- How to Use Codex CLI Safely Without Losing Context
- Codex CLI Permissions, Sandboxing, and Account Switching Explained
- Stop Typing “Yes” in Codex: A Practical Guide to Approvals and Sandboxes
- How to Give Codex the Right Access Without Going Full YOLO
- Codex CLI Workflow: Workspace Write, Extra Directories, Resume, and Login Switching
Stop Typing “Yes” in Codex: A Practical Guide to Approvals and Sandboxes
Stop Typing “Yes” in Codex: A Practical Guide to Approvals, Sandboxes, Extra Directories, and Account Switching
When you start using Codex CLI seriously, you quickly run into a few practical questions:
“How do I stop Codex from asking yes, yes, yes again and again?”
“How do I allow it to write files in /tmp or another folder?”
“What if one Codex account hits the usage limit and I need to switch accounts?”
“And most importantly: will I lose my current context?”
This tutorial walks through all of those topics in a simple, practical way.
Codex CLI has two major controls you should understand: sandbox mode and approval mode. The sandbox controls what Codex can access, and the approval mode controls when Codex pauses to ask you before running something. OpenAI’s Codex docs describe --sandbox workspace-write with --ask-for-approval on-request as the common “Auto” setup: Codex can read, edit, and run commands inside the working directory, but asks before going outside the workspace or doing things like network access. (OpenAI Developers)
1. The basic Codex command
The simplest way to start Codex is:
codex
This opens the interactive Codex terminal interface.
But if you want Codex to edit code in your current project folder without constantly asking for approval, use:
codex --sandbox workspace-write --ask-for-approval on-request
This is a good everyday setup.
It means:
Codex can work inside the current project folder.
Codex can edit files there.
Codex can run commands there.
Codex will ask before doing higher-risk things outside that boundary.
That is usually much better than blindly approving everything.
2. What --sandbox workspace-write means
This flag:
--sandbox workspace-write
means Codex can write inside the active workspace.
For example, if you are inside this folder:
cd ~/projects/my-app
codex --sandbox workspace-write
Codex can usually work inside:
~/projects/my-app
It can do things like:
edit src/index.js
create tests/app.test.js
run npm test
run pytest
update package files
But it should not freely modify random files elsewhere on your machine.
So this is allowed:
~/projects/my-app/src/main.py
But this may require permission:
~/Documents/another-project/file.py
/etc/hosts
~/.ssh/config
OpenAI’s docs describe the sandbox as the boundary that lets Codex act autonomously without giving it unrestricted access to your machine. (OpenAI Developers)
3. What --ask-for-approval means
The approval mode controls when Codex asks you before running a command.
Common options are:
--ask-for-approval on-request
and:
--ask-for-approval never
OpenAI’s CLI reference lists --ask-for-approval values including untrusted, on-request, and never. It also notes that on-request is preferred for interactive runs, while never is more suitable for non-interactive runs. (OpenAI Developers)
Recommended for normal use
codex --sandbox workspace-write --ask-for-approval on-request
This is the best balance.
Codex can work normally inside your project, but if it needs something more sensitive, it asks.
Fewer prompts
codex --sandbox workspace-write --ask-for-approval never
This means Codex will not stop to ask you for approval.
But there is a catch: it still must stay within the sandbox. If something is blocked, Codex may fail instead of asking.
So use never when you already know the permissions are enough.
4. How to avoid typing yes again and again
Do not solve this by piping yes into Codex:
yes | codex
That is a bad idea because it can approve things you did not actually inspect. Tiny foot-gun, huge boot.
Instead, configure approvals properly.
For normal work:
codex --sandbox workspace-write --ask-for-approval on-request
For trusted local work where you do not want prompts:
codex --sandbox workspace-write --ask-for-approval never
For one-shot automation:
codex exec --sandbox workspace-write --ask-for-approval never "Fix the failing tests"
The important idea is this:
Do not auto-type yes.
Use the approval policy designed for this.
5. How to give Codex access to another folder, such as /tmp
Sometimes Codex needs to write outside your project folder.
For example, it may need:
/tmp
~/scratch
~/projects/shared-library
~/Downloads
The clean way to grant extra access is --add-dir.
Example:
codex --sandbox workspace-write --ask-for-approval on-request --add-dir /tmp
Now Codex can work inside your current project folder and /tmp.
For multiple folders:
codex --sandbox workspace-write \
--ask-for-approval on-request \
--add-dir /tmp \
--add-dir ~/scratch \
--add-dir ~/projects/shared-library
OpenAI’s CLI reference says --add-dir grants additional directories write access alongside the main workspace, and you can repeat it for multiple paths. (OpenAI Developers)
This is the best way to give Codex more room without removing all safety boundaries.
6. How to give access in advance
Yes, you can give access in advance.
Use this pattern:
codex --sandbox workspace-write \
--ask-for-approval on-request \
--add-dir /tmp \
--add-dir ~/projects \
--add-dir ~/Downloads
This tells Codex:
You may write inside the current project.
You may also write inside /tmp.
You may also write inside ~/projects.
You may also write inside ~/Downloads.
Ask me if you need anything else.
For a smoother but still bounded setup:
codex --sandbox workspace-write \
--ask-for-approval never \
--add-dir /tmp \
--add-dir ~/scratch
This means:
Do not ask me.
Work only inside the allowed areas.
That is useful when you want Codex to complete a task without stopping every few minutes.
7. How to make these permissions permanent
Typing long flags every time gets annoying. Very relatable. The terminal is already enough of a little goblin.
You can put defaults in:
~/.codex/config.toml
Example config:
sandbox_mode = "workspace-write"
approval_policy = "on-request"[sandbox_workspace_write]
writable_roots = [ “/tmp”, “/home/YOUR_USER/scratch”, “/home/YOUR_USER/projects/shared-library” ]
Replace YOUR_USER with your real username.
The Codex config reference documents sandbox_workspace_write.writable_roots as additional writable roots when sandbox_mode = "workspace-write". (OpenAI Developers)
You can also enable network access in this section if your workflow needs it:
sandbox_mode = "workspace-write"
approval_policy = "on-request"[sandbox_workspace_write]
network_access = true writable_roots = [ “/tmp”, “/home/YOUR_USER/scratch” ]
OpenAI’s docs note that network_access allows outbound network access inside the workspace-write sandbox. (OpenAI Developers)
Use network access carefully, especially if your repo contains secrets or production credentials.
8. Should you use --yolo?
Codex has a full bypass mode:
codex --dangerously-bypass-approvals-and-sandbox
There is also an alias:
codex --yolo
This disables approvals and sandboxing.
OpenAI’s CLI reference describes this as running commands without approvals or sandboxing, and says it should only be used inside an externally hardened environment. (OpenAI Developers)
In plain English:
Use this only inside a disposable VM, dev container, or isolated machine.
Do not use this casually on your main laptop.
A safer alternative is almost always:
codex --sandbox workspace-write \
--ask-for-approval never \
--add-dir /tmp \
--add-dir ~/scratch
That gives Codex useful freedom without handing over your whole machine.
9. How to check what Codex can access
Inside Codex, run:
/status
This shows useful information about the current session.
OpenAI’s docs mention that /status can show which directories are in the workspace. They also note that the workspace can include the current directory and temporary directories like /tmp, depending on setup. (OpenAI Developers)
So when in doubt, start Codex and run:
/status
Then verify whether /tmp or your extra folder is listed.
10. What to do when one Codex account hits the usage limit
Sometimes your current Codex account hits its usage limit, and you need to login with another account.
The scary question is:
If I logout and login again, will I lose my Codex context?
Usually, no.
Codex sessions are stored locally and can be resumed. The Codex docs say codex resume can reopen previous interactive sessions, and a resumed run keeps the original transcript, plan history, and approvals. (OpenAI Developers)
So the safe flow is:
1. Save or copy your session ID.
2. Exit Codex.
3. Logout.
4. Login with the other account.
5. Resume the previous session.
11. Safe account-switching workflow
Inside your current Codex session, run:
/status
Copy the session ID.
Then exit Codex:
/exit
Now logout:
codex logout
Then login with your other account:
codex login
The Codex CLI reference says codex login authenticates the CLI with a ChatGPT account, API key, or access token, and codex logout removes saved credentials. (OpenAI Developers)
After logging in again, resume:
codex resume
Or resume the latest session in the current working directory:
codex resume --last
Or resume a specific session:
codex resume <SESSION_ID>
The CLI reference documents codex resume --last, codex resume --all, and codex resume <SESSION_ID>. (OpenAI Developers)
12. Extra-safe handoff before switching accounts
Before you logout, it is smart to ask Codex to create a handoff file.
Inside Codex, say:
Create a file named CODEX_HANDOFF.md summarizing:
- current task
- files changed
- decisions made
- commands already run
- remaining TODOs
- exact next command to continue
Then in your terminal, save your current diff:
git status
git diff > codex-wip.patch
This gives you a backup even if something weird happens.
Recommended full sequence:
# Inside Codex
/status
Copy the session ID.
Create CODEX_HANDOFF.md with the current task summary and next steps.
Then:
# Terminal
git status
git diff > codex-wip.patch
codex logout
codex login
codex resume --last
If --last does not pick the right session:
codex resume --all
Or:
codex resume <SESSION_ID>
13. Recommended commands for common situations
Normal daily coding
codex --sandbox workspace-write --ask-for-approval on-request
Use this when you want Codex to edit your project but still ask before risky actions.
Daily coding with /tmp access
codex --sandbox workspace-write \
--ask-for-approval on-request \
--add-dir /tmp
Use this when tools need temporary files.
Trusted repo with fewer prompts
codex --sandbox workspace-write \
--ask-for-approval never \
--add-dir /tmp
Use this when you trust the repo and want fewer interruptions.
Extra writable project folders
codex --sandbox workspace-write \
--ask-for-approval on-request \
--add-dir ~/projects/shared-library \
--add-dir ~/scratch
Use this when Codex needs to modify a shared dependency or scratch folder.
Resume after account switch
codex resume --last
Or:
codex resume --all
Or:
codex resume <SESSION_ID>
Full access mode
codex --yolo
Use only inside a disposable VM/container. Not your main laptop. Seriously, do not let the robot do interpretive dance in your home directory.
14. My recommended setup
For most developers, I recommend this command:
codex --sandbox workspace-write \
--ask-for-approval on-request \
--add-dir /tmp
And this config:
sandbox_mode = "workspace-write"
approval_policy = "on-request"[sandbox_workspace_write]
writable_roots = [ “/tmp”, “/home/YOUR_USER/scratch” ]
This gives Codex enough freedom to be useful, while still keeping boundaries.
If you want fewer prompts in trusted projects, use:
codex --sandbox workspace-write \
--ask-for-approval never \
--add-dir /tmp
But I would avoid --yolo unless you are working inside a disposable dev container or VM.
15. Final cheat sheet
# Start Codex safely with write access to current project
codex --sandbox workspace-write --ask-for-approval on-request
# Allow Codex to also write to /tmp
codex --sandbox workspace-write --ask-for-approval on-request --add-dir /tmp
# Allow multiple folders
codex --sandbox workspace-write \
--ask-for-approval on-request \
--add-dir /tmp \
--add-dir ~/scratch \
--add-dir ~/projects/shared-library
# Reduce approval prompts
codex --sandbox workspace-write --ask-for-approval never --add-dir /tmp
# Check current session and workspace info
/status
# Logout and login with another account
codex logout
codex login
# Resume latest session
codex resume --last
# Resume from any directory
codex resume --all
# Resume exact session
codex resume <SESSION_ID>
# Dangerous full-access mode — only in VM/container
codex --yolo
Conclusion
The best Codex workflow is not “approve everything.” It is giving Codex the right amount of access before it starts.
Use workspace-write for normal coding. Use --add-dir when Codex needs extra folders like /tmp. Use on-request when you still want safety checks. Use never when the task is trusted and bounded. Use codex resume when switching accounts so you do not lose context.
The practical default is:
codex --sandbox workspace-write --ask-for-approval on-request --add-dir /tmp
That setup is boring in the best way: powerful enough to get real coding done, but not wild enough to turn your laptop into a crime scene.