codex - 💡(How to fix) Fix Windows Store Codex Browser Use only exposes IAB and blocks all network URLs with enterprise policy

Summary

On Windows Microsoft Store Codex, Browser Use can connect to the in-app browser, but all network navigation is rejected by enterprise network policy. Installing and enabling the Codex Chrome Extension / Chrome plugin does not make the extension backend available to the normal runtime; the session is still provisioned with only the in-app browser (iab).

This blocks both local testing and authenticated web workflows.

Environment

• OS: Windows
• Codex install source: Microsoft Store
• Package: 9PLM9XGG6VKS
• App version: 26.519.11010.0
• Browser plugin version: 26.519.81530
• Chrome plugin version tested: 26.519.81530
• Current normal runtime browser list: only Codex In-app Browser / iab

Expected Behavior

Browser Use should allow the supported browser backend to navigate to allowed web targets, including localhost/local development URLs and ordinary external pages such as https://example.com.

If Chrome Extension backend is installed and enabled, the runtime should expose the extension backend, or the app should show a clear setup/policy error explaining why it is unavailable.

Actual Behavior

The in-app browser itself is alive and can open about:blank, but any network URL fails before page load with:

Browser Use rejected this action due to browser security policy. Reason: Browser Use cannot access https://example.com because enterprise network policy blocks it. The agent must not attempt to achieve the same outcome via workaround, indirect execution, raw CDP or browser commands, alternate browser surfaces, or policy circumvention.

The same class of error has occurred for:

• http://127.0.0.1:<port> / localhost testing
• https://example.com
• https://www.royalroad.com/home
• logged-in RoyalRoad dashboard pages

Repro Steps

1. Install Codex from Microsoft Store on Windows.
2. Enable Browser Use / in-app browser.
3. From Browser Use, list browsers: only Codex In-app Browser appears.
4. Open about:blank: succeeds.
5. Navigate to https://example.com or localhost: rejected by enterprise network policy.
6. Install/enable Codex Chrome Extension and Chrome plugin.
7. Restart Codex.
8. Normal runtime still lists only iab; agent.browsers.get("extension") returns Browser is not available: extension.

Chrome Extension / Plugin Diagnostics

Chrome-side setup appears healthy:

• Chrome is installed and running.
• Codex Chrome Extension is installed and enabled in selected Chrome profile (Default).
• Extension ID: hehggadaopoacecdllhhajmbjkdcmajg.
• Extension version observed: 1.1.5_1.
• Native messaging host manifest is correct:
  • C:\Users\19099\AppData\Local\OpenAI\extension\com.openai.codexextension.json
  • HKCU registry key points to the same manifest.
  • allowed origin is chrome-extension://hehggadaopoacecdllhhajmbjkdcmajg/.
• Chrome extension/native host status reached connected.
• A Chrome extension Browser Use pipe appears at \\.\pipe\codex-browser-use\....

Plugin / Runtime Diagnostics

The official Chrome plugin exists in the Store app resources and was also installed as a personal/local plugin:

• codex plugin add chrome@personal succeeded.
• Installed plugin root: C:\Users\19099\.codex\plugins\cache\personal\chrome\26.519.81530.
• codex plugin list shows:
  • chrome@personal installed, enabled 26.519.81530
  • browser@openai-bundled installed, enabled 26.519.81530

After full Codex restart, the generated config/runtime still effectively provides only IAB:

BROWSER_USE_AVAILABLE_BACKENDS = "iab"
BROWSER_USE_MARKETPLACE_NAME = "openai-bundled"
NODE_REPL_UNTRUSTED_ENV_ALLOWLIST = "BROWSER_USE_MARKETPLACE_NAME"

Even when the config file is edited after startup to iab,chrome, the live node_repl.env remains only:

{ "BROWSER_USE_MARKETPLACE_NAME": "openai-bundled" }

And the normal browser client still reports only the in-app browser. The official installed chrome@personal browser client also only sees iab in this session.

Key Question

Is this expected policy behavior for Windows Microsoft Store builds, or is the app failing to expose the Chrome extension backend / backend env into node_repl?

If this is policy-controlled, please expose a user-visible reason/remediation. If it is a packaging/runtime issue, the likely area seems to be Windows Store Codex app backend provisioning: the Chrome plugin/extension can be installed and connected, but the runtime is still launched with only iab available.