Sandbox setup error on Windows #10601
Description
What version of Codex CLI is running?
codex-cli 0.95.0
What subscription do you have?
other provider
Which model were you using?
gpt-5.2-codex xhigh
What platform is your computer?
Microsoft Windows NT 10.0.26200.0 x64
What terminal emulator and version are you using (if applicable)?
Windows Terminal ( pwsh (PowerShell 7.5.4) )
What issue are you seeing?
✘ Failed to apply patch
└ execution error: Io(Custom { kind: Other, error: "windows sandbox: setup refresh failed with status exit code: 1" })
• The patch application is failing due to a sandbox setup issue likely unrelated to approval, causing tool operations to stop. I’ll suggest the user retry since environment or tool recovery may be needed before proceeding.
EDIT:
I ran a test by starting Codex in the server directory. The server uses TypeScript with Bun.
When I executed bun run dev to start the service, any PowerShell commands executed by codex in that directory returned a sandbox setup error.
After terminating the service with Ctrl+C , the PowerShell commands worked normally again.
This issue did not occur in older versions; my previous version was codex-cli 0.94.0.
EDIT 2:
Some information below has been masked due to work-related confidentiality requirements. Please let me know if additional unmasked details are needed.
Codex conclusion
Environment
- OS: Windows
- Shell: PowerShell
- Working directory: [MASK]
- Sandbox mode: workspace-write
- Network: restricted (not relevant here)
- Approval policy: on-failure
What I did
1. Ran a simple read command without escalation:
- Command: powershell -NoProfile -Command "Get-Location"
- Result: FAIL
- Error: windows sandbox: setup refresh failed with status exit code: 1
2. Retried the same command with escalation:
- Command: powershell -NoProfile -Command "Get-Location"
- with sandbox_permissions: "require_escalated"
- Result: SUCCESS
- Output:
Path
----
[MASK]
Observed behavior
- The failure happens before the command runs, during sandbox setup/refresh.
- It affects even trivial read-only commands (e.g., Get-Location), not a specific command.
- When running outside the sandbox (escalated), the same command succeeds immediately.
Conclusion
- The issue appears to be a sandbox initialization/refresh failure in the non‑escalated path, not a command or permission issue in PowerShell itself.
- Escalating the command bypasses the sandbox and works reliably.
What steps can reproduce the bug?
ask to modify code in workspace
What is the expected behavior?
No response
Additional information
Please let me know if you need any additional information.
config:
model = "gpt-5.2-codex"
model_reasoning_effort = "xhigh"
network_access = "enabled"
disable_response_storage = true
sandbox_mode = "workspace-write"
approval_policy = "on-failure"
personality = "pragmatic"
web_search = "live"
[features]
powershell_utf8 = true
steer = true
experimental_windows_sandbox = true
elevated_windows_sandbox = true
tui2 = true
collab = true
collaboration_modes = true
# sandbox
[sandbox_workspace_write]
exclude_slash_tmp = true
network_access = true