Cmd. /permissions
Change Codex approval and permission policy during a session.
Key takeaways
/permissionsadjusts what Codex can do without asking first, letting you tighten or relax approval requirements mid-session.- The legacy
/approvalsalias still works, but the official slash popup uses/permissions; "reject" policy language was replaced by "granular". - Since 0.133.0, permission profiles gained list APIs, inheritance, and managed
requirements.tomlsupport; 0.134.0 moved--profileto separate~/.codex/<profile>.config.tomlfiles. - Treat
/permissionsas part of the safety boundary, not a convenience toggle, and re-check policy after side conversations, resumed sessions, or remote app-server flows.
Original Command Declaration
/permissionsOfficial Summary
/permissions adjusts what Codex can do without asking first. Use it to tighten or relax approval
requirements while the session is still running.
Usage
/permissionsGood Examples
- Start a risky refactor in a stricter mode, then move to a more autonomous mode after the plan is clear.
- Use
/statusbefore and after the change to confirm the effective approval policy.
Similar Commands
| Command | Difference | Choose It When |
|---|---|---|
/permissions | Changes approval and permission behavior | You need to change autonomy mid-session |
/approvals | Legacy alias | You are handling an older playbook or habit |
/status | Inspects current state | You need to confirm the active policy |
Use Cases
- Standardizing safe default autonomy for team sessions.
- Switching from read-only investigation to controlled edits.
- Aligning approval behavior with MCP tools, plugins, and shell escalation.
Recent Changes
- The older "reject" policy language was replaced by "granular" in newer configuration flows.
/approvalsstill works as an alias, but the official slash popup uses/permissions.- Permission state is now more consistent across TUI turns, MCP sandbox metadata, shell escalation, and app-server APIs.
- In 0.133.0, permission profiles gained list APIs, inheritance, managed
requirements.tomlsupport, and runtime refresh behavior. - In 0.134.0,
--profilemoved to separate~/.codex/<profile>.config.tomlprofile files instead of legacy[profiles.<name>]tables. - In 0.135.0, the
/permissionspicker shows named permission profiles and configured custom profiles. - In 0.138.0~0.139.0,
codex sandbox --permissions-profilegained the shorter-Palias,/debug-configcan show effective sandbox modes, and configured network proxy enforcement also applies to the sandbox path.
Cautions
- Treat
/permissionsas part of the safety boundary, not as a convenience toggle. - Re-check policy after side conversations, resumed sessions, or remote app-server flows.
Release Basis
- Judgment: confirmed addition
- First evidence version:
rust-v0.89.0 - Date (UTC): 2026-01-22
- Release link: https://github.com/openai/codex/releases/tag/rust-v0.89.0
Sources
- Codex slash commands: https://developers.openai.com/codex/cli/slash-commands
- Codex CLI features: https://developers.openai.com/codex/cli/features