1# Codex App Server1# Codex App Server
2 2
3Embed Codex into your product with the app-server protocol
4
5Codex app-server is the interface Codex uses to power rich clients (for example, the Codex VS Code extension). Use it when you want a deep integration inside your own product: authentication, conversation history, approvals, and streamed agent events. The app-server implementation is open source in the Codex GitHub repository ([openai/codex/codex-rs/app-server](https://github.com/openai/codex/tree/main/codex-rs/app-server)). See the [Open Source](https://developers.openai.com/codex/open-source) page for the full list of open-source Codex components.3Codex app-server is the interface Codex uses to power rich clients (for example, the Codex VS Code extension). Use it when you want a deep integration inside your own product: authentication, conversation history, approvals, and streamed agent events. The app-server implementation is open source in the Codex GitHub repository ([openai/codex/codex-rs/app-server](https://github.com/openai/codex/tree/main/codex-rs/app-server)). See the [Open Source](https://developers.openai.com/codex/open-source) page for the full list of open-source Codex components.
6 4
7If you are automating jobs or running Codex in CI, use the5If you are automating jobs or running Codex in CI, use the
118- **Start (or resume) a thread**: Call `thread/start` for a new conversation, `thread/resume` to continue an existing one, or `thread/fork` to branch history into a new thread id.116- **Start (or resume) a thread**: Call `thread/start` for a new conversation, `thread/resume` to continue an existing one, or `thread/fork` to branch history into a new thread id.
119- **Begin a turn**: Call `turn/start` with the target `threadId` and user input. Optional fields override model, personality, `cwd`, sandbox policy, and more.117- **Begin a turn**: Call `turn/start` with the target `threadId` and user input. Optional fields override model, personality, `cwd`, sandbox policy, and more.
120- **Steer an active turn**: Call `turn/steer` to append user input to the currently in-flight turn without creating a new turn.118- **Steer an active turn**: Call `turn/steer` to append user input to the currently in-flight turn without creating a new turn.
121- **Stream events**: After `turn/start`, keep reading notifications on stdout: `item/started`, `item/completed`, `item/agentMessage/delta`, tool progress, and other updates.119- **Stream events**: After `turn/start`, keep reading notifications on stdout: `thread/archived`, `thread/unarchived`, `item/started`, `item/completed`, `item/agentMessage/delta`, tool progress, and other updates.
122- **Finish the turn**: The server emits `turn/completed` with final status when the model finishes or after a `turn/interrupt` cancellation.120- **Finish the turn**: The server emits `turn/completed` with final status when the model finishes or after a `turn/interrupt` cancellation.
123 121
124## Initialization122## Initialization
203- `thread/start` - create a new thread; emits `thread/started` and automatically subscribes you to turn/item events for that thread.201- `thread/start` - create a new thread; emits `thread/started` and automatically subscribes you to turn/item events for that thread.
204- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.202- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.
205- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.203- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.
206- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history.204- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.
207- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters.205- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters. Returned `thread` objects include runtime `status`.
208- `thread/loaded/list` - list the thread ids currently loaded in memory.206- `thread/loaded/list` - list the thread ids currently loaded in memory.
209- `thread/archive` - move a thread’s log file into the archived directory; returns `{}` on success.207- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.
210- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread`.208- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.
209- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.
211- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.210- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.
212- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.211- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.
213- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."212- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."
225- `tool/requestUserInput` - prompt the user with 1-3 short questions for a tool call (experimental); questions can set `isOther` for a free-form option.224- `tool/requestUserInput` - prompt the user with 1-3 short questions for a tool call (experimental); questions can set `isOther` for a free-form option.
226- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.225- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.
227- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination).226- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination).
228- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id).227- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.
228- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).
229- `config/read` - fetch the effective configuration on disk after resolving configuration layering.229- `config/read` - fetch the effective configuration on disk after resolving configuration layering.
230- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.230- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.
231- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.231- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.
335 "threadId": "thr_123",335 "threadId": "thr_123",
336 "personality": "friendly"336 "personality": "friendly"
337} }337} }
338{ "id": 11, "result": { "thread": { "id": "thr_123" } } }338{ "id": 11, "result": { "thread": { "id": "thr_123", "name": "Bug bash notes" } } }
339```339```
340 340
341Resuming a thread doesn't update `thread.updatedAt` (or the rollout file's modified time) by itself. The timestamp updates when you start a turn.341Resuming a thread doesn't update `thread.updatedAt` (or the rollout file's modified time) by itself. The timestamp updates when you start a turn.
354{ "method": "thread/started", "params": { "thread": { "id": "thr_456" } } }354{ "method": "thread/started", "params": { "thread": { "id": "thr_456" } } }
355```355```
356 356
357When a user-facing thread title has been set, app-server hydrates `thread.name` on `thread/list`, `thread/read`, `thread/resume`, `thread/unarchive`, and `thread/rollback` responses. `thread/start` and `thread/fork` may omit `name` (or return `null`) until a title is set later.
358
357### Read a stored thread (without resuming)359### Read a stored thread (without resuming)
358 360
359Use `thread/read` when you want stored thread data but don't want to resume the thread or subscribe to its events.361Use `thread/read` when you want stored thread data but don't want to resume the thread or subscribe to its events.
360 362
361- `includeTurns` - when `true`, the response includes the thread's turns; when `false` or omitted, you get the thread summary only.363- `includeTurns` - when `true`, the response includes the thread's turns; when `false` or omitted, you get the thread summary only.
364- Returned `thread` objects include runtime `status` (`notLoaded`, `idle`, `systemError`, or `active` with `activeFlags`).
362 365
363```json366```json
364{ "method": "thread/read", "id": 19, "params": { "threadId": "thr_123", "includeTurns": true } }367{ "method": "thread/read", "id": 19, "params": { "threadId": "thr_123", "includeTurns": true } }
365{ "id": 19, "result": { "thread": { "id": "thr_123", "turns": [] } } }368{ "id": 19, "result": { "thread": { "id": "thr_123", "name": "Bug bash notes", "status": { "type": "notLoaded" }, "turns": [] } } }
366```369```
367 370
368Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.371Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.
402} }405} }
403{ "id": 20, "result": {406{ "id": 20, "result": {
404 "data": [407 "data": [
405 { "id": "thr_a", "preview": "Create a TUI", "modelProvider": "openai", "createdAt": 1730831111, "updatedAt": 1730831111 },408 { "id": "thr_a", "preview": "Create a TUI", "modelProvider": "openai", "createdAt": 1730831111, "updatedAt": 1730831111, "name": "TUI prototype", "status": { "type": "notLoaded" } },
406 { "id": "thr_b", "preview": "Fix tests", "modelProvider": "openai", "createdAt": 1730750000, "updatedAt": 1730750000 }409 { "id": "thr_b", "preview": "Fix tests", "modelProvider": "openai", "createdAt": 1730750000, "updatedAt": 1730750000, "status": { "type": "notLoaded" } }
407 ],410 ],
408 "nextCursor": "opaque-token-or-null"411 "nextCursor": "opaque-token-or-null"
409} }412} }
411 414
412When `nextCursor` is `null`, you have reached the final page.415When `nextCursor` is `null`, you have reached the final page.
413 416
417### Track thread status changes
418
419`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.
420
421```json
422{
423 "method": "thread/status/changed",
424 "params": {
425 "threadId": "thr_123",
426 "status": { "type": "active", "activeFlags": ["waitingOnApproval"] }
427 }
428}
429```
430
414### List loaded threads431### List loaded threads
415 432
416`thread/loaded/list` returns thread IDs currently loaded in memory.433`thread/loaded/list` returns thread IDs currently loaded in memory.
427```json444```json
428{ "method": "thread/archive", "id": 22, "params": { "threadId": "thr_b" } }445{ "method": "thread/archive", "id": 22, "params": { "threadId": "thr_b" } }
429{ "id": 22, "result": {} }446{ "id": 22, "result": {} }
447{ "method": "thread/archived", "params": { "threadId": "thr_b" } }
430```448```
431 449
432Archived threads won't appear in future calls to `thread/list` unless you pass `archived: true`.450Archived threads won't appear in future calls to `thread/list` unless you pass `archived: true`.
437 455
438```json456```json
439{ "method": "thread/unarchive", "id": 24, "params": { "threadId": "thr_b" } }457{ "method": "thread/unarchive", "id": 24, "params": { "threadId": "thr_b" } }
440{ "id": 24, "result": { "thread": { "id": "thr_b" } } }458{ "id": 24, "result": { "thread": { "id": "thr_b", "name": "Bug bash notes" } } }
459{ "method": "thread/unarchived", "params": { "threadId": "thr_b" } }
441```460```
442 461
443### Trigger thread compaction462### Trigger thread compaction
480}499}
481```500```
482 501
502On macOS, `includePlatformDefaults: true` appends a curated platform-default Seatbelt policy for restricted-read sessions. This improves tool compatibility without broadly allowing all of `/System`.
503
483Examples:504Examples:
484 505
485```json506```json
656- `sandboxPolicy` accepts the same shape used by `turn/start` (for example, `dangerFullAccess`, `readOnly`, `workspaceWrite`, `externalSandbox`).677- `sandboxPolicy` accepts the same shape used by `turn/start` (for example, `dangerFullAccess`, `readOnly`, `workspaceWrite`, `externalSandbox`).
657- When omitted, `timeoutMs` falls back to the server default.678- When omitted, `timeoutMs` falls back to the server default.
658 679
680### Read admin requirements (`configRequirements/read`)
681
682Use `configRequirements/read` to inspect the effective admin requirements loaded from `requirements.toml` and/or MDM.
683
684```json
685{ "method": "configRequirements/read", "id": 52, "params": {} }
686{ "id": 52, "result": {
687 "requirements": {
688 "allowedApprovalPolicies": ["onRequest", "unlessTrusted"],
689 "allowedSandboxModes": ["readOnly", "workspaceWrite"],
690 "network": {
691 "enabled": true,
692 "allowedDomains": ["api.openai.com"],
693 "allowUnixSockets": ["/tmp/example.sock"],
694 "dangerouslyAllowAllUnixSockets": false
695 }
696 }
697} }
698```
699
700`result.requirements` is `null` when no requirements are configured. When present, the optional `network` object carries managed proxy constraints (domain rules, proxy settings, and unix-socket policy).
701
702### Windows sandbox setup (`windowsSandbox/setupStart`)
703
704Custom Windows clients can trigger sandbox setup asynchronously instead of blocking on startup checks.
705
706```json
707{ "method": "windowsSandbox/setupStart", "id": 53, "params": { "mode": "elevated" } }
708{ "id": 53, "result": { "started": true } }
709```
710
711App-server starts setup in the background and later emits a completion notification:
712
713```json
714{
715 "method": "windowsSandbox/setupCompleted",
716 "params": { "mode": "elevated", "success": true, "error": null }
717}
718```
719
720Modes:
721
722- `elevated` - run the elevated Windows sandbox setup path.
723- `unelevated` - run the legacy setup/preflight path.
724
659## Events725## Events
660 726
661Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `turn/*`, and `item/*` notifications.727Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/status/changed`, `turn/*`, and `item/*` notifications.
662 728
663### Notification opt-out729### Notification opt-out
664 730
676- `fuzzyFileSearch/sessionUpdated` - `{ sessionId, query, files }` with the current matches for the active query.742- `fuzzyFileSearch/sessionUpdated` - `{ sessionId, query, files }` with the current matches for the active query.
677- `fuzzyFileSearch/sessionCompleted` - `{ sessionId }` once indexing and matching for that query completes.743- `fuzzyFileSearch/sessionCompleted` - `{ sessionId }` once indexing and matching for that query completes.
678 744
745### Windows sandbox setup events
746
747- `windowsSandbox/setupCompleted` - `{ mode, success, error }` emitted after a `windowsSandbox/setupStart` request finishes.
748
679### Turn events749### Turn events
680 750
681- `turn/started` - `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.751- `turn/started` - `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.
691`ThreadItem` is the tagged union carried in turn responses and `item/*` notifications. Common item types include:761`ThreadItem` is the tagged union carried in turn responses and `item/*` notifications. Common item types include:
692 762
693- `userMessage` - `{id, content}` where `content` is a list of user inputs (`text`, `image`, or `localImage`).763- `userMessage` - `{id, content}` where `content` is a list of user inputs (`text`, `image`, or `localImage`).
694- `agentMessage` - `{id, text}` containing the accumulated agent reply.764- `agentMessage` - `{id, text, phase?}` containing the accumulated agent reply. When present, `phase` uses Responses API wire values (`commentary`, `final_answer`).
695- `plan` - `{id, text}` containing proposed plan text in plan mode. Treat the final `plan` item from `item/completed` as authoritative.765- `plan` - `{id, text}` containing proposed plan text in plan mode. Treat the final `plan` item from `item/completed` as authoritative.
696- `reasoning` - `{id, summary, content}` where `summary` holds streamed reasoning summaries and `content` holds raw reasoning blocks.766- `reasoning` - `{id, summary, content}` where `summary` holds streamed reasoning summaries and `content` holds raw reasoning blocks.
697- `commandExecution` - `{id, command, cwd, status, commandActions, aggregatedOutput?, exitCode?, durationMs?}`.767- `commandExecution` - `{id, command, cwd, status, commandActions, aggregatedOutput?, exitCode?, durationMs?}`.
753Order of messages:823Order of messages:
754 824
7551. `item/started` shows the pending `commandExecution` item with `command`, `cwd`, and other fields.8251. `item/started` shows the pending `commandExecution` item with `command`, `cwd`, and other fields.
7562. `item/commandExecution/requestApproval` includes `itemId`, `threadId`, `turnId`, optional `reason`, optional `command`, optional `cwd`, optional `commandActions`, and optional `proposedExecpolicyAmendment`.8262. `item/commandExecution/requestApproval` includes `itemId`, `threadId`, `turnId`, optional `reason`, optional `command`, optional `cwd`, optional `commandActions`, optional `proposedExecpolicyAmendment`, and optional `networkApprovalContext`.
7573. Client responds with one of the command execution approval decisions above.8273. Client responds with one of the command execution approval decisions above.
7584. `item/completed` returns the final `commandExecution` item with `status: completed | failed | declined`.8284. `item/completed` returns the final `commandExecution` item with `status: completed | failed | declined`.
759 829
830When `networkApprovalContext` is present, the prompt is for managed network access (not a general shell-command approval). The current v2 schema exposes the target `host` and `protocol`; clients should render a network-specific prompt and not rely on `command` being a user-meaningful shell command preview.
831
832Codex deduplicates concurrent network approval prompts by destination (`host`, protocol, and port). The app-server may therefore send one prompt that unblocks multiple queued requests to the same destination, while different ports on the same host are treated separately.
833
760### File change approvals834### File change approvals
761 835
762Order of messages:836Order of messages:
768 842
769### MCP tool-call approvals (apps)843### MCP tool-call approvals (apps)
770 844
771App (connector) tool calls can also require approval. When an app tool call has side effects, the server may elicit approval with `tool/requestUserInput` and options such as **Accept**, **Decline**, and **Cancel**. If the user declines or cancels, the related `mcpToolCall` item completes with an error instead of running the tool.845App (connector) tool calls can also require approval. When an app tool call has side effects, the server may elicit approval with `tool/requestUserInput` and options such as **Accept**, **Decline**, and **Cancel**. Destructive tool annotations always trigger approval even when the tool also advertises less-privileged hints. If the user declines or cancels, the related `mcpToolCall` item completes with an error instead of running the tool.
772 846
773## Skills847## Skills
774 848
865 939
866## Apps (connectors)940## Apps (connectors)
867 941
868Use `app/list` to fetch available apps. In the CLI/TUI, `/apps` is the user-facing picker; in custom clients, call `app/list` directly. Each entry includes both `isAccessible` (available to the user) and `isEnabled` (enabled in `config.toml`) so clients can distinguish install/access from local enabled state.942Use `app/list` to fetch available apps. In the CLI/TUI, `/apps` is the user-facing picker; in custom clients, call `app/list` directly. Each entry includes both `isAccessible` (available to the user) and `isEnabled` (enabled in `config.toml`) so clients can distinguish install/access from local enabled state. App entries can also include optional `branding`, `appMetadata`, and `labels` fields.
869 943
870```json944```json
871{ "method": "app/list", "id": 50, "params": {945{ "method": "app/list", "id": 50, "params": {
881 "name": "Demo App",955 "name": "Demo App",
882 "description": "Example connector for documentation.",956 "description": "Example connector for documentation.",
883 "logoUrl": "https://example.com/demo-app.png",957 "logoUrl": "https://example.com/demo-app.png",
958 "logoUrlDark": null,
959 "distributionChannel": null,
960 "branding": null,
961 "appMetadata": null,
962 "labels": null,
884 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",963 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",
885 "isAccessible": true,964 "isAccessible": true,
886 "isEnabled": true965 "isEnabled": true
906 "name": "Demo App",985 "name": "Demo App",
907 "description": "Example connector for documentation.",986 "description": "Example connector for documentation.",
908 "logoUrl": "https://example.com/demo-app.png",987 "logoUrl": "https://example.com/demo-app.png",
988 "logoUrlDark": null,
989 "distributionChannel": null,
990 "branding": null,
991 "appMetadata": null,
992 "labels": null,
909 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",993 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",
910 "isAccessible": true,994 "isAccessible": true,
911 "isEnabled": true995 "isEnabled": true
938}1022}
939```1023```
940 1024
1025### Config RPC examples for app settings
1026
1027Use `config/read`, `config/value/write`, and `config/batchWrite` to inspect or update app controls in `config.toml`.
1028
1029Read the effective app config shape (including `_default` and per-tool overrides):
1030
1031```json
1032{ "method": "config/read", "id": 60, "params": { "includeLayers": false } }
1033{ "id": 60, "result": {
1034 "config": {
1035 "apps": {
1036 "_default": {
1037 "enabled": true,
1038 "destructive_enabled": true,
1039 "open_world_enabled": true
1040 },
1041 "google_drive": {
1042 "enabled": true,
1043 "destructive_enabled": false,
1044 "default_tools_approval_mode": "prompt",
1045 "tools": {
1046 "files/delete": { "enabled": false, "approval_mode": "approve" }
1047 }
1048 }
1049 }
1050 }
1051} }
1052```
1053
1054Update a single app setting:
1055
1056```json
1057{
1058 "method": "config/value/write",
1059 "id": 61,
1060 "params": {
1061 "keyPath": "apps.google_drive.default_tools_approval_mode",
1062 "value": "prompt",
1063 "mergeStrategy": "replace"
1064 }
1065}
1066```
1067
1068Apply multiple app edits atomically:
1069
1070```json
1071{
1072 "method": "config/batchWrite",
1073 "id": 62,
1074 "params": {
1075 "edits": [
1076 {
1077 "keyPath": "apps._default.destructive_enabled",
1078 "value": false,
1079 "mergeStrategy": "upsert"
1080 },
1081 {
1082 "keyPath": "apps.google_drive.tools.files/delete.approval_mode",
1083 "value": "approve",
1084 "mergeStrategy": "upsert"
1085 }
1086 ]
1087 }
1088}
1089```
1090
941## Auth endpoints1091## Auth endpoints
942 1092
943The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.1093The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.
