Codex is coming to ChatGPT. Not as a separate app — inside the same chat window where 400 million people already ask questions, draft emails, and generate images.
On June 2, OpenAI announced it: Codex functionality will be available "in the ChatGPT app everywhere in the next few weeks." Six new business plugins. A "Sites" feature that turns conversation into hosted web apps. Annotations that let you point at a specific chart in a slide and say "change this color."
Here's what the announcement didn't say, and what you need to know: Codex reads your files, edits your code, and runs shell commands — directly, with no preview mode. If you're one of the millions of ChatGPT users who's about to try agentic coding for the first time, these 10 tips will save you from the most expensive mistakes.
1. Never Start With the Default Settings
Codex has a three-layer control model, and this is the number one source of confusion:
| Layer | What It Controls | Default |
|---|---|---|
| Sandbox | Can Codex touch files outside your project? |
workspace-write (project only) |
| Approval | When does Codex pause and ask you? | on-request |
| Network | Can Codex reach the internet? | OFF |
Most beginners install Codex and immediately type codex "build me a Next.js app" — then watch it fail at npm install because network access is off by default. Neither the CLI nor the docs make this obvious. You'll stare at a cryptic error for ten minutes before realizing the fix is one flag away.
2. Do Not Use --yolo. Seriously.
Codex has a flag called --dangerously-bypass-approvals-and-sandbox. Its alias is --yolo. It removes every safety guardrail at once: sandbox restrictions, approval prompts, network limits — everything.
# This lets Codex do anything, anywhere, with no questions asked:
codex --yolo "Refactor the entire codebase"
OpenAI's own documentation says this should only be used in disposable Docker containers or CI runners. A malicious package.json postinstall script in a project you cloned six months ago can read your Codex credentials, .env files, and SSH keys.
If you must use it, use it inside a container. Never on your daily machine. Never on a shared server. Never because "it's just a small project."
3. The Silent network_access Trap
This is the most frustrating bug that hits every new user:
codex "Install React and set up Tailwind CSS"
# Codex: "Error: command not found: npm"
# You: "...what?"
Remember: sandbox_mode = "workspace-write" (the default) has network_access = false. Your agent can edit files but cannot run npm install, pip install, git push, or curl.
The fix:
codex --sandbox workspace-write --network "Install dependencies and set up the project"
Or better yet, set up a profile in ~/.codex/config.toml (see tip 4).
4. Use config.toml Profiles — It Saves 10x the Time
Stop passing flags on every command. Set up profiles once:
# ~/.codex/config.toml
[profiles.networked]
approval_policy = "never"
sandbox_mode = "workspace-write"
[profiles.networked.sandbox_workspace_write]
network_access = true
[profiles.yolo]
approval_policy = "never"
sandbox_mode = "danger-full-access"
Usage:
codex -p networked "Update all dependencies"
codex -p yolo "Non-interactive build" # Container only!
One-time setup, zero flags forever. This alone will save you more frustration than the rest of the tips combined.
5. AGENTS.md Is Your Only Guardrail
When you give Codex a vague instruction like "improve the codebase," it will wander — editing files it shouldn't, adding features you didn't ask for, "optimizing" things that were already optimal.
The fix is a file called AGENTS.md in your project root. Think of it as the specification document you'd give a human contractor:
## Goal
Migrate authentication from JWT hand-rolled to NextAuth.js v5.
## Acceptance Criteria
- All 47 existing tests pass without modification
- Login flow remains unchanged from user perspective
- Session duration unchanged (24h)
## Constraints
- Do not modify any file in /pages/api/payments/
- No new external dependencies beyond next-auth
- Database schema must remain exactly as-is
- Stop and report if any test fails — do not attempt to fix tests
A 50-line AGENTS.md will save you more time than a 500-line prompt.
6. /goal Is Not a Wish-Granting Machine
Codex has a /goal command that lets the agent work on multi-hour tasks across sessions — even when your laptop is closed. OpenAI engineers ran it for 25 hours continuously, consuming 13 million tokens and producing 30,000 lines of code from an empty repo.
The key phrase is "from an empty repo with a clear spec." Not "from a vague idea."
Good goal:
/goal "Migrate Express.js to Fastify per AGENTS.md spec.
Stop when all 47 tests pass and API response format is verified."
Bad goal:
/goal "Make the app faster"
A bad goal turns your agent into an expensive infinite loop. Give it a deliverable, a test to verify against, and a stop condition.
7. The "Sites" Feature Turns Chat Into Shareable Apps
This is the feature most ChatGPT users will actually use first. Starting in preview for business and enterprise customers, Codex can create and share interactive hosted websites and apps directly from conversation.
You describe what you want — a dashboard, a project board, a review workspace, a lightweight tool — and Codex builds it and gives you a URL. Share it with your team. They can interact with it, contribute input, and track progress.
For ChatGPT users who've never touched a terminal, this is the bridge. No CLI, no npm, no config — just describe what you need and get a working, shareable result.
8. MCP Connects Codex to Everything Else
The Model Context Protocol (MCP) is how Codex talks to third-party tools: databases, issue trackers, documentation, APIs.
A basic MCP setup in ~/.codex/config.toml:
[mcp_servers.github]
command = "npx"
args = ["-y", "@modelcontextprotocol/server-github"]
[mcp_servers.postgres]
command = "npx"
args = ["-y", "@modelcontextprotocol/server-postgres", "postgresql://localhost/mydb"]
With MCP configured, you can tell Codex:
"Check the open issues on GitHub, find the one about login timeout,
query the database for affected users, and write a fix."
Without MCP, you're copying and pasting between tools. With MCP, Codex does it in one go.
9. The Invisible Token Budget — Where Your Money Goes
Every ChatGPT plan includes Codex, but there's a limit. OpenAI enforces a 5-hour rolling window for token consumption. Once you hit the cap, you're throttled.
A single complex /goal task can burn millions of tokens in hours. OpenAI's benchmark run consumed 13 million tokens in 25 hours — with a top-tier model on max reasoning.
Practical habits that save quota:
- Use GPT-5.3-Codex (optimized) instead of GPT-5.5 for routine tasks
- Set explicit stop conditions in
AGENTS.md(prevents looping) - Break large tasks into smaller
/goalchunks with clear end states - Review the token counter in the TUI periodically — it's easy to forget
The fastest way to burn your monthly allowance: start a /goal on Friday afternoon with a vague instruction and walk away.
10. Always Audit After Every Session
Codex doesn't tell you what it changed — it just changes it. After every session, run this three-step audit before you commit anything:
# 1. See everything that changed
git diff --stat
git diff
# 2. Run the test suite
npm test
# If any test fails, investigate BEFORE committing
# 3. Check for common Codex artifacts
grep -r "TODO" src/ # Leftover placeholders
grep -r "console.log" src/ # Debugging cruft
grep -r "API_KEY" src/ # Accidentally committed secrets
Codex is excellent at writing code. It is terrible at knowing when to stop. Audit religiously — the one time you skip it is the one time it quietly rewrites your payment module.
Bonus: The config.toml You Should Copy on Day One
# ~/.codex/config.toml
approval_policy = "on-request"
sandbox_mode = "workspace-write"
[sandbox_workspace_write]
network_access = false
[profiles.networked]
approval_policy = "never"
sandbox_mode = "workspace-write"
[profiles.networked.sandbox_workspace_write]
network_access = true
[profiles.yolo]
approval_policy = "never"
sandbox_mode = "danger-full-access"
[auto_review]
policy = """
Allow: file modifications in workspace, git operations, test execution.
Reject: any .env operations, batch deletions exceeding 10 files.
"""
Save this, set up one AGENTS.md in your project root, and you're ready.
Codex inside ChatGPT is a genuinely important shift — not because the technology is new, but because it puts agentic coding in front of 400 million people who've never used it. The people who learn to use it safely will build faster than anyone else.
The people who skip these ten tips will learn them the hard way. Be the first group.
Top comments (0)