OpenAI Codex CLI fundamentals for code analysis, review, and validation. Use when (1) executing codex commands for code review/analysis, (2) configuring models (gpt-5.2-codex/gpt-5.2/gpt-5.1-codex-max/codex-mini), sandbox modes (read-only/workspace-write), or reasoning effort (low/medium/high/xhigh), (3) managing Codex sessions with resume, (4) integrating Codex into automation scripts. Do NOT use for orchestration patterns (use codex-claude-loop instead).
/plugin marketplace add creator-hian/claude-code-plugins/plugin install csharp-plugin@creator-hian-marketplaceThis skill inherits all available tools. When active, it can use any tool Claude has access to.
VALIDATION.mdreferences/commands.mdreferences/examples.mdreferences/options.md| Environment | Git Repo | Command Format |
|---|---|---|
| Interactive terminal | Any | codex "prompt" |
| Claude Code / CI | ✅ Yes | codex exec -s read-only "prompt" |
| Claude Code / CI | ❌ No | codex exec --skip-git-repo-check -s read-only "prompt" |
Non-TTY environments (Claude Code, CI pipelines, scripts) require codex exec.
Before executing Codex commands, check if the working directory is a Git repository:
# Check Git repository status
git rev-parse --git-dir 2>/dev/null && echo "Git repo: YES" || echo "Git repo: NO"
--skip-git-repo-check flag (requires user awareness of security implications)# Basic code review (terminal)
codex "Review this code for bugs"
# Non-interactive mode (Claude Code/CI)
codex exec -s read-only "Review this code for bugs"
# With specific model and reasoning effort
codex exec -s read-only -m gpt-5.2-codex -c model_reasoning_effort=high "Deep analysis"
# With image input
codex exec -s read-only -i screenshot.png "What's shown here?"
# IMPORTANT: --skip-git-repo-check required for non-Git directories
# Ask user permission before using this flag
codex exec --skip-git-repo-check -s read-only "Review this code for bugs"
# With options
codex exec --skip-git-repo-check -s read-only -m gpt-5.2-codex "Deep analysis"
# IMPORTANT: Options must come BEFORE 'resume' subcommand
# SESSION_ID is from previous command output (e.g., 019ae3a3-f1cf-7dc1-8eee-8f424ae7a6f0)
# In Git repository
codex exec -s read-only resume [SESSION_ID] "Continue the analysis"
# Outside Git repository
codex exec --skip-git-repo-check -s read-only resume [SESSION_ID] "Continue the analysis"
codex, resume, apply, input/output patternsFull model details: See Options Reference
| Model | Best For |
|---|---|
gpt-5.2-codex | Complex analysis, critical systems (recommended) |
gpt-5.2 | General AI tasks, multi-domain |
gpt-5.1-codex-max | Security audits, architecture review |
gpt-5.1-codex-mini | Quick checks, batch operations |
Usage examples: See Options Reference
| Level | Use Case |
|---|---|
low | Simple checks, syntax review |
medium | Standard code review (default) |
high | Security audits, complex logic |
xhigh | Critical systems, exhaustive analysis |
| Mode | Description |
|---|---|
read-only | Cannot modify files (safest, recommended) |
workspace-write | Can modify workspace files |
danger-full-access | Full system access (use sparingly) |
Full options list: See Options Reference
Full examples: See Examples for detailed patterns
# Code review (Claude Code/CI)
codex exec -s read-only "Review: $(cat src/auth.js)"
# Maximum depth analysis
codex exec -m gpt-5.2-codex -c model_reasoning_effort=xhigh -s read-only "Security audit"
# Session continuity
codex exec -s read-only resume [SESSION_ID] "Continue analysis"
# Cross-directory
codex exec -C ./backend --add-dir ./frontend -s read-only "Review API"
# Non-Git directory (ask user first)
codex exec --skip-git-repo-check -s read-only "Analyze code"
| Issue | Description | Workaround |
|---|---|---|
-C with absolute paths | cwd is not absolute error with Windows paths like C:\path | Use relative paths (./subdir) or run from target directory |
| Path separators | Backslashes may cause issues | Use forward slashes (/) in paths |
# AVOID on Windows:
codex exec -C C:\Projects\myapp -s read-only "analyze"
# USE instead:
cd C:\Projects\myapp && codex exec -s read-only "analyze"
# OR use relative paths:
codex exec -C ./myapp -s read-only "analyze"
Error recovery patterns: See Examples
| Error | Cause | Solution |
|---|---|---|
stdin is not a terminal | Using codex in non-TTY | Use codex exec |
Not inside a trusted directory | Not in Git repo | Ask user, then use --skip-git-repo-check |
invalid value for '--ask-for-approval' | Invalid approval value | Use: untrusted, on-failure, on-request, never |
unexpected argument after resume | Options after resume | Place options BEFORE resume subcommand |
cwd is not absolute | Windows absolute path | Use relative paths or cd first |
No prompt provided via stdin | Empty prompt | Ensure prompt string is not empty |
| Task Type | Recommended Timeout | Claude Code Tool |
|---|---|---|
| Quick checks | 2 minutes | timeout: 120000 |
| Standard review | 5 minutes | timeout: 300000 |
| Deep analysis | 10 minutes | timeout: 600000 |
Recommendation: Use timeout: 600000 for all Codex exec commands (model_reasoning_effort=high/xhigh can take 3-7 minutes).
codex exec in Claude Code and CI environments (non-TTY)-s read-only for all review tasksresume to maintain session context--add-dir for cross-project context--full-auto only in controlled environments--skip-git-repo-check - explain implicationsuntrusted/on-failure/on-request/nevertimeout: 600000)