npm i -g @openai/codex
or brew install --cask codex
Codex CLI is a coding agent from OpenAI that runs locally on your computer.
If you want Codex in your code editor (VS Code, Cursor, Windsurf), install in your IDE
If you are looking for the cloud-based agent from OpenAI, Codex Web, go to chatgpt.com/codex
Install globally with your preferred package manager. If you use npm:
npm install -g @openai/codexAlternatively, if you use Homebrew:
brew install --cask codexThen simply run codex to get started:
codexIf you're running into upgrade issues with Homebrew, see the FAQ entry on brew upgrade codex.
You can also go to the latest GitHub Release and download the appropriate binary for your platform.
Each GitHub Release contains many executables, but in practice, you likely want one of these:
- macOS
- Apple Silicon/arm64:
codex-aarch64-apple-darwin.tar.gz - x86_64 (older Mac hardware):
codex-x86_64-apple-darwin.tar.gz
- Apple Silicon/arm64:
- Linux
- x86_64:
codex-x86_64-unknown-linux-musl.tar.gz - arm64:
codex-aarch64-unknown-linux-musl.tar.gz
- x86_64:
Each archive contains a single entry with the platform baked into the name (e.g., codex-x86_64-unknown-linux-musl), so you likely want to rename it to codex after extracting it.
Run codex and select Sign in with ChatGPT. We recommend signing into your ChatGPT account to use Codex as part of your Plus, Pro, Team, Edu, or Enterprise plan. Learn more about what's included in your ChatGPT plan.
You can also use Codex with an API key, but this requires additional setup. If you previously used an API key for usage-based billing, see the migration steps. If you're having trouble with login, please comment on this issue.
Codex can access MCP servers. To configure them, refer to the config docs.
Codex CLI supports a rich set of configuration options, with preferences stored in ~/.codex/config.toml. For full configuration options, see Configuration.
Codex can enforce your own rules-based execution policy before it runs shell commands.
- Create a policy directory:
mkdir -p ~/.codex/policy. - Create one or more
.codexpolicyfiles in that folder. Codex automatically loads every.codexpolicyfile in there on startup. - Write
prefix_ruleentries to describe the commands you want to allow, prompt, or block:
prefix_rule(
pattern = ["git", ["push", "fetch"]],
decision = "prompt", # allow | prompt | forbidden
match = [["git", "push", "origin", "main"]], # examples that must match
not_match = [["git", "status"]], # examples that must not match
)patternis a list of shell tokens, evaluated from left to right; wrap tokens in a nested list to express alternatives (e.g., match bothpushandfetch).decisionsets the severity; Codex picks the strictest decision when multiple rules match (forbidden > prompt > allow).matchandnot_matchact as (optional) unit tests. Codex validates them when it loads your policy, so you get feedback if an example has unexpected behavior.
In this example rule, if Codex wants to run commands with the prefix git push or git fetch, it will first ask for user approval.
Use execpolicy2 CLI to preview decisions for policy files:
cargo run -p codex-execpolicy2 -- check --policy ~/.codex/policy/default.codexpolicy git push origin mainPass multiple --policy flags to test how several files combine. See the codex-rs/execpolicy2 README for a more detailed walkthrough of the available syntax.
- Getting started
- Configuration
- Sandbox & approvals
- Authentication
- Automating Codex
- Advanced
- Zero data retention (ZDR)
- Contributing
- Install & build
- FAQ
- Open source fund
This repository is licensed under the Apache-2.0 License.