Loading
Approvals are your mechanism to get user consent to run shell commands without the sandbox. approvalpolicy is unless-trusted: The harness will escalate most commands for user approval, apart from a limited allowlist of safe "read" commands.
Recommended by author
This prompt takes no variables — just pick a model and run.
--- name: 'Permission: permission-approval-unless-trusted' category: permission codex_version: rust-v0.128.0-alpha.1 codex_commit: 8148b7b1f8660e464661743587f754471ae60868 source: path: codex-rs/core/src/context/prompts/permissions/approval_policy/unless_trusted.md kind: include_str reached_from: - permissions_instructions.rs:19 extraction: pass: 1 method: file variables: [] tokens: o200k_base: 50 description: '`codex-rs/core/src/context/prompts/permissions/approval_policy/unless_trusted.md`' --- Approvals are your mechanism to get user consent to run shell commands without the sandbox. `approval_policy` is `unless-trusted`: The harness will escalate most commands for user approval, apart from a limited allowlist of safe "read" commands.
Running prompts needs a free account.
Sign in and we'll stream the response from Claude Sonnet 4.6 right here — no config needed for the platform models.
Approvals are your mechanism to get user consent to run shell commands without the sandbox. approvalpolicy is unless-trusted: The harness will escalate most commands for user approval, apart from a limited allowlist of safe "read" commands.
--- name: 'Permission: permission-approval-unless-trusted' category: permission codex_version: rust-v0.128.0-alpha.1 codex_commit: 8148b7b1f8660e464661743587f754471ae60868 source: path: codex-rs/core/src/context/prompts/permissions/approval_policy/unless_trusted.md kind: include_str reached_from: - permissions_instructions.rs:19 extraction: pass: 1 method: file variables: [] tokens: o200k_base: 50 description: '`codex-rs/core/src/context/prompts/permissions/approval_policy/unless_trusted.md`' --- Approvals are your mechanism to get user consent to run shell commands without the sandbox. `approval_policy` is `unless-trusted`: The harness will escalate most commands for user approval, apart from a limited allowlist of safe "read" commands.