What issue are you seeing?
While integrating Codex through codex app-server, I saw a codex turn stall on a permission/escalation prompt that appeared in the codex session transcript, but no matching app-server item/*/requestApproval server request over JSON-RPC.
This leaves app-server clients unable to display or resolve the approval. The turn appears active but cannot progress until the hidden approval times out.
- Codex CLI: 0.130.0
- Mode: codex app-server --listen stdio://
- Approval policy: on-request
- Sandbox: workspace-write
- Platform: Linux
What steps can reproduce the bug?
- Start app-server:
codex app-server --listen stdio://
-c 'model="gpt-5.5"'
-c 'approval_policy="on-request"'
-c 'thread_sandbox="workspace-write"'
-c 'turn_sandbox_policy="workspace-write"'
- Initialize app-server over stdio.
- Start a thread in a git worktree whose .git metadata lives outside the sandbox writable roots.
- Start a turn asking Codex to stage/commit changes, or otherwise run a command that requires sandbox escalation, for example git add .... This should trigger codex for sandbox_permissions approval.
- Observe the app-server JSON-RPC stream.
- Compare it with the saved Codex session transcript under ~/.codex/sessions/....
What is the expected behavior?
I expect app-server to surface a item/*/requestApproval as with other approval requests.
Additional information
Here's what it looked like for me:
session transcript:
{
"type": "function_call",
"name": "exec_command",
"arguments": {
"cmd": "git add foobar",
"workdir": "/tmp/testbranch1",
"yield_time_ms": 1000,
"max_output_tokens": 12000,
"sandbox_permissions": "require_escalated",
"justification": "Allow staging the test file in this git worktree; the git metadata lives under /home/... outside the writable sandbox.",
"prefix_rule": ["git", "add"]
}
}
After 300 seconds, the session transcript recorded:
{
"type": "function_call_output",
"output": "aborted by user after 300.0s"
}
But the app-server client never received an approval request it could answer.
What issue are you seeing?
While integrating Codex through codex app-server, I saw a codex turn stall on a permission/escalation prompt that appeared in the codex session transcript, but no matching app-server item/*/requestApproval server request over JSON-RPC.
This leaves app-server clients unable to display or resolve the approval. The turn appears active but cannot progress until the hidden approval times out.
What steps can reproduce the bug?
codex app-server --listen stdio://
-c 'model="gpt-5.5"'
-c 'approval_policy="on-request"'
-c 'thread_sandbox="workspace-write"'
-c 'turn_sandbox_policy="workspace-write"'
What is the expected behavior?
I expect app-server to surface a item/*/requestApproval as with other approval requests.
Additional information
Here's what it looked like for me:
session transcript:
{
"type": "function_call",
"name": "exec_command",
"arguments": {
"cmd": "git add foobar",
"workdir": "/tmp/testbranch1",
"yield_time_ms": 1000,
"max_output_tokens": 12000,
"sandbox_permissions": "require_escalated",
"justification": "Allow staging the test file in this git worktree; the git metadata lives under /home/... outside the writable sandbox.",
"prefix_rule": ["git", "add"]
}
}
After 300 seconds, the session transcript recorded:
{
"type": "function_call_output",
"output": "aborted by user after 300.0s"
}
But the app-server client never received an approval request it could answer.