Tutorials

Stop Prompting One Agent at a Time: How to Build a Small AI Team in Codex

AIReadyFit Team8 min read

Single-agent workflows are useful until they aren't. They work for isolated tasks — explain this file, fix this bug, write this test. But the moment the problem becomes parallel, the single-thread model starts to drag. You want one pass on the codebase, another on docs, another on browser behavior, another on risk review, and a final write-up that pulls the results together.

That is exactly the gap Codex's multi-agent workflow closes. Not by making AI more theatrical, but by doing something far more practical: keeping noisy work off the main thread.

The Real Bottleneck Is Not Intelligence. It Is Context.

Once you have used agentic coding long enough, you notice the actual failure mode. It is not that the model lacks capability. It is that a single conversation accumulates too much mixed context — logs, docs, screenshots, dead-end test runs, framework references — until the whole thread degrades. Every new message competes with a growing pile of intermediate artifacts the model has to reason through.

OpenAI's Codex docs frame multi-agent workflows in exactly these terms: a way to keep noisy exploration off the main thread, preserve focus in the parent agent, and return summaries instead of dumping raw output into one giant conversation. The industry calls this context rot. Chroma's 2025 research tested 18 frontier models and found that every single one degraded as input context grew — accuracy drops, middle-of-context blindness, and semantic interference all get worse with length. That is the reason your tenth question in a long session gets a worse answer than your first.

Multi-agent is not about making agents talk to each other in a fancy demo. It is about giving each agent a small, focused job and keeping the orchestrator clean.

What Codex Gives You to Work With

The current Codex stack has several pieces that fit together:

  • The Codex app runs parallel threads across projects, supports reviewable diffs, and uses Git worktrees so multiple agents can touch the same repo without trampling each other
  • The CLI exposes experimental multi-agent support — you can enable it with a feature flag or directly in config.toml
  • Roles let you define specialized agents with different models, sandbox settings, and instructions
  • AGENTS.md gives every run consistent expectations, layered from your global config to project root to nested directories
  • Skills extend agents with repeatable capabilities
  • Sandbox and approval policies keep the whole system from turning into a reckless automation experiment

That combination is what makes the "AI software team" idea practical. The app gives you visibility. Worktrees give you isolation. The CLI gives you orchestration. And sandbox controls give you safety.

Roles That Actually Decompose Work

OpenAI ships built-in roles — default, worker, explorer, monitor. But the multi-agent system also lets you define your own roles in ~/.codex/config.toml or a project-level .codex/config.toml, where each role includes a description and a role-specific config file.

Here is what a clean starting point looks like:

toml
[features]
multi_agent = true

[agents]
max_threads = 6
max_depth = 1

[agents.explorer]
description = "Read-only codebase explorer that maps affected files and execution paths."
config_file = "agents/explorer.toml"

[agents.reviewer]
description = "Risk reviewer focused on correctness, security, and missing tests."
config_file = "agents/reviewer.toml"

[agents.docs_researcher]
description = "Documentation specialist that verifies external APIs and framework behavior."
config_file = "agents/docs-researcher.toml"

That follows the documented pattern: narrow roles, shared config, descriptions that help Codex decide when to use each agent. Role-specific TOML files can set different models, reasoning effort, sandbox settings, and developer instructions.

Design concrete roles, not generic personas

Many teams imagine roles like "planner, researcher, coder, tester, writer" because those sound intuitively complete. The stronger pattern is more concrete. "Explorer" for mapping code paths. "Reviewer" for finding correctness and security risks. "Docs researcher" for checking framework truth. "Worker" for making the smallest defensible change after evidence is gathered. Role shapes should match how software work actually decomposes — not how org charts look.

The key idea: the best roles are not broad personalities. They are scoped jobs with distinct tool surfaces and failure modes.

AGENTS.md: Shared Doctrine for the Whole Team

AGENTS.md is what keeps a multi-agent team coherent. Codex reads AGENTS.md files before doing any work and builds an instruction chain from your global Codex home, your project root, and nested directories closer to the current working area.

That means you can give every run consistent expectations: use pnpm, run lint before PRs, never touch certain files, prefer certain workflows, ask before adding dependencies. Then, if one part of the repo needs different rules, you override them closer to that directory.

This matters more in multi-agent mode than single-agent mode. One of the easiest ways to lose value with parallel agents is to let each one improvise. If the explorer scans too broadly, the reviewer comments on style instead of risk, and the worker rewrites unrelated files, you get a beautiful demo and a terrible engineering process.

AGENTS.md gives your whole agent team shared operating doctrine. Role-specific config files then sharpen the mission for each specialist.

Layer your instructions

Global AGENTS.md sets universal standards (formatting, commit style, tooling). Project-root AGENTS.md captures conventions specific to this repo. Directory-level AGENTS.md files handle edge cases where one subsystem needs different rules. Each layer narrows the scope without contradicting the ones above.

Worktrees: Isolation Without Ceremony

Worktrees solve one of the ugliest problems in parallel agent work: conflicting local state. If two agents try to modify the same working directory at the same time, you get race conditions, half-written files, and corrupted Git state.

Codex uses Git worktrees to run multiple independent tasks in the same project without interference. Each agent gets an isolated copy of the repo. You can explore multiple directions at once, review diffs separately, and hand work back to your main checkout only when it is worth keeping. Background automations also run on dedicated worktrees.

That is not a convenience feature. It is the piece that makes parallel agents safe enough to actually use.

A Real Workflow: Shipping a Feature

Here is what a multi-agent workflow looks like in practice. You ask Codex to ship a feature or review a risky branch:

  1. Codex spawns an explorer to map the touched code paths — which files are affected, what calls what, where the change surface is
  2. A reviewer inspects correctness, security, and missing test coverage across those paths
  3. A docs researcher checks framework behavior through connected documentation — verifying that the approach matches how the API actually works, not how you remember it working
  4. A browser debugger reproduces the UI issue if the problem crosses the live app
  5. Once the evidence converges, a worker agent makes the implementation change — the smallest defensible code change based on what the other agents found
  6. The parent agent returns a unified answer with reasoning distilled into actions

The parent agent never had to hold every log, every docs snippet, every dead-end test run. It stayed focused on requirements, decisions, and final synthesis. The sub-agents carried the exploration load and returned smaller summaries.

That is the whole point. Not replacing the engineering team. Making the engineering team stop serializing work that is naturally parallel.

Security You Cannot Skip

More agents means a larger attack surface. Codex addresses this with sandbox modes (read-only, workspace-write), optional network access settings, and approval policies that control what agents can do without human sign-off.

In multi-agent mode, sub-agents inherit the parent sandbox policy, and role configs can further narrow that surface. The sensible setup:

  • Research agents stay read-only — they explore code and docs but cannot modify anything
  • Browser repro agents get the tools they need but no write access to the repo
  • Worker agents get write access scoped to the task — and only after the evidence-gathering phase
Review what each role can touch

Do not give all agents the same permissions. A docs researcher does not need write access. A worker does not need network access. Narrow the sandbox per role. Codex's role-specific config files make this straightforward — use them.

That layered approach is the difference between a useful automation and a reckless one. As agent adoption grows — Gartner projects 40% of enterprise apps will integrate AI agents by 2026 — the security surface grows with it. The OWASP Top 10 for Agentic Applications already exists. Treat agent permissions with the same discipline you would apply to any service account.

The Bigger Point

The best use of Codex multi-agent is not "replace the engineering team." It is "stop serializing work that is naturally parallel."

Codebase mapping, evidence gathering, docs verification, UI reproduction, targeted fixing, and final write-up do not belong in one monolithic prompt. Codex gives you a way to turn that intuition into an actual operating model. One main agent. Several focused specialists. Reviewable diffs. Shared instructions. Isolated worktrees.

That is not AGI. It is systems design applied to AI tools. Every major coding tool — Cursor, Windsurf, Claude Code, Codex, Devin — shipped multi-agent capabilities within the same two-week window in early 2026. The pattern is converging because the problem is real. And good systems design is precisely why it works.


At AIReady.fit, we teach professionals how to move beyond single-prompt workflows. Our AI Foundations track covers structured AI collaboration — from multi-agent orchestration to real project workflows that actually ship.

Get AI Tips Every Week

Get smarter about AI every week — practical tips, prompts, and workflows in your inbox.