All guides
MASTER CLASS · CODEX CLI · BEGINNER · ZERO ASSUMED

OpenAI Codex CLI: from zero to autonomous PR machine.

Install Codex. Configure it. Set up GPT-5 access. Wire up the right MCP servers and slash commands. Use the read → plan → ship loop that keeps it on rails.

▸ When you're done

Codex CLI runs on your machine, takes a task, ships a PR. You stop being the typist and start being the editor.

30 min walkthrough
4 tools · all free tier
Copy-paste ready · no theory
The stack
Codex CLI
Codex CLI
OpenAI's terminal coding agent — reads repos, writes code, opens PRs
ChatGPT Plus · $20/mo
OpenAI
OpenAI
GPT models, embeddings, function calling
Pay-as-you-go
GitHub
GitHub
Source control + Vercel auto-deploy on push
Free
Vercel
Vercel
Deploy your Next.js + agent endpoints in one git push
Free for hobby · $20/mo Pro
◢ The build · 6 steps · 30 min

Follow these in order. Don't skip.

Step 01 / 06

Install Codex CLI and authenticate

OpenAI Codex documentation
STEP 01
developers.openai.com/codex — keep this open in a tab.
Terminal
1# 1. Install via npm
2npm install -g @openai/codex
3 
4# 2. Sign in (opens browser, uses your ChatGPT Plus)
5codex login
6 
7# 3. Verify
8codex --version
9 
10# 4. Pick the model — gpt-5-codex is the default, you usually want it
11codex config set model gpt-5-codex
You're done when
Auth uses your ChatGPT Plus/Pro subscription — no separate API billing for the CLI. If you hit caps, you can switch to API mode in settings.
Step 02 / 06

Trust your repo (one-time per project)

Codex won't touch a repo until you mark it trusted. This is the safety boundary.

Terminal
1cd ~/projects/my-saas
2 
3# Trust this repo for Codex
4codex
5# → in the TUI, press / and run /trust
6 
7# Or set the auto-approval mode for read-only commands
8codex config set approvalMode "on-failure"
  • approvalMode: untrusted → asks for every action (slow but safe)
  • approvalMode: on-failure → auto-runs safe commands, asks only when something fails (recommended)
  • approvalMode: full-auto → autonomous mode (only for sandboxed agents)
Step 03 / 06

AGENTS.md — Codex's onboarding doc

Same idea as Claude Code's CLAUDE.md. Codex reads AGENTS.md at repo root on every session.

AGENTS.md
1# AGENTS.md — Codex briefing
2 
3## What this repo is
4A Next.js 16 SaaS for [your product]. App Router. TypeScript. Tailwind v4.
5 
6## Build + run
7- `npm run dev` — http://localhost:3000
8- `npm run lint` — must pass before commit
9- `npm run test` — Vitest, runs in <30s
10- `npm run build` — clean production build
11 
12## Conventions
13- Server Components default, `'use client'` only when needed
14- Imports use `@/*` alias for `./src/*`
15- Server-only files import from `@/lib/server/*`
16- Public env vars must be `NEXT_PUBLIC_*`, others are server-only
17 
18## Important: do NOT
19- Commit .env or .env.local
20- Run destructive git commands without asking
21- Add dependencies without flagging them
22- Touch supabase/migrations/ — those run in production
23 
24## Where to look first
25- API endpoints: src/app/api/**/*.ts
26- DB queries: src/lib/db/*.ts
27- UI components: src/components/
Heads up
Codex prioritizes AGENTS.md over training-data assumptions. Encode anything weird about your stack here — it'll save 30 minutes per session.
Step 04 / 06

Custom slash commands in Codex

.codex/prompts/ship.md
1Run before I push a PR:
2 
31. `npm run lint` — fix every warning
42. `npm run test` — all green
53. `npm run build` — no errors
64. `git diff main` — scan for debug logs, hard-coded URLs, secrets
75. Stage staged changes, write commit message in conventional-commits style
86. Push to current branch
97. Open PR with: title, what changed, why, how I tested
10 
11If any step fails, STOP and report.

Now /ship works in any Codex session inside this repo.

Step 05 / 06

MCP servers in Codex

Codex supports the same MCP standard as Claude Code. Connect once, available in every session.

Terminal
1# Edit ~/.codex/config.toml
2[mcp.servers.supabase]
3command = "npx"
4args = ["@supabase/mcp-server"]
5env = { SUPABASE_ACCESS_TOKEN = "sbp_..." }
6 
7[mcp.servers.vercel]
8command = "npx"
9args = ["@vercel/mcp-server"]
10env = { VERCEL_TOKEN = "..." }
11 
12[mcp.servers.github]
13command = "npx"
14args = ["@github/mcp-server"]
15env = { GITHUB_TOKEN = "ghp_..." }

Then Codex can run SQL against your Supabase, check Vercel deploy status, open issues — without you wiring API calls by hand.

Step 06 / 06

The autonomous loop — full-auto with guardrails

Once you trust your setup, you can hand Codex a task and walk away. The pattern that works: clear goal, explicit constraints, success criteria.

Terminal
1codex run "Add rate limiting to /api/contact.
2 
3Constraints:
4- Use Upstash Ratelimit (already in deps)
5- 5 requests per IP per minute
6- Return 429 with Retry-After header
7- Add a test in __tests__/api/contact.test.ts
8 
9Done when:
10- The new test passes
11- npm run lint is clean
12- npm run build succeeds
13- A PR is open with a clear description"
You're done when
This is the unlock. Tasks like this used to be 90 minutes of my time — now I write a 6-line prompt and check the PR 12 minutes later.
Ship-it checklist
6 CHECKS
  • Codex CLI installed and signed in via your ChatGPT plan
  • approvalMode set to on-failure for daily use
  • AGENTS.md describes your stack, commands, do-nots
  • At least one /command in .codex/prompts/
  • At least one MCP server in ~/.codex/config.toml
  • You shipped a real PR through Codex without typing the code yourself
← All guidesShow your build in the community →