codex - 💡(How to fix) Fix workspace-write writable_roots still prompts for approval on listed Windows directories [1 comments, 2 participants]

Summary

On Windows, Codex continues to request approval for writes to directories explicitly listed under [sandbox_workspace_write].writable_roots while running with sandbox_mode = "workspace-write" and approval_policy = "on-request".

This defeats the expected least-privilege workflow: allow writes without prompts in a small set of trusted dev folders, but still ask for approval outside those folders.

Environment

• OS: Windows
• Codex CLI version observed: codex-cli 0.130.0-alpha.5
• Codex App/Desktop also appears affected in the same session/workflow
• Working directory: C:\Dev\Automation
• Target additional writable directories:
  • C:\Dev\game-factory
  • C:\Dev\personal-agentic-os

Config

C:\Users\fh\.codex\config.toml contains:

model = "gpt-5.5"
model_reasoning_effort = "medium"
sandbox_mode = "workspace-write"
approval_policy = "on-request"

[windows]
sandbox = "elevated"

[sandbox_workspace_write]
writable_roots = [
  'C:\Dev\Automation',
  'C:\Dev\game-factory',
  'C:\Dev\personal-agentic-os',
]

The projects are also marked trusted in the same config.

Reproduction

Start Codex from:

codex -C C:\Dev\Automation --add-dir C:\Dev\game-factory --add-dir C:\Dev\personal-agentic-os

Then have Codex run a harmless write probe into one of the configured writable roots, for example:

$path = 'C:\Dev\game-factory\.codex-write-test.tmp'
'codex write probe' | Set-Content -LiteralPath $path -Encoding ASCII
$ok = Test-Path -LiteralPath $path
Remove-Item -LiteralPath $path -Force
if ($ok) { 'WRITE_OK' } else { 'WRITE_FAILED' }

Expected behavior

Because C:\Dev\game-factory is listed in sandbox_workspace_write.writable_roots, Codex should run the write probe without asking for approval.

If Codex tries to write outside the workspace and listed writable roots, approval_policy = "on-request" should still ask for permission.

Actual behavior

Codex still asks the user to approve the write request for C:\Dev\game-factory and C:\Dev\personal-agentic-os, even though both paths are explicitly listed under writable_roots.

Why this matters

This blocks a normal multi-repository workflow where a user wants Codex to work in a primary directory plus one or two trusted sibling dev repos without switching to full unrestricted access.

The only apparent workaround is danger-full-access, which is much broader than needed and not equivalent to the documented workspace-write + writable_roots behavior.

Related issues

This appears related to previously reported behavior where --add-dir and/or App/extension sessions do not correctly grant or honor additional writable directories, but this report is specifically about sandbox_workspace_write.writable_roots still causing approval prompts on Windows.