Codex
ChatOpenAI
Product overview
Name of Agent: Codex
Monetisation/Usage price: 20, plus
200, pro greater rate limits
business"
Who is using it?: end user and enterprise customers for coding and prototyping
Website: (https://openai.com/codex/, archived)
Category: Chat
Company & accountability
Developer: OpenAI
Place of legal incorporation: Delaware
For profit company?: Yes
Parent company?: For-profit LLC falls within the OpenAI Group (PBC) which is controlled by OpenAI Foundation (26% vs Microsoft's 27%, rest going to staff)
Compliance with existing standards: unsure if this is distinct from regular
Technical capabilities & system architecture
Documention: https://github.com/openai/codex/tree/main/docs
Observation space: File system, command line, web search, MCP
Action space: File system, command line, MCP
Memory architecture: Hierarchical memory through markdown documents (link)
User interface and interaction design: Chatbot interfacei n the CLI
User roles: Operator (issues queries, which the agent to responds to); Executor (user may take actions/make decisions based on outputs);
Component accessibility: Open source (link), for the agentic harness, the models are closed source
Autonomy & control
Autonomy level and planning depth: L1-L3: Tasks that users assigns to the agent are often narrow in scope. More complex tasks need multi-turn conversations where the user is in charge of planning. Agent always comes back to the user and awaits further instructions. Agent can create a plan and execute on it across multiple steps. "Codex only interrupts you when it needs to leave the workspace or rerun something outside the sandbox (link)"
User approval requirements for different decision types: "Codex starts conservatively. Until you explicitly tell it a working directory is trusted, the CLI defaults to read-only. Codex can inspect files and answer questions, but every edit or command requires approval.
When you mark a working directory as trusted (for example via the onboarding prompt or /approvals → “Trust this directory”), Codex upgrades the default preset to Agent, which allows writes inside the workspace. Codex only interrupts you when it needs to leave the workspace or rerun something outside the sandbox." source
Emergency stop and shut down mechanisms and user control: User can pause/stop the agent at any time
Usage monitoring and statistics and patterns: User can see how much context is used
Ecosystem interaction
Safety, evaluation & impact
Benchmark performance and demonstrated capabilities: see addendum and system card
Bug bounty programmes and vulnerability disclosure: None found
Any known incidents?: None found