Runtime for Codex CLI

Codex CLI support is coming soon. When it lands, each agent will run in its own cloud environment, with the OpenAI API key projected as a scoped secret, state that survives runs, and an approval model that works without a human at the terminal. Today, OpenClaw and Hermes already run on this model.

Coming Soon

What Codex CLI needs from a cloud runtime

Codex CLI assumes a sandboxed environment with filesystem access, network control, and shell execution. Each of those has to translate into something unattended before Spinup can call it supported.

Cloud-shaped sandbox

Codex CLI expects a writable filesystem, package installation, and shell access. The work is to map those expectations onto Spinup's isolated microVM runtime.

OpenAI key projection

The OpenAI API key gets projected as a scoped secret, the same way OpenClaw and Hermes already receive their credentials.

Unattended approval modes

Codex CLI's read-only, auto, and full-access modes need a cloud-shaped contract that works without a human in the loop.

State that survives between runs

Installed packages, generated files, and project state need a clear persistence contract so runs can resume.

From Local to Cloud

Why local runs stop being enough

Codex CLI works well on a developer's machine. The agent runs inside an OS-native sandbox, reads and writes project files, and installs packages as needed. But runs stay tied to one workstation. There is no built-in mechanism for persistent, reproducible environment state across sessions.

Moving to the cloud changes the assumptions. You need persistent environments that survive across runs. You need secrets management that does not depend on the developer's shell profile. You need network controls that work at the infrastructure level, not just at the local sandbox boundary. And you need to compare Codex CLI with other harnesses without rebuilding the surrounding setup each time.

You can't run Codex CLI on Spinup yet. OpenClaw and Hermes are the supported harnesses today, on the same isolation, secret, and persistence model. Codex CLI plugs into the same shape once its specifics are ready.

FAQ

Common questions about Codex CLI on Spinup

How does Spinup replace Codex CLI's local run model?+

Not yet. Codex CLI is on the roadmap. The launch runtime proves the microVM runtime model with OpenClaw and Hermes first, and Codex CLI plugs into the same shape later.

How are OpenAI API keys managed for Codex CLI in Spinup?+

Not yet. When Codex CLI lands, the OpenAI API key gets projected as a scoped secret using the same workspace model OpenClaw and Hermes already use.

Can I switch from Codex CLI to another harness without rebuilding?+

Not yet. The runtime is built to be portable across harnesses, but today the supported swap is between OpenClaw and Hermes. Codex CLI joins that swap once it lands.

How does Codex CLI's approval model work in a cloud environment?+

That contract still needs to be designed. Codex CLI's read-only, auto, and full-access modes have to translate into something unattended before they sit behind `/exec`.

What is a Cloud Agent Runtime?→Secure Code Execution for AI Agents→Runtime for Claude Code→Runtime for OpenClaw→

Early access

Codex CLI is on the way. Try OpenClaw or Hermes on the same runtime today.

Request access if this is the runtime shape your team has been missing.