codex - 💡(How to fix) Fix Codex Desktop does not apply project-local default_permissions from .codex/config.toml [1 participants]

What version of the Codex App are you using (From “About Codex” dialog)?

Version 26.506.31421 (2620)

What subscription do you have?

Pro

What platform is your computer?

Darwin 25.4.0 arm64 arm

What issue are you seeing?

Codex Desktop shows Custom (config.toml) selected, but the active agent session still runs with read-only permissions.

The project has a local .codex/config.toml with:

default_permissions = "orchestrator_repo_full"

[permissions.orchestrator_repo_full.filesystem]
":minimal" = "read"

[permissions.orchestrator_repo_full.filesystem.":project_roots"]
"." = "write"
".git/" = "write"

[permissions.orchestrator_repo_full.network]
enabled = true

Expected: Codex Desktop should start the agent with the named permission profile orchestrator_repo_full.

Actual: the agent receives read-only permissions and cannot write to .git/index.lock.

This is different from the default .git read-only behavior in workspace-write: here .git is explicitly granted write access through a named permission profile.

The same profile works when passed explicitly through CLI:

codex exec \
  -C /path/to/repo \
  -c 'default_permissions="orchestrator_repo_full"' \
  'commit updates'

What steps can reproduce the bug?

1. Create a local Git repository and add a project-local Codex config:

   # .codex/config.toml
   approval_policy = "never"
   default_permissions = "orchestrator_repo_full"
   
   [permissions.orchestrator_repo_full.filesystem]
   ":minimal" = "read"
   
   [permissions.orchestrator_repo_full.filesystem.":project_roots"]
   "." = "write"
   ".git/" = "write"
   
   [permissions.orchestrator_repo_full.network]
   enabled = true

2. Open the repository in Codex Desktop.

3. Select Custom (config.toml) in the permissions dropdown.

4. Start or resume an agent session in that repository.

5. Ask the agent to run a Git command that needs to write to .git:

   git update-index --refresh

6. Observe that the session still runs with read-only permissions, and Git cannot create .git/index.lock.

   Example observed error:

   fatal: Unable to create '/path/to/repo/.git/index.lock': Operation not permitted

Expected behavior:

Codex Desktop should apply the project-local named permission profile from default_permissions = "orchestrator_repo_full", including explicit .git/ write access.

Actual behavior:

Codex Desktop shows Custom (config.toml) selected, but the active session receives read-only permissions instead of the named permission profile.

This is not the default .git read-only behavior in workspace-write: .git/ is explicitly granted write access in the project-local named permission profile.

CLI comparison:

codex exec \
  -C /path/to/repo \
  -c 'default_permissions="orchestrator_repo_full"' \
  'git update-index --refresh'

When the same profile is passed explicitly through CLI config override, Codex applies the custom permissions profile as expected.

Session ID: 019e2309-8e81-7552-9368-96d06efb0d0b

What is the expected behavior?

Codex Desktop should start the agent with the named permission profile orchestrator_repo_full

Additional information

This issue may look related to the general .git read-only behavior, but the specific problem here is that Codex Desktop does not apply an explicitly selected project-local named permission profile.

Related issues

• https://github.com/openai/codex/issues/11327 Codex Desktop Git UI / .git/index.lock failure.

• https://github.com/openai/codex/issues/15505 .git is read-only in workspace-write; comments mention custom permission profiles as a workaround.

• https://github.com/openai/codex/issues/14338 Discussion/request for writable gitdir in sandboxed workspace-write.

• https://github.com/openai/codex/issues/7071 CLI commit failure because .git/index.lock cannot be created.