iiRecord
Agentic AI Atlas · Codex workspace-write sandbox
sandbox:codex-workspace-writea5c.ai
II.
Sandbox JSON

sandbox:codex-workspace-write

Structured · live

Codex workspace-write sandbox json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · lifecycle/sandboxes/codex-sandboxes.yamlCluster · lifecycle
Record JSON
{
  "id": "sandbox:codex-workspace-write",
  "_kind": "Sandbox",
  "_file": "lifecycle/sandboxes/codex-sandboxes.yaml",
  "_cluster": "lifecycle",
  "attributes": {
    "displayName": "Codex workspace-write sandbox",
    "filesystemPolicy": "sandboxed",
    "networkPolicy": "none",
    "description": "Codex CLI sandbox mode `workspace-write`: shell commands can write inside the workspace while access outside the configured workspace/additional writable roots remains restricted.\n",
    "fsAllowList": [
      "<workspace>/**",
      "<add-dir>/**"
    ],
    "fsDenyList": [
      "<outside-workspace>/**:write"
    ],
    "netAllowList": [],
    "netDenyList": [
      "*"
    ],
    "execAllowedBinaries": [],
    "execDeniedBinaries": [],
    "envVarScope": "inherit-allowlist",
    "secretAccessScope": "named",
    "auditLogPolicy": "structured-jsonl",
    "policyEvaluationPoint": "continuous"
  },
  "outgoingEdges": [
    {
      "from": "sandbox:codex-workspace-write",
      "to": "layer:9-sandbox",
      "kind": "realizes",
      "attributes": {}
    }
  ],
  "incomingEdges": [
    {
      "from": "claim:codex-research-sandbox-modes",
      "to": "sandbox:codex-workspace-write",
      "kind": "about_subject"
    }
  ]
}