Codex Desktop fresh non-PTY shell calls cause repeated 1Password CLI (op) biometric reauthorization

[feliche93]

Title:
Codex Desktop fresh non-PTY shell calls cause repeated 1Password CLI (op) biometric reauthorization

What version of the Codex App are you using?
26.623.42026, build 4514

What subscription do you have?
Please fill in: Pro

What platform is your computer?
Darwin 25.3.0 arm64 arm
macOS 26.3.1 (25D771280a)

What issue are you seeing?
Codex Desktop shell tool calls appear to run as separate non-PTY shell processes. This causes 1Password CLI (op) authorization to be treated as a new terminal/session repeatedly, so commands using op read, op item get, or local wrappers around them trigger repeated biometric prompts.

This is painful for auth-sensitive developer automation where Codex needs to use local CLI wrappers that retrieve secrets from 1Password, for example:

• Google Workspace wrappers that read a refresh-token item from 1Password and inject a short-lived Google OAuth token
• Infisical wrappers that read Universal Auth credentials from 1Password before running infisical

In a normal terminal, the 1Password CLI session can be reused within the same terminal session. Inside Codex Desktop, op signin in one shell call does not reliably help subsequent shell calls because those calls are fresh/non-PTY executions.

What steps can reproduce the bug?

1. Use Codex Desktop on macOS with 1Password CLI app integration / biometric unlock enabled.
2. Configure Codex with sandbox disabled, or otherwise allow shell execution. In this environment:

sandbox_mode = "danger-full-access"
approval_policy = "never"

3. Run this in two separate Codex shell tool calls:

tty || true
printf 'pid=%s ppid=%s shell=%s\n' $$ $PPID $0

4. Observe that back-to-back calls are non-PTY and use different process IDs. Example local output:

not a tty
pid=45416 ppid=37327 shell=/bin/zsh

not a tty
pid=45417 ppid=37327 shell=/bin/zsh

5. Use a wrapper that calls 1Password CLI, for example op read ... or op item get ..., across multiple Codex shell calls.
6. Observe repeated 1Password biometric prompts / reauthorization friction, even though the same workflow is tolerable in a normal terminal session.

What is the expected behavior?
Codex Desktop should provide a documented way to run auth-sensitive local CLI workflows through a stable user shell/PTY/session, or otherwise support reuse of a persistent terminal session for shell tool calls.

For example, one of these would solve the workflow:

• a setting to route shell tool calls through a persistent PTY for the thread/workspace
• a supported "real user terminal session" mode for local developer CLIs
• documented guidance for tools like 1Password CLI whose authorization model is terminal/session-scoped

What is the actual behavior?
Normal shell tool calls are fresh/non-PTY executions. A manually created persistent PTY can exist, but normal Codex shell tool calls are not routed through that same session, so this is not a practical workflow-level fix.

Additional information
This appears related to, but more specific than:

• Codex shell execution does not match real user session (1Password/op + glab), causing auth mismatches #13160, an earlier 1Password/op auth mismatch report that was closed as environment-specific
• Codex does not inherit zsh aliases from .zshrc during command execution, while other shell init state is inherited #16551, shell environment mismatch
• Codex triggers Git/SSH activity on app focus in SSH-backed repos, causing 1Password SSH key prompts without an explicit user action #17655, 1Password SSH-agent prompts on app focus

The important distinction is that this is not only a dotfile or sandbox issue. It reproduces with sandbox disabled because 1Password CLI app integration is terminal/session-scoped, while Codex Desktop normal shell tool calls are fresh non-PTY processes.