YouTip LogoYouTip

Codex Automation

Codex Automation and CI/CD

Codex provides multiple automation methods that can be used in scripts, pipelines, and server-side applications.


Non-Interactive Mode (exec)

The exec command is used in scripts and automation scenarios without opening the TUI.

Basic Usage

exec Command

# Execute a single task
codex exec "Review code and output report"

# Output to file
codex exec -o review.md "Review src/auth.py"

# Use a specific model
codex exec -m gpt-5.4-mini "Analyze project structure"

# Fully automatic execution
codex exec --full-auto "Run tests and fix failures"

Common Parameters

Parameter Description
-m Specify model
-o Output results to file
--full-auto Fully automatic execution
--ephemeral Do not save session files
--json JSON Lines output format
--output-schema Output in JSON Schema format
--sandbox Set sandbox mode

Reading from Standard Input

stdin Input

# Read from pipe
echo "Explain this error" | codex exec -

# Read from file
codex exec - < task.txt

# Multi-line task
cat <<EOF | codex exec -
Analyze src/ directory
Find potential bugs
Output fix suggestions
EOF

Resuming Sessions

Resume Execution

# Resume the most recent session
codex exec resume --last "Continue fixing bugs"

# Resume a specific session
codex exec resume --session abc123 "Next task"

By default, exec runs in a read-only sandbox and will not modify files.


Codex SDK

The Codex SDK provides a programming interface for calling Agent capabilities in code.

Installing the SDK

Install SDK

npm install @openai/codex-sdk

Usage Example

SDK Basic Usage

import { Codex } from '@openai/codex-sdk';

// Create Codex client
const codex = new Codex({
  apiKey: process.env.OPENAI_API_KEY
});

// Execute task
const thread = await codex.run({
  prompt: 'Review src/auth.py file',
  model: 'gpt-5.4'
});

// Get results
console.log(thread.messages);

// Continue task
const followUp = await codex.run({
  threadId: thread.id,
  prompt: 'Fix the discovered bugs'
});

SDK Use Cases

  • Integrating into CI/CD pipelines
  • Creating custom Agent applications
  • Automating internal tools
  • Batch processing tasks

GitHub Action

The official Codex GitHub Action is available to trigger tasks in CI pipelines.

Basic Workflow

GitHub Action Example

name: Codex Review
on: 

jobs:
  codex-review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Run Codex Review
        uses: openai/codex-action@v1
        with:
          prompt-file: '.github/codex-review.md'
          model: 'gpt-5.4'
          sandbox: 'workspace-write'
          output-file: 'review.md'

      - name: Post Review
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');
            const review = fs.readFileSync('review.md', 'utf8');
            github.rest.pulls.createReview({
              owner: context.repo.owner,
              repo: context.repo.repo,
              pull_number: context.issue.number,
              body: review,
              event: 'COMMENT'
            });

Action Parameters

Parameter Description
prompt Directly specify task description
prompt-file Specify task file path
model Model to use
sandbox Sandbox mode
output-file Output file path
codex-args Additional CLI parameters

Security Configuration

Security Settings

- name: Run Codex
  uses: openai/codex-action@v1
  with:
    prompt: 'Review changes'
    safety-strategy: 'drop-sudo'
    unprivileged-user: 'codex-runner'
    allow-users: ['maintainers']

When using GitHub Action, ensure the API Key is stored as Secrets and not hardcoded.


App Server

The App Server exposes Codex capabilities as a server-side API.

Starting the App Server

Start Service

# Start App Server
codex app-server

# Specify port
codex app-server --port 3000

# Remote access
codex --remote ws://server:3000

Use Cases

  • Team sharing of Codex capabilities
  • Remote CI/CD invocation
  • Integration into internal platforms

MCP Server

Provide Codex as an MCP tool for other Agents to call.

Configuring Codex MCP

MCP Server Configuration

# In other Agent configurations
[mcp_servers.codex]
command = "codex"
args = 

Best Practices

Security

  • Use read-only sandbox mode
  • Store API Key as Secrets
  • Limit trigger conditions (specific events only)
  • Review output before applying changes

Reliability

  • Set reasonable timeout values
  • Use --ephemeral to avoid state residue
  • Verify task success before continuing
  • Handle rollback in case of failure

FAQ

Q: What is the difference between exec and interactive mode?

Exec exits after a single execution, suitable for automation; interactive mode maintains continuous conversation.

Q: How to authenticate in CI/CD?

Use the CODEX_API_KEY environment variable, stored as Secrets.

Q: Can GitHub Action modify files?

Yes, set sandbox: workspace-write.

Q: How to use in Docker?

Install Codex into the image, configure authentication, and then call it.

← Codex PromptingCodex Web β†’