← back to work
case study · /codex-browser

Codex in-browser, safely.

How I rolled out Codex's built-in browser to manual QA and non-technical teammates with a permissions posture they (and security) could actually live with. The setting they see, and the policy underneath.

rollout · staging codex browser security manual QA enablement
↗ medium ↗ linkedin

What the user sees.

Codex browser settings panel: toggles for browser, browsing data, annotation screenshots, approval, blocked / allowed domains

// Codex's built-in browser settings · what every QA / PM gets when they enable it

How we wired security.

  • Approval: always ask

    Every new domain triggers a prompt. The agent never silently opens an arbitrary site. For a non-technical user, that "is it ok to open X?" gate is the difference between a tool and a risk.

  • Allowed domains · narrow

    Pre-staged the company's own apps, AIO, Jira, the staging URLs. Everything else needs approval. New URLs surface a one-click "add to allowed" — but only the user can confirm.

  • Blocked domains · explicit

    Tenants with sensitive surfaces (billing portals, admin tools, anything keyed for personal data) get pre-blocked at the org level. Codex never tries.

  • Annotation screenshots: always on

    Costs more plan tokens, gains the user fidelity. For QA workflows that's worth it — the agent sees exactly what the user sees.

  • Data: short-lived

    Clear browsing data on every session boundary. No persistent cookies, no remembered sessions. The agent re-authenticates explicitly each time.

What this unlocks for non-technical teammates.

manual QA
"Take me through the buy flow and tell me what broke."
Codex opens the app, walks the journey, annotates each step, surfaces anomalies. The manual tester reviews the run instead of executing 200 steps by hand.
PMs & designers
"What does the current state of the activation flow look like?"
No need to install dev tools. Codex captures the flow visually with prose annotations. PMs review in Slack.
customer support
"Try to reproduce ticket SC-9412."
CS pastes the ticket. Codex opens the relevant URL, attempts the repro, returns "repros / doesn't repro" with screenshots — feeds into the multimodal triage pipeline.
debugging
"Compare staging and pre-prod plans pages side-by-side."
Codex opens both URLs in sequence (allowed-listed), screenshots, hands off to the visual diff analyzer.

What I learned rolling this out

  • "Always ask" is the underrated default. Friction-as-a-feature. Non-technical users actually want the gate — it teaches them what the agent is about to do.
  • Allowed domains scale with usage. Started narrow, added domains as they came up. Most teams stabilized at ~12 allowed domains after two weeks.
  • The settings panel is the trust surface. When QA could see "annotation screenshots: always include" and "approval: always ask," they trusted the tool faster than any onboarding doc could've taught.