Windows Desktop node_repl fails with sandbox setup refresh / os error 740

[2085948373yzj-ux]

Bug Report: Codex Windows Desktop node_repl fails with sandbox setup refresh / os error 740

Summary

Codex Windows Desktop can discover the node_repl MCP tool, but any js execution immediately fails because the JS kernel exits during Windows sandbox setup.

This also breaks Browser, Chrome, and Computer Use workflows that depend on node_repl.

Environment

• OS: Windows
• Codex Desktop package: OpenAI.Codex_26.527.3686.0_x64
• Codex CLI: codex-cli 0.135.0-alpha.1
• Node runtime used by Codex: v24.14.0
• Shell: PowerShell

Reproduction

1. Start Codex Desktop on Windows.
2. Open a new local thread.
3. Run a minimal node_repl smoke test:

nodeRepl.write("ok")

Actual Result

The tool is present, but the kernel exits unexpectedly:

node_repl kernel exited unexpectedly

node_repl diagnostics:
{
  "kernel_pid": 51832,
  "kernel_status": "running",
  "kernel_stderr_tail": "windows sandbox failed: spawn setup refresh",
  "reason": "stdout_eof",
  "stream_error": null
}

The sandbox log shows:

START: ...\node.exe --experimental-vm-modules ...\kernel.js
setup refresh: spawning C:\Users\Lenovo\AppData\Local\OpenAI\Codex\bin\7dea4a003bc76627\codex-windows-sandbox-setup.exe
setup refresh: failed to spawn ...\codex-windows-sandbox-setup.exe: ... (os error 740)

Windows os error 740 indicates the requested operation requires elevation.

Expected Result

The minimal node_repl JS call should return:

ok

Browser, Chrome, and Computer Use plugin workflows should then be able to bootstrap normally.

Additional Findings

• Running Codex Desktop as administrator did not resolve the failure.
• The normal shell sandbox can still run PowerShell commands, so the issue appears specific to the node_repl -> JS kernel -> Windows sandbox setup path.
• Manual direct testing showed that node_repl.exe --disable-sandbox can execute a minimal JS call successfully outside the Desktop-managed MCP lifecycle.
• Some Desktop-managed node_repl.exe processes are launched without --disable-sandbox, even after adding the following to C:\Users\Lenovo\.codex\config.toml:

[mcp_servers.node_repl]
args = ["--disable-sandbox"]

This suggests there may be multiple Desktop MCP launch paths, with at least one ignoring the configured args.

Impact

This prevents use of:

• Browser plugin
• Chrome plugin
• Computer Use plugin
• Any workflow requiring mcp__node_repl.js

The rest of Codex local shell execution may continue to work, which makes the failure easy to misdiagnose as a browser/plugin-specific issue.

Request

Please investigate the Windows Desktop node_repl sandbox setup path, especially:

• why codex-windows-sandbox-setup.exe is launched from the AppData CLI bundle and fails with os error 740;
• why administrator launch does not resolve it;
• why configured mcp_servers.node_repl.args = ["--disable-sandbox"] is not consistently applied to Desktop-managed node_repl.exe instances.

[github-actions]

Potential duplicates detected. Please review them and close your issue if it is a duplicate.

• Windows Computer Use / node_repl fails: spawn setup refresh uses AppData codex-windows-sandbox-setup.exe and returns os error 740 #25366
• Windows sandbox failed spawn setup refresh OS error 740 #25362
• Windows Codex app: Browser/node_repl bridge fails with sandbox elevation error #24926
• Windows sandbox blocks bundled Chrome plugin/node_repl startup with os error 740 #24755
• Codex Desktop Windows: node_repl bridge fails with windows sandbox failed: spawn setup refresh #25226

Powered by Codex Action