External Publication

Visit Post

Codex VSCode Extension - Agent (full access) always asks for approval

OpenAI Developer Community February 18, 2026

Source

Welcome to the forum!

mguenther:

Any guidance?

Using ChatGPT 5.2

Prompt

I am also impacted by this. Codex asks for approval for every single file change.

I have set

approval_policy = “on-failure”
sandbox_mode = “workspace-write”

And the folder is marked as Trusted Workspace. I tried version 0.5.76 (pre release) and 0.4.75 (release).

Any guidance?

https://github.com/openai/codex/issues

Please search the GitHub OpenAI Codex issues for issues related to the approval problem. The primary issue that is not a duplicate or entries that show how to resolve this would be nice.

Reply

I found several GitHub issues in theopenai/codex: Lightweight coding agent repo that directly relate to persistent approval-prompt behavior (where Codex asks you to approve every file change even when you’ve set approval_policy and sandbox_mode). Below is a curated set of relevant issues that are not duplicates , with concise descriptions of their status and what they indicate:

Relevant GitHub Issues

1. #5824 — `--ask-for-approval never` not respected

Status : Open
Description : Using codex --sandbox workspace-write --ask-for-approval never still does not let Codex write files without prompting for approval — even though /status shows Approval: never. This indicates a bug in the approval enforcement logic in recent CLI versions. (GitHub)

2. #2350 — `--ask-for-approval never` still requires approval on Windows

Status : Closed (but behaviour reported)
Description : On Windows, users report that setting --ask-for-approval never still results in repeated approval prompts for file writes. This is confirmed as issue behavior even though it’s marked closed. (GitHub)

3. #8714 — Session forces `on-request` despite config

Status : Open
Description : Even when the project config sets ask_for_approval=never and sandbox=workspace-write, sessions sometimes start with approval_policy=on-request and keep asking for approvals. This matches the symptom you’re describing. (GitHub)

4. #5038 — VS Code extension ignores `approval_policy="never"`

Status : Open
Description : In the VS Code extension context, approval settings are not consistently respected — the extension resets approvals and requests them repeatedly. This suggests the problem isn’t just config but also how the extension manages state. ([GitHub](https://github.com/openai/codex/issues/5038?utm_source=chatgpt.com "VS Code Codex extension ignores approval_policy="never ..."))

Related Reports & Proposals

These don’t directly fix the problem but show community context:

Discussion #2138 — Bypass not working fully

Users report setting the highest-permission flags still doesn’t stop requests because of new “trusted workspace” behavior introduced in newer versions. (GitHub)

Proposal #3710 — Separate read/write approval policies

Users asked for more granular control to avoid “approve every write” behavior — this is a feature proposal , not a fix. (GitHub)

Issue #3129 — `on-failure` not selectable at runtime

Shows another bug where CLI doesn’t actually set the documented approval mode when switching inside a session. ([GitHub](https://github.com/openai/codex/issues/3129?utm_source=chatgpt.com "Cannot set approval_policy = "on-failure" from within CLI"))

Summary of Root Causes Seen in Issues

These reports share consistent pain points:

Config values not being honored Even when approval_policy = "never" and sandbox_mode = "workspace-write" are set, the session sometimes resets or overrides to ask-for-approval modes. (GitHub)
Extension vs CLI mismatch The VS Code extension frequently behaves differently from the CLI, sometimes resetting or ignoring flags. ([GitHub](https://github.com/openai/codex/issues/5038?utm_source=chatgpt.com "VS Code Codex extension ignores approval_policy="never ..."))
Platform-specific behavior On Windows, approval bypass flags seem especially unreliable. (GitHub)
Internal defaults / migration behavior Discussions hint that updated versions introduce stricter defaults unless workspace is explicitly “trusted” outside your settings. (GitHub)

Practical Notes

There is no confirmed fix yet in the tracker that fully resolves this issue across contexts.
Multiple users report that manually approving a “full access” session the first time reduces repeated prompts — but isn’t a real fix.
The problems are active bug/behavior issues , not intended restrictions per docs.

If you want, I can compile direct links to the specific issue pages (one per item) with short commands for easy navigation.

FYI

Codex features are prioritized by votes in GitHub issues tab Codex

FYI We prioritize feature requests based on upvotes from the community. If a feature request doesn’t get enough upvotes, we’ll close it. It’s therefore important for a feature request to have a clear and compelling title and description. We also recommend that feature requests focus on the problem statement rather than a solution. Describe the use case and what problem you’d like to see solved. There are often multiple ways to address a given problem. Source Note: In GitHub feature request…

Relevant GitHub Issues

1. #5824 — --ask-for-approval never not respected

2. #2350 — --ask-for-approval never still requires approval on Windows

3. #8714 — Session forces on-request despite config

4. #5038 — VS Code extension ignores approval_policy="never"