codex - 💡(How to fix) Fix Windows app sandbox refresh fails with localhost proxy (127.0.0.1:7890), intermittently breaking apply_patch and shell_command [2 comments, 3 participants]

What version of the Codex App are you using (From “About Codex” dialog)?

26.325.3894.0

What subscription do you have?

Unknown / can provide if needed

What platform is your computer?

Microsoft Windows NT 10.0.26100.0 x64

What issue are you seeing?

On Windows, sandboxed tool execution intermittently fails when Codex sees local proxy env vars pointing at 127.0.0.1:7890. In my case this is Clash Verge Rev with TUN enabled, plus:

• HTTP_PROXY=http://127.0.0.1:7890
• HTTPS_PROXY=http://127.0.0.1:7890
• NO_PROXY=127.0.0.1,localhost,::1

The failure happens before the tool logic itself runs. I have seen both apply_patch and shell_command fail with a sandbox setup error.

The main error is:

helper_firewall_rule_create_or_add_failed: SetRemoteAddresses failed: Error { code: HRESULT(0x80070057), message: "The parameter is incorrect." }

This looks specifically related to the Windows sandbox firewall refresh, not to the patch content or the shell command content.

What steps can reproduce the bug?

1. On Windows, run Clash Verge Rev with TUN mode enabled and a local proxy listening on 127.0.0.1:7890.
2. Export HTTP_PROXY and HTTPS_PROXY as http://127.0.0.1:7890.
3. Start the Codex desktop app.
4. In a normal workspace, run any sandboxed tool action, for example:
   • a shell_command like Get-ChildItem -LiteralPath .
   • or an apply_patch that updates a local file
5. Codex logs a sandbox refresh mentioning the proxy port, for example: sandbox setup required: offline firewall settings changed (stored_ports=[], desired_ports=[7890], stored_allow_local_binding=false, desired_allow_local_binding=false)
6. The action intermittently fails with: helper_firewall_rule_create_or_add_failed: SetRemoteAddresses failed: HRESULT(0x80070057)
7. Retrying the exact same action often succeeds, which makes this look like sandbox setup instability rather than a deterministic tool/input failure.

What is the expected behavior?

Codex should handle localhost proxy settings cleanly on Windows. A local proxy such as 127.0.0.1:7890 should not cause sandbox refresh to fail, and sandboxed tool execution should not intermittently fail before the requested tool even runs.

Additional information

Additional observations:

• I also saw a secondary ACL-related sandbox error in the same area: grant read ACE failed on C:\Program Files\WindowsApps\OpenAI.Codex_26.325.3894.0_x64__2p2nqsd0c76g0\app\resources for sandbox_group: SetNamedSecurityInfoW failed: 5 followed by: read ACL run had errors
• That secondary issue appears to affect bundled tools under the app resources path. In one case, bundled rg.exe failed to start with Access is denied.
• WinHTTP proxy on this machine is direct access; the proxy here is coming from environment variables, not from netsh winhttp.

Relevant local logs:

• .codex.sandbox\sandbox.log around lines 113238, 113240, 113250, 113266, 113268, 113291
• .codex\log\codex-tui.log around lines 16707 and 17435

If helpful I can provide a trimmed log excerpt, but the failure is already visible in the sandbox log with the 7890 port transition.