II.
Sandbox overview
Reference · livesandbox:codex-workspace-write
Codex workspace-write sandbox overview
Codex CLI sandbox mode `workspace-write`: shell commands can write inside the workspace while access outside the configured workspace/additional writable roots remains restricted.
Attributes
displayName
Codex workspace-write sandbox
filesystemPolicy
sandboxed
networkPolicy
none
description
Codex CLI sandbox mode `workspace-write`: shell commands can write inside the workspace while access outside the configured workspace/additional writable roots remains restricted.
fsAllowList
- <workspace>/**
- <add-dir>/**
fsDenyList
- <outside-workspace>/**:write
netAllowList
[]
netDenyList
- *
execAllowedBinaries
[]
execDeniedBinaries
[]
envVarScope
inherit-allowlist
secretAccessScope
named
auditLogPolicy
structured-jsonl
policyEvaluationPoint
continuous
Outgoing edges
realizes1
- layer:9-sandbox·LayerSandbox
Incoming edges
about_subject1