Skip to content

Windows native sandbox: Git HTTPS remote operations fail/crash inside Codex but work in normal PowerShell #31073

Description

@yorten

Summary

Git HTTPS remote operations fail inside Codex native Windows sandbox, even though the same Git commands work in normal Windows PowerShell.

Local Git commands inside Codex work correctly, including status, diff, add, commit, and branch operations. The failure is specific to remote HTTPS operations such as git ls-remote, git fetch, git pull, and git push.

Environment

  • OS: Windows 11
  • Codex: native Windows app
  • Git: Git for Windows 2.48.1.windows.1
  • Git path: C:\Program Files\Git\cmd\git.exe
  • Git HTTPS helper: C:\Program Files\Git\mingw64\libexec\git-core\git-remote-https.exe
  • GitHub CLI: C:\Program Files\GitHub CLI\gh.exe
  • Remote protocol: HTTPS
  • Codex config:
sandbox_mode = "workspace-write"
approval_policy = "on-request"

[sandbox_workspace_write]
network_access = true

[windows]
sandbox = "elevated"


Also tested:

[windows]
sandbox = "unelevated"
What works

From normal Windows PowerShell:

git ls-remote https://github.com/<owner>/<repo>.git HEAD
git push

Both work.

Inside Codex:

git status
git diff
git add
git commit

These local Git commands work.

Inside Codex, Python HTTPS also works against:

https://github.com/
https://api.github.com/

GitHub CLI can access the private repo inside Codex when proxy variables are cleared:

& "C:\Program Files\GitHub CLI\gh.exe" repo view <owner>/<repo> --json nameWithOwner,visibility

Public GitHub HTTPS works inside Codex when credential helpers are disabled:

git -c credential.helper= -c credential.https://github.com.helper= ls-remote https://github.com/git/git.git HEAD

Authenticated Git HTTPS also works inside Codex if the GitHub CLI token is passed directly to Git via an extraheader and credential helpers are bypassed.

What fails

In elevated sandbox mode:

Codex runs as codexsandboxonline.
git ls-remote and git push over HTTPS fail.
Windows shows a git-remote-https.exe - Application Error dialog: memory could not be read.
Schannel mode fails with:
schannel: AcquireCredentialsHandle failed: SEC_E_NO_CREDENTIALS
curl HTTPS also fails with the same Schannel SEC_E_NO_CREDENTIALS error.

In unelevated sandbox mode:

Codex runs as my normal Windows user.
The Codex shell starts with proxy variables pointing to 127.0.0.1:9:
HTTP_PROXY=http://127.0.0.1:9
HTTPS_PROXY=http://127.0.0.1:9
ALL_PROXY=http://127.0.0.1:9
GIT_HTTP_PROXY=http://127.0.0.1:9
GIT_HTTPS_PROXY=http://127.0.0.1:9
Clearing those variables removes the 127.0.0.1:9 failure.
GitHub CLI then works.
But normal Git HTTPS using the configured credential-helper handoff still fails/crashes.
Git credential configuration

General helper:

credential.helper = manager

GitHub-specific helper in global config:

credential.https://github.com.helper =
credential.https://github.com.helper = !'C:\Program Files\GitHub CLI\gh.exe' auth git-credential
Important diagnostic result

This does not appear to be a general GitHub network failure.

Inside Codex, after clearing proxy variables and bypassing credential helpers:

public GitHub HTTPS works
authenticated private Git HTTPS works when GitHub CLI token is passed directly through Git extraheader
GitHub CLI can access the private repo

The failure appears tied to native Windows Codex sandboxing plus Git for Windows / GitHub CLI / Git Credential Manager credential-helper handoff.

Expected behavior

When network_access = true is enabled in workspace-write mode, Codex should allow normal Git remote operations over HTTPS:

git fetch
git pull
git push
git ls-remote

These should work inside Codex the same way they work in normal Windows PowerShell.

Impact

Codex can edit files and make local commits, but it cannot reliably push/fetch/pull from GitHub over HTTPS in native Windows sandbox mode. The current clean workaround is to let Codex commit locally and manually push from normal Windows PowerShell.

Request

Please investigate:

Why unelevated Codex sessions inject 127.0.0.1:9 proxy variables even with network_access = true.
Why elevated Codex sandboxing causes Schannel/GCM failures with SEC_E_NO_CREDENTIALS.
Why normal Git HTTPS credential-helper handoff can crash git-remote-https.exe inside Codex, while normal PowerShell Git works.

Metadata

Metadata

Assignees

No one assigned

    Labels

    appIssues related to the Codex desktop appauthIssues related to authentication and accountsbugSomething isn't workingconnectivityIssues involving networking or endpoint connectivity problems (disconnections)sandboxIssues related to permissions or sandboxingwindows-osIssues related to Codex on Windows systems

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions