From a086f82dfa67ac9e9fda67fe7143522fb87731a0 Mon Sep 17 00:00:00 2001
From: Gabriel Gordon-Hall <gabriel@bloop.ai>
Date: Thu, 11 Sep 2025 16:40:01 +0100
Subject: [PATCH] feat: support Codex `--full-auto` mode (#664)

* make codex --full-auto mode default

* change codex high to auto mode
---
 crates/executors/default_profiles.json  |  4 ++--
 crates/executors/src/executors/codex.rs | 11 ++++++++---
 shared/schemas/codex.json               |  1 +
 shared/types.ts                         |  2 +-
 4 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/crates/executors/default_profiles.json b/crates/executors/default_profiles.json
index 5a17d67a..904fdf4d 100644
--- a/crates/executors/default_profiles.json
+++ b/crates/executors/default_profiles.json
@@ -36,12 +36,12 @@
     "CODEX": {
       "DEFAULT": {
         "CODEX": {
-          "sandbox": "danger-full-access"
+          "sandbox": "auto"
         }
       },
       "HIGH": {
         "CODEX": {
-          "sandbox": "danger-full-access",
+          "sandbox": "auto",
           "model_reasoning_effort": "high"
         }
       }
diff --git a/crates/executors/src/executors/codex.rs b/crates/executors/src/executors/codex.rs
index 738646fa..9e008e35 100644
--- a/crates/executors/src/executors/codex.rs
+++ b/crates/executors/src/executors/codex.rs
@@ -34,6 +34,7 @@ use crate::{
 #[serde(rename_all = "kebab-case")]
 #[strum(serialize_all = "kebab-case")]
 pub enum SandboxMode {
+    Auto,
     ReadOnly,
     WorkspaceWrite,
     DangerFullAccess,
@@ -253,9 +254,13 @@ impl Codex {
         }
 
         if let Some(sandbox) = &self.sandbox {
-            builder = builder.extend_params(["--sandbox", sandbox.as_ref()]);
-            if sandbox == &SandboxMode::DangerFullAccess && self.approval.is_none() {
-                builder = builder.extend_params(["--dangerously-bypass-approvals-and-sandbox"]);
+            if sandbox == &SandboxMode::Auto {
+                builder = builder.extend_params(["--full-auto"]);
+            } else {
+                builder = builder.extend_params(["--sandbox", sandbox.as_ref()]);
+                if sandbox == &SandboxMode::DangerFullAccess && self.approval.is_none() {
+                    builder = builder.extend_params(["--dangerously-bypass-approvals-and-sandbox"]);
+                }
             }
         }
 
diff --git a/shared/schemas/codex.json b/shared/schemas/codex.json
index 30f5c746..bf29be59 100644
--- a/shared/schemas/codex.json
+++ b/shared/schemas/codex.json
@@ -18,6 +18,7 @@
         "null"
       ],
       "enum": [
+        "auto",
         "read-only",
         "workspace-write",
         "danger-full-access",
diff --git a/shared/types.ts b/shared/types.ts
index c1e70a31..cc965ae8 100644
--- a/shared/types.ts
+++ b/shared/types.ts
@@ -154,7 +154,7 @@ export type Amp = { append_prompt: AppendPrompt, dangerously_allow_all?: boolean
 
 export type Codex = { append_prompt: AppendPrompt, sandbox?: SandboxMode | null, approval?: ApprovalPolicy | null, oss?: boolean | null, model?: string | null, model_reasoning_effort?: ReasoningEffort | null, model_reasoning_summary?: ReasoningSummary | null, base_command_override?: string | null, additional_params?: Array<string> | null, };
 
-export type SandboxMode = "read-only" | "workspace-write" | "danger-full-access";
+export type SandboxMode = "auto" | "read-only" | "workspace-write" | "danger-full-access";
 
 export type ApprovalPolicy = "untrusted" | "on-failure" | "on-request" | "never";