mirror of
https://github.com/openai/codex.git
synced 2026-05-28 15:00:16 +00:00
fac7c71098
Add cloud_requirements_composition to parse backend-selected enterprise-managed requirements fragments independently, apply remote_sandbox_config per fragment, and fold the parsed layers in backend priority order into ConfigRequirementsWithSources. Export the composer and fragment types from codex-config.
Add RequirementSource::EnterpriseManaged { id, name } so diagnostics can name the exact managed layer when a single fragment owns a value. When multiple fragments contribute to one composed field, provenance collapses back to CloudRequirements.
Merge strategy: cloud fragments are ordered highest priority first. The default rule is priority-first: lower-priority layers fill gaps, but do not normally override an already configured higher-priority value.
Field policies: top-level scalar/list fields are first configured value wins, including allowed_approval_policies, allowed_approvals_reviewers, allowed_sandbox_modes, allowed_web_search_modes, allow_managed_hooks_only, enforce_residency, and guardian_policy_config. Blank guardian_policy_config is treated as unset.
remote_sandbox_config is applied inside each fragment before merging, then discarded. Feature requirements merge by key, with the first value per feature winning.
Hooks append event arrays in bundle order. The active platform managed hook dir is a singleton and conflicting values fail closed. The inactive platform hook dir is first-filled so OS-specific layers can coexist.
MCP server requirements merge as keyed unions. Unique server ids are accumulated, identical duplicate definitions are allowed, and conflicting duplicate server ids fail closed. Plugin-scoped MCP servers follow the same rule under each plugin id.
Apps reuse the existing requirements behavior: app enabled=false is disable-wins across layers, while tool approval settings keep the higher-priority value when present and lower-priority layers fill missing tool settings.
Rules prefix_rules append in bundle order. Network scalar fields are first-wins, while network domains and unix_sockets are keyed unions: unique keys are accumulated and duplicate keys keep the highest-priority value. Filesystem permissions deny_read is a stable union with deduplication.
Add composition-boundary tests covering parse diagnostics, source provenance, first-wins scalars, per-fragment remote sandbox matching, feature key precedence, hook append/conflict behavior, MCP conflict behavior, app disable-wins reuse, network keyed union semantics, rules appending, and filesystem deny_read dedupe.
Codex CLI is a coding agent from OpenAI that runs locally on your computer.
If you want Codex in your code editor (VS Code, Cursor, Windsurf), install in your IDE.
If you want the desktop app experience, run
codex app or visit the Codex App page.
If you are looking for the cloud-based agent from OpenAI, Codex Web, go to chatgpt.com/codex.
Quickstart
Installing and running Codex CLI
Run the following on Mac or Linux to install Codex CLI:
curl -fsSL https://chatgpt.com/codex/install.sh | sh
Run the following on Windows to install Codex CLI:
powershell -ExecutionPolicy ByPass -c "irm https://chatgpt.com/codex/install.ps1 | iex"
Codex CLI can also be installed via the following package managers:
# Install using npm
npm install -g @openai/codex
# Install using Homebrew
brew install --cask codex
Then simply run codex to get started.
You can also go to the latest GitHub Release and download the appropriate binary for your platform.
Each GitHub Release contains many executables, but in practice, you likely want one of these:
- macOS
- Apple Silicon/arm64:
codex-aarch64-apple-darwin.tar.gz - x86_64 (older Mac hardware):
codex-x86_64-apple-darwin.tar.gz
- Apple Silicon/arm64:
- Linux
- x86_64:
codex-x86_64-unknown-linux-musl.tar.gz - arm64:
codex-aarch64-unknown-linux-musl.tar.gz
- x86_64:
Each archive contains a single entry with the platform baked into the name (e.g., codex-x86_64-unknown-linux-musl), so you likely want to rename it to codex after extracting it.
Using Codex with your ChatGPT plan
Run codex and select Sign in with ChatGPT. We recommend signing into your ChatGPT account to use Codex as part of your Plus, Pro, Business, Edu, or Enterprise plan. Learn more about what's included in your ChatGPT plan.
You can also use Codex with an API key, but this requires additional setup.
Docs
This repository is licensed under the Apache-2.0 License.