JURNITI°
Login
All guides
Codex CLI logo
Codex CLI

OpenAI Codex CLI Hosting on a Real microVM

Run OpenAI's Codex CLI on its own always-on Firecracker microVM. Sign in with your ChatGPT plan, keep a persistent home and AGENTS.md, give the agent a sandbox it can't escape. 124ms boot, BYOK, 30-day money-back.

OpenAI's Codex CLI already sandboxes the commands it runs. That's the right instinct — but the sandbox lives inside the same machine that holds your SSH keys, your browser sessions, and everything else an agent shouldn't touch if a command goes wrong or a prompt-injection slips through. Here's the stronger boundary: run Codex CLI on its own always-on Firecracker microVM. Sign in with your ChatGPT plan, keep a persistent workspace, give the agent a box it physically can't escape — booting in about 124ms, isolated from your laptop and from every other tenant.

What Codex CLI is

Codex CLI is OpenAI's terminal-first coding agent. It runs locally, reads your codebase, plans, edits, and executes commands inside its own sandbox, and it speaks MCP and the AGENTS.md convention. You drive it from the command line and sign in with the ChatGPT plan you already pay for.

Like any terminal agent, it does its best work given time and a stable environment: hand it a migration or a stack of failing tests and let it iterate. That wants a box that's always on and holds your project — not a laptop you close.

Why a real microVM for Codex CLI

A coding agent runs bash. It installs packages, edits files, and executes whatever the model decides. Codex's own sandbox narrows what each command can do — but it's a software boundary inside your OS. A container is no better: it shares the host kernel, with 200-plus known weaknesses in the stack.

jurniti gives Codex its own Firecracker microVM — its own kernel, a KVM hardware boundary, one tenant per box. The two layers stack cleanly: keep Codex's command approvals, and wrap the whole agent in hardware isolation. Now a sandbox escape, a runaway command, or a poisoned dependency is contained to one disposable VM. Reprovision and you're clean in seconds.

You also keep your OpenAI relationship. jurniti's BYOK is architectural: run codex login with your ChatGPT plan, or paste an OPENAI_API_KEY. The credential lives only in your VM, traffic leaves straight for OpenAI, and jurniti is never in the path. No proxy, no token markup.

Codex is light, so Starter (1 vCPU / 2 GiB) is plenty — you're not paying for headroom you don't use. And it's reversible: a 30-day money-back guarantee, workspace kept 7 days after cancellation.

Run Codex CLI in 3 steps

By hand this is a VPS, the installer, sandbox config, a systemd unit, tmux so sessions survive a disconnect, and patching for as long as you run it. jurniti runs the box; you keep the agent.

1. Pick a plan and pay

Starter is enough for Codex. Check out, and the provision chain runs automatically the moment payment confirms.

2. Your microVM boots with Codex ready

A fresh Ubuntu microVM boots with the Codex CLI pre-installed and on your PATH. You get an in-browser terminal — nothing to SSH into. Sign in and go:

codex login            # sign in with your ChatGPT plan
# or: export OPENAI_API_KEY=sk-...
codex

3. Put it to work

Drop into a project, hand Codex a task, and walk away. Your config, prompts, and AGENTS.md live on the persistent home, so they survive every restart.

Give Codex CLI its own microVM

What people run Codex CLI for

  • Overnight refactors. Give it the task, close the lid, return to a finished diff.
  • Headless / CI-style runs. Non-interactive mode is far less nerve-racking when the agent lives in a box it can't escape.
  • A pinned environment. Your AGENTS.md, MCP servers, and prompts — set up once, always there.
  • Parallel agents. A few microVMs side by side beats ten terminal tabs you lose track of.

Snapshot a configured workspace into a template and fork it for the next project — your setup, never your credentials.

jurniti vs a laptop vs a DIY VPS

jurnitiYour laptopDIY VPS
Always onYesNo — it sleepsYes
Isolation boundaryCodex sandbox + Firecracker microVMCodex sandbox onlyCodex sandbox + shared kernel
Blast radius of an escapeOne disposable microVMYour whole machineYour whole server
ChatGPT loginYours, never leaves the VMYoursYours
SetupAutomatic · 124ms bootLocal installManual
Refund30-day money-backn/aNone

Pricing

Starter is $25/mo ($250/year, two months free) and comfortably runs Codex. Pro is $49/mo and Max $99/mo for heavier workspaces or a custom TLS subdomain. Every plan includes the 30-day money-back guarantee, and your ChatGPT plan or API spend is separate and never marked up.

Running a different agent? See the guides for Claude Code, OpenCode, and Grok Build, or compare plans on the pricing page.

Frequently asked questions

Can I run OpenAI Codex CLI on a server?
Yes. Codex CLI is a terminal-first coding agent, so an always-on box lets it keep working on long tasks and hold a persistent workspace. jurniti runs Codex on a dedicated Firecracker microVM with an in-browser terminal and a persistent home — you hand it a task, close your laptop, and come back to a finished diff.
Do I need an OpenAI API key, or can I use my ChatGPT plan?
Either. In the in-browser terminal run `codex login` to sign in with your ChatGPT Plus, Pro, Business, Edu, or Enterprise plan, or export an OPENAI_API_KEY. jurniti is bring-your-own-key — your credentials stay in your VM, traffic goes straight to OpenAI, and we never see your tokens or mark up usage.
How is this different from Codex's built-in sandbox?
Codex sandboxes the commands it runs inside your machine; jurniti sandboxes the whole agent inside its own Firecracker microVM with its own kernel and a KVM hardware boundary. The two stack: you keep Codex's command approvals and add a hard isolation boundary, so even a sandbox escape or prompt-injection attack is contained to one disposable box.
How much does it cost to host Codex CLI?
Plans start at $25/mo ($250/year — two months free), and every plan has a 30-day money-back guarantee. Codex is light on resources, so Starter (1 vCPU / 2 GiB) is plenty. Your ChatGPT plan or API spend is separate and never marked up, because you bring your own key.
Will my config and AGENTS.md survive a restart?
Yes. Your home directory is on a persistent volume, so your Codex config, prompts, and AGENTS.md survive restarts and reprovisions. You can also snapshot the whole setup into a forkable template — credentials are scrubbed on publish.
Is this an official OpenAI product?
No. jurniti is independent managed hosting for the Codex CLI. We install the upstream CLI at first boot — no fork — so you run the real Codex and sign in with your own OpenAI account.