4AIVN
Back to News

Codex can connect directly with Chrome via a plugin extension

Published on 7 May, 2026
Codex can connect directly with Chrome via a plugin extension

Quick Summary

OpenAI has just launched a Chrome plugin for Codex, enabling the AI coding agent to work directly within the browser to test web apps, read DevTools, and access logged-in services like Gmail or Facebook without hijacking the user's Chrome control. Unlike Google Antigravity, which uses an isolated sandbox environment, Codex integrates directly into the real Chrome browser, running in parallel with clear permissions managed via an allowlist. In a context where Antigravity is disappointing users with tight quotas, escalating pricing, and Chrome profile issues, Codex's Chrome plugin is another practical reason to consider making the switch.

OpenAI has recently launched the Chrome plugin for Codex, allowing the AI agent to work directly inside your Chrome browser without taking over control. This will likely solve the frustrations of users who post on social platforms like Facebook and Instagram by controlling the browser directly—something Antigravity was already capable of doing, but frequently failed with retry errors that left users exasperated. This might be the perfect time to look at where Codex is performing better.

What is Codex for Chrome and what can it do?

Codex has already been integrated as an AI coding agent in ChatGPT, capable of writing code, fixing bugs, and running complex programming tasks. However, until recently, it was restricted to the desktop environment, unable to touch the browser directly. The Chrome plugin released by OpenAI changes that.

Once the extension is installed from the Codex Plugins menu, the agent can work side-by-side with the user on Chrome without requiring you to hand over control. Specifically, Codex can test running web apps, gather context from multiple open tabs, use Chrome DevTools for debugging, and most importantly, access websites requiring authentication—such as Instagram, Facebook, Gmail, or internal tools—via your active Chrome profile.

Codex runs in parallel without hijacking control

The point most emphasized by OpenAI is the design philosophy: Codex operates in the background, parallel to what you are doing, without requiring you to surrender the entire browser. You can still browse normally while the agent runs a signup form test in another tab.

The permission system is straightforward: users control which websites Codex is allowed to access by maintaining an allowlist or blocklist for individual pages. Codex also honors specific confirmation prompts, meaning the agent will not perform actions on any page without your explicit approval. OpenAI also notes that browsing data is only recorded when it becomes part of the processing context, rather than logging your entire Chrome history.

What Codex can do in Chrome

  • Test running web apps: click, fill out forms, verify displayed results
  • Gather context from multiple tabs simultaneously to support the ongoing task
  • Use Chrome DevTools to read console logs and analyze network errors
  • Access social networks requiring authentication to publish posts via your active Chrome profile
  • Flexibly switch between specialized plugins (via MCP or APIs), Chrome (for logged-in contexts), and the in-app browser (for localhost environments)
Example of connecting Codex to Chrome by OpenAI
Example of connecting Codex to Chrome by OpenAI

According to figures published by OpenAI, Codex now has over 4 million weekly active users—an 8-fold increase since early 2025—and the vast majority of the most common workflows occur within the in-app browser, which is likely the driving reason behind the Chrome plugin release.

Antigravity and Chrome: Differing integration architectures

Google Antigravity launched in November 2025 with an entirely different ambition: not as an add-on plugin for an IDE, but as a complete agent-first platform where the browser is an inseparable part of the working environment.

Built-in browser, not an extension

Instead of installing an extension into your personal Chrome, Antigravity integrates a separate Chrome browser directly inside the IDE. The agent can open browser windows, click, scroll, fill forms, read console logs, and take screenshots—all within a sandboxed environment completely isolated from the user's personal Chrome profile.

This design offers a clear security benefit: the agent never touches your bookmarks, browsing history, or saved passwords. In return, however, it cannot access services requiring authentication from your real Chrome profile unless you install the Antigravity Browser Control extension—which is exactly where the issues begin.

When keeping separate profiles leads to controversy

When users install Antigravity to let the agent interact with web pages on Chrome, they face a highly frustrating experience: bookmarks, history, and saved passwords seem to disappear. Google has failed to communicate this clearly, leading users to believe their data has been deleted.

In addition to this issue, Antigravity has received substantial negative feedback regarding high network traffic and continuous retries, leaving users deeply frustrated—sometimes unable to execute even a single prompt. This persists even for registered Pro and Ultra tier users.

Direct comparison: Antigravity vs. Codex

From a technical standpoint, both Codex and Antigravity allow the agent to operate inside the browser. However, how they design access control reflects two entirely different philosophies.

Codex chooses to integrate into your own Chrome—the agent works in the context of the real browser, with the real profile, but under explicit user control via an allowlist/blocklist system and step-by-step confirmation. Users don't have to switch profiles, don't have to worry about bookmarks disappearing, and most importantly, the agent can access the exact services they are already logged into.

Antigravity chooses to sandbox completely—the agent's browser is entirely separate from your personal Chrome. While theoretically more secure, it creates significant friction when real-world resources are needed. The philosophy of "the agent is an independent contractor; you just assign tasks and verify results" sounds great on paper, but when the agent gets stuck or makes mistakes, the cost of correction is not trivial.

An important difference is the target scope. Codex, although starting as a developer tool, is clearly expanding to general users—those who work with a browser daily but do not necessarily write code. Antigravity still firmly positions itself in the developer space, with Agent Managers, Workspaces, artifacts, and concepts that demand a steep learning curve.

Antigravity is disappointing users, and Codex is capitalizing on it

If you have used Antigravity over the past few months, you know it isn't technically bad—the platform really has some exciting ideas about agent-first development. However, the gap between the vision and the actual user experience is becoming increasingly obvious, and the developer community is voting with their feet for convenience.

Codex, meanwhile, is moving in the opposite direction: instead of crafting a distant future, it improves the steps users take daily. The Chrome plugin is a perfect example—this is not a novel, unrequested feature, but a direct solution to a concrete problem: how to let the coding agent work with real websites that users rely on, without creating friction.

Key questions about the future for Codex and Antigravity

The Codex Chrome extension is not a "wow" feature that changes everything instantly—but it represents a more logical way of thinking about how an AI agent should operate within the browser: in parallel, controlled, and without interfering with the user's working context.

Antigravity bet big on building an entirely new agent ecosystem—and the price of that ambition is being paid by users through inconsistent experiences and increasingly unpredictable pricing. Codex chose a simpler route: integrating into what users already have and making it better, one step at a time.

In the developer AI agent race, winning is sometimes not about building the newest thing—but about not breaking what users already love and use well.

Discussion (0)

Log in to join the discussion.

No comments yet. Be the first!

Related Articles

NotebookLM is now Gemini Notebook: What's New?

NotebookLM officially became Gemini Notebook on July 16, 2026. The new name marks its evolution from a document Q&A tool into an AI research workspace that can run code, analyze data, create reports in multiple formats, and follow users into Gemini and Google Search. This article explains what has actually changed, which features remain, and who can use the new upgrades. Gemini Notebook is still the familiar NotebookLM Google confirms that Gemini Notebook remains a standalone product focused on research and learning. Existing users do not need to move their data to another service. Notebooks, sources, notes, and generated content remain within the same experience, while the new name makes the product a more recognizable part of the Gemini ecosystem. The core of the tool is unchanged. Users collect PDFs, websites, YouTube videos, audio files, Google Docs, or Google Slides in individual notebooks. When asked a question, Gemini Notebook responds based on the selected sources and provides citations that take readers to the relevant passage. This approach is especially useful when a claim needs to be verified instead of accepting an unsupported answer from a chatbot. The rename follows a journey that began with Project Tailwind at Google I/O 2023. According to Google, the product now has more than 30 million users and is used by over 600,000 organizations. The Gemini Notebook name therefore reflects a new stage of maturity in which a notebook is no longer simply a place to read documents but a workspace for research, analysis, and complete deliverables. How does Gemini Notebook run code? The most notable technical change is that each notebook can be equipped with a secure cloud computer. Put simply, Gemini Notebook has its own environment for writing and running code for research tasks. The tool can clean data, perform calculations, compare multiple datasets, build charts, or test a hypothesis instead of only summarizing text. From document Q&A to actionable analysis Previously, NotebookLM stood out for its ability to read multiple sources and provide citation-backed answers. With a code execution environment, Gemini Notebook goes one step further: it can manipulate data to produce new results. An analyst can import data from several countries with inconsistent formats, ask the tool to standardize it, run calculations, and then create charts and a report. Google says the system also includes more than 100 curated software skills. Even so, it is still an AI system that can make mistakes. Users should review the code, calculations, input data, and conclusions, especially when the results are used for financial, legal, medical, or business decisions. Note: Agentic capabilities and code execution are not yet available to every account at once. Google AI Ultra and selected Workspace plans receive access first; Google says the feature will continue rolling out to Pro users on the web. Which output formats can Gemini Notebook create? Gemini Notebook is no longer limited to text reports. From the data and documents in a notebook, users can request PNG or SVG charts, PDF reports, Word files, Markdown, plain text, CSV, JSON, Excel, and PowerPoint. The system also supports images, data tables, infographics, and slides, while allowing users to revise generated versions. One source collection, many ways to present it The same training material can be turned into a management report, presentation slides, a spreadsheet for an operations team, and an Audio Overview for people who prefer listening. Students can create flashcards, quizzes, mind maps, or a Video Overview. Content teams can build comparison tables and infographics without copying the same data through too many tools. Research: find sources, cross-read documents, cite evidence, and create reports with charts. Data analysis: standardize tables, run code, export CSV or XLSX files, and visualize results. Learning: create study guides, flashcards, quizzes, audio, video, and mind maps. Teamwork: build a knowledge base, share viewer or editor access, and track usage. The real value does not lie in the number of formats but in the fact that they are created from the same source collection. When users want to change the perspective or target audience, they can adjust the request without rebuilding the entire context. Where does Gemini Notebook appear in Google’s ecosystem? Gemini Notebook has started appearing in the Gemini app. Notebooks created in the standalone product can appear in Gemini’s navigation, while notebook name changes, added sources, and updated custom instructions are synchronized across apps. Users can therefore continue chatting with their knowledge base without always returning to a separate tab. Google also plans to bring notebooks into AI Mode in Search. Once completed, this direction could turn a notebook into a personal context layer that follows users from web research to conversations with Gemini. However, shared notebooks and conversations in Gemini have separate rules for visibility, sharing, and data retention; organizational users should review the policies for their Workspace plan. How to get started with the new name Open Gemini Notebook with a Google account and create a notebook for one specific goal. Add trustworthy sources, then check how the tool categorizes and cites them. Start with narrow questions before requesting deep research, data analysis, or output files. Review citations, calculations, and the final version before sharing. Existing users can continue visiting the familiar NotebookLM address during the transition. The tool slug on 4AIVN also remains unchanged so old links do not break, while the name and content have been updated to Gemini Notebook. Does the rename make Gemini Notebook more useful? A name alone does not change research quality. What makes this rename notable is that Google is combining three layers of capability in one product: citation-backed sources, a code execution environment, and the ability to bring notebooks into Gemini and Search. If rolled out reliably, Gemini Notebook can shorten the path from reading documents to analysis and finished deliverables. However, not every feature is immediately available to everyone, and AI-generated output still needs to be checked. The most effective approach is still to choose strong sources, separate notebooks by clear goals, request specific outputs, and keep a person in the final approval step.

Liên
17 Jul, 2026
Hermes Agent and MCP: Automate Real Workflows

An AI agent may plan extremely well, yet it still cannot update Notion, read GitHub issues, or retrieve reports from Google Drive without the right connection. By combining Hermes Agent with MCP, users can turn a conversation into a practical workflow while clearly controlling which tools and permissions the agent may use. If you are not yet familiar with Hermes memory and its ability to create skills, our guide to what Hermes Agent is provides the necessary foundation. This article focuses on how MCP extends Hermes beyond the terminal so it can work with everyday data and services. What does MCP add to Hermes Agent? MCP is a connection standard between an AI application and a server that provides tools or data. It can be understood as an adapter layer: Hermes remains the agent responsible for understanding the goal and choosing the next step, while each MCP server contributes specific actions such as searching Notion, reading a pull request, creating an issue, or querying files. According to the Hermes Agent MCP documentation, Hermes supports local servers over stdio and remote servers over HTTP. At startup or after a configuration reload, Hermes discovers the tools exposed by each server and registers them in its normal tool system. Users therefore do not need to write a native Hermes tool for every service that already has a suitable MCP server. MCP does not automatically make a workflow safe. A server may expose tools that read, write, create, and delete data. Hermes supports filtering per server, allowing users to enable only the operations they need instead of exposing every capability to the model. How to connect MCP without granting excessive access The standard Hermes installation already includes MCP support. Users can open the picker with hermes mcp, view the catalog with hermes mcp catalog, and test a connection with hermes mcp test. Nous Research reviews entries before they enter the Hermes catalog, but its documentation still recommends reading the manifest, source repository, and installation commands before use. For a server outside the catalog, users can add an HTTP connection or a stdio command to config.yaml. After completing OAuth or configuring the required environment variables, reload MCP and ask Hermes to list the available tools. This simple check reveals servers that failed to connect or tools that were accidentally filtered out. Begin with read access The safest setup is to connect one server, enable read only tools, and test with nonsensitive data. Add create or update permissions only after results are stable. Deletion, sharing changes, and outbound publishing should require human approval. Notion initially needs only search and page reading access. GitHub can be limited to reading repositories, issues, and pull requests. Google Drive access should be limited by folder, account, and required OAuth scope. Three practical workflows with Notion, GitHub, and Google Drive Turn Notion into a knowledge center The official Notion MCP allows an agent to search, read, and update workspace content under the authenticated user's permissions. A useful workflow lets Hermes collect meeting notes, find relevant decisions, and prepare a summary on the project page. Hermes can create a draft first so a user can review it before updating status or assigning work. Notion MCP uses user based OAuth, so it does not fit every unattended process. For scheduled automation, verify how the server maintains authentication and avoid designing a workflow around operations that OAuth cannot support in a headless environment. Coordinate development work through GitHub The GitHub MCP Server is provided and maintained by GitHub, allowing AI tools to work with software development data according to account permissions. Hermes can read new issues, compare them with repository changes, and draft a progress report. It can then prepare issue text or release notes while waiting for an owner to approve the write operation. This workflow works best with clear criteria. For example, Hermes can summarize only pull requests merged during the previous seven days, group them by label, and connect each change to its related issue. A second MCP server can then send the result to Notion as a weekly report. Summarize files and reports from Google Drive With a compatible Google Workspace MCP server, Hermes can find Drive files, read permitted content, and feed data into a reporting process. For example, the agent can locate a sales report in a fixed folder, extract selected metrics, and create a summary for Notion or a GitHub issue. Google collects its official MCP projects in the Google MCP repository, including a path for Google Workspace integration. However, several community Drive servers have different maintenance histories. Check the source, update history, and OAuth scopes of the specific server instead of installing one based only on its name. Combine multiple MCP servers into a controlled workflow A complete workflow can begin in GitHub, use Drive as a data source, and finish in Notion. Hermes reads an issue labeled for reporting, finds the corresponding spreadsheet in Drive, produces a summary, and updates the project page. Each stage uses a different MCP tool group, while Hermes plans the sequence and passes results between stages. Do not enable parallel execution merely because a server supports it. Hermes documentation allows servers to declare parallel tool support but warns that operations reading and writing shared state can conflict. Independent read operations may run together, while Notion updates, issue creation, and file changes should remain sequential. Important: An MCP server is software that can run commands and receive credentials. Install only trusted servers, keep tokens out of prompts, filter dangerous tools, and require approval for deleting, sharing, or publishing data. How should you start the first workflow? Do not connect Notion, GitHub, and Google Drive on the same day and immediately assign a critical process. Choose one input, one output, and one completion criterion that is easy to verify. A first workflow could read closed GitHub issues and create a draft report in Notion without deletion or publishing permissions. After several stable runs, you can turn the procedure into a reusable Hermes skill and add a schedule. The real value of MCP is not the number of connected servers. It is the ability to complete a recurring workflow with a small permission surface, verifiable results, and a clear data path.

Nam
16 Jul, 2026
Comparing Hermes Agent, OpenClaw, and Claude Cowork

Hermes Agent, OpenClaw, and Claude Cowork are all called AI agents because they do more than answer questions. They can break an objective into multiple steps, call tools, read data, and produce a complete result. However, comparing these three products using only a feature table can easily lead to the wrong choice. Hermes Agent is designed as an agent that can learn how you work. OpenClaw is designed as a personal assistant that is always available through messaging channels, while Claude Cowork is intended for users who want to delegate office work in natural language within an environment managed by Anthropic. Therefore, the important question is not which tool is the most powerful, but how much you want to manage yourself and where you want the agent to appear in your daily workflow. Three products with different designs The differences among these three AI agent tools do not lie only in the model that performs the work. They also come from the framework surrounding the model, which manages tools, memory, access permissions, and the execution loop. This concept is explained in detail in our article What is an agent harness?, which helps explain why three products that are all called AI agents can behave so differently. Hermes Agent prioritizes a learning loop and execution environments The notable point about Hermes is that skills are not merely a list of skills that have already been installed. After completing a task, the agent can extract a useful process, save it, and improve it the next time. Our article What is Hermes Agent? explains this self learning mechanism separately. The accumulated value of this mechanism grows over time when users have recurring tasks such as analyzing projects, monitoring information sources, standardizing reports, or operating a chain of internal tools. Hermes also supports several types of sandboxes, including local execution, Docker, SSH, Singularity, and Modal. A sandbox is an isolated environment in which the agent executes commands and works with files. This flexibility lets users choose among speed, control, and isolation, but it also requires an understanding of infrastructure, access permissions, and secret management. OpenClaw uses the Gateway as its coordination center In OpenClaw, the Gateway is the control layer between the agent, devices, and communication channels. A message can become a request for the agent to read a calendar, process a file, call a service, or respond in the correct conversation. This approach feels natural for people who want to message an assistant from their phone without needing to remember where the server is running. OpenClaw is most suitable when the agent needs to react as soon as work appears, without requiring the user to open a computer or enter a separate application. Instead of waiting for you to start a work session, it remains available in the messaging channels you already use and begins processing as soon as a message arrives or a configured event is triggered. Claude Cowork provides a managed workspace Cowork reduces the amount of infrastructure that users must manage themselves. In the desktop application, users can grant access to a local folder and ask Claude to read, organize, or create files. With remote sessions, work takes place in an isolated environment on Anthropic servers, which suits long tasks that do not require a personal computer to remain active continuously. In return, the level of customization and control over the execution layer is not as broad as in a self hosted project. Cowork is better suited to people who want quick results within the Claude ecosystem and do not want to maintain a server or design a Gateway themselves. How the memory of the three tools works differently Memory in an agent should not be understood simply as storing every conversation. A useful system must know which information is worth retaining, which information matters only in the current session, and when old data should be retrieved. If it stores too little, the agent must ask the same questions repeatedly. If it stores too much, costs will certainly increase and sensitive data can easily be used in the wrong context. Hermes stands out by combining persistent memory with skills that can improve. Memory records preferences and context, while a skill records how to complete a type of task. These two layers make the agent feel as if it increasingly understands the user, but quality still depends on whether the user reviews what has been stored and removes processes that are no longer appropriate. OpenClaw runs across several channels at once, and that is also its most complicated aspect. Remembering conversation content is only one part of the problem. The harder issue is distinguishing who is speaking, which channel they are using, and which scope the work belongs to. A command sent in a company Slack group should not automatically pull in private context previously discussed on Telegram. If session configuration and identity policies should be established clearly from the beginning, even a strong model cannot rescue a system when everything remains ambiguous. Cowork limits context to each work session, reads only the files for which you grant access, and uses only the connections you allow. For people who are not accustomed to building systems, this approach is easier to control because the boundaries of each task are relatively clear. However, clear boundaries do not mean automatic understanding. You still need to explain what you want, what completion should look like, and where the data should come from. Cowork cannot infer your company context unless you actively provide it. Which type of work each tool automates best Hermes includes web tools, terminal access, MCP, scheduled runs, and subagents. MCP is a connection standard that helps an agent communicate with external data sources or applications through a consistent interface. By combining MCP with skills, users can turn an experiment into a repeatable process, such as collecting data each morning, analyzing changes, and sending a summary. OpenClaw is strong at workflows that begin with a message or an event. For example, a user can send an invoice to a private channel, after which the agent extracts the information and updates a storage system. Another example is receiving a service alert, gathering additional diagnostic data, and returning a summary directly to the operations group. Its value comes from reducing the gap between the moment a need appears and the moment the agent begins acting. Cowork suits structured office outputs. It can research a topic, synthesize data, create a document, and continue revising it according to feedback. Long running or scheduled tasks help Cowork move beyond short question and answer interactions. Even so, organizations need to inspect each connector and its access permissions before allowing the agent to work with real data stores. When deep integration with private infrastructure is required, Hermes and OpenClaw generally provide more room. When the priority is reducing the time from a request to a finished document, Cowork usually has an advantage. This is the difference between a platform intended for assembly and a product that has already been packaged. How secure are these three AI agents? There is no simple answer to the question of which one is safer because the security risks of each tool come from completely different areas. Hermes Agent: Self hosting does not automatically mean safety. The greatest risk comes from automatically generated skills because, in essence, they are pieces of code that the agent writes and then runs by itself. If they are not reviewed before scheduled execution, a skill with terminal access or permission to send data externally can do things without your knowledge. In addition, API keys and sensitive folders should not appear in prompts or be mounted directly into a sandbox when the skill does not actually need them. OpenClaw: The more channels you connect, the wider the attack surface becomes. The point most easily overlooked is sender authentication. If the Gateway trusts only a display name or a channel that has not been properly secured, a compromised messaging account may be enough for someone to issue commands to your agent. The list of people allowed to send commands and the permissions of each bot need to be reviewed whenever you add a new channel. Claude Cowork: The most concerning risk is prompt injection, which occurs when the agent reads a document or webpage containing hidden instructions intended to redirect it away from your original request. Anthropic provides safeguards and asks for confirmation before sensitive actions, but those measures do not replace your own review of the results or the need to avoid granting broader permissions than the task actually requires. Note: With any agent, do not grant permission to delete files, send external messages, or perform sensitive transactions. Start with read only mode, enable complete logging, and retain human approval for actions that require human judgment. Should you choose Hermes Agent, OpenClaw, or Claude Cowork? Every tool has its own strengths and weaknesses, so selecting the most suitable one depends on the user and the work that needs to be done. Choose Hermes Agent when you want the agent to understand how you work increasingly well Hermes suits developers, researchers, and technical teams that want an agent to learn their own processes and run on flexible infrastructure. It is particularly worth considering when tasks recur often enough for skills to create accumulated value. You need to be prepared to read logs, review skills, and manage execution environments. Best suited when: You want the agent to remember and improve work processes through repeated use. You can manage sandboxes, select models, and control access permissions yourself. Choose OpenClaw when work requires continuous communication through messages OpenClaw is suitable when the assistant needs to be present on Telegram, WhatsApp, Slack, Zalo, or similar channels. It is useful for alerts, rapid collection of requests, and automation that begins with a conversation. In return, you must manage identity, channel permissions, and Gateway stability. Best suited when: Requests usually arrive as messages or automated alerts. You need one coordination point for several different communication channels. Choose Claude Cowork when you need quick results without building a system Cowork suits content creators, analysts, and managers who need complete documents, spreadsheets, and slides without wanting to think about servers or Gateways. In return, you should understand the limits of your plan, where data travels, and which connections are enabled before introducing real work. Best suited when: You want to describe the required outcome in natural language and receive a complete output. You prioritize the convenience of a managed service over full control of the infrastructure.

Nam
14 Jul, 2026
How to combine Codex and Claude Code with one plugin

Is anyone else using Codex and Claude Code side by side? I only recently discovered the Codex plugin for Claude Code, published by OpenAI itself. The useful part is not simply having another AI available. It is being able to call Codex from the current Claude Code session for a code review, an adversarial design challenge, or a separate delegated task without constantly switching tabs and sessions. What makes the Codex plugin for Claude Code useful? The openai/codex-plugin-cc plugin is intended for developers who already work in Claude Code and want to add Codex to that workflow. Instead of allowing both agents to edit the same file at the same time, you can assign clear roles: Claude Code implements and Codex reviews, or Claude Code keeps the main thread while Codex investigates an independent problem in the background. The official plugin provides review commands such as /codex:review and /codex:adversarial-review, delegation through /codex:rescue, and job or session management through /codex:transfer, /codex:status, /codex:result, and /codex:cancel. Codex therefore becomes a collaborator inside the Claude Code workflow rather than a separate window. It does not create a separate Codex runtime The plugin uses the Codex CLI and Codex app server installed on the same machine. It also reuses the local authentication state, current repository checkout, and existing config.toml settings. Integration is straightforward, but each request still contributes to the user's Codex usage limits. Requirements before installation You need Node.js 18.18 or later and either a ChatGPT subscription, including Free, or an OpenAI API key. If Codex CLI is missing, /codex:setup can offer installation guidance. You can also install it manually with npm install -g @openai/codex and sign in with !codex login. How to install the Codex plugin in Claude Code Run these commands in Claude Code: /plugin marketplace add openai/codex-plugin-cc /plugin install codex@openai-codex /reload-plugins /codex:setup The last command checks whether Codex is installed and authenticated. Once setup is complete, the Codex slash commands should appear in Claude Code, along with the codex:codex-rescue agent under /agents. Try a background review first A low-risk first run is /codex:review --background. Use /codex:status to monitor it and /codex:result to retrieve the final review. Multi-file reviews can take time, so background mode keeps Claude Code available for other work. Three effective Codex and Claude Code workflows The value of the plugin comes from role design. If both agents modify the same area without boundaries, the result may be conflicting edits, repeated analysis, and wasted context. The following workflows make ownership clearer. Let Claude implement and Codex review After Claude Code completes a feature, run /codex:review for a read-only review. It can inspect current uncommitted changes or compare the branch against a base with /codex:review --base main. Because Codex does not edit files in this mode, the developer keeps control of what is accepted. For example, after Claude adds a payment flow across several modules, Codex can inspect logic errors, edge cases, and cross-file side effects. Claude Code can then evaluate the findings and apply only the changes that make sense. Delegate an entire task to Codex Use /codex:rescue for a problem that can be isolated, such as /codex:rescue --background investigate why the integration test is flaky. Claude Code can continue working on the interface or documentation while Codex investigates in the background. Rescue supports --background, --wait, --resume, and --fresh. Define the expected output and file scope before delegating. A vague instruction to fix everything while Claude Code is also editing the repository can still create collisions. A good task has a specific goal, completion criteria, and a clearly owned part of the codebase. Use adversarial review to challenge the project direction /codex:adversarial-review is designed to question implementation and design decisions rather than merely find bugs. For example, /codex:adversarial-review --base main challenge the caching and retry design asks Codex to inspect assumptions, trade-offs, alternatives, and risks such as data loss, race conditions, rollback, or reliability. This is where the two agents may appear to argue, but the debate only helps when a human sets a narrow question, requests evidence, and defines a decision rule. Otherwise, the review can become a chain of opinions with no practical outcome. Transfer sessions and manage background jobs /codex:transfer creates a persistent Codex thread from the current Claude Code session and prints a codex resume <session-id> command. It is useful when a discussion has grown beyond a short review and you want to continue directly in the Codex App or TUI without manually rewriting the context. Monitor, retrieve, and cancel work For background tasks, /codex:status shows progress, /codex:result returns the stored output and session ID, and /codex:cancel stops an active job. These commands prevent multi-agent work from becoming a black box. When a task drifts from its goal, canceling early is usually cheaper than waiting and starting over. Watch for review loops and usage limits Important: OpenAI explicitly warns that the optional review gate can create a long-running Claude/Codex loop and drain usage limits quickly. When enabled with /codex:setup --enable-review-gate, the plugin uses a Stop hook, which is an automated trigger that runs when Claude is about to finish its response, to start a targeted Codex review. If it finds an issue, Claude's response is blocked so Claude can address it first. This can be valuable before shipping, but it should not be left unattended. A practical safety checklist Assign roles before running: one agent implements while the other reviews, or each owns a separate task. Limit the scope by naming the branch, files, risk area, and completion criteria. Use background mode for large reviews and check progress periodically. Enable the review gate only while actively monitoring it, then disable it with /codex:setup --disable-review-gate. Do not let Claude review all Codex output and then ask Codex to review every Claude revision without a clear stopping rule. Use /codex:cancel when a task moves in the wrong direction. How can Codex and Claude Code work well together? The official OpenAI plugin offers a cleaner alternative to keeping Codex and Claude Code open in separate tabs or letting both agents edit the same file. Claude Code can remain the coordinator while Codex reviews, challenges a design, or owns a separate task. A sensible starting point is one small /codex:review --background run, followed by status, result, and cancel. Try rescue, transfer, and the review gate only after the basic workflow is familiar. The two systems can complement each other well, provided a person still sets the boundaries, budget, and stopping point.

Nam
14 Jul, 2026