From 1f5638b0f315b1fc1ad523105b975a1851b37b28 Mon Sep 17 00:00:00 2001
From: Michael Bolin <mbolin@openai.com>
Date: Tue, 19 Aug 2025 11:39:31 -0700
Subject: [PATCH] docs: document writable_roots for sandbox_workspace_write
 (#2464)

As discovered on https://github.com/openai/codex/issues/2444, this was
missing from the docs.
---
 codex-rs/config.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/codex-rs/config.md b/codex-rs/config.md
index 80ef1466..8c2a7831 100644
--- a/codex-rs/config.md
+++ b/codex-rs/config.md
@@ -149,6 +149,7 @@ approval_policy = "untrusted"
 ```
 
 If you want to be notified whenever a command fails, use "on-failure":
+
 ```toml
 # If the command fails when run in the sandbox, Codex asks for permission to
 # retry the command outside the sandbox.
@@ -156,12 +157,14 @@ approval_policy = "on-failure"
 ```
 
 If you want the model to run until it decides that it needs to ask you for escalated permissions, use "on-request":
+
 ```toml
 # The model decides when to escalate
 approval_policy = "on-request"
 ```
 
 Alternatively, you can have the model run until it is done, and never ask to run a command with escalated permissions:
+
 ```toml
 # User is never prompted: if the command fails, Codex will automatically try
 # something out. Note the `exec` subcommand always uses this mode.
@@ -278,6 +281,9 @@ sandbox_mode = "workspace-write"
 exclude_tmpdir_env_var = false
 exclude_slash_tmp = false
 
+# Optional list of _additional_ writable roots beyond $TMPDIR and /tmp.
+writable_roots = ["/Users/YOU/.pyenv/shims"]
+
 # Allow the command being run inside the sandbox to make outbound network
 # requests. Disabled by default.
 network_access = false
@@ -495,10 +501,12 @@ hide_agent_reasoning = true   # defaults to false
 Surfaces the model’s raw chain-of-thought ("raw reasoning content") when available.
 
 Notes:
+
 - Only takes effect if the selected model/provider actually emits raw reasoning content. Many models do not. When unsupported, this option has no visible effect.
 - Raw reasoning may include intermediate thoughts or sensitive context. Enable only if acceptable for your workflow.
 
 Example:
+
 ```toml
 show_raw_agent_reasoning = true  # defaults to false
 ```