Getting “rejected: blocked by policy” even with —yolo #10827
Description
What version of the Codex App are you using (From “About Codex” dialog)?
v0.98.0
What subscription do you have?
Pro
What issue are you seeing?
Some commands are being blocked even though I have these in config:
approval_policy="never"
sandbox_mode="danger-full-access"
Also tried with —yolo
I’ve examined the Codex sources and found that there is a hardcoded list of “dangerous” commands (mostly git commands)
I understand that for many people git commands are dangerous, but this list is hardcoded and unavoidable.
For me it looks like an arbitrary list of perfectly good commands I do want Codex to be able to run.
Three days ago the list was updated by adding more perfectly good (for me) commands (#10258) which made the issue worse.
I’m not sure how to address this properly and not I’m not saying that the feature should be removed.
Maybe adding “even-more-dangerous-super-do-not-use-ever” flag would be a solution?
What steps can reproduce the bug?
Create a git repository and a branch in it
Run codex with —yolo flag in that folder
Ask it to delete the branch
Actual:
git branch -d gets rejected by the harness. Ask codex what did it get and it will show you a json like this:
exec_command failed: CreateProcess { message: "Rejected(\"`/bin/zsh -lc 'git -C test-folder branch -d test-branch ` rejected: blocked by policy\")" }
What is the expected behavior?
Expected:
Codex runs git branch -d and deletes the branch
Additional information
Cleaning up git history is a usual step you should do before pushing a feature branch. This requires using those dangerous commands. If sandboxed properly and with correct policies and backups Codex can do it perfectly well. It knows what it is doing and bypasses the rejections in seconds if asked. There is no reason to ban some commands in yolo mode.