Claude Discovery

← All discoveries

best-practice

Codex file-deletion bug traced to $HOME override in full-access mode

2026-07-16 ยท source:

OpenAI found GPT-5.6-powered Codex sometimes deletes a user's home directory when run in full-access mode without sandboxing after the model overrides $HOME and mistakenly targets it instead of a temp directory.

What it is

A root-cause disclosure from OpenAI's Thibault Sottiaux about file-deletion incidents reported against the Codex coding agent.

What it does

It explains that the deletions cluster around full-access mode running without sandbox protections or auto review, combined with the model attempting to override the $HOME environment variable and then mistakenly deleting the wrong path.

Why it matters

It is a concrete reminder that unlike sandboxed or review-gated agent modes, running any coding agent in full-access mode without a sandbox leaves catastrophic filesystem mistakes uncaught before execution.

How to use it

Keep sandboxing and auto-review enabled for Codex and similar agents, and avoid full-access mode unless the working directory is disposable or backed up.

Go to source →
codexagent-safetysandboxing