Codex Manual

Permissions and Safety

Codex can edit files and run commands. Keep the boundaries clear.

Two core concepts:

  • Sandbox controls what Codex can access and write.
  • Approval controls when Codex must ask before running commands or escalating access.

Recommended start:

codex --sandbox workspace-write --ask-for-approval on-request

Use full-access modes only in disposable containers, temporary VMs, test-only directories, or environments with a clear rollback plan.

Good habits:

  • Ask for a plan before edits.
  • Review diffs after each change.
  • Run relevant tests.
  • Be careful with delete, migrate, overwrite, or privilege-escalating commands.
  • Do not write secrets into repositories.