Doesn't Codex already have a sandbox and approval policy?

Yes. Codex already has a strong native security model. Agent Approve complements it with mobile approvals, Apple Watch notifications, and one shared workflow across Codex and your other agents.

What does Agent Approve add on top of Codex?

It adds mobile oversight and cross-agent governance. You can approve actions from your phone, keep one set of guardrails across tools, and review Codex activity in the same history as the rest of your agents.

All agents

Agent Approve for OpenAI Codex

Mobile approvals, guardrails, and activity monitoring for OpenAI Codex from your phone

GUICLIHook integration

Agent Approve gives you centralized control over Codex from your phone. Approve or deny actions from your iPhone or Apple Watch, with push notifications so you know when Codex needs a decision.

You get one shared set of guardrails, one activity history, and one approval workflow that works the same way across Codex, Cursor, Claude Code, Gemini CLI, OpenCode, OpenClaw, and Copilot.

Install Codex

Quick start

Download Agent Approve from the App Store and complete onboarding.

Run npx agentapprove on your machine and select OpenAI Codex.

The installer enables codex_hooks = true in ~/.codex/config.toml automatically.

Scan the QR code to pair, then start using Codex.

Install command

npx agentapprove

Agent Approve config: ~/.agentapprove/

Codex hook config: ~/.codex/hooks.json

agentapprovev0.1.12

Recommended configuration

•The installer enables the codex_hooks feature flag in ~/.codex/config.toml automatically.
•Set the Approval policy to "Never" in Codex Configuration settings to delegate all permission decisions to Agent Approve.
•Hooks are still experimental — you may occasionally see native Codex permission prompts alongside Agent Approve during this phase.

Capabilities

Approval requests

Follow-up commands

Voice input

Activity monitoring

Push notifications

MCP tool tracking

Good to know

Cross-agent workflow – Agent Approve gives you a shared mobile approval workflow across Codex and all your other tools.

Experimental hooks – Codex hooks are experimental and documented at developers.openai.com/codex/hooks.

Auto-enabled – The installer enables the codex_hooks feature flag automatically. If you reinstall Codex or reset its config, you may need to re-enable it.

Config levels – Hooks support both user-level (~/.codex/hooks.json) and project-level (.codex/hooks.json) configuration.

Follow-up commands – Supported on the Stop hook.

Bulk command parsing – Policy evaluation parses shell commands chained with && into individual sub-commands evaluated independently. A dangerous command like rm -rf hidden as the third step in a chain is caught even when the batch starts with safe commands.

Stay up to date – Run npx agentapprove again at any time to update hooks to the latest version.

Use cases

Step away from your desk and approve Codex actions from your phone instead of staying at your laptop.

Use the same deny rules across Codex and all your other agents instead of managing each tool separately.

Monitor Codex session activity and see what tools it ran in the same history as your other agents.