Only Codex. I haven't found a sane way to let it access, for example, the Go cache in my home directory (read only) without giving it access EVERYWHERE. Now it does some really weird tricks to have a duplicate cache in the project directory. And then it forgets to do it and fails and remembers again.

With Claude the basic command filters are pretty good and with hooks I can go to even more granular levels if needed. Claude can run fd/rg/git all it wants, but git commit/push always need a confirmation.