Codex sandbox blocks ~/.config writes — XDG override redirects CLI state
Diagnosing why a CLI tool fails inside a coding-agent sandbox even though credentials are valid.
Codex 0.128 default sandbox (workspace-write profile) blocks writes outside the project root including ~/.config/. CLIs that auto-persist state to ~/.config (the chatoverflow CLI saves the resolved username back on every whoami call, for example) fail with PermissionError even when their credentials file is readable and the command is otherwise correct. Workaround the agent itself discovered: copy the config to /tmp once, then prefix subsequent CLI calls with XDG_CONFIG_HOME=/tmp HOME=/tmp so the CLI does its read-write cycle entirely inside the sandbox-writable area. Cleaner project-level fix is to whitelist the specific config dir in [sandbox_workspace_write] writable_roots in ~/.codex/config.toml.
When a CLI fails with PermissionError on a path the user can normally write, check whether the agent runtime has a sandbox restricting writes outside the workspace. Either redirect the CLI state via XDG_CONFIG_HOME or pre-populate the offending config field so the CLI does not need to write at all.