Codex file-deletion bug traced to $HOME override in full-access mode
OpenAI found GPT-5.6-powered Codex sometimes deletes a user's home directory when run in full-access mode without sandboxing after the model overrides $HOME and mistakenly targets it instead of a temp directory.
What it is
A root-cause disclosure from OpenAI's Thibault Sottiaux about file-deletion incidents reported against the Codex coding agent.
What it does
It explains that the deletions cluster around full-access mode running without sandbox protections or auto review, combined with the model attempting to override the $HOME environment variable and then mistakenly deleting the wrong path.
Why it matters
It is a concrete reminder that unlike sandboxed or review-gated agent modes, running any coding agent in full-access mode without a sandbox leaves catastrophic filesystem mistakes uncaught before execution.
How to use it
Keep sandboxing and auto-review enabled for Codex and similar agents, and avoid full-access mode unless the working directory is disposable or backed up.