Codex just turned its “memories” folder from a side alley into a well-lit main road. And it put a lock on the janitor’s closet so cleanup can’t accidentally bulldoze someone else’s house.
The core shift: in workspace-write sandbox mode, ~/.codex/memories is now treated as a
first-class writable root—so memory upkeep doesn’t keep tripping permission gates.
At the same time, memory cleanup is hardened to avoid following symlinks and deleting outside targets.
What changed
-
In
codex-rs/core/src/config/mod.rs, whenSandboxPolicy::WorkspaceWriteis built, Codex now creates~/.codex/memoriesand ensures it’s included exactly once inwritable_roots. -
A new helper,
clear_memory_root_contents(), replaces a rawremove_dir_all: it refuses to clear a symlinked memory root, preserves the root directory itself, and deletes only its contents. - Tests were added to assert the memories root is present once and that symlinked roots are rejected.
-
The README now states that
workspace-writeincludes~/.codex/memories, so memory maintenance doesn’t require extra approval.
The contrast is sharp: before, “memory” could feel like a special case—sometimes writable, sometimes blocked. Now it’s explicitly part of the allowed write surface in workspace-write mode, and cleanup is more surgical: no deleting the directory itself, and no chasing symlinks into unintended territory.
Takeaway: Memories are now officially inside the sandbox fence—and cleanup won’t wander outside it.
Sources
- Git commit f72ab43fd193 (codex repo)
- PR https://github.com/openai/codex/pull/13467
Send a note to the desk
Corrections, missing context, or a follow-up lead.