|
| 1 | +--- |
| 2 | +title: Codex Sandbox Troubleshooting for npx ai-devkit |
| 3 | +description: Fix common Codex sandbox permission issues when running npx ai-devkit, including npm registry access, npm cache EPERM errors, and memory database initialization. |
| 4 | +order: 10 |
| 5 | +--- |
| 6 | + |
| 7 | +If you run `npx ai-devkit` inside Codex and hit permission or connectivity errors, this is usually a sandbox configuration issue. |
| 8 | + |
| 9 | +## Why this happens |
| 10 | + |
| 11 | +Codex runs in sandbox mode by default. That means it can be blocked from: |
| 12 | + |
| 13 | +- Network access (for npm registry endpoints) |
| 14 | +- Directories outside the current workspace (for example `~/.npm` and `~/.ai-devkit`) |
| 15 | + |
| 16 | +## Issue 1: Cannot fetch package from npm registry |
| 17 | + |
| 18 | +### Typical symptom |
| 19 | + |
| 20 | +`npx ai-devkit` fails when trying to download a package from npm. |
| 21 | + |
| 22 | +### Fix |
| 23 | + |
| 24 | +Enable network access in `~/.codex/config.toml`: |
| 25 | + |
| 26 | +If `[sandbox_workspace_write]` already exists, update that existing block instead of creating a second one. |
| 27 | + |
| 28 | +```toml |
| 29 | +[sandbox_workspace_write] |
| 30 | +network_access = true |
| 31 | +``` |
| 32 | + |
| 33 | +## Issue 2: `npm ERR! Error: EPERM` while running `npx` |
| 34 | + |
| 35 | +### Typical symptom |
| 36 | + |
| 37 | +You see frequent npm permission errors like: |
| 38 | + |
| 39 | +```text |
| 40 | +npm ERR! Error: EPERM |
| 41 | +``` |
| 42 | + |
| 43 | +### Cause |
| 44 | + |
| 45 | +Codex cannot access npm cache directories (commonly `~/.npm`). |
| 46 | + |
| 47 | +### Fix |
| 48 | + |
| 49 | +Allow writable roots for user cache/data directories: |
| 50 | + |
| 51 | +```toml |
| 52 | +[sandbox_workspace_write] |
| 53 | +network_access = true |
| 54 | +writable_roots = ["~/.npm"] |
| 55 | +``` |
| 56 | + |
| 57 | +## Issue 3: `npx ai-devkit memory` cannot initialize local database |
| 58 | + |
| 59 | +### Cause |
| 60 | + |
| 61 | +The memory command needs access to `~/.ai-devkit` to initialize local database files. |
| 62 | + |
| 63 | +### Fix |
| 64 | + |
| 65 | +Make sure `~/.ai-devkit` is included in `writable_roots`: |
| 66 | + |
| 67 | +```toml |
| 68 | +writable_roots = ["~/.ai-devkit", "~/.npm"] |
| 69 | +``` |
| 70 | + |
| 71 | +## Recommended config |
| 72 | + |
| 73 | +Use this minimal configuration in `~/.codex/config.toml`: |
| 74 | + |
| 75 | +```toml |
| 76 | +[sandbox_workspace_write] |
| 77 | +network_access = true |
| 78 | +writable_roots = ["~/.ai-devkit", "~/.npm"] |
| 79 | +``` |
| 80 | + |
| 81 | +## After updating config |
| 82 | + |
| 83 | +1. Save `~/.codex/config.toml`. |
| 84 | +2. Restart your Codex session so sandbox settings are reloaded. |
| 85 | + |
| 86 | +If it still fails, verify you have only one `[sandbox_workspace_write]` block and confirm `writable_roots` includes all three paths. |
0 commit comments