What version of Codex CLI is running?
0.139.0
What subscription do you have?
Pro
Which model were you using?
gpt-5.5-codex
What platform is your computer?
Linux container on Windows-hosted worktree, npm install
What terminal emulator and version are you using (if applicable)?
No response
Codex doctor report
What issue are you seeing?
Title: Codex CLI plugin sync writes bundled plugin marketplace into active workspace
Package: @openai/codex
Version: 0.139.0
Platform: Linux container on Windows-hosted worktree, npm install
Command: codex exec --ephemeral --sandbox workspace-write --cd OK
Config:
approval_policy = "on-request"
sandbox_mode = "workspace-write"
network_access = "enabled"
features.plugins = true
Expected:
Codex starts and does not modify the repository unless the model chooses to edit files.
Actual:
On startup with plugins enabled, Codex writes plugin marketplace/scaffold files into the active workspace. In a synthetic repo it:
- deleted tracked files: Dockerfile.dev, marker.txt
- replaced README.md with a plugin marketplace README
- created .agents/
- created .gitignore
- created plugins/ with bundled plugin examples
This happened before any requested coding task and was reproduced in a disposable repo, so it is not specific to SemanticContract.
Mitigation:
Setting features.plugins = false, or running with --disable plugins, prevents the workspace modifications.
Secondary observation:
Codex also logs Windows .git pointer resolution errors in Windows-hosted worktrees from Linux containers, even when GIT_DIR/GIT_WORK_TREE point at container-local git metadata. This appears separate from the destructive plugin sync behavior.
What steps can reproduce the bug?
Steps to reproduce:
Install Codex CLI version 0.139.0 with npm.
npm install -g @openai/codex@0.139.0
Create a clean disposable Git repo.
mkdir codex-plugin-repro
cd codex-plugin-repro
git init -b main
git config user.email repro@example.invalid
git config user.name Repro
printf 'keep me\n' > marker.txt
printf 'FROM scratch\n' > Dockerfile.dev
printf '# Test\n' > README.md
git add .
git commit -m init
Enable plugins in ~/.codex/config.toml.
approval_policy = "on-request"
sandbox_mode = "workspace-write"
network_access = "enabled"
features.plugins = true
Run Codex from the repo.
codex exec --ephemeral --sandbox workspace-write --cd . OK
Check the worktree.
git status --short
Actual result:
Codex modifies the repository even though the prompt only says OK.
Observed status:
D Dockerfile.dev
M README.md
D marker.txt
?? .agents/
?? .gitignore
?? plugins/
README.md was replaced with a plugin marketplace README, and plugins/ contained bundled plugin examples.
Expected result:
The worktree should remain clean. Codex should not write plugin marketplace or scaffold files into the active repository unless explicitly requested.
Workaround:
Set features.plugins = false in ~/.codex/config.toml, or run Codex with --disable plugins.
What is the expected behavior?
The expected behavior is that Codex should not modify the active repository simply because the plugins feature is enabled.
Running codex exec --ephemeral --sandbox workspace-write --cd . OK in a clean repo should leave the worktree clean unless the prompt or user explicitly asks Codex to create, delete, or modify files.
If Codex needs to sync or cache plugin marketplace data, it should write that data to Codex’s own config/cache directory, not into the project workspace.
Additional information
This was reproduced in a disposable synthetic Git repository, so it does not appear to be specific to any one project.
The issue occurs with @openai/codex 0.139.0 when features.plugins is set to true. With features.plugins set to false, or when running with --disable plugins, the worktree remains clean.
Observed generated content included .agents/, .gitignore, plugins/, and a README.md describing bundled Codex plugin examples. In the same run, existing tracked files were deleted or replaced.
What version of Codex CLI is running?
0.139.0
What subscription do you have?
Pro
Which model were you using?
gpt-5.5-codex
What platform is your computer?
Linux container on Windows-hosted worktree, npm install
What terminal emulator and version are you using (if applicable)?
No response
Codex doctor report
What issue are you seeing?
Title: Codex CLI plugin sync writes bundled plugin marketplace into active workspace
Package: @openai/codex
Version: 0.139.0
Platform: Linux container on Windows-hosted worktree, npm install
Command: codex exec --ephemeral --sandbox workspace-write --cd OK
Config:
approval_policy = "on-request"
sandbox_mode = "workspace-write"
network_access = "enabled"
features.plugins = true
Expected:
Codex starts and does not modify the repository unless the model chooses to edit files.
Actual:
On startup with plugins enabled, Codex writes plugin marketplace/scaffold files into the active workspace. In a synthetic repo it:
This happened before any requested coding task and was reproduced in a disposable repo, so it is not specific to SemanticContract.
Mitigation:
Setting features.plugins = false, or running with --disable plugins, prevents the workspace modifications.
Secondary observation:
Codex also logs Windows .git pointer resolution errors in Windows-hosted worktrees from Linux containers, even when GIT_DIR/GIT_WORK_TREE point at container-local git metadata. This appears separate from the destructive plugin sync behavior.
What steps can reproduce the bug?
Steps to reproduce:
Install Codex CLI version 0.139.0 with npm.
npm install -g @openai/codex@0.139.0
Create a clean disposable Git repo.
mkdir codex-plugin-repro
cd codex-plugin-repro
git init -b main
git config user.email repro@example.invalid
git config user.name Repro
printf 'keep me\n' > marker.txt
printf 'FROM scratch\n' > Dockerfile.dev
printf '# Test\n' > README.md
git add .
git commit -m init
Enable plugins in ~/.codex/config.toml.
approval_policy = "on-request"
sandbox_mode = "workspace-write"
network_access = "enabled"
features.plugins = true
Run Codex from the repo.
codex exec --ephemeral --sandbox workspace-write --cd . OK
Check the worktree.
git status --short
Actual result:
Codex modifies the repository even though the prompt only says OK.
Observed status:
D Dockerfile.dev
M README.md
D marker.txt
?? .agents/
?? .gitignore
?? plugins/
README.md was replaced with a plugin marketplace README, and plugins/ contained bundled plugin examples.
Expected result:
The worktree should remain clean. Codex should not write plugin marketplace or scaffold files into the active repository unless explicitly requested.
Workaround:
Set features.plugins = false in ~/.codex/config.toml, or run Codex with --disable plugins.
What is the expected behavior?
The expected behavior is that Codex should not modify the active repository simply because the plugins feature is enabled.
Running codex exec --ephemeral --sandbox workspace-write --cd . OK in a clean repo should leave the worktree clean unless the prompt or user explicitly asks Codex to create, delete, or modify files.
If Codex needs to sync or cache plugin marketplace data, it should write that data to Codex’s own config/cache directory, not into the project workspace.
Additional information
This was reproduced in a disposable synthetic Git repository, so it does not appear to be specific to any one project.
The issue occurs with @openai/codex 0.139.0 when features.plugins is set to true. With features.plugins set to false, or when running with --disable plugins, the worktree remains clean.
Observed generated content included .agents/, .gitignore, plugins/, and a README.md describing bundled Codex plugin examples. In the same run, existing tracked files were deleted or replaced.