Codex VS Code extension writes files without approval despite read-only/on-request config on Windows

[DrDonGoodeve]

What version of the IDE extension are you using?

26.429.30905

What subscription do you have?

Business

Which IDE are you using?

VSCode

What platform is your computer?

Microsoft Windows NT 10.0.26200.0 x64

What issue are you seeing?

Out-of-the-box, Codex is not asking for permission before making file edits. Modifying the config.toml file to control permissions results in 'unable to start admin sandbox'.

What steps can reproduce the bug?

See notes above. I was working through the analysis of a bug, and codex began to modify a code file in multiple steps without any permission. I have shut it down as I do not trust that it will not end up doing something more destructive to my codebase.

What is the expected behavior?

Permissions should always be granted by the user. It should never be up to the user to revoke assumed permissions. Trust is earned. And this just blew it big-time. Not sure I will come back to it as I cannot trust that the permissions structure I have in place is going to hold.

Was comparing with Claude's coding agent which is a darned sight better behaved.

Additional information

No response

[DrDonGoodeve]

config.toml - this attempt to control permissions results in the sandbox not starting:

model = "gpt-5.5"
model_reasoning_effort = "xhigh"

approval_policy = "on-request"
sandbox_mode = "read-only"
allow_login_shell = false

[windows]
sandbox = "unelevated" # elevated here does not help

[projects.'d:<my project>']
trust_level = "untrusted" # trusted here does not help

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• Undo functionality should never depend on Git repository presence #19205

Powered by Codex Action