:PROPERTIES:
:ID:       e929ff32-28d8-4a29-bf74-d55babc040d1
:CREATED:  [2026-05-22 Thu]
:END:
#+title: Codex CLI — OpenAI AI Coding Agent
#+filetags: :passepartout:strategy:competitive:codex:

OpenAI's open-source coding agent. Rust, ~950K lines, sandboxed.

Architecture: ~116 crate Rust workspace with a protocol layer (SQ/EQ session types), sandbox manager (macOS Seatbelt, Linux nsjail), multi-provider support, configurable TUI.

Safety model: Most sophisticated safety system of any coding agent analyzed. Multi-layer: process hardening (macOS Seatbelt with 4 profile tiers), execution policy engine, sandboxing via nsjail/Seatbelt, Guardian module for tool permission gating. No prompt-based safety — all deterministic through policy definitions.

Data model: Protocol-defined session types. Structured request/response models. Config through TOML files with schema validation.

Self-modification: Protected by sandbox — the agent cannot escape to modify its own binary or config without explicit policy override.

Verification: None (no proof system).

Key gap vs Passepartout: No knowledge graph, no persistent memory model, no deterministic gate stack for agent behavior (only OS-level sandboxing), no ACL2/prover, no neurosymbolic architecture. Strongest sandbox but weakest cognitive architecture.

See the full [[id:3aa22300-2f25-57b0-8787-9f199cc978b1][competitive analysis]] for the landscape view and comparison.