By ByteBot
Internal tools are where good ideas go to die. Every team has the list: a request tracker, a KPI dashboard, an onboarding hub — none of which ever clear the sprint planning bar against revenue work. On June 2, OpenAI launched Codex Sites at its “Intelligence at Work” event, and the pitch is direct: type a plain-English prompt in ChatGPT, get a hosted web app with a live URL. No deployment pipeline, no separate hosting account, no engineering ticket required.
What Codex Sites Does
Codex Sites is a new capability inside OpenAI’s Codex that takes a natural language prompt and outputs a running, hosted internal web app on OpenAI’s infrastructure. You invoke it with @Sites in a ChatGPT Business or Enterprise workspace:
@Sites Build a project request dashboard for my operations team
with status tracking and priority labelsThe app gets its own URL, accessible within your workspace, with workplace authentication already handled — no separate auth setup required. Use cases out of the gate include dashboards, project trackers, knowledge bases, lightweight workflow apps, and review rooms. One important detail: every Sites deployment is a production deployment by default. If you want to review before it goes live, tell Codex explicitly not to deploy.
What Launched Alongside Codex Sites
Sites was not the only June 2 announcement. OpenAI shipped three other things at the same event that matter to developers and teams:
- Six role-specific plugins: Sales (Salesforce, HubSpot, Outreach), Data Analytics (Snowflake, Databricks, Tableau), Finance, HR, Product, and Ops — connecting to 62 business applications with 110 pre-built automated skills. Legal, Corporate Finance, and Private Equity plugins are in the pipeline.
- Expanded Annotations: The annotation feature now covers documents, spreadsheets, and slides — not just code and Markdown. Select a specific region of a file for precise edits rather than rewriting the whole thing.
- Codex everywhere: Codex is now available directly inside the ChatGPT app, not just the standalone interface. This matters for adoption — fewer context switches for business users.
The Availability Catch
Here is where it gets narrower than the headline suggests. Codex Sites is Business and Enterprise only at launch. ChatGPT Business workspaces get it enabled by default. ChatGPT Enterprise admins must turn it on through RBAC controls in admin settings under Early Access. Plus and Pro subscribers are out for now, with no timeline given for broader rollout.
On pricing: workspace agents are free through July 5, 2026. Credit-based billing starts July 6, with typical end-to-end runs consuming five to 25 credits on GPT-5.5. If your team is on a Business or Enterprise plan, now is the window to run experiments before the meter starts.
Codex Sites vs. Retool and Low-Code Tools
Codex Sites is not a Retool killer. That framing misses what Sites actually is. Retool, UI Bakery, and their peers are production-grade internal tool platforms with complex data source connectors, version control, and the expectation that someone owns and maintains the app over time. Codex Sites is optimized for something different: the tool that lives in the backlog forever because it is too small to justify a sprint and too annoying to ignore.
| Use Case | Codex Sites | Retool / Low-code |
|---|---|---|
| Quick internal dashboard | Yes | Overkill |
| One-off workflow tracker | Yes | Overkill |
| Production customer-facing tool | No | Yes |
| Complex multi-source data | Limited | Better fit |
| Full code ownership | No | Yes |
For dashboards and trackers your team needs this week but nobody wants to maintain next quarter, Sites makes a legitimate case. The maintenance question is worth naming: Sites gives you a URL and a running app, not source code you can version-control and hand off. That is a different risk profile than traditional tooling. It is also part of OpenAI’s broader strategy of owning the developer workflow end-to-end — from code generation to hosting.
A Note on Security
Earlier this year, researchers at BeyondTrust’s Phantom Labs discovered a command injection vulnerability in Codex’s CLI and SDK integrations — attackers could embed malware in GitHub branch names to steal authentication tokens. OpenAI fixed the vulnerability with improved input validation, stronger shell escaping, and tighter token scope and lifetime controls.
For Sites specifically: data handling follows standard ChatGPT Enterprise terms — encrypted in transit, training disabled for paid accounts. Network access defaults to off in the sandbox. For anything involving sensitive internal data, verify with your security team that enterprise data controls are configured correctly before deploying.
Bottom Line
Codex Sites solves a real, specific problem: internal tools that rot in the backlog. It is not a general-purpose app builder, it is not available to Plus users yet, and the free preview window closes July 5. If you are running a Business or Enterprise ChatGPT workspace, this is worth a test run before credit billing starts. The official Codex Sites documentation covers the full setup and current limitations. For everyone else: watch the Plus rollout timeline, and keep Retool in the picture for anything requiring long-term ownership.
