GPT-5 Codex: How to Use Codex in IDE, CLI, or Cloud — The Complete Guide

If you write code, GPT-5-Codex can stop being a novelty and become your everyday teammate. This article walks you step-by-step through installing and using Codex inside IDEs (VS Code, Cursor, Windsurf), via the Codex CLI, and by delegating heavy jobs to Codex Cloud — plus model tuning, security, prompt templates, and troubleshooting. Read the quick checklist, then dive into the deep, actionable steps.

Key takeaways

• Install the Codex extension in VS Code/Cursor/Windsurf or install the Codex CLI (npm/brew).
• Sign in with your ChatGPT account for simplest auth; enable MFA/SSO for safety.
• Switch to GPT-5-Codex and tune reasoning (low/med/high) per task.
• Use Approval modes intelligently: Chat/Read-Only → Agent → Full Access.
• Delegate long tasks to cloud sandboxes to run tests and create PRs.

Quick setup

1. IDE: Install Codex extension → sign in with ChatGPT → pin/move sidebar → pick GPT-5-Codex.
2. CLI: npm install -g @openai/codex or brew install codex → run codex → authenticate.
3. Cloud: Visit chatgpt.com/codex → connect GitHub → delegate tasks (ask vs code mode).
4. Always enable MFA and review approval mode before granting network/full access.

GPT-5-Codex is designed to act on your code—read it, edit it, run tests, and prepare pull requests. That’s different from a code autocomplete: it can reason about multi-file context and perform changes. For developers, this means less time on boilerplate, faster bug fixes, and better ramp for new team members. This guide synthesizes the product docs and practical workflows into a step-by-step playbook you can use today.

What is GPT-5-Codex?

GPT-5-Codex is a version of GPT-5 tuned for agentic coding. That means it’s optimized for interactive, task-oriented jobs: reading code, modifying it, running commands, producing diffs, and generating PRs. Use cases include refactoring, automated test generation, security audits, CI failure fixes, and multi-file feature work. Because Codex can actually run commands, we treat it like a powerful tool that must be managed (approval modes, MFA, sandboxing).

Using Codex inside your IDE (VS Code, Cursor, Windsurf)

This is the most interactive way to work with Codex: you get inline suggestions, file-aware prompts, and one-click diffs.

Supported IDEs & platforms

• Visual Studio Code (Stable + Insiders)
• Cursor
• Windsurf
• macOS & Linux: fully supported
• Windows: experimental; recommended workflow is Windows Subsystem for Linux (WSL)

Step-by-step: install and set up the extension

1. Get the extension
   • Open your IDE Marketplace and search for Codex. (Or download the appropriate package for Cursor/Windsurf from the extension page.)
2. Install & restart
   • Install the extension and restart the editor if it doesn’t appear.
3. Locate Codex in the activity bar
   • On VS Code the Codex icon appears in the left activity bar. Pin it for quick access.
4. Move Codex to the right sidebar (optional but handy)
   • Drag the Codex icon to the right of the editor.
   • In Cursor you may need to temporarily set the activity bar to vertical via Workbench → Activity Bar Orientation, restart, move Codex, then revert back.
5. Sign in
   • When prompted, sign in with your ChatGPT account (recommended). This ties Codex usage to your plan (Plus/Pro/Team/Edu/Enterprise).
   • If you must, you can configure API key auth (advanced; requires extra setup).
6. Verify the extension updated
   • The extension auto-updates. You can also open the extension page and check for updates manually.

Configure shortkeys & preferences

• Open Codex chat → Settings → Keyboard shortcuts.
• Bind commands like “Toggle Codex chat”, “Add selection to Codex context”, or “Approve last action”. Small shortcuts keep the flow tight.

Model selection & reasoning effort

• Open the model switcher under the chat input.
• Choose GPT-5 for general assistance or GPT-5-Codex for agentic code tasks.
• Choose reasoning effort: low, medium, high.
  • Low → fast edits (formatting, linting)
  • Medium → everyday refactors and sensible changes
  • High → deep audits, security reviews, complex architecture changes

Approval modes (safety & workflow)

• Chat / Read-Only: No edits — great for planning and Q&A.
• Agent (default): Can read files, edit files, and run commands in the working directory, but asks for network/out-of-workspace access.
• Agent (Full Access): Grants automatic network/outside workspace access — use only in trusted projects.

Practical flow: Start in Chat, review suggestions, move to Agent, then grant targeted approvals. Avoid Full Access unless you truly trust the code and environment.

How to reference files (context anchors)

Use @filename notation in prompts while in your editor:

Use @example.tsx to add a "Resources" page that lists items from @resources.ts and keep styles consistent.

This gives Codex precise context without pasting large code blocks.

Example IDE prompts

Refactor @auth.js: extract reusable hooks, keep behavior, and add Jest tests for token refresh logic.

Use @dashboard.jsx and @apiClient.ts to find and fix the cause of the XHR 500 error when loading user stats.

Codex CLI: terminal-first workflows

The CLI is ideal for quick, scriptable tasks, CI troubleshooting, and integrating Codex into developer scripts.

Install Codex CLI (macOS & Linux; WSL for Windows)

# Using npm
npm install -g @openai/codex

# Using Homebrew
brew install codex

Check version:

codex --version

First run & authentication

Run:

codex

The CLI will prompt you to authenticate. Signing in with a ChatGPT account is simplest and binds Codex to your plan. You can also configure API keys using environment variables or config files if required by your build.

Interactive & non-interactive use

Interactive explanation

codex "explain this codebase"

Fix a CI failure (non-interactive)

codex exec "fix the CI failure"

Attach images to CLI prompts

codex -i screenshot.png "Explain this error in the test output"

Switch model in the CLI

# in interactive session or via command
/model gpt-5-codex high

Scripting & automation

You can use Codex in CI scripts or local automation:

# Example: run Codex to generate tests and commit locally
codex exec "Add tests for src/payment.js and write a test suite using jest"
git add .
git commit -m "chore: add tests generated by Codex"

Tip: Keep a human review step before merging any Codex-generated commits.

CLI approval modes

• auto / interactive / /approvals control whether Codex applies changes automatically in the working directory. Use /approvals to require explicit permission for each action.

Codex Cloud: delegate long tasks safely

When you want Codex to run in parallel, create PRs, or analyze large codebases, use the Cloud mode.

How cloud works (simple)

• Each cloud task provisions a sandboxed container with the code and dependencies you choose.
• Codex runs inside the sandbox: it can run unit tests, build steps, and produce diffs or PRs.
• Results are returned as actionable outputs: diffs, PR drafts, diagrams, or audit reports.

Setup & GitHub connection

1. Visit chatgpt.com/codex.
2. Connect your GitHub account and authorize repo access.
3. Start a new task or delegate from the IDE/CLI to the cloud.

Important: Admins for Enterprise may need to enable workspace access.

Ask mode vs Code mode

• Ask mode: Codex answers questions and provides diagrams or analysis without editing code. Use it for exploratory understanding.
• Code mode: Codex modifies code in the sandbox and can open PRs or provide diffs for review.

Example cloud prompts

Ask mode

Document the full request flow from client → API gateway → service → DB, and produce a mermaid.js diagram.

Code mode

From my branch, add unit tests for src/auth and src/payment, run them, and open a draft PR with the changes.

Security & governance in cloud

• Sandboxes are ephemeral; they don’t keep long-term state by default.
• Enforce MFA / SSO for all users.
• Use least privilege for GitHub tokens and scopes.
• Audit PRs and require human approval before merges.

Best practices — get useful outputs fast

Codex responds best to prompts that are clear, contextual, and scoped. Use human cognition principles: reduce cognitive load, chunk tasks, anchor context.

Prompt patterns that work

1. Goal → Context → Constraint → Output
   • Goal: what do you want?
   • Context: which files / repo / tags?
   • Constraint: style, tests, performance constraints.
   • Output: PR/diff, test cases, code snippet.

Template

Goal: Add tests for authentication flows.
Context: See @auth.js, @session.js
Constraints: Use Jest, aim for 90% branch coverage, don't change public API.
Output: Draft PR with tests and test runner output.

2. Chunk large tasks
   • Break “rewrite app” into small passes: audit → refactor → tests → QA.
3. Ask Codex to think step-by-step for complex logic:

Please think step-by-step: audit @payments.js for memory leaks and propose fixes with tests.

Examples: refactor, bugfix, review

• Refactor

Refactor @userController to extract validation into a reusable module. Keep API interface unchanged. Add unit tests for validation.

• Bugfix

Stack trace: <stack>. Find the failing function and patch the bug. Run tests and summarize results.

• Review

Review PR: <diff> — suggest improvements, flag security issues, and propose unit tests.

Security, privacy & org best practices

Treat Codex like a privileged tool.

Account & auth

• Enable MFA for all accounts. Mandatory for email/password logins.
• For social logins (Google/Microsoft/Apple), enable provider MFA.
• For orgs, enforce SSO + MFA.

Least privilege & approvals

• Use Read-Only for analysis; Agent for workspace edits; Full Access only for trusted pipelines.
• Keep cloud GitHub tokens scoped to required repos only.
• Don’t paste secrets into prompts — use environment configs inside sandboxes.

Code hygiene

• Run unit tests and linters on Codex changes.
• Require human review and CI passing before merging any Codex PRs.
• Use commit signing or bots to label Codex-created commits.

Troubleshooting

Extension not visible: restart editor; check extension installs; pin collapsed activity items.
Model won’t switch: use the model switcher in the chat area or /model in CLI.
CLI command not found: ensure npm homebrew bin paths are in your PATH; rerun install.
Windows instability: run Codex under WSL.
Cloud GitHub connect fail: check OAuth app permissions and repo scopes; admin approval may be required.

Useful CLI checks

which codex
codex --version
codex --help

Final checklist before you run Codex

• Install extension or CLI and confirm version.
• Sign in with ChatGPT and enable MFA.
• Choose GPT-5-Codex and set reasoning level.
• Start in Chat/Read-Only to vet outputs.
• Move to Agent for edits; only grant Full Access when safe.
• Review diffs, run tests, and merge with human oversight.

Conclusion

GPT-5-Codex turns repetitive, error-prone developer flows into an assistant-driven process: faster PRs, quicker bug fixes, and a consistent approach to refactors and tests. Use responsible setup, secure authentication, and human review — then Codex becomes a force multiplier rather than a risk.

FAQ Related to GPT-5 Codex

Do I need a paid plan?

Codex features are available with ChatGPT Plus/Pro/Team/Edu/Enterprise or API key setup; plans differ by usage and provisioning.
Can Codex access external network?

Only with explicit approval or Full Access.
Will Codex leak secrets?

Don’t paste secrets into prompts; use sandbox env vars and restrict container outputs.

Source

Also Read..

• The Golden Age to Build With AI: $1.5B Founder Jesse Zhang on Jobs, Skills, and What’s Next
• Replit Just Releases Agent 3: Forget Coding—It Builds Apps, Tests Them, and Automates Workflows continuously for 3+ hours