Hugging Face's logo

yitongl
/
codex_exec

codex
tmux
automation
developer-tools
Model card Files
xet
 Community
codex_exec
File size: 6,638 Bytes
9b8961f
 
 
 
 
 
 
 
b89b0b0
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
20666a8
 
 
 
 
 
 
b89b0b0
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
---
tags:
  - codex
  - tmux
  - automation
  - developer-tools
---

# codex_exec

`codex_exec` is an **unofficial** launcher for the interactive OpenAI Codex TUI. It starts a real interactive `codex` session inside `tmux` and runs a small watcher that can confirm recognized approval dialogs automatically.

Despite the repository name, this is **not** `codex exec` and it does not turn Codex into a non-interactive subprocess. You can attach to the TUI, type follow-up messages, detach, reattach, and resume persisted Codex conversations normally.

The runtime is one self-contained Python script with no third-party Python dependencies.

## Requirements

- Linux. The watcher uses `fcntl` and `/proc` for locking and process identity checks.
- Python 3.10 or newer.
- `tmux` available on `PATH`.
- The Codex CLI installed, authenticated, and available as `codex` on `PATH` (or supplied with `--codex-binary`).

The current implementation and tests were validated with Codex CLI 0.142.3. The watcher recognizes text rendered by the Codex TUI, so a future Codex release that changes approval wording or layout may require detector updates.

## Important safety warning

By default, Codex still starts with `on-request` approvals and the `workspace-write` sandbox. However, the watcher automatically confirms recognized one-shot approval choices for:

- shell commands;
- file edits;
- permission requests; and
- network access requests.

This removes the human review normally provided by an approval prompt. A mistaken or prompt-injected Codex action may delete files, run untrusted commands, disclose accessible data over the network, or request broader permissions. The watcher is a convenience mechanism, **not a security boundary**. Use it only in a workspace whose contents and consequences you understand, keep important work under version control, and prefer a disposable or externally isolated environment for risky tasks.

The watcher does not automatically answer ordinary questions, enable a full-access screen, trust hooks, install plugins, approve MCP/app calls, or trust a directory unless the relevant explicit option is enabled.

`--approve-mcp` can approve app or MCP calls with external side effects. `--auto-trust-directory` bypasses Codex's initial directory-trust confirmation. `--bypass` is substantially more dangerous: it passes Codex's `--dangerously-bypass-approvals-and-sandbox` option and should only be used inside an environment that is already isolated outside Codex.

## Installation

```bash
git clone https://huggingface.co/yitongl/codex_exec
cd codex_exec
chmod +x codex_auto_run.py
```

## Start a new session

```bash
./codex_auto_run.py \
  -C ~/code/my_project \
  -p "Implement the requested change, run the tests, and summarize the result."
```

The launcher creates a uniquely named `tmux` session and normally attaches to it immediately. The printed startup information includes the exact command needed to reattach.

Use a UTF-8 prompt file when the task is long:

```bash
./codex_auto_run.py -C ~/code/my_project --prompt-file task.md
```

## Detach and reattach

Start without attaching:

```bash
./codex_auto_run.py \
  --detach \
  -C ~/code/my_project \
  -p "Run the full task and verify the result."
```

Then attach with the session name printed by the launcher:

```bash
tmux attach -t codex-auto-YYYYMMDD-HHMMSS-PID-RANDOM
```

Inside `tmux`, press `Ctrl-b d` to detach without stopping Codex. Exiting Codex normally ends the `tmux` session unless `--keep-dead-session` was used. When no managed panes remain, the watcher exits after its idle timeout (120 seconds by default).

## Resume a Codex conversation

Resume the most recent interactive conversation for a working directory:

```bash
./codex_auto_run.py \
  --resume-last \
  -C ~/code/my_project \
  -p "Continue the task and rerun the verification."
```

Resume a specific Codex session ID or name:

```bash
./codex_auto_run.py \
  --resume SESSION_ID \
  -C ~/code/my_project \
  -p "Continue from the previous result."
```

Open Codex's interactive session picker:

```bash
./codex_auto_run.py --resume -C ~/code/my_project
```

The picker form cannot be combined with `-p` or `--prompt-file`; select the conversation first and then type in Codex. Resuming starts a new `tmux` wrapper around a persisted Codex conversation. If the original `tmux` session is still running, simply reattach to that session instead.

## Pass options to Codex

Place Codex-specific global options after `--`:

```bash
./codex_auto_run.py \
  -C ~/code/my_project \
  -p "Research and implement the task." \
  -- \
  --search \
  --model MODEL_NAME
```

The wrapper reserves `-p` for the initial or resumed-session follow-up prompt. Use `--codex-profile PROFILE_NAME` for a Codex profile.

No model is hardcoded by this repository. Without `--model`, Codex inherits the model selected by the user's Codex configuration and CLI defaults.

Some Codex options that conflict with wrapper-managed behavior, including Codex's own approval, sandbox, working-directory, full-auto, and bypass flags, are rejected. Use the wrapper's `--sandbox`, `-C`, and `--bypass` options instead.

## Watcher controls

Show the watcher and managed-session status:

```bash
./codex_auto_run.py --status
```

Stop the watcher:

```bash
./codex_auto_run.py --stop-daemon
```

Start only the watcher:

```bash
./codex_auto_run.py --start-daemon
```

By default, private watcher state and logs are stored under `~/.runtime/codex-auto/`. Only sessions created and registered by this wrapper are watched.

Run `./codex_auto_run.py --help` for all tuning and safety options.

## Optional shell aliases

[`LOCAL_SETUP.txt`](LOCAL_SETUP.txt) contains the current `runx`/`rund` Bash
functions, project-relative tmux naming rules, usage examples, and the local
`codex-autorun` skill location. The `rund` function expects a separate
`~/claude_auto_run.py`, which is not included in this repository.

## Tests

The unit tests exercise approval-screen detection, argument validation, resume command construction, binary probing, `tmux` command construction, and daemon lifecycle safeguards without starting a real Codex session:

```bash
PYTHONDONTWRITEBYTECODE=1 python3 -m unittest -v test_codex_auto_run.py
```

A passing unit-test suite cannot guarantee compatibility with a future Codex TUI. Before relying on unattended operation after a Codex upgrade, observe a real low-risk session and verify that approvals are detected as intended.

## Project status

This project is independent and unofficial. It is not an OpenAI product and is not endorsed or supported by OpenAI.