Codex / concept
Codex workflow
A stable workflow usually includes: reading code, making plans, executing small steps, running verification, reviewing differences, and summarizing risks.

Recommended closed loop
A stable Codex workflow is Explore, Plan, Implement, Validate, Deliver. Each step can be reviewed and reproduced.
Explore
Read relevant documents and rules and don’t rush to change them.
plan
List the modification scope, steps, risks and verification methods.
implement
Make changes in small steps to avoid irrelevant refactoring.
Verify
Run builds, tests, lint or browser checks.
Delivery
Describe the changes, evidence, risks, and next steps.
Automated workflow
Non-interactive and automated scenarios should be more conservative: explicitly specify sandbox, approval policy, timeouts, output format, and failure handling.
codex exec --sandbox workspace-write "Check the current diff for obvious regressions and output a JSON summary"Complete usage points
Supplement the core concepts, operation sequences, permission boundaries and verification requirements that are easily compressed and missed in official documents, making it easier for English readers to learn completely by page.
Workflow must be reproducible
Codex's stable workflow can be abstracted into five steps: exploration, planning, implementation, verification, and delivery. Every step should be able to be inspected by humans, rather than having the agent run all the way to the end in a black box.
The exploration phase reads relevant files and rules; the planning phase lists modification points, risks and verification commands; the implementation phase makes small changes to avoid irrelevant refactorings; the verification phase runs real commands or browser processes; the delivery phase explains diff, evidence, risks and next steps.
Non-interactive workflows require explicit boundaries. When using exec or automation, specify the sandbox, approval policy, timeouts, output format, and failure handling. Don't give Codex wide permissions and obscure targets in silent mode.
Study Checklist
Put the content on this page into real tasks and use the five dimensions of entry, context, permissions, verification and team rules to check whether you have truly mastered it.
Study Checklist
After reading this page, do not just remember the concept name. You should be able to place "Codex workflow" back into a real Codex engineering workflow: where the task starts, what context the system loads, which actions need approval, how the result is verified, and how to roll back when it fails.
If this is a concept page, be specific about how it affects the real task: does it change context, permissions, execution paths, validation methods, or changes the team collaboration process.
- Be able to describe in your own words the specific problem this page solves, rather than just reciting the title.
- Able to write a minimal example task with goals, scope, prohibitions, and acceptance criteria.
- Be able to determine which information should be put into the current prompt and which should be captured as project rules or configurations.
- Be able to explain which long-term rules should go into AGENTS.md, and which runtime behavior should be handled by config.toml, permission profile, skills and MCP.
- Ability to check diffs, command output, test results, screenshots or PR notes after a task is completed instead of just trusting the natural language summary.
If this page is used for team training, ask learners to complete a small task with Codex: read and explain first, submit a plan, make the smallest useful change, and close with real verification commands plus human diff review.
Codex practical notes
Fill in the most overlooked execution details of Codex usage around local environments, privilege escalation, remote entry, automation failures, and rollbacks.
Codex Practical Notes
This page belongs to the core concepts of Codex. When learning, connect concepts to real-world implementation: will it change context, permissions, task splitting, verification paths, or change the way teams collaborate.
When handling tasks related to "Codex workflow", always confirm the current Git status and working directory first. Codex can make changes quickly, but it does not automatically know which uncommitted edits came from the user, which files are off limits, or which commands may affect production.
- Prioritize using low-risk branches or working trees for local tasks, and review them with git diff after completion.
- When it comes to installation dependencies, networking, databases, deployment, push, deletion, and reset, Codex must first be asked to explain the impact before approval.
- Results generated by remote or collaborative portals must also be confirmed back to PR, CI, build logs and test evidence.
- Automated tasks must define failure output and exit conditions in advance to avoid Codex repeatedly trying in the wrong direction.
Think of Codex as an engineering teammate who can execute commands, rather than an assistant who can only write text. The closer you get to a real system, the greater the need for clear boundaries, evidence, and rollbacks.