Control what it can do: approval modes

🎯Goal. Choose how much Codex can do on its own before it edits files or runs commands.

1. 1In the CLI, use /permissions to switch between Read-only, Auto, and Full Access — they define how much Codex does without stopping to ask. Codex defaults to Agent mode (read, run, and write in your working directory).
2. 2Under the hood the approval policy is one of untrusted, on-request, or never, paired with a sandbox such as workspace-write that scopes edits to your project and protects paths like .git.
3. 3Pick more oversight for unfamiliar or risky work, fewer interruptions when you trust the direction. The IDE offers the same range, from Chat to Agent (Full Access).

✓You'll see. The same task run two ways — approving each step in a read-only / on-request mode, then hands-off in a fuller mode once you trust it.

💳Cost. Approval mode doesn't change token cost — it changes how often you're in the loop; looser modes finish with fewer interruptions.

💡Takeaway. Match the approval mode to your trust in the task — tight when it's risky, loose when you just want it done.