高级Codex用户。我们推出了粗放沙箱模式的替代方案:可重用、可继承的权限配置文件,将操作系统强制文件读/写/拒绝规则(甚至**/*.env)绑定到每域网络和Unix套接字。外加故障关闭的管理员白名单。每任务最小权限。
Advanced Codex users. We shipped a replacement to coarse sandbox modes: reusable, inheritable permission profiles binding OS-enforced file read/write/deny rules (even **/*.env) to per-domain network + Unix sockets. Plus fail-closed admin allowlists. Least privilege per task.
https://developers.openai.com/codex/permissions