Codex Trusted Mode

Start with a useful standalone Codex hardening layer that allows read-only shell workflows while blocking mutating shell commands and direct patch application by default. Upgrade to SDE-backed governance for deterministic authorization, reason codes, and governed traces.

Current release status: Codex Trusted Mode 0.1.0 is currently CERTIFIED_ENFORCED for the validated observed current workspace session only. That declared row is now supported by additional Ubuntu WSL and fresh Ubuntu VM native callback evidence.

Free Standalone Posture

• Allows functions.shell_command only for read-only prefixes such as Get-Content and git status.
• Allows functions.update_plan and functions.view_image.
• Blocks functions.apply_patch and mutating shell commands such as git commit.

Paid Governed Posture

• SDE-backed PDP authorization for functions.shell_command and functions.apply_patch.
• Governed trace output with stable reason codes.
• Pack-based release path aligned with the current enterprise compatibility certification evidence.
• Uses the same Guard Pro subscription tiers shown on the pricing page.

Get Started View Codex Resources

View Codex Release Trail