Daily Edition Sources +1

Codex Rust CLI Update: Memory Writes Now Fit “workspace-write” and Safer Clears Land in f72ab43

The Codex Rust CLI just got a small but meaningful quality-of-life upgrade—one that also tightens safety around memory cleanup. In PR openai/codex#13467 (commit f72ab43fd193b31208cd3c306293b...

repo openai/codex main
1 source signal 1 repo source trail
> source trail / March 8, 2026 / Daily Edition

The Codex Rust CLI just got a small but meaningful quality-of-life upgrade—one that also tightens safety around memory cleanup. In PR openai/codex#13467 (commit f72ab43fd193b31208cd3c306293b1b71a52a709), Codex adjusts how it treats its own memory directory during sandboxed runs and hardens the logic used when clearing memory contents.

The headline behavior change lands in sandbox mode "workspace-write". Previously, everyday “memory maintenance” actions could trip over sandbox boundaries, because the CLI’s memory location lives outside the repo workspace. With this update, Codex now includes ~/.codex/memories in the sandbox’s writable roots when running under "workspace-write", so memory upkeep doesn’t require extra approval prompts or manual allowances. In practice, the CLI can continue to read and refresh its stored context without turning a routine run into a permissions negotiation.

The same PR also adds a safety improvement for a more destructive operation: clearing the memory root. The updated behavior refuses to operate on symlinked roots, reducing the risk of “clear” targeting an unexpected location via a symbolic link. And after a clear, Codex recreates the memory directory, leaving the filesystem in a predictable, ready-to-use state rather than requiring the next command to rebuild the directory structure from scratch.

Taken together, these changes keep Codex’s memory features feeling seamless while keeping sharp edges away from the file system. The result is a CLI that behaves more like a well-mannered tool: it stays in its lane under sandbox rules, and it’s more careful when asked to delete.

Why it matters

  • Fewer interruptions: memory maintenance in "workspace-write" works without extra approvals thanks to writable access to ~/.codex/memories.
  • Reduced risk: refusing symlinked roots helps prevent accidental deletion outside the intended memory directory.
  • More reliable runs: recreating the directory after clearing keeps subsequent commands consistent and predictable.
Letters & Corrections

Send a note to the desk

Corrections, missing context, or a follow-up lead.