Files
2026-07-12 10:17:17 -04:00

2.0 KiB

Codex CLI — Detailed Integration Guide

Codex is OpenAI's autonomous coding agent CLI. This reference covers auth, edge cases, and gateway-specific pitfalls.

Auth

Codex can use OPENAI_API_KEY or OAuth. For Hermes itself, model.provider: openai-codex uses Hermes-managed Codex OAuth from ~/.hermes/auth.json after hermes auth add openai-codex. For standalone CLI, a valid OAuth session may live under ~/.codex/auth.json — do not treat a missing OPENAI_API_KEY alone as proof that Codex auth is missing.

One-Shot Tasks

terminal(command="codex exec 'Add dark mode toggle to settings'", workdir="~/project", pty=true)

For scratch work (Codex needs a git repo):

cd $(mktemp -d) && git init && codex exec 'Build a snake game in Python'

Background Mode (Long Tasks)

terminal(command="codex exec --full-auto 'Refactor the auth module'", workdir="~/project", background=true, pty=true)
# Returns session_id — monitor with process(action="poll"|"log")

Hermes Gateway Caveat

When invoking Codex CLI from a gateway/service context (Telegram-driven sessions), Codex workspace-write sandboxing may fail due to bubblewrap/user-namespace restrictions. Prefer:

codex exec --sandbox danger-full-access "<task>"

Use process boundaries as the safety layer: explicit workdir, clean git status before launch, narrow task prompts, git diff review, targeted tests.

Parallel Issue Fixing with Worktrees

# Create worktrees
git worktree add -b fix/issue-78 /tmp/issue-78 main

# Launch Codex in each
terminal(command="codex --yolo exec 'Fix issue #78'", workdir="/tmp/issue-78", background=true, pty=true)

Key Flags

Flag Effect
exec "prompt" One-shot execution, exits when done
--full-auto Sandboxed but auto-approves file changes
--yolo No sandbox, no approvals (fastest, most dangerous)
--sandbox danger-full-access No sandbox; useful when bubblewrap fails