Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Risk Management and Strategy In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We assess and identify cybersecurity risk to such information by maintaining cybersecurity policies that require continuous monitoring and detection programs and network security precautions. Our program incorporates industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information. We manage cybersecurity risks by maintaining various protections designed to safeguard against cyberattacks, including firewalls and virus detection software, and periodic end user training on common cybersecurity threats (e.g. phishing exercises and interactive trainings). We have established our disaster recovery plan and we protect against business interruption by backing up our major systems. In addition, we periodically scan our environment for any vulnerabilities, perform penetration testing and engage third parties to assess effectiveness of our data security practices. A third party security consultant conducts regular network security reviews, scans and audits, and we may consult with other external experts as warranted by a particular cybersecurity incident or threat. In addition, we maintain insurance that includes cybersecurity coverage. Areas of cybersecurity risk are assessed bi-annually, and updates are reported by our Chief Financial Officer to the Board’s Audit Committee and senior management annually. Where our bi-annual cybersecurity risk assessment identifies areas for improvement, we document and track our remediation activities, which are also reported to the Audit Committee and senior management annually. In this way, our program to manage cybersecurity risk integrates with our overall risk management processes. With respect to third parties who provide services affecting critical business management systems, we collect and maintain SOC2 or SOC1 type II reports (attestation of controls at a service organization over a minimum six-month period). For other third-party service providers, cybersecurity risk is addressed as appropriate. As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations and financial condition. Despite the implementation of our cybersecurity program, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See “Risk Factors – General Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We assess and identify cybersecurity risk to such information by maintaining cybersecurity policies that require continuous monitoring and detection programs and network security precautions. Our program incorporates industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Governance The Company’s Board of Directors has visibility into cybersecurity risks through its Audit Committee and through the process described below. The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security. Areas of cybersecurity risk are assessed bi-annually, and updates are reported by the Chief Financial Officer to the Audit Committee and senior management annually. Where our bi-annual cybersecurity risk assessment identifies areas for improvement, we document and track our remediation activities, which are also reported to the Audit Committee and senior management annually. Senior management has appointed a Cybersecurity Council that is responsible for identifying, escalating, and facilitating the assessment and determination of the materiality of cybersecurity incidents and threats. The Cybersecurity Council is made up of representatives of IT, Legal and Finance, as well as ad hoc additional members depending on the circumstances of the incident or threat. The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP IT”) who has more than 20 years of experience, and engages with trusted third-party experts for support and guidance when additional expertise is required. In December 2024, the VP IT exited the company, and IT expert advice to the Cybersecurity Council is currently provided by an external cybersecurity specialist. This specialist has extensive experience managing cybersecurity functions in his prior external roles, where he was responsible for overseeing cybersecurity strategy and operations, including incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters. An actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein (or threat that presents significant risk to our information systems as identified by IT) is reported to the Cybersecurity Council by our IT Department. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.
Cybersecurity Risk Role of Management [Text Block]	The Company’s Board of Directors has visibility into cybersecurity risks through its Audit Committee and through the process described below. The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Senior management has appointed a Cybersecurity Council that is responsible for identifying, escalating, and facilitating the assessment and determination of the materiality of cybersecurity incidents and threats. The Cybersecurity Council is made up of representatives of IT, Legal and Finance, as well as ad hoc additional members depending on the circumstances of the incident or threat.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP IT”) who has more than 20 years of experience, and engages with trusted third-party experts for support and guidance when additional expertise is required. In December 2024, the VP IT exited the company, and IT expert advice to the Cybersecurity Council is currently provided by an external cybersecurity specialist. This specialist has extensive experience managing cybersecurity functions in his prior external roles, where he was responsible for overseeing cybersecurity strategy and operations, including incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	An actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein (or threat that presents significant risk to our information systems as identified by IT) is reported to the Cybersecurity Council by our IT Department. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management and Strategy

In the normal course of business, we may collect and store personal information and other sensitive information, including proprietary and confidential business information, trade secrets, intellectual property, sensitive third-party information and employee information. We assess and identify cybersecurity risk to such information by maintaining cybersecurity policies that require continuous monitoring and detection programs and network security precautions. Our program incorporates industry-standard frameworks, policies and practices designed to protect the privacy and security of our sensitive information.

We manage cybersecurity risks by maintaining various protections designed to safeguard against cyberattacks, including firewalls and virus detection software, and periodic end user training on common cybersecurity threats (e.g. phishing exercises and interactive trainings). We have established our disaster recovery plan and we protect against business interruption by backing up our major systems. In addition, we periodically scan our environment for any vulnerabilities, perform penetration testing and engage third parties to assess effectiveness of our data security practices. A third party security consultant conducts regular network security reviews, scans and audits, and we may consult with other external experts as warranted by a particular cybersecurity incident or threat. In addition, we maintain insurance that includes cybersecurity coverage.

Areas of cybersecurity risk are assessed bi-annually, and updates are reported by our Chief Financial Officer to the Board’s Audit Committee and senior management annually. Where our bi-annual cybersecurity risk assessment identifies areas for improvement, we document and track our remediation activities, which are also reported to the Audit Committee and senior management annually. In this way, our program to manage cybersecurity risk integrates with our overall risk management processes.

With respect to third parties who provide services affecting critical business management systems, we collect and maintain SOC2 or SOC1 type II reports (attestation of controls at a service organization over a minimum six-month period). For other third-party service providers, cybersecurity risk is addressed as appropriate.

As of the date of this report, we are not aware of any risks from cybersecurity threats that have materially affected or are reasonably likely to materially affect us, including our business strategy, results of operations and financial condition. Despite the implementation of our cybersecurity program, our security measures cannot guarantee that a significant cyberattack will not occur. A successful attack on our information technology systems could have significant consequences to the business. While we devote resources to our security measures to protect our systems and information, these measures cannot provide absolute security. See “Risk Factors – General Risk Factors” for additional information about the risks to our business associated with a breach or compromise to our information technology systems.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The Company’s Board of Directors has visibility into cybersecurity risks through its Audit Committee and through the process described below. The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.

Areas of cybersecurity risk are assessed bi-annually, and updates are reported by the Chief Financial Officer to the Audit Committee and senior management annually. Where our bi-annual cybersecurity risk assessment identifies areas for improvement, we document and track our remediation activities, which are also reported to the Audit Committee and senior management annually.

Senior management has appointed a Cybersecurity Council that is responsible for identifying, escalating, and facilitating the assessment and determination of the materiality of cybersecurity incidents and threats. The Cybersecurity Council is made up of representatives of IT, Legal and Finance, as well as ad hoc additional members depending on the circumstances of the incident or threat. The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP IT”) who has more than 20 years of experience, and engages with trusted third-party experts for support and guidance when additional expertise is required. In December 2024, the VP IT exited the company, and IT expert advice to the Cybersecurity Council is currently provided by an external cybersecurity specialist. This specialist has extensive experience managing cybersecurity functions in his prior external roles, where he was responsible for overseeing cybersecurity strategy and operations, including incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters.

An actual or suspected cybersecurity incident that jeopardizes the confidentiality, integrity, or availability of Codexis' information systems or any information residing therein (or threat that presents significant risk to our information systems as identified by IT) is reported to the Cybersecurity Council by our IT Department. The focus of the Cybersecurity Council is on the investigation and facilitation of senior management’s assessment and determination of materiality of an incident or threat, and such investigation is separate but contemporaneous with the investigation(s) done under other applicable programs, policies, and plans regarding cybersecurity. The Cybersecurity Council will liaise directly with other investigation(s) and share information and assessments. Along with assistance from the Cybersecurity Council as necessary, senior management reports its materiality determination and analysis, including necessary facts to support its determination, to the Audit Committee of the Board of Directors. Pursuant to its charter, the Audit Committee may, along with senior management, report such determination to the Board of Directors.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Audit Committee has oversight of the Company’s cybersecurity risk management programs and the design and operating effectiveness thereof, and reviews reports from Company management on cybersecurity, data privacy and other risks relevant to the Company’s computerized information system controls and security.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity Risk Role of Management [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The members of the Cybersecurity Council do not have specific expertise in cybersecurity risk other than the Vice President of Information Technology (“VP IT”) who has more than 20 years of experience, and engages with trusted third-party experts for support and guidance when additional expertise is required. In December 2024, the VP IT exited the company, and IT expert advice to the Cybersecurity Council is currently provided by an external cybersecurity specialist. This specialist has extensive experience managing cybersecurity functions in his prior external roles, where he was responsible for overseeing cybersecurity strategy and operations, including incident response, threat intelligence, security awareness training programs, risk assessments and remediation, and regulatory and compliance matters.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true