Master 98% of Codex’s Features in Just 35 Minutes

1. Configure AGENTS.md

Codex reads ~/.codex/AGENTS.md (global) or AGENTS.md in the project root to understand the tech stack, coding style, and permission boundaries. A minimal 12‑line file is enough, for example:

# 项目规范
技术栈：Next.js 15 + TypeScript + Tailwind + Supabase
编码风格：使用 ESLint + Prettier，函数式组件优先
权限规则：Codex 可以自行修改 src/ 文件夹，但修改 package.json / CI 配置前必须批准
构建命令：npm run build && npm run lint
测试命令：npm test

Place the file at .codex/AGENTS.md (hidden directory) and restart Codex; it will announce that the file is loaded, confirming the configuration.

2. Slash Commands (30+ "magic spells")

/clear

– Clear the terminal and start a fresh conversation to avoid context pollution. /compact – Summarize conversation history, freeing token space for long sessions. /new – Open a new dialogue in the same CLI window without exiting. /fork – Split the current conversation into a new thread, keeping the original untouched. /side – Open a temporary side conversation for quick queries that do not affect the main thread. /resume – Resume a saved conversation, e.g., codex resume --last. /diff – Show a full Git diff (staged, unstaged, untracked) before committing. /review – Run an automatic code review; you can set a dedicated review model in config.toml (e.g., review_model = "gpt-4.1-mini"). /model, /fast, /personality, /plan, /reasoning – Switch models, toggle fast mode, change Codex’s speaking style, enable planning mode, and adjust reasoning intensity (low/medium/high).

3. Plan Mode and Comment Mode

Plan Mode ( /plan) makes Codex list execution steps before writing code. Example:

> /plan 帮我设计这个服务的迁移方案，从 REST 迁移到 GraphQL

After you approve the plan, Codex proceeds, turning code generation into an approval workflow and eliminating costly rework.

Comment Mode is accessed via the "+" button in the web preview. You can click any UI element (title, image, button) and tell Codex exactly what to change, e.g., "change this button to dark gold". This visual, point‑and‑click editing removes the need for verbose textual descriptions.

4. Skills System

Skills are reusable command sets stored in ~/.codex/skills/ (global) or .agents/skills/ (project‑local). Invoke a skill with $skill-name. Example Skill file:

## 工作周报生成器
**Description:** 当被要求生成工作周报、周报总结时自动触发。
## Steps
1. 读取用户提供的工作内容描述
2. 按「本周完成 / 遇到的问题 / 下周计划」结构组织内容
3. 生成简洁有力的总结，突出关键成果
4. 输出格式为 Markdown
## Notes
- 成果类内容优先，用数据量化（如"提升了 30% 转化率"）
- 问题类使用「问题 + 解决方案」格式
- 每周一优先使用

Popular community skills include gh-fix-ci , changelog-generator , create-plan , webapp-testing , frontend-skill , stop-slop , and sentry-triage . Global skills live in ~/.codex/skills/ and are usable across projects; project‑local skills live in .agents/skills/ and can reference project‑specific paths, API keys, or schemas.

5. Model Context Protocol (MCP)

MCP is the standard interface for connecting large models to external systems. Configuration resides in ~/.codex/config.toml (global) or .codex/config.toml (project). Example Context7 MCP configuration (free, no auth):

[mcp_servers.context7]
command = "npx"
args = ["-y", "@upstash/context7-mcp"]
enabled = true

Other useful MCPs: GitHub (OAuth – manage issues/PRs), Figma (OAuth – read design tokens), Playwright (STDIO – browser automation), Sentry (env – query error logs), Neon (env – connect to PostgreSQL).

6. Goal Command

The /goal command enables long‑running, multi‑step tasks with automatic decomposition and checkpoint approval. Example:

/goal 实现一个 RESTful API，包括：
1. 用户注册和登录（JWT 认证）
2. CRUD 操作
3. 数据验证和错误处理
4. 单元测试（覆盖率 > 80%）

Use /goal status, /goal pause, and /goal resume to monitor and control execution.

7. Automation

Schedule recurring tasks that run in the background and feed results into the review queue. Examples:

设置自动化：每周一 9 点生成 changelog

设置自动化：每天早上 8 点运行测试，失败时发通知

Typical automation scenarios include nightly test runs with Slack alerts, weekly changelog generation, pre‑release configuration checks, and dependency security audits.

8. Security Scanning

In March 2026 Codex added a Security feature that builds a threat model from project context and validates vulnerabilities in a sandbox. Enable it with:

codex config set security.enabled true
codex security scan

The scan returns detailed explanations, remediation suggestions, and project‑specific risk reasoning, making it especially valuable before major releases of payment‑ or user‑data‑heavy applications.

9. Fine‑Tuning Details

Permission modes: request‑approval (most conservative), approve‑for‑me (AI reviews first), full‑access. "Approve‑for‑me" is recommended for risky commands like npm install.

Separate Conversation (temporary) from Project (persistent) to keep context clean.

Use /mention src/lib/api.ts to load a file into context without describing its path.

Run /compact after medium‑size tasks to compress history and save tokens.

Putting all these pieces together—AGENTS.md, slash commands, Plan & Comment modes, Skills, MCP, Goal, automation, and security—turns Codex from a simple code generator into a 24‑hour AI‑powered development partner.