How to set Codex approval policy

The approval policy controls when Codex pauses for confirmation before running model-generated commands. Stricter policies reduce unintended shell activity in unfamiliar repositories, while looser policies keep trusted automation flowing.

In the Codex CLI, approvals work alongside the sandbox: the sandbox limits what commands can touch, and the policy decides when an action needs explicit approval. Set the policy per run with --ask-for-approval (-a shorthand) or persist it in /~/.codex/config.toml via approval_policy.

In automation and CI, approval prompts can block a pipeline, so set the policy explicitly in scripts. Disabling prompts with never still relies on the selected sandbox, but pairing never with a permissive sandbox (or --dangerously-bypass-approvals-and-sandbox) removes most guardrails and increases risk.

Steps to set Codex approval policy:

Choose an approval policy value for the run.

untrusted prompts before running any command outside a trusted set.
on-failure prompts when an action fails in the sandbox or needs elevated access.
on-request prompts only when the agent explicitly requests approval.
never disables approval prompts for the session.
-a is shorthand for --ask-for-approval.
Run Codex with an on-request approval policy for a single run.
```
$ codex -a on-request exec "Return OK."
OK
```
--full-auto implies --sandbox workspace-write and --ask-for-approval on-request.

Related: How to fix Codex trusted directory errors
Run Codex with an untrusted approval policy for maximum prompting.
```
$ codex -a untrusted exec "Return OK."
OK
```
Related: How to fix Codex trusted directory errors
Run Codex with an on-failure approval policy to prompt only when execution cannot proceed automatically.
```
$ codex -a on-failure exec "Return OK."
OK
```
Related: How to fix Codex trusted directory errors
Run Codex with a never approval policy to suppress prompts in non-interactive runs.
```
$ codex -a never exec -s read-only "Return OK."
OK
```
Combining --ask-for-approval never with --sandbox danger-full-access or --dangerously-bypass-approvals-and-sandbox can run arbitrary commands on the host without confirmation.

Related: How to fix Codex trusted directory errors

Trigger a harmless write in read-only mode to confirm the policy blocks unsafe actions.

$ codex -a on-request exec -s read-only "Create /tmp/codex-approval-test.txt with OK."
I can't create `/tmp/codex-approval-test.txt` because this session is in a read-only sandbox, so file writes are blocked.

Use a throwaway path so denied writes leave no side effects.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.