Skip to content

Sandbox and approval policies from config.toml are ignored #310

Description

@vedmaka

Sandbox and approval policies are currently controlled by 3 pre-defined modes via INITIAL_AGENT_MODE, but this lacks support for granular policy eg:

sandbox_mode = "danger-full-access"
approval_policy = { granular = {
  rules = true
} }

This is very useful for running Codex in isolated environments where sandboxing mechanisms like bubble wrap are not supported. Natively with the configuration above, Codex has no workspace sandbox, but requires approvals for commands and tool executions. Combined with .rules files, this allows for unrestricted read+writes, with commands and tools calls to be allowedlisted and the rest - go through approvals

This setup is currently not possible if codex-acp is used because sandbox and approval policies are enforced by INITIAL_AGENT_MODE

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions