Codex CLI
Command Template
bash
codex exec \
--model {MODEL} \
--config model_reasoning_effort="{LEVEL}" \
--sandbox {SANDBOX_MODE} \
{AUTO_FLAG} \
--skip-git-repo-check \
-C {WORKING_DIR} \
"{PROMPT}" \
{SUPPRESS_FLAG}
Parameter Selection
| Task Type | Model | Reasoning | Sandbox | --full-auto |
|---|---|---|---|---|
| Complex bug investigation | gpt-5.3-codex | xhigh | read-only | NO |
| Large-scale refactoring | gpt-5.3-codex | high | workspace-write | YES |
| Standard code review | gpt-5.3-codex | high | read-only | NO |
| Infrastructure analysis | gpt-5.3-codex | high | read-only | NO |
| CI/CD optimization | gpt-5.2 | medium | read-only | NO |
| Quick code question | gpt-5.2 | medium | read-only | NO |
Parameter notes:
- •
gpt-5.3-codexfor code tasks,gpt-5.2for general/infra tasks - •Default sandbox to
read-only; useworkspace-writeonly when editing files - •
danger-full-access(network access) requires explicit user confirmation - •Add
--full-autoonly withworkspace-write - •Append
2>/dev/nullonly if user requests hidden output
Prompt Format
code
TASK: {clear, specific action}
CONTEXT: {tech stack, environment, constraints}
FOCUS: {specific areas to examine}
OUTPUT: {desired format and detail level}
Rules
- •Always include
--skip-git-repo-check,--model,--config model_reasoning_effort,--sandbox - •Never use
danger-full-accesswithout user confirmation - •Never use
--full-autowithread-only
Session Continuation
Resume previous session (inherits model and sandbox settings):
bash
codex exec --skip-git-repo-check resume --last
# Or with additional instructions:
echo "{instructions}" | codex exec --skip-git-repo-check resume --last
References
- •examples - Practical usage patterns
- •troubleshooting - Error handling and output formatting