Step 1: Container creation
Codex provisions a fresh, isolated cloud container for your task. Each task gets its own clean environment.
Step 2: Repository clone
Your GitHub repository is cloned into the container. Codex gets a full copy of your codebase to work with.
Step 3: Environment setup
Dependencies are installed and tools are configured based on your AGENTS.md file or detected project configuration.
Step 4: Task execution
Codex reads code, plans changes, writes new code, and runs your test suite to verify everything works.
Step 5: Pull request creation
Changes are committed, pushed to a new branch, and a pull request is opened on GitHub for your review.
0
Risk to your local machine
0%
Isolated execution
0
PR per completed task
Cloud sandbox vs. local execution: what is the difference?
Local tools like Claude Code and Cursor run directly on your computer. They can access your files, databases, local servers, and terminal. This is powerful but means they can also modify or break things. Codex takes the opposite approach: everything runs in a disposable cloud container. This is safer (nothing on your machine is touched) but also more restrictive (no access to local resources). The right choice depends on your workflow. If you need access to a local database or custom tooling, a local agent is better. If you want maximum safety and a clean separation between AI work and your environment, cloud execution is the better fit.
Network restrictions during execution
Once task execution begins, the container has no internet access. Codex cannot download new packages, call external APIs, or fetch resources from the web. All dependencies must be installed during the setup phase (configured via AGENTS.md). If your task requires a package that is not in your project's dependency file, add it to your setup commands first.