Codex setup

Route the Codex CLI through aiproxy to monitor and govern every request the agent makes.

• aiproxy running locally (examples below use http://localhost:8080)
• Install the aiproxy certificate authority (see Quick Start → TLS certificate)

Codex respects the ALL_PROXY environment variable. Export it before starting the CLI to forward every HTTP(S) call through aiproxy. Include NO_PROXY so local loopback traffic stays direct.

export ALL_PROXY=http://localhost:8080
export NO_PROXY=localhost,127.0.0.1

codex

Unset the proxy variables after the session:

unset ALL_PROXY NO_PROXY

Codex lets you define custom model providers in ~/.codex/config.toml. Add an aiproxy entry that targets the /openai reverse-proxy endpoint and a profile that selects it:

[model_providers.aiproxy]
name = "aiproxy"
base_url = "http://localhost:8080/openai"
wire_api = "responses"

[profiles.aiproxy]
model_provider = "aiproxy"

Launch Codex with that profile:

codex --profile aiproxy

Set the profile as default if you always want to use aiproxy:

profile = "aiproxy"

For a one-off session, override the provider without editing the config file. The CLI treats --config as a TOML override:

codex \
  --config model_providers.aiproxy.name='"aiproxy"' \
  --config model_providers.aiproxy.base_url='"http://localhost:8080/openai"' \
  --config model_providers.aiproxy.wire_api='"responses"' \
  --config model_provider='"aiproxy"'

Use single quotes around the entire flag so the inner quotes survive shell parsing.

Run a quick command, such as:

codex exec "List the contents of the current directory."

Watch the aiproxy logs for /v1/* requests. If no entries appear, confirm that the environment variables or profile are active and that the certificate authority is trusted.