Advanced Codex Mobile Operations
About 5 minutes
At daily-use scale, the important question is not whether a connection works. It is which host, permissions, and tasks should be available remotely.
Choose a Host Pattern
Section titled “Choose a Host Pattern”Daily Laptop
Section titled “Daily Laptop”A laptop provides existing projects, credentials, and plugins, but sleep and network loss stop remote work. It fits short trips and active-task review.
Always-On Computer
Section titled “Always-On Computer”Stable power and networking support longer investigation and recurring blog work. Apply these boundaries:
- A least-privilege account dedicated to Codex
- Only required repositories
- No production secrets
- No automatic deployment permission
- A maintenance window for OS and Codex App updates
SSH Development Environment
Section titled “SSH Development Environment”When a project already lives on a development server, add the SSH host through the Codex App. The phone connects to the Codex App host, while Codex reads files and runs the shell on the SSH destination.
Host blog-dev
HostName dev.example.com
User codex
IdentityFile ~/.ssh/id_ed25519Verify normal SSH access from the Codex App computer first.
ssh blog-devUse trusted keys, a least-privilege user, and known hosts. Do not expose Codex app-server transports directly on a shared or public network. Use a VPN or trusted mesh network when access must cross networks.
Separate Projects by Permission
Section titled “Separate Projects by Permission”| Project | Suitable for mobile | Review at a desk first |
|---|---|---|
| Personal blog | Drafts, link checks, tests | Publication, DNS, secret changes |
| Application | Investigation, tests, small fixes | DB migration, billing, production config |
| Infrastructure | Read-only inspection, plans, diffs | Apply, deletion, permission changes |
A repository policy such as AGENTS.md can prohibit an action even when the host technically allows it. Document mobile stop conditions explicitly.
Use Approval Tiers
Section titled “Use Approval Tiers”Suitable for Mobile Approval
Section titled “Suitable for Mobile Approval”- Read-only commands such as
git statusandgit diff - Repository-defined non-destructive tests
- A new article file in a defined location
- Small changes that follow an existing pattern
Requires Additional Review
Section titled “Requires Additional Review”- Package installation
- Internet access
- Broad file generation
- Commit, push, or pull request creation
- Browser or Computer Use actions on external services
Never Run from Mobile
Section titled “Never Run from Mobile”- Production deployment
- Destructive data operations or irreversible migration
- Credential creation, display, or rotation
- Administrator permission changes
- Purchases or billing changes
Name and Switch Hosts Deliberately
Section titled “Name and Switch Hosts Deliberately”macbook-interactive # daily interactive development
home-blog-runner # blog investigation and checks
windows-ui-test # Windows-specific validationBefore starting a thread, confirm host, project path, and branch. Different hosts may not contain the same file state.
Recovery Checklist
Section titled “Recovery Checklist”- Is the host awake and online?
- Is the Codex App running?
- Do phone and host use the same account and workspace?
- Is the phone still registered in Connections?
- What do the branch and
git statusshow? - Did the last command complete or stop midway?
- Did any external write occur?
After reconnection, inspect current state before repeating the previous instruction.
Periodic Review
Section titled “Periodic Review”| Frequency | Review |
|---|---|
| Every task | Host, project, branch, existing diff |
| Weekly | Connected devices, failed tasks, old threads, disk capacity |
| Monthly | Codex App and OS updates, SSH keys, permissions, plugins |
| Lost device | Remove connection, review sessions, credentials, and MFA |
Advanced Workflow: Blog Update Pipeline
Section titled “Advanced Workflow: Blog Update Pipeline”- Send a note and completion criteria from the phone
- Inspect conventions on an always-on host
- Approve the outline from the phone
- Create and validate the article on the host
- Review the diff and test results from the phone
- Return to a desk for preview and publication
Keeping publication behind a separate gate preserves remote productivity without making production changes routine.
Summary
Section titled “Summary”- Match laptops, always-on hosts, and SSH environments to their purpose
- Use a dedicated least-privilege account on persistent hosts
- Never expose app-server transports directly to a public network
- Define mobile approval, additional review, and mobile-prohibited tiers
- Re-check state after every reconnection
- Separate production publication from routine article creation
Codex Mobile becomes more useful as its permissions and stop conditions become clearer. Treat it as a way to make necessary decisions from another location, not as a way to approve actions faster.
See the references for the external specifications and background sources used on this page.[1][2]
References
Section titled “References”- OpenAI, Codex documentation
- OpenAI, OpenAI API documentation