OpenAI Codex Workflow in Practice — Complete Visual Guide from Task Delegation to GitHub PR Merge [2026]

Understanding the end-to-end flow is the foundation of working efficiently with Codex. ``` ① Enter task (plain text) ↓ ② Sandbox launches (isolated cloud container) ↓ ③ Setup phase (network ON: npm install / pip install etc.) ↓ ④ Agent execution (network OFF: edit code, run tests) ↓ ⑤ Diff generated (changed files list + test results) ↓ ⑥ User review (inspect diff, add comments, request changes) ↓ ⑦ GitHub PR created (new branch, commit, PR opened) ↓ ⑧ Merge (approved PR merged into main/master) ``` At step ⑥, if you ask Codex to revise something, it re-launches the sandbox and updates the diff. You can iterate as many times as needed — this back-and-forth is a core strength of the agent model.

Codex can execute multiple tasks in fully independent sandboxes at the same time. ``` [You] ↓ Submit tasks A, B, C simultaneously ├─→ [Sandbox A: Bug fix] ──────→ Diff A ├─→ [Sandbox B: Add tests] ────→ Diff B └─→ [Sandbox C: Update docs] ──→ Diff C ↓ [Review all 3 diffs independently] ``` Each sandbox is completely isolated — they never interfere with each other. The Pro plan supports 10+ simultaneous tasks, making it possible to process an entire sprint's worth of issues in parallel. Notifications arrive when each task finishes, so you can stay productive without waiting.

The quality of your instructions directly determines the quality of Codex's output.

Golden rule: Answer five questions in 1–3 sentences — who, where, what is happening, how to fix it, and how to verify the fix. This consistently produces the best results.

Different tasks take different amounts of time. Choosing the right model optimizes both cost and speed.

For fast tasks like code review, use GPT-5.3-Codex-Spark (powered by Cerebras chips). For large repositories requiring broad context, leverage GPT-5.4's 1M-token context window.

How Codex creates a pull request ``` [Codex completes the task] ↓ [New branch: codex/fix-auth-null-check] ↓ [Commit with meaningful message] ↓ [Push to GitHub → PR opened (title, description, test results auto-generated)] ↓ [You review the PR → Request changes or Approve & Merge] ``` GitHub Actions integration example (auto-trigger Codex on issue label) ```yaml # .github/workflows/codex-auto-fix.yml on: issues: types: [labeled] jobs: codex-fix: if: contains(github.event.label.name, 'codex-auto') runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - run: npx @openai/codex-cli fix "${{ github.event.issue.body }}" env: OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} ``` Example use cases: Add a `codex-auto` label to an issue and Codex opens a PR automatically. Add a `codex-review` label to a PR and Codex posts inline review comments.

Model Context Protocol (MCP) allows Codex to read data from external tools as context while executing tasks. ``` [Codex] ├─→ [Figma MCP] → Fetch design data and component specs ├─→ [Linear MCP] → Read issue details, priority, and assignees ├─→ [Jira MCP] → Pull ticket content and acceptance criteria └─→ [Slack MCP] → Retrieve thread context from channels ``` Concrete workflow examples: - Pass a Linear issue to Codex → it reads the requirements and implements the code - Reference a Figma design file → Codex generates a matching React component - Pass a Jira bug ticket → Codex analyzes the reproduction steps and auto-fixes the issue You can also build custom MCP servers for internal tools, enabling Codex to use your company wiki or internal documentation as context.

Codex Security — automated security scanning

Team responsibility split ``` [Humans own] · Requirements, system design, architecture decisions · Final review and merge approval [Delegate to Codex] · Bug fixes, test additions, documentation generation · Refactoring and routine feature implementation ``` Quality rules: Always require a human review before merging any Codex-generated PR. Place an `AGENTS.md` file at the repository root with instructions, constraints, and forbidden patterns for Codex.

Q1. What should I do if a task gets stuck mid-way? You can retry the task from the Codex panel. The error log is displayed, so refining your prompt and resubmitting resolves most cases. Q2. Do parallel tasks cause merge conflicts? The tasks themselves never conflict because each sandbox runs on a separate clone. However, if multiple PRs modify the same file, a standard git merge conflict can occur when merging them sequentially. Q3. What should I put in AGENTS.md? Include your repository structure, prohibited libraries, coding conventions, the test run command, and any files that must never be modified. Codex reads AGENTS.md automatically at the start of every task. Q4. Who owns the copyright for code Codex generates? Under OpenAI's terms of service, copyright belongs to the user. For commercial use, confirm the details with your legal team. Q5. Does Codex support Git hosting services other than GitHub? As of April 2026, GitHub is the primary integration target. Partial GitLab and Bitbucket support is available via the CLI, but direct UI integration is GitHub-only. Q6. Is it safe to pass code containing sensitive information to Codex? Under an OpenAI Enterprise agreement, your data is excluded from model training. For sensitive codebases, use the Enterprise plan and exclude secrets and API keys from the repository.

"We want to roll out Codex to our team but aren't sure how to get internal approval." "We need help designing a GitHub Actions integration." "We want to build an MCP connector for Jira and Figma." — Oflight's AI consulting service can help with all of these. We support you end-to-end: from requirements gathering and system design through implementation and team training. Start with a free consultation. → View AI Consulting Services