Codex CLI: Read-Only for Planning
Learn how to use Codex CLI's Read-Only approval mode for safe planning and auditing before making changes
🎯 Quick Start: Read-Only Planning
1. Switch to Read-Only
Enable safe planning mode in Codex CLI:
# In Codex CLI session
/approvals
# Select: Read-Only
# Now Codex can only analyze, not edit2. Enhance with Vibe Manager
Combine Read-Only mode with multi-model planning:
Codex CLI's approval modes provide different levels of control over code changes. This guide shows you how to use the Suggest, Auto-Edit, and Full-Auto modes effectively, emphasizing the "/approvals" usage for safe planning and analysis without the risk of unwanted changes. Enhance it with Vibe Manager's multi-model planning capabilities.
Understanding Codex CLI Approval Modes
Codex CLI offers three distinct approval modes: suggest, auto-edit, and full-auto. These modes control how the AI interacts with your codebase. Use "/approvals" to switch between modes, including a safe Read-Only mode for planning and analysis before making changes.
Full-Auto Mode
/approvals → full-autoCodex executes changes automatically without asking for permission. Fast but requires high trust.
- ✅ Fastest workflow
- ✅ Best for trusted environments
- ⚠️ No safety net
Suggest Mode
/approvals → suggestAI reviews code and suggests changes without making edits. Perfect for learning and planning.
- ✅ Complete safety
- ✅ Great for planning
- ✅ Ideal for audits
Auto-Edit Mode
/approvals → auto-editMakes edits with your approval. Shows diffs before applying changes. Recommended for most users.
- ✅ User control
- ✅ Review each change
- ⏱️ Slower workflow
When to Use Read-Only Mode
Perfect Scenarios for Read-Only
Planning & Architecture
- 🎯Initial project planning:
Get comprehensive implementation strategies without changes
- 🏗️Architecture analysis:
Understand code structure and identify improvement opportunities
- 📋Refactoring plans:
Create detailed refactoring strategies before implementation
Auditing & Learning
- 🔍Code audits:
Analyze codebases safely without modification risk
- 🎓Team onboarding:
Help new developers understand code without change anxiety
- 🔒Production analysis:
Safely analyze production code during incidents
Command Quickstart
The /approvals command is your gateway to controlling Codex CLI's behavior. Here's how to use it effectively:
Basic Commands
Switch to Read-Only Mode
# Switch to Read-Only
/approvals
# Select option: Read-Only
# Codex will confirm the mode changeNow Codex can analyze, suggest, and plan but cannot make any changes to your files.
Typical Read-Only Workflow
# 1. Analyze the current codebase
"Analyze this React component for performance issues"
# 2. Get implementation suggestions
"Create a plan to add dark mode to this app"
# 3. Review architecture
"Explain the data flow in this application"Use natural language to request analysis, planning, or explanations.
Switch Back for Implementation
# When ready to implement
/approvals
# Select: Full Access or Auto
# Then proceed with implementationSeamlessly transition from planning to execution when you're ready.
Vibe Manager + Codex Integration
The Ultimate Planning Workflow
- 1.Start with Read-Only Codex:
Use /approvals to switch to Read-Only mode and get initial analysis from o3/GPT-5
- 2.Capture Context in Vibe Manager:
Copy Codex output to Vibe Manager and add voice descriptions or screen recordings
- 3.Generate Multi-Model Plans:
Get plans from Claude 4, Gemini 2.5, GPT-5, and merge the best approaches
- 4.Execute with Full Access:
Return to Codex with /approvals Full Access mode and implement the refined plan
FAQ: Approval Modes & Planning
What happens when I switch to Read-Only mode?
Codex CLI disables all file modification and command execution capabilities. The AI can still read files, analyze code, generate suggestions, and create implementation plans, but cannot make any changes to your system. This mode is completely safe for exploring unfamiliar codebases or getting analysis in production environments.
Can I switch approval modes mid-conversation?
Yes! You can use the /approvals command at any time during a Codex CLI session to change modes. This flexibility allows you to start with Read-Only for planning, then switch to Full Access or Auto mode when you're ready to implement changes. The conversation context is preserved across mode switches.
How does Read-Only mode work with MCP servers?
Read-Only mode affects Codex CLI's core behavior but may interact differently with Model Context Protocol servers. Some MCP servers might have their own permission systems. Always test Read-Only mode with your specific MCP setup to understand the interaction boundaries.
What's the difference between Read-Only and just asking for suggestions?
Read-Only mode is a system-level restriction that prevents any changes regardless of the request. Even if you accidentally ask Codex to "implement this fix," it cannot do so in Read-Only mode. Regular suggestion mode still allows implementation if you explicitly request it. Read-Only provides an additional safety layer.
Best Practices for Read-Only Planning
Maximizing Planning Effectiveness
- 🎯 Be specific with planning requests:
Instead of "improve this code," ask "create a plan to optimize performance and add error handling"
- 📋 Request step-by-step breakdowns:
Ask for implementation plans with specific steps, file changes, and testing strategies
- 🔍 Use for architectural analysis:
Get insights into design patterns, dependencies, and potential improvement areas
- ⚡ Combine with Vibe Manager:
Copy Read-Only output to Vibe Manager for multi-model enhancement and voice annotation
- 📝 Document decisions:
Use Read-Only mode to generate documentation and architectural decision records
Technical Details
This section provides accurate technical information about what Vibe Manager actually does.
Core Architecture
- Desktop application built with Tauri (Rust backend + TypeScript frontend)
- Local SQLite database for session persistence and job management
- Background job system with streaming support for long-running tasks
- Secure token storage using macOS Keychain
Workflows & Features
- File Finder: Multi-stage processor pipeline (regex generation → relevance assessment → path finding → validation)
- Web Search: Prompt generation and aggregated search execution
- Implementation Planning: Generate and merge plans from multiple models
- Video Analysis: Process and analyze video content
- All workflows run as queued background jobs with progress tracking
Models & Providers
- Server-configured model selection across multiple providers (OpenAI, Anthropic, Google, xAI)
- No local model configuration - all models validated and managed server-side
- Per-task model selection with configurable parameters
- Usage-based credits system via Stripe for billing
Integration & Compatibility
- Works alongside CLI tools like Claude CLI - complements, not replaces
- No MCP (Model Context Protocol) or router configuration required
- Not an IDE plugin - standalone desktop application
- Auth0 authentication for secure access to LLM features
Platform Support
- macOS: Currently available with full feature support
- Windows: Support planned and in development
- Linux: Under consideration for future releases
Important Limitations
- Does not execute models simultaneously - processes sequentially with optional plan merging
- Requires internet connection for LLM features
- Local file operations are explicit and user-controlled
- Not a replacement for IDE extensions or code editors
Next Steps
Now that you understand Codex CLI's Read-Only mode and how to enhance it with Vibe Manager, you're ready to plan with confidence. Whether you're auditing legacy code, onboarding new team members, or architecting complex features, this safe planning approach ensures you make informed decisions before implementation.