Automation should be the final form of a workflow that already succeeds interactively. Codex offers non-interactive CLI runs and scheduled app automations; both require explicit inputs, permissions, and outputs.
| Need | Use |
|---|---|
| One scripted or CI run | codex exec |
| Machine-readable event stream | codex exec --json |
| Recurring independent check | Standalone automation |
| Recurring continuation of one thread | Thread automation |
codex exec --ephemeral \
"Review the last ten commits and report release-note omissions."
codex exec defaults to a read-only sandbox. Add --sandbox workspace-write only when the workflow genuinely needs edits. Use structured output when another program consumes the result.
Run manually → tighten prompt → verify repeatedly → package as skill → run with codex exec → schedule only when unattended behavior is safe
An automation must say what to inspect, what counts as a finding, what it may change, where results go, and when it should stop or escalate.
Human-readable prose is enough for an inbox. Downstream programs need stable fields and exit behavior. Choose the contract before writing the prompt.
| Consumer | Output |
|---|---|
| Human in a shell | Final message on standard output |
| Event processor | --json JSONL stream |
| Another build step | --output-schema with required fields |
| Later Codex stage | Resume the recorded session |
A safer CI pattern lets Codex analyze or generate a patch with read-only repository permissions, stores that patch as an artifact, and uses a separate controlled job to apply it or open a pull request. The code-reading job never receives unnecessary write authority.
Ask what happens if the automation runs twice. A good recurring check produces the same result or recognizes completed work instead of duplicating comments, branches, or files.
AGENTS.md and repeated procedures in skills.codex exec or scheduling.