Codex workspace-write sandbox
sandbox:codex-workspace-write
Sandboxlifecycle/sandboxes/codex-sandboxes.yaml·Open in Graph → {
"id": "sandbox:codex-workspace-write",
"_kind": "Sandbox",
"_file": "lifecycle/sandboxes/codex-sandboxes.yaml",
"_cluster": "lifecycle",
"attributes": {
"displayName": "Codex workspace-write sandbox",
"filesystemPolicy": "sandboxed",
"networkPolicy": "none",
"description": "Codex CLI sandbox mode `workspace-write`: shell commands can write inside the workspace while access outside the configured workspace/additional writable roots remains restricted.\n",
"fsAllowList": [
"<workspace>/**",
"<add-dir>/**"
],
"fsDenyList": [
"<outside-workspace>/**:write"
],
"netAllowList": [],
"netDenyList": [
"*"
],
"execAllowedBinaries": [],
"execDeniedBinaries": [],
"envVarScope": "inherit-allowlist",
"secretAccessScope": "named",
"auditLogPolicy": "structured-jsonl",
"policyEvaluationPoint": "continuous"
},
"outgoingEdges": [
{
"from": "sandbox:codex-workspace-write",
"to": "layer:9-sandbox",
"kind": "realizes",
"attributes": {}
}
],
"incomingEdges": [
{
"from": "claim:codex-research-sandbox-modes",
"to": "sandbox:codex-workspace-write",
"kind": "about_subject"
}
]
}