How to run a command with Codex exec

Running a shell command through codex exec lets a one-off Codex task inspect terminal output before it writes its final answer. That fits quick repository checks, exact extraction from generated output, and automation steps where the terminal should receive one finished response instead of opening an interactive Codex session.

The prompt argument to codex exec is an instruction for the agent, not an arbitrary shell-command slot. Put the shell command inside that prompt when Codex should run it, or pipe command output into codex exec when the shell should run the command first and Codex should only interpret the captured text.

In normal output mode, Codex streams progress to stderr and prints the final assistant message to stdout. codex exec uses a read-only sandbox by default, but spelling out --sandbox read-only makes automation easier to review. Add --ephemeral when the one-off session should not be saved, and keep secrets out of command output because Codex can use that text as model context.

Related: How to run Codex exec with a prompt
Related: How to enable JSON output in Codex

Steps to run a command with Codex exec:

  1. Open a terminal in the repository or project directory that should own the command. 
    $ git rev-parse --show-toplevel
/home/user/projects/exec-demo

    For an intentional scratch directory outside Git, add --skip-git-repo-check to the codex exec command or move into a trusted repository first.
    Related: How to fix the Codex trusted-directory error
    Related: How to set the working directory for Codex

  2. Run codex exec with a read-only sandbox and a prompt that names the shell command. 
    $ codex exec --ephemeral --sandbox read-only "Run printf '%s\n' alpha beta gamma and reply with only the last output line."
gamma

    Codex runs the command, reads the output, and prints only the requested final answer to stdout. Omit --ephemeral when the run should appear in normal session history.

  3. Run a repository inspection command when the answer depends on files in the working root. 
    $ codex exec --ephemeral --sandbox read-only "Run rg --files --glob '*.md' and return one filename per line."
README.md
docs/usage.md

    Keep the command narrow with paths or tool options before asking Codex to summarize or extract from the output.

  4. Quote glob patterns and other shell-sensitive text inside the prompt. 
    $ codex exec --ephemeral --sandbox read-only "Run rg --line-number 'TODO' --glob '*.md' and return file:line:text."
README.md:3:TODO: document the release step
docs/usage.md:9:TODO: add troubleshooting notes

    Quotes around *.md keep the pattern attached to ripgrep instead of letting the parent shell expand it before Codex receives the prompt.

  5. Pipe existing command output into codex exec when the shell should run the command first. 
    $ git diff --stat | codex exec --ephemeral --sandbox read-only "Summarize this diff stat in one sentence."
The branch changes two files, with most edits in src/client.py.

    When a prompt and piped input are both present, Codex treats the prompt as the instruction and the piped text as additional context.