Skip to main content
The sandbox command allows you to manually execute commands within the same sandbox environment that Codex uses for command execution.

Usage

Description

This command is primarily used for testing and debugging sandbox behavior. It runs the specified command with the same security restrictions that Codex applies when executing commands on your behalf. The sandbox environment varies by platform:
  • Linux: Landlock LSM + seccomp filters (or Bubblewrap if enabled)
  • macOS: Seatbelt sandbox profiles
  • Windows: Restricted token with limited privileges

Options

--sandbox
string
Sandbox mode to use. Options: read-only, workspace-write, danger-full-accessDefault: read-only
--cwd
string
Working directory for the command.Default: current directory

Examples

Run Command in Read-Only Sandbox

Test Workspace Write Access

Run in Specific Directory

Test Network Restrictions

Sandbox Modes

read-only

  • Read access to workspace files
  • No write access
  • No network access
  • Cannot modify system files

workspace-write

  • Read access to workspace files
  • Write access within workspace directory
  • No network access
  • Cannot modify system files outside workspace

danger-full-access

  • Full file system access
  • Network access allowed
  • Can modify any accessible files
  • Use with caution

Use Cases

Testing Sandbox Policies

Verify that your sandbox configuration works as expected:

Debugging Command Failures

When a command fails in Codex, test it manually:

Validating Execpolicy Rules

Test whether a command would be allowed:

Exit Codes

The command returns the exit code of the executed command.

Security Notes

The danger-full-access sandbox mode disables most security restrictions. Only use it when you fully trust the command being executed.
Sandbox behavior may vary between platforms. Always test critical workflows on your target platform.

Sandboxing Concepts

Learn about Codex sandboxing

Exec Policies

Configure execution policies