What version of Codex is running?
Observed on openai/codex current main in v0.101.0.
What issue are you seeing?
config/read can resolve and return project layers (.codex/config.toml) when cwd is provided, but config/value/write and config/batchWrite reject writing to project config paths and only allow writes to $CODEX_HOME/config.toml.
This makes project-scoped config effectively read-only through the app-server protocol.
Steps to reproduce
- Create a repo with a trusted project and a project config file:
<repo>/.codex/config.toml
- Call
config/read with cwd=<repo> and includeLayers=true.
- Observe a
Project layer in layers, and/or origins pointing to Project.
- Attempt to write a project-scoped key using:
config/value/write with filePath="<repo>/.codex/config.toml" (or equivalent absolute path),- or
config/batchWrite with that same filePath.
- Observe error response:
config_write_error_code: "configLayerReadonly"- message:
Only writes to the user config are allowed
- If
filePath is omitted, the write succeeds but updates $CODEX_HOME/config.toml (user/global scope), not project scope.
Expected behavior
One of these (in order of preference):
- Support project-layer writes in config RPC:
- explicit targeting, e.g.
targetLayer: "project" + cwd, or
- allow
filePath to point at trusted .codex/config.toml with guardrails.
- If project writes are intentionally unsupported, make that explicit in protocol/docs and narrow
filePath semantics to avoid implying arbitrary writable config target files.
Actual behavior
Write APIs are hard-restricted to user config path, even when the protocol can read project layers.
Why this matters
Protocol clients can read effective/project config but cannot persist project-scoped changes.
They must mutate global user config instead, which leaks project-specific settings across repositories.
Additional context (source references)
ConfigReadParams.cwd explicitly describes project-layer resolution.ConfigValueWriteParams.file_path / ConfigBatchWriteParams.file_path accept a path and say it defaults to user config when omitted.core/src/config/service.rs enforces:
- allowed write target =
$CODEX_HOME/config.toml
- otherwise returns
ConfigLayerReadonly with message Only writes to the user config are allowed.
- App-server README currently describes write RPCs as writing user config.
Happy to help test a fix if there is a preferred API shape.
What version of Codex is running?
Observed on
openai/codexcurrent main in v0.101.0.What issue are you seeing?
config/readcan resolve and return project layers (.codex/config.toml) whencwdis provided, butconfig/value/writeandconfig/batchWritereject writing to project config paths and only allow writes to$CODEX_HOME/config.toml.This makes project-scoped config effectively read-only through the app-server protocol.
Steps to reproduce
<repo>/.codex/config.tomlconfig/readwithcwd=<repo>andincludeLayers=true.Projectlayer inlayers, and/ororiginspointing toProject.config/value/writewithfilePath="<repo>/.codex/config.toml"(or equivalent absolute path),config/batchWritewith that samefilePath.config_write_error_code: "configLayerReadonly"Only writes to the user config are allowedfilePathis omitted, the write succeeds but updates$CODEX_HOME/config.toml(user/global scope), not project scope.Expected behavior
One of these (in order of preference):
targetLayer: "project"+cwd, orfilePathto point at trusted.codex/config.tomlwith guardrails.filePathsemantics to avoid implying arbitrary writable config target files.Actual behavior
Write APIs are hard-restricted to user config path, even when the protocol can read project layers.
Why this matters
Protocol clients can read effective/project config but cannot persist project-scoped changes.
They must mutate global user config instead, which leaks project-specific settings across repositories.
Additional context (source references)
ConfigReadParams.cwdexplicitly describes project-layer resolution.ConfigValueWriteParams.file_path/ConfigBatchWriteParams.file_pathaccept a path and say it defaults to user config when omitted.core/src/config/service.rsenforces:$CODEX_HOME/config.tomlConfigLayerReadonlywith messageOnly writes to the user config are allowed.Happy to help test a fix if there is a preferred API shape.