Codex CLI · Tested with aisw v0.3.7 · Updated July 16, 2026

Use a Codex CLI Account Per Repository

Bind the repository to the context that should own it with aisw workspace bind . --context <name>, then turn on aisw workspace guard --mode strict. Every time you launch Codex CLI from that repository, aisw checks the active account against the binding.

Codex CLI has no concept of “this repo belongs to this account” — it just uses whatever’s currently signed in. If you work across several client codebases, that’s exactly the setup where the wrong account slips through unnoticed. Workspace guardrails close that gap.

Before you start

You need a profile or context to bind to. This guide assumes a client-acme context that includes a Codex CLI profile — see switch a complete work setup if you need to create one.

CLI method

1. Bind the repository.

Terminal window
aisw workspace bind . --context client-acme

2. Enable enforcement.

Terminal window
aisw workspace guard --mode strict

3. Check the binding at any time.

Terminal window
aisw workspace status

Desktop method (coming soon)

AI Switcher Desktop is currently in private testing and not yet available for public download. The steps below reflect the current build; use the CLI method above until it ships.

  1. Open Workspaces in AI Switcher Desktop.
  2. Click Bind repository, choose the folder, and select the context.
  3. Set the enforcement mode.
  4. Mismatches appear immediately under Diagnostics with a repair action.

Verify the result

Switch to a profile outside the bound context, then run:

Terminal window
aisw workspace status

Confirm aisw reports the mismatch, then switch back and confirm it clears.

Frequently asked questions

Does this only work for Codex CLI, or all three tools at once?

A workspace binding points at a context, and a context can map Claude Code, Codex CLI, and Gemini CLI together. The guardrail checks whichever tools that context includes.

What if a repository doesn't need a specific account?

Just don't bind it. aisw only enforces guardrails on repositories you've explicitly bound; everything else behaves normally.