What version of the Codex App are you using (From “About Codex” dialog)?
Version 26.506.31421 (2620)
What subscription do you have?
Pro
What platform is your computer?
Darwin 25.4.0 arm64 arm
What issue are you seeing?
Codex Desktop shows Custom (config.toml) selected, but the active agent session still runs with read-only permissions.
The project has a local .codex/config.toml with:
default_permissions = "orchestrator_repo_full"
[permissions.orchestrator_repo_full.filesystem]
":minimal" = "read"
[permissions.orchestrator_repo_full.filesystem.":project_roots"]
"." = "write"
".git/" = "write"
[permissions.orchestrator_repo_full.network]
enabled = true
Expected: Codex Desktop should start the agent with the named permission profile orchestrator_repo_full.
Actual: the agent receives read-only permissions and cannot write to .git/index.lock.
This is different from the default .git read-only behavior in workspace-write: here .git is explicitly granted write access through a named permission profile.
The same profile works when passed explicitly through CLI:
codex exec \
-C /path/to/repo \
-c 'default_permissions="orchestrator_repo_full"' \
'commit updates'
What steps can reproduce the bug?
-
Create a local Git repository and add a project-local Codex config:
# .codex/config.toml
approval_policy = "never"
default_permissions = "orchestrator_repo_full"
[permissions.orchestrator_repo_full.filesystem]
":minimal" = "read"
[permissions.orchestrator_repo_full.filesystem.":project_roots"]
"." = "write"
".git/" = "write"
[permissions.orchestrator_repo_full.network]
enabled = true
-
Open the repository in Codex Desktop.
-
Select Custom (config.toml) in the permissions dropdown.
-
Start or resume an agent session in that repository.
-
Ask the agent to run a Git command that needs to write to .git:
git update-index --refresh
-
Observe that the session still runs with read-only permissions, and Git cannot create .git/index.lock.
Example observed error:
fatal: Unable to create '/path/to/repo/.git/index.lock': Operation not permitted
Expected behavior:
Codex Desktop should apply the project-local named permission profile from default_permissions = "orchestrator_repo_full", including explicit .git/ write access.
Actual behavior:
Codex Desktop shows Custom (config.toml) selected, but the active session receives read-only permissions instead of the named permission profile.
This is not the default .git read-only behavior in workspace-write: .git/ is explicitly granted write access in the project-local named permission profile.
CLI comparison:
codex exec \
-C /path/to/repo \
-c 'default_permissions="orchestrator_repo_full"' \
'git update-index --refresh'
When the same profile is passed explicitly through CLI config override, Codex applies the custom permissions profile as expected.
Session ID: 019e2309-8e81-7552-9368-96d06efb0d0b
What is the expected behavior?
Codex Desktop should start the agent with the named permission profile orchestrator_repo_full
Additional information
This issue may look related to the general .git read-only behavior, but the specific problem here is that Codex Desktop does not apply an explicitly selected project-local named permission profile.
Related issues
What version of the Codex App are you using (From “About Codex” dialog)?
Version 26.506.31421 (2620)
What subscription do you have?
Pro
What platform is your computer?
Darwin 25.4.0 arm64 arm
What issue are you seeing?
Codex Desktop shows
Custom (config.toml)selected, but the active agent session still runs withread-onlypermissions.The project has a local
.codex/config.tomlwith:Expected: Codex Desktop should start the agent with the named permission profile orchestrator_repo_full.
Actual: the agent receives read-only permissions and cannot write to .git/index.lock.
This is different from the default .git read-only behavior in workspace-write: here .git is explicitly granted write access through a named permission profile.
The same profile works when passed explicitly through CLI:
What steps can reproduce the bug?
Create a local Git repository and add a project-local Codex config:
Open the repository in Codex Desktop.
Select
Custom (config.toml)in the permissions dropdown.Start or resume an agent session in that repository.
Ask the agent to run a Git command that needs to write to
.git:Observe that the session still runs with read-only permissions, and Git cannot create
.git/index.lock.Example observed error:
Expected behavior:
Codex Desktop should apply the project-local named permission profile from
default_permissions = "orchestrator_repo_full", including explicit.git/write access.Actual behavior:
Codex Desktop shows
Custom (config.toml)selected, but the active session receives read-only permissions instead of the named permission profile.This is not the default
.gitread-only behavior inworkspace-write:.git/is explicitly granted write access in the project-local named permission profile.CLI comparison:
When the same profile is passed explicitly through CLI config override, Codex applies the custom permissions profile as expected.
Session ID:
019e2309-8e81-7552-9368-96d06efb0d0bWhat is the expected behavior?
Codex Desktop should start the agent with the named permission profile orchestrator_repo_full
Additional information
This issue may look related to the general
.gitread-only behavior, but the specific problem here is that Codex Desktop does not apply an explicitly selected project-local named permission profile.Related issues
Codex Desktop UI cannot initialize or detect existing Git repository (git init failed) while CLI works #11327
Codex Desktop Git UI /
.git/index.lockfailure..git is mounted read-only even though Codex is configured for workspace-write #15505
.gitis read-only inworkspace-write; comments mention custom permission profiles as a workaround.Allow writable gitdir for current worktree in sandboxed workspace-write mode #14338
Discussion/request for writable gitdir in sandboxed
workspace-write.CLI sandbox: cannot commit because .git is read-only (“Unable to create .git/index.lock”) #7071
CLI commit failure because
.git/index.lockcannot be created.