The right level of automation for an AI agent is 99%. The right level of access is read and write everything. The remaining 1% is review and publish. That last 1% stays human.
Codex already does this for code. You point it at a folder, tell it what to do, and read the diff before anything goes anywhere. The thing it can't see is your CMS. Scratch is the connector that puts your content into a folder Codex can open.
You connect Scratch to wherever your content lives. Shopify, WordPress, Notion, HubSpot, the others. It downloads everything as a folder of files on your laptop. You open that folder in Codex and tell it what you want done. Rewrite the meta descriptions on these 400 posts so each one is under 158 characters and ends with a call to action. Codex does it.
Then Scratch shows you every change as a per-record diff, the way you'd review a pull request. You do the 1%: approve what ships. Scratch publishes only those records back to your CMS, one at a time. The agent edits. You keep the merge button.
The question you're actually asking is whether you can trust Codex with your live site. You can. Publishing is the thing Codex doesn't get to do.
Where you drive Codex from
You point Codex at your Scratch project folder and tell it what you want done. Built-in Git worktrees let you run parallel threads on different slices of the same folder when you want them, with diffs sitting side by side with Scratch's review surface.
You bring your own OpenAI account. Scratch holds no Codex credentials and runs no model. You sign into Codex the way you already do.
The things you're probably worried about
Will Codex publish anything to my live site? No. Codex only reads and writes files in your Scratch folder. Scratch is the only thing that talks to your CMS, and it only publishes what you've clicked approve on, one record at a time.
Can I undo if something ships I didn't want? Yes. Every published record is reversible from the Scratch app, per row. The original sits next to the rewritten one until you tell Scratch which one stays.
What about my prices, SKUs, member data, anything sensitive? You lock those fields when you set up the connector, and Scratch can't write them back even if Codex tries. On top of that, you can run Python validators that reject any diff that touches a field you've flagged. Bad rewrites get filtered out before you have to look at them.
Does OpenAI see my content differently because it came through Scratch? No. The data path is your laptop, to your OpenAI account, back to your laptop. Whatever your Codex settings say about training and history applies. Same as if you typed every word in by hand.
How is this different from an OpenAI integration or a CMS plugin? Both give Codex the publish button. Scratch doesn't. Codex gets the same full access an integration would give it, but the publish step stays in your hands. That's the whole difference.
Can I do this on hundreds of records at once? Yes, that's the use case. Codex is built for catalog-scale jobs.
Do I need to be a developer? If you're already using Codex, you are. If you're not, the Claude desktop app is the more direct route. Same Scratch loop, more familiar interface.
Browse the skills below for prompts that work end-to-end with Codex.