Control when Codex stops to ask

approvals & sandbox

// what it does

-a/--ask-for-approval sets when Codex pauses for you. untrusted asks before anything not known-safe; on-request (the repo default) works freely inside the sandbox and asks only to step outside it or use the network; never never prompts. Persist it with approval_policy in config.toml.

// shell

$ codex --ask-for-approval on-request "refactor and run the tests"
$ codex -a untrusted "explore the repo and summarize it"

// gotcha

never does not mean "do anything" — the sandbox still constrains it. For truly unfenced runs, pair -a never with --sandbox danger-full-access (or use --yolo), and understand the risk.

// resources