I am seeing a reproducible native Windows Codex sandbox failure where the requested command never starts. I added a public technical comment on the matching GitHub issue here:
Short version:
Windows 11 Home, build 10.0.26200
AMD64
Codex CLI 0.135.0
npm global install
Runtime user is not elevated/admin
Config includes [windows] sandbox = "elevated"
From a clean scratch folder, host process launch works, but the direct elevated Windows sandbox probe fails before the requested command starts:
windows sandbox failed: spawn setup refresh
The underlying sandbox log line is:
setup refresh: failed to spawn ...\codex-windows-sandbox-setup.exe: The requested operation requires elevation. (os error 740)
The unelevated fallback also fails on this machine:
windows sandbox failed: CreateProcessAsUserW failed: 2
The GitHub comment has the public-safe details. I also have a sanitized diagnostic zip with environment data, direct probe results, sandbox log excerpts, helper binary inspection, and Microsoft UAC references.
My question for OpenAI staff: what is the preferred way to send that diagnostic zip?
Should I send it through OpenAI Support/email/private channel, or is there a safe way to attach it here or on GitHub? I would rather not publish local diagnostic data publicly unless OpenAI specifically asks for it.
The diagnostic zip does not intentionally include .sandbox-secrets, auth tokens, API keys, raw SQLite transcript databases, or WAL files. It still contains local environment details such as Windows build, package paths, helper hashes, config shape, and sandbox log excerpts, as well as the research data for the windows parts, so I assume private support is the right route.
What I hope the diagnostics help OpenAI investigate:
Why normal setup refresh can return ERROR_ELEVATION_REQUIRED / os error 740 even though refresh should not request elevation.
Whether codex-windows-sandbox-setup.exe is shipped with an explicit requested-execution-level manifest.
Whether the non-elevating refresh helper should use asInvoker, be renamed, or be split from the elevated provisioning helper.
Why the documented unelevated fallback fails locally with CreateProcessAsUserW failed: 2.
Whether codex doctor can be extended to run the same minimal sandbox spawn path used by normal commands.
@OpenAI_Support do you need that zip, if so, where should I send it?