openai
Unusable on Windows due to permission ask for every shell command
What version of Codex is running?
codex-cli 0.25.0
Which model were you using?
gpt-5
What platform is your computer?
Microsoft Windows NT 10.0.26100.0 x64
What steps can reproduce the bug?
Simply use Codex in a basic way on Windows. It uses PowerShell for almost all operations (reading file contents, searching for files, enumerating directories) and asks for permission for every operation. Telling it to stop asking for permission has no effect.
Here is a screenshot example:
What is the expected behavior?
It should be able to perform basic harmless operations within the current directory and its subdirectories, such as reading files, scanning directories, and searching for text without asking permission for each operation.
Also, explicitly prefixing every operation with "powershell -NoProfile -Command ..." is fairly weird.
What do you see instead?
✔ You approved codex to run powershell -NoProfile -Command 'rg -n -S -e "gamelist" -e "recentlist" -e "recentList" -e "gameList"
src' this time
✓ ⌨️ powershell -NoProfile -Command 'rg -n -S -e "gamelist" -e "recentlist" -e "recentList" -e "gameList" src'
✔ You approved codex to run powershell -NoProfile -Command 'Write-Output "Opening gameListSlice.ts to inspect fetch functions
and triggers."; Get-Content -TotalCount 350 src/stores/slices/gameListSlice.ts' this time
✓ ⌨️ powershell -NoProfile -Command 'Write-Output "Opening gameListSlice.ts to inspect fetch functions and triggers.";
Get-Content -TotalCount 350 src/stores/slices/gameListSlice.ts'
✔ You approved codex to run powershell -NoProfile -Command 'Get-Content src/stores/slices/gameListSlice.ts -TotalCount 1000 |
Select-Object -Index 0..999' this time
✗ ⌨️ powershell -NoProfile -Command 'Get-Content src/stores/slices/gameListSlice.ts -TotalCount 1000 | Select-Object -Index
0..999'
Select-Object : Cannot bind parameter 'Index'. Cannot convert value "0..999" to type "System.Int32". Error: "Input string
was n
ot in a correct format."
At line:1 char:88
+ ... lices/gameListSlice.ts -TotalCount 1000 | Select-Object -Index 0..999
+ ~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Select-Object], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.SelectObjectCommand
✔ You approved codex to run powershell -NoProfile -Command '(Get-Content src/stores/slices/gameListSlice.ts -Raw)' this time
✓ ⌨️ powershell -NoProfile -Command '(Get-Content src/stores/slices/gameListSlice.ts -Raw)'
✔ You approved codex to run powershell -NoProfile -Command '$content = Get-Content -Raw src/stores/slices/gameListSlice.ts;
$content.IndexOf('"'loadAllGameLists'); "'$content.Substring(0, [Math]::Min($content.Length, 2000))' this time
✓ ⌨️ powershell -NoProfile -Command '$content = Get-Content -Raw src/stores/slices/gameListSlice.ts;
$content.IndexOf('"'loadAllGameLists'); "'$content.Substring(0, [Math]::Min($content.Length, 2000))'
? Codex wants to run powershell -NoProfile -Command '$content = Get-Content -Raw src/stores/slices/gameListSlice.ts; $start =
$content.IndexOf('"'loadAllGameLists'); "'$content.Substring($start, [Math]::Min(2400, $content.Length - $start))'
▌Allow command?
▌ Yes Always No, provide feedback
▌ Approve and run the command
Additional information
Unfortunately Codex-cli is unusable on Windows like this.
As an aside, I am using Claude Code extensively and Gemini-cli occasionally on the same Windows setup, and they work fine.
Even writing output to the conversation requires permission!
✔ You approved codex to run powershell -NoProfile -Command 'Write-Output "Searching boardSlice for game over handling and list
refreshes."; rg -n -S -e "game over|gameover|gameState|over|time-expired|resign|timeout|end" src/stores/slices/boardSlice.ts;
Write-Output "Open file head"; Get-Content -TotalCount 200 src/stores/slices/boardSlice.ts' this time
...and the PowerShell invocations more often than not fail because vertical pipes or parentheses are not quoted or backslash-escaped correctly. Then you need to approve them twice!
✔ You approved codex to run powershell -NoProfile -Command "rg -n -S -e \"loadAllGameLists\\(\" src; rg -n -S -e
\"loadFinishedGames\\(\" src; rg -n -S -e \"loadOngoingGames\\(\" src; rg -n -S -e \"loadChallengeList\\(\" src" this time
✗ ⌨️ powershell -NoProfile -Command "rg -n -S -e \"loadAllGameLists\\(\" src; rg -n -S -e \"loadFinishedGames\\(\" src; rg -n
-S -e \"loadOngoingGames\\(\" src; rg -n -S -e \"loadChallengeList\\(\" src"
Missing closing ')' in expression.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : MissingEndParenthesisInExpression
@vthorsteinsson If you dare, then /approval and choose Full Auto then you are only asked about applying pacth code (which is a bug as it happen even if you run dangerous sandbox mode)... Making it better for now
Same problem with codex-cli 0.27.0.
There's not sense on confirming every shell command. Makes codex an useless extension because you still need a manual interaction.
Even if I set approvals to never, it still asking permission for each command, even if I choose "Run always".
BTW, I think prefix powershell -NoProfile -Command is very weird too.
I just set to Agent (full access) in VS Code and it works, but I dont think is the best option.
Same thing happens to me in windows and WSL. Even adding the commands to “safecommands” in the confit file does nothing. I have to approve every single command. 🙁
TL;DR "--yolo"
I had the same issue even using "--full-auto" and set "/approval" to "Full Access"
When using "--yolo" I don't get asked to allow a command. I just get asked to apply changes to e.g. a script file. Might help a bit. In Gemini CLI with "--yolo" I don't even have to approve changes to files.
https://www.reddit.com/r/OpenAI/comments/1n4gk3w/how_to_adjust_permissions_in_codex_so_i_can_stop/
Yeah same issue, basically useless, I can do research and write code by myself faster than this.
Same with the VS Code extension, need to approve every single tool call
I need to approve every shell command in the VSCode extension on macOS, even when I select “run every time”
I also have the same issue. For me the extension also doesn't seem to load my configuration.
I have this in project specific settings.json and in global vs code settings.json:
{ "chatgpt.config": { "approval_policy": "never", "shell": "C:Program FilesGit\bin\bash.exe" } }
I also thried to configure it in settings.toml globally but still no effect.
But still when checking in the session files it always says the following. Even after reloading and restarting VS Code:
<approval_policy>on-request</approval_policy>
Please fix this. I'm liking the quality of this over Claude right now, but having to babysit it completely defeats the purpose. I have to approve every grep, every sed, every docker run.
Re: some of the workarounds, like turning on full access, I'd much rather it just do what it says on the tin:
We’ve chosen a powerful default for Codex works on your computer: Auto. In this approval mode, Codex can read files, make edits, and run commands in the working directory automatically. However, Codex will need your approval to work outside the working directory or access network.
This is sensible, but it isn't what it does.
Same issue, its kinda really annoying and unusable with all the handholding it needs. Even with full access or ANY workaround I've seen online, it keeps asking for approval for everything.
Workaround for now while waiting for mergre, in WSL for Windows it works, not perfect but well
Can confirm that even on the highest approval level codex is still asking me for permission for every mundane thing it wants to do.
I should be more precise. After testing it more today, it seemed to run commands without asking, but asked every time it wanted to change a file. If anything, I actually don't mind if it changes any file, since it's all in version control. Ideally I'd be able to allowlist commands and perhaps subcommands while allowing all file changes to the current directory, but either way, it's far from what even the most permissive mode is doing right now.
Same here, asking for confirmation for every file creation or file modification.
Oh my god, this tool is so useless. Confirming consent literally every 3 seconds?
This fixed for me on Windows 10:
- Use the Terminal app on Windows
- Type
/approvaland set it to "Full Access"
edit: I still have to approve file edits with this
This fixed for me on Windows 10:
- Use the Terminal app on Windows
- Type
/approvaland set it to "Full Access"
And you don't have to approve file edits with this?
/approval = Full Access fix everything but approval of add/edit/delete files
Run in WSL instead of cmd/Powershell make everything work
Looks like a PR in this issue was merged. If that fixes the issue, maybe it'll be deployed soon?
This fixed for me on Windows 10:
- Use the Terminal app on Windows
- Type
/approvaland set it to "Full Access"And you don't have to approve file edits with this?
Oh, sorry, I still have to approve edits. But before this combination I had to approve everything. Will edit my comment to make it clear
New version 0.30 is semi-out (not yet reached npm servers) and according to the changelog, it should fix this, but when downloaded and installed, I hit this error instead #3224 ... Don't know if it is just me or a new, more serious bug