Skip to content

Codex review tool cannot inspect local commits due to bwrap sandbox error and does not request escalation #19210

Open
Open
Codex review tool cannot inspect local commits due to bwrap sandbox error and does not request escalation#19210
Labels
bugSomething isn't workingcode-reviewIssues relating to code reviews performed by codexsandboxIssues related to permissions or sandboxing
@bromdun

Description

@bromdun
bromdun
opened on Apr 23, 2026

What version of Codex CLI is running?

v(0.124.0)

What subscription do you have?

Pro

Which model were you using?

GPT-5.5 xhigh

What platform is your computer?

Linux 369b745156a0 6.14.11 #1-NixOS SMP PREEMPT_DYNAMIC Tue Jan 1 00:00:00 UTC 1980 x86_64 GNU/Linux

What terminal emulator and version are you using (if applicable)?

No response

What issue are you seeing?

I’m seeing a regression with the Codex review tool in an environment where normal Codex shell commands require escalation because sandboxed local commands fail with a bubblewrap/user-namespace error.

The review tool failed with:

I could not inspect these local commits: sandboxed local commands fail with the bwrap namespace error, and the SHAs are not present in the connected GitHub repository. With no accessible diff, I cannot report actionable code findings.

Context:

  • Environment: Replit/workspace-style environment where sandboxed commands fail with bwrap namespace errors.
  • Normal Codex commands in the same session work when rerun with escalation.
  • The review tool appears to attempt sandboxed local commands only, fails on bwrap, and does not request escalation.
  • At the time, the commits were local-only and not pushed to GitHub, so the GitHub fallback could not find the SHAs.
  • This workflow reportedly worked previously with GPT-5.4 in the same environment.

Impact:

  • Local pre-push code review is unavailable in this environment.
  • The only workaround is to push commits to GitHub first or manually provide a diff to another reviewer.

What steps can reproduce the bug?

  1. Open a Codex session in a Replit/workspace environment where sandboxed shell commands fail with a bwrap / user-
    namespace error.
  2. Make one or more local commits that have not been pushed to GitHub.
  3. Ask the Codex review tool to review those local commits, for example:
    Review commits ..
  4. Observe that the review tool attempts to inspect the commits locally using sandboxed commands.
  5. The local inspection fails with a bwrap namespace error.
  6. The review tool then attempts/falls back to GitHub lookup, but the SHAs are not present because the commits are
    local-only.
  7. The review returns no actionable findings and reports that it cannot inspect the commits.

What is the expected behavior?

Expected behavior:

  • The review tool should either request/use the same escalation path available to Codex shell commands, or surface a
    clear instruction that the commits must be pushed/available via GitHub.
  • Ideally, it should be able to inspect local diffs in the same environment where Codex itself can inspect them with
    escalation.

Actual behavior:

  • Review terminated without inspecting the diff and without actionable findings.
  • The failure reason was environmental/tooling-related, not related to the code under review.

Additional information

Suggested fix:

  • Allow the review tool to use escalation when sandboxed local commands fail due to bwrap/namespace restrictions.
  • Alternatively, detect this failure mode and prompt the user to push the branch or provide a diff, rather than
    returning no actionable findings.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcode-reviewIssues relating to code reviews performed by codexsandboxIssues related to permissions or sandboxing

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions