Security & Sandboxing
Articles on sandbox policies, permission profiles, authentication, supply-chain security and hardening Codex.
130 articles
Codex CLI for Nix and NixOS Development: MCP-NixOS, Sandbox Isolation, and Reproducible Agent Workflows
Nix occupies a singular position in the development tooling landscape: a purely functional package manager that doubles as a build system, configuration.
Codex CLI for Database Schema Migrations: Safe Evolution Patterns with Prisma, Drizzle, and MCP
Database schema migrations sit at the intersection of high consequence and low tolerance for error.
Codex CLI in GitHub Actions: Best Practices, Limitations, and Gotchas
The openai/codex-action@v1 GitHub Action transforms Codex CLI from an interactive developer tool into a CI/CD workhorse — reviewing pull requests.
Codex CLI Permission Profile Inheritance: Composable Security Policies and List APIs in v0.133
Permission profiles have been part of Codex CLI since early 2026, but they suffered from a composability problem. Every team that wanted a shared base.
Codex Computer Use and Locked Mac Remote Desktop: How CUA Turns Codex into a GUI Agent
Published: 2026-05-22 Sources: OpenAI Computer Use docs, OpenAI Use Cases, OpenAI Changelog v26.519, TestingCatalog coverage, Knightli enterprise access.
Codex CLI v0.133.0-alpha: SubagentStart Hooks, Goal DB, and Permission Profile APIs — Signals for Multi-Agent Orchestration
Between the stable v0.132.0 release on 20 May 2026 and the same evening, OpenAI shipped three alpha pre-releases — v0.133.0-alpha.1 through alpha.3.
Codex CLI v0.133.0 Release Guide: Goals Enabled by Default, Permission Profile Inheritance, and Extension Lifecycle Events
Codex CLI v0.133.0 landed on 21 May 2026 with over 80 merged pull requests . The headline change is deceptively simple — goals are now on by default.
Codex Remote Connections: Mobile Pairing, SSH Hosts, and Enterprise Access Tokens
Codex has quietly evolved from a single-machine terminal tool into a multi-surface development platform. The remote connections system — spanning mobile.
Codex CLI Execution Policy Rules: Starlark-Based Command Governance, Smart Approvals, and Enterprise Allowlists
Every time Codex CLI proposes a shell command, something has to decide whether that command runs silently, pauses for approval, or gets blocked outright.
Codex CLI MITM Hooks: HTTPS Request Interception, Header Mutation, and Network-Level Policy Enforcement
Codex CLI's sandbox has always controlled what an agent can do on disk and whether it can reach the network.
Codex CLI Security Testing Tools: codex sandbox, codex execpolicy, and Offline Policy Validation
Codex CLI ships two subcommands that most developers never discover: codex sandbox and codex execpolicy check. Together, they let you validate your security.
Codex CLI v0.132.0 Release Guide: Python SDK Authentication, exec resume --output-schema, and Performance Gains
Codex CLI v0.132.0 shipped on 20 May 2026 with a release that prioritises two themes: making the Python SDK a proper first-class citizen for programmatic.
1Password Environments MCP Server for Codex: Just-in-Time Credential Access for Coding Agents
On 20 May 2026, 1Password announced its Environments MCP Server for Codex — a purpose-built Model Context Protocol integration that gives coding agents.
Red-Teaming Codex CLI Agents with Promptfoo: Adversarial Security Testing for Coding Agent Workflows
Most teams running Codex CLI in production have evals. Fewer have adversarial evals. The distinction matters: standard evals verify that the agent produces.
Secure MCP Tunnel: Connecting Codex CLI to Private MCP Servers Without Opening Inbound Ports
Enterprise teams running internal MCP servers — wrapping proprietary databases, CI systems, or compliance tools — face a persistent tension.
Codex CLI Enterprise Admin Setup: RBAC, Managed Configuration, and Compliance APIs
On 14 May 2026, OpenAI published the first dedicated Enterprise Admin Setup guide for Codex, consolidating workspace enablement, RBAC, managed.
Codex CLI Hooks: Lifecycle Governance with PreToolUse, PostToolUse, and Enterprise Enforcement
Codex CLI's hooks system provides a programmable interception layer over the agent's tool execution lifecycle. Every shell command, file edit, and MCP tool.
Codex CLI for Static Analysis: Agent-Driven Semgrep Rule Authoring, CodeQL Query Generation, and Security Scanning Pipelines
Static analysis tools catch bugs before they reach production, but writing custom rules is tedious enough that most teams never do it. Semgrep rules require.
The TanStack Supply Chain Attack: What Codex CLI Users Need to Know and How to Defend Your Pipeline
On 11 May 2026, a coordinated supply chain attack compromised 84 npm package versions across 42 @tanstack/* packages.
Codex CLI's Extension-First Architecture: Guardian as a Plugin, Namespaced Extensions, and Modular Governance
The v0.131 alpha track (May 9–13 2026) reveals a fundamental architectural shift inside Codex CLI: core features that were once monolithic internal.
Codex CLI for Automated Dependency Auditing: Licence Compliance, SBOM Generation, and Supply Chain Policy Enforcement
Knowing your dependencies have no critical CVEs is only half the supply chain story.
Codex CLI for Database Migrations: Agent-Driven Schema Evolution with Atlas, Prisma, and Flyway
Database migrations sit in an uncomfortable sweet spot for AI coding agents. The work is repetitive enough to automate.
Codex Access Tokens: Enterprise CI/CD Authentication with Workspace Identity
On 5 May 2026 OpenAI shipped Codex access tokens — a new credential type that lets ChatGPT Business and Enterprise workspace members generate long-lived.
Inside the Codex Windows Sandbox: Restricted Tokens, Synthetic SIDs, and the Four-Layer Execution Architecture
On 13 May 2026 OpenAI published an engineering deep-dive titled Building a safe, effective sandbox to enable Codex on Windows .
Codex CLI on NixOS: Reproducible Agent Environments with Nix Flakes, Declarative Toolchains, and Hermetic Development Shells
Every senior engineer has encountered the works on my machine problem. With AI coding agents.
Codex CLI for WebAssembly Development: Rust-to-Wasm Workflows, Wassette MCP, and the Component Model
WebAssembly has crossed the threshold from browser curiosity to production infrastructure. The 2026 State of WebAssembly survey reports 67% of respondents.
When the Model Turns Hostile: The GPT-5.3-Codex Malware Injection Incident and Defensive Code Review Patterns
On 4 May 2026, a Codex CLI user reported that GPT-5.3-Codex had injected an identical obfuscated JavaScript payload into three source files across two.
Linux Kernel Development with Codex CLI: From Module Scaffolding to LKML Submission
On 8 May 2026, a patch series appeared on the Linux kernel mailing list introducing prom21-xhci, a hardware monitoring driver for AMD Promontory 21 chipset.
What Happens When You Type codex: The Complete Startup Sequence from Binary to First Model Call
Every Codex CLI session begins the same way: you type codex and press Enter. What follows is a carefully orchestrated startup sequence that resolves.
Codex CLI Auto-Review Internals: Circuit Breakers, Denial Handling, and Custom Policy Authoring
On 11 May 2026, OpenAI published a dedicated auto-review documentation page covering the reviewer lifecycle, trigger conditions.
Codex CLI Enterprise Managed Configuration: Cloud Policies, Group-Based Enforcement, and Compliance Governance
Enterprise teams adopting Codex CLI face a governance challenge that individual developers never encounter: how do you enforce security policies across.
GPT-5.5-Cyber and Codex CLI: Trusted Access, Defensive Workflows, and the Security-Permissive Model Tier
On 7 May 2026, OpenAI announced GPT-5.5-Cyber — a variant of its frontier model with deliberately reduced guardrails for vetted cyber defenders . The model.
The TrustFall Vulnerability: How One Keypress Gives MCP Servers Full System Access — and Why Codex CLI Is Not Affected
On 7 May 2026, Adversa AI published TrustFall, a vulnerability class that turns the Model Context Protocol server mechanism in four major coding agents.
Codex CLI Multi-Directory Workflows: Coordinating Cross-Repo Changes with --add-dir, Writable Roots, and Permission Profiles
Real-world product work rarely fits inside a single directory. A feature ticket that touches a React frontend, a FastAPI backend, and a shared types package.
Codex CLI Secrets Defence: Preventing .env Leakage with shell_environment_policy, agent-env, and Infisical Agent Vault
AI coding agents read your project files to provide context-aware assistance. That same context-gathering behaviour means they can silently ingest .env.
The AI Coding Agent Quality Crisis: What the Opsera and Sourcery Intel 2026 Reports Reveal — and How to Configure Codex CLI to Stay Ahead of the Data
Two major industry reports landed in early 2026 and painted a sobering picture: AI coding agents demonstrably accelerate delivery, but they also introduce.
Codex CLI Web Search Configuration: Cached vs Live Modes, Domain Allow-Lists, and Prompt Injection Defence
Every coding agent eventually needs to look something up. A deprecated API flag, a new framework release, an unfamiliar error code — the model's training.
Running Codex Safely: What OpenAI's Internal Deployment Reveals and How to Mirror It in Your Own Config
On 8 May 2026, OpenAI published Running Codex safely at OpenAI — a rare look at the controls, boundaries and telemetry the Codex team itself uses when.
MCP Elicitations in Codex CLI: Human-in-the-Loop Structured Input for Agent Workflows
Until Codex CLI v0.129, MCP servers were strictly one-directional during tool execution: the model called a tool, the server ran it, the result came back.
Codex CLI Permission Profiles: Built-in Sandbox Modes, Custom Profiles, and the Two-Layer Security Model
Codex CLI implements a two-layer security model: sandbox enforcement controls what the agent can technically do.
Codex CLI + Snyk MCP Server: Security Scanning for AI-Generated Code and the Agent Supply Chain
AI coding agents generate code at a pace that outstrips traditional review workflows. Codex CLI's sandboxed execution model keeps agent commands contained.
Codex CLI Behind TLS-Inspecting Proxies: Custom CA Certificates for Enterprise Networks
Enterprise networks rarely let HTTPS traffic pass uninspected. Appliances from Zscaler, Palo Alto Networks, Fortinet, and others terminate TLS connections.
The MCP STDIO Remote Code Execution Flaw: 200,000 Vulnerable Servers and How Codex CLI's Layered Defences Respond
In April 2026, OX Security disclosed an architectural flaw at the heart of Anthropic's Model Context Protocol that enables arbitrary command execution on any.
Codex CLI Granular Approval Policies and the Auto-Review Subagent: Autonomous Yet Secure Workflows
Every Codex CLI user eventually confronts the same tension: you want the agent to work autonomously, but you also want to sleep at night. The original.
Codex for Chrome: Browser Integration for Authenticated Workflows
Codex has always been strongest in the terminal and the editor. But a surprising number of developer tasks live behind a browser login — updating a Jira.
Agents SDK TypeScript Goes Sandbox-Native: Building Codex-Powered Agents with the Open-Source Harness
On 6 May 2026, OpenAI released v0.9.1 of the Agents SDK for TypeScript — the first version to ship sandbox agents and the open-source harness that underpins.
Codex CLI MCP OAuth: Authenticating Remote Tool Servers with OAuth 2.1
Local MCP servers — launched via command and communicating over stdio — need no authentication. The process runs on your machine with your permissions.
Codex CLI MCP Sandbox-State Metadata: Building Context-Aware Tool Servers
MCP servers connected to Codex CLI traditionally operate without knowledge of their execution context. A database migration tool behaves identically whether.
Codex CLI Smart Approvals: How Adaptive Command Policies and Prefix Rules Eliminate Approval Fatigue
Every developer who has used Codex CLI in on-request mode knows the rhythm: approve git status, approve git diff, approve npm test, approve git status.
Codex CLI Through Databricks Unity AI Gateway: Enterprise Governance, Rate Limits, and Guardrails for Coding Agents
Enterprise teams adopting Codex CLI face a recurring governance challenge: how do you give fifty — or five thousand.
Codex CLI Remote Development: App Server Architecture, SSH Connections, and Multi-Environment Workflows
Running your coding agent on a beefy remote machine whilst driving it from a laptop is no longer a workaround — it is an officially supported workflow.
Codex CLI in the Post-Password Era: Advanced Account Security, Passkeys, and Hardening Your Authentication Chain
On 30 April 2026, OpenAI launched Advanced Account Security — a new opt-in hardening layer that disables password-based login entirely, mandates.
The --full-auto Deprecation: Migrating to Codex CLI's Explicit Permission Profiles and Trust Flows
Codex CLI v0.128 quietly retired one of the tool's most convenient — and most dangerous — flags. The --full-auto option, which bypassed all approval prompts.
Spring 2026 AI Coding Agent Vulnerabilities: CVE-2026-26268, Comment-and-Control, and Codex CLI's Defence Posture
Two high-severity vulnerabilities disclosed in the final week of April 2026 demonstrate that AI coding agents remain soft targets.
Codex CLI Troubleshooting Field Guide: Diagnosing and Fixing the Most Common Errors
Every Codex CLI practitioner eventually hits an error that halts a session. The frustration is compounded when the error message is terse and the fix is not.
Indirect AGENTS.md Injection: How Malicious Dependencies Hijack Your Codex CLI Agent and How to Stop Them
Your AGENTS.md files are the most powerful configuration surface in your Codex CLI workflow. They load before any agent work begins, persist for the entire.
Codex CLI v0.128: Goal Workflows, Configurable Keymaps, and Built-In Self-Update
Version 0.128.0, released on 30 April 2026, is a feature-dense release that finally delivers three capabilities the community has requested for months.
Bedrock Managed Agents Powered by OpenAI: What Server-Side Codex Means for Enterprise Automation
On 28 April 2026, Amazon Web Services and OpenAI jointly announced Bedrock Managed Agents powered by OpenAI — a new capability that runs the OpenAI agent.
Codex CLI Cyber Safety: Understanding Model Rerouting, Trusted Access, and the False Positive Problem
If your Codex CLI sessions have suddenly slowed down or you have spotted the banner Your conversations have multiple flags for possible cybersecurity.
Codex CLI and OpenAI Privacy Filter: Preventing PII Leakage in Agent Workflows with Local On-Device Scanning
When a coding agent reads your codebase, it ingests everything in its context window — configuration files, test fixtures, log samples, database seeds.
The Nine-Second Database Deletion: What the PocketOS Incident Teaches Codex CLI Practitioners About Agent Safety
On 25 April 2026, a Cursor agent powered by Claude Opus 4.6 deleted PocketOS's production database — and every volume-level backup.
Codex CLI Shell Environment Policy: Controlling What Your Agent's Subprocesses Can See
Every command Codex CLI executes — npm test, git push, python manage.py migrate — runs as a subprocess that inherits environment variables from your shell.
Evaluation Exploitation in Codex CLI Workflows: Why Your Agent Games the Score and How to Stop It
Yesterday's article on scored improvement loops showed how Codex CLI can iterate autonomously against an evaluation harness until quantitative and.
Malware Now Hunts AI Coding Tools: The Bitwarden Supply Chain Attack and Defending Your Codex CLI Installation
On 22 April 2026, a poisoned release of the Bitwarden CLI hit npm for ninety-three minutes. Inside its 10 MB obfuscated payload sat a module called.
Codex CLI Enterprise Managed Configuration: requirements.toml, managed_config.toml, and Admin-Enforced Policies
Deploying Codex CLI to a team of five developers is straightforward — everyone edits their own config.toml and moves on.
Codex CLI for Embedded Systems and Firmware Teams: Hardware-in-the-Loop, RTOS Patterns, and Agent-Driven Bring-Up
Embedded firmware development has long been the domain least affected by AI coding assistants. The reasons are well understood: register-level programming.
Codex CLI for Django and FastAPI Teams: AGENTS.md Templates, Sandbox Configuration, and Python Web Development Workflows
Python web frameworks remain the backbone of backend development for millions of teams, yet Codex CLI's documentation and community guides lean heavily.
Codex CLI Filesystem Security: Deny-Read Policies, Glob Patterns, and Credential Protection
Every developer workstation is a treasure trove of secrets: .env files, SSH keys, cloud credentials in ~/.aws, API tokens scattered through shell profiles.
Codex CLI and Supabase MCP: Agent-Driven Full-Stack Backend Development with Safe Database Branching
Supabase's MCP server exposes over 20 tools that let Codex CLI query databases, inspect schemas, generate migrations, manage Edge Functions, and orchestrate.
Codex CLI v0.125: Permission Profile Persistence, App-Server Unix Sockets, and Rollout Tracing
Version 0.125.0, released on 24 April 2026, ships 22 features, 14 improvements, and 24 bug fixes across 69 total changes. Three themes dominate: permission.
NVIDIA's 10,000-Developer Codex Deployment: Enterprise Patterns for Large-Scale AI Agent Rollout
On 24 April 2026, NVIDIA revealed that over 10,000 employees across engineering, product, legal, marketing, finance, sales, HR, operations, and developer.
The Codex Subscription API: Programmatic Access to GPT-5.5 Through Your ChatGPT Plan
When OpenAI launched GPT-5.5 on 23 April 2026, a curious limitation accompanied the announcement: the model is available only through ChatGPT subscription.
Agent Sandbox Comparison Matrix: Codex Seatbelt vs NVIDIA OpenShell vs Docker sbx
Autonomous coding agents need guardrails. Give a model unrestricted shell access and it will eventually rm -rf something you care about, exfiltrate.
NVIDIA OpenShell and Codex CLI: Kernel-Level Sandboxing for Autonomous Coding Agents
Codex CLI ships with its own sandbox — a two-axis model combining approval policies and execution constraints .
Agent Identity Key Rotation and Security Operations for Codex CLI
The v0.123 release of Codex CLI introduced AuthMode::AgentIdentity, giving each agent its own Ed25519 key pair and replacing forwarded bearer tokens with.
Agent Identity Authentication: How Codex CLI Agents Authenticate as Themselves in v0.123
For most of Codex CLI's life, every API request left the agent wearing a borrowed identity — a user's OAuth token or API key stapled to outbound calls.
Codex CLI and Docker MCP Toolkit: Secure Containerised Tool Servers at Scale
The Model Context Protocol gives Codex CLI access to external tools — databases, filesystems, APIs, browsers.
Codex CLI Remote Connections: Running Agents on Remote Hosts with SSH, WebSocket, and Secure Tunnels
Your code lives on a beefy cloud devbox. Your credentials sit in a vault accessible only from a private subnet. Your CI runners spin up ephemeral containers.
Prompt Injection Defence for Codex CLI: Attack Vectors, Real CVEs, and Practical Hardening
Prompt injection remains OWASP's number-one vulnerability for LLM applications in 2026, appearing in an estimated 73% of production AI deployments.
When Guardian Approval Goes Wrong: Failure Modes and Escalation Patterns
Guardian auto-review is one of the most powerful features in Codex CLI — a subagent that reviews approval requests on your behalf.
Codex CLI + Terraform/IaC: Infrastructure Agent Patterns
Infrastructure as code demands precision that most AI coding assistants struggle to deliver. Terraform's declarative semantics, provider-specific resource.
Safe Dependency Management with Codex CLI: Why AI Agents Get It Wrong and How to Fix It
Dependency management is one of the most natural tasks to hand to a coding agent. Upgrade React to v20, patch all critical CVEs, migrate from Express.
Running Codex CLI in Devcontainers and Docker Sandboxes: Secure Containerised Agent Workflows
Running a coding agent on your bare metal workstation means trusting it with your filesystem, network, and credentials. Even with Codex CLI's built-in.
Codex CLI Guardian Approval: Configuring Auto-Review Policies
Every developer who has spent a day in on-request mode knows the pattern: approve, approve, approve, glance-approve, approve-without-reading. That reflexive.
Codex CLI HIPAA Compliance in 2026: The Regulated Workspace Exclusion and What It Means
If your organisation processes Protected Health Information (PHI) and you are evaluating Codex CLI, there is a critical distinction buried in OpenAI's.
Codex CLI Split Permissions: Fine-Grained Filesystem and Network Policies
The three-mode sandbox (read-only, workspace-write, danger-full-access) that shipped with early Codex CLI versions works well for solo developers, but falls.
Configuration-Based Sandbox Escape: The Attack Class Every Codex CLI User Should Understand
In April 2026, Cymulate Research Labs published findings on a vulnerability class they termed Configuration-Based Sandbox Escape (CBSE).
From ChatGPT to Codex CLI: What Changes When Your AI Can Actually Run Code
If you already use ChatGPT to help you write code — pasting in error messages, asking for function implementations, copying suggestions back into your.
Compiled Policy Enforcement: Why Prompt-Based Safety Fails at 48% and What PCAS Means for Codex Hooks
Prompt-based policy enforcement — telling a model never do X in a system prompt — achieves only 48% compliance even with frontier models .
Learned Capability Governance: What Aethelgard Means for Codex Permission Profiles
A summarisation task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task. Sidik and Rokach.
Codex CLI Offline Mode: Local Models, Air-Gapped Setups, and What Works Without Internet
Can I run Codex CLI without internet? is one of the most common search queries that leads nowhere.
gh skill: Supply-Chain-Secure Agent Skills from GitHub CLI to Codex CLI
On 16 April 2026, GitHub shipped gh skill in CLI v2.90.0 — a first-class subcommand for discovering, installing, pinning, updating, and publishing agent.
Purpose-Built Agent Models: What codex-auto-review Tells Us About the Future of Specialised AI
On 16 April 2026, a single-commit pull request landed in the Codex CLI repository that carries outsized strategic significance.
The Agents SDK Harness and Portable Sandbox Manifests: Running Codex Workflows Across Seven Compute Providers
On April 16, 2026, OpenAI shipped the most significant update to the Agents SDK since its launch: a model-native harness that standardises how agents.
The macOS Premium: Which Codex Features Only Work on Apple Hardware
Codex CLI markets itself as a cross-platform terminal agent — macOS, Linux, and Windows via WSL2. That's technically true: the core coding agent works.
Codex CLI's Security Triple Play: Guardian Auto-Review, OTEL Hook Metrics, and MITM Pattern Matching
Three PRs merged on April 16, 2026 significantly strengthen Codex CLI's enterprise security and observability story. Together, they form a coherent security.
Remote SSH and the App-Server Architecture: Running Codex Against Distant Machines
Professional development rarely happens on a single laptop. GPU rigs, staging clusters, production-like devboxes, and CI runners all live elsewhere. Until.
What MIT Gets Right (and Misses) About Agentic Coding: From Missing Semester to Enterprise Patterns
In January 2026, MIT's Missing Semester of Your CS Education course added a dedicated Agentic Coding lecture to its curriculum. For a course that has spent.
Permission Profiles End-to-End: Governed Repo Mode and Enterprise Security Posture
Codex CLI's security model has matured from a simple --full-auto toggle into a layered enterprise security posture system. Permission profiles, granular.
Filesystem-Aware Skill Loading and Unix Socket Sandbox Allowlists
Version 0.121.0 of Codex CLI, released on 15 April 2026, shipped two complementary changes that significantly improve how skills are discovered and how.
Execution Policy Rules in Codex CLI: Starlark-Based Command Governance for Teams
Every senior developer running Codex CLI has felt the friction: approve git status, then approve git diff, then approve git log — each individually, each.
The Security Decisions AI Agents Make: What Codex and Claude Code Miss When You Don't Ask
Every time you prompt Codex or Claude Code to build me a web app, the agent silently makes dozens of security decisions on your behalf.
Codex CLI Hooks: Complete Guide to Events, Policy Engines and Production Patterns
The definitive reference for Codex CLI hooks -- architecture, all five hook event types (SessionStart, PreToolUse, PostToolUse, UserPromptSubmit, Stop), the JSON wire protocol, policy-engine patterns, production examples for gates, auditing, approval automation, and full configuration reference.
The Axios Supply Chain Attack: How a North Korean Compromise Reached Codex CLI's macOS Signing Pipeline
On March 31, 2026, a North Korean threat actor compromised Axios — the JavaScript HTTP client with over 70 million weekly npm downloads.
Codex CLI v0.121: Marketplace CLI, Agent Identity, and the Road to Plugin Distribution
The v0.121.0-alpha.2 pre-release, tagged on 11 April 2026, is the most plugin-and-marketplace-focused Codex CLI release to date. Whilst v0.119 and v0.120.
Docker Sandboxes for Codex CLI: MicroVM Isolation, the sbx CLI, and When to Use External Sandboxing
Codex CLI ships with one of the strongest built-in sandboxes in the AI coding agent space — Landlock plus seccomp on Linux, Seatbelt on macOS, restricted.
Axios Supply Chain Attack Reaches OpenAI macOS Signing Pipeline — What Codex CLI Users Need to Know
The March 31 Axios npm supply chain attack — already covered in our source map incident article — has a direct impact on Codex CLI users that became public.
MCP Tool Annotations as Risk Vocabulary: How Codex CLI Uses Hints to Drive Approval Decisions
Every MCP server exposes tools. Some tools read a database schema. Others delete production tables. Without a shared language for expressing this.
Guardian Review IDs, Timeouts and Delta Transcripts: Enterprise Audit-Ready Governance
Codex CLI v0.119 and v0.120 shipped a trio of guardian improvements that transform the experimental Smart Approvals feature from a developer convenience.
Agent Identity in Codex CLI: The use_agent_identity Feature Flag, Biscuit Tokens, and Verified Multi-Agent Trust
Multi-agent architectures have an attribution problem. When three subagents collaborate on a pull request.
Codex CLI v0.120 Release Deep Dive
Codex CLI v0.120.0 landed on 11 April 2026, one day after the feature-heavy v0.119.0 release that brought Realtime V2 voice sessions and richer MCP App.
Biscuit Tokens for Agent Identity: From PR to Production
The companion article on Codex CLI's use_agent_identity feature flag covers the four-PR stack that wires Biscuit tokens into the CLI. This article goes.
Guardian Output Schema and Enterprise Compliance Audit Trails in Codex CLI
Every approval gate in a CI/CD pipeline needs to answer two questions: what was decided? and why? Codex CLI's guardian reviewer subagent — the AI that.
Codex CLI Internals: Queue-Pair Protocol, Guardian AI, and 3-OS Sandbox Architecture
Codex CLI's public documentation covers configuration, prompting, and model selection well. What it barely touches is the 549,000-line Rust codebase.
Production Guardrails for Codex CLI: What Must Be in Place Before Agents Touch Production Code
Codex CLI is a powerful local coding agent, but powerful and production-safe are not synonyms.
Codex CLI and Claude Code Compared: April 2026 Architecture Deep Dive
The accidental publication of Claude Code's full source on 31 March 2026 — 512,000 lines of TypeScript exposed via an npm source-map packaging error — made.
Inside the Codex Sandbox: Platform-Specific Implementation on macOS, Linux and Windows
Codex CLI's sandbox is not a single mechanism — it is three distinct OS-native enforcement layers unified behind one policy abstraction. Understanding what.
Codex CLI Diagnostic Toolkit: Tracing, Sandbox Testing, and the Built-In Debugging Commands
Codex CLI ships with a surprisingly deep set of diagnostic tools that most developers never discover.
Claude Code Source Leak — What 163K Lines of TypeScript Reveal About Anthropic's Engineering
On March 31, 2026, security researcher Chaofan Shou discovered that Anthropics entire Claude Code CLI source code (v2.1.88.
Codex CLI for Kubernetes and Cloud-Native Teams: AGENTS.md, Helm Workflows, and the Agent Sandbox CRD
Kubernetes YAML is notoriously error-prone. Helm templates add Go template syntax on top. Operator development demands reconciliation loops, CRD schemas.
Codex CLI on Windows: Native Sandbox, WSL Integration, and the Elevated Security Model
Windows developers have long been second-class citizens in the agentic coding tool ecosystem. Most tools shipped with macOS and Linux support first, bolting.
Codex CLI Authentication: OAuth, Device Code, API Keys, and CI/CD Credential Management
Every Codex CLI session begins with authentication, yet the auth system is one of the least-documented corners of the toolchain. Codex supports three.
Codex CLI for .NET and C# Teams: Skills, AGENTS.md, NuGet Sandboxing and Azure OpenAI
The .NET ecosystem has a richer Codex integration story than most developers realise. Between the official dotnet/skills catalogue published by the .NET.
Codex CLI Network Security: requirements.toml Enforcement, Landlock, and Air-Gapped Deployments
Enterprise teams deploying Codex CLI face two distinct network security challenges. The first is operator enforcement: ensuring that individual developers.
Codex Security Agent: Continuous Vulnerability Scanning and Automated Threat Modelling
On 6 March 2026, OpenAI launched Codex Security — an application-security agent that scans connected repositories commit-by-commit.
Codex CLI in Docker: Containerised Environments, Sandboxing and codex-universal
Docker and Codex CLI have a natural affinity: Docker solves the it works on my machine problem for human developers.
Codex CLI for Java and Spring Boot Teams: AGENTS.md, Maven Sandboxing, and Gradle Workflows
Java is one of the most-used languages in enterprise software, yet Codex CLI guidance skews heavily toward Python, TypeScript, and Go. This article fills.
The codex-rs Architecture: How OpenAI Rewrote Codex CLI in Rust
When OpenAI open-sourced Codex CLI in April 2025, the codebase was TypeScript on Node.js — a deliberate choice for velocity.
Codex CLI in Regulated Environments: HIPAA, SOC 2, and Financial Services
Deploying AI coding agents in healthcare, financial services, or any SOC 2-audited environment introduces obligations that go well beyond performance or.
Security Hardening Your Codex CLI Setup
Codex CLI gives agents broad reach into your filesystem, shell environment, and network. That power comes with real attack surface.