What version of Codex CLI is running?
codex-cli 0.125.0
What subscription do you have?
Business
Which model were you using?
gpt-5.3-codex
What platform is your computer?
macOS
What terminal emulator and version are you using (if applicable)?
No response
What issue are you seeing?
Codex can't execute SQL via MCP Toolbox for Databases because
Tool call was cancelled because of safety risks- Reason references annotation mismatch such as:
destructive_hint: trueread_only_hint: false
What steps can reproduce the bug?
- Configure Codex with an MCP server using MCP Toolbox for Databases prebuilt SQL tools:
- In an interactive Codex session, call the MCP SQL execution tool with a read-only
SELECT query.
- Explicitly approve the MCP tool call when prompted.
- Observe the tool call result.
What is the expected behavior?
After explicit user approval, a read-only SELECT query should execute.
Additional information
Suggested fixes
- Respect explicit approval for clearly read-only SQL patterns (
SELECT/CTE without DDL/DML), or
- Add SQL-aware safety classification before hard block, or
- Provide a deterministic override flow for this mismatch class.
What version of Codex CLI is running?
codex-cli 0.125.0
What subscription do you have?
Business
Which model were you using?
gpt-5.3-codex
What platform is your computer?
macOS
What terminal emulator and version are you using (if applicable)?
No response
What issue are you seeing?
Codex can't execute SQL via MCP Toolbox for Databases because
Tool call was cancelled because of safety risksdestructive_hint: trueread_only_hint: falseWhat steps can reproduce the bug?
SELECTquery.What is the expected behavior?
After explicit user approval, a read-only
SELECTquery should execute.Additional information
Suggested fixes
SELECT/CTE without DDL/DML), or