Approval Modes: Suggest, Auto Edit, and Full Auto

One of the most important concepts in Codex CLI is the approval mode system. It determines how much autonomy you give the agent when it works on your code. Understanding these modes is essential for using Codex safely and efficiently.

What You Will Learn

The three approval modes in Codex CLI: Suggest, Auto Edit, and Full Auto
What each mode allows and restricts
How to choose the right mode for different tasks
How to switch between modes during a session
Safety considerations for each level of autonomy

Why Approval Modes Matter

When an AI agent can read files, write code, and run commands on your machine, you need clear control over what it can do without asking. Codex solves this with three approval modes that create a spectrum from "ask me everything" to "handle it yourself."

Choosing the right mode is about matching the level of trust to the task. A quick exploration of unfamiliar code calls for Suggest mode. A routine refactoring in a well-tested project might warrant Full Auto.

Suggest Mode (Default)

Suggest is the default mode when you launch Codex. It provides the most control.

In Suggest mode, Codex:

Can read any file in your project freely
Must ask permission before writing or editing any file
Must ask permission before running any shell command

This means Codex will analyze your code, plan its approach, and then show you exactly what it wants to do. You review each action and approve or reject it.

Example workflow in Suggest mode:

You: "Add input validation to the login endpoint"

Codex: I'll need to modify src/routes/auth.js to add validation.
Here's the change I'd like to make:
[shows diff]
Do you want me to apply this change? (y/n)

You: y

Codex: Now I'd like to run the tests to verify:
$ npm test
Allow? (y/n)

When to use Suggest mode:

You are working on critical code (authentication, payments, data handling)
You are learning what Codex can do and want to see its reasoning
The codebase is unfamiliar and you want to review every change
You are working on a shared project and need to verify changes before they go in

Auto Edit Mode

Auto Edit gives Codex more freedom while maintaining guard rails around command execution.

In Auto Edit mode, Codex:

Can read any file in your project freely
Can write and edit files without asking
Must ask permission before running shell commands

This mode is ideal when you trust Codex to make code changes but want to control what commands run on your system. Codex will freely edit files but will pause and ask before executing commands like npm install, git commit, or any other shell operation.

Example workflow in Auto Edit mode:

You: "Refactor the user service to use async/await instead of callbacks"

Codex: [automatically edits src/services/user.js]
[automatically edits src/services/user.test.js]

I've updated both files. I'd like to run the tests to verify:
$ npm test
Allow? (y/n)

When to use Auto Edit mode:

You are doing refactoring tasks where the code changes are straightforward
You trust Codex with file edits but want to approve any system commands
You want faster iteration without approving every file change
The project has good test coverage that you will run manually

Full Auto Mode

Full Auto gives Codex maximum autonomy. Use it with care.

In Full Auto mode, Codex:

Can read any file freely
Can write and edit files without asking
Can run shell commands without asking

Codex handles the entire workflow end to end. It reads your code, makes changes, runs tests, fixes failures, and keeps going until the task is complete.

Example workflow in Full Auto mode:

You: "Add comprehensive error handling to all API endpoints, run the tests, and fix any failures"

Codex: [reads all route files]
[edits src/routes/users.js]
[edits src/routes/products.js]
[edits src/routes/orders.js]
[runs: npm test]
[sees 2 failing tests]
[edits src/routes/orders.js to fix the issue]
[runs: npm test]
[all tests pass]

Done. I've added try-catch error handling to 3 API route files.
2 tests initially failed due to a missing error status code,
which I've fixed. All 47 tests now pass.

When to use Full Auto mode:

The task is well-defined and you trust Codex to handle it independently
You have good test coverage that will catch mistakes
You are working on a personal project or in a sandboxed environment
The task is repetitive (fixing lint errors, adding boilerplate, updating imports)

Switching Between Modes

You can set the approval mode when launching Codex:

codex --approval-mode suggest "your task"
codex --approval-mode auto-edit "your task"
codex --approval-mode full-auto "your task"

You can also configure a default mode in your Codex configuration file so you do not have to specify it every time.

Safety Considerations

Suggest mode is the safest because you see and approve every action. The downside is that frequent approvals slow you down for large tasks.

Auto Edit mode is a good balance for most development work. Code changes are usually reversible (you have git), but errant shell commands can be harder to undo.

Full Auto mode is powerful but requires trust. Consider these precautions:

Always work in a git repository so you can revert changes
Make sure your project has test coverage
Do not use Full Auto on production systems
Review the changes after Codex finishes (use git diff)
Start with smaller tasks in Full Auto before graduating to larger ones

A Practical Rule of Thumb

Here is a simple decision framework:

Situation	Recommended Mode
Exploring unfamiliar code	Suggest
Writing new features	Suggest or Auto Edit
Refactoring with tests	Auto Edit
Fixing lint/format issues	Full Auto
Updating dependencies	Auto Edit
Writing tests for existing code	Auto Edit or Full Auto
Production hotfix	Suggest

Key Takeaways

Codex CLI has three approval modes: Suggest (most control), Auto Edit (file edits are automatic), and Full Auto (everything is automatic)
Suggest mode is the default and requires your approval for every file write and command execution
Auto Edit mode lets Codex freely modify files but asks before running commands
Full Auto mode gives Codex complete autonomy to read, write, and execute
Choose the mode based on how much you trust the task, your test coverage, and the risk level
Always work in a git repository so you can revert changes regardless of the mode

Approval Modes: Suggest, Auto Edit, and Full Auto

What You Will Learn

The three approval modes in Codex CLI: Suggest, Auto Edit, and Full Auto
What each mode allows and restricts
How to choose the right mode for different tasks
How to switch between modes during a session
Safety considerations for each level of autonomy

Why Approval Modes Matter

Suggest Mode (Default)

Suggest is the default mode when you launch Codex. It provides the most control.

In Suggest mode, Codex:

Can read any file in your project freely
Must ask permission before writing or editing any file
Must ask permission before running any shell command

This means Codex will analyze your code, plan its approach, and then show you exactly what it wants to do. You review each action and approve or reject it.

Example workflow in Suggest mode:

You: "Add input validation to the login endpoint"

Codex: I'll need to modify src/routes/auth.js to add validation.
Here's the change I'd like to make:
[shows diff]
Do you want me to apply this change? (y/n)

You: y

Codex: Now I'd like to run the tests to verify:
$ npm test
Allow? (y/n)

When to use Suggest mode:

You are working on critical code (authentication, payments, data handling)
You are learning what Codex can do and want to see its reasoning
The codebase is unfamiliar and you want to review every change
You are working on a shared project and need to verify changes before they go in

Auto Edit Mode

Auto Edit gives Codex more freedom while maintaining guard rails around command execution.

In Auto Edit mode, Codex:

Can read any file in your project freely
Can write and edit files without asking
Must ask permission before running shell commands

Example workflow in Auto Edit mode:

You: "Refactor the user service to use async/await instead of callbacks"

Codex: [automatically edits src/services/user.js]
[automatically edits src/services/user.test.js]

I've updated both files. I'd like to run the tests to verify:
$ npm test
Allow? (y/n)

When to use Auto Edit mode:

You are doing refactoring tasks where the code changes are straightforward
You trust Codex with file edits but want to approve any system commands
You want faster iteration without approving every file change
The project has good test coverage that you will run manually

Full Auto Mode

Full Auto gives Codex maximum autonomy. Use it with care.

In Full Auto mode, Codex:

Can read any file freely
Can write and edit files without asking
Can run shell commands without asking

Codex handles the entire workflow end to end. It reads your code, makes changes, runs tests, fixes failures, and keeps going until the task is complete.

Example workflow in Full Auto mode:

You: "Add comprehensive error handling to all API endpoints, run the tests, and fix any failures"

Codex: [reads all route files]
[edits src/routes/users.js]
[edits src/routes/products.js]
[edits src/routes/orders.js]
[runs: npm test]
[sees 2 failing tests]
[edits src/routes/orders.js to fix the issue]
[runs: npm test]
[all tests pass]

Done. I've added try-catch error handling to 3 API route files.
2 tests initially failed due to a missing error status code,
which I've fixed. All 47 tests now pass.

When to use Full Auto mode:

The task is well-defined and you trust Codex to handle it independently
You have good test coverage that will catch mistakes
You are working on a personal project or in a sandboxed environment
The task is repetitive (fixing lint errors, adding boilerplate, updating imports)

Switching Between Modes

You can set the approval mode when launching Codex:

codex --approval-mode suggest "your task"
codex --approval-mode auto-edit "your task"
codex --approval-mode full-auto "your task"

You can also configure a default mode in your Codex configuration file so you do not have to specify it every time.

Safety Considerations

Suggest mode is the safest because you see and approve every action. The downside is that frequent approvals slow you down for large tasks.

Auto Edit mode is a good balance for most development work. Code changes are usually reversible (you have git), but errant shell commands can be harder to undo.

Full Auto mode is powerful but requires trust. Consider these precautions:

Always work in a git repository so you can revert changes
Make sure your project has test coverage
Do not use Full Auto on production systems
Review the changes after Codex finishes (use git diff)
Start with smaller tasks in Full Auto before graduating to larger ones

A Practical Rule of Thumb

Here is a simple decision framework:

Situation	Recommended Mode
Exploring unfamiliar code	Suggest
Writing new features	Suggest or Auto Edit
Refactoring with tests	Auto Edit
Fixing lint/format issues	Full Auto
Updating dependencies	Auto Edit
Writing tests for existing code	Auto Edit or Full Auto
Production hotfix	Suggest

Key Takeaways

Codex CLI has three approval modes: Suggest (most control), Auto Edit (file edits are automatic), and Full Auto (everything is automatic)
Suggest mode is the default and requires your approval for every file write and command execution
Auto Edit mode lets Codex freely modify files but asks before running commands
Full Auto mode gives Codex complete autonomy to read, write, and execute
Choose the mode based on how much you trust the task, your test coverage, and the risk level
Always work in a git repository so you can revert changes regardless of the mode

Approval Modes: Suggest, Auto Edit, and Full Auto

What You Will Learn

Why Approval Modes Matter

Suggest Mode (Default)

Auto Edit Mode

Full Auto Mode

Switching Between Modes

Safety Considerations

A Practical Rule of Thumb

Key Takeaways

Quiz

Approval Modes: Suggest, Auto Edit, and Full Auto

What You Will Learn

Why Approval Modes Matter

Suggest Mode (Default)

Auto Edit Mode

Full Auto Mode

Switching Between Modes

Safety Considerations

A Practical Rule of Thumb

Key Takeaways

Quiz