Summary
Manage Codex configuration through dotfiles so the preferred trust model can be adjusted in one place.
Why
I recently moved from Claude Code and found Codex behavior depends heavily on how sandboxing and approvals are configured for each session.
The goal of this issue is to make Codex-related configuration manageable through dotfiles.
The final implementation approach is intentionally left open.
Tips
These startup options are useful reference points when deciding what the dotfiles-managed configuration should eventually support:
-
codex --full-auto
- low-friction sandboxed execution
- equivalent to
-a on-request --sandbox workspace-write
-
codex -a never -s danger-full-access
- very permissive execution without approval prompts
-
codex --dangerously-bypass-approvals-and-sandbox
- no approval flow
- no sandbox
- suitable only for environments that are already trusted or externally sandboxed
-
codex --dangerously-bypass-approvals-and-sandbox --search
- same as above, with web search enabled from the start
These are included here as operational tips and comparison points, not as a decision on the final configuration.
Expected outcome
Have Codex-related configuration managed through dotfiles so future trust-model changes can be made intentionally and consistently.
Acceptance criteria
- Codex-related configuration in dotfiles is updated as part of this work.
- The issue captures concrete Codex startup options as reference material for later implementation.
Summary
Manage Codex configuration through dotfiles so the preferred trust model can be adjusted in one place.
Why
I recently moved from Claude Code and found Codex behavior depends heavily on how sandboxing and approvals are configured for each session.
The goal of this issue is to make Codex-related configuration manageable through dotfiles.
The final implementation approach is intentionally left open.
Tips
These startup options are useful reference points when deciding what the dotfiles-managed configuration should eventually support:
codex --full-auto-a on-request --sandbox workspace-writecodex -a never -s danger-full-accesscodex --dangerously-bypass-approvals-and-sandboxcodex --dangerously-bypass-approvals-and-sandbox --searchThese are included here as operational tips and comparison points, not as a decision on the final configuration.
Expected outcome
Have Codex-related configuration managed through dotfiles so future trust-model changes can be made intentionally and consistently.
Acceptance criteria