codex

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Codex Execution Skill

Codex执行技能

Prerequisites

前置条件

Codex CLI installed and configured (
```
~/.codex/config.toml
```
)
Verify availability:
```
codex --version
```
on first use per session

已安装并配置Codex CLI（
```
~/.codex/config.toml
```
）
验证可用性：每次会话首次使用时执行
```
codex --version
```

Workflow Checklist

工作流检查清单

For every Codex task, follow this sequence:

☐ Detect HPC/Slurm environment:
- Check if running on HPC cluster (look for
```
/home/woody/
```
  ,
```
/home/hpc/
```
  , Slurm env vars)
- If HPC detected: Always use
  --yolo
  flag to bypass Landlock sandbox restrictions
☐ Ask user for execution parameters via
```
AskUserQuestion
```
(single prompt):
- Model:
```
gpt-5
```
  ,
```
gpt-5-codex
```
  , or default
- Reasoning effort:
```
minimal
```
  ,
```
low
```
  ,
```
medium
```
  ,
```
high
```
☐ Determine sandbox mode based on task:
- ```
read-only
```
  : Code review, analysis, documentation
- ```
workspace-write
```
  : Code modifications, file creation
- ```
danger-full-access
```
  : System operations, network access
- HPC override: Always add
```
--yolo
```
  flag (bypasses Landlock restrictions)
☐ Build command with required flags:
bash
```
codex exec [OPTIONS] "PROMPT"
```
Essential flags:
- ```
-m <MODEL>
```
  (if overriding default)
- ```
-c model_reasoning_effort="<LEVEL>"
```
- ```
-s <SANDBOX_MODE>
```
  (skip on HPC)
- ```
--skip-git-repo-check
```
  (if outside git repo)
- ```
-C <DIRECTORY>
```
  (if changing workspace)
- ```
--full-auto
```
  (for non-interactive execution, cannot be used with --yolo)
HPC command pattern (with
```
--yolo
```
to bypass Landlock):
bash
```
codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check \
  "Analyze this code: $(cat /path/to/file.py)" 2>/dev/null
```
Note:
```
--yolo
```
is an alias for
```
--dangerously-bypass-approvals-and-sandbox
```
and is REQUIRED on HPC clusters to avoid Landlock sandbox errors. Do not use --full-auto with --yolo as they are incompatible.
☐ Execute with stderr suppression:
- Append
```
2>/dev/null
```
  to hide thinking tokens
- Remove only if user requests verbose output or debugging
☐ Validate execution:
- Check exit code (0 = success)
- Summarize output for user
- Report errors with actionable solutions
- If Landlock/sandbox errors on HPC: verify
```
--yolo
```
  flag was used, retry if missing
☐ Inform about resume capability:
- "Resume this session anytime:
```
codex resume
```
  "

所有Codex任务均需遵循以下步骤:

☐ 检测HPC/Slurm环境:
- 检查是否在HPC集群上运行（查找
```
/home/woody/
```
  、
```
/home/hpc/
```
  、Slurm环境变量）
- 若检测到HPC：必须使用
  --yolo
  标志以绕过Landlock沙箱限制
☐ 通过
AskUserQuestion
向用户询问执行参数（单次提示）:
- 模型：
```
gpt-5
```
  、
```
gpt-5-codex
```
  或默认模型
- 推理力度：
```
minimal
```
  、
```
low
```
  、
```
medium
```
  、
```
high
```
☐ 根据任务确定沙箱模式:
- ```
read-only
```
  ：代码审查、分析、文档生成
- ```
workspace-write
```
  ：代码修改、文件创建
- ```
danger-full-access
```
  ：系统操作、网络访问
- HPC覆盖规则：始终添加
```
--yolo
```
  标志（绕过Landlock限制）
☐ 构建包含必要标志的命令:
bash
```
codex exec [OPTIONS] "PROMPT"
```
关键标志:
- ```
-m <MODEL>
```
  （若要覆盖默认模型）
- ```
-c model_reasoning_effort="<LEVEL>"
```
- ```
-s <SANDBOX_MODE>
```
  （HPC环境下跳过）
- ```
--skip-git-repo-check
```
  （若在git仓库外执行）
- ```
-C <DIRECTORY>
```
  （若要切换工作区）
- ```
--full-auto
```
  （用于非交互式执行，不可与--yolo同时使用）
HPC命令格式（使用
```
--yolo
```
绕过Landlock）:
bash
```
codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check \
  "Analyze this code: $(cat /path/to/file.py)" 2>/dev/null
```
注意：
```
--yolo
```
是
```
--dangerously-bypass-approvals-and-sandbox
```
的别名，在HPC集群上是必需的，以避免Landlock沙箱错误。请勿同时使用--full-auto和--yolo，二者不兼容。
☐ 执行时抑制标准错误输出:
- 添加
```
2>/dev/null
```
  以隐藏思考标记
- 仅在用户请求详细输出或调试时移除该参数
☐ 验证执行结果:
- 检查退出码（0表示成功）
- 为用户总结输出内容
- 报告错误并提供可操作的解决方案
- 若HPC环境下出现Landlock/沙箱错误：验证是否使用了
```
--yolo
```
  标志，若缺失则重试
☐ 告知用户会话恢复功能:
- "随时恢复此会话：
```
codex resume
```
  "

Command Patterns

命令示例

🔥 HPC QUICK TIP: On HPC clusters (e.g.,
/home/woody/
,
/home/hpc/
), ALWAYS add
--yolo
flag to avoid Landlock sandbox errors. Example:
codex exec --yolo -m gpt-5 ...

🔥 HPC快速提示：在HPC集群（如
/home/woody/
、
/home/hpc/
）上，务必添加
--yolo
标志以避免Landlock沙箱错误。示例：
codex exec --yolo -m gpt-5 ...

Read-Only Analysis

只读分析

bash

codex exec -m gpt-5 -c model_reasoning_effort="medium" -s read-only \
  --skip-git-repo-check --full-auto "review @file.py for security issues" 2>/dev/null

bash

codex exec -m gpt-5 -c model_reasoning_effort="medium" -s read-only \
  --skip-git-repo-check --full-auto "review @file.py for security issues" 2>/dev/null

Stdin Input (bypasses sandbox file restrictions)

标准输入（绕过沙箱文件限制）

bash

cat file.py | codex exec -m gpt-5 -c model_reasoning_effort="low" \
  --skip-git-repo-check --full-auto - 2>/dev/null

Note: Stdin with

flag may not be supported in all Codex CLI versions.

bash

cat file.py | codex exec -m gpt-5 -c model_reasoning_effort="low" \
  --skip-git-repo-check --full-auto - 2>/dev/null

注意：使用

标志的标准输入可能并非在所有Codex CLI版本中都受支持。

HPC/Slurm Environment (YOLO Mode - Bypass Landlock)

HPC/Slurm环境（YOLO模式 - 绕过Landlock）

When running on HPC clusters with Landlock security restrictions, use the

--yolo

flag:

bash

undefined

在使用Landlock安全限制的HPC集群上，使用

--yolo

标志：

bash

undefined

Primary solution: --yolo flag bypasses Landlock sandbox

主要解决方案：--yolo标志绕过Landlock沙箱

codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check
"Analyze this code: $(cat /path/to/file.py)" 2>/dev/null


**Alternative: Manual Code Injection** (if --yolo is unavailable):
```bash

codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check
"Analyze this code: $(cat /path/to/file.py)" 2>/dev/null


**替代方案：手动代码注入**（若--yolo不可用）:
```bash

Capture code content and pass directly in prompt

捕获代码内容并直接传入提示

codex exec -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check --full-auto
"Analyze this Python code: $(cat file.py)" 2>/dev/null

Or for large files, use heredoc:
```bash
codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check "$(cat <<'ENDCODE'
Analyze the following code comprehensively:

$(cat file.py)

Focus on: architecture, algorithms, multi-GPU optimization, potential bugs, code quality.
ENDCODE
)" 2>/dev/null

Note:

--yolo

is short for

--dangerously-bypass-approvals-and-sandbox

and is safe on HPC login nodes where you have limited permissions anyway. Do not combine --yolo with --full-auto as they are incompatible.

codex exec -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check --full-auto
"Analyze this Python code: $(cat file.py)" 2>/dev/null

对于大文件，可使用here文档：
```bash
codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check "$(cat <<'ENDCODE'
Analyze the following code comprehensively:

$(cat file.py)

Focus on: architecture, algorithms, multi-GPU optimization, potential bugs, code quality.
ENDCODE
)" 2>/dev/null

注意：

--yolo

是

--dangerously-bypass-approvals-and-sandbox

的缩写，在HPC登录节点上使用是安全的，因为你在此处的权限本来就有限。请勿同时使用--yolo和--full-auto，二者不兼容。

Code Modification

代码修改

bash

codex exec -m gpt-5 -c model_reasoning_effort="high" -s workspace-write \
  --skip-git-repo-check --full-auto "refactor @module.py to async/await" 2>/dev/null

bash

codex exec -m gpt-5 -c model_reasoning_effort="high" -s workspace-write \
  --skip-git-repo-check --full-auto "refactor @module.py to async/await" 2>/dev/null

Resume Session

恢复会话

bash

echo "fix the remaining issues" | codex exec --skip-git-repo-check resume --last 2>/dev/null

bash

echo "fix the remaining issues" | codex exec --skip-git-repo-check resume --last 2>/dev/null

Cross-Directory Execution

跨目录执行

bash

codex exec -C /path/to/project -m gpt-5 -c model_reasoning_effort="medium" \
  -s read-only --skip-git-repo-check --full-auto "analyze architecture" 2>/dev/null

bash

codex exec -C /path/to/project -m gpt-5 -c model_reasoning_effort="medium" \
  -s read-only --skip-git-repo-check --full-auto "analyze architecture" 2>/dev/null

Using Profiles

使用配置文件

bash

codex exec --profile production -c model_reasoning_effort="high" \
  --full-auto "optimize performance in @app.py" 2>/dev/null

bash

codex exec --profile production -c model_reasoning_effort="high" \
  --full-auto "optimize performance in @app.py" 2>/dev/null

CLI Reference

CLI参考

Core Flags

核心标志

Flag	Values	When to Use
`-m, --model`	`gpt-5` , `gpt-5-codex`	Override default model
`-c, --config`	`key=value`	Runtime config override (repeatable)
`-s, --sandbox`	`read-only` , `workspace-write` , `danger-full-access`	Set execution permissions
`--yolo`	flag	REQUIRED on HPC - Bypasses all sandbox restrictions (alias for `--dangerously-bypass-approvals-and-sandbox` ). Cannot be used with --full-auto
`-C, --cd`	`path`	Change workspace directory
`--skip-git-repo-check`	flag	Allow execution outside git repos
`--full-auto`	flag	Non-interactive mode (workspace-write + approvals on failure). Cannot be used with --yolo
`-p, --profile`	`string`	Load configuration profile from config.toml
`--json`	flag	JSON event output (CI/CD pipelines)
`-o, --output-last-message`	`path`	Write final message to file
`-i, --image`	`path[,path...]`	Attach images (repeatable or comma-separated)
`--oss`	flag	Use local open-source model (requires Ollama)

标志	取值	使用场景
`-m, --model`	`gpt-5` , `gpt-5-codex`	覆盖默认模型
`-c, --config`	`key=value`	运行时配置覆盖（可重复使用）
`-s, --sandbox`	`read-only` , `workspace-write` , `danger-full-access`	设置执行权限
`--yolo`	标志	HPC环境必需 - 绕过所有沙箱限制（ `--dangerously-bypass-approvals-and-sandbox` 的别名）。不可与--full-auto同时使用
`-C, --cd`	`path`	切换工作区目录
`--skip-git-repo-check`	标志	允许在git仓库外执行
`--full-auto`	标志	非交互模式（工作区写入 + 失败时自动确认）。不可与--yolo同时使用
`-p, --profile`	`string`	从config.toml加载配置文件
`--json`	标志	输出JSON格式事件（用于CI/CD流水线）
`-o, --output-last-message`	`path`	将最终消息写入文件
`-i, --image`	`path[,path...]`	附加图片（可重复使用或逗号分隔）
`--oss`	标志	使用本地开源模型（需Ollama）

Configuration Options

配置选项

Model Reasoning Effort (

-c model_reasoning_effort="<LEVEL>"

```
minimal
```
: Quick tasks, simple queries
```
low
```
: Standard operations, routine refactoring
```
medium
```
: Complex analysis, architectural decisions (default)
```
high
```
: Critical code, security audits, complex algorithms

Model Verbosity (

-c model_verbosity="<LEVEL>"

```
low
```
: Minimal output
```
medium
```
: Balanced detail (default)
```
high
```
: Verbose explanations

Approval Prompts (

-c approvals="<WHEN>"

```
on-request
```
: Before any tool use
```
on-failure
```
: Only on errors (default for
```
--full-auto
```
)
```
untrusted
```
: Minimal prompts
```
never
```
: No interruptions (use with caution)

模型推理力度 (

-c model_reasoning_effort="<LEVEL>"

```
minimal
```
: 快速任务、简单查询
```
low
```
: 标准操作、常规重构
```
medium
```
: 复杂分析、架构决策（默认值）
```
high
```
: 关键代码、安全审计、复杂算法

模型详细程度 (

-c model_verbosity="<LEVEL>"

```
low
```
: 最少输出
```
medium
```
: 平衡的详细程度（默认值）
```
high
```
: 详细解释

确认提示 (

-c approvals="<WHEN>"

```
on-request
```
: 在使用任何工具前
```
on-failure
```
: 仅在出错时（--full-auto的默认值）
```
untrusted
```
: 最少提示
```
never
```
: 无中断（谨慎使用）

Configuration Management

配置管理

Config File Location

配置文件位置

~/.codex/config.toml

~/.codex/config.toml

Runtime Overrides

运行时覆盖

bash

undefined

bash

undefined

Override single setting

覆盖单个设置

codex exec -c model="gpt-5" "task"

Override multiple settings

覆盖多个设置

codex exec -c model="gpt-5" -c model_reasoning_effort="high" "task"

undefined

codex exec -c model="gpt-5" -c model_reasoning_effort="high" "task"

undefined

Using Profiles

使用配置文件

Define in

config.toml

toml

[profiles.research]
model = "gpt-5"
model_reasoning_effort = "high"
sandbox = "read-only"

[profiles.development]
model = "gpt-5-codex"
sandbox = "workspace-write"

Use with:

bash

codex exec --profile research "analyze codebase"

在

config.toml

中定义：

toml

[profiles.research]
model = "gpt-5"
model_reasoning_effort = "high"
sandbox = "read-only"

[profiles.development]
model = "gpt-5-codex"
sandbox = "workspace-write"

使用方式：

bash

codex exec --profile research "analyze codebase"

Resume Behavior

会话恢复行为

Automatic inheritance:

Model selection
Reasoning effort
Sandbox mode
Configuration overrides

Resume syntax:

bash

undefined

自动继承:

模型选择
推理力度
沙箱模式
配置覆盖

恢复语法:

bash

undefined

Resume last session

恢复最后一个会话

codex exec resume --last

Resume with new prompt

使用新提示恢复会话

codex exec resume --last "continue with next steps"

Resume via stdin

通过标准输入恢复会话

echo "new instructions" | codex exec resume --last 2>/dev/null

Resume specific session

恢复特定会话

codex exec resume <SESSION_ID> "follow-up task"


**Flag injection** (between `exec` and `resume`):
```bash

codex exec resume <SESSION_ID> "follow-up task"


**标志注入**（在`exec`和`resume`之间）:
```bash

Change reasoning effort for resumed session

更改恢复会话的推理力度

codex exec -c model_reasoning_effort="high" resume --last

undefined

codex exec -c model_reasoning_effort="high" resume --last

undefined

Error Handling

错误处理

Validation Loop

验证循环

Execute command
Check exit code (non-zero = failure)
Report error with context
Ask user for direction via
```
AskUserQuestion
```
Retry with adjustments or escalate

执行命令
检查退出码（非零表示失败）
附带上下文报告错误
通过
```
AskUserQuestion
```
询问用户下一步方向
调整后重试或升级问题

Permission Requests

权限请求

Before using high-impact flags, request user approval via

AskUserQuestion

```
--full-auto
```
: Automated execution
```
-s danger-full-access
```
: System-wide access
```
--yolo
```
/
```
--dangerously-bypass-approvals-and-sandbox
```
:
- HPC clusters: No approval needed (required for operation)
- Personal machines: Request approval (full system access)

在使用高影响标志前，需通过

AskUserQuestion

请求用户批准：

```
--full-auto
```
: 自动化执行
```
-s danger-full-access
```
: 系统级访问
```
--yolo
```
/
```
--dangerously-bypass-approvals-and-sandbox
```
:
- HPC集群: 无需批准（操作必需）
- 个人机器: 请求批准（完全系统访问）

Partial Success Handling

部分成功处理

When output contains warnings:

Summarize successful operations
Detail failures with context
Use
```
AskUserQuestion
```
to determine next steps
Propose specific adjustments

当输出包含警告时：

总结成功执行的操作
详细说明失败内容及上下文
使用
```
AskUserQuestion
```
确定下一步
提出具体的调整建议

Troubleshooting

故障排除

File Access Blocked

文件访问被阻止

Symptom: "shell is blocked by the sandbox" or permission errors

Root cause: Sandbox

read-only

mode restricts file system

Solutions (priority order):

Stdin piping (recommended):

bash

cat target.py | codex exec -m gpt-5 -c model_reasoning_effort="medium" \
  --skip-git-repo-check --full-auto - 2>/dev/null

Explicit permissions:

bash

codex exec -m gpt-5 -s read-only \
  -c 'sandbox_permissions=["disk-full-read-access"]' \
  --skip-git-repo-check --full-auto "@file.py" 2>/dev/null

Upgrade sandbox:

bash

codex exec -m gpt-5 -s workspace-write \
  --skip-git-repo-check --full-auto "review @file.py" 2>/dev/null

症状："shell is blocked by the sandbox"或权限错误

根本原因：沙箱

read-only

模式限制了文件系统访问

解决方案（优先级顺序）:

标准输入管道（推荐）:

bash

cat target.py | codex exec -m gpt-5 -c model_reasoning_effort="medium" \
  --skip-git-repo-check --full-auto - 2>/dev/null

显式权限:

bash

codex exec -m gpt-5 -s read-only \
  -c 'sandbox_permissions=["disk-full-read-access"]' \
  --skip-git-repo-check --full-auto "@file.py" 2>/dev/null

升级沙箱模式:

bash

codex exec -m gpt-5 -s workspace-write \
  --skip-git-repo-check --full-auto "review @file.py" 2>/dev/null

Invalid Flag Errors

无效标志错误

Symptom: "unexpected argument '--add-dir' found"

Cause: Flag does not exist in Codex CLI

Solution: Use

-C <DIR>

to change directory:

bash

codex exec -C /target/dir -m gpt-5 --skip-git-repo-check \
  --full-auto "task" 2>/dev/null

症状："unexpected argument '--add-dir' found"

原因：Codex CLI中不存在该标志

解决方案：使用

-C <DIR>

切换目录:

bash

codex exec -C /target/dir -m gpt-5 --skip-git-repo-check \
  --full-auto "task" 2>/dev/null

Exit Code Failures

退出码失败

Symptom: Non-zero exit without clear message

Diagnostic steps:

Remove
```
2>/dev/null
```
to see full stderr
Verify installation:
```
codex --version
```
Check configuration:
```
cat ~/.codex/config.toml
```
Test minimal command:
```
codex exec -m gpt-5 "hello world"
```
Verify model access:
```
codex exec --model gpt-5 "test"
```

症状：非零退出但无明确消息

诊断步骤:

移除
```
2>/dev/null
```
以查看完整的标准错误输出
验证安装：
```
codex --version
```
检查配置：
```
cat ~/.codex/config.toml
```
测试最小化命令：
```
codex exec -m gpt-5 "hello world"
```
验证模型访问权限：
```
codex exec --model gpt-5 "test"
```

Model Unavailable

模型不可用

Symptom: "model not found" or authentication errors

Solutions:

Check configured model:
```
grep model ~/.codex/config.toml
```
Verify API access: Ensure valid credentials
Try alternative model:
```
-m gpt-5-codex
```
Use OSS fallback:
```
--oss
```
(requires Ollama)

症状："model not found"或认证错误

解决方案:

检查配置的模型：
```
grep model ~/.codex/config.toml
```
验证API访问：确保凭据有效
尝试替代模型：
```
-m gpt-5-codex
```
使用开源模型 fallback：
```
--oss
```
（需Ollama）

Session Resume Fails

会话恢复失败

Symptom: Cannot resume previous session

Diagnostic steps:

List recent sessions:
```
codex history
```
Verify session ID format
Try
```
--last
```
flag instead of specific ID
Check if session expired or was cleaned up

症状：无法恢复之前的会话

诊断步骤:

列出最近的会话：
```
codex history
```
验证会话ID格式
尝试使用
```
--last
```
标志替代特定ID
检查会话是否已过期或被清理

HPC/Slurm Sandbox Failures

HPC/Slurm沙箱失败

Symptom: "Landlock sandbox error", "LandlockRestrict", or all file operations fail

Root Cause: HPC clusters use Landlock/seccomp kernel security modules that block Codex's default sandbox

✅ SOLUTION: Use the
--yolo
flag (priority order):

YOLO Flag (PRIMARY SOLUTION - WORKS ON HPC):

bash

# Bypasses Landlock restrictions completely
codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check \
  "Analyze this code: $(cat /full/path/to/file.py)" 2>/dev/null

Why this works:

--yolo

(alias for

--dangerously-bypass-approvals-and-sandbox

) disables the Codex sandbox entirely, allowing direct file access on HPC systems. Note: Do not use --full-auto with --yolo as they are incompatible.

Manual Code Injection (fallback if --yolo unavailable):

bash

# Pass code directly in prompt via command substitution
codex exec -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check --full-auto \
  "Analyze this code comprehensively: $(cat /full/path/to/file.py)" 2>/dev/null

Heredoc for Long Code:

bash

codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check "$(cat <<'EOF'
Analyze the following Python code for architecture, bugs, and optimization opportunities:

$(cat /home/user/script.py)

Provide technical depth with actionable insights.
EOF
)" 2>/dev/null

Run on Login Node (if compute node blocks outbound):

bash

# SSH to login node first, then run codex there (not in Slurm job)
ssh login.cluster.edu
codex exec --yolo -m gpt-5 --skip-git-repo-check "analyze @file.py" 2>/dev/null

Use Apptainer/Singularity (if cluster supports):

bash

# Build image with Codex installed, then run via Slurm
singularity exec codex.sif codex exec --yolo -m gpt-5 "task"

Best Practice for HPC:

Always use
--yolo
flag on HPC clusters - it's safe on login nodes where you already have limited permissions
Run analysis on login nodes, submit only heavy compute jobs to Slurm
Keep code files on shared filesystem readable from login nodes
Combine
```
--yolo
```
with
```
$(cat file.py)
```
for maximum compatibility

症状："Landlock sandbox error", "LandlockRestrict", 或所有文件操作失败

根本原因：HPC集群使用Landlock/seccomp内核安全模块，阻止了Codex的默认沙箱

✅ 解决方案：使用
--yolo
标志（优先级顺序）:

YOLO标志（主要解决方案 - HPC环境有效）:

bash

# 完全绕过Landlock限制
codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check \
  "Analyze this code: $(cat /full/path/to/file.py)" 2>/dev/null

为何有效：

--yolo

（

--dangerously-bypass-approvals-and-sandbox

的别名）完全禁用Codex沙箱，允许在HPC系统上直接访问文件。注意：请勿同时使用--full-auto和--yolo，二者不兼容。

手动代码注入（若--yolo不可用的 fallback）:

bash

# 通过命令替换直接在提示中传入代码
codex exec -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check --full-auto \
  "Analyze this code comprehensively: $(cat /full/path/to/file.py)" 2>/dev/null

Here文档处理大文件:

bash

codex exec --yolo -m gpt-5 -c model_reasoning_effort="high" --skip-git-repo-check "$(cat <<'EOF'
Analyze the following Python code for architecture, bugs, and optimization opportunities:

$(cat /home/user/script.py)

Provide technical depth with actionable insights.
EOF
)" 2>/dev/null

在登录节点运行（若计算节点阻止出站请求）:

bash

# 先SSH到登录节点，再在那里运行codex（不要在Slurm作业中运行）
ssh login.cluster.edu
codex exec --yolo -m gpt-5 --skip-git-repo-check "analyze @file.py" 2>/dev/null

使用Apptainer/Singularity（若集群支持）:

bash

# 构建安装了Codex的镜像，然后通过Slurm运行
singularity exec codex.sif codex exec --yolo -m gpt-5 "task"

HPC最佳实践:

在HPC集群上始终使用
--yolo
标志 - 在登录节点上使用是安全的，因为你在此处的权限本来就有限
在登录节点上运行分析，仅将重型计算作业提交到Slurm
将代码文件放在登录节点可读取的共享文件系统上
结合
```
--yolo
```
和
```
$(cat file.py)
```
以获得最大兼容性

Best Practices

最佳实践

Reasoning Effort Selection

推理力度选择

minimal: Syntax fixes, simple renaming
low: Standard refactoring, basic analysis
medium: Complex refactoring, architecture review
high: Security audits, algorithm optimization, critical bugs

minimal: 语法修复、简单重命名
low: 标准重构、基础分析
medium: 复杂重构、架构审查
high: 安全审计、算法优化、关键bug修复

Sandbox Mode Selection

沙箱模式选择

read-only: Default for any analysis or review
workspace-write: File modifications only
danger-full-access: Network operations, system commands (rare)

read-only: 任何分析或审查的默认模式
workspace-write: 仅用于文件修改
danger-full-access: 网络操作、系统命令（罕见）

Stderr Suppression

标准错误输出抑制

Always use
2>/dev/null
unless:
- User explicitly requests thinking tokens
- Debugging failed commands
- Troubleshooting configuration issues

始终使用
2>/dev/null
，除非：
- 用户明确请求思考标记
- 调试失败的命令
- 排查配置问题

Profile Usage

配置文件使用

Create profiles for common workflows:

```
review
```
: High reasoning, read-only
```
refactor
```
: Medium reasoning, workspace-write
```
quick
```
: Low reasoning, read-only
```
security
```
: High reasoning, workspace-write

为常见工作流创建配置文件：

```
review
```
: 高推理力度、只读模式
```
refactor
```
: 中等推理力度、工作区写入模式
```
quick
```
: 低推理力度、只读模式
```
security
```
: 高推理力度、工作区写入模式

Stdin vs File Reference

标准输入与文件引用

Stdin: Single file analysis, avoids permissions
File reference: Multi-file context, codebase-wide changes

标准输入: 单文件分析、避免权限问题
文件引用: 多文件上下文、全代码库变更

Safety Guidelines

安全指南

HPC Clusters -
--yolo
is SAFE and REQUIRED:

HPC login nodes already have strict permissions (no root access, no network modification)
```
--yolo
```
bypasses Codex sandbox but you still operate within HPC user restrictions
Always use
```
--yolo
```
on HPC to avoid Landlock errors

General Use - Exercise Caution:

Don't use
```
--yolo
```
on unrestricted systems (your laptop, cloud VMs with full sudo)
Prefer
```
--full-auto
```
+
```
-s workspace-write
```
for normal development

Always verify before:

Using
```
danger-full-access
```
sandbox (outside HPC)
Disabling approval prompts on production systems
Running with
```
--yolo
```
on personal machines with sudo access

Ask user approval for:

First-time
```
workspace-write
```
usage
System-wide access requests
Destructive operations (deletions, migrations)

HPC集群 -
--yolo
是安全且必需的:

HPC登录节点已具备严格的权限（无root访问、无网络修改权限）
```
--yolo
```
绕过Codex沙箱，但你仍在HPC用户权限范围内操作
在HPC上始终使用
```
--yolo
```
以避免Landlock错误

常规使用 - 谨慎操作:

不要在无限制的系统（你的笔记本电脑、具有完整sudo权限的云VM）上使用
```
--yolo
```
常规开发中优先使用
```
--full-auto
```
+
```
-s workspace-write
```

始终在以下操作前验证:

在HPC外使用
```
danger-full-access
```
沙箱模式
在生产系统上禁用确认提示
在具有sudo权限的个人机器上使用
```
--yolo
```

需请求用户批准的操作:

首次使用
```
workspace-write
```
模式
系统级访问请求
破坏性操作（删除、迁移）

Advanced Usage

高级用法

CI/CD Integration

CI/CD集成

bash

codex exec --json -o result.txt -m gpt-5 \
  -c model_reasoning_effort="medium" \
  --skip-git-repo-check --full-auto \
  "run security audit on changed files" 2>/dev/null

bash

codex exec --json -o result.txt -m gpt-5 \
  -c model_reasoning_effort="medium" \
  --skip-git-repo-check --full-auto \
  "run security audit on changed files" 2>/dev/null

Batch Processing

批量处理

bash

for file in *.py; do
  cat "$file" | codex exec -m gpt-5 -c model_reasoning_effort="low" \
    --skip-git-repo-check --full-auto "lint and format" - 2>/dev/null
done

bash

for file in *.py; do
  cat "$file" | codex exec -m gpt-5 -c model_reasoning_effort="low" \
    --skip-git-repo-check --full-auto "lint and format" - 2>/dev/null
done

Multi-Step Workflows

多步骤工作流

bash

undefined

bash

undefined

Step 1: Analysis

步骤1: 分析

codex exec -m gpt-5 -c model_reasoning_effort="high" -s read-only
--full-auto "analyze @codebase for architectural issues" 2>/dev/null

Step 2: Resume with changes

步骤2: 恢复会话并进行更改

echo "implement suggested refactoring" |
codex exec -s workspace-write resume --last 2>/dev/null

undefined

echo "implement suggested refactoring" |
codex exec -s workspace-write resume --last 2>/dev/null

undefined

When to Escalate

何时升级问题

If errors persist after troubleshooting:

Check documentation:

bash

WebFetch https://developers.openai.com/codex/cli/reference

bash

WebFetch https://developers.openai.com/codex/local-config#cli

Report to user:
- Error message verbatim
- Attempted solutions
- Configuration details
- Exit codes and stderr output
Request guidance:
- Alternative approaches
- Configuration adjustments
- Manual intervention points

若故障排除后错误仍存在：

检查文档:

bash

WebFetch https://developers.openai.com/codex/cli/reference

bash

WebFetch https://developers.openai.com/codex/local-config#cli

向用户报告:
- 原封不动的错误消息
- 已尝试的解决方案
- 配置详情
- 退出码和标准错误输出
请求指导:
- 替代方法
- 配置调整
- 手动干预点

Model Selection Guide

模型选择指南

Task Type	Recommended Model	Reasoning Effort
Quick syntax fixes	`gpt-5`	minimal
Code review	`gpt-5`	medium
Refactoring	`gpt-5-codex`	medium
Architecture analysis	`gpt-5`	high
Security audit	`gpt-5`	high
Algorithm optimization	`gpt-5-codex`	high
Documentation generation	`gpt-5`	low

任务类型	推荐模型	推理力度
快速语法修复	`gpt-5`	minimal
代码审查	`gpt-5`	medium
代码重构	`gpt-5-codex`	medium
架构分析	`gpt-5`	high
安全审计	`gpt-5`	high
算法优化	`gpt-5-codex`	high
文档生成	`gpt-5`	low

Common Workflows

常见工作流

Code Review Workflow

代码审查工作流

Ask user: model + reasoning effort
Run read-only analysis
Present findings
If changes needed: resume with workspace-write
Validate changes
Inform about resume capability

询问用户：模型 + 推理力度
运行只读分析
展示发现的问题
若需要更改：使用工作区写入模式恢复会话
验证更改
告知用户会话恢复功能

Refactoring Workflow

重构工作流

Ask user: model + reasoning effort
Analyze current code (read-only)
Propose changes
Get user approval
Apply changes (workspace-write)
Run validation/tests
Report results

询问用户：模型 + 推理力度
分析当前代码（只读模式）
提出更改建议
获取用户批准
应用更改（工作区写入模式）
运行验证/测试
报告结果

Security Audit Workflow

安全审计工作流

Use high reasoning effort
Run comprehensive analysis (read-only)
Document findings
Propose fixes
Apply fixes if approved (workspace-write)
Re-audit to verify
Generate report

使用高推理力度
运行全面分析（只读模式）
记录发现的问题
提出修复建议
若获得批准则应用修复（工作区写入模式）
重新审计以验证修复效果
生成报告