Feature request: per-automation sandbox/profile overrides (isolate permissions per automation)

[TheAlexDev23]

What variant of Codex are you using?

App (MacOS)

What feature would you like to see?

Codex automations currently use default sandbox settings and global rules, which makes it hard to grant narrow permissions to a single automation without affecting normal interactive threads.

I have one recurring automation that needs network + one specific command prefix:
node .agents/skills/openclaw-skills-reddit-search/scripts/reddit-search.ts

I want this permission only for that automation, not globally for all threads.

Today:

• Automations inherit default sandbox settings
• Rules/prefix allowlists are global
• There is no documented per-automation profile binding in automation.toml

This creates a security/usability gap:

• Over-permissive: grant global allowlist and impact normal threads
• Over-restrictive: keep strict defaults and break the automation

Any one of these would solve it:

1. profile = "<name>" support in automation.toml (or UI equivalent)
2. Per-automation sandbox/network/approval settings in UI + schema
3. Per-automation command allowlist attached to automation config

Additional information

No response

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• Desktop automations silently fall back to workspace-write sandbox regardless of app configuration #15310
• feature: Per-profile exec policy rule toggling #15751
• Exec approval rules are persisted globally by default (should be repo-local by default) #16167

Powered by Codex Action

[TheAlexDev23]

To my judgement, this issue doesn't seem to be a duplicate of the ones mentioned.