What version of Codex CLI is running?
codex-cli 0.130.0
What subscription do you have?
ChatGPT Pro
Which model were you using?
Not model-specific. The failure happens during remote/SSH app-server session startup before normal task execution.
What platform is your computer?
ProductName: macOS
ProductVersion: 26.5
BuildVersion: 25F71
uname -mprs:
Darwin 25.5.0 arm64 arm
What terminal emulator and version are you using (if applicable)?
SSH/headless remote connection into macOS. The relevant local processes were sshd-session plus a Homebrew Codex CLI app-server.
Observed process shape:
/opt/homebrew/bin/codex app-server --listen unix://
sshd-session: skyline23@notty
nc -U /Users/skyline23/.codex/app-server-control/app-server-control.sock
At the time of collecting diagnostics, the remote notty session had disconnected, but the app-server was still running:
/opt/homebrew/bin/codex app-server --listen unix://
Codex doctor report
Not available in this CLI version:
error: unexpected argument '--json' found
Usage: codex [OPTIONS] [PROMPT]
codex [OPTIONS] <COMMAND> [ARGS]
What issue are you seeing?
Codex remote configured through SSH cannot read into normal macOS user workspace directories because macOS TCC blocks file traversal. The visible failure in Codex's app-server log is during AGENTS.md discovery:
codex_core::agents_md: error trying to find AGENTS.md docs: Operation not permitted (os error 1)
The log file checked was:
/Users/skyline23/.codex/app-server-control/app-server.log
The affected workspaces were under TCC-protected user folders such as:
/Users/skyline23/Downloads/Lumen
/Users/skyline23/Documents/Codex/2026-05-15/...
This is confusing for remote SSH usage because the user connected to the host over SSH and expected CLI access to behave like a normal shell. Instead, Codex fails internally while looking for AGENTS.md, with no actionable message explaining that macOS Full Disk Access/TCC is the likely cause or which executable needs to be granted access.
What steps can reproduce the bug?
-
On macOS 26.5, install Codex CLI through Homebrew so that the executable resolves like this:
/opt/homebrew/bin/codex -> /opt/homebrew/Caskroom/codex/0.130.0/codex-aarch64-apple-darwin
-
Configure Codex remote access through SSH.
-
Start the Codex app-server used by remote control:
/opt/homebrew/bin/codex app-server --listen unix://
-
Connect remotely over SSH. The observed connection path used:
sshd-session: <user>@notty
nc -U /Users/<user>/.codex/app-server-control/app-server-control.sock
-
Start or resume a Codex session whose workspace is under a macOS TCC-protected folder, for example:
/Users/<user>/Downloads/<repo>
/Users/<user>/Documents/Codex/<workspace>
-
Codex attempts to discover AGENTS.md and logs:
codex_core::agents_md: error trying to find AGENTS.md docs: Operation not permitted (os error 1)
What is the expected behavior?
Codex remote over SSH should be able to start the session and read the configured workspace, including AGENTS.md, without failing with Operation not permitted.
Additional information
Host and process details collected during debugging:
/opt/homebrew/bin/codex -> /opt/homebrew/Caskroom/codex/0.130.0/codex-aarch64-apple-darwin
/opt/homebrew/bin/codex app-server --listen unix://
/Users/skyline23/.codex/app-server-control/app-server-control.sock
/usr/sbin/sshd
/usr/libexec/sshd-session
/usr/libexec/sshd-keygen-wrapper
What version of Codex CLI is running?
codex-cli 0.130.0What subscription do you have?
ChatGPT Pro
Which model were you using?
Not model-specific. The failure happens during remote/SSH app-server session startup before normal task execution.
What platform is your computer?
What terminal emulator and version are you using (if applicable)?
SSH/headless remote connection into macOS. The relevant local processes were
sshd-sessionplus a Homebrew Codex CLI app-server.Observed process shape:
At the time of collecting diagnostics, the remote
nottysession had disconnected, but the app-server was still running:Codex doctor report
Not available in this CLI version:
What issue are you seeing?
Codex remote configured through SSH cannot read into normal macOS user workspace directories because macOS TCC blocks file traversal. The visible failure in Codex's app-server log is during
AGENTS.mddiscovery:The log file checked was:
The affected workspaces were under TCC-protected user folders such as:
This is confusing for remote SSH usage because the user connected to the host over SSH and expected CLI access to behave like a normal shell. Instead, Codex fails internally while looking for
AGENTS.md, with no actionable message explaining that macOS Full Disk Access/TCC is the likely cause or which executable needs to be granted access.What steps can reproduce the bug?
On macOS 26.5, install Codex CLI through Homebrew so that the executable resolves like this:
Configure Codex remote access through SSH.
Start the Codex app-server used by remote control:
Connect remotely over SSH. The observed connection path used:
Start or resume a Codex session whose workspace is under a macOS TCC-protected folder, for example:
Codex attempts to discover
AGENTS.mdand logs:What is the expected behavior?
Codex remote over SSH should be able to start the session and read the configured workspace, including
AGENTS.md, without failing withOperation not permitted.Additional information
Host and process details collected during debugging: