[{"data":1,"prerenderedAt":718},["ShallowReactive",2],{"blog-codex-workflow-guide":3},{"id":4,"title":5,"body":6,"category":704,"date":705,"description":16,"extension":706,"meta":707,"navigation":708,"path":709,"seo":710,"stem":711,"tags":712,"__hash__":717},"blog\u002Fblog\u002Fcodex-workflow-guide.md","Codex 实战指北：从入口、权限到高效工作流",{"type":7,"value":8,"toc":689},"minimark",[9,13,17,24,32,37,40,128,137,140,146,150,153,163,166,234,237,240,245,249,252,273,276,322,325,340,345,352,358,361,385,431,460,463,470,478,485,488,505,508,522,525,533,547,552,556,560,566,573,577,583,586,589,625,631,636,639,642,645,675,678,685],[10,11,5],"h1",{"id":12},"codex-实战指北从入口权限到高效工作流",[14,15,16],"p",{},"第一次认真用 Codex，很容易把它当成“另一个更会写代码的聊天框”。这会低估它，也会误用它。",[14,18,19,20],{},"Codex 更像一个有多种执行面的 coding agent：它可以在本地终端陪你改代码，可以在 CI 里非交互跑检查，可以在云端长时间处理任务，也可以在 GitHub PR 里像队友一样做 review。你真正要学的不是某个神奇 prompt，而是：",[21,22,23],"strong",{},"在什么场景下，把 Codex 放到什么执行面里，给它什么权限和边界。",[14,25,26,27,31],{},"这篇先从日常最有用的部分讲起：入口选择、权限与沙箱、模型与推理强度、",[28,29,30],"code",{},"codex exec","、云端任务，以及一套可以直接照着用的工作流。",[33,34,36],"h2",{"id":35},"_1-先选执行面别拿锤子拧螺丝","1. 先选执行面：别拿锤子拧螺丝",[14,38,39],{},"Codex 至少有五类常见入口：",[41,42,43,59],"table",{},[44,45,46],"thead",{},[47,48,49,53,56],"tr",{},[50,51,52],"th",{},"入口",[50,54,55],{},"运行位置",[50,57,58],{},"适合场景",[60,61,62,77,89,100,111],"tbody",{},[47,63,64,71,74],{},[65,66,67,70],"td",{},[28,68,69],{},"codex"," CLI \u002F TUI",[65,72,73],{},"本机仓库",[65,75,76],{},"日常编码、查 bug、改小需求、跑测试",[47,78,79,83,86],{},[65,80,81],{},[28,82,30],{},[65,84,85],{},"本机或 CI",[65,87,88],{},"非交互 review、日志分析、批量检查",[47,90,91,94,97],{},[65,92,93],{},"IDE extension",[65,95,96],{},"编辑器里",[65,98,99],{},"边写边问、从 IDE 派发任务",[47,101,102,105,108],{},[65,103,104],{},"Codex cloud",[65,106,107],{},"OpenAI 托管环境",[65,109,110],{},"长任务、并行任务、独立 branch、离线跑",[47,112,113,119,122],{},[65,114,115,116],{},"GitHub ",[28,117,118],{},"@codex",[65,120,121],{},"PR \u002F issue 上下文",[65,123,124,127],{},[28,125,126],{},"@codex review","、修 CI、处理 review 评论",[14,129,130,131],{},"我的经验是：",[21,132,133,134,136],{},"你需要实时纠偏，就用本地 CLI；任务边界清晰但耗时长，就丢给 cloud；需要脚本化输出，就用 ",[28,135,30],{},"。",[14,138,139],{},"比如“帮我理解这个支付状态机为什么会卡住”，最好在本地 CLI 里做，因为你可能随时补充日志、打断方向、选择假设。相反，“把这个 PR 的 CI failure 修掉，并开一个小 PR”，很适合 Codex cloud，因为目标、上下文和验收条件都比较明确。",[14,141,142,145],{},[21,143,144],{},"小结："," Codex 不是单一工具，而是一组执行面。选对入口，任务已经成功了一半。",[33,147,149],{"id":148},"_2-approval-sandbox决定-codex-的行动半径","2. Approval × Sandbox：决定 Codex 的行动半径",[14,151,152],{},"让 Codex 动手前，先问两个问题：",[154,155,156,160],"ol",{},[157,158,159],"li",{},"它能不能写文件？",[157,161,162],{},"它执行高风险命令时需不需要问你？",[14,164,165],{},"这就是 sandbox 与 approval 的组合。",[41,167,168,178],{},[44,169,170],{},[47,171,172,175],{},[50,173,174],{},"场景",[50,176,177],{},"推荐姿势",[60,179,180,191,202,212,223],{},[47,181,182,185],{},[65,183,184],{},"调研 \u002F review",[65,186,187,190],{},[28,188,189],{},"read-only","，只读更稳",[47,192,193,196],{},[65,194,195],{},"日常开发",[65,197,198,201],{},[28,199,200],{},"workspace-write"," + 按需审批",[47,203,204,207],{},[65,205,206],{},"CI 非交互检查",[65,208,209,211],{},[28,210,189],{}," + 不弹交互审批",[47,213,214,217],{},[65,215,216],{},"受控容器里的自动修复",[65,218,219,220,222],{},"可考虑 ",[28,221,200],{},"，仍要限制网络和 secrets",[47,224,225,228],{},[65,226,227],{},"普通本机开发",[65,229,230,231],{},"不建议默认 ",[28,232,233],{},"danger-full-access",[14,235,236],{},"可以把它想成给实习生配门禁卡：查资料给只读卡，改当前项目给工作区卡，生产机万能卡几乎永远不该随手发。",[14,238,239],{},"一个比较稳的本地默认配置是：工作区可写，默认不开放网络，遇到越权行为再让 Codex 申请。这样它可以正常编辑仓库、跑测试，又不至于悄悄访问外部系统或乱动仓库外文件。",[14,241,242,244],{},[21,243,144],{}," 权限不是麻烦，是 Codex 的安全带。越是自动化，越要把 sandbox 和 approval 写清楚。",[33,246,248],{"id":247},"_3-模型与-reasoning别把所有任务都开到最贵档","3. 模型与 reasoning：别把所有任务都开到最贵档",[14,250,251],{},"Codex 的质量、速度和成本通常由三类旋钮影响：",[253,254,255,261,267],"ul",{},[157,256,257,260],{},[28,258,259],{},"model","：主模型",[157,262,263,266],{},[28,264,265],{},"review_model","：review 场景可单独设置",[157,268,269,272],{},[28,270,271],{},"model_reasoning_effort","：推理强度",[14,274,275],{},"实战上可以这样粗分：",[41,277,278,288],{},[44,279,280],{},[47,281,282,285],{},[50,283,284],{},"任务",[50,286,287],{},"推荐思路",[60,289,290,298,306,314],{},[47,291,292,295],{},[65,293,294],{},"普通实现、补测试、局部重构",[65,296,297],{},"默认推荐模型 + medium",[47,299,300,303],{},[65,301,302],{},"架构设计、复杂 bug、并发一致性",[65,304,305],{},"更强模型 + high \u002F xhigh",[47,307,308,311],{},[65,309,310],{},"大量只读探索、摘要、扫文件",[65,312,313],{},"更快更便宜的模型，配 subagent",[47,315,316,319],{},[65,317,318],{},"PR review",[65,320,321],{},"review 模型比实现模型略高一档",[14,323,324],{},"不要把所有任务都开到最高推理档。高 reasoning 很像请资深架构师开长会：关键决策值，改文案和小测试就不值。",[14,326,327,328,331,332,335,336,339],{},"具体模型名和可用档位会随 Codex 版本变化，所以不要把旧教程里的模型清单当圣经。日常以 ",[28,329,330],{},"codex --help","、TUI ",[28,333,334],{},"\u002Fhelp","、",[28,337,338],{},"\u002Fmodel"," 和官方文档为准。",[14,341,342,344],{},[21,343,144],{}," 模型和 reasoning 是预算控制工具。日常 medium，难题再升档，才是长期可持续的用法。",[33,346,348,349,351],{"id":347},"_4-codex-exec把-codex-变成脚本里的工程同事","4. ",[28,350,30],{},"：把 Codex 变成脚本里的工程同事",[14,353,354,355,357],{},"交互式 CLI 适合陪跑，",[28,356,30],{}," 适合自动化。它的特点是：不开 TUI，直接跑一个 prompt，把最终输出交给 stdout，适合接在 shell、CI、cron 后面。",[14,359,360],{},"几个典型用法：",[362,363,368],"pre",{"className":364,"code":365,"language":366,"meta":367,"style":367},"language-bash shiki shiki-themes github-dark","codex exec \"summarize the repository structure and list risky areas\"\n","bash","",[28,369,370],{"__ignoreMap":367},[371,372,375,378,382],"span",{"class":373,"line":374},"line",1,[371,376,69],{"class":377},"svObZ",[371,379,381],{"class":380},"sU2Wk"," exec",[371,383,384],{"class":380}," \"summarize the repository structure and list risky areas\"\n",[362,386,388],{"className":364,"code":387,"language":366,"meta":367,"style":367},"git diff origin\u002Fmain...HEAD | codex exec \\\n  --sandbox read-only \\\n  \"Review this diff as a senior engineer. Findings first.\"\n",[28,389,390,414,425],{"__ignoreMap":367},[371,391,392,395,398,401,405,408,410],{"class":373,"line":374},[371,393,394],{"class":377},"git",[371,396,397],{"class":380}," diff",[371,399,400],{"class":380}," origin\u002Fmain...HEAD",[371,402,404],{"class":403},"snl16"," |",[371,406,407],{"class":377}," codex",[371,409,381],{"class":380},[371,411,413],{"class":412},"sDLfK"," \\\n",[371,415,417,420,423],{"class":373,"line":416},2,[371,418,419],{"class":412},"  --sandbox",[371,421,422],{"class":380}," read-only",[371,424,413],{"class":412},[371,426,428],{"class":373,"line":427},3,[371,429,430],{"class":380},"  \"Review this diff as a senior engineer. Findings first.\"\n",[362,432,434],{"className":364,"code":433,"language":366,"meta":367,"style":367},"npm test 2>&1 | codex exec \\\n  \"Summarize the failing tests and suggest the smallest likely fix\"\n",[28,435,436,455],{"__ignoreMap":367},[371,437,438,441,444,447,449,451,453],{"class":373,"line":374},[371,439,440],{"class":377},"npm",[371,442,443],{"class":380}," test",[371,445,446],{"class":403}," 2>&1",[371,448,404],{"class":403},[371,450,407],{"class":377},[371,452,381],{"class":380},[371,454,413],{"class":412},[371,456,457],{"class":373,"line":416},[371,458,459],{"class":380},"  \"Summarize the failing tests and suggest the smallest likely fix\"\n",[14,461,462],{},"如果下游要机器消费，可以用 JSONL 或 schema 输出。比如自动 triage issue、生成 release notes、把 CI log 总结成 PR 评论，这些都比“人在浏览器里复制粘贴”稳定得多。",[14,464,465,466,469],{},"但 CI 里有一条红线：",[21,467,468],{},"不要把个人登录态或长期 token 暴露给不受信任的仓库代码。"," 依赖安装脚本、测试脚本、第三方 action 都可能读环境变量。自动化环境里要把 API key 的暴露范围压到最小，能只读就只读。",[14,471,472,474,475,477],{},[21,473,144],{}," ",[28,476,30],{}," 的价值不是“无人值守写代码”，而是把 Codex 的分析能力接进现有工程流水线。",[33,479,481,482,484],{"id":480},"_5-codex-cloud-与-github-codex边界清晰时再放手","5. Codex cloud 与 GitHub ",[28,483,118],{},"：边界清晰时再放手",[14,486,487],{},"云端任务适合这些场景：",[253,489,490,493,496,499,502],{},[157,491,492],{},"任务超过 30 分钟，不想本机守着",[157,494,495],{},"需要在独立 branch 上完成并开 PR",[157,497,498],{},"修 CI、回应 review、补测试这种 PR 闭环任务",[157,500,501],{},"大范围迁移、扫仓、文档整理",[157,503,504],{},"本机环境不适合跑，云端环境更干净",[14,506,507],{},"不适合这些场景：",[253,509,510,513,516,519],{},[157,511,512],{},"需求还没说清楚",[157,514,515],{},"高风险改动需要你实时盯着",[157,517,518],{},"需要本机私有凭据，但云端环境没配置",[157,520,521],{},"“帮我优化一下项目”这种没有边界的任务",[14,523,524],{},"云端任务的 prompt 要像一张清晰工单：",[362,526,531],{"className":527,"code":529,"language":530,"meta":367},[528],"language-text","目标：修复 billing 模块 CI 中的 flaky test。\n\n上下文：\n- 当前 PR：\u003Clink>\n- 失败 job：\u003Clink>\n- 相关目录：services\u002Fbilling\u002F**\n\n约束：\n- 不要重构 payment gateway\n- 不要修改 public API\n- 如果根因不清楚，先汇报\n\n验收：\n- 相关测试连续运行 3 次通过\n- 给出根因说明\n- 开 PR 或推到当前任务 branch\n\n停止条件：\n- 60 分钟内没有明确根因就停止，并汇报已排除的假设。\n","text",[28,532,529],{"__ignoreMap":367},[14,534,535,536,538,539,542,543,546],{},"在 GitHub 里，",[28,537,126],{}," 是 review 任务，其它 ",[28,540,541],{},"@codex \u003Ctask>"," 更像派发一个云端任务。想让 review 更准，需要把 review 准则写进 ",[28,544,545],{},"AGENTS.md","，比如只报真实风险：bug、安全、数据丢失、并发、测试缺口，而不是纯风格偏好。",[14,548,549,551],{},[21,550,144],{}," 云端 Codex 适合“边界清楚、验收明确、可以异步完成”的任务。越远离你的实时控制，任务描述越要具体。",[33,553,555],{"id":554},"_6-一套日常工作流","6. 一套日常工作流",[557,558,559],"h3",{"id":559},"新需求",[362,561,564],{"className":562,"code":563,"language":530,"meta":367},[528],"1. 新开干净会话或 worktree\n2. 描述需求，引用相关目录\n3. 要求 Codex 先读 AGENTS.md 和相关文件，只给计划\n4. 你 review 计划，补约束\n5. Codex 分步实现，每步后跑最小测试\n6. Codex 自查 diff\n7. 你跑最终验证\n8. 让 Codex 基于 diff 写 commit message 草稿\n",[28,565,563],{"__ignoreMap":367},[14,567,568,569,572],{},"关键是第 3 步：",[21,570,571],{},"先计划，再动手。"," 计划不需要很长，但必须包含涉及文件、风险点、测试计划和实现顺序。Codex 最容易出问题的地方，往往不是写不出代码，而是一开始就理解错影响半径。",[557,574,576],{"id":575},"查-bug","查 bug",[362,578,581],{"className":579,"code":580,"language":530,"meta":367},[528],"1. 用 read-only 启动\n2. 贴完整错误、复现步骤、近期 diff\n3. 让 Codex 先给 3 个根因假设\n4. 每个假设必须有证据、反证、最小验证方法\n5. 你选最像的假设\n6. 再切到可写，做最小修复和回归测试\n",[28,582,580],{"__ignoreMap":367},[14,584,585],{},"这和资深工程师自己查 bug 的方式一样：先缩小假设空间，再验证。不要一上来就说“修一下”，那是在鼓励模型猜。",[557,587,318],{"id":588},"pr-review",[362,590,592],{"className":364,"code":591,"language":366,"meta":367,"style":367},"git diff origin\u002Fmain...HEAD | codex exec --sandbox read-only \\\n  \"Review this diff. Findings first, ordered by severity.\n   Focus on correctness, security, data loss, concurrency, and test gaps.\"\n",[28,593,594,615,620],{"__ignoreMap":367},[371,595,596,598,600,602,604,606,608,611,613],{"class":373,"line":374},[371,597,394],{"class":377},[371,599,397],{"class":380},[371,601,400],{"class":380},[371,603,404],{"class":403},[371,605,407],{"class":377},[371,607,381],{"class":380},[371,609,610],{"class":412}," --sandbox",[371,612,422],{"class":380},[371,614,413],{"class":412},[371,616,617],{"class":373,"line":416},[371,618,619],{"class":380},"  \"Review this diff. Findings first, ordered by severity.\n",[371,621,622],{"class":373,"line":427},[371,623,624],{"class":380},"   Focus on correctness, security, data loss, concurrency, and test gaps.\"\n",[14,626,627,628,630],{},"如果在 GitHub 上，就用 ",[28,629,126],{},"，并确保仓库有明确的 review guidance。",[14,632,633,635],{},[21,634,144],{}," 高效用 Codex 的本质，是把你的工程节奏显式化：先读、先计划、再执行、再验证。",[33,637,638],{"id":638},"总结",[14,640,641],{},"Codex 的核心不是“更会写代码”，而是它把 coding agent 放进了多个工程入口：本地 CLI、IDE、CI、云端、GitHub PR。你要做的，是给每个入口配好边界。",[14,643,644],{},"记住四句话：",[154,646,647,657,663,669],{},[157,648,649,652,653,656],{},[21,650,651],{},"选对执行面","：本地陪跑，云端长跑，",[28,654,655],{},"exec"," 自动化，GitHub 做 PR 闭环。",[157,658,659,662],{},[21,660,661],{},"权限先行","：sandbox 和 approval 是安全带，不是打扰。",[157,664,665,668],{},[21,666,667],{},"预算可调","：普通任务 medium，难题再升 reasoning。",[157,670,671,674],{},[21,672,673],{},"流程显式化","：先计划、再实现、再验证，别让 Codex 猜你的工程判断。",[14,676,677],{},"工具会迭代，命令会变化，但这套工作流很稳定。把它练成肌肉记忆，Codex 才会从“偶尔惊艳的助手”变成“每天可靠的工程搭档”。",[14,679,680],{},[681,682,684],"a",{"href":683},"\u002Fblog\u002F","返回博客列表",[686,687,688],"style",{},"html pre.shiki code .svObZ, html code.shiki .svObZ{--shiki-default:#B392F0}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .snl16, html code.shiki .snl16{--shiki-default:#F97583}html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}",{"title":367,"searchDepth":416,"depth":416,"links":690},[691,692,693,694,696,698,703],{"id":35,"depth":416,"text":36},{"id":148,"depth":416,"text":149},{"id":247,"depth":416,"text":248},{"id":347,"depth":416,"text":695},"4. codex exec：把 Codex 变成脚本里的工程同事",{"id":480,"depth":416,"text":697},"5. Codex cloud 与 GitHub @codex：边界清晰时再放手",{"id":554,"depth":416,"text":555,"children":699},[700,701,702],{"id":559,"depth":427,"text":559},{"id":575,"depth":427,"text":576},{"id":588,"depth":427,"text":318},{"id":638,"depth":416,"text":638},"AI\u002FLLM","2026-06-18","md",{},true,"\u002Fblog\u002Fcodex-workflow-guide",{"title":5,"description":16},"blog\u002Fcodex-workflow-guide",[713,714,715,716],"Codex","AI编程","开发工具","工作流","5hSZp5icWfVB3JoJnI-b2vUfWd0_x8SpQz4DgNTEcQI",1781797590751]