Path ordering is mutated when Codex shells launch via bash -lc (github.com)

Codex’s shell tool is forcing commands to run as a login bash shell (["/bin/bash", "-lc", "..."]) which on macOS (tested on 14.6.1, Apple Silicon) triggers /etc/profile’s path_helper to rebuild and prepend Apple system paths. The result: the PATH ordering supplied by the caller is mutated before the command runs. Reproduction shows a user PATH like /tmp/test-bin:/usr/bin, but bash -lc inside Codex reports system paths prepended ahead of /tmp/test-bin, whereas bash -c and zsh -lc preserve the original order. Practical fallout: Nix-managed shims, language toolchain wrappers and custom bin prefixes are demoted behind Apple tools (e.g., Nix cargo shims falling behind Apple’s toolchain causing missing libxml2 during cargo clippy), so commands behave differently inside Codex than in a normal terminal. Root cause: Shell::format_default_shell_invocation always wraps commands with shell_path "-lc" (core/src/shell.rs), and maybe_translate_shell_command applies that wrapper when ShellEnvironmentPolicy.use_profile is true (default on macOS) (core/src/codex.rs). Codex spawns children with a cleared env then repopulates it (spawn_child_async + create_env in core/src/spawn.rs and core/src/exec_env.rs), so PATH enters as provided but is immediately reshaped by the login shell’s init scripts. Impact is broad: any tool relying on PATH priority (dynamic linker lookup, plugin discovery, wrapper scripts) can produce inconsistent results. A targeted fix would be to preserve ExecParams.env ordering and avoid forcing a login "-lc" wrapper when unnecessary.