages.webp)70[![](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps.webp)

71 

72### Build and deploy internal apps

73 

74Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and...

75 

76Front-end Integrations](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps)[![](https://developers.openai.com/codex/use-cases/complete-tasks-from-messages.webp)

71 77 

72### Complete tasks from messages78### Complete tasks from messages

73 79 

79 85 

80Use Codex to gather approved new-hire context, stage tracker updates, draft team-by-team...86Use Codex to gather approved new-hire context, stage tracker updates, draft team-by-team...

81 87 

82Integrations Data](https://developers.openai.com/codex/use-cases/new-hire-onboarding)[![](https://developers.openai.com/codex/use-cases/draft-prds-from-sources.webp)88Integrations Data](https://developers.openai.com/codex/use-cases/new-hire-onboarding)

83 

84### Draft PRDs from internal context

85 

86Use Codex with the $documents skill and connected apps such as Linear, Slack, Notion or...

87 

88Integrations Knowledge Work](https://developers.openai.com/codex/use-cases/draft-prds-from-sources)

89 89 

124 124 

125## Related use cases125## Related use cases

126 126 

127[![](https://developers.openai.com/codex/use-cases/manage-your-inbox.webp)127[![](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps.webp)

128 

129### Build and deploy internal apps

130 

131Use Codex with Sites to build, test, and deploy internal apps, with built-in storage and...

132 

133Front-end Integrations](https://developers.openai.com/codex/use-cases/build-and-deploy-internal-apps)[![](https://developers.openai.com/codex/use-cases/manage-your-inbox.webp)

128 134 

129### Manage your inbox135### Manage your inbox

130 136 

136 142 

137Use Codex with Slack and the tools where work happens to find direct asks, implicit...143Use Codex with Slack and the tools where work happens to find direct asks, implicit...

138 144 

139Automation Integrations](https://developers.openai.com/codex/use-cases/slack-action-triage)[![](https://developers.openai.com/codex/use-cases/proactive-teammate.webp)145Automation Integrations](https://developers.openai.com/codex/use-cases/slack-action-triage)

140 

141### Set up a teammate

142 

143Connect the tools where work happens, teach one thread what matters, then add an automation...

144 

145Automation Integrations](https://developers.openai.com/codex/use-cases/proactive-teammate)

146 146