codex - 💡(How to fix) Fix macOS remote sessions cannot write to external-volume workspaces on 0.130/0.132/0.133 (Operation not permitted)

What version of Codex CLI is running?

Reproduced with:

codex-cli 0.132.0
codex-cli 0.133.0

What subscription do you have?

ChatGPT Pro Lite

Which model were you using?

Not model-specific. The failure happens at shell/filesystem command execution time before normal task logic matters.

What platform is your computer?

ProductName:    macOS
ProductVersion: 26.4.1
BuildVersion:   25E253

uname -mprs:
Darwin 25.4.0 arm64 arm

What terminal emulator and version are you using (if applicable)?

Remote Codex session from ChatGPT iOS / SSH-Local style connection into a macOS host.

What issue are you seeing?

In a remote Codex session on macOS, shell commands cannot write to a normal workspace located under an external-volume path:

/Volumes/Data/Github/macOSAgentBot

The error is consistently:

Operation not permitted

This is not a generic Unix ownership/mode problem. The current user is ronnie, and the target workspace is also owned by ronnie. Writes to /tmp and to /Users/ronnie/... succeed in the same remote session, while writes under /Volumes/Data/Github/... fail.

Observed failure shape:

mkdir -p codex-rw-test && pwd && ls -ld codex-rw-test

# Output included:
mkdir: codex-rw-test: Operation not permitted

Using the absolute workspace path fails the same way:

mkdir -p /Volumes/Data/Github/macOSAgentBot/codex-rw-test
# => mkdir: /Volumes/Data/Github/macOSAgentBot/codex-rw-test: Operation not permitted

mkdir -p /Volumes/Data/Github/.codex-rw-test-parent
# => mkdir: /Volumes/Data/Github/.codex-rw-test-parent: Operation not permitted

But equivalent writes outside the external-volume workspace work:

mkdir -p /tmp/codex-rw-test && printf "probe\n" > /tmp/codex-rw-test/probe.txt
# => succeeds

mkdir -p /Users/ronnie/codex-rw-test && printf "read-write-ok\n" > /Users/ronnie/codex-rw-test/probe.txt
# => succeeds

I also checked the target directory ownership and basic permissions from the session. The evidence points to an extra macOS protection / remote execution permission boundary affecting /Volumes/Data/Github writes, not ordinary POSIX permissions.

What steps can reproduce the bug?

1. On macOS, use Codex CLI 0.132.0 or 0.133.0.

2. Start a remote Codex session through ChatGPT iOS / SSH-Local style access to the macOS host.

3. Use a workspace located on an external volume, for example:

   /Volumes/Data/Github/macOSAgentBot

4. Ask Codex to create a test folder in the workspace, or run:

   mkdir -p codex-rw-test

5. Observe Operation not permitted.

6. Run equivalent writes under /tmp or /Users/<user>/...; those succeed.

What is the expected behavior?

If the remote Codex session is allowed to operate in the workspace and the workspace is owned by the same macOS user, Codex should be able to create files and folders there, or it should surface a clear actionable macOS permission message explaining which process/app/executable needs Full Disk Access or external-volume access.

Additional information

This is specifically about the behavior observed on 0.132.0 and 0.133.0. I had previously worked around a similar failure by downgrading, but after retesting 0.133.0 the same Operation not permitted behavior still occurs for the external-volume workspace.

The important distinction is that the same remote session can write to /tmp and /Users/ronnie, but not to /Volumes/Data/Github, even though the directory owner is the same user.