codex icon indicating copy to clipboard operation
codex copied to clipboard
Published 1 week ago verified publisher icon openai

Sandbox settings in config.toml profile are not respected

Open bitops opened this issue 3 months ago • 3 comments

What version of Codex is running?

codex-cli 0.27.0

Which model were you using?

o3

What platform is your computer?

Darwin 24.5.0 arm64 arm

What steps can reproduce the bug?

Observe o3-full-auto profile is defined, with below config options.

$ cat ~/.codex/config.toml 

[profiles.o3-full-auto]
model                  = "o3"
approval_policy        = "on-failure"
sandbox_mode           = "workspace-write"
model_reasoning_effort = "high"

Attempt to start a codex session with this profile.

codex -p o3-full-auto

# codex launches...

Then, once inside codex session, invoke the /status slash command. Observe the below output:

/status
📂 Workspace
  • Path: ~/src/my-app
  • Approval Mode: on-failure
  • Sandbox: read-only (BUG HERE)
  • AGENTS files: AGENTS.md
🧠 Model
  • Name: o3
  • Provider: OpenAI
  • Reasoning Effort: High
  • Reasoning Summaries: Auto

📊 Token Usage
  • Session ID: b4a7c63c-6c3e-45fe-8d08-b9ca77b10009
  • Input: 0
  • Output: 0
  • Total: 0

What is the expected behavior?

/status
📂 Workspace
  • Path: ~/src/my-app
  • Approval Mode: on-failure
  • Sandbox: work-space-write
  • AGENTS files: AGENTS.md
🧠 Model
  • Name: o3
  • Provider: OpenAI
  • Reasoning Effort: High
  • Reasoning Summaries: Auto

📊 Token Usage
  • Session ID: b4a7c63c-6c3e-45fe-8d08-b9ca77b10009
  • Input: 0
  • Output: 0
  • Total: 0

What do you see instead?

/status
📂 Workspace
  • Path: ~/src/my-app
  • Approval Mode: on-failure
  • Sandbox: read-only (BUG HERE)
  • AGENTS files: AGENTS.md
🧠 Model
  • Name: o3
  • Provider: OpenAI
  • Reasoning Effort: High
  • Reasoning Summaries: Auto

📊 Token Usage
  • Session ID: b4a7c63c-6c3e-45fe-8d08-b9ca77b10009
  • Input: 0
  • Output: 0
  • Total: 0

Additional information

No response

bitops avatar Sep 02 '25 02:09 bitops

I am following the docs as best I can and believe I have the profile set up correctly. But I can't get codex to start in workspace-write mode automatically.

bitops avatar Sep 02 '25 02:09 bitops

I can confirm the same bug, sandbox_mode is not obeyed when set under the profile group.

The only way i could found to bypass this behavior but still use the config.toml file to set sandbox_mode key - i had to put it top-level(outside any sections) at begging of file.

Version of codex-cli 0.29.0, ubuntu 24.0. wsl

xylik avatar Sep 04 '25 10:09 xylik

I am able to work around this issue by specifying the permutation of options I want via multiple instances of the -c parameter.

bitops avatar Sep 07 '25 23:09 bitops

https://github.com/openai/codex/pull/2397

Jonas1312 avatar Sep 08 '25 11:09 Jonas1312

So annoying. I have to set the sandbox mode using codex --sandbox workspace-write but doesn't work with exec. When is this PR going to get merged?

#2397

bconrad162 avatar Sep 09 '25 17:09 bconrad162

@bolinfest 👋

bitops avatar Oct 13 '25 19:10 bitops

@bolinfest do you know if there is any timeline for this to get fixed?

bitops avatar Oct 25 '25 22:10 bitops

@bitops, if you haven't already done so, please upvote this issue if you want to see this implemented / fixed. We take upvotes into consideration when determining what features or bug fixes to prioritize.

Edit: Never mind. I just noticed that you opened the issue.

etraut-openai avatar Oct 25 '25 22:10 etraut-openai

@bitops, this will be addressed in the next release. Thanks for your patience.

etraut-openai avatar Oct 25 '25 23:10 etraut-openai