fix: default codex-cli sandbox to workspace-write

Landed from contributor PR #39336 by @0xtangping.

Co-authored-by: john <john.j@min123.net>

CHANGELOG.md

@@ -334,6 +334,7 @@ Docs: https://docs.openclaw.ai
 - Agents/tool-call dispatch normalization: normalize provider-prefixed tool names before dispatch across `toolCall`, `toolUse`, and `functionCall` blocks, while preserving multi-segment tool suffixes when stripping provider wrappers so malformed-but-recoverable tool names no longer fail with `Tool not found`. (#39328) Thanks @vincentkoc.
 - Agents/parallel tool-call compatibility: honor `parallel_tool_calls` / `parallelToolCalls` extra params only for `openai-completions` and `openai-responses` payloads, preserve higher-precedence alias overrides across config and runtime layers, and ignore invalid non-boolean values so single-tool-call providers like NVIDIA-hosted Kimi stop failing on forced parallel tool-call payloads. (#37048) Thanks @vincentkoc.
 - Config/invalid-load fail-closed: stop converting `INVALID_CONFIG` into an empty runtime config, keep valid settings available only through explicit best-effort diagnostic reads, and route read-only CLI diagnostics through that path so unknown keys no longer silently drop security-sensitive config. (#28140) Thanks @bobsahur-robot and @vincentkoc.
+- Agents/codex-cli sandbox defaults: switch the built-in Codex backend from `read-only` to `workspace-write` so spawned coding runs can edit files out of the box. Landed from contributor PR #39336 by @0xtangping. Thanks @0xtangping.
 
 ## 2026.3.2
 

src/agents/cli-backends.test.ts

@@ -3,6 +3,31 @@ import type { OpenClawConfig } from "../config/config.js";
 import { resolveCliBackendConfig } from "./cli-backends.js";
 
 describe("resolveCliBackendConfig reliability merge", () => {
+  it("defaults codex-cli to workspace-write for fresh and resume runs", () => {
+    const resolved = resolveCliBackendConfig("codex-cli");
+
+    expect(resolved).not.toBeNull();
+    expect(resolved?.config.args).toEqual([
+      "exec",
+      "--json",
+      "--color",
+      "never",
+      "--sandbox",
+      "workspace-write",
+      "--skip-git-repo-check",
+    ]);
+    expect(resolved?.config.resumeArgs).toEqual([
+      "exec",
+      "resume",
+      "{sessionId}",
+      "--color",
+      "never",
+      "--sandbox",
+      "workspace-write",
+      "--skip-git-repo-check",
+    ]);
+  });
+
   it("deep-merges reliability watchdog overrides for codex", () => {
     const cfg = {
       agents: {

src/agents/cli-backends.ts

@@ -71,7 +71,15 @@ const DEFAULT_CLAUDE_BACKEND: CliBackendConfig = {
 
 const DEFAULT_CODEX_BACKEND: CliBackendConfig = {
   command: "codex",
-  args: ["exec", "--json", "--color", "never", "--sandbox", "read-only", "--skip-git-repo-check"],
+  args: [
+    "exec",
+    "--json",
+    "--color",
+    "never",
+    "--sandbox",
+    "workspace-write",
+    "--skip-git-repo-check",
+  ],
   resumeArgs: [
     "exec",
     "resume",
@@ -79,7 +87,7 @@ const DEFAULT_CODEX_BACKEND: CliBackendConfig = {
     "--color",
     "never",
     "--sandbox",
-    "read-only",
+    "workspace-write",
     "--skip-git-repo-check",
   ],
   output: "jsonl",