I recently switched from Windows to a MacBook Air and have been getting used to using Codex on MacOS.
I need Codex to only operate in an isolated manner, as I have private data on this computer that should not be sent to OpenAI servers.
So, I have set Codex to request permission whenever it needs to escalate permissions by putting approval_policy = “on-request” and
sandbox_mode = “workspace-write” into ~/.codex/config.toml.
However, I noticed that it would ask for permission for very simple commands that didn’t seem to be what it was actually running. As I debugged the issue, it turned out that the display showing me what command I was approving was in fact only showing me the command before && and not the second command that came after it.
To verify this, I asked the agent to request permission to launch the command . .venv/bin/activate && echo "I escalated permissions and then ran this". What I expected to see was a box asking me to confirm the entire command. Instead, I saw a confirm window that said nothing about the echo command. (I tried to include the screenshot here, but this site won’t let me.)
Then, when it runs the command (I clicked “Approve once”), you can see that it is in fact running the echo command and the activate:
However, even the terminal window showing the command that was run doesn’t show anything past the end of the first command. (That is, even when expanded, it only shows . .venv/bin/activate and not any of the && echo “I escalated…” that’s clearly being run because the output contains it.
Has anyone else run into this? How can I tell what commands are being run before I approve them?