Slack-ready onboarding guide for a teammate on Apple Silicon macOS who has ChatGPT Plus and wants to use Codex CLI well in this repository.
- This guide assumes Apple Silicon Mac.
- This guide assumes a ChatGPT Plus subscription.
- This guide assumes little or no prior Codex CLI or terminal-agent experience.
- This guide assumes you want to review, design, plan, implement, and debug work in this repo.
- This repo is already prepared with agent context.
- Root
AGENTS.mdexists and is auto-loaded by Codex when you start in the repo. - The linked docs are useful, but not auto-loaded unless you ask Codex to read them.
- As of 2026-03-24, the latest public Codex CLI GitHub release is
0.116.0, released on 2026-03-19. - Codex CLI supports ChatGPT sign-in. For a ChatGPT Plus user, that is the recommended path for interactive local use.
Recommended on macOS if you already use Homebrew:
brew install --cask codex
codex --versionIf you prefer npm:
npm install -g @openai/codex
codex --versionRun:
codexThen choose:
Sign in with ChatGPT
Why:
- That uses your ChatGPT subscription access
- Fast-mode features rely on ChatGPT sign-in
- It is the default CLI login path when no valid session exists
If your ChatGPT account uses email/password, set up MFA first. If you use Apple/Google/Microsoft login, manage MFA with that provider.
Create or edit ~/.codex/config.toml:
cli_auth_credentials_store = "keyring"That keeps credentials in the macOS credential store instead of a plaintext auth file when possible.
cd /path/to/repo/compliant-transfer-aleo
codexFirst prompt to send:
Summarize the instruction sources you loaded for this repository, then list which additional docs I should explicitly ask you to read for Leo work and for test work.
Expected result:
- Codex should mention the root
AGENTS.md. - It should point you to docs like
docs/DEVELOPMENT.md. - It should point you to docs like
docs/TESTING.md. - It should point you to docs like
docs/LEO-ALEO-PATTERNS.md. - It should point you to docs like
docs/CODE-PATTERNS.md.
If you want a single command without setting up config first:
codex \
-C /path/to/repo/compliant-transfer-aleo \
-m gpt-5.4 \
-a on-request \
-s read-only \
-c 'model_reasoning_effort="high"' \
-c 'plan_mode_reasoning_effort="high"' \
-c 'review_model="gpt-5.4"' \
-c 'service_tier="fast"'Then inside Codex:
/status
Check that you are in:
- model
gpt-5.4 - reasoning effort
high - sandbox
read-only - approval policy
on-request
Then send:
Read AGENTS.md, docs/LEO-ALEO-PATTERNS.md, docs/CODE-PATTERNS.md, and docs/TESTING.md. After that, review this repository's current working tree for correctness, security, Leo/Aleo execution-model mistakes, authorization-order mistakes, private/public visibility leaks, Merkle/freeze-list inconsistencies, and missing tests. Findings first with file references.
Then:
/review
Notes:
/reviewuses the current session model unlessreview_modelis configured/reviewis ideal for uncommitted changes, a commit, or a PR-style review against a base branch/diffis the fastest follow-up when you want to inspect exact changed files
Put this in ~/.codex/config.toml.
model = "gpt-5.4"
review_model = "gpt-5.4"
model_reasoning_effort = "high"
plan_mode_reasoning_effort = "high"
model_reasoning_summary = "concise"
model_verbosity = "medium"
personality = "pragmatic"
approval_policy = "on-request"
sandbox_mode = "read-only"
service_tier = "fast"
cli_auth_credentials_store = "keyring"
[profiles.review]
model = "gpt-5.4"
review_model = "gpt-5.4"
model_reasoning_effort = "high"
plan_mode_reasoning_effort = "high"
model_reasoning_summary = "concise"
model_verbosity = "medium"
approval_policy = "on-request"
sandbox_mode = "read-only"
service_tier = "fast"
personality = "pragmatic"
[profiles.edit]
model = "gpt-5.4"
review_model = "gpt-5.4"
model_reasoning_effort = "high"
plan_mode_reasoning_effort = "high"
model_reasoning_summary = "concise"
model_verbosity = "medium"
approval_policy = "on-request"
sandbox_mode = "workspace-write"
service_tier = "fast"
personality = "pragmatic"
[sandbox_workspace_write]
network_access = false
writable_roots = []Why this is a good starting point:
reviewprofile is safe for reading and reviewingeditprofile allows normal implementation work but still asks before risky commandsgpt-5.4withhighreasoning is a good default for complex code review, debugging, and designservice_tier = "fast"is useful for interactive work if your ChatGPT sign-in supports it
If fast is not available in your workspace, switch that line to:
service_tier = "flex"cd /path/to/repo/compliant-transfer-aleo
codex --profile reviewcd /path/to/repo/compliant-transfer-aleo
codex --profile editcodex exec \
--profile review \
--cd /path/to/repo/compliant-transfer-aleo \
"Read AGENTS.md, docs/LEO-ALEO-PATTERNS.md, docs/CODE-PATTERNS.md, and docs/TESTING.md. Review the current working tree and output findings only."codex exec resume --lastcodex --profile review
codex --profile edit
codex --version
codex login
codex logout
codex features list
codex exec "your prompt here"
codex exec resume --lastUseful flags:
-Cor--cd: start Codex in a specific directory-mor--model: override the model for one run-por--profile: use a named config profile-aor--ask-for-approval:untrusted,on-request, ornever-sor--sandbox:read-only,workspace-write, ordanger-full-access-cor--config: one-off config override--search: enable live web search for that run--json: machine-readable output for automation-oor--output-last-message: write the final answer to a file
These are the ones worth memorizing:
/status/debug-config/model/fast/plan/review/diff/mention/new/resume/fork/mcp
What they are for:
/status: confirm model, approvals, writable roots, token usage/debug-config: see which config layer is winning/model: switch models in-session/fast: toggle fast mode for the thread/plan: force planning before coding/review: run a focused code review/diff: inspect Git diff/mention: explicitly attach a file into the current conversation/resume: reopen a saved chat/fork: branch the current conversation into an alternative path/mcp: list connected MCP tools
If you want Codex to compile or test changes in this repo, make sure the repo itself is prepared first.
Use the repo root only:
cd /path/to/repo/compliant-transfer-aleoRecommended setup:
cp .env.example .env
npm ci --ignore-scripts
npm install -g @sealance-io/dokojs@1.0.4 --ignore-scriptsNode notes:
- Repo requirement: Node
20.19.0+on the 20.x line, or22.12.0+ - Repo default in
.nvmrc:v24
Critical repo rules:
- Always install from repo root
- Never run
npm installinside a workspace subdirectory - Keep
--ignore-scriptson npm installs in this repo - Integration tests must run sequentially
dokojs compile
npm test
DEVNET=true npm test
npm run test:agent
npm run test:select ./test/merkle_tree.test.ts
npm run test:select:agent ./test/merkle_tree.test.ts
npm run build --workspace=@sealance-io/policy-engine-aleo
npm run format:fixImportant repo-specific test behavior:
- Default and recommended mode is
devnode DEVNET=trueis slower and should be used only when needed- Prefer the
agentreporter for Vitest when possible - Tests share chain state, so they must not be parallelized
If tests fail to pull images:
docker login ghcr.ioIf port 3030 is already taken:
docker stop $(docker ps -q --filter ancestor=ghcr.io/sealance-io/leo-lang)OpenAI’s own guidance is a strong default:
- State the goal
- Give the relevant context
- State constraints
- Define what “done” means
In this repo, the biggest mistake is assuming Codex will automatically read every linked architecture/testing doc. It will not. Tell it what to read.
Goal: <what you want>
Context: Read AGENTS.md and <specific docs/files>.
Constraints: Follow repo rules, keep changes minimal, preserve existing patterns, and call out assumptions.
Done when: <tests/review output/behavioral proof>.
Read AGENTS.md, docs/LEO-ALEO-PATTERNS.md, docs/CODE-PATTERNS.md, and docs/TESTING.md. Then review the current working tree. Prioritize correctness, security, behavioral regressions, Leo async transition/finalize mistakes, authorization-order issues, public/private visibility leaks, Merkle and freeze-list mismatches, and missing tests. Findings first with file references.
Use /plan. Read AGENTS.md, docs/ARCHITECTURE.md, docs/LEO-ALEO-PATTERNS.md, docs/CODE-PATTERNS.md, and the relevant files under programs/ and test/. Propose the safest implementation plan for <feature>. Include affected programs, async transition/finalize changes, SDK parity implications, required tests, deployment implications, and open questions. Do not edit yet.
Read AGENTS.md, docs/DEVELOPMENT.md, docs/TESTING.md, docs/LEO-ALEO-PATTERNS.md, and docs/CODE-PATTERNS.md. Implement <feature> with the smallest safe change. Preserve repository patterns. Update or add tests. Run dokojs compile and the narrowest relevant tests first, then summarize residual risks.
Read AGENTS.md, docs/TESTING.md, docs/CODE-PATTERNS.md, and docs/LEO-ALEO-PATTERNS.md. Reproduce the failure in <test file or command>, explain the root cause, fix it, add a regression test if needed, and rerun only the narrowest relevant commands before broadening scope.
Read AGENTS.md, packages/policy-engine-sdk/AGENTS.md, packages/policy-engine-sdk/README.md, docs/LEO-ALEO-PATTERNS.md, and the relevant Leo program. Compare the SDK's off-chain hashing, Merkle proof generation, constants, and encoding against the on-chain logic. Call out or fix any parity mismatches and add tests.
Before proposing a design, interview me. Ask the minimum set of concrete questions needed to remove ambiguity around constraints, Leo visibility rules, authorization flow, test expectations, and deployment impact. Then switch to /plan and propose the implementation plan.
When the task touches programs/**/*.leo, ask Codex to explicitly check:
- Async transitions vs async functions
- That mappings are written only in async functions
- That only public values or commitments cross public async boundaries
- Authorization order for token-registry style flows.
- Check that
prehookhappens before transfer. - Check that the
prehookfuture is awaited before the transfer future. - Public/private visibility decisions
- Freeze-list invariants.
- Check
ZERO_ADDRESSsentinel usage. - Check index mappings.
- Check root updates.
- Check previous root window rules.
- Block height window checks in threshold-style policy flows
- Upgradability and multisig assumptions when relevant
Good habit:
- Ask Codex to inspect both the Leo program and the nearest tests before proposing changes
When the task touches behavior, ask Codex to:
- Start with the narrowest test file
- Prefer
devnodefirst - Use
agentreporter where possible - Avoid full
DEVNET=trueruns unless needed - Keep tests sequential
- Add regression coverage for every bug fix that changed behavior
Good review prompt for tests:
Read AGENTS.md, docs/TESTING.md, docs/CODE-PATTERNS.md, and the affected tests. Review whether coverage is missing for negative cases, authorization failures, private/public boundary cases, Merkle proof edge cases, initialization requirements, and block-height timing windows.
- Start
codex --profile review - Run
/status - Ask Codex to read the relevant repo docs
- Run
/review - Use
/difffor changed files - If findings are interesting,
/forkthe session to explore fixes without losing the original review
- Start
codex --profile review - Use
/plan - Point Codex to the exact docs and files
- Make it list risks, assumptions, affected tests, and rollout impact
- Only switch to
editprofile after the plan looks correct
- Start
codex --profile edit - Ask it to read the relevant docs first
- Ask for the smallest safe change
- Require compile and narrow test verification
- End with
/review
- Reproduce with the smallest test or command
- Ask Codex to explain root cause before broad changes
- Fix the bug
- Add a regression test
- Re-run the narrow test
- Review the diff
- Do not start Codex outside the repo and expect it to pick up repo instructions
- Do not assume linked docs are loaded automatically
- Do not ask it to run the whole suite first when a single test file can reproduce the issue
- Do not ask it to parallelize integration tests in this repo
- Do not jump into
danger-full-accessunless you truly need it - Do not use API-key auth for normal interactive local work if you already have ChatGPT Plus
- Do not ask for vague output like "take a look"; ask for findings, plan, or implementation with explicit done criteria
brew install --cask codex
brew upgrade codexOr:
npm install -g @openai/codex
npm update -g @openai/codexcodex --profile review
codex --profile editcodex --profile review -m gpt-5.4 -c 'model_reasoning_effort="high"'
codex --profile edit -s workspace-write -a on-requestdokojs compile
npm test
npm run test:agent
npm run test:select:agent ./test/merkle_tree.test.ts
npm run format:fix/status
/model
/fast
/plan
/review
/diff
/mention
/resume
/fork
/debug-config
- Codex CLI GitHub repo and install instructions: https://github.com/openai/codex
- Latest release: https://github.com/openai/codex/releases/latest
- Codex authentication: https://developers.openai.com/codex/auth
- Codex CLI command reference: https://developers.openai.com/codex/cli/reference
- Codex CLI slash commands: https://developers.openai.com/codex/cli/slash-commands
- Codex config basics: https://developers.openai.com/codex/config-basic
- Codex config reference: https://developers.openai.com/codex/config-reference
- Codex sample config: https://developers.openai.com/codex/config-sample
- Codex best practices: https://developers.openai.com/codex/learn/best-practices
- GPT-5.4 model docs: https://developers.openai.com/api/docs/models/gpt-5.4
AGENTS.mddocs/DEVELOPMENT.mddocs/TESTING.mddocs/LEO-ALEO-PATTERNS.mddocs/CODE-PATTERNS.mdpackages/policy-engine-sdk/AGENTS.mdpackages/policy-engine-sdk/README.md