Full-auto mode reduces interaction during repetitive Codex automation runs, keeping focus on the task instead of approval and sandbox prompts.
The --full-auto flag applies a per-run preset for codex exec by setting approval policy to on-request and sandbox mode to workspace-write. The preset applies only to the current command invocation and does not persist to the global configuration.
Sandbox and approval controls still apply in full-auto mode, so actions outside the current workspace or beyond policy can still require confirmation. Running from the intended working directory and reviewing the resulting changes reduces the risk of unintended modifications.
Steps to run Codex in full-auto mode:
- Change to the workspace directory that Codex may write to in workspace-write mode.
$ cd ~/work/app $ pwd /home/user/work/app
Running in the wrong directory can result in unintended file modifications inside that workspace.
- Confirm the working tree is clean before the run.
$ git status --porcelain
No output indicates there are no uncommitted changes.
- Run codex exec with --full-auto enabled.
$ codex exec --full-auto "Return OK." OK
--full-auto applies on-request approvals and the workspace-write sandbox for this run only.
- Respond to approval prompts when shown under the on-request policy.
Approval prompts indicate an action requires confirmation under the current policy.
- Review the resulting changes in the workspace.
$ git diff --stat
No output indicates the run did not modify tracked files.
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
