Reporter Notes

Notes

Insight

Codex’s workspace-write sandbox now explicitly whitelists ~/.codex/memories, making memory upkeep a first-class writable path. The cleanup path is hardened with clear_memory_root_contents() to avoid deleting symlink targets and to preserve the root directory itself.

Why it matters

• Reduces friction: memory maintenance no longer trips extra approvals in workspace-write mode.
• Safer cleanup: prevents destructive behavior when memory roots are symlinked.
• Codifies expectations with tests and README guidance.

Files touched (high signal)

• codex-rs/README.md
• codex-rs/core/src/config/mod.rs
• codex-rs/core/src/memories/control.rs
• codex-rs/core/src/memories/tests.rs

Draft title

Codex Makes Memories a First-Class Writable Root—and Stops Cleaning Through Symlinks

Sources

Git

Commit: f72ab43fd193 (openai/codex)

commit f72ab43fd193b31208cd3c306293b1b71a52a709
Author: jif-oai <jif@openai.com>
Date:   Wed Mar 4 13:00:26 2026 +0000

    feat: memories in workspace write (#13467)

--- codex-rs/README.md
+In `workspace-write`, Codex also includes `~/.codex/memories` in its writable roots so memory maintenance does not require an extra approval.

--- codex-rs/core/src/config/mod.rs
+        if let SandboxPolicy::WorkspaceWrite { writable_roots, .. } = &mut sandbox_policy {
+            let memories_root = memory_root(&codex_home);
+            std::fs::create_dir_all(&memories_root)?;
+            let memories_root = AbsolutePathBuf::from_absolute_path(&memories_root)?;
+            if !writable_roots
+                .iter()
+                .any(|existing| existing == &memories_root)
+            {
+                writable_roots.push(memories_root);
+            }
+            for path in additional_writable_roots {
+                if !writable_roots.iter().any(|existing| existing == &path) {
+                    writable_roots.push(path);
+                }
+            }
+        }

--- codex-rs/core/src/memories/control.rs
+pub(crate) async fn clear_memory_root_contents(memory_root: &Path) -> std::io::Result<()> {
+    match tokio::fs::symlink_metadata(memory_root).await {
+        Ok(metadata) if metadata.file_type().is_symlink() => {
+            return Err(std::io::Error::new(
+                std::io::ErrorKind::InvalidInput,
+                format!("refusing to clear symlinked memory root {}", memory_root.display()),
+            ));
+        }
+        Ok(_) => {}
+        Err(err) if err.kind() == std::io::ErrorKind::NotFound => {}
+        Err(err) => return Err(err),
+    }
+
+    tokio::fs::create_dir_all(memory_root).await?;
+
+    let mut entries = tokio::fs::read_dir(memory_root).await?;
+    while let Some(entry) = entries.next_entry().await? {
+        let path = entry.path();
+        let file_type = entry.file_type().await?;
+        if file_type.is_dir() {
+            tokio::fs::remove_dir_all(path).await?;
+        } else {
+            tokio::fs::remove_file(path).await?;
+        }
+    }
+
+    Ok(())
+}

GitHub

{"author":{"id":"U_kgDODbXvPg","is_bot":false,"login":"jif-oai","name":""},"mergedAt":"2026-03-04T13:00:26Z","number":13467,"title":"feat: memories in workspace write","url":"https://github.com/openai/codex/pull/13467"}

gsio

1   openai/codex  f72ab43fd193  2026-03-05   0.673  63%       100%   0%     34%   Ensure the workspace-write sandbox mode automatically treats the Codex