Codex mobile CLI: runs that survive review

You can run Codex CLI from a phone, a tablet, or a borrowed laptop and still pass review, as long as the receipts travel with the run. A codex mobile cli workflow is just Codex CLI, OpenAI's coding agent, started somewhere other than your desk, with its transcripts and verification notes kept in the repo where a reviewer can replay them. The place a session starts should change nothing about how it gets reviewed.

The failure mode is easy to spot once you've watched a PR queue for a week. A summary lands without the paths it touched, and the review stalls right when the session began away from a keyboard. The model did its job. The narrative didn't survive the trip.

Keep the receipts with the run

When a run is mobile, the temptation is to trust it. The screen is small, the keyboard is worse, so the write-up shrinks to a few bullets and the real evidence stays in chat. That works until someone else has to merge it.

Fix it by keeping four things in the repo instead of in a chat window:

Each one answers a question a reviewer would otherwise have to ask you live. A run that carries its own answers is a run nobody has to chase.

Pin the model and the connectors in AGENTS.md

Models and connectors are the two things that drift hardest across sessions. Someone swaps the default model on their phone, and the next reviewer can't tell whether the risk appetite changed. A connector gets enabled for one task and quietly stays on, widening the blast radius for every run after.

Both belong in version control. Pin the default model and the escalation rule in AGENTS.md so the next session inherits the decision instead of remaking it. Keep a connector roster checked into the repo root, written in the language of the MCP specification, so a security review starts from a known surface.

# AGENTS.md verification snippet

- Every Codex CLI run ends with a transcript snippet reviewers can replay.
- Pair browser evidence with the project's normal CLI checks before merge.
- If MCP servers are enabled, list allowed actions beside each connector name.

Most questions that land on this kind of run are onboarding, not policy: how to use codex cli, how to drive it from a phone. The flag questions, like whether there's an auto-skip or where --full-auto belongs, are version details on the features page. When hands-off mode is acceptable is a rule for your AGENTS.md, not a fact about the tool.

Review a run you never watched live

A reviewer should be able to trace intent without replaying a chat log. The scope receipt below is the thing that makes that possible. Paste it into the PR and tick it before you ask for review:

• Verification command output is pasted or linked.
• Forked agent work lists parent and child responsibilities.
• Red-folder paths received explicit human acknowledgement.
• Scopes in the PR body match the folders in the diff.

Four gates cover what a reviewer actually needs to know:

Some decisions never go on autopilot, no matter how autonomous the run feels. Threat models, customer promises, and anything that changes the blast radius stay with a human. The agent is the relief crew; the people standing outside the trench still own the blueprint.

Common questions

• Can a codex mobile cli workflow keep review quality?

  Yes, if the receipts travel with the run. The same CLI transcripts and verification notes stay reviewable wherever the session starts, because they live in the repo instead of in chat. Trust does not scale when the evidence stays in a chat window, so the pattern moves it somewhere a reviewer can replay it.

• What breaks first when Codex runs far from the desk?

  The reviewable narrative collapses before the model's capability does. Four fixes keep that narrative in the repo: a verification latch for transcripts, a browser bridge note for staging URLs and credentials, a model pin inside AGENTS.md, and a Markdown connector roster at the repo root. None of these depend on where you typed.

• How do reviewers control work they never watched?

  Through the scope receipt. Verification output is pasted or linked, forked agent work lists parent and child responsibilities, red-folder paths get explicit human acknowledgement, and the scopes named in the PR body match the folders in the diff. A reviewer can then trace intent without replaying any chat.

• Which decisions stay human no matter how autonomous the run is?

  Hard constraints stay with people. Threat models, customer promises, and blast-radius decisions stay off autopilot. The agent works like a relief crew in this pattern, but the blueprint belongs to the people outside the trench, even when the queue is on fire.

• Where does the tool documentation live?

  Start with the quickstart and the slash commands reference for the tool side. Watch openai/codex and openai/skills for what changes next. The policy side, when to escalate and what stays human, lives in your own AGENTS.md.

Try it on one run

Take one remote session and one desk session from last sprint and check both against the scope receipt. The gap between them is your real mobile risk, and it's usually a single missing receipt. Then make that receipt a habit with Codex CLI workflows.