Codex Manual
Permissions and Safety
Codex can edit files and run commands. Keep the boundaries clear.
Two core concepts:
- Sandbox controls what Codex can access and write.
- Approval controls when Codex must ask before running commands or escalating access.
Recommended start:
codex --sandbox workspace-write --ask-for-approval on-requestUse full-access modes only in disposable containers, temporary VMs, test-only directories, or environments with a clear rollback plan.
Good habits:
- Ask for a plan before edits.
- Review diffs after each change.
- Run relevant tests.
- Be careful with delete, migrate, overwrite, or privilege-escalating commands.
- Do not write secrets into repositories.