Codex approvals QA becomes much more useful when you stop treating the agent like an all-or-nothing tool. For QA teams, the better pattern is simple: let Codex inspect code, explain risk, and draft focused changes, but require approval before actions that could touch the wrong files, use sensitive tools, or skip the validation steps your team depends on.
OpenAI’s current Codex documentation supports that approach. The configuration and security docs describe approval controls, sandbox settings, protected writable roots, and durable repository guidance through AGENTS.md. For a QA engineer, that means you can build a workflow where Codex helps with flaky test triage, assertion review, and small maintenance tasks without turning off human control.
Why Codex approvals matter in QA
Test automation repositories are risky places for blind edits. A helpful-looking change can weaken assertions, update snapshots without review, broaden selectors too far, or hide a real product regression behind a test-only fix. That is exactly why approvals matter.
A practical QA workflow usually has three levels of trust:
- Read and analyze freely: inspect tests, failure logs, locators, and page objects.
- Edit with limits: allow small file updates inside the intended workspace.
- Escalate risky actions: ask before network access, sensitive tool use, wider writes, or actions outside the planned scope.
This gives you useful agent help without confusing agent output with verified test evidence.
Codex approvals QA setup: the minimum safe baseline
Start with two pieces working together:
- Approval and sandbox settings in Codex configuration.
- Repository rules in
AGENTS.md.
The configuration side controls what needs explicit approval. The repository side tells Codex how your QA project should be reviewed and validated.
For example, your AGENTS.md can state:
- Which test commands must run before a task is considered done.
- Which directories hold selectors, fixtures, screenshots, and evidence.
- That assertion quality matters more than just making a test pass.
- That snapshot updates, locator rewrites, and wait-strategy changes need explanation.
That combination is stronger than prompting the same checklist again in every task.
Practical QA use case: review a flaky Playwright fix safely
Imagine a failing Playwright test that passes locally but flakes in CI. You want Codex to inspect the test, compare the locator and timing logic, and suggest a safer fix. You do not want it to freely touch unrelated files or hide the failure by weakening the assertions.
A practical flow looks like this:
- Open the failing test and the related page object or helper.
- Ask Codex to explain likely root causes before editing anything.
- Reference your QA rules from
AGENTS.md, especially assertion depth, allowed wait patterns, and required validation commands. - Let Codex draft a narrow change inside the test workspace.
- Require approval before broader actions such as network-dependent steps, non-test file edits, or changes outside the target area.
- Run deterministic checks yourself and review the diff before accepting the result.
This pattern keeps the agent useful for diagnosis and drafting while preserving human QA ownership over the final decision.
Try this prompt
Use a prompt that separates diagnosis, proposed edits, and validation:
Review this flaky Playwright test.
Explain the likely root cause first.
Only propose changes inside the test file and related page object.
Do not weaken assertions to make the test pass.
Follow the validation commands and selector rules from AGENTS.md.
Ask for approval before wider edits, network-dependent actions, or changes outside the current scope.
Return:
1. likely cause
2. minimal patch plan
3. risks of the change
4. validation steps
This prompt works because it gives Codex scope, constraints, and done-when criteria instead of a vague request like “fix the flaky test.”
What to put in AGENTS.md for approval-aware test review
Your repository guidance should make approvals more meaningful, not more frequent. Good rules help Codex know when a change is routine and when it should stop and ask.
Useful items for QA teams include:
- Approved test commands such as smoke, targeted UI runs, or API contract checks.
- Selector standards such as preferring stable roles, labels, or test IDs.
- Assertion standards such as checking business outcomes, not only status codes or visibility.
- Evidence expectations such as logs, screenshots, changed selectors, and root-cause notes.
- Stop conditions such as “ask before editing CI config,” “ask before snapshot rewrites,” or “ask before touching shared fixtures used by multiple suites.”
When these rules are durable and repo-local, Codex can apply them consistently across repeated QA tasks.
Common mistakes with Codex approvals QA
- Using approvals without repo guidance. Codex may ask at the right time, but the quality bar is still vague if
AGENTS.mddoes not define expectations. - Approving broad edits too early. First ask for analysis, then a minimal patch plan, then the edit.
- Accepting “green” tests without reading the diff. A passing test can still be weaker than before.
- Treating sandbox bypass as normal. Wider access should be the exception, not the default.
- Skipping human validation. AI-generated changes are suggestions until you run the real checks and inspect the result.
Screenshot checklist
- Codex task with the approval-related prompt and scope instructions.
- The relevant
AGENTS.mdsection showing QA review rules. - The proposed diff for the flaky test or assertion change.
- The approval prompt shown before a broader action or sensitive step.
- The test run output after the change.
- The final reviewed diff before commit or merge.
Best practices for safer QA workflows
Keep your Codex approvals QA workflow boring and repeatable. Start in the narrowest reasonable scope. Let Codex read and explain first. Use approval prompts for actions that change trust boundaries. Keep test evidence separate from AI commentary. Finally, treat validation commands, CI runs, and human review as the real finish line.
If your team handles repeated test review work, create a small standard around this pattern: durable AGENTS.md rules, scoped tasks, approval-aware prompts, and explicit verification. That is usually enough to make Codex genuinely useful for QA without letting it silently drift into risky automation behavior.
FAQ
Should Codex always require approval before editing tests?
Not necessarily. Small edits inside the intended workspace can be fine, but risky actions such as wider writes, sensitive-tool use, or out-of-scope changes should require approval.
Can approvals replace code review and CI?
No. Approvals control agent behavior, but they do not prove the change is correct. QA teams still need deterministic test runs, diff review, and normal CI evidence.
What is the best first QA use case for approvals?
Flaky test diagnosis is a strong starting point because the agent can inspect logs and draft a narrow patch while the human reviewer stays in control of broader changes.
Do I need AGENTS.md if I already write good prompts?
Yes, if you want consistent behavior across tasks. Durable repository guidance keeps review expectations, test commands, and constraints close to the codebase.
Conclusion
Codex approvals QA works best as a guardrail system, not as friction for its own sake. Let Codex inspect, explain, and propose focused fixes. Use approvals and sandbox controls when actions cross trust boundaries. Then use AGENTS.md, deterministic checks, and human review to decide whether the change is actually safe to keep.
References
- OpenAI Codex configuration reference
- OpenAI Codex agent approvals and security
- OpenAI Codex customization overview
- OpenAI Codex best practices

