Codex avoids being agentic as much as possible

I ran a MongoDB database on Docker on my machine with the help of Codex. I confirmed that ‘/Approvals’ was set to ‘Agent (current)’.

I told it to “test the database”—here the query was intentionally vague to see what it does. It gave me a sequence of four commands and told me to run those.

I then asked it, “Why can’t you run these commands if you have access to Codex CLI’s sandboxed runner?” It said, “Its runner is limited to the workspace and requires permission for anything outside that scope.”

Then I said, “Why don’t you ask for my permission and run those?” and it asks my permission to run those commands.

WHY COULDN’T IT DO THIS AT THE BEGINNING? CLAUDE CODE DOESN’T HAVE THIS ISSUE.

If it’s not primarily agentic, what good is it for programming? If I wanted to primarily chat, I would just go to chatgpt

Hi @sri7 have you set Agent (full access)?
Maybe it need some files outside of that context.
I understand the frustration, but pls don’t use the caps lock. Instead, you can send log or feedback with the codex cli and specify bad result or others.

I completely agree with the user above.

Codex although paired with a good variety of models, is very much limited by its inability to use sub-agents for work.

When you have a legacy repo that is large, it’s sad to watch codex try to understand what’s going on without letting it spawn sub-agents to perform exploration + sumarization it’s painful. Why not let it spawn cheaper agents to get summaries.