Codex Docker sandbox

Run Codex from a Dagu Docker sandbox.

Use a runner image that contains the Codex CLI, then let Dagu run provider: codex inside a step-level or root-level container. ChatGPT login works when the container can read a file-backed CODEX_HOME; API-key runs can use CODEX_API_KEY for codex exec.

Read the Codex docs Compare Docker scope

Codex login check in Docker

steps:
  - id: codex_login_status
    action: harness.run
    container:
      image: dagu-codex-runner:local
      pull_policy: never
      working_dir: /workspace
      volumes:
        - .:/workspace:ro
        - ${HOME}/.codex:/codex-home
      env:
        - CODEX_HOME=/codex-home
    with:
      provider: shell
      prompt: |
        set -eu
        codex --version
        codex login status

Uses the public ghcr.io/openai/codex-universal base image.

Verifies codex --version and login status before model calls.

Supports mounted CODEX_HOME for ChatGPT subscription login.

Supports CODEX_API_KEY for non-interactive codex exec runs.

Runner image

Install Codex into a runner image and clear the base entrypoint so Dagu controls the command. The version check should pass before this image is used in a DAG.

Dockerfile

FROM ghcr.io/openai/codex-universal:latest

USER root
RUN apt-get update \
  && apt-get install -y --no-install-recommends ca-certificates curl \
  && rm -rf /var/lib/apt/lists/*

ENV CODEX_NON_INTERACTIVE=1 \
    CODEX_INSTALL_DIR=/usr/local/bin

RUN curl -fsSL https://chatgpt.com/codex/install.sh | sh
RUN codex --version

WORKDIR /workspace
ENTRYPOINT []
CMD ["/bin/bash"]

ChatGPT subscription auth

If the host CLI is logged in with ChatGPT and the credentials are file-backed, mount that Codex home at a separate path and set CODEX_HOME inside the container.

Do not mount over /root/.codex in this image because the standalone package cache lives there.
If the host uses an OS keychain, create a separate file-backed CODEX_HOME for the Dagu worker.
Treat auth.json as a secret because it contains access tokens.

API-key run

For automation that should not reuse a ChatGPT login, pass CODEX_API_KEY only to the harness step that runs Codex.

Step-level Codex run

steps:
  - id: codex_review
    action: harness.run
    container:
      image: dagu-codex-runner:local
      pull_policy: never
      working_dir: /workspace
      volumes:
        - .:/workspace:ro
      env:
        - CODEX_API_KEY=${CODEX_API_KEY}
    with:
      provider: codex
      prompt: |
        Review this repository and summarize the highest-risk issues.

Container scope

Use a step-level container when only Codex needs the credential. Use a root-level container only when command steps and Codex should share the same installed toolchain and workspace.

More sandbox pages

Codex Docker sandbox

Docker sandbox

Understand root-level and step-level Docker container behavior.

Claude Code in Docker

Use the same Dagu harness pattern with Claude Code.

OpenCode in Docker

Use the same Dagu harness pattern with OpenCode.

Custom CLI in Docker

Wrap an internal agent CLI with a custom harness provider.

References

Dagu Codex sandbox documentation OpenAI codex-universal image Codex authentication Codex non-interactive mode