| |
Codex: I want to run pytest Allow? (y/n)
You press `y`. Next thing you know:
Codex: I want to modify test_user.py Allow? (y/n)
Another `y`. Then another. And another. Every single file it wants to read, every command it wants to execute, every line it wants to modify—confirmation, confirmation, confirmation. It’s like working with an intern who asks for permission every two seconds.
Meanwhile, Claude Code or Cursor Agent does the same thing without making a peep. So, what gives?
The thing is, Codex is configured by default to act like a paranoid assistant. And to be fair, that's the safe choice for a new product. But if you know what you're doing, this conservative mode becomes unbearable when you're trying to actually get things done.
The good news: it takes just two seconds to fix.
## The permission system: *approval mode*
Codex uses something called *approval mode* to determine whether or not it needs your permission. By default, it asks for approval for everything:
- Running commands
- Writing files
- Modifying code
- Creating new files
- Running tests
In plain language: by default, Codex can’t do anything unless you hit `y`. It’s like having to use `sudo` for every single action.
The result is that what should be an autonomous agent turns into an endless back-and-forth where you’re the bottleneck.
## The solution: one flag to make it fly
```bash
codex --approval-mode never
That’s it. With --approval-mode never, Codex stops asking. It will run commands directly, modify files without asking for permission, create what it needs to create. It behaves how an agent should behave.
Want to make it permanent? You’ve got two options:
| |
| |
From now on, every time you launch Codex, it’ll work without interruptions.
The second problem: the sandbox
But there’s another reason Codex keeps getting stuck. Even if you disable confirmations, the default sandbox can be so restrictive that the agent can’t even write to your repository.
The mode you want for development is workspace-write:
- Reads the entire repository
- Modifies existing files
- Creates new files
- Executes commands inside the project
The full command to launch Codex into actual usability is:
| |
Two flags. Just two. That’s all it takes to transform Codex from an assistant that asks for permission to move the mouse into an agent that just gets the job done.
Creating an alias to avoid repetition
If you’re working in the terminal (and if you’re using Codex CLI, I’m assuming you are), create an alias:
| |
From now on:
| |
And you get a Codex that behaves like a real agent.
One-shot mode: fire and forget
Where this gets really exciting is when you pass the task directly as an argument:
| |
No interactive session. No conversation. Codex analyzes the project, runs the tests, identifies the failures, fixes the code, reruns the tests, and repeats until everything passes. Meanwhile, you can grab a coffee.
This pattern — the agentic loop — is exactly what all modern coding agents do under the hood. A loop that keeps iterating until the job is done. The difference is that by default, Codex inserts you into the loop as a mandatory step. With these two flags, you step out of the way and let the loop work its magic.
The awkward comparison with Claude Code
Here’s the part OpenAI doesn’t love to hear: Claude Code already ships like this by default.
| Feature | Codex CLI (default) | Codex CLI (tuned) | Claude Code |
|---|---|---|---|
| Permissions | Asks for EVERYTHING | No prompts at all | Only asks for destructive actions |
| Sandbox | Restrictive | workspace-write | Flexible with selective prompts |
| CLI Mode | Yes | Yes | Native, CLI-first |
| One-shot Mode | codex "prompt" | codex-agent "prompt" | claude --print "prompt" |
| Config Needed | 0 flags | 2 flags | 0 flags |
Claude Code takes a more balanced approach: it lets you work uninterrupted for 90% of operations, but it asks for confirmation on potentially destructive actions (deleting files, running commands that modify the system). It’s the balance Codex should have by default.
What’s the practical result? With Claude Code, you’re productive from minute one. With Codex, you have to go through a configuration ritual first. It’s not a lot of time — literally two flags — but it’s an unnecessary entry barrier that frustrates new users.
The prompt makes all the difference
Once Codex has the permissions, the quality of the output depends 100% on the prompt. A vague prompt leads to vague results.
# Bad
Fix the tests.
# Good
Fix the failing tests in this repository.
Work autonomously:
- inspect the repo structure
- run tests
- modify code to fix failures
- rerun tests
- repeat until all tests pass
Do not ask for confirmation.
The difference is huge. The first prompt might have Codex fixing one test and then stopping. The second explicitly tells it to keep iterating until everything is working. It’s the difference between telling a plumber to “fix this” versus giving them a detailed list of issues.
And this applies just as much to Claude Code, Cursor, or any other agent. The approval mode removes interruptions. The prompt determines whether the work it does without interruptions is good or not.
When NOT to disable permissions
It would be irresponsible of me to tell you to always use --approval-mode never without a warning:
Don’t use it on production repos unless you’re reviewing afterward. An autonomous agent committing directly to main without review is a recipe for disaster. The autonomous mode is perfect for:
- Development branches where you review the results
- Interactive sessions where you’re watching what it does
- Well-scoped tasks: “fix these tests,” “reformat this module,” “update dependencies”
For anything affecting production, Claude Code’s permission model is smarter: work freely but ask for confirmation before hitting the big red button.
The 30-second summary
If Codex CLI is driving you insane with constant confirmations:
| |
| |
Two parameters transform a nervous assistant into an autonomous agent. Codex’s default settings are the safest, not the most productive. Now you know where the switch is.