If you’re using OpenAI’s Codex CLI, you might want it to work like Claude Code does by default: able to run powerful commands, but asking for your approval first.

Understanding the Codex Sandbox

Codex CLI has a safety feature called sandbox mode that restricts what the AI can do:

• It can’t modify files outside specific directories
• It can’t make network requests
• It can’t execute arbitrary shell commands
• It can’t access sensitive system resources

This is great for security, but it also means Codex can’t do much useful work on real projects.

Codex Ships Too Locked Down (or Too Autonomous)

By default, Codex CLI either:

• Runs in the restrictive sandbox (safe but limited)
• Runs with full autonomy outside the sandbox (powerful but scary)

Neither setup gives you the sweet spot: full system access with human-in-the-loop approval.

How to Make Codex Ask Before Running Commands

Edit your Codex config file at ~/.codex/config.toml and add these lines at the top:

approval_policy = "untrusted"
sandbox_mode    = "danger-full-access"

What This Does

approval_policy = "untrusted": Codex will prompt you before executing any command. You review and approve each action.

sandbox_mode = "danger-full-access": Gives Codex full system access (file operations, network calls, shell commands, etc.) so it can actually get work done.

Together, these settings mean: Codex can do anything, but only with your explicit approval.

Subscribe to my Newsletter

Get the latest updates delivered straight to your inbox

I respect your privacy. Unsubscribe at any time.