{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiadnd3op6doextzccjyqrgtidp23vnqsi6d3xpkpcnlp6i7awpvha",
    "uri": "at://did:plc:lk3jfj3zq4k4wxnk474axylu/app.bsky.feed.post/3mnqwai6pbbj2"
  },
  "path": "/t/codex-avoids-being-agentic-as-much-as-possible/1371091#post_5",
  "publishedAt": "2026-06-08T04:49:28.000Z",
  "site": "https://community.openai.com",
  "textContent": "The part that seems to trip people up is that Codex has two different boundaries at once: tool capability and side-effect authorization.\n\nA vague request like “test the database” can look simple, but if the required commands cross the workspace or runtime boundary, the model has to decide whether it is still exploring, proposing, or actually executing.\n\nThe failure mode I keep seeing is not that the model cannot reason. It is that the run is missing a clean operating rule for when it should ask, when it should stop, and when another retry is no longer adding new evidence",
  "title": "Codex avoids being agentic as much as possible"
}