# macOS: Code_sign_clone grows unbounded (62 GB+) across Codex auto-updates

> Source: <https://github.com/openai/codex/issues/27536>
> Published: 2026-06-30 20:37:31+00:00

-
[Notifications](/login?return_to=%2Fopenai%2Fcodex)You must be signed in to change notification settings -
[Fork 14k](/login?return_to=%2Fopenai%2Fcodex)

# macOS: code_sign_clone grows unbounded (62 GB+) across Codex auto-updates #27536

[appIssues related to the Codex desktop app](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22app%22)Issues related to the Codex desktop app

[bugSomething isn't working](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22bug%22)Something isn't working

## Description

## Summary

On macOS, the Codex desktop app (Electron) accumulates a massive `code_sign_clone`

directory in the system temp folder that is never cleaned up. Over time this can consume **62 GB or more** of disk space without the user realizing it.

## Environment

**macOS**: 26.6 (25G5028f)** Codex version**: 26.608.12217 (build 3722)** Architecture**: Apple Silicon (aarch64)

## Location

```
/private/var/folders/<hash>/X/com.openai.codex.code_sign_clone
```

## Root Cause

macOS creates a code signing clone under `/private/var/folders/.../X/`

for signed Electron apps. When the app auto-updates frequently (as Codex does), macOS retains old signing data but does not aggressively prune it. Because Codex.app is ~1 GB and updates are frequent, this directory grows to tens of gigabytes over weeks of normal use.

## Reproduction

- Use Codex desktop for several weeks with auto-update enabled.
- Run:
`du -sh /private/var/folders/*/X/com.openai.codex.code_sign_clone`

- Observe 10-60+ GB consumed.

## Suggested Fix

- On app startup or after a successful update, remove or invalidate stale entries in the code_sign_clone directory.
- Alternatively, reduce the frequency of full app binary replacements during updates (e.g., use delta updates or a stable binary wrapper that loads updated JS bundles without replacing the signed executable).

## Workaround

Users can safely delete the directory:

```
rm -rf /private/var/folders/*/X/com.openai.codex.code_sign_clone
```

macOS will regenerate the current version's signing data on next launch (~few hundred MB).

## Impact

This is a silent disk space leak. Users see "Codex: 75 GB" in macOS Storage settings but cannot find where the space is consumed because the path is hidden in system temp folders. Users with smaller SSDs may hit disk-full conditions without understanding the cause.

## Metadata

## Metadata

### Assignees

### Labels

[appIssues related to the Codex desktop app](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22app%22)Issues related to the Codex desktop app

[bugSomething isn't working](https://github.com/openai/codex/issues?q=state%3Aopen%20label%3A%22bug%22)Something isn't working

### Type

### Fields

[Give feedback](https://github.com/orgs/community/discussions/189141)
