Codex updates Auto-Review to default with ~200x fewer approvals

• OpenAI says Codex's new Auto-Review mode is now the default internally, and thsottiaux's launch post says it cuts human approval stops by roughly 200x.
• The linked OpenAI alignment post says Auto-Review inserts a second agent at the sandbox boundary, so risky actions get approved or denied without synchronous human clicks.
• According to the same alignment post, Codex previously forced a choice between a friction-heavy Default mode and Full Access, which removed the sandbox boundary entirely.
• Early hands-on reactions from dkundel and _lopopolo's post both say Auto-Review is displacing "yolo" or Full Access usage in day-to-day work.
• reach_vb's product roundup puts Auto-Review inside a broader Codex push that also added browser control, office-document support, dictation, and interface speedups.

The alignment post includes the key example: a 10,000-action task where only 720 actions needed auto-review, 7 were denied, 4 found safer alternatives, and 3 stopped for user input. You can also check the Codex app feature docs for the in-app browser and dictation details, plus the Codex changelog entry that deprecated --full-auto in favor of explicit permission profiles.

OpenAI's claim is simple: Auto-Review is meant to keep long-running coding-agent tasks moving without dropping straight into unrestricted execution. In the official writeup, the company says Codex now pauses for human approval about 200x less often than manual approval mode.

The same post says the reviewer is a separate agent that sits at the sandbox boundary. Most actions run inside the sandbox without intervention, while boundary-crossing actions get approved, denied, or escalated by that reviewer.

The official framing in OpenAI's alignment post is that Auto-Review fills the gap between two older modes:

• Default mode: frequent human approval when Codex tries to cross a predefined writable root or sandbox boundary.
• Full Access: no sandbox restriction, less friction, more risk.
• Auto-Review: a second agent handles the boundary checks instead of the user.

That design shows up in the reactions. dkundel's post says they stopped using Full Access after Auto-Review shipped, while _lopopolo's post says Auto-Review plus a centrally managed egress proxy removed the need for yolo mode.

The interesting buried detail is that this shipped alongside a permissions cleanup. The Codex changelog says the April 30 CLI release expanded built-in permission profiles and deprecated --full-auto, steering users toward explicit trust flows instead.

That makes Auto-Review look less like a one-off toggle and more like a new default posture for Codex permissions: keep the sandbox, automate most approvals, and reserve direct trust elevation for the cases that really need it.

Auto-Review landed inside a much bigger Codex sprint. reach_vb's update thread lists GPT-5.5, browser control, Sheets and Slides, Docs and PDFs, OS-wide dictation, /pets, and a .tex plugin in the same two-week window.

The official docs corroborate part of that list. The Codex app feature page documents voice dictation and an in-app browser for local dev servers, file-backed previews, and public pages without sign-in. It also notes a hard constraint: the browser does not support authenticated flows, existing profiles, cookies, or extensions.

That limitation matters because it keeps the browser feature closer to preview and review tooling than a general web automation surface, even as the app gets broader.