Local Codebase Study: Codex
What Was Researched
Architecture and implementation of Codex (openai/codex) — OpenAI's open-source agentic coding CLI. Built primarily in Rust with a monorepo containing 128 crates (verified 2026-06-23). Supports CLI, desktop app, and IDE integration. Uses AGENTS.md for context, MCP for tools, and implements sophisticated sandboxing across macOS, Linux, and Windows.
Which Sources Were Used
- Local clone:
c:\Users\Adam\Desktop\agent2\codex - Files analyzed:
AGENTS.md,README.md,codex-rs/Cargo.toml,codex-rs/core/README.md,codex-rs/core/Cargo.toml, directory structure ofcodex-rs/,codex-cli/,sdk/,docs/
Key Findings
Architecture Overview
- Monorepo: ~5,190 files across
codex-rs/(Rust core),codex-cli/(Node.js CLI wrapper),sdk/(TypeScript SDK) - Build System: Dual Bazel + Cargo builds, with
justfilecommands for developer workflow - 128 Rust crates in workspace (verified: 128
Cargo.tomlfiles) — massive, highly modular architecture - Multi-platform support: macOS (Seatbelt), Linux (Bubblewrap/Landlock), Windows (restricted tokens)
Rust Crate Architecture (codex-rs/)
Key crates organized by function:
Core Agent Loop:
core/— Business logic, agent loop, context management, session handlingcore-api/— Public API types for the corecore-plugins/— Plugin systemcore-skills/— Built-in skillsprotocol/— Communication protocol definitions
Model & Provider:
model-provider/— Model provider abstraction layermodel-provider-info/— Provider metadatamodels-manager/— Model lifecycle managementollama/— Ollama integrationlmstudio/— LM Studio integrationchatgpt/— ChatGPT backend integration
Tool System:
tools/— Tool definitions and executioncodex-mcp/— MCP (Model Context Protocol) integrationmcp-server/— MCP server implementationrmcp-client/— Remote MCP clientexec/— Command executionexec-server/— Execution servershell-command/— Shell command handlingapply-patch/— File patching toolfile-search/— File search tool
Sandboxing (Critical Feature):
sandboxing/— Cross-platform sandbox abstractionlinux-sandbox/— Linux-specific (Bubblewrap + Landlock)bwrap/— Bubblewrap wrapperwindows-sandbox-rs/— Windows restricted token sandboxexecpolicy/— Execution policy engineprocess-hardening/— Process-level security
Memory & State:
memories/— Memory systemmessage-history/— Conversation historythread-store/— Thread persistencestate/— State managementagent-graph-store/— Graph-based agent state
UI:
tui/— Terminal UI (ratatui-based)cli/— CLI argument parsing
App Server:
app-server/— App server for desktop/IDEapp-server-protocol/— JSON-RPC v2 protocolapp-server-client/— Client libraryapp-server-daemon/— Background daemonapp-server-transport/— Transport layer
Infrastructure:
config/— Configuration managementconnectors/— External service connectorshooks/— Lifecycle hooksotel/— OpenTelemetry observabilityanalytics/— Analyticssecrets/— Secret management
AGENTS.md Pattern (Most Influential)
Codex popularized (or at least heavily promoted) the AGENTS.md convention:
- A repository-level context file that tells the agent about the codebase
- Contains coding conventions, test patterns, build commands, architectural decisions
- Read at session start to provide workspace context
- Already adopted by other projects (LiteLLM has
AGENTS.md,CLAUDE.md,GEMINI.md)
Model Context System
Critical design decisions for model-visible context:
- No history rewrite — context builds incrementally only
- Avoid frequent context changes — minimize cache misses
- No unbounded items — hard caps on everything
- 10K token cap per item — strict size limits
- ContextualUserFragment trait — all context items implement this trait
App-Server Protocol (v2)
- JSON-RPC 2.0 based protocol for IDE ↔ Codex communication
- Resource/method pattern:
thread/read,app/list - Cursor pagination:
cursor+limit/data+next_cursor - TypeScript type generation from Rust structs via
ts-rs - Experimental API gating with
#[experimental("method/or/field")]
Key Design Principles from AGENTS.md
- Modules under 500 LoC (800 max), prefer new modules over growing existing ones
- Resist adding code to
codex-core— it's already too large - Integration tests preferred over unit tests for agent logic
#[tracing::instrument(...)]for async observability- No
#[async_trait]— use native RPITIT with explicitSendbounds - Exhaustive
matchstatements, no wildcards
What Is Confirmed
- Repository cloned successfully (5,190 files)
- 128 Rust crates in workspace verified (128
Cargo.tomlfiles) - Multi-platform sandbox support confirmed (macOS/Linux/Windows)
- AGENTS.md is 22KB — comprehensive project context document
- Uses MCP for tool integration
- Bazel + Cargo dual build system
- gpt-5.1 and gpt-5.2 prompt files exist in core/ (model-specific prompts)
What Is Uncertain
- How the model-provider abstraction handles non-OpenAI models in practice
- Whether the agent loop architecture can be extracted independently of the Codex-specific UI
- How the plugin system (
core-plugins/) works and how extensible it is - What the
skills/crate contains vs. MCP tools vs. core tools - Whether the
v8-poc/crate indicates plans for JavaScript-based extensions - How the
agent-graph-storerelates to conversation memory
How This Applies to Building a Modern Model-Agnostic Agent Harness
Codex is the most architecturally relevant reference for building a model-agnostic agent harness:
- Crate Architecture Model: The 128-crate workspace is the gold standard for modular agent design. Each concern (sandboxing, tools, MCP, memory, model providers) is isolated with clear API boundaries
- Sandboxing: The cross-platform sandboxing system (Seatbelt/Bubblewrap/Windows restricted tokens) is the most sophisticated in any open-source agent
- AGENTS.md Convention: This pattern should be adopted directly in the harness
- Context Management: The strict rules (no rewrite, bounded items, 10K cap) provide a battle-tested model for context window management
- MCP Integration: First-class MCP support with
codex-mcp,mcp-server, andrmcp-client— demonstrates how to integrate the MCP ecosystem - App-Server Protocol: The JSON-RPC v2 protocol for IDE integration is a reference for harness ↔ frontend communication
- Model Provider Abstraction: Has both OpenAI (ChatGPT) and local model (Ollama, LM Studio) support — model-agnostic pattern
- Skills System: The
core-skills/crate suggests a skills-based extensibility model - Memory Architecture: Separate
memories/,message-history/, andthread-store/crates show thoughtful memory decomposition - Anti-Pattern to Watch:
codex-coreis explicitly called out as too large — proves even well-architected projects can suffer from "core crate bloat"