12Supported transports:12Supported transports:
13 13
14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).
15- `websocket` (`--listen ws://IP:PORT`, experimental): one JSON-RPC message per WebSocket text frame.15- `websocket` (`--listen ws://IP:PORT`, experimental and unsupported): one JSON-RPC message per WebSocket text frame.
16- `off` (`--listen off`): don't expose a local transport.
17
18When you run with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:
19
20- `GET /readyz` returns `200 OK` once the listener accepts new connections.
21- `GET /healthz` returns `200 OK` when the request doesn't include an `Origin` header.
22- Requests with an `Origin` header are rejected with `403 Forbidden`.
23
24WebSocket transport is experimental and unsupported. Loopback listeners such as `ws://127.0.0.1:PORT` are appropriate for localhost and SSH port-forwarding workflows. Non-loopback WebSocket listeners currently allow unauthenticated connections by default during rollout, so configure WebSocket auth before exposing one remotely.
25
26Supported WebSocket auth flags:
27
28- `--ws-auth capability-token --ws-token-file /absolute/path`
29- `--ws-auth capability-token --ws-token-sha256 HEX`
30- `--ws-auth signed-bearer-token --ws-shared-secret-file /absolute/path`
31
32For signed bearer tokens, you can also set `--ws-issuer`, `--ws-audience`, and `--ws-max-clock-skew-seconds`. Clients present the credential as `Authorization: Bearer <token>` during the WebSocket handshake, and app-server enforces auth before JSON-RPC `initialize`.
33
34Prefer `--ws-token-file` over passing raw bearer tokens on the command line. Use `--ws-token-sha256` only when the client keeps the raw high-entropy token in a separate local secret store; the hash is only a verifier, and clients still need the original token.
16 35
17In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.36In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.
18 37
21Requests include `method`, `params`, and `id`:40Requests include `method`, `params`, and `id`:
22 41
23```json42```json
24{ "method": "thread/start", "id": 10, "params": { "model": "gpt-5.1-codex" } }43{ "method": "thread/start", "id": 10, "params": { "model": "gpt-5.4" } }
25```44```
26 45
27Responses echo the `id` with either `result` or `error`:46Responses echo the `id` with either `result` or `error`:
99 },118 },
100});119});
101send({ method: "initialized", params: {} });120send({ method: "initialized", params: {} });
102send({ method: "thread/start", id: 1, params: { model: "gpt-5.1-codex" } });121send({ method: "thread/start", id: 1, params: { model: "gpt-5.4" } });
103```122```
104 123
105## Core primitives124## Core primitives
116- **Start (or resume) a thread**: Call `thread/start` for a new conversation, `thread/resume` to continue an existing one, or `thread/fork` to branch history into a new thread id.135- **Start (or resume) a thread**: Call `thread/start` for a new conversation, `thread/resume` to continue an existing one, or `thread/fork` to branch history into a new thread id.
117- **Begin a turn**: Call `turn/start` with the target `threadId` and user input. Optional fields override model, personality, `cwd`, sandbox policy, and more.136- **Begin a turn**: Call `turn/start` with the target `threadId` and user input. Optional fields override model, personality, `cwd`, sandbox policy, and more.
118- **Steer an active turn**: Call `turn/steer` to append user input to the currently in-flight turn without creating a new turn.137- **Steer an active turn**: Call `turn/steer` to append user input to the currently in-flight turn without creating a new turn.
119- **Stream events**: After `turn/start`, keep reading notifications on stdout: `item/started`, `item/completed`, `item/agentMessage/delta`, tool progress, and other updates.138- **Stream events**: After `turn/start`, keep reading notifications on stdout: `thread/archived`, `thread/unarchived`, `item/started`, `item/completed`, `item/agentMessage/delta`, tool progress, and other updates.
120- **Finish the turn**: The server emits `turn/completed` with final status when the model finishes or after a `turn/interrupt` cancellation.139- **Finish the turn**: The server emits `turn/completed` with final status when the model finishes or after a `turn/interrupt` cancellation.
121 140
122## Initialization141## Initialization
123 142
124Clients must send a single `initialize` request per transport connection before invoking any other method on that connection, then acknowledge with an `initialized` notification. Requests sent before initialization receive a `Not initialized` error, and repeated `initialize` calls on the same connection return `Already initialized`.143Clients must send a single `initialize` request per transport connection before invoking any other method on that connection, then acknowledge with an `initialized` notification. Requests sent before initialization receive a `Not initialized` error, and repeated `initialize` calls on the same connection return `Already initialized`.
125 144
126The server returns the user agent string it will present to upstream services. Set `clientInfo` to identify your integration.145The server returns the user agent string it will present to upstream services plus `platformFamily` and `platformOs` values that describe the runtime target. Set `clientInfo` to identify your integration.
127 146
128`initialize.params.capabilities` also supports per-connection notification opt-out via `optOutNotificationMethods`, which is a list of exact method names to suppress for that connection. Matching is exact (no wildcards/prefixes). Unknown method names are accepted and ignored.147`initialize.params.capabilities` also supports per-connection notification opt-out via `optOutNotificationMethods`, which is a list of exact method names to suppress for that connection. Matching is exact (no wildcards/prefixes). Unknown method names are accepted and ignored.
129 148
159 },178 },
160 "capabilities": {179 "capabilities": {
161 "experimentalApi": true,180 "experimentalApi": true,
162 "optOutNotificationMethods": [181 "optOutNotificationMethods": ["thread/started", "item/agentMessage/delta"]
163 "codex/event/session_configured",
164 "item/agentMessage/delta"
165 ]
166 }182 }
167 }183 }
168}184}
201- `thread/start` - create a new thread; emits `thread/started` and automatically subscribes you to turn/item events for that thread.217- `thread/start` - create a new thread; emits `thread/started` and automatically subscribes you to turn/item events for that thread.
202- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.218- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.
203- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.219- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.
204- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history.220- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.
205- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters.221- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filters. Returned `thread` objects include runtime `status`.
222- `thread/turns/list` - page through a stored thread's turn history without resuming it.
206- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.
207- `thread/archive` - move a thread’s log file into the archived directory; returns `{}` on success.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.
208- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread`.225- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.
226- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.
227- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.
228- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.
229- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.
209- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.230- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.
231- `thread/shellCommand` - run a user-initiated shell command against a thread. This runs outside the sandbox with full access and doesn't inherit the thread sandbox policy.
232- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).
210- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.233- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.
211- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."234- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."
235- `thread/inject_items` - append raw Responses API items to a loaded thread's model-visible history without starting a user turn.
212- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.236- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.
213- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.237- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.
214- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.238- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.
215- `command/exec` - run a single command under the server sandbox without starting a thread/turn.239- `command/exec` - run a single command under the server sandbox without starting a thread/turn.
240- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.
241- `command/exec/resize` - resize a running PTY-backed `command/exec` session.
242- `command/exec/terminate` - stop a running `command/exec` session.
243- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.
216- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.244- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.
217- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.245- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.
246- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.
218- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).247- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).
219- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).248- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).
249- `skills/changed` (notify) - emitted when watched local skill files change.
250- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.
251- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.
252- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.
253- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.
254- `plugin/uninstall` - uninstall an installed plugin.
220- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.255- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.
221- `skills/config/write` - enable or disable skills by path.256- `skills/config/write` - enable or disable skills by path.
222- `mcpServer/oauth/login` - start an OAuth login for a configured MCP server; returns an authorization URL and emits `mcpServer/oauthLogin/completed` on completion.257- `mcpServer/oauth/login` - start an OAuth login for a configured MCP server; returns an authorization URL and emits `mcpServer/oauthLogin/completed` on completion.
223- `tool/requestUserInput` - prompt the user with 1-3 short questions for a tool call (experimental); questions can set `isOther` for a free-form option.258- `tool/requestUserInput` - prompt the user with 1-3 short questions for a tool call (experimental); questions can set `isOther` for a free-form option.
224- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.259- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.
225- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination).260- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.
226- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id).261- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.
262- `mcpServer/tool/call` - call a tool on a thread's configured MCP server.
263- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread.
264- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.
265- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).
227- `config/read` - fetch the effective configuration on disk after resolving configuration layering.266- `config/read` - fetch the effective configuration on disk after resolving configuration layering.
267- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).
268- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home); plugin imports emit `externalAgentConfig/import/completed`.
228- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.269- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.
229- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.270- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.
230- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists and residency requirements (or `null` if you haven’t set any up).271- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).
272- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, `fs/copy`, `fs/watch`, `fs/unwatch`, and `fs/changed` (notify) - operate on absolute filesystem paths through the app-server v2 filesystem API.
273
274Plugin summaries include a `source` union. Local plugins return
275`{ "type": "local", "path": ... }`, Git-backed marketplace entries return
276`{ "type": "git", "url": ..., "path": ..., "refName": ..., "sha": ... }`,
277and remote catalog entries return `{ "type": "remote" }`. For remote-only
278catalog entries, `PluginMarketplaceEntry.path` can be `null`; pass
279`remoteMarketplaceName` instead of `marketplacePath` when reading or installing
280those plugins.
231 281
232## Models282## Models
233 283
239{ "method": "model/list", "id": 6, "params": { "limit": 20, "includeHidden": false } }289{ "method": "model/list", "id": 6, "params": { "limit": 20, "includeHidden": false } }
240{ "id": 6, "result": {290{ "id": 6, "result": {
241 "data": [{291 "data": [{
242 "id": "gpt-5.2-codex",292 "id": "gpt-5.4",
243 "model": "gpt-5.2-codex",293 "model": "gpt-5.4",
244 "upgrade": "gpt-5.3-codex",294 "displayName": "GPT-5.4",
245 "displayName": "GPT-5.2 Codex",
246 "hidden": false,295 "hidden": false,
247 "defaultReasoningEffort": "medium",296 "defaultReasoningEffort": "medium",
248 "reasoningEffort": [{297 "supportedReasoningEfforts": [{
249 "effort": "low",298 "reasoningEffort": "low",
250 "description": "Lower latency"299 "description": "Lower latency"
251 }],300 }],
252 "inputModalities": ["text", "image"],301 "inputModalities": ["text", "image"],
259 308
260Each model entry can include:309Each model entry can include:
261 310
262- `reasoningEffort` - supported effort options for the model.311- `supportedReasoningEfforts` - supported effort options for the model.
263- `defaultReasoningEffort` - suggested default effort for clients.312- `defaultReasoningEffort` - suggested default effort for clients.
264- `upgrade` - optional recommended upgrade model id for migration prompts in clients.313- `upgrade` - optional recommended upgrade model id for migration prompts in clients.
314- `upgradeInfo` - optional upgrade metadata for migration prompts in clients.
265- `hidden` - whether the model is hidden from the default picker list.315- `hidden` - whether the model is hidden from the default picker list.
266- `inputModalities` - supported input types for the model (for example `text`, `image`).316- `inputModalities` - supported input types for the model (for example `text`, `image`).
267- `supportsPersonality` - whether the model supports personality-specific instructions such as `/personality`.317- `supportsPersonality` - whether the model supports personality-specific instructions such as `/personality`.
296## Threads346## Threads
297 347
298- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.348- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.
299- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filtering.349- `thread/turns/list` pages through a stored thread's turn history without resuming it.
350- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filtering.
300- `thread/loaded/list` returns the thread IDs currently in memory.351- `thread/loaded/list` returns the thread IDs currently in memory.
301- `thread/archive` moves the thread's persisted JSONL log into the archived directory.352- `thread/archive` moves the thread's persisted JSONL log into the archived directory.
353- `thread/metadata/update` patches stored thread metadata, currently including persisted `gitInfo`.
354- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed` after an inactivity grace period.
302- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.355- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.
303- `thread/compact/start` triggers compaction and returns `{}` immediately.356- `thread/compact/start` triggers compaction and returns `{}` immediately.
304- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.357- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.
358- `thread/inject_items` appends raw Responses API items to a loaded thread's model-visible history without starting a user turn.
305 359
306### Start or resume a thread360### Start or resume a thread
307 361
309 363
310```json364```json
311{ "method": "thread/start", "id": 10, "params": {365{ "method": "thread/start", "id": 10, "params": {
312 "model": "gpt-5.1-codex",366 "model": "gpt-5.4",
313 "cwd": "/Users/me/project",367 "cwd": "/Users/me/project",
314 "approvalPolicy": "never",368 "approvalPolicy": "never",
315 "sandbox": "workspaceWrite",369 "sandbox": "workspaceWrite",
316 "personality": "friendly"370 "personality": "friendly",
371 "serviceName": "my_app_server_client"
317} }372} }
318{ "id": 10, "result": {373{ "id": 10, "result": {
319 "thread": {374 "thread": {
320 "id": "thr_123",375 "id": "thr_123",
321 "preview": "",376 "preview": "",
377 "ephemeral": false,
322 "modelProvider": "openai",378 "modelProvider": "openai",
323 "createdAt": 1730910000379 "createdAt": 1730910000
324 }380 }
326{ "method": "thread/started", "params": { "thread": { "id": "thr_123" } } }382{ "method": "thread/started", "params": { "thread": { "id": "thr_123" } } }
327```383```
328 384
385`serviceName` is optional. Set it when you want app-server to tag thread-level metrics with your integration's service name.
386
329To continue a stored session, call `thread/resume` with the `thread.id` you recorded earlier. The response shape matches `thread/start`. You can also pass the same configuration overrides supported by `thread/start`, such as `personality`:387To continue a stored session, call `thread/resume` with the `thread.id` you recorded earlier. The response shape matches `thread/start`. You can also pass the same configuration overrides supported by `thread/start`, such as `personality`:
330 388
331```json389```json
333 "threadId": "thr_123",391 "threadId": "thr_123",
334 "personality": "friendly"392 "personality": "friendly"
335} }393} }
336{ "id": 11, "result": { "thread": { "id": "thr_123" } } }394{ "id": 11, "result": { "thread": { "id": "thr_123", "name": "Bug bash notes", "ephemeral": false } } }
337```395```
338 396
339Resuming a thread doesn't update `thread.updatedAt` (or the rollout file's modified time) by itself. The timestamp updates when you start a turn.397Resuming a thread doesn't update `thread.updatedAt` (or the rollout file's modified time) by itself. The timestamp updates when you start a turn.
352{ "method": "thread/started", "params": { "thread": { "id": "thr_456" } } }410{ "method": "thread/started", "params": { "thread": { "id": "thr_456" } } }
353```411```
354 412
413When a user-facing thread title has been set, app-server hydrates `thread.name` on `thread/list`, `thread/read`, `thread/resume`, `thread/unarchive`, and `thread/rollback` responses. `thread/start` and `thread/fork` may omit `name` (or return `null`) until a title is set later.
414
355### Read a stored thread (without resuming)415### Read a stored thread (without resuming)
356 416
357Use `thread/read` when you want stored thread data but don't want to resume the thread or subscribe to its events.417Use `thread/read` when you want stored thread data but don't want to resume the thread or subscribe to its events.
358 418
359- `includeTurns` - when `true`, the response includes the thread's turns; when `false` or omitted, you get the thread summary only.419- `includeTurns` - when `true`, the response includes the thread's turns; when `false` or omitted, you get the thread summary only.
420- Returned `thread` objects include runtime `status` (`notLoaded`, `idle`, `systemError`, or `active` with `activeFlags`).
360 421
361```json422```json
362{ "method": "thread/read", "id": 19, "params": { "threadId": "thr_123", "includeTurns": true } }423{ "method": "thread/read", "id": 19, "params": { "threadId": "thr_123", "includeTurns": true } }
363{ "id": 19, "result": { "thread": { "id": "thr_123", "turns": [] } } }424{ "id": 19, "result": { "thread": { "id": "thr_123", "name": "Bug bash notes", "ephemeral": false, "status": { "type": "notLoaded" }, "turns": [] } } }
364```425```
365 426
366Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.427Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.
367 428
429### List thread turns
430
431Use `thread/turns/list` to page a stored thread's turn history without resuming it. Results default to newest-first so clients can fetch older turns with `nextCursor`. The response also includes `backwardsCursor`; pass it as `cursor` with `sortDirection: "asc"` to fetch turns newer than the first item from the earlier page.
432
433```json
434{ "method": "thread/turns/list", "id": 20, "params": {
435 "threadId": "thr_123",
436 "limit": 50,
437 "sortDirection": "desc"
438} }
439{ "id": 20, "result": {
440 "data": [],
441 "nextCursor": "older-turns-cursor-or-null",
442 "backwardsCursor": "newer-turns-cursor-or-null"
443} }
444```
445
368### List threads (with pagination & filters)446### List threads (with pagination & filters)
369 447
370`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:448`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:
376- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.454- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.
377- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).455- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).
378- `cwd` - restrict results to threads whose session current working directory exactly matches this path.456- `cwd` - restrict results to threads whose session current working directory exactly matches this path.
457- `searchTerm` - search stored thread summaries and metadata before pagination.
379 458
380`sourceKinds` accepts the following values:459`sourceKinds` accepts the following values:
381 460
400} }479} }
401{ "id": 20, "result": {480{ "id": 20, "result": {
402 "data": [481 "data": [
403 { "id": "thr_a", "preview": "Create a TUI", "modelProvider": "openai", "createdAt": 1730831111, "updatedAt": 1730831111 },482 { "id": "thr_a", "preview": "Create a TUI", "ephemeral": false, "modelProvider": "openai", "createdAt": 1730831111, "updatedAt": 1730831111, "name": "TUI prototype", "status": { "type": "notLoaded" } },
404 { "id": "thr_b", "preview": "Fix tests", "modelProvider": "openai", "createdAt": 1730750000, "updatedAt": 1730750000 }483 { "id": "thr_b", "preview": "Fix tests", "ephemeral": true, "modelProvider": "openai", "createdAt": 1730750000, "updatedAt": 1730750000, "status": { "type": "notLoaded" } }
405 ],484 ],
406 "nextCursor": "opaque-token-or-null"485 "nextCursor": "opaque-token-or-null"
407} }486} }
409 488
410When `nextCursor` is `null`, you have reached the final page.489When `nextCursor` is `null`, you have reached the final page.
411 490
491### Update stored thread metadata
492
493Use `thread/metadata/update` to patch stored thread metadata without resuming the thread. Today this supports persisted `gitInfo`; omitted fields are left unchanged, and explicit `null` clears a stored value.
494
495```json
496{ "method": "thread/metadata/update", "id": 21, "params": {
497 "threadId": "thr_123",
498 "gitInfo": { "branch": "feature/sidebar-pr" }
499} }
500{ "id": 21, "result": {
501 "thread": {
502 "id": "thr_123",
503 "gitInfo": { "sha": null, "branch": "feature/sidebar-pr", "originUrl": null }
504 }
505} }
506```
507
508### Track thread status changes
509
510`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.
511
512```json
513{
514 "method": "thread/status/changed",
515 "params": {
516 "threadId": "thr_123",
517 "status": { "type": "active", "activeFlags": ["waitingOnApproval"] }
518 }
519}
520```
521
412### List loaded threads522### List loaded threads
413 523
414`thread/loaded/list` returns thread IDs currently loaded in memory.524`thread/loaded/list` returns thread IDs currently loaded in memory.
418{ "id": 21, "result": { "data": ["thr_123", "thr_456"] } }528{ "id": 21, "result": { "data": ["thr_123", "thr_456"] } }
419```529```
420 530
531### Unsubscribe from a loaded thread
532
533`thread/unsubscribe` removes the current connection's subscription to a thread. The response status is one of:
534
535- `unsubscribed` when the connection was subscribed and is now removed.
536- `notSubscribed` when the connection wasn't subscribed to that thread.
537- `notLoaded` when the thread isn't loaded.
538
539If this was the last subscriber, the server keeps the thread loaded until it has no subscribers and no thread activity for 30 minutes. When the grace period expires, app-server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.
540
541```json
542{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }
543{ "id": 22, "result": { "status": "unsubscribed" } }
544```
545
546If the thread later expires:
547
548```json
549{ "method": "thread/status/changed", "params": {
550 "threadId": "thr_123",
551 "status": { "type": "notLoaded" }
552} }
553{ "method": "thread/closed", "params": { "threadId": "thr_123" } }
554```
555
421### Archive a thread556### Archive a thread
422 557
423Use `thread/archive` to move the persisted thread log (stored as a JSONL file on disk) into the archived sessions directory.558Use `thread/archive` to move the persisted thread log (stored as a JSONL file on disk) into the archived sessions directory.
425```json560```json
426{ "method": "thread/archive", "id": 22, "params": { "threadId": "thr_b" } }561{ "method": "thread/archive", "id": 22, "params": { "threadId": "thr_b" } }
427{ "id": 22, "result": {} }562{ "id": 22, "result": {} }
563{ "method": "thread/archived", "params": { "threadId": "thr_b" } }
428```564```
429 565
430Archived threads won't appear in future calls to `thread/list` unless you pass `archived: true`.566Archived threads won't appear in future calls to `thread/list` unless you pass `archived: true`.
435 571
436```json572```json
437{ "method": "thread/unarchive", "id": 24, "params": { "threadId": "thr_b" } }573{ "method": "thread/unarchive", "id": 24, "params": { "threadId": "thr_b" } }
438{ "id": 24, "result": { "thread": { "id": "thr_b" } } }574{ "id": 24, "result": { "thread": { "id": "thr_b", "name": "Bug bash notes" } } }
575{ "method": "thread/unarchived", "params": { "threadId": "thr_b" } }
439```576```
440 577
441### Trigger thread compaction578### Trigger thread compaction
449{ "id": 25, "result": {} }586{ "id": 25, "result": {} }
450```587```
451 588
589### Run a thread shell command
590
591Use `thread/shellCommand` for user-initiated shell commands that belong to a thread. The request returns immediately with `{}` while progress streams through standard `turn/*` and `item/*` notifications.
592
593This API runs outside the sandbox with full access and doesn't inherit the thread sandbox policy. Clients should expose it only for explicit user-initiated commands.
594
595If the thread already has an active turn, the command runs as an auxiliary action on that turn and its formatted output is injected into the turn's message stream. If the thread is idle, app-server starts a standalone turn for the shell command.
596
597```json
598{ "method": "thread/shellCommand", "id": 26, "params": { "threadId": "thr_b", "command": "git status --short" } }
599{ "id": 26, "result": {} }
600```
601
602### Clean background terminals
603
604Use `thread/backgroundTerminals/clean` to stop all running background terminals associated with a thread. This method is experimental and requires `capabilities.experimentalApi = true`.
605
606```json
607{ "method": "thread/backgroundTerminals/clean", "id": 27, "params": { "threadId": "thr_b" } }
608{ "id": 27, "result": {} }
609```
610
611### Roll back recent turns
612
613Use `thread/rollback` to remove the last `numTurns` entries from the in-memory context and persist a rollback marker in the rollout log. The returned `thread` includes `turns` populated after the rollback.
614
615```json
616{ "method": "thread/rollback", "id": 28, "params": { "threadId": "thr_b", "numTurns": 1 } }
617{ "id": 28, "result": { "thread": { "id": "thr_b", "name": "Bug bash notes", "ephemeral": false } } }
618```
619
452## Turns620## Turns
453 621
454The `input` field accepts a list of items:622The `input` field accepts a list of items:
478}646}
479```647```
480 648
649On macOS, `includePlatformDefaults: true` appends a curated platform-default Seatbelt policy for restricted-read sessions. This improves tool compatibility without broadly allowing all of `/System`.
650
481Examples:651Examples:
482 652
483```json653```json
510 "writableRoots": ["/Users/me/project"],680 "writableRoots": ["/Users/me/project"],
511 "networkAccess": true681 "networkAccess": true
512 },682 },
513 "model": "gpt-5.1-codex",683 "model": "gpt-5.4",
514 "effort": "medium",684 "effort": "medium",
515 "summary": "concise",685 "summary": "concise",
516 "personality": "friendly",686 "personality": "friendly",
524{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }694{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }
525```695```
526 696
697### Inject items into a thread
698
699Use `thread/inject_items` to append prebuilt Responses API items to a loaded thread's prompt history without starting a user turn. These items are persisted to the rollout and included in subsequent model requests.
700
701```json
702{ "method": "thread/inject_items", "id": 31, "params": {
703 "threadId": "thr_123",
704 "items": [
705 {
706 "type": "message",
707 "role": "assistant",
708 "content": [{ "type": "output_text", "text": "Previously computed context." }]
709 }
710 ]
711} }
712{ "id": 31, "result": {} }
713```
714
527### Steer an active turn715### Steer an active turn
528 716
529Use `turn/steer` to append more user input to the active in-flight turn.717Use `turn/steer` to append more user input to the active in-flight turn.
653- The server rejects empty `command` arrays.841- The server rejects empty `command` arrays.
654- `sandboxPolicy` accepts the same shape used by `turn/start` (for example, `dangerFullAccess`, `readOnly`, `workspaceWrite`, `externalSandbox`).842- `sandboxPolicy` accepts the same shape used by `turn/start` (for example, `dangerFullAccess`, `readOnly`, `workspaceWrite`, `externalSandbox`).
655- When omitted, `timeoutMs` falls back to the server default.843- When omitted, `timeoutMs` falls back to the server default.
844- Set `tty: true` for PTY-backed sessions, and use `processId` when you plan to follow up with `command/exec/write`, `command/exec/resize`, or `command/exec/terminate`.
845- Set `streamStdoutStderr: true` to receive `command/exec/outputDelta` notifications while the command is running.
846
847### Read admin requirements (`configRequirements/read`)
848
849Use `configRequirements/read` to inspect the effective admin requirements loaded from `requirements.toml` and/or MDM.
850
851```json
852{ "method": "configRequirements/read", "id": 52, "params": {} }
853{ "id": 52, "result": {
854 "requirements": {
855 "allowedApprovalPolicies": ["onRequest", "unlessTrusted"],
856 "allowedSandboxModes": ["readOnly", "workspaceWrite"],
857 "featureRequirements": {
858 "personality": true,
859 "unified_exec": false
860 },
861 "network": {
862 "enabled": true,
863 "allowedDomains": ["api.openai.com"],
864 "allowUnixSockets": ["/tmp/example.sock"],
865 "dangerouslyAllowAllUnixSockets": false
866 }
867 }
868} }
869```
870
871`result.requirements` is `null` when no requirements are configured. See the docs on [`requirements.toml`](https://developers.openai.com/codex/config-reference#requirementstoml) for details on supported keys and values.
872
873### Windows sandbox setup (`windowsSandbox/setupStart`)
874
875Custom Windows clients can trigger sandbox setup asynchronously instead of blocking on startup checks.
876
877```json
878{ "method": "windowsSandbox/setupStart", "id": 53, "params": { "mode": "elevated" } }
879{ "id": 53, "result": { "started": true } }
880```
881
882App-server starts setup in the background and later emits a completion notification:
883
884```json
885{
886 "method": "windowsSandbox/setupCompleted",
887 "params": { "mode": "elevated", "success": true, "error": null }
888}
889```
890
891Modes:
892
893- `elevated` - run the elevated Windows sandbox setup path.
894- `unelevated` - run the legacy setup/preflight path.
895
896## Filesystem
897
898The v2 filesystem APIs operate on absolute paths. Use `fs/watch` when a client needs to invalidate UI state after a file or directory changes.
899
900```json
901{ "method": "fs/watch", "id": 54, "params": {
902 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",
903 "path": "/Users/me/project/.git/HEAD"
904} }
905{ "id": 54, "result": { "path": "/Users/me/project/.git/HEAD" } }
906{ "method": "fs/changed", "params": {
907 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",
908 "changedPaths": ["/Users/me/project/.git/HEAD"]
909} }
910{ "method": "fs/unwatch", "id": 55, "params": {
911 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1"
912} }
913{ "id": 55, "result": {} }
914```
915
916Watching a file emits `fs/changed` for that file path, including updates delivered by replace or rename operations.
656 917
657## Events918## Events
658 919
659Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `turn/*`, and `item/*` notifications.920Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.
660 921
661### Notification opt-out922### Notification opt-out
662 923
664 925
665- Exact-match only: `item/agentMessage/delta` suppresses only that method.926- Exact-match only: `item/agentMessage/delta` suppresses only that method.
666- Unknown method names are ignored.927- Unknown method names are ignored.
667- Applies to both legacy (`codex/event/*`) and v2 (`thread/*`, `turn/*`, `item/*`, etc.) notifications.928- Applies to the current `thread/*`, `turn/*`, `item/*`, and related v2 notifications.
668- Doesn't apply to requests, responses, or errors.929- Doesn't apply to requests, responses, or errors.
669 930
670### Fuzzy file search events (experimental)931### Fuzzy file search events (experimental)
674- `fuzzyFileSearch/sessionUpdated` - `{ sessionId, query, files }` with the current matches for the active query.935- `fuzzyFileSearch/sessionUpdated` - `{ sessionId, query, files }` with the current matches for the active query.
675- `fuzzyFileSearch/sessionCompleted` - `{ sessionId }` once indexing and matching for that query completes.936- `fuzzyFileSearch/sessionCompleted` - `{ sessionId }` once indexing and matching for that query completes.
676 937
938### Windows sandbox setup events
939
940- `windowsSandbox/setupCompleted` - `{ mode, success, error }` emitted after a `windowsSandbox/setupStart` request finishes.
941
677### Turn events942### Turn events
678 943
679- `turn/started` - `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.944- `turn/started` - `{ turn }` with the turn id, empty `items`, and `status: "inProgress"`.
689`ThreadItem` is the tagged union carried in turn responses and `item/*` notifications. Common item types include:954`ThreadItem` is the tagged union carried in turn responses and `item/*` notifications. Common item types include:
690 955
691- `userMessage` - `{id, content}` where `content` is a list of user inputs (`text`, `image`, or `localImage`).956- `userMessage` - `{id, content}` where `content` is a list of user inputs (`text`, `image`, or `localImage`).
692- `agentMessage` - `{id, text}` containing the accumulated agent reply.957- `agentMessage` - `{id, text, phase?}` containing the accumulated agent reply. When present, `phase` uses Responses API wire values (`commentary`, `final_answer`).
693- `plan` - `{id, text}` containing proposed plan text in plan mode. Treat the final `plan` item from `item/completed` as authoritative.958- `plan` - `{id, text}` containing proposed plan text in plan mode. Treat the final `plan` item from `item/completed` as authoritative.
694- `reasoning` - `{id, summary, content}` where `summary` holds streamed reasoning summaries and `content` holds raw reasoning blocks.959- `reasoning` - `{id, summary, content}` where `summary` holds streamed reasoning summaries and `content` holds raw reasoning blocks.
695- `commandExecution` - `{id, command, cwd, status, commandActions, aggregatedOutput?, exitCode?, durationMs?}`.960- `commandExecution` - `{id, command, cwd, status, commandActions, aggregatedOutput?, exitCode?, durationMs?}`.
696- `fileChange` - `{id, changes, status}` describing proposed edits; `changes` list `{path, kind, diff}`.961- `fileChange` - `{id, changes, status}` describing proposed edits; `changes` list `{path, kind, diff}`.
697- `mcpToolCall` - `{id, server, tool, status, arguments, result?, error?}`.962- `mcpToolCall` - `{id, server, tool, status, arguments, result?, error?}`.
963- `dynamicToolCall` - `{id, tool, arguments, status, contentItems?, success?, durationMs?}` for client-executed dynamic tool invocations.
698- `collabToolCall` - `{id, tool, status, senderThreadId, receiverThreadId?, newThreadId?, prompt?, agentStatus?}`.964- `collabToolCall` - `{id, tool, status, senderThreadId, receiverThreadId?, newThreadId?, prompt?, agentStatus?}`.
699- `webSearch` - `{id, query, action?}` for web search requests issued by the agent.965- `webSearch` - `{id, query, action?}` for web search requests issued by the agent.
700- `imageView` - `{id, path}` emitted when the agent invokes the image viewer tool.966- `imageView` - `{id, path}` emitted when the agent invokes the image viewer tool.
751Order of messages:1017Order of messages:
752 1018
7531. `item/started` shows the pending `commandExecution` item with `command`, `cwd`, and other fields.10191. `item/started` shows the pending `commandExecution` item with `command`, `cwd`, and other fields.
7542. `item/commandExecution/requestApproval` includes `itemId`, `threadId`, `turnId`, optional `reason`, optional `command`, optional `cwd`, optional `commandActions`, and optional `proposedExecpolicyAmendment`.10202. `item/commandExecution/requestApproval` includes `itemId`, `threadId`, `turnId`, optional `reason`, optional `command`, optional `cwd`, optional `commandActions`, optional `proposedExecpolicyAmendment`, optional `networkApprovalContext`, and optional `availableDecisions`. When `initialize.params.capabilities.experimentalApi = true`, the payload can also include experimental `additionalPermissions` describing requested per-command sandbox access. Any filesystem paths inside `additionalPermissions` are absolute on the wire.
7553. Client responds with one of the command execution approval decisions above.10213. Client responds with one of the command execution approval decisions above.
7564. `item/completed` returns the final `commandExecution` item with `status: completed | failed | declined`.10224. `serverRequest/resolved` confirms that the pending request has been answered or cleared.
10235. `item/completed` returns the final `commandExecution` item with `status: completed | failed | declined`.
1024
1025When `networkApprovalContext` is present, the prompt is for managed network access (not a general shell-command approval). The current v2 schema exposes the target `host` and `protocol`; clients should render a network-specific prompt and not rely on `command` being a user-meaningful shell command preview.
1026
1027Codex groups concurrent network approval prompts by destination (`host`, protocol, and port). The app-server may therefore send one prompt that unblocks multiple queued requests to the same destination, while different ports on the same host are treated separately.
757 1028
758### File change approvals1029### File change approvals
759 1030
7621. `item/started` emits a `fileChange` item with proposed `changes` and `status: "inProgress"`.10331. `item/started` emits a `fileChange` item with proposed `changes` and `status: "inProgress"`.
7632. `item/fileChange/requestApproval` includes `itemId`, `threadId`, `turnId`, optional `reason`, and optional `grantRoot`.10342. `item/fileChange/requestApproval` includes `itemId`, `threadId`, `turnId`, optional `reason`, and optional `grantRoot`.
7643. Client responds with one of the file change approval decisions above.10353. Client responds with one of the file change approval decisions above.
7654. `item/completed` returns the final `fileChange` item with `status: completed | failed | declined`.10364. `serverRequest/resolved` confirms that the pending request has been answered or cleared.
10375. `item/completed` returns the final `fileChange` item with `status: completed | failed | declined`.
1038
1039### `tool/requestUserInput`
1040
1041When the client responds to `item/tool/requestUserInput`, app-server emits `serverRequest/resolved` with `{ threadId, requestId }`. If the pending request is cleared by turn start, turn completion, or turn interruption before the client answers, the server emits the same notification for that cleanup.
1042
1043### Dynamic tool calls (experimental)
1044
1045`dynamicTools` on `thread/start` and the corresponding `item/tool/call` request or response flow are experimental APIs.
1046
1047When a dynamic tool is invoked during a turn, app-server emits:
1048
10491. `item/started` with `item.type = "dynamicToolCall"`, `status = "inProgress"`, plus `tool` and `arguments`.
10502. `item/tool/call` as a server request to the client.
10513. The client response payload with returned content items.
10524. `item/completed` with `item.type = "dynamicToolCall"`, the final `status`, and any returned `contentItems` or `success` value.
766 1053
767### MCP tool-call approvals (apps)1054### MCP tool-call approvals (apps)
768 1055
769App (connector) tool calls can also require approval. When an app tool call has side effects, the server may elicit approval with `tool/requestUserInput` and options such as **Accept**, **Decline**, and **Cancel**. If the user declines or cancels, the related `mcpToolCall` item completes with an error instead of running the tool.1056App (connector) tool calls can also require approval. When an app tool call has side effects, the server may elicit approval with `tool/requestUserInput` and options such as **Accept**, **Decline**, and **Cancel**. Destructive tool annotations always trigger approval even when the tool also advertises less-privileged hints. If the user declines or cancels, the related `mcpToolCall` item completes with an error instead of running the tool.
770 1057
771## Skills1058## Skills
772 1059
848} }1135} }
849```1136```
850 1137
1138The server also emits `skills/changed` notifications when watched local skill files change. Treat this as an invalidation signal and rerun `skills/list` with your current params when needed.
1139
851To enable or disable a skill by path:1140To enable or disable a skill by path:
852 1141
853```json1142```json
863 1152
864## Apps (connectors)1153## Apps (connectors)
865 1154
866Use `app/list` to fetch available apps. In the CLI/TUI, `/apps` is the user-facing picker; in custom clients, call `app/list` directly. Each entry includes both `isAccessible` (available to the user) and `isEnabled` (enabled in `config.toml`) so clients can distinguish install/access from local enabled state.1155Use `app/list` to fetch available apps. In the CLI/TUI, `/apps` is the user-facing picker; in custom clients, call `app/list` directly. Each entry includes both `isAccessible` (available to the user) and `isEnabled` (enabled in `config.toml`) so clients can distinguish install/access from local enabled state. App entries can also include optional `branding`, `appMetadata`, and `labels` fields.
867 1156
868```json1157```json
869{ "method": "app/list", "id": 50, "params": {1158{ "method": "app/list", "id": 50, "params": {
879 "name": "Demo App",1168 "name": "Demo App",
880 "description": "Example connector for documentation.",1169 "description": "Example connector for documentation.",
881 "logoUrl": "https://example.com/demo-app.png",1170 "logoUrl": "https://example.com/demo-app.png",
1171 "logoUrlDark": null,
1172 "distributionChannel": null,
1173 "branding": null,
1174 "appMetadata": null,
1175 "labels": null,
882 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",1176 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",
883 "isAccessible": true,1177 "isAccessible": true,
884 "isEnabled": true1178 "isEnabled": true
904 "name": "Demo App",1198 "name": "Demo App",
905 "description": "Example connector for documentation.",1199 "description": "Example connector for documentation.",
906 "logoUrl": "https://example.com/demo-app.png",1200 "logoUrl": "https://example.com/demo-app.png",
1201 "logoUrlDark": null,
1202 "distributionChannel": null,
1203 "branding": null,
1204 "appMetadata": null,
1205 "labels": null,
907 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",1206 "installUrl": "https://chatgpt.com/apps/demo-app/demo-app",
908 "isAccessible": true,1207 "isAccessible": true,
909 "isEnabled": true1208 "isEnabled": true
936}1235}
937```1236```
938 1237
1238### Config RPC examples for app settings
1239
1240Use `config/read`, `config/value/write`, and `config/batchWrite` to inspect or update app controls in `config.toml`.
1241
1242Read the effective app config shape (including `_default` and per-tool overrides):
1243
1244```json
1245{ "method": "config/read", "id": 60, "params": { "includeLayers": false } }
1246{ "id": 60, "result": {
1247 "config": {
1248 "apps": {
1249 "_default": {
1250 "enabled": true,
1251 "destructive_enabled": true,
1252 "open_world_enabled": true
1253 },
1254 "google_drive": {
1255 "enabled": true,
1256 "destructive_enabled": false,
1257 "default_tools_approval_mode": "prompt",
1258 "tools": {
1259 "files/delete": { "enabled": false, "approval_mode": "approve" }
1260 }
1261 }
1262 }
1263 }
1264} }
1265```
1266
1267Update a single app setting:
1268
1269```json
1270{
1271 "method": "config/value/write",
1272 "id": 61,
1273 "params": {
1274 "keyPath": "apps.google_drive.default_tools_approval_mode",
1275 "value": "prompt",
1276 "mergeStrategy": "replace"
1277 }
1278}
1279```
1280
1281Apply multiple app edits atomically:
1282
1283```json
1284{
1285 "method": "config/batchWrite",
1286 "id": 62,
1287 "params": {
1288 "edits": [
1289 {
1290 "keyPath": "apps._default.destructive_enabled",
1291 "value": false,
1292 "mergeStrategy": "upsert"
1293 },
1294 {
1295 "keyPath": "apps.google_drive.tools.files/delete.approval_mode",
1296 "value": "approve",
1297 "mergeStrategy": "upsert"
1298 }
1299 ]
1300 }
1301}
1302```
1303
1304### Detect and import external agent config
1305
1306Use `externalAgentConfig/detect` to discover external-agent artifacts that can be migrated, then pass the selected entries to `externalAgentConfig/import`.
1307
1308Detection example:
1309
1310```json
1311{ "method": "externalAgentConfig/detect", "id": 63, "params": {
1312 "includeHome": true,
1313 "cwds": ["/Users/me/project"]
1314} }
1315{ "id": 63, "result": {
1316 "items": [
1317 {
1318 "itemType": "AGENTS_MD",
1319 "description": "Import /Users/me/project/CLAUDE.md to /Users/me/project/AGENTS.md.",
1320 "cwd": "/Users/me/project"
1321 },
1322 {
1323 "itemType": "SKILLS",
1324 "description": "Copy skill folders from /Users/me/.claude/skills to /Users/me/.agents/skills.",
1325 "cwd": null
1326 }
1327 ]
1328} }
1329```
1330
1331Import example:
1332
1333```json
1334{ "method": "externalAgentConfig/import", "id": 64, "params": {
1335 "migrationItems": [
1336 {
1337 "itemType": "AGENTS_MD",
1338 "description": "Import /Users/me/project/CLAUDE.md to /Users/me/project/AGENTS.md.",
1339 "cwd": "/Users/me/project"
1340 }
1341 ]
1342} }
1343{ "id": 64, "result": {} }
1344```
1345
1346When a request includes plugin imports, the server emits `externalAgentConfig/import/completed` after the import finishes. This notification may arrive immediately after the response or after background remote imports complete.
1347
1348Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, `PLUGINS`,
1349and `MCP_SERVER_CONFIG`. For `PLUGINS` items, `details.plugins` lists each
1350`marketplaceName` and the `pluginNames` Codex can try to migrate. Detection
1351returns only items that still have work to do. For example, Codex skips AGENTS
1352migration when `AGENTS.md` already exists and is non-empty, and skill imports
1353don't overwrite existing skill directories.
1354
1355When detecting plugins from `.claude/settings.json`, Codex reads configured
1356marketplace sources from `extraKnownMarketplaces`. If `enabledPlugins` contains
1357plugins from `claude-plugins-official` but the marketplace source is missing,
1358Codex infers `anthropics/claude-plugins-official` as the source.
1359
939## Auth endpoints1360## Auth endpoints
940 1361
941The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.1362The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, inspect ChatGPT rate limits, and notify workspace owners about depleted credits or usage limits.
942 1363
943### Authentication modes1364### Authentication modes
944 1365
945Codex supports three authentication modes. `account/updated.authMode` shows the active mode, and `account/read` also reports it.1366Codex supports these authentication modes. `account/updated.authMode` shows the active mode and includes the current ChatGPT `planType` when available. `account/read` also reports account and plan details.
946 1367
947- **API key (`apikey`)** - the caller supplies an OpenAI API key and Codex stores it for API requests.1368- **API key (`apikey`)** - the caller supplies an OpenAI API key with `type: "apiKey"`, and Codex stores it for API requests.
948- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically.1369- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically. Start with `type: "chatgpt"` for the browser flow or `type: "chatgptDeviceCode"` for the device-code flow.
949- **ChatGPT external tokens (`chatgptAuthTokens`)** - a host app supplies `idToken` and `accessToken` directly. Codex stores these tokens in memory, and the host app must refresh them when asked.1370- **ChatGPT external tokens (`chatgptAuthTokens`)** - experimental and intended for host apps that already own the user's ChatGPT auth lifecycle. The host app supplies an `accessToken`, `chatgptAccountId`, and optional `chatgptPlanType` directly, and must refresh the token when asked.
950 1371
951### API overview1372### API overview
952 1373
953- `account/read` - fetch current account info; optionally refresh tokens.1374- `account/read` - fetch current account info; optionally refresh tokens.
954- `account/login/start` - begin login (`apiKey`, `chatgpt`, or `chatgptAuthTokens`).1375- `account/login/start` - begin login (`apiKey`, `chatgpt`, `chatgptDeviceCode`, or experimental `chatgptAuthTokens`).
955- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).1376- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).
956- `account/login/cancel` - cancel a pending ChatGPT login by `loginId`.1377- `account/login/cancel` - cancel a pending managed ChatGPT login by `loginId`.
957- `account/logout` - sign out; triggers `account/updated`.1378- `account/logout` - sign out; triggers `account/updated`.
958- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`).1379- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`) and includes `planType` when available.
959- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.1380- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.
960- `account/rateLimits/read` - fetch ChatGPT rate limits.1381- `account/rateLimits/read` - fetch ChatGPT rate limits.
961- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.1382- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.
1383- `account/sendAddCreditsNudgeEmail` - ask ChatGPT to email a workspace owner about depleted credits or a reached usage limit.
962- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.1384- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.
1385- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread; payload includes `{ name, status, error }`.
963 1386
964### 1) Check auth state1387### 1) Check auth state
965 1388
1031 ```1454 ```
1032 1455
1033 ```json1456 ```json
1034 { "method": "account/updated", "params": { "authMode": "apikey" } }1457 {
1458 "method": "account/updated",
1459 "params": { "authMode": "apikey", "planType": null }
1460 }
1035 ```1461 ```
1036 1462
1037### 3) Log in with ChatGPT (browser flow)1463### 3) Log in with ChatGPT (browser flow)
1063 ```1489 ```
1064 1490
1065 ```json1491 ```json
1066 { "method": "account/updated", "params": { "authMode": "chatgpt" } }1492 {
1493 "method": "account/updated",
1494 "params": { "authMode": "chatgpt", "planType": "plus" }
1495 }
1496 ```
1497
1498### 3b) Log in with ChatGPT (device-code flow)
1499
1500Use this flow when your client owns the sign-in ceremony or when a browser callback is brittle.
1501
15021. Start:
1503
1504 ```json
1505 {
1506 "method": "account/login/start",
1507 "id": 4,
1508 "params": { "type": "chatgptDeviceCode" }
1509 }
1510 ```
1511
1512 ```json
1513 {
1514 "id": 4,
1515 "result": {
1516 "type": "chatgptDeviceCode",
1517 "loginId": "<uuid>",
1518 "verificationUrl": "https://auth.openai.com/codex/device",
1519 "userCode": "ABCD-1234"
1520 }
1521 }
1522 ```
15232. Show `verificationUrl` and `userCode` to the user; the frontend owns the UX.
15243. Wait for notifications:
1525
1526 ```json
1527 {
1528 "method": "account/login/completed",
1529 "params": { "loginId": "<uuid>", "success": true, "error": null }
1530 }
1531 ```
1532
1533 ```json
1534 {
1535 "method": "account/updated",
1536 "params": { "authMode": "chatgpt", "planType": "plus" }
1537 }
1067 ```1538 ```
1068 1539
1069### 3b) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)1540### 3c) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)
1070 1541
1071Use this mode when a host application owns the user’s ChatGPT auth lifecycle and supplies tokens directly.1542Use this experimental mode only when a host application owns the user's ChatGPT auth lifecycle and supplies tokens directly. Clients must set `capabilities.experimentalApi = true` during `initialize` before using this login type.
1072 1543
10731. Send:15441. Send:
1074 1545
1078 "id": 7,1549 "id": 7,
1079 "params": {1550 "params": {
1080 "type": "chatgptAuthTokens",1551 "type": "chatgptAuthTokens",
1081 "idToken": "<jwt>",1552 "accessToken": "<jwt>",
1082 "accessToken": "<jwt>"1553 "chatgptAccountId": "org-123",
1554 "chatgptPlanType": "business"
1083 }1555 }
1084 }1556 }
1085 ```1557 ```
1100 ```json1572 ```json
1101 {1573 {
1102 "method": "account/updated",1574 "method": "account/updated",
1103 "params": { "authMode": "chatgptAuthTokens" }1575 "params": { "authMode": "chatgptAuthTokens", "planType": "business" }
1104 }1576 }
1105 ```1577 ```
1106 1578
1112 "id": 8,1584 "id": 8,
1113 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }1585 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }
1114}1586}
1115{ "id": 8, "result": { "idToken": "<jwt>", "accessToken": "<jwt>" } }1587{ "id": 8, "result": { "accessToken": "<jwt>", "chatgptAccountId": "org-123", "chatgptPlanType": "business" } }
1116```1588```
1117 1589
1118The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.1590The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.
1129```json1601```json
1130{ "method": "account/logout", "id": 5 }1602{ "method": "account/logout", "id": 5 }
1131{ "id": 5, "result": {} }1603{ "id": 5, "result": {} }
1132{ "method": "account/updated", "params": { "authMode": null } }1604{ "method": "account/updated", "params": { "authMode": null, "planType": null } }
1133```1605```
1134 1606
1135### 6) Rate limits (ChatGPT)1607### 6) Rate limits (ChatGPT)
1141 "limitId": "codex",1613 "limitId": "codex",
1142 "limitName": null,1614 "limitName": null,
1143 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1615 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },
1144 "secondary": null1616 "secondary": null,
1617 "rateLimitReachedType": null
1145 },1618 },
1146 "rateLimitsByLimitId": {1619 "rateLimitsByLimitId": {
1147 "codex": {1620 "codex": {
1148 "limitId": "codex",1621 "limitId": "codex",
1149 "limitName": null,1622 "limitName": null,
1150 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1623 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },
1151 "secondary": null1624 "secondary": null,
1625 "rateLimitReachedType": null
1152 },1626 },
1153 "codex_other": {1627 "codex_other": {
1154 "limitId": "codex_other",1628 "limitId": "codex_other",
1155 "limitName": "codex_other",1629 "limitName": "codex_other",
1156 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },1630 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },
1157 "secondary": null1631 "secondary": null,
1632 "rateLimitReachedType": null
1158 }1633 }
1159 }1634 }
1160} }1635} }
1175- `usedPercent` is current usage within the quota window.1650- `usedPercent` is current usage within the quota window.
1176- `windowDurationMins` is the quota window length.1651- `windowDurationMins` is the quota window length.
1177- `resetsAt` is a Unix timestamp (seconds) for the next reset.1652- `resetsAt` is a Unix timestamp (seconds) for the next reset.
1653- `planType` is included when the backend returns the ChatGPT plan associated with a bucket.
1654- `credits` is included when the backend returns remaining workspace credit details.
1655- `rateLimitReachedType` identifies the backend-classified limit state when one has been reached.
1656
1657### 7) Notify a workspace owner about a limit
1658
1659Use `account/sendAddCreditsNudgeEmail` to ask ChatGPT to email a workspace owner when credits are depleted or a usage limit has been reached.
1660
1661```json
1662{ "method": "account/sendAddCreditsNudgeEmail", "id": 7, "params": { "creditType": "credits" } }
1663{ "id": 7, "result": { "status": "sent" } }
1664```
1665
1666Use `creditType: "credits"` when workspace credits are depleted, or `creditType: "usage_limit"` when the workspace usage limit has been reached. If the owner was already notified recently, the response status is `cooldown_active`.
