Primary navigation

Governance

Governance guidance for managing Codex in your organization

Governance and Observability

Codex gives enterprise teams visibility into adoption and impact, plus the auditability needed for security and compliance programs. Use the self-serve dashboard for day-to-day tracking, the Analytics API for programmatic reporting, and the Compliance API to export detailed logs into your governance stack.

Ways to track Codex usage

There are three ways to monitor Codex usage, depending on what you need:

  • Analytics Dashboard: quick visibility into adoption and code review impact.
  • Analytics API: pull structured daily metrics into your data warehouse or BI tools.
  • Compliance API: exports detailed activity logs for audit, monitoring, and investigations.

Analytics Dashboard

Codex analytics dashboard

Dashboards

The analytics dashboard allows ChatGPT workspace administrators to track feature adoption.

Codex provides the following dashboards:

  • Daily users by product (CLI, IDE, cloud, Code Review)
  • Daily code review users
  • Daily code reviews
  • Code reviews by priority level
  • Daily code reviews by feedback sentiment
  • Daily cloud tasks
  • Daily cloud users
  • Daily VS Code extension users
  • Daily CLI users

Data export

Administrators can also export Codex analytics data in CSV or JSON format. Codex provides the following export options:

  • Code review users and reviews (Daily unique users and total reviews completed in Code Review)
  • Code review findings and feedback (Daily counts of comments, reactions, replies, and priority-level findings)
  • cloud users and tasks (daily unique cloud users and tasks completed)
  • CLI and VS Code users (Daily unique users for the Codex CLI and VS Code extension)
  • Sessions and messages per user (Daily session starts and user message counts for each Codex user across surfaces)

Analytics API

Use the Analytics API when you want to automate reporting, build internal dashboards, or join Codex metrics with your existing engineering data.

What it measures

The Analytics API provides daily, time-series metrics for a workspace, with optional per-user breakdowns and per-client usage.

Endpoints

Daily usage and adoption

  • Daily totals for threads, turns, and credits
  • Breakdown by client surface
  • Optional per-user reporting for adoption and power-user analysis

Code review activity

  • Pull request reviews completed by Codex
  • Total comments generated by Codex
  • Severity breakdown of comments

User engagement with code review

  • Replies to Codex comments
  • Reactions, including upvotes and downvotes
  • Engagement breakdowns for how teams respond to Codex feedback

How it works

Analytics is daily and time-windowed. Results are time-ordered and returned in pages with cursor-based pagination. You can query by workspace and optionally group by user or aggregate at the workspace level.

Common use cases

  • Engineering observability dashboards
  • Adoption reporting for leadership updates
  • Usage governance and cost monitoring

Compliance API

Use the Compliance API when you need auditable records for security, legal, and governance workflows.

What it measures

The Compliance API gives enterprises a way to export logs and metadata for Codex activity so you can connect that data to your existing audit, monitoring, and security workflows. It is designed for use with tools like eDiscovery, DLP, SIEM, or other compliance systems.

What you can export

Activity logs

  • Prompt text sent to Codex
  • Responses Codex generated
  • Identifiers such as workspace, user, timestamp, and model
  • Token usage and related request metadata

Metadata for audit and investigation

Use record metadata to answer questions like:

  • Who ran a task
  • When it ran
  • Which model was used
  • How much content was processed

Common use cases

  • Security investigations
  • Compliance reporting
  • Policy enforcement audits
  • Routing events into SIEM and eDiscovery pipelines

What it does not provide

  • Lines of code generated (a bit of a noisy proxy for productivity and can incentivize the wrong behavior)
  • Acceptance rate of suggestions (almost 100% since users usually accept the change first)
  • Code quality or performance KPIs

Recommended pattern

Most enterprises use a combination of:

  1. Analytics Dashboard for self-serve monitoring and quick answers
  2. Analytics API for automated reporting and BI integration
  3. Compliance API for audit exports and investigations