Codex auto-review shows safer agents

OpenAI updated Codex on April 23 with automatic approval reviews, adding a reviewer agent that can screen some approval prompts before a human responds. (developers.openai.com) Coding agents are software tools that can read files, edit code, and run commands, which makes their permission system as important as the model itself. Codex says its safety controls come from two layers: a sandbox that limits what the agent can technically do, and an approval policy that decides when it must stop and ask. (developers.openai.com) In Codex’s local tools, network access is off by default, and operating-system controls usually limit writes to the current workspace. In Codex cloud, OpenAI says tasks run in isolated containers, with setup allowed to fetch dependencies before the agent phase runs offline by default. (developers.openai.com) (openai.com) The new auto-review feature does not remove the human entirely. OpenAI says the reviewer can mark an approval request approved, denied, stopped, or timed out, and the Codex app shows that status and a risk level before the user decides. (developers.openai.com) Codex’s default “Auto” preset already allows the agent to read files, make edits, and run commands inside the working directory automatically. It still asks for approval to edit files outside the workspace or to run commands that require network access. (developers.openai.com) OpenAI has also added enterprise controls around that workflow. Its managed-configuration docs say administrators can enforce requirements for approval policy, sandbox mode, web search mode, and the automatic review policy, with managed rules overriding incompatible local settings. (developers.openai.com) That matters because OpenAI is now selling Codex as a broader software-development platform, not just a command-line helper. The company said this week that Codex has reached 4 million weekly active users and launched Codex Labs with partners including Accenture, PwC, Infosys, and Tata Consultancy Services. (openai.com) OpenAI’s Codex app update last week pushed in the same direction. The company added computer use, in-app browsing, plugins, memory, and support for reviewing pull requests and connecting to remote development boxes over Secure Shell, or SSH. (openai.com) The practical pitch is narrower than the hype: let the agent move faster inside a fenced area, and escalate only when it tries to cross a boundary. OpenAI’s own docs still describe those boundaries in concrete terms — workspace limits, network gates, destructive-tool approvals, and cloud isolation. (developers.openai.com) So the story in Codex is not “no approvals.” It is more approvals being pre-screened by another agent, while the hard stops stay attached to network access, destructive actions, and anything outside the trusted workspace. (developers.openai.com 1) (developers.openai.com 2)