title: "Codex CLI Cheatsheet"
last_updated: 2026-03-21
tested_with:
codex-cli: "0.2.x"
status: proven
difficulty: beginner
npm install -g @openai/codex
| Command | Description |
|---|
codex | Start interactive session in current directory |
codex "prompt" | Start session with an initial prompt |
codex --approval-mode suggest | Agent suggests commands but never executes (safest) |
codex --approval-mode auto-edit | Agent can edit files, but shell commands need approval |
codex --approval-mode full-auto | Agent runs everything without asking (use with caution) |
| Mode | File Reads | File Writes | Shell Commands |
|---|
| suggest (default) | Allowed | Needs approval | Needs approval |
| auto-edit | Allowed | Allowed | Needs approval |
| full-auto | Allowed | Allowed | Allowed (sandboxed) |
| File | Purpose |
|---|
AGENTS.md | Project memory -- equivalent to Claude Code's CLAUDE.md. Conventions, build commands, architecture notes. |
~/.codex/config.yaml | User-level configuration (default model, approval mode, etc.) |
~/.codex/instructions.md | User-level instructions applied to all projects |
Codex CLI uses network-disabled sandboxing for command execution, especially in full-auto mode:
- Network access is disabled by default for all shell commands.
- Commands run in a sandboxed environment using platform-specific isolation (macOS Seatbelt, Linux namespaces).
- File writes outside the project directory are blocked in the sandbox.
- The sandbox protects against accidental damage but is not a security boundary against adversarial prompts.
This means full-auto is safer than it sounds -- but you should still review diffs before committing.
| Flag | Description |
|---|
--approval-mode | Set approval mode: suggest, auto-edit, full-auto |
--model | Specify model (default: o4-mini) |
--quiet | Suppress non-essential output |
--notify | Send desktop notification when task completes |
--no-project-doc | Skip loading AGENTS.md |
| Variable | Purpose |
|---|
OPENAI_API_KEY | API key for OpenAI access (required) |
OPENAI_BASE_URL | Custom API endpoint for proxies or compatible providers |
CODEX_HOME | Override default config directory (~/.codex) |
| Aspect | Claude Code | Codex CLI |
|---|
| Provider | Anthropic (Claude) | OpenAI (o4-mini, o3, etc.) |
| Project memory | CLAUDE.md | AGENTS.md |
| Permission model | Approval per action type with allowlists | Three approval modes (suggest/auto-edit/full-auto) |
| Sandbox | No built-in sandbox; relies on approval prompts | Network-disabled sandbox for shell commands |
| Headless mode | claude -p "prompt" | Not a primary workflow (interactive-first) |
| Context management | /compact, /clear slash commands | Automatic context management |
| Plan mode | Built-in (Shift+Tab) | Not a separate mode |
| Default model | Claude Sonnet | o4-mini |
| Config format | JSON (.claude/settings.json) | YAML (config.yaml) |
- Start with
suggest mode until you trust the tool with your codebase.
- Write an
AGENTS.md with build commands and conventions, just like CLAUDE.md.
- The sandbox blocks network access, so commands needing the internet (e.g.,
npm install) will fail in full-auto. Approve those manually.
- Use
--notify for long-running tasks so you can context-switch.
- Codex CLI works well for focused, single-task sessions. Keep prompts concise.