Little Might
Subscribe
A small robot proudly holding up one large quick-reference card with blank ruled lines and a coral tab.

The Codex Cheat Sheet

An up-to-date Codex CLI cheat sheet covering GPT-5.4 models, reasoning, safety modes, config, AGENTS.md, and the commands worth memorizing.

Apr 5, 2026

6 min read

Updated Apr 13, 2026

Codex is OpenAI’s terminal-native coding agent. It can read your repo, edit files, run commands, use tools, and keep going for long multi-step tasks.

This is the cheat sheet I actually want handy: commands, safety settings, model picks, reasoning, config, and the prompting patterns that matter.

CLI Basics

# Start an interactive Codex session
codex

# Start interactive with an opening task
codex "Audit this repo for dead code and suggest deletions"

# Run non-interactively and exit
codex exec "Run the test suite and summarize the failures"

# Fast path for autonomous work inside the workspace sandbox
codex --full-auto "Fix the failing tests and explain what changed"

# Pick a model explicitly
codex -m gpt-5.4 "Design a migration plan for multi-tenant billing"

# Turn up reasoning for a hard debugging task
codex -c 'model_reasoning_effort="high"' "Trace the race condition in the job runner"

# Attach an image to the opening prompt
codex -i screenshot.png "Why is this UI broken on mobile?"

# Enable live web search
codex --search "Compare the latest React Server Components guidance before editing"

Important nuance: codex "task" starts an interactive session with that task as the opener. codex exec "task" is the better fit for scripts, CI, and one-shot runs.

Safety Model

Codex now has two separate controls:

  1. --sandbox controls where shell commands can operate.
  2. --ask-for-approval controls when Codex has to stop and ask you first.

Sandbox Modes

ModeWhat it means
read-onlyCodex can inspect, but shell commands cannot write
workspace-writeCodex can edit inside the repo and approved writable dirs
danger-full-accessNo filesystem sandboxing

Approval Policies

PolicyWhat it means
untrustedSafe/trusted commands run without asking; riskier commands escalate
on-requestCodex decides when it should ask
neverNever ask; failures are returned to the model

The Three Presets That Matter

IntentFlags
Read and inspect only-s read-only -a untrusted
Normal autonomous coding--full-auto
True YOLO mode--dangerously-bypass-approvals-and-sandbox
# Safe inspection
codex -s read-only -a untrusted "Explain the auth flow"

# Normal autonomous editing inside the workspace sandbox
codex --full-auto "Refactor the test helpers and run the affected tests"

# No sandbox, no approvals, no brakes
codex exec --dangerously-bypass-approvals-and-sandbox "Upgrade every dependency and fix the fallout"

--full-auto is not the same as the dangerous mode.

  • --full-auto is a convenience alias for -a on-request --sandbox workspace-write
  • --dangerously-bypass-approvals-and-sandbox (also --yolo in codex exec) skips both approvals and sandboxing entirely
Codex safety model: sandbox × approvalA 3-by-3 grid showing how Codex sandbox modes combine with approval policies. Three preset modes are plotted: safe inspect in the top-left, the everyday —full-auto preset in the center cell highlighted in coral, and —yolo in the bottom-right cell highlighted with a coral dashed border as the dangerous combination to avoid.APPROVAL POLICY →UNTRUSTEDON-REQUESTNEVERSANDBOX MODE ↓READ-ONLYWORKSPACE-WRITEDANGER-FULL-ACCESSRead & inspect-s read-only-a untrusted—full-autoyour everyday defaulton-request + workspace-write—yoloisolated runners only—bypass-approvals-and-sandbox

Two independent settings, three presets that matter. —full-auto is the everyday default; —yolo only belongs in isolated runners.

If you only need one extra writable location, prefer --add-dir over danger-full-access.

codex --add-dir ../shared-design-system "Update both this app and the shared package"

Key Flags

-m, --model <model>                  Pick the model
-c, --config key=value               Override config.toml values inline
-p, --profile <name>                 Use a saved config profile
-s, --sandbox <mode>                 read-only | workspace-write | danger-full-access
-a, --ask-for-approval <policy>      untrusted | on-request | never
--full-auto                          Shortcut for on-request + workspace-write
--dangerously-bypass-approvals-and-sandbox
--search                             Enable live web search
--add-dir <path>                     Add another writable directory
-i, --image <file>                   Attach image(s) to the opening prompt
-C, --cd <dir>                       Set the working root

Useful non-interactive extras:

codex exec --json "task"             Stream structured JSONL output
codex exec -o final.md "task"        Write the final message to a file
codex exec --ephemeral "task"        Don't persist the session
codex exec --skip-git-repo-check "task"
codex exec resume --last "continue the previous run"

Other subcommands worth remembering:

codex review                         Non-interactive code review
codex resume                         Resume an interactive session
codex fork                           Fork a previous session
codex mcp                            Manage MCP servers
codex features                       Inspect feature flags

Models

For general Codex usage today, think in terms of the GPT-5.4 family first, then pull in the Codex-tuned line when the workflow benefits from it.

Start here

Most sessions

gpt-5.4-mini

Fast enough to stay in flow, capable enough for day-to-day shipping.

Hard problems

gpt-5.4

Use when the task is expensive to get wrong: architecture, deep debugging, migrations, reviews.

Default

gpt-5.4

Best all-around pick when quality matters more than speed.

  • Architecture and design reviews
  • Complex debugging and root-cause work
  • High-blast-radius refactors and migrations

Fast loop

gpt-5.4-mini

The model I’d reach for first when I just need to keep moving.

  • Everyday implementation work
  • Renames, cleanup, scoped edits
  • Cheaper, faster iteration loops

Ultra-fast

gpt-5.3-codex-spark

The quick-hit Codex-tuned option when latency matters more than depth.

  • Fast fact checks and repo questions
  • Small edits and lightweight coding passes
  • Saving your heavier models for work that really needs them
ModelSpeed profileBest for
gpt-5.4StandardDeep analysis, architecture, migrations, novel problems
gpt-5.4-miniFastDefault everyday coding work
gpt-5.3-codex-sparkUltra-fastQuick queries, lightweight coding passes, fact checks
gpt-5.3-codexStandardCodex-tuned general-purpose coding tasks
gpt-5.2StandardOlder fallback when you need it explicitly

Important Distinction: GPT-5.4 vs Codex-Tuned Models

If you’re using the Codex CLI, the product can route across Codex-specific behavior for you.

If you’re building your own harness against the API, the Codex-tuned line is a separate thing. That’s where models like these live:

gpt-5-codexgpt-5.3-codex-sparkgpt-5.3-codexgpt-5.2-codex

Use the GPT-5.4 family when you want the latest general-purpose frontier models. Use a Codex-tuned model when you’re explicitly building an agentic coding workflow around the Responses API.

codex -m gpt-5.4 "Review this refactor for architectural risk"
codex -m gpt-5.4-mini "Rename these components and fix imports"

Thinking and Reasoning Effort

GPT-5.4 supports configurable reasoning effort. That’s the modern replacement for a lot of the old “which model should I pick?” decision-making.

Available levels:

nonelowmediumhighxhigh

Low

Cleanup and scoped edits

Use for straightforward mechanical work where latency matters.

Medium

The normal default

Good for most coding sessions when you want speed without making the model too shallow.

High

Real thinking work

Use for architecture changes, deep debugging, and tricky migrations.

XHigh

Only when it’s worth waiting

Reserve for the hardest tasks where extra latency is clearly justified.

# Hard problem, best model, more thinking
codex -m gpt-5.4 -c 'model_reasoning_effort="high"' \
  "Find the root cause of the deadlock in the sync pipeline"

# Faster iteration loop
codex -m gpt-5.4-mini -c 'model_reasoning_effort="medium"' \
  "Implement the agreed UI copy changes without touching styles"

My default posture:

  • gpt-5.4-mini + medium for normal work
  • gpt-5.4 + high when the task has real blast radius

AGENTS.md Is Still The Leverage Point

Codex still reads AGENTS.md, and it matters more than almost anything else you can do.

From the current Codex docs / prompting guide:

  • Codex injects AGENTS.md files into the conversation automatically
  • It reads them from ~/.codex plus the repo path from root to current directory
  • Later directories override earlier ones
  • Nested files compose, so you can set repo-wide rules and tighter local rules

That means this still works exactly the way you want:

  • Root AGENTS.md for repo-wide rules
  • Nested AGENTS.md files for subdirectory-specific behavior
  • Strong “never do this” lists to keep autonomous runs sane
# AGENTS.md

## Stack

Next.js 15, TypeScript, PostgreSQL, Tailwind v4.

## Rules

- Use pnpm
- Prefer existing components over new ones
- Do not edit .env files
- Do not change database schema without a migration

## Commands allowed

- pnpm test
- pnpm lint
- pnpm build

## Never

- git push
- rm -rf
- rewrite generated SDK files by hand

If you keep repeating yourself in prompts, the instruction belongs in AGENTS.md.

config.toml: Set Your Defaults Once

The current Codex CLI is much more config-driven than the older cheat sheets made it look.

Example:

# ~/.codex/config.toml
model = "gpt-5.4-mini"
model_reasoning_effort = "medium"
approval_policy = "on-request"
sandbox_mode = "workspace-write"
web_search = "cached"
personality = "pragmatic"

[sandbox_workspace_write]
network_access = true

[profiles.deep]
model = "gpt-5.4"
model_reasoning_effort = "high"
approval_policy = "on-request"
sandbox_mode = "workspace-write"

[profiles.safe]
approval_policy = "untrusted"
sandbox_mode = "read-only"

Then switch behavior without rewriting flags every time:

codex -p deep "Audit the billing rewrite before I merge it"
codex -p safe "Explain this repo and list the risky areas"

Headless and CI

Use codex exec for automation, not the plain interactive command.

# Machine-readable streaming output
codex exec --json "Run tests, fix failures, and output a summary"

# Persist only the final answer
codex exec -o codex-report.md "Review the PR and write findings"

# Fully isolated runner? Then the dangerous mode is fair game
codex exec --dangerously-bypass-approvals-and-sandbox \
  "Run the formatter, fix lint, run tests, and summarize the diff"

If you’re in CI and not inside an external sandbox already, don’t use the dangerous mode. Use a normal sandboxed run instead.

Prompt Patterns That Actually Work

Give Codex the full loop

Bad

Fix the bug.

Good

Find the cause of the checkout timeout, fix it, run the targeted tests, and summarize the change.

State what not to touch

Prompt pattern

Only edit files under src/payments/. Do not change UI copy or database schema.

Use reasoning effort instead of reflexively switching models

If the model is capable enough, try more thinking before model-hopping.

Use AGENTS.md for standing constraints

Don’t keep restating:

  • package manager
  • test commands
  • architecture rules
  • files and directories that are off-limits

Turn on search when freshness matters

codex --search "Check the latest Next.js caching guidance before changing this route handler"

Ask for planning first on high-blast-radius changes

Prompt pattern

Before editing anything, inspect the repo and propose the plan, files touched, risks, and verification steps.

That is still the cleanest way to prevent a chaotic autonomous run.

Quick Reference

codex                                  Start interactive session
codex "task"                           Start interactive with an opening task
codex exec "task"                      Run non-interactively
codex --full-auto "task"               Autonomous run in workspace sandbox
codex exec --dangerously-bypass-approvals-and-sandbox "task"
codex -m gpt-5.4 "task"                Use the strongest general model
codex -m gpt-5.4-mini "task"           Faster everyday model
codex -c 'model_reasoning_effort="high"' "task"
codex --search "task"                  Give Codex live web search
codex -p deep "task"                   Use a saved profile
codex --add-dir ../shared "task"       Add another writable directory
codex -i screenshot.png "task"         Start with image context
codex review                           Run a code review
codex resume                           Resume the last interactive thread

Three Rules

1. Write AGENTS.md first. The best Codex runs are front-loaded with constraints.

2. Learn the safety model. --full-auto is normal. --yolo is the dangerous one.

3. Prefer GPT-5.4-era defaults. Reach for gpt-5.4, gpt-5.4-mini, and reasoning effort before copying old o3 / o4-mini examples from stale posts.

Cathryn Lavery

Written by

Cathryn Lavery

Cathryn went from designing buildings to architecting products. She founded BestSelf, bought it back from private equity in 2024, and rebuilt it AI-native. She's currently building something new in AI. Little Might is where she doesn't have to keep it all in her head.

More about Cathryn

Related reading