# Direct Codex access through cPanel SSH This method gives the coding agent direct access to the selected remote working directory. Use the staging checkout only. ## Install Codex on the cPanel account From cPanel Terminal or an SSH connection: ```bash bash scripts/install_codex_cli.sh ``` The script uses OpenAI's official standalone Linux installer. If the host blocks the installer, ask the hosting provider whether user-installed Linux executables are allowed. ## Authenticate on a headless server Try: ```bash codex login --device-auth ``` Complete the one-time code in your local browser. API-key authentication is another option, but it uses API billing. Treat `~/.codex/auth.json` as a password and never place it in the website or Git repository. ## Start Codex in the staging repository ```bash cd /home/USER/apps/myapp-staging pwd git status codex ``` Do not run `codex` from `/home/USER`, `/home/USER/public_html`, or another directory containing unrelated domains, mail, backups, SSH keys, or configuration. ## Project rules Copy the included template into the target repository: ```bash cp /home/USER/apps/cpanel-ai-developer/AGENTS.md.example \ /home/USER/apps/myapp-staging/AGENTS.md ``` Commit the project-specific `AGENTS.md` after reviewing it. ## Suggested first prompt ```text Inspect this repository and summarize its architecture. Do not modify anything yet. Identify the application entry points, configuration pattern, database layer, test commands, and deployment-sensitive files. Never read .env or secrets. ``` Then request a focused change: ```text Implement the requested change without removing existing functionality. Show the diff, run PHP syntax validation and existing tests, and stop before committing or deploying so I can review the result. ``` ## Connecting from a desktop app OpenAI supports SSH-host projects in supported Codex App configurations. The remote host must have `codex` available on its login-shell PATH and should be accessed with a least-privilege SSH key. Platform support can differ; using Codex CLI inside a normal Windows SSH terminal is the reliable fallback. Never expose `codex app-server` on a public network. Use normal SSH rather than an unauthenticated listener.