II.
Sandbox overview
Reference · livesandbox:codex-read-only
Codex read-only sandbox overview
Codex CLI sandbox mode `read-only`: shell commands run with filesystem writes blocked. This is the most restrictive documented Codex sandbox mode.
Attributes
displayName
Codex read-only sandbox
filesystemPolicy
read-only
networkPolicy
none
description
Codex CLI sandbox mode `read-only`: shell commands run with filesystem writes blocked. This is the most restrictive documented Codex sandbox mode.
fsAllowList
- <workspace>/**
fsDenyList
- <workspace>/**:write
netAllowList
[]
netDenyList
- *
execAllowedBinaries
[]
execDeniedBinaries
[]
envVarScope
inherit-allowlist
secretAccessScope
none
auditLogPolicy
structured-jsonl
policyEvaluationPoint
continuous
Outgoing edges
realizes1
- layer:9-sandbox·LayerSandbox
Incoming edges
about_subject1