OpenAI Codex CLI SDK

Table of Contents

The Codex CLI SDK provides Java integration with OpenAI’s Codex CLI, enabling autonomous coding capabilities in Spring applications.

1. Overview

OpenAI Codex is an autonomous coding agent optimized for agentic tasks. It can read, write, and execute code across entire codebases with advanced planning and reasoning capabilities. The Spring AI Codex integration makes it easy to incorporate these capabilities into Java applications.

2. Installation

2.1. Prerequisites

Install Codex CLI:

Follow the installation instructions at OpenAI Codex.
Authentication (Choose one method):

Option A: Session Authentication (Recommended):
```
codex auth login
```
Option B: API Key:
```
export CODEX_API_KEY="your-api-key-here"
```
Get your API key from the OpenAI Platform.

Session authentication is preferred to avoid conflicts between authentication methods.
Verify Installation:
```
codex --version
```

2.2. Maven Dependencies

Add the following dependencies to your pom.xml:

<dependencies>
    <!-- Core AgentClient API -->
    <dependency>
        <groupId>org.springaicommunity.agents</groupId>
        <artifactId>spring-ai-agent-client</artifactId>
        <version>0.1.0-SNAPSHOT</version>
    </dependency>

    <!-- Codex integration -->
    <dependency>
        <groupId>org.springaicommunity.agents</groupId>
        <artifactId>spring-ai-codex-agent</artifactId>
        <version>0.1.0-SNAPSHOT</version>
    </dependency>
</dependencies>

Or use the Spring Boot starter:

<dependency>
    <groupId>org.springaicommunity.agents</groupId>
    <artifactId>spring-ai-starter-agent-codex</artifactId>
    <version>0.1.0-SNAPSHOT</version>
</dependency>

3. Basic Usage

3.1. Quick Start

import org.springaicommunity.agents.client.AgentClient;
import org.springaicommunity.agents.client.AgentClientResponse;
import org.springaicommunity.agents.codex.CodexAgentModel;
import org.springaicommunity.agents.codex.CodexAgentOptions;
import org.springaicommunity.agents.codexsdk.CodexClient;

import java.nio.file.Paths;

public class CodexExample {
    public static void main(String[] args) {
        // 1. Create the Codex client
        CodexClient codexClient = CodexClient.create(
            Paths.get(System.getProperty("user.dir"))
        );

        // 2. Configure agent options
        CodexAgentOptions options = CodexAgentOptions.builder()
            .model("gpt-5-codex")
            .fullAuto(true)
            .build();

        // 3. Create the agent model
        CodexAgentModel agentModel = new CodexAgentModel(codexClient, options, null);

        // 4. Create AgentClient
        AgentClient agentClient = AgentClient.create(agentModel);

        // 5. Execute a goal
        AgentClientResponse response = agentClient.run(
            "Create a simple Calculator class with add, subtract, multiply, and divide methods"
        );

        System.out.println("Result: " + response.getResult());
        System.out.println("Success: " + response.isSuccessful());
    }
}

4. Configuration

4.1. CodexClient

The CodexClient manages communication with the Codex CLI:

// Create with default working directory
CodexClient client = CodexClient.create();

// Create with specific working directory
Path projectPath = Paths.get("/path/to/project");
CodexClient client = CodexClient.create(projectPath);

// Create with custom Codex CLI path
CodexClient client = CodexClient.create(
    projectPath,
    "/custom/path/to/codex"
);

4.2. CodexAgentOptions

Configure Codex-specific behavior:

CodexAgentOptions options = CodexAgentOptions.builder()
    // Model selection
    .model("gpt-5-codex")

    // Execution settings
    .fullAuto(true)                       // Enable full autonomous mode
    .timeout(Duration.ofMinutes(10))      // Execution timeout
    .skipGitCheck(false)                  // Require git repository

    // Advanced: Manual sandbox/approval configuration
    .sandboxMode(SandboxMode.WORKSPACE_WRITE)
    .approvalPolicy(ApprovalPolicy.NEVER)

    // CLI path (for non-standard installations)
    .executablePath("/custom/path/to/codex")

    .build();

4.3. Full-Auto Mode

Codex provides a convenient fullAuto mode that combines workspace-write sandbox and never approval policy:

// Full-auto mode (recommended for most use cases)
CodexAgentOptions options = CodexAgentOptions.builder()
    .fullAuto(true)  // Sets sandbox=workspace-write, approval=never
    .build();

// Equivalent to:
CodexAgentOptions options = CodexAgentOptions.builder()
    .sandboxMode(SandboxMode.WORKSPACE_WRITE)
    .approvalPolicy(ApprovalPolicy.NEVER)
    .build();

4.4. Sandbox Modes

Control file system access:

Mode Description

Mode	Description
`READ_ONLY`	Agent can read files but not make changes
`WORKSPACE_WRITE`	Agent can read and write files in the working directory
`DANGER_FULL_ACCESS`	Agent has unrestricted file system access

READ_ONLY

Agent can read files but not make changes

WORKSPACE_WRITE

Agent can read and write files in the working directory

DANGER_FULL_ACCESS

Agent has unrestricted file system access

// Read-only mode for analysis
CodexAgentOptions analysisOptions = CodexAgentOptions.builder()
    .sandboxMode(SandboxMode.READ_ONLY)
    .build();

// Workspace write for development (recommended)
CodexAgentOptions devOptions = CodexAgentOptions.builder()
    .sandboxMode(SandboxMode.WORKSPACE_WRITE)
    .build();

// Full access (use with caution)
CodexAgentOptions fullOptions = CodexAgentOptions.builder()
    .sandboxMode(SandboxMode.DANGER_FULL_ACCESS)
    .build();

4.5. Approval Policies

Control command execution approval:

Policy Description

Policy	Description
`NEVER`	Execute commands without prompting
`SMART`	Prompt for potentially dangerous commands
`ALWAYS`	Prompt for all commands

NEVER

Execute commands without prompting

SMART

Prompt for potentially dangerous commands

ALWAYS

Prompt for all commands

// Autonomous execution (recommended with workspace-write)
CodexAgentOptions autoOptions = CodexAgentOptions.builder()
    .approvalPolicy(ApprovalPolicy.NEVER)
    .build();

// Smart prompting for safety
CodexAgentOptions smartOptions = CodexAgentOptions.builder()
    .approvalPolicy(ApprovalPolicy.SMART)
    .build();

// Full control (requires manual approval)
CodexAgentOptions manualOptions = CodexAgentOptions.builder()
    .approvalPolicy(ApprovalPolicy.ALWAYS)
    .build();

4.6. Model Options

Currently available models:

Model Description Best For

Model	Description	Best For
`gpt-5-codex`	GPT-5 optimized for agentic coding tasks	General-purpose coding, complex refactoring, multi-file changes

gpt-5-codex

GPT-5 optimized for agentic coding tasks

General-purpose coding, complex refactoring, multi-file changes

Codex uses OpenAI’s GPT-5-Codex model optimized for autonomous development workflows.

5. Advanced Features

5.1. Session Management

Codex supports session resumption for continuing interrupted tasks:

// Execute a task
ExecuteResult result1 = codexClient.execute("Start implementing the user service");

// Resume with the session ID
String sessionId = result1.getSessionId();
ExecuteResult result2 = codexClient.resume(sessionId, "Add validation to the createUser method");

The SDK automatically extracts session IDs from Codex output for seamless continuity.

5.2. Git Repository Management

Codex enforces git repository presence by default for safety:

// Require git repository (default, recommended)
CodexAgentOptions gitOptions = CodexAgentOptions.builder()
    .skipGitCheck(false)
    .build();

// Skip git check (use only for temporary/throwaway directories)
CodexAgentOptions noGitOptions = CodexAgentOptions.builder()
    .skipGitCheck(true)
    .build();

Skipping git checks removes an important safety mechanism. Only use for temporary test directories.

5.3. Working Directory Management

Codex operates within a specific directory context:

// Configure working directory via client
CodexClient client = CodexClient.create(
    Paths.get("/path/to/microservice")
);

// Or via AgentClient fluent API
AgentClientResponse response = agentClient
    .goal("Add validation to the UserController")
    .workingDirectory("/path/to/microservice")
    .run();

5.4. Rich Metadata Capture

Enable JSON output for detailed execution metadata:

ExecuteOptions options = ExecuteOptions.builder()
    .model("gpt-5-codex")
    .fullAuto(true)
    .json(true)  // Enable JSONL event streaming
    .build();

ExecuteResult result = codexClient.execute("Implement feature", options);

// Access rich metadata
String activityLog = result.getActivityLog();
int exitCode = result.getExitCode();
Duration duration = result.getDuration();
String sessionId = result.getSessionId();

5.5. Timeout Configuration

Set appropriate timeouts for different goal complexities:

// Quick tasks
CodexAgentOptions quickOptions = CodexAgentOptions.builder()
    .timeout(Duration.ofMinutes(2))
    .build();

// Complex refactoring
CodexAgentOptions complexOptions = CodexAgentOptions.builder()
    .timeout(Duration.ofMinutes(30))
    .build();

6. Error Handling

6.1. Common Exceptions

import org.springaicommunity.agents.codexsdk.exceptions.CodexSDKException;

try {
    AgentClientResponse response = agentClient.run("Complex refactoring goal");

    if (!response.isSuccessful()) {
        System.err.println("Goal failed: " + response.getResult());
    }

} catch (CodexSDKException e) {
    // Codex CLI process failed
    System.err.println("Codex execution error: " + e.getMessage());

} catch (RuntimeException e) {
    // Other runtime errors (timeout, etc.)
    System.err.println("Unexpected error: " + e.getMessage());
}

6.2. Validation and Recovery

@Service
public class CodexService {

    private final AgentClient agentClient;

    public CodexService(AgentClient agentClient) {
        this.agentClient = agentClient;
    }

    public String refactorCode(String className, String requirements) {
        // Validate inputs
        if (className == null || className.trim().isEmpty()) {
            throw new IllegalArgumentException("Class name is required");
        }

        try {
            // First, analyze the code
            AgentClientResponse analysis = agentClient
                .goal("Analyze " + className + " and suggest improvements")
                .options(CodexAgentOptions.builder()
                    .sandboxMode(SandboxMode.READ_ONLY)
                    .build())
                .run();

            if (!analysis.isSuccessful()) {
                throw new ServiceException("Analysis failed: " + analysis.getResult());
            }

            // Then perform refactoring
            AgentClientResponse refactoring = agentClient
                .goal("Refactor " + className + " based on: " + requirements)
                .options(CodexAgentOptions.builder()
                    .fullAuto(true)
                    .build())
                .run();

            return refactoring.getResult();

        } catch (Exception e) {
            // Log error and return meaningful message
            log.error("Refactoring failed for class: {}", className, e);
            throw new ServiceException("Unable to refactor " + className + ": " + e.getMessage());
        }
    }
}

7. Spring Boot Integration

7.1. Auto-Configuration

The Spring Boot starter provides automatic configuration:

@SpringBootApplication
public class Application {

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }

    // CodexClient, CodexAgentModel, and AgentClient are auto-configured

    @Bean
    public CommandLineRunner demo(AgentClient agentClient) {
        return args -> {
            AgentClientResponse response = agentClient.run(
                "Create a REST controller for managing users"
            );
            System.out.println(response.getResult());
        };
    }
}

7.2. Application Properties

Configure Codex via application.yml:

spring:
  ai:
    agents:
      codex:
        model: gpt-5-codex
        timeout: PT10M
        full-auto: true
        skip-git-check: false
        executable-path: /custom/path/to/codex  # Optional

Or application.properties:

spring.ai.agents.codex.model=gpt-5-codex
spring.ai.agents.codex.timeout=PT10M
spring.ai.agents.codex.full-auto=true
spring.ai.agents.codex.skip-git-check=false
spring.ai.agents.codex.executable-path=/custom/path/to/codex

7.3. Custom Configuration

Override auto-configuration with custom beans:

@Configuration
public class CodexConfiguration {

    @Bean
    public CodexAgentOptions customCodexOptions() {
        return CodexAgentOptions.builder()
            .model("gpt-5-codex")
            .fullAuto(true)
            .timeout(Duration.ofMinutes(15))
            .build();
    }

    @Bean
    public CodexClient customCodexClient() {
        return CodexClient.create(
            Paths.get("/path/to/project"),
            "/custom/path/to/codex"
        );
    }
}

8. Best Practices

8.1. Goal Formulation

Write specific, actionable goals for Codex:

// Good: Specific and contextual
agentClient.run("Add input validation to UserController.createUser() method using Bean Validation annotations");

// Good: Clear scope and requirements
agentClient.run("Refactor PaymentService to use the Strategy pattern for different payment processors");

// Avoid: Vague requests
agentClient.run("Fix the code");

// Avoid: Overly broad scope
agentClient.run("Rewrite the entire application");

8.2. Security Considerations

Always be cautious with autonomous mode in production:

@Profile("development")
@Configuration
public class DevelopmentCodexConfig {

    @Bean
    public CodexAgentOptions devCodexOptions() {
        return CodexAgentOptions.builder()
            .fullAuto(true) // OK for development
            .build();
    }
}

@Profile("production")
@Configuration
public class ProductionCodexConfig {

    @Bean
    public CodexAgentOptions prodCodexOptions() {
        return CodexAgentOptions.builder()
            .sandboxMode(SandboxMode.READ_ONLY) // Safe for production
            .build();
    }
}

8.3. Resource Management

Monitor and limit resource usage:

@Component
public class CodexMonitor {

    private final MeterRegistry meterRegistry;
    private final AgentClient agentClient;

    public CodexMonitor(MeterRegistry meterRegistry, AgentClient agentClient) {
        this.meterRegistry = meterRegistry;
        this.agentClient = agentClient;
    }

    public String executeWithMetrics(String goal) {
        return Timer.Sample.start(meterRegistry)
            .stop(Timer.builder("codex.goal.duration")
                .tag("goal", goal.substring(0, Math.min(goal.length(), 50)))
                .register(meterRegistry))
            .recordCallable(() -> {
                Counter.builder("codex.goal.count").register(meterRegistry).increment();

                AgentClientResponse response = agentClient.run(goal);

                Counter.builder("codex.goal.result")
                    .tag("success", String.valueOf(response.isSuccessful()))
                    .register(meterRegistry)
                    .increment();

                return response.getResult();
            });
    }
}

9. Troubleshooting

9.1. Common Issues

Codex CLI Not Found

Ensure Codex is installed and in your PATH:

# Verify installation
codex --version

# Check PATH
which codex  # macOS/Linux
where codex  # Windows

# Set CODEX_CLI_PATH for custom installation
export CODEX_CLI_PATH=/path/to/codex

API Key Issues

Verify your API key configuration:

# Check environment variable
echo $CODEX_API_KEY

# Test with Codex CLI directly
codex --help

# Or use session authentication
codex auth login

Git Repository Required

Codex requires a git repository by default:

# Initialize git in your working directory
cd /path/to/project
git init

# Or skip the check (not recommended)
# Set skipGitCheck(true) in CodexAgentOptions

Permission Denied

Ensure proper file permissions in working directory:

# Check directory permissions
ls -la /path/to/project

# Fix if needed
chmod -R u+rw /path/to/project

Timeout Issues

Increase timeout for complex tasks:

CodexAgentOptions options = CodexAgentOptions.builder()
    .timeout(Duration.ofMinutes(30)) // Longer timeout
    .build();

9.2. Debugging

Enable debug logging to troubleshoot issues:

logging:
  level:
    org.springaicommunity.agents.codex: DEBUG
    org.springaicommunity.agents.codexsdk: DEBUG
    org.springaicommunity.agents.client: DEBUG

9.3. Environment Variables

Key environment variables for testing and configuration:

Variable Purpose

Variable	Purpose
`CODEX_API_KEY`	OpenAI API key for authentication (alternative to `codex auth login`)
`CODEX_CLI_PATH`	Custom path to Codex CLI executable (for non-standard installations)

CODEX_API_KEY

OpenAI API key for authentication (alternative to codex auth login)

CODEX_CLI_PATH

Custom path to Codex CLI executable (for non-standard installations)

10. Differences from Other Agents

If you’re familiar with other agent integrations, note these differences:

Feature Claude Gemini Codex

Feature	Claude	Gemini	Codex
Authentication	`claude auth login` or `ANTHROPIC_API_KEY`	`gemini auth login` or `GEMINI_API_KEY`	`codex auth login` or `CODEX_API_KEY`
Autonomous mode	`yolo(true)`	`yolo(true)`	`fullAuto(true)`
Sandbox modes	Similar	Similar	READ_ONLY, WORKSPACE_WRITE, DANGER_FULL_ACCESS
Approval policies	Similar	Similar	NEVER, SMART, ALWAYS
Model	claude-sonnet-4, etc.	gemini-2.0-flash-exp, etc.	gpt-5-codex
Default timeout	10 minutes	10 minutes	10 minutes
Git requirement	No	No	Yes (can be skipped)

Authentication

claude auth login or ANTHROPIC_API_KEY

gemini auth login or GEMINI_API_KEY

codex auth login or CODEX_API_KEY

Autonomous mode

yolo(true)

fullAuto(true)

Sandbox modes

Similar

READ_ONLY, WORKSPACE_WRITE, DANGER_FULL_ACCESS

Approval policies

Similar

NEVER, SMART, ALWAYS

Model

claude-sonnet-4, etc.

gemini-2.0-flash-exp, etc.

gpt-5-codex

Default timeout

10 minutes

Git requirement

Yes (can be skipped)

11. Next Steps

Learn about other agent integrations in Claude Agent SDK
See practical examples in Sample Agents
Compare with the standard API in AgentClient vs ChatClient