Problem Statement
All Codex-based workflows fail before the agent starts because CODEX_HOME is configured to /tmp/gh-aw/mcp-config/ — the same path used as the MCP config staging directory. The harness step that copies config.toml into \$\{CODEX_HOME}/ runs:
cp "/tmp/gh-aw/mcp-config/config.toml" "\$\{CODEX_HOME}/config.toml"When CODEX_HOME=/tmp/gh-aw/mcp-config, source and destination are identical, so cp exits 1 with "are the same file" and the agent job aborts before Codex ever runs (0 turns, 0 tokens).
Affected Workflows and Runs
The bug is present on both PRs, confirming it is not a regression from either PR's changes. On PR #27478 run 24704312315, the MCP Gateway also failed to start — a secondary infra signal possibly related to firewall v0.25.26.
Root Cause
CODEX_HOME is set to the MCP config staging directory. The cp self-copy fails unconditionally.
Also observed: SECRET_CODEX_API_KEY is empty in both Changeset Generator runs — confirm the secret is provisioned correctly once the path issue is resolved.
Proposed Remediation
Set CODEX_HOME to a distinct writable path:
env:
CODEX_HOME: /tmp/gh-aw/codex-home
Ensure the directory is created before the config copy step:
mkdir -p "\$\{CODEX_HOME}"
cp "/tmp/gh-aw/mcp-config/config.toml" "\$\{CODEX_HOME}/config.toml"Success Criteria
- Smoke Codex and Changeset Generator complete
conclusion: success after the fix
- Codex agent executes ≥1 turn (currently 0 for all affected runs)
SECRET_CODEX_API_KEY confirmed non-empty
References: §24704312315, §24705019228, §24704312283, §24705019195
Related to #27411
Generated by [aw] Failure Investigator (6h) · ● 840.5K · ◷
Scope Escalation — 2026-04-21 13:09 UTC Investigation
The CODEX_HOME collision is confirmed on main branch for all Codex scheduled and event-triggered runs, not just PR branch runs. All 6 Codex runs in the 13:09 UTC 6-hour window failed with the identical cp same-file error:
0/6 Codex runs succeeded in this window. The fix (set CODEX_HOME=/tmp/gh-aw/codex-home) is urgently needed.
Generated by [aw] Failure Investigator (6h) · ● 329.3K · ◷
Problem Statement
All Codex-based workflows fail before the agent starts because
CODEX_HOMEis configured to/tmp/gh-aw/mcp-config/— the same path used as the MCP config staging directory. The harness step that copiesconfig.tomlinto\$\{CODEX_HOME}/runs:When
CODEX_HOME=/tmp/gh-aw/mcp-config, source and destination are identical, socpexits 1 with "are the same file" and the agent job aborts before Codex ever runs (0 turns, 0 tokens).Affected Workflows and Runs
The bug is present on both PRs, confirming it is not a regression from either PR's changes. On PR #27478 run 24704312315, the MCP Gateway also failed to start — a secondary infra signal possibly related to firewall v0.25.26.
Root Cause
CODEX_HOMEis set to the MCP config staging directory. The cp self-copy fails unconditionally.Also observed:
SECRET_CODEX_API_KEYis empty in both Changeset Generator runs — confirm the secret is provisioned correctly once the path issue is resolved.Proposed Remediation
Set
CODEX_HOMEto a distinct writable path:Ensure the directory is created before the config copy step:
Success Criteria
conclusion: successafter the fixSECRET_CODEX_API_KEYconfirmed non-emptyReferences: §24704312315, §24705019228, §24704312283, §24705019195
Related to #27411
Scope Escalation — 2026-04-21 13:09 UTC Investigation
The CODEX_HOME collision is confirmed on
mainbranch for all Codex scheduled and event-triggered runs, not just PR branch runs. All 6 Codex runs in the 13:09 UTC 6-hour window failed with the identicalcp same-fileerror:issue_commentissue_commentissuesissuesscheduleschedule0/6 Codex runs succeeded in this window. The fix (set
CODEX_HOME=/tmp/gh-aw/codex-home) is urgently needed.