How do you guys work with Codex in auto-approval mode?

Hi everyone, quick question.

I’m using Codex in allowed repositories with permissions set to auto-approve. I’ve noticed that when Codex needs to run CLI commands or similar actions, it often first hits a sandbox permission error, then retries with an elevated permission request, gets auto-approved, and only then runs the command.

Is there a way to configure Codex so that, when auto-approval is enabled, it requests elevated permissions upfront for commands that need them?

I tried adding this to the instructions, but the results are inconsistent and the logic gets messy. Maybe I’m missing a setting or a better approach.

I run into the same dilemma. After trying several tools and having similar results, I just live with it.

From reading many Codex issues, the problem also seems to vary depending on how Codex is being run. I am not sure of all the currently supported ways to run Codex, but personally I use it on Windows 11 through VS Code with the Codex extension.

Something related I learned of yesterday but have not had a chance to try is the slash command /goal

/goal
Purpose: Set or view an experimental goal for a long-running task.
When to use it: Give Codex a persistent target to track while a larger task runs. Requires features.goals.

Just saw this

image562×108 1.82 KB

There is also the rules mechanism. This is probably the setting you want to look into.

Rules let you allow, prompt, or forbid specific command prefixes when they need to run outside the sandbox.

Official docs: Rules – Codex | OpenAI Developers

Example:

# ~/.codex/rules/default.rules

prefix_rule(
    pattern = ["gh", "pr", "view"],
    decision = "allow",
    justification = "Read-only GitHub PR inspection is allowed outside the sandbox.",
)

According to the docs, decision = “allow” means Codex can run the matching command outside the sandbox without prompting.

Rules are prefix-based and evaluated conservatively. If multiple rules match, the most restrictive result wins.

You can test a rule with:

codex execpolicy check --pretty --rules ~/.codex/rules/default.rules -- gh pr view 7888 --json title,body,comments

Rules are experimental.

Ps. I personally prefer the low involvement auto-review as I haven’t encountered any issues besides the observations you mentioned.

That’s pretty much similar runtime for me except that I’m on JetBrains IDEs. When the auto-approve mode is not enabled, Codex, when hitting the sandbox permission, it gives you the option to authorize it once or multiple times. If you authorize it from now on, that stops being a problem. The issue is when you have a lot of commands. Auto-approve mode is more self-running, but then you can hit that thing every time because the auto-approve mode allows those comments only once. So each time it has to request the approval again. Ideally you would have some sort of a control over how the auto-approval works, maybe even some instructions somewhere, where you can say that for this type of commands please approve them “from now on” instead of approving it “once”. But then I didn’t look specifically into the documentation or other things so I can’t tell for sure. Maybe it is already somewhere baked in.

Oh, this one looks like a potential solution. I’ll check it and report here.

Thanks for asking!

I too will have to look at what @VeitB noted.

Hope this helps!

I edited the post to reference the auto-review mode a bit late. Not sure if you have seen it but that’s what I am using nowadays.

Quick and easy solution for everyday approvals.

Thanks for the link and the update on Docs. I think this one should also be noted as a stand-alone: