diff --git a/docs/execpolicy.md b/docs/execpolicy.md
index d543a414e..48df2506f 100644
--- a/docs/execpolicy.md
+++ b/docs/execpolicy.md
@@ -1,8 +1,20 @@
 # Execpolicy quickstart
 
-Codex can enforce your own rules-based execution policy before it runs shell commands. Policies live in Starlark `.codexpolicy` files under `~/.codex/policy`.
+Codex can enforce your own rules-based execution policy before it runs shell commands. Policies live in `.codexpolicy` files under `~/.codex/policy`.
 
-## Create a policy
+## How to create and edit rules
+
+### TUI interactions
+
+Codex CLI will present the option to whitelist commands when a command causes a prompt.
+
+<img width="513" height="168" alt="Screenshot 2025-12-04 at 9 23 54 AM" src="https://github.com/user-attachments/assets/4c8ee8ea-3101-4a81-bb13-3f4a9aa02502" />
+
+Whitelisted commands will no longer require your permission to run in current and subsequent sessions.
+
+Under the hood, when you approve and whitelist a command, codex will edit `~/.codex/policy/default.execpolicy`.
+
+### Editing `.codexpolicy` files
 
 1. Create a policy directory: `mkdir -p ~/.codex/policy`.
 2. Add one or more `.codexpolicy` files in that folder. Codex automatically loads every `.codexpolicy` file in there on startup.