Claude Code vs Codex CLI Comparison｜Subscription-Based GitHub Actions Automation

Important Notice Regarding Terms of Service (Added February 2026)

In February 2026, Anthropic clarified its terms of service, explicitly prohibiting the use of OAuth tokens from Claude Free/Pro/Max accounts outside of official tools (Claude.ai and Claude Code). Whether deploying auth.json to CI/CD environments as described in this article falls under this restriction has not been explicitly addressed by Anthropic. For CI/CD integration with Claude Code, we recommend using the officially provided claude-code-action with ANTHROPIC_API_KEY (API-based billing). Please check the latest terms at the Anthropic official site.

Target Audience

• Developers and technical leaders evaluating AI coding agents
• Teams planning Claude Code subscription-based automation with GitHub Actions or CI/CD
• Organizations seeking predictable costs without usage-based billing

Key Points

1. Understand the critical pricing model and subscription scope differences between Claude Code and Codex CLI
2. Learn concrete examples of headless automation within Claude Code subscription limits
3. Master practical operational patterns with GitHub Actions integration

TL;DR

Claude Code enables headless execution without additional charges within your subscription. You can freely invoke it from GitHub Actions or Docker containers for automated article generation, code reviews, and product analysis at a fixed monthly cost. Meanwhile, Codex CLI primarily operates on API usage-based billing, making costs unpredictable for large-scale automation.

---

Claude Code and Codex CLI Pricing Models and Subscription Scope

Claude Code: Subscription-Inclusive with No Additional Charges

Claude Code is provided as a feature included in Pro (~$20/month) or Max (~$100/month) plans.

• No additional API charges: Limited only by rate limits (message count and token volume) within subscription
• Fixed costs: No billing beyond monthly subscription fee
• Official headless mode support: -p flag for non-interactive environments is officially documented

Predictable Cost Planning

Even if you run it 10 times daily on GitHub Actions, there are zero charges beyond your subscription fee. This enables confident adoption for large-scale automation projects.

Codex CLI: Usage-Based API Billing

Codex CLI uses OpenAI API as its backend, fundamentally operating on usage-based billing.

• Separate API charges: Model usage (e.g., codex-mini-latest, gpt-5) billed at "$ per 1M tokens"
• Unstable ChatGPT auth mode behavior: Reports indicate "Platform API credits" depletion even with Plus/Pro login
• Blurred subscription boundaries: While documentation hints at "subscription integration," implementation remains inconsistent

Cost Management Caution

GitHub Issues include requests to "fully include Codex CLI in ChatGPT subscription," indicating current API billing risk. Conservative cost planning is advised.

Comparison Table

Aspect	Claude Code	Codex CLI
Base Fee	Pro $20/mo, Max $100/mo	CLI free (API billed separately)
Additional Charges	None (subscription-inclusive)	Yes (API usage-based)
Headless Support	Official support (-p flag)	Feature request stage
Docker/CI Compatibility	Operational via auth.json mounting	OAuth-dependent, remote challenges

---

GitHub Actions Automation with Claude Code Subscription

Critical Authentication Flow Differences

Claude Code subscription features authentication designed for remote and containerized environments.

Claude Code Authentication Flow

1. Run claude /login once locally
2. Obtain token via browser, saved to ~/.config/claude-code/auth.json
3. Mount this file in Docker containers for headless environments without re-authentication

# Docker execution example
docker run -v ~/.config/claude-code:/root/.config/claude-code \
  my-automation:latest \
  claude -p "Fix typos in article and commit"

Codex CLI Authentication Flow

• codex login automatically launches local browser, requiring OAuth callback to localhost
• This mechanism fails in remote SSH or CI environments
• Device-code method (copy-paste style) is in feature request without official support

Practical Difference

With Claude Code's auth.json obtained once, you can immediately start using it in GitHub Actions, AWS Lambda, Docker containers, and any environment.

GitHub Actions Usage Example

Below is a workflow example using Claude Code to periodically generate and publish blog articles.

name: Auto Blog Generation
on:
  schedule:
    - cron: '0 9 * * 1'  # Every Monday at 9 AM

jobs:
  generate-article:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Setup Claude Code
        run: |
          curl -fsSL https://claude.ai/install.sh | sh
          mkdir -p ~/.config/claude-code
          # WARNING: Storing full auth.json credentials in GitHub Secrets can pose a security risk.
          # For production or sensitive environments, consider using a self-hosted runner with secure storage or a dedicated secret management solution.
          echo "${{ secrets.CLAUDE_AUTH_JSON }}" > ~/.config/claude-code/auth.json

      - name: Generate Article
        run: |
          claude -p "Analyze latest AI news and create a 2000-word article, then commit"

      - name: Push Changes
        run: |
          git config user.name "AI Bot"
          git config user.email "bot@example.com"
          git push

Automation Example

This workflow operates on subscription fee only without any additional API charges. Weekly execution costs just $20-$100 per month.

Automated Product-Wide Review Example

name: Weekly Code Review
on:
  schedule:
    - cron: '0 10 * * 5'  # Every Friday at 10 AM

jobs:
  review-codebase:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0  # Fetch full history

      - name: Setup Claude Code
        run: |
          curl -fsSL https://claude.ai/install.sh | sh
          mkdir -p ~/.config/claude-code
          echo "${{ secrets.CLAUDE_AUTH_JSON }}" > ~/.config/claude-code/auth.json

      - name: Generate Review Report
        run: |
          claude -p "Analyze past week's commits and create Markdown report on security risks and performance improvements"

      - name: Create Issue
        uses: peter-evans/create-issue-from-file@v4
        with:
          title: "Weekly Code Review Report"
          content-filepath: ./review-report.md

---

Practical Operational Patterns within Subscription

Pattern 1: Continuous Review in Docker Containers

FROM ubuntu:22.04

# Install Claude Code
RUN curl -fsSL https://claude.ai/install.sh | sh

# Prepare authentication as mount point
VOLUME ["/root/.config/claude-code"]

ENTRYPOINT ["claude", "-p"]

# Execution example: Daily security checks
docker run -v ~/.config/claude-code:/root/.config/claude-code \
  claude-automation:latest \
  "Scan entire project and check for OWASP Top 10 vulnerabilities"

Pattern 2: Scheduled Execution with cron + Scripts

#!/bin/bash
# daily-optimization.sh

# Generate optimization proposals with Claude Code
claude -p "Analyze performance bottlenecks and create improvement PR" > /tmp/optimization.log

# Slack notification
curl -X POST ${{ secrets.SLACK_WEBHOOK }} \
  -H 'Content-Type: application/json' \
  -d "{\"text\": \"Optimization proposal generated: $(cat /tmp/optimization.log)\"}"

# crontab -e
0 2 * * * /home/user/daily-optimization.sh

Cost-Benefit Comparison

Scenario	Claude Code (Subscription)	Codex CLI (API Billing)
Weekly article generation (52/year)	$240/year (Pro)	Est. $500-$1,000/year
Daily code reviews (365/year)	$240/year (Pro)	Est. $3,000-$5,000/year
Large product analysis (monthly)	$1,200/year (Max)	Est. $2,000-$4,000/year

Cost Reduction Point

With Claude Code, you can experiment freely without worrying about execution count. The freedom to "retry on failure" dramatically accelerates development velocity.

---

Frequently Asked Questions

Are there limits on Claude Code subscription usage?

Yes, rate limits on message count and token volume exist. However, these reset hourly, typically not problematic for standard automation use. For large-scale projects, Max plan (relaxed limits) is recommended.

Isn't Codex CLI free with ChatGPT auth mode?

Currently unstable. GitHub Issues report "API charges even with Plus/Pro login," and while OpenAI states "strengthening subscription integration," it's not fully inclusive. Designing with API billing assumption is prudent.

Is storing Claude Code's auth.json in GitHub Secrets safe?

Not recommended. auth.json contains long-lived credentials with leakage risk even via Secrets. Alternatives:

1. Use self-hosted runners with local filesystem placement
2. Or utilize short-term token issuance API (in preparation)

However, for test environments or personal projects, Secrets are often practically acceptable.

---

Summary: Why Choose Claude Code

Unlimited Automation at Fixed Cost Use in GitHub Actions, Docker, cron, and any environment with no additional charges beyond subscription.

Authentication Optimized for CI/CD Single auth.json enables headless environments without re-authentication. Works instantly on remote servers.

Predictable Cost Structure Zero worry about "how much will I be billed this month?" Enables confident large-scale experimentation.

Ideal for Product-Wide Reviews Analyze complex dependencies and architecture with high-performance Sonnet 4.5 / Opus 4.1 models.

Next Actions

1. Register for Claude Pro/Max (14-day trial available)
2. Run claude /login locally and obtain auth.json
3. Try sample workflow in GitHub Actions
4. Apply to your organization's automation use cases for production

---

Related Articles:

• Claude Code Complete Guide
• Claude Code GitHub Actions Integration
• Claude Code Docker Guide