concepts/sandboxing diff

concepts/sandboxing.md +10 −3

Details

145- `never`: Codex doesn't stop for approval prompts.145- `never`: Codex doesn't stop for approval prompts.

146 146

147Full access means using `sandbox_mode = "danger-full-access"` together with147Full access means using `sandbox_mode = "danger-full-access"` together with

148`approval_policy = "never"`. By contrast, `--full-auto` is the lower-risk local148`approval_policy = "never"`. By contrast, the lower-risk local automation

149automation preset: `sandbox_mode = "workspace-write"` and149preset is `sandbox_mode = "workspace-write"` together with

150`approval_policy = "on-request"`.150`approval_policy = "on-request"`, or the matching CLI flags

151`--sandbox workspace-write --ask-for-approval on-request`.

151 152

152If you need Codex to work across more than one directory, writable roots let153If you need Codex to work across more than one directory, writable roots let

153you extend the places it can modify without removing the sandbox entirely. If154you extend the places it can modify without removing the sandbox entirely. If

170[Codex app features](https://developers.openai.com/codex/app/features#approvals-and-sandboxing), and for the171[Codex app features](https://developers.openai.com/codex/app/features#approvals-and-sandboxing), and for the

171IDE-specific settings entry points, see [Codex IDE extension settings](https://developers.openai.com/codex/ide/settings).172IDE-specific settings entry points, see [Codex IDE extension settings](https://developers.openai.com/codex/ide/settings).

172 173

174Automatic review, when available, doesn't change the sandbox boundary. It

175reviews approval requests, such as sandbox escalations or network access, while

176actions already allowed inside the sandbox run without extra review. See

177[Automatic approval reviews](https://developers.openai.com/codex/agent-approvals-security#automatic-approval-reviews)

178for the policy behavior.

179

173Platform details live in the platform-specific docs. For native Windows setup,180Platform details live in the platform-specific docs. For native Windows setup,

174behavior, and troubleshooting, see [Windows](https://developers.openai.com/codex/windows). For admin181behavior, and troubleshooting, see [Windows](https://developers.openai.com/codex/windows). For admin

175requirements and organization-level constraints on sandboxing and approvals, see182requirements and organization-level constraints on sandboxing and approvals, see

concepts/sandboxing.md Codex Docs, 2026-04-23 12:28 UTC → 2026-05-01 18:29 UTC