One more turn
My Codex coding addiction
Some weekends stick in your memory. Thirty years ago, one Friday evening, a friend gave me a copy of Sid Meier’s Civilisation 2. It was awesome fun - addictive and all consuming. But, finally, on Sunday evening, my civilisation arrived at Alpha Centauri and I could stop. I had learnt the true meaning of 'Just one more turn'. Minimal sleep, dirty clothes, hunger. But also a lot of fun.
Something similar is happening right now.
A couple of weeks ago OpenAI significantly upgraded Codex CLI - their new coding agent. It’s the OpenAI equivalent of Claude Code, but written in Rust and powered by ChatGPT. It’s under (very) active development - v0.30.0 came out last Friday, v0.31.0 yesterday. I’ve previously used some of the earlier versions of Codex - and was unimpressed. But this new one is, well, amazing.
Compared to Claude Code, Codex is more, well, rudimentary. It doesn’t have fancy graphics. It doesn’t always produce a plan. It doesn’t have all the clever configuration that Claude Code has. But it has a secret weapon. It has GPT-5. And that’s important - because ultimately creating code is what matters.
Codex is addictive in the one-more-turn kind of way. I started out with multiple Gemini, Claude Code and Codex sessions. But now I only have Codex sessions. And I am in a loop of one-more-turning them. Adding a new feature here, suggesting a fix there, testing a new build here. The ability to make such rapid progress is addictive. 2am in the morning addictive.
GPT-5
In years gone past a typical software engineer wrote somewhere between 2,000 and 10,000 lines of code per year. Yes, lines of code is a poor metric. Yes, it can be gamed. Yes, a better metric would be nice. But it’s the best proxy we’ve got.
In the past week I’ve used Codex to build over 20,000 lines of code. This isn’t boilerplate - it’s decent quality Rust code. I started building a markdown viewer - 5kloc of Rust that builds into a standalone app. It needed a bit of iteration, but it’s impressively solid. And there’s another 10kloc of tools, exploration on top of that as well.
Then I advanced to building a custom MCP server. Like many orgs, the company I work for has been struggling with how to safely deploy MCP servers. There are so many tempting MCPs - FileSystem (which gives access to the file system) or Desktop Commander (which gives access to all commands and files on your system) or Slack or Git or Confluence or Jira. The list is long. But some MCPs are fundamentally insecure; others have been compromised or contain critical security vulnerabilities. They all have different upgrade mechanisms. How can an organization safely navigate this muddle?
MDMCP
It got me thinking. What if we had a MCP server with a sandboxed environment that could only access a limited set of directories and run a curated set of commands? Such an MCP would have many advantages:
It could run all the existing commands that provide much usable function. Why use the Git MCP when you can use the git command?
You could easily extend it by adding additional commands. Lots of extra function for (nearly) free.
It would be a single MCP. That would simplify approval, deployment and upgrade.
The sandbox would limit file-system access. And prevent Claude from running dangerous commands.
So I set out to build one. The result is mdmcp. It provides a secure sandboxed environment. There’s a companion app (mdmcpcfg) which can install, upgrade and uninstall the server. The configured policy is stored in yaml - which mdmcpcfg can modify.
mdmcp is self documenting. Claude can get documentation direct from mdmcpsrvr, so Claude can explain how to use mdmcpcfg for configuration. Want to add a new command? Just ask Claude Desktop and it’ll help you.
And config can be hot reloaded - so you can make changes without needing to restart Claude Desktop.
And then one of my colleagues had the amazing brainwave to deploy mdmcpsrvr on linux under WSL, with Claude Desktop on Windows driving it. And now Claude Desktop has the ability to build on linux. Sweet.
Admittedly it’s a little rough - I hadn’t thought about supporting this never mind testing it. Nonetheless it mostly worked straight out of the box. Amazing.
But it wasn’t all plain sailing. Early on Saturday I got this error from Codex:
4 days!?! I can’t wait that long - out with the credit card :).
Other integrations
Internally we use Confluence as a wiki. The built-in search is, well, terrible. I avoid Confluence because finding things is so hard. But not anymore. I built a little tool - mdconfcli - that can search and read pages from Confluence. Then I plugged it into mdmcp as an extra command. Now I can find things in Confluence directly from Claude - and it turns out Claude is pretty good at compensating for the flaws in the native Confluence search.
I’m working on similar integrations for Slack, Outlook and any other internal resources I can find.
Suddenly Claude has grown a lot of safe, secure arms.
Is it truly safe?
The sandboxing is interesting. Claude is persistent. And clever. During testing I asked it whether it could see my g:\ drive.
Claude shouldn’t be able to see this because it’s not in the allowed list of directories.
And correctly things failed. But then Claude noticed python was available:
And before long it had a python script:
Oh.
I guess I’ve got to be impressed with Claude’s ingenuity.
On the other hand this isn’t anything new - give a prisoner the right set of keys and they’ll be able to break out of the prison.
And so?
I’ve had a blast over the past week. Being able to create so much so quickly is great fun. Codex is a step change from Claude Code (I initially used Claude Code to build mdmcp but quickly switched to Codex as Claude Code struggled). As I write I’m chomping at the bit to get back to my next turn. Thinking about the next projects I can build.
Software engineering is already changing. But Codex makes tools like Github autocomplete feel like toys. We’re moving to a world where I can create a careers worth of software in less than a year. It’s an amazing place. Could software engineering addiction become a real thing?