Welcome to the forum!
Using ChatGPT 5.2
Prompt
I am also impacted by this. Codex asks for approval for every single file change.
I have set
approval_policy = “on-failure”
sandbox_mode = “workspace-write”
And the folder is marked as Trusted Workspace. I tried version 0.5.76 (pre release) and 0.4.75 (release).
Any guidance?
https://github.com/openai/codex/issues
Please search the GitHub OpenAI Codex issues for issues related to the approval problem. The primary issue that is not a duplicate or entries that show how to resolve this would be nice.
Reply
I found several GitHub issues in the openai/codex: Lightweight coding agent repo that directly relate to persistent approval-prompt behavior (where Codex asks you to approve every file change even when you’ve set approval_policy and sandbox_mode). Below is a curated set of relevant issues that are not duplicates, with concise descriptions of their status and what they indicate:
Relevant GitHub Issues
1. #5824 — --ask-for-approval never not respected
- Status: Open
- Description: Using
codex --sandbox workspace-write --ask-for-approval neverstill does not let Codex write files without prompting for approval — even though/statusshowsApproval: never. This indicates a bug in the approval enforcement logic in recent CLI versions. (GitHub)
2. #2350 — --ask-for-approval never still requires approval on Windows
- Status: Closed (but behaviour reported)
- Description: On Windows, users report that setting
--ask-for-approval neverstill results in repeated approval prompts for file writes. This is confirmed as issue behavior even though it’s marked closed. (GitHub)
3. #8714 — Session forces on-request despite config
- Status: Open
- Description: Even when the project config sets
ask_for_approval=neverandsandbox=workspace-write, sessions sometimes start withapproval_policy=on-requestand keep asking for approvals. This matches the symptom you’re describing. (GitHub)
4. #5038 — VS Code extension ignores approval_policy="never"
- Status: Open
- Description: In the VS Code extension context, approval settings are not consistently respected — the extension resets approvals and requests them repeatedly. This suggests the problem isn’t just config but also how the extension manages state. (GitHub)
Related Reports & Proposals
These don’t directly fix the problem but show community context:
Discussion #2138 — Bypass not working fully
- Users report setting the highest-permission flags still doesn’t stop requests because of new “trusted workspace” behavior introduced in newer versions. (GitHub)
Proposal #3710 — Separate read/write approval policies
- Users asked for more granular control to avoid “approve every write” behavior — this is a feature proposal, not a fix. (GitHub)
Issue #3129 — on-failure not selectable at runtime
- Shows another bug where CLI doesn’t actually set the documented approval mode when switching inside a session. (GitHub)
Summary of Root Causes Seen in Issues
These reports share consistent pain points:
-
Config values not being honored
Even whenapproval_policy = "never"andsandbox_mode = "workspace-write"are set, the session sometimes resets or overrides to ask-for-approval modes. (GitHub) -
Extension vs CLI mismatch
The VS Code extension frequently behaves differently from the CLI, sometimes resetting or ignoring flags. (GitHub) -
Platform-specific behavior
On Windows, approval bypass flags seem especially unreliable. (GitHub) -
Internal defaults / migration behavior
Discussions hint that updated versions introduce stricter defaults unless workspace is explicitly “trusted” outside your settings. (GitHub)
Practical Notes
- There is no confirmed fix yet in the tracker that fully resolves this issue across contexts.
- Multiple users report that manually approving a “full access” session the first time reduces repeated prompts — but isn’t a real fix.
- The problems are active bug/behavior issues, not intended restrictions per docs.
FYI