# Codex CLI > OpenAI's open-source terminal coding agent with sandboxed execution and two-layer approval controls. Website: https://openai.com/codex/ Codex CLI is OpenAI's open-source coding agent that runs entirely in your terminal. You point it at a repository, describe a task in plain language, and it reads files, edits them on disk, and runs shell commands to get the job done — all inside an OS-level sandbox that defaults to no network access and write permissions scoped to your workspace. It is written in Rust and ships as a binary installable via npm, Homebrew, or a one-line shell installer. It is aimed at developers who live in the terminal and want an agent backed by OpenAI's frontier models without leaving the shell. You can authenticate with a ChatGPT plan (Plus, Pro, Business, Edu, or Enterprise) or an `OPENAI_API_KEY`, and the same binary works on macOS, Linux, and Windows (natively or via WSL). ## Highlights - **Two-layer security model** — sandbox modes (`read-only`, `workspace-write`, `danger-full-access`, via `--sandbox`) control what the agent can technically do; approval policies (`on-request`, `untrusted`, `never`) control when it must stop and ask before acting. - **Sandboxed by default** — the `workspace-write` mode limits writes to the active workspace and blocks outbound network, so edits stay local until you explicitly widen the boundary. - **Model switching** — use `/model` to move between GPT-5.4, GPT-5.3-Codex, and other available models, and adjust reasoning effort per task. - **MCP support** — connect external tools by configuring Model Context Protocol servers (STDIO or streaming HTTP) in the config file. - **Non-interactive `codex exec`** — run Codex headlessly in scripts and CI, piping the final result to stdout. - **Session resume and image input** — pick up past transcripts with `codex resume`, and attach screenshots or design specs as context. ## In an AI-assisted workflow Codex CLI fits where you already run Git and your build. A typical loop is to start it in a repo with the default `workspace-write` sandbox mode and `on-request` approval policy, let it draft edits, and approve anything that reaches outside the workspace or touches the network. It reads `AGENTS.md` files for project-specific context, so you can encode conventions and commands once and have them apply on every run. ```bash npm install -g @openai/codex cd your-project codex "Add a retry with backoff to the API client and a test for it" ``` > [!TIP] > Start with the `read-only` sandbox mode on an unfamiliar repository to have Codex propose a plan before it edits anything, then widen to `workspace-write` once you trust the direction. > [!NOTE] > Unlike Aider, Codex does not auto-commit each change — it edits the working tree and leaves staging and committing to you, so review the diff before committing. ## Good to know Codex CLI is free and open source under the Apache-2.0 license, available on macOS and Linux natively and on Windows (natively via PowerShell or under WSL2). Model usage is not free: you either consume your ChatGPT plan's included Codex allowance or pay per token with an API key. The `danger-full-access` sandbox mode removes network and filesystem guardrails — use it only on repositories and tasks you fully trust. --- _Source: https://agentscamp.com/tools/codex-cli — Tool on AgentsCamp._