fix(codex): default app-server approvals to on-request

2026-05-06 12:20:44 +00:00 · 2026-04-19 01:02:10 +02:00
parent 8c05043eca
commit d04f7e7ce7
5 changed files with 21 additions and 5 deletions
--- a/docs/plugins/codex-harness.md
+++ b/docs/plugins/codex-harness.md
@@ -263,7 +263,8 @@ By default, the plugin starts Codex locally with:
 codex app-server --listen stdio://
 ```

-You can keep that default and only tune Codex native policy:
+By default, OpenClaw asks Codex to request native approvals. You can tune that
+policy further:

 ```json5
 {
@@ -317,7 +318,7 @@ Supported `appServer` fields:
 | `authToken`         | unset                                    | Bearer token for WebSocket transport.                                    |
 | `headers`           | `{}`                                     | Extra WebSocket headers.                                                 |
 | `requestTimeoutMs`  | `60000`                                  | Timeout for app-server control-plane calls.                              |
-| `approvalPolicy`    | `"never"`                                | Native Codex approval policy sent to thread start/resume/turn.           |
+| `approvalPolicy`    | `"on-request"`                           | Native Codex approval policy sent to thread start/resume/turn.           |
 | `sandbox`           | `"workspace-write"`                      | Native Codex sandbox mode sent to thread start/resume.                   |
 | `approvalsReviewer` | `"user"`                                 | Use `"guardian_subagent"` to let Codex guardian review native approvals. |
 | `serviceTier`       | unset                                    | Optional Codex service tier, for example `"priority"`.                   |