OpenAI - Codex Docs Changes

agent-approvals-security.md +12 −4

Details

10 10

11For a high-level explanation of how sandboxing works across the Codex app, IDE11For a high-level explanation of how sandboxing works across the Codex app, IDE

12extension, and CLI, see [Sandboxing](https://developers.openai.com/codex/concepts/sandboxing).12extension, and CLI, see [Sandboxing](https://developers.openai.com/codex/concepts/sandboxing).

13For a broader enterprise security overview, see the [Codex security white paper](https://trust.openai.com/?itemUid=382f924d-54f3-43a8-a9df-c39e6c959958&source=click).

13 14

14## Sandbox and approvals15## Sandbox and approvals

15 16

80 81

81If you need Codex to read files, make edits, and run commands with network access without approval prompts, use `--sandbox danger-full-access` (or the `--dangerously-bypass-approvals-and-sandbox` flag). Use caution before doing so.82If you need Codex to read files, make edits, and run commands with network access without approval prompts, use `--sandbox danger-full-access` (or the `--dangerously-bypass-approvals-and-sandbox` flag). Use caution before doing so.

82 83

83For a middle ground, `approval_policy = { reject = { ... } }` lets you auto-reject specific approval prompt categories (sandbox escalation, execpolicy-rule prompts, or MCP elicitations) while keeping other prompts interactive.84For a middle ground, `approval_policy = { granular = { ... } }` lets you keep specific approval prompt categories interactive while automatically rejecting others. The granular policy covers sandbox approvals, execpolicy-rule prompts, MCP elicitations, `request_permissions` prompts, and skill-script approvals.

84 85

85### Common sandbox and approval combinations86### Common sandbox and approval combinations

86 87

110[sandbox_workspace_write]111[sandbox_workspace_write]

111network_access = true112network_access = true

112 113

113# Optional: granular approval prompt auto-rejection114# Optional: granular approval policy

114# approval_policy = { reject = { sandbox_approval = true, rules = false, mcp_elicitations = false } }115# approval_policy = { granular = {

116# sandbox_approval = true,

117# rules = true,

118# mcp_elicitations = true,

119# request_permissions = false,

120# skill_approval = false

121# } }

115```122```

116 123

117You can also save presets as profiles, then select them with `codex --profile <name>`:124You can also save presets as profiles, then select them with `codex --profile <name>`:

144Codex enforces the sandbox differently depending on your OS:151Codex enforces the sandbox differently depending on your OS:

145 152

146- **macOS** uses Seatbelt policies and runs commands using `sandbox-exec` with a profile (`-p`) that corresponds to the `--sandbox` mode you selected. When restricted read access enables platform defaults, Codex appends a curated macOS platform policy (instead of broadly allowing `/System`) to preserve common tool compatibility.153- **macOS** uses Seatbelt policies and runs commands using `sandbox-exec` with a profile (`-p`) that corresponds to the `--sandbox` mode you selected. When restricted read access enables platform defaults, Codex appends a curated macOS platform policy (instead of broadly allowing `/System`) to preserve common tool compatibility.

147- **Linux** uses `Landlock` plus `seccomp` by default. You can opt into the alternative Linux sandbox pipeline with `features.use_linux_sandbox_bwrap = true` (or `-c use_linux_sandbox_bwrap=true`). In managed proxy mode, the bwrap pipeline routes egress through a proxy-only bridge and fails closed if it cannot build valid loopback proxy routes; landlock-only flows do not use that bridge behavior.154- **Linux** uses the bubblewrap pipeline plus `seccomp` by default. `use_legacy_landlock` is available when you need the older path. In managed proxy mode, the default bubblewrap pipeline routes egress through a proxy-only bridge and fails closed if it cannot build valid loopback proxy routes.

148- **Windows** uses the Linux sandbox implementation when running in [Windows Subsystem for Linux (WSL)](https://developers.openai.com/codex/windows#windows-subsystem-for-linux). When running natively on Windows, Codex uses a [Windows sandbox](https://developers.openai.com/codex/windows#windows-sandbox) implementation.155- **Windows** uses the Linux sandbox implementation when running in [Windows Subsystem for Linux (WSL)](https://developers.openai.com/codex/windows#windows-subsystem-for-linux). When running natively on Windows, Codex uses a [Windows sandbox](https://developers.openai.com/codex/windows#windows-sandbox) implementation.

149 156

150If you use the Codex IDE extension on Windows, it supports WSL directly. Set the following in your VS Code settings to keep the agent inside WSL whenever it’s available:157If you use the Codex IDE extension on Windows, it supports WSL directly. Set the following in your VS Code settings to keep the agent inside WSL whenever it’s available:

162```toml169```toml

163[windows]170[windows]

164sandbox = "unelevated" # or "elevated"171sandbox = "unelevated" # or "elevated"

172# sandbox_private_desktop = true # default; set false only for compatibility

165```173```

166 174

167See the [Windows setup guide](https://developers.openai.com/codex/windows#windows-sandbox) for details.175See the [Windows setup guide](https://developers.openai.com/codex/windows#windows-sandbox) for details.

ambassadors.md +0 −58 deleted

File DeletedView Diff

~~1# Codex Ambassadors~~

~~3Codex is rapidly becoming one of the most powerful ways to build,~~

~~4driven by builders who share real-world workflows and lessons with~~

~~5each other.~~

~~7Codex Ambassadors are community organizers, open-source maintainers,~~

~~8student leaders, and power users who actively spread what works, make~~

~~9Codex easier to adopt in practice, and help shape where it goes next.~~

~~11[Apply Today](https://openai.com/form/codex-ambassadors)~~

~~13[Upcoming Meetups](https://developers.openai.com/codex/community/meetups)~~

15![Codex Ambassadors leading a community workshop](/images/codex/ambassadors/ambassadors-18.jpg) ![Builders collaborating during a Codex Ambassador event](/images/codex/ambassadors/ambassadors-25.jpg)

~~17Ambassadors run hands-on meetups, workshops, and community sessions~~

~~18around the world.~~

~~20## What you’ll do~~

~~22As a Codex Ambassador, you’ll join a small global cohort and partner~~

~~23with OpenAI to:~~

~~25- Run hands-on Codex events in your local community~~

~~26- Create reusable learning assets others can build on~~

~~27- Experiment with ideas to grow and support builder communities~~

~~28- Share candid, real-world feedback directly with the Codex team~~

~~30## Who should apply~~

~~32We’re looking for people with hands-on experience leading or~~

~~33supporting developer communities, like running meetups, maintaining~~

~~34open-source projects, teaching workshops, or regularly helping~~

~~35others learn how to build.~~

~~37## Support from OpenAI~~

~~39- Codex credits to support your own work and power local events~~

~~40- Ready-to-use starter kits you can tailor to your community~~

~~41- A direct line to fellow Ambassadors and the Codex team for~~

~~42 collaboration and feedback~~

~~43- Invitations to future exclusive events where you can meet the~~

~~44 Codex team~~

~~45- Exclusive swag and a honorarium for your time and contributions~~

~~47This is a two-way program, and will also evolve our support based on~~

~~48what the cohort learns on the ground.~~

~~50**Time commitment:** ~2–4 hours per week~~

~~52## Bring your community with you~~

~~54If you like bringing people together to build, learn, and share,~~

~~55and you're excited to help shape what a great ambassador program~~

~~56can be, we'd love to hear from you.~~

~~58[Start your application](https://openai.com/form/codex-ambassadors)~~

app.md +1 −0

Details

41- Find and fix bugs in my codebase with minimal, high-confidence changes.41- Find and fix bugs in my codebase with minimal, high-confidence changes.

42 42

43 If you need more inspiration, check out the [explore section](https://developers.openai.com/codex/explore).43 If you need more inspiration, check out the [explore section](https://developers.openai.com/codex/explore).

44 If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

44 45

45---46---

46 47

app-server.md +16 −10

Details

21Requests include `method`, `params`, and `id`:21Requests include `method`, `params`, and `id`:

22 22

23```json23```json

~~24{ "method": "thread/start", "id": 10, "params": { "model": "gpt-5.1-codex" } }~~24{ "method": "thread/start", "id": 10, "params": { "model": "gpt-5.4" } }

25```25```

26 26

27Responses echo the `id` with either `result` or `error`:27Responses echo the `id` with either `result` or `error`:

99 },99 },

100});100});

101send({ method: "initialized", params: {} });101send({ method: "initialized", params: {} });

102send({ method: "thread/start", id: 1, params: { model: "gpt-5.1-codex" } });102send({ method: "thread/start", id: 1, params: { model: "gpt-5.4" } });

103```103```

104 104

105## Core primitives105## Core primitives

123 123

124Clients must send a single `initialize` request per transport connection before invoking any other method on that connection, then acknowledge with an `initialized` notification. Requests sent before initialization receive a `Not initialized` error, and repeated `initialize` calls on the same connection return `Already initialized`.124Clients must send a single `initialize` request per transport connection before invoking any other method on that connection, then acknowledge with an `initialized` notification. Requests sent before initialization receive a `Not initialized` error, and repeated `initialize` calls on the same connection return `Already initialized`.

125 125

126The server returns the user agent string it will present to upstream services. Set `clientInfo` to identify your integration.126The server returns the user agent string it will present to upstream services plus `platformFamily` and `platformOs` values that describe the runtime target. Set `clientInfo` to identify your integration.

127 127

128`initialize.params.capabilities` also supports per-connection notification opt-out via `optOutNotificationMethods`, which is a list of exact method names to suppress for that connection. Matching is exact (no wildcards/prefixes). Unknown method names are accepted and ignored.128`initialize.params.capabilities` also supports per-connection notification opt-out via `optOutNotificationMethods`, which is a list of exact method names to suppress for that connection. Matching is exact (no wildcards/prefixes). Unknown method names are accepted and ignored.

129 129

159 },159 },

160 "capabilities": {160 "capabilities": {

161 "experimentalApi": true,161 "experimentalApi": true,

162 "optOutNotificationMethods": [162 "optOutNotificationMethods": ["thread/started", "item/agentMessage/delta"]

163 "codex/event/session_configured",

164 "item/agentMessage/delta"

165 ]

166 }163 }

167 }164 }

168}165}

204- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.201- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.

205- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters. Returned `thread` objects include runtime `status`.202- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters. Returned `thread` objects include runtime `status`.

206- `thread/loaded/list` - list the thread ids currently loaded in memory.203- `thread/loaded/list` - list the thread ids currently loaded in memory.

204- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.

207- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.205- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.

208- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread and emits `thread/closed`.206- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread and emits `thread/closed`.

209- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.207- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.

215- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.213- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.

216- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.214- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.

217- `command/exec` - run a single command under the server sandbox without starting a thread/turn.215- `command/exec` - run a single command under the server sandbox without starting a thread/turn.

216- `command/exec/write` - write stdin bytes to a running `command/exec` session or close stdin.

217- `command/exec/resize` - resize a running PTY-backed `command/exec` session.

218- `command/exec/terminate` - terminate a running `command/exec` session.

218- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.219- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.

219- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.220- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.

220- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).221- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).

221- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).222- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).

223- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata.

224- `plugin/read` - read one plugin by marketplace path and plugin name, including bundled skills, apps, and MCP server names.

222- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.225- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.

223- `skills/config/write` - enable or disable skills by path.226- `skills/config/write` - enable or disable skills by path.

224- `mcpServer/oauth/login` - start an OAuth login for a configured MCP server; returns an authorization URL and emits `mcpServer/oauthLogin/completed` on completion.227- `mcpServer/oauth/login` - start an OAuth login for a configured MCP server; returns an authorization URL and emits `mcpServer/oauthLogin/completed` on completion.

233- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.236- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.

234- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.237- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.

235- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).238- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).

239- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, and `fs/copy` - operate on absolute filesystem paths through the app-server v2 filesystem API.

236 240

237## Models241## Models

238 242

315 319

316```json320```json

317{ "method": "thread/start", "id": 10, "params": {321{ "method": "thread/start", "id": 10, "params": {

318 "model": "gpt-5.1-codex",322 "model": "gpt-5.4",

319 "cwd": "/Users/me/project",323 "cwd": "/Users/me/project",

320 "approvalPolicy": "never",324 "approvalPolicy": "never",

321 "sandbox": "workspaceWrite",325 "sandbox": "workspaceWrite",

570 "writableRoots": ["/Users/me/project"],574 "writableRoots": ["/Users/me/project"],

571 "networkAccess": true575 "networkAccess": true

572 },576 },

573 "model": "gpt-5.1-codex",577 "model": "gpt-5.4",

574 "effort": "medium",578 "effort": "medium",

575 "summary": "concise",579 "summary": "concise",

576 "personality": "friendly",580 "personality": "friendly",

713- The server rejects empty `command` arrays.717- The server rejects empty `command` arrays.

714- `sandboxPolicy` accepts the same shape used by `turn/start` (for example, `dangerFullAccess`, `readOnly`, `workspaceWrite`, `externalSandbox`).718- `sandboxPolicy` accepts the same shape used by `turn/start` (for example, `dangerFullAccess`, `readOnly`, `workspaceWrite`, `externalSandbox`).

715- When omitted, `timeoutMs` falls back to the server default.719- When omitted, `timeoutMs` falls back to the server default.

720- Set `tty: true` for PTY-backed sessions, and use `processId` when you plan to follow up with `command/exec/write`, `command/exec/resize`, or `command/exec/terminate`.

721- Set `streamStdoutStderr: true` to receive `command/exec/outputDelta` notifications while the command is running.

716 722

717### Read admin requirements (`configRequirements/read`)723### Read admin requirements (`configRequirements/read`)

718 724

773 779

774- Exact-match only: `item/agentMessage/delta` suppresses only that method.780- Exact-match only: `item/agentMessage/delta` suppresses only that method.

775- Unknown method names are ignored.781- Unknown method names are ignored.

776- Applies to both legacy (`codex/event/*`) and v2 (`thread/*`, `turn/*`, `item/*`, etc.) notifications.782- Applies to the current `thread/*`, `turn/*`, `item/*`, and related v2 notifications.

777- Doesn't apply to requests, responses, or errors.783- Doesn't apply to requests, responses, or errors.

778 784

779### Fuzzy file search events (experimental)785### Fuzzy file search events (experimental)

app/automations.md +23 −12

Details

2 2

3Automate recurring tasks in the background. Codex adds findings to the inbox, or automatically archives the task if there's nothing to report. You can combine automations with [skills](https://developers.openai.com/codex/skills) for more complex tasks.3Automate recurring tasks in the background. Codex adds findings to the inbox, or automatically archives the task if there's nothing to report. You can combine automations with [skills](https://developers.openai.com/codex/skills) for more complex tasks.

4 4

~~5Automations run locally in the Codex app. The app needs to be running, and the~~5Automations run in the background in the Codex app. The app needs to be

~~6selected project needs to be available on disk.~~6running, and the selected project needs to be available on disk.

7 7

~~8In Git repositories, each automation run starts in a new~~8In Git repositories, you can choose whether an automation runs in your local

~~9[worktree](https://developers.openai.com/codex/app/worktrees) so it doesn’t interfere with your main~~9project or on a new [worktree](https://developers.openai.com/codex/app/worktrees). Both options run in the

~~10checkout. In non-version-controlled projects, automations run directly in the~~10background. Worktrees keep automation changes separate from unfinished local

11work, while running in your local project can modify files you are still

12working on. In non-version-controlled projects, automations run directly in the

11project directory.13project directory.

12 14

~~13![Automation creation form with schedule and prompt fields](/images/codex/app/create-automation-light.webp)~~15You can also leave the model and reasoning effort on their default settings, or

16choose them explicitly if you want more control over how the automation runs.

18![Automation creation form with schedule and prompt fields](/images/codex/app/codex-automations-light.webp)

14 19

15## Managing tasks20## Managing tasks

16 21

18 23

19The "Triage" section acts as your inbox. Automation runs with findings show up there, and you can filter your inbox to show all automation runs or only unread ones.24The "Triage" section acts as your inbox. Automation runs with findings show up there, and you can filter your inbox to show all automation runs or only unread ones.

20 25

21When an automation runs in a Git repository, Codex uses a dedicated background [worktree](https://developers.openai.com/codex/app/features#worktree-support). In non-version-controlled projects, automations run directly in the project directory. Consider using Git to enable running on background worktrees. You can have the same automation run on multiple projects.26For Git repositories, each automation can run either in your local project or

27on a dedicated background [worktree](https://developers.openai.com/codex/app/features#worktree-support). Use

28worktrees when you want to isolate automation changes from unfinished local

29work. Use local mode when you want the automation to work directly in your main

30checkout, keeping in mind that it can modify files you are actively editing.

31In non-version-controlled projects, automations run directly in the project

32directory. You can have the same automation run on multiple projects.

22 33

23Automations use your default sandbox settings. In read-only mode, tool calls fail if they require modifying files, network access, or working with apps on your computer. With full access enabled, background automations carry elevated risk. You can adjust sandbox settings in [Settings](https://developers.openai.com/codex/app/settings) and selectively allowlist commands with [rules](https://developers.openai.com/codex/rules).34Automations use your default sandbox settings. In read-only mode, tool calls fail if they require modifying files, network access, or working with apps on your computer. With full access enabled, background automations carry elevated risk. You can adjust sandbox settings in [Settings](https://developers.openai.com/codex/app/settings) and selectively allowlist commands with [rules](https://developers.openai.com/codex/rules).

24 35

30first. This helps you confirm:41first. This helps you confirm:

31 42

32- The prompt is clear and scoped correctly.43- The prompt is clear and scoped correctly.

~~33- The selected model and tools behave as expected.~~44- The selected or default model, reasoning effort, and tools behave as expected.

34- The resulting diff is reviewable.45- The resulting diff is reviewable.

35 46

36When you start scheduling runs, review the first few outputs closely and adjust47When you start scheduling runs, review the first few outputs closely and adjust

38 49

39## Worktree cleanup for automations50## Worktree cleanup for automations

40 51

~~41For Git repositories, automations run in worktrees. Frequent schedules can~~52If you choose worktrees for Git repositories, frequent schedules can create

~~42create many worktrees over time. Archive automation runs you no longer need,~~53many worktrees over time. Archive automation runs you no longer need, and avoid

~~43and avoid pinning runs unless you intend to keep their worktrees.~~54pinning runs unless you intend to keep their worktrees.

44 55

45## Permissions and security model56## Permissions and security model

46 57

app/commands.md +18 −0

Details

48| `/review` | Start code review mode to review uncommitted changes or compare against a base branch. |48| `/review` | Start code review mode to review uncommitted changes or compare against a base branch. |

49| `/status` | Show the thread ID, context usage, and rate limits. |49| `/status` | Show the thread ID, context usage, and rate limits. |

50 50

51## Deeplinks

53The Codex app registers the `codex://` URL scheme so links can open specific parts of the app directly.

55| Deeplink | Opens | Supported query parameters |

56| --- | --- | --- |

57| `codex://settings` | Settings. | None. |

58| `codex://skills` | Skills. | None. |

59| `codex://automations` | Inbox in automation create mode. | None. |

60| `codex://threads/<thread-id>` | A local thread. `<thread-id>` must be a UUID. | None. |

61| `codex://new` | A new thread. | Optional: `prompt`, `originUrl`, `path`. |

63For new-thread deeplinks:

65- `prompt` prefills the composer.

66- `path` must be an absolute path to a local directory and, when valid, makes that directory the active workspace for the new thread.

67- `originUrl` tries to match one of your current workspace roots by Git remote URL. If both `path` and `originUrl` are present, Codex resolves `path` first.

51## See also69## See also

52 70

53- [Features](https://developers.openai.com/codex/app/features)71- [Features](https://developers.openai.com/codex/app/features)

app/features.md +3 −1

Details

85pressing <kbd>Cmd</kbd>+<kbd>J</kbd>.85pressing <kbd>Cmd</kbd>+<kbd>J</kbd>.

86 86

87Use the terminal to validate changes, run scripts, and perform Git operations87Use the terminal to validate changes, run scripts, and perform Git operations

~~88without leaving the app.~~88without leaving the app. Codex can also read the current terminal output, so

89it can check the status of a running development server or refer back to a

90failed build while it works with you.

89 91

90Common tasks include:92Common tasks include:

91 93

app/settings.md +8 −5

Details

10require <kbd>Cmd</kbd>+<kbd>Enter</kbd> for multiline prompts or prevent sleep while a10require <kbd>Cmd</kbd>+<kbd>Enter</kbd> for multiline prompts or prevent sleep while a

11thread runs.11thread runs.

12 12

~~13## Appearance~~

~~15Pick a theme, decide whether the window is solid, and adjust UI or code fonts. Font~~

~~16choices apply across the app, including the diff review panel and terminal.~~

18## Notifications13## Notifications

19 14

20Choose when turn completion notifications appear, and whether the app should prompt for15Choose when turn completion notifications appear, and whether the app should prompt for

27options. See [Codex security](https://developers.openai.com/codex/agent-approvals-security) and22options. See [Codex security](https://developers.openai.com/codex/agent-approvals-security) and

28[config basics](https://developers.openai.com/codex/config-basic) for more detail.23[config basics](https://developers.openai.com/codex/config-basic) for more detail.

29 24

25## Appearance

27In **Settings**, you can change the Codex app appearance by choosing a base theme,

28adjusting accent, background, and foreground colors, and changing the UI and code

29fonts. You can also share your custom theme with friends.

31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)

30## Git33## Git

31 34

32Use Git settings to standardize branch naming and choose whether Codex uses force35Use Git settings to standardize branch naming and choose whether Codex uses force

app/windows.md +12 −0

Details

28winget install Codex -s msstore28winget install Codex -s msstore

29```29```

30 30

31## Native sandbox

33The Codex app on Windows supports a native [Windows sandbox](https://developers.openai.com/codex/windows#windows-sandbox) when the agent runs in PowerShell, and uses Linux sandboxing when you run the agent in [Windows Subsystem for Linux (WSL)](#windows-subsystem-for-linux-wsl). To apply sandbox protections in either mode, set sandbox permissions to **Default permissions** in the Composer before sending messages to Codex.

35Running Codex in full access mode means Codex is not limited to your project

36 directory and might perform unintentional destructive actions that can lead to

37 data loss. Keep sandbox boundaries in place and use [rules](https://developers.openai.com/codex/rules) for

38 targeted exceptions, or set your [approval policy to

39 never](https://developers.openai.com/codex/agent-approvals-security#run-without-approval-prompts) to have

40 Codex attempt to solve problems without asking for escalated permissions,

41 based on your [approval and security setup](https://developers.openai.com/codex/agent-approvals-security).

31## Customize for your dev setup43## Customize for your dev setup

32 44

33### Preferred editor45### Preferred editor

auth.md +19 −0

Details

91 91

92These settings are commonly applied via managed configuration rather than per-user setup. See [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).92These settings are commonly applied via managed configuration rather than per-user setup. See [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).

93 93

94## Login diagnostics

96Direct `codex login` runs write a dedicated `codex-login.log` file under

97your configured log directory. Use it when you need to debug browser-login or

98device-code failures, or when support asks for login-specific logs.

100## Custom CA bundles

101

102If your network uses a corporate TLS proxy or private root CA, set

103`CODEX_CA_CERTIFICATE` to a PEM bundle before logging in. When

104`CODEX_CA_CERTIFICATE` is unset, Codex falls back to `SSL_CERT_FILE`. The same

105custom CA settings apply to login, normal HTTPS requests, and secure websocket

106connections.

107

108```shell

109export CODEX_CA_CERTIFICATE=/path/to/corporate-root-ca.pem

110codex login

111```

112

94## Login on headless devices113## Login on headless devices

95 114

96If you are signing in to ChatGPT with the Codex CLI, there are some situations where the browser-based login UI may not work:115If you are signing in to ChatGPT with the Codex CLI, there are some situations where the browser-based login UI may not work:

cli.md +5 −3

Details

3Codex CLI is OpenAI's coding agent that you can run locally from your terminal. It can read, change, and run code on your machine in the selected directory.3Codex CLI is OpenAI's coding agent that you can run locally from your terminal. It can read, change, and run code on your machine in the selected directory.

4It's [open source](https://github.com/openai/codex) and built in Rust for speed and efficiency.4It's [open source](https://github.com/openai/codex) and built in Rust for speed and efficiency.

5 5

~~6Codex is included with ChatGPT Plus, Pro, Business, Edu, and Enterprise plans. Learn more about [what’s included](https://developers.openai.com/codex/pricing).~~6ChatGPT Plus, Pro, Business, Edu, and Enterprise plans include Codex. Learn more about [what's included](https://developers.openai.com/codex/pricing).

7 7

8## CLI setup8## CLI setup

9 9

47experimental. For the best Windows experience, use Codex in a WSL workspace47experimental. For the best Windows experience, use Codex in a WSL workspace

48and follow our [Windows setup guide](https://developers.openai.com/codex/windows).48and follow our [Windows setup guide](https://developers.openai.com/codex/windows).

49 49

50If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

50---52---

51 53

52## Work with the Codex CLI54## Work with the Codex CLI

59 61

60Attach screenshots or design specs so Codex reads them alongside your prompt.](https://developers.openai.com/codex/cli/features#image-inputs)[### Run local code review62Attach screenshots or design specs so Codex reads them alongside your prompt.](https://developers.openai.com/codex/cli/features#image-inputs)[### Run local code review

61 63

~~62Get your code reviewed by a separate Codex agent before you commit or push your changes.](https://developers.openai.com/codex/cli/features#running-local-code-review)[### Use multi-agent~~64Get your code reviewed by a separate Codex agent before you commit or push your changes.](https://developers.openai.com/codex/cli/features#running-local-code-review)[### Use subagents

63 65

~~64Enable experimental multi-agent collaboration and parallelize complex tasks.](https://developers.openai.com/codex/multi-agent)[### Web search~~66Use subagents to parallelize complex tasks.](https://developers.openai.com/codex/subagents)[### Web search

65 67

66Use Codex to search the web and get up-to-date information for your task.](https://developers.openai.com/codex/cli/features#web-search)[### Codex Cloud tasks68Use Codex to search the web and get up-to-date information for your task.](https://developers.openai.com/codex/cli/features#web-search)[### Codex Cloud tasks

67 69

cli/features.md +13 −4

Details

20 20

21- Send prompts, code snippets, or screenshots (see [image inputs](#image-inputs)) directly into the composer.21- Send prompts, code snippets, or screenshots (see [image inputs](#image-inputs)) directly into the composer.

22- Watch Codex explain its plan before making a change, and approve or reject steps inline.22- Watch Codex explain its plan before making a change, and approve or reject steps inline.

~~23- Read syntax-highlighted markdown code blocks and diffs in the TUI, then use `/theme` to preview and save a preferred color theme.~~23- Read syntax-highlighted markdown code blocks and diffs in the TUI, then use `/theme` to preview and save a preferred theme.

24- Use `/clear` to wipe the terminal and start a fresh chat, or press <kbd>Ctrl</kbd>+<kbd>L</kbd> to clear the screen without starting a new conversation.24- Use `/clear` to wipe the terminal and start a fresh chat, or press <kbd>Ctrl</kbd>+<kbd>L</kbd> to clear the screen without starting a new conversation.

25- Use `/copy` to copy the latest completed Codex output. If a turn is still running, Codex copies the most recent finished output instead of in-progress text.25- Use `/copy` to copy the latest completed Codex output. If a turn is still running, Codex copies the most recent finished output instead of in-progress text.

26- Navigate draft history in the composer with <kbd>Up</kbd>/<kbd>Down</kbd>; Codex restores prior draft text and image placeholders.26- Navigate draft history in the composer with <kbd>Up</kbd>/<kbd>Down</kbd>; Codex restores prior draft text and image placeholders.

46 46

47## Models and reasoning47## Models and reasoning

48 48

49For most tasks in Codex, `gpt-5.4` is the recommended model. It brings the industry-leading coding capabilities of `gpt-5.3-codex` to OpenAI’s flagship frontier model, combining frontier coding performance with stronger reasoning, native computer use, and broader professional workflows. For extra fast tasks, ChatGPT Pro subscribers have access to the GPT-5.3-Codex-Spark model in research preview.49For most tasks in Codex, `gpt-5.4` is the recommended model. It brings the

50industry-leading coding capabilities of `gpt-5.3-codex` to OpenAI’s flagship

51frontier model, combining frontier coding performance with stronger reasoning,

52native computer use, and broader professional workflows. For extra fast tasks,

53ChatGPT Pro subscribers have access to the GPT-5.3-Codex-Spark model in

54research preview.

50 55

51Switch models mid-session with the `/model` command, or specify one when launching the CLI.56Switch models mid-session with the `/model` command, or specify one when launching the CLI.

52 57

68 73

69`codex features enable <feature>` and `codex features disable <feature>` write to `~/.codex/config.toml`. If you launch Codex with `--profile`, Codex stores the change in that profile rather than the root configuration.74`codex features enable <feature>` and `codex features disable <feature>` write to `~/.codex/config.toml`. If you launch Codex with `--profile`, Codex stores the change in that profile rather than the root configuration.

70 75

~~71## Multi-agents (experimental)~~76## Subagents

72 77

73Use Codex multi-agent workflows to parallelize larger tasks. For setup, role configuration (`[agents]` in `config.toml`), and examples, see [Multi-agents](https://developers.openai.com/codex/multi-agent).78Use Codex subagent workflows to parallelize larger tasks. For setup, role configuration (`[agents]` in `config.toml`), and examples, see [Subagents](https://developers.openai.com/codex/subagents).

80Codex only spawns subagents when you explicitly ask it to. Because each

81subagent does its own model and tool work, subagent workflows consume more

82tokens than comparable single-agent runs.

74 83

75## Image inputs84## Image inputs

76 85

cli/slash-commands.md +13 −5

Details

8This guide shows you how to:8This guide shows you how to:

9 9

10- Find the right built-in slash command for a task10- Find the right built-in slash command for a task

~~11- Steer an active session with commands like `/model`, `/personality`,~~11- Steer an active session with commands like `/model`, `/fast`,

~~12 `/permissions`, `/experimental`, `/agent`, and `/status`~~12 `/personality`, `/permissions`, `/agent`, and `/status`

13 13

14## Built-in slash commands14## Built-in slash commands

15 15

20| ------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |20| ------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |

21| [`/permissions`](#update-permissions-with-permissions) | Set what Codex can do without asking first. | Relax or tighten approval requirements mid-session, such as switching between Auto and Read Only. |21| [`/permissions`](#update-permissions-with-permissions) | Set what Codex can do without asking first. | Relax or tighten approval requirements mid-session, such as switching between Auto and Read Only. |

22| [`/sandbox-add-read-dir`](#grant-sandbox-read-access-with-sandbox-add-read-dir) | Grant sandbox read access to an extra directory (Windows only). | Unblock commands that need to read an absolute directory path outside the current readable roots. |22| [`/sandbox-add-read-dir`](#grant-sandbox-read-access-with-sandbox-add-read-dir) | Grant sandbox read access to an extra directory (Windows only). | Unblock commands that need to read an absolute directory path outside the current readable roots. |

26| [`/compact`](#keep-transcripts-lean-with-compact) | Summarize the visible conversation to free tokens. | Use after long runs so Codex retains key points without blowing the context window. |26| [`/compact`](#keep-transcripts-lean-with-compact) | Summarize the visible conversation to free tokens. | Use after long runs so Codex retains key points without blowing the context window. |

32| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |32| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |

36| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |36| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |

37| [`/fast`](#toggle-fast-mode-with-fast) | Toggle Fast mode for GPT-5.4. | Turn Fast mode on or off, or check whether the current thread is using it. |

37| [`/plan`](#switch-to-plan-mode-with-plan) | Switch to plan mode and optionally send a prompt. | Ask Codex to propose an execution plan before implementation work starts. |38| [`/plan`](#switch-to-plan-mode-with-plan) | Switch to plan mode and optionally send a prompt. | Ask Codex to propose an execution plan before implementation work starts. |

38| [`/personality`](#set-a-communication-style-with-personality) | Choose a communication style for responses. | Make Codex more concise, more explanatory, or more collaborative without changing your instructions. |39| [`/personality`](#set-a-communication-style-with-personality) | Choose a communication style for responses. | Make Codex more concise, more explanatory, or more collaborative without changing your instructions. |

39| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |40| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |

63 64

64Expected: Codex confirms the new model in the transcript. Run `/status` to verify the change.65Expected: Codex confirms the new model in the transcript. Run `/status` to verify the change.

65 66

67### Toggle Fast mode with `/fast`

691. Type `/fast on`, `/fast off`, or `/fast status`.

702. If you want the setting to persist, confirm the update when Codex offers to save it.

72Expected: Codex reports whether Fast mode is on or off for the current thread. In the TUI footer, you can also show a Fast mode status-line item with `/statusline`.

66### Set a communication style with `/personality`74### Set a communication style with `/personality`

67 75

68Use `/personality` to change how Codex communicates without rewriting your prompt.76Use `/personality` to change how Codex communicates without rewriting your prompt.

92### Toggle experimental features with `/experimental`100### Toggle experimental features with `/experimental`

93 101

941. Type `/experimental` and press Enter.1021. Type `/experimental` and press Enter.

~~952. Toggle the features you want (for example, **Multi-agents**), then restart Codex.~~1032. Toggle the features you want (for example, Apps or Smart Approvals), then restart Codex if the prompt asks you to.

96 104

97Expected: Codex saves your feature choices to config and applies them on restart.105Expected: Codex saves your feature choices to config and applies them on restart.

98 106

codex.md +3 −3

Details

22 22

23 Learn more](https://developers.openai.com/codex/explore) [### Community23 Learn more](https://developers.openai.com/codex/explore) [### Community

24 24

~~25Explore Codex Ambassadors and upcoming community meetups by location.~~25Read community posts, explore meetups, and connect with Codex builders.

26 26

~~27 See community](https://developers.openai.com/codex/community/meetups) [### Codex for OSS~~27 See community](/community) [### Codex for Open Source

28 28

29Apply or nominate maintainers for API credits, ChatGPT Pro with Codex, and selective Codex Security access.29Apply or nominate maintainers for API credits, ChatGPT Pro with Codex, and selective Codex Security access.

30 30

~~31 Learn more](https://developers.openai.com/codex/community/codex-for-oss)~~31 Learn more](https://developers.openai.com/community/codex-for-oss)

codex-for-oss-terms.md +1 −1

Details

1# Codex for Open Source Program Terms1# Codex for Open Source Program Terms

2 2

3These Program Terms govern the Codex for Open Source program (the “Program”) offered by OpenAI OpCo, LLC and its affiliates (“OpenAI,” “we,” “our,” or “us”). By submitting an application to the Program or accepting any Program benefit, you agree to these Program Terms.3These Program Terms govern the Codex for OSS program (the "Program") offered by OpenAI OpCo, LLC and its affiliates ("OpenAI," "we," "our," or "us"). By submitting an application to the Program or accepting any Program benefit, you agree to these Program Terms.

4 4

5These Program Terms supplement, and do not replace, the OpenAI Terms of Use, Privacy Policy, applicable service terms, and OpenAI policies that govern your use of ChatGPT, Codex, the API, and any other OpenAI services made available through the Program. If there is a conflict, these Program Terms control only with respect to the Program.5These Program Terms supplement, and do not replace, the OpenAI Terms of Use, Privacy Policy, applicable service terms, and OpenAI policies that govern your use of ChatGPT, Codex, the API, and any other OpenAI services made available through the Program. If there is a conflict, these Program Terms control only with respect to the Program.

6 6

community/codex-for-oss.md +0 −19 deleted

File DeletedView Diff

~~1# Codex for Open Source~~

3Open-source maintainers do critical work, often behind the scenes, to keep the software ecosystem healthy. Over the past year, the Codex Open Source Fund ($1 million) has supported projects that need API credits, including teams using Codex to power GitHub pull request workflows. OpenAI is grateful to the maintainers who keep that work moving.

5The fund now supports eligible maintainers by offering six months of ChatGPT Pro with Codex and conditional access to Codex Security for core maintainers with write access. Developers should code in the tools they prefer, whether that’s Codex, [OpenCode](https://github.com/anomalyco/opencode), [Cline](https://github.com/cline/cline), [pi](https://github.com/badlogic/pi-mono/tree/main/packages/coding-agent), [OpenClaw](https://github.com/openclaw/openclaw), or something else, and this program supports that work.

~~7## What the program includes~~

~~9- Six months of ChatGPT Pro with Codex for day-to-day coding, triage, review, and maintainer workflows~~

~~10- Conditional access to Codex Security for repositories that need deeper security coverage~~

~~11- API credits through the Codex Open Source Fund for projects that use Codex in pull request review, maintainer automation, release workflows, or other core OSS work~~

~~13Given GPT-5.4’s capabilities, the team reviews Codex Security access case by case to ensure these workflows get the care and diligence they require.~~

~~15If you’re a core maintainer or run a widely used public project, apply. If your project doesn’t fit the criteria but it plays an important role in the ecosystem, apply anyway and explain why.~~

~~17By submitting an application, you agree to the [Codex for Open Source Program Terms](https://developers.openai.com/codex/codex-for-oss-terms).~~

~~19[Apply today!](https://openai.com/form/codex-for-oss/)~~

community/meetups.md +0 −17 deleted

File DeletedView Diff

~~1# Codex Meetups~~

~~3Mar 12~~

~~5![Stylized city cover for Orlando](https://developers.openai.com/codex/meetups/orlando.webp)~~

~~7UpcomingMar 12~~

~~9Orlando, FL, USA~~

~~11### Orlando~~

~~13March 12, 2026~~

~~15Hosted by [Leonard](https://www.linkedin.com/in/lgofman/), [Michael](https://www.linkedin.com/in/michael-rusudev/), and [Carlos](https://www.linkedin.com/in/cataladev/)~~

~~17[Register now](https://luma.com/39y2dvwx)[Share city](https://developers.openai.com/codex/community/meetups?city=Orlando)~~

concepts/customization.md +12 −12

Details

7- **Project guidance (`AGENTS.md`)** for persistent instructions7- **Project guidance (`AGENTS.md`)** for persistent instructions

8- **Skills** for reusable workflows and domain expertise8- **Skills** for reusable workflows and domain expertise

9- **[MCP](https://developers.openai.com/codex/mcp)** for access to external tools and shared systems9- **[MCP](https://developers.openai.com/codex/mcp)** for access to external tools and shared systems

~~10- **[Multi-agents](https://developers.openai.com/codex/concepts/multi-agents)** for delegating work to specialized sub-agents~~10- **[Subagents](https://developers.openai.com/codex/concepts/subagents)** for delegating work to specialized subagents

11 11

12These are complementary, not competing. `AGENTS.md` shapes behavior, skills package repeatable processes, and [MCP](https://developers.openai.com/codex/mcp) connects Codex to systems outside the local workspace.12These are complementary, not competing. `AGENTS.md` shapes behavior, skills package repeatable processes, and [MCP](https://developers.openai.com/codex/mcp) connects Codex to systems outside the local workspace.

13 13

19 19

20- Build and test commands20- Build and test commands

21- Review expectations21- Review expectations

~~22- Repo-specific conventions~~22- repo-specific conventions

23- Directory-specific instructions23- Directory-specific instructions

24 24

25When the agent makes incorrect assumptions about your codebase, correct them in `AGENTS.md` and ask the agent to update `AGENTS.md` so the fix persists. Treat it as a feedback loop.25When the agent makes incorrect assumptions about your codebase, correct them in `AGENTS.md` and ask the agent to update `AGENTS.md` so the fix persists. Treat it as a feedback loop.

44 - AGENTS.md Global (for you as a developer)44 - AGENTS.md Global (for you as a developer)

45- repo-root/45- repo-root/

46 46

~~47 - AGENTS.md Repo-specific (for your team)~~47 - AGENTS.md repo-specific (for your team)

48 48

49[Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)49[Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)

50 50

87 87

88Skills can be global (in your user directory, for you as a developer) or repo-specific (checked into `.agents/skills`, for your team). Put repo skills in `.agents/skills` when the workflow applies to that project; use your user directory for skills you want across all repos.88Skills can be global (in your user directory, for you as a developer) or repo-specific (checked into `.agents/skills`, for your team). Put repo skills in `.agents/skills` when the workflow applies to that project; use your user directory for skills you want across all repos.

89 89

91| :----- | :--------------------- | :--------------------------------------------- |91| :----- | :--------------------- | :--------------------------------------------- |

94 94

95Codex uses progressive disclosure for skills:95Codex uses progressive disclosure for skills:

105## MCP105## MCP

106 106

107MCP (Model Context Protocol) is the standard way to connect Codex to external tools and context providers.107MCP (Model Context Protocol) is the standard way to connect Codex to external tools and context providers.

108It’s especially useful for remotely hosted systems such as Figma, Linear, Jira, GitHub, or internal knowledge services your team depends on.108It's especially useful for remotely hosted systems such as Figma, Linear, GitHub, or internal knowledge services your team depends on.

109 109

110Use MCP when Codex needs capabilities that live outside the local repo, such as issue trackers, design tools, browsers, or shared documentation systems.110Use MCP when Codex needs capabilities that live outside the local repo, such as issue trackers, design tools, browsers, or shared documentation systems.

111 111

112A useful mental model:112One way to think about it:

113 113

114- **Host**: Codex114- **Host**: Codex

115- **Client**: the MCP connection inside Codex115- **Client**: the MCP connection inside Codex

129 129

130[Model Context Protocol](https://developers.openai.com/codex/mcp)130[Model Context Protocol](https://developers.openai.com/codex/mcp)

131 131

132## Multi-agents132## Subagents

133 133

134You can create different agents with different roles and prompt them to use tools differently. For example, one agent might run specific testing commands and configurations, while another has MCP servers that fetch production logs for debugging. Each sub-agent stays focused and uses the right tools for its job.134You can create different agents with different roles and prompt them to use tools differently. For example, one agent might run specific testing commands and configurations, while another has MCP servers that fetch production logs for debugging. Each subagent stays focused and uses the right tools for its job.

135 135

136[Multi-agents concepts](https://developers.openai.com/codex/concepts/multi-agents)136[Subagent concepts](https://developers.openai.com/codex/concepts/subagents)

137 137

138## Skills + MCP together138## Skills + MCP together

139 139

146 146

1471. [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md) so Codex follows your repo conventions. Add pre-commit hooks and linters to enforce those rules.1471. [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md) so Codex follows your repo conventions. Add pre-commit hooks and linters to enforce those rules.

1482. [Skills](https://developers.openai.com/codex/skills) so you never have the same conversation twice. Skills can include a `scripts/` directory with CLI scripts or pair with [MCP](https://developers.openai.com/codex/mcp) for external systems.1482. [Skills](https://developers.openai.com/codex/skills) so you never have the same conversation twice. Skills can include a `scripts/` directory with CLI scripts or pair with [MCP](https://developers.openai.com/codex/mcp) for external systems.

1493. [MCP](https://developers.openai.com/codex/mcp) when workflows need external systems (Linear, JIRA, docs servers, design tools).1493. [MCP](https://developers.openai.com/codex/mcp) when workflows need external systems (Linear, GitHub, docs servers, design tools).

1504. [Multi-agents](https://developers.openai.com/codex/multi-agent) when you’re ready to delegate noisy or specialized tasks to sub-agents.1504. [Subagents](https://developers.openai.com/codex/subagents) when you're ready to delegate noisy or specialized tasks to subagents.

concepts/multi-agents.md +0 −53 deleted

File DeletedView Diff

~~1# Multi-agents~~

~~3Codex can run multi-agent workflows by spawning specialized agents in parallel and collecting their results in one response.~~

~~5This page explains the core concepts and tradeoffs. For setup, agent configuration, and examples, see [Multi-agents](https://developers.openai.com/codex/multi-agent).~~

~~7## Why multi-agent workflows help~~

9Even with large context windows, models have limits. If you flood the main conversation (where you’re defining requirements, constraints, and decisions) with noisy intermediate output such as exploration notes, test logs, stack traces, and command output, the session can become less reliable over time.

~~11This is often described as:~~

~~13- **Context pollution**: useful information gets buried under noisy intermediate output.~~

~~14- **Context rot**: performance degrades as the conversation fills up with less relevant details.~~

~~16For background, see Chroma’s writeup on [context rot](https://research.trychroma.com/context-rot).~~

~~18Multi-agent workflows help by moving noisy work off the main thread:~~

~~20- Keep the **main agent** focused on requirements, decisions, and final outputs.~~

~~21- Run specialized **sub-agents** in parallel for exploration, tests, or log analysis.~~

~~22- Return **summaries** from sub-agents instead of raw intermediate output.~~

24As a starting point, use parallel agents for tasks that mostly read (exploration, tests, triage, and summarization). Be more careful with parallel write-heavy workflows, because multiple agents editing code at once can create conflicts and increase coordination overhead.

~~26## Core terms~~

~~28Codex uses a few related terms in multi-agent workflows:~~

~~30- **Multi-agent**: A workflow where Codex runs multiple agents in parallel and combines their results.~~

~~31- **Sub-agent**: A delegated agent that Codex starts to handle a specific task.~~

~~32- **Agent thread**: The CLI thread for an agent, which you can inspect and switch between with `/agent`.~~

~~34## Choosing models and reasoning~~

~~36Different agents benefit from different model and reasoning settings.~~

~~38`gpt-5.3-codex-spark` is available in research preview for ChatGPT Pro~~

~~39subscribers. See [Models](https://developers.openai.com/codex/models) for current availability. If you’re~~

~~40using Codex via the API, use GPT-5.2-Codex today.~~

~~42### Model choice~~

44- **`gpt-5.3-codex`**: Use for agents that need stronger reasoning, such as code review, security analysis, multi-step implementation, or tasks with ambiguous requirements. The main agent and agents that propose or apply edits usually fit here.

45- **`gpt-5.3-codex-spark`**: Use for agents that prioritize speed over depth, such as exploration, read-heavy scans, or quick summarization tasks. Spark works well for parallel workers that return distilled results to the main agent.

~~47### Reasoning effort (`model_reasoning_effort`)~~

~~49- **`high`**: Use when an agent needs to trace complex logic, validate assumptions, or work through edge cases (for example, reviewer or security-focused agents).~~

~~50- **`medium`**: A balanced default for most agents.~~

~~51- **`low`**: Use when the task is straightforward and speed matters most.~~

53Higher reasoning effort increases response time and token usage, but it can improve quality for complex work. For details, see [Models](https://developers.openai.com/codex/models), [Config basics](https://developers.openai.com/codex/config-basic), and [Configuration Reference](https://developers.openai.com/codex/config-reference).

concepts/subagents.md +90 −0 added

Details

1# Subagents

3Codex can run subagent workflows by spawning specialized agents in parallel so

4they can explore, tackle, or analyze work concurrently.

6This page explains the core concepts and tradeoffs. For setup, agent configuration, and examples, see [Subagents](https://developers.openai.com/codex/subagents).

8## Why subagent workflows help

10Even with large context windows, models have limits. If you flood the main conversation (where you're defining requirements, constraints, and decisions) with noisy intermediate output such as exploration notes, test logs, stack traces, and command output, the session can become less reliable over time.

12This is often described as:

14- **Context pollution**: useful information gets buried under noisy intermediate output.

15- **Context rot**: performance degrades as the conversation fills up with less relevant details.

17For background, see the Chroma writeup on [context rot](https://research.trychroma.com/context-rot).

19Subagent workflows help by moving noisy work off the main thread:

21- Keep the **main agent** focused on requirements, decisions, and final outputs.

22- Run specialized **subagents** in parallel for exploration, tests, or log analysis.

23- Return **summaries** from subagents instead of raw intermediate output.

25They can also save time when the work can run independently in parallel, and

26they make larger-shaped tasks more tractable by breaking them into bounded

27pieces. For example, Codex can split analysis of a multi-million-token

28document into smaller problems and return distilled takeaways to the main

29thread.

31As a starting point, use parallel agents for read-heavy tasks such as

32exploration, tests, triage, and summarization. Be more careful with parallel

33write-heavy workflows, because agents editing code at once can create

34conflicts and increase coordination overhead.

36## Core terms

38Codex uses a few related terms in subagent workflows:

40- **Subagent workflow**: A workflow where Codex runs parallel agents and combines their results.

41- **Subagent**: A delegated agent that Codex starts to handle a specific task.

42- **Agent thread**: The CLI thread for an agent, which you can inspect and switch between with `/agent`.

44## Triggering subagent workflows

46Codex doesn't spawn subagents automatically, and it should only use subagents when you

47explicitly ask for subagents or parallel agent work.

49In practice, manual triggering means using direct instructions such as

50"spawn two agents," "delegate this work in parallel," or "use one agent per

51point." Subagent workflows consume more tokens than comparable single-agent runs

52because each subagent does its own model and tool work.

54A good subagent prompt should explain how to divide the work, whether Codex

55should wait for all agents before continuing, and what summary or output to

56return.

58```text

59Review this branch with parallel subagents. Spawn one subagent for security risks, one for test gaps, and one for maintainability. Wait for all three, then summarize the findings by category with file references.

60```

62## Choosing models and reasoning

64Different agents need different model and reasoning settings.

66If you don't pin a model or `model_reasoning_effort`, Codex can choose a setup

67that balances intelligence, speed, and price for the task. It may favor

68`gpt-5.4-mini` for fast scans or a higher-effort `gpt-5.4`

69configuration for more demanding reasoning. When you want finer control, steer that

70choice in your prompt or set `model` and `model_reasoning_effort` directly in

71the agent file.

73For most tasks in Codex, start with `gpt-5.4`. Use `gpt-5.4-mini` when you

74want a faster, lower-cost option for lighter subagent work. If you have

75ChatGPT Pro and want near-instant text-only iteration, `gpt-5.3-codex-spark`

76remains available in research preview.

78### Model choice

80- **`gpt-5.4`**: Start here for most agents. It combines strong coding, reasoning, tool use, and broader workflows. The main agent and agents that coordinate ambiguous or multi-step work fit here.

81- **`gpt-5.4-mini`**: Use for agents that favor speed and efficiency over depth, such as exploration, read-heavy scans, large-file review, or processing supporting documents. It works well for parallel workers that return distilled results to the main agent.

82- **`gpt-5.3-codex-spark`**: If you have ChatGPT Pro, use this research preview model for near-instant, text-only iteration when latency matters more than broader capability.

84### Reasoning effort (`model_reasoning_effort`)

86- **`high`**: Use when an agent needs to trace complex logic, check assumptions, or work through edge cases (for example, reviewer or security-focused agents).

87- **`medium`**: A balanced default for most agents.

88- **`low`**: Use when the task is straightforward and speed matters most.

90Higher reasoning effort increases response time and token usage, but it can improve quality for complex work. For details, see [Models](https://developers.openai.com/codex/models), [Config basics](https://developers.openai.com/codex/config-basic), and [Configuration Reference](https://developers.openai.com/codex/config-reference).

config-advanced.md +17 −9

Details

2 2

3Use these options when you need more control over providers, policies, and integrations. For a quick start, see [Config basics](https://developers.openai.com/codex/config-basic).3Use these options when you need more control over providers, policies, and integrations. For a quick start, see [Config basics](https://developers.openai.com/codex/config-basic).

4 4

5For background on project guidance, reusable capabilities, custom slash commands, multi-agent workflows, and integrations, see [Customization](https://developers.openai.com/codex/concepts/customization). For configuration keys, see [Configuration Reference](https://developers.openai.com/codex/config-reference).5For background on project guidance, reusable capabilities, custom slash commands, subagent workflows, and integrations, see [Customization](https://developers.openai.com/codex/concepts/customization). For configuration keys, see [Configuration Reference](https://developers.openai.com/codex/config-reference).

6 6

7## Profiles7## Profiles

8 8

74 74

75For shared defaults, rules, and skills checked into repos or system paths, see [Team Config](https://developers.openai.com/codex/enterprise/admin-setup#team-config).75For shared defaults, rules, and skills checked into repos or system paths, see [Team Config](https://developers.openai.com/codex/enterprise/admin-setup#team-config).

76 76

77If you just need to point the built-in OpenAI provider at an LLM proxy, router, or data-residency enabled project, set environment variable `OPENAI_BASE_URL` instead of defining a new provider. This overrides the default OpenAI endpoint without a `config.toml` change.77If you just need to point the built-in OpenAI provider at an LLM proxy, router, or data-residency enabled project, set `openai_base_url` in `config.toml` instead of defining a new provider. This changes the base URL for the built-in `openai` provider without requiring a separate `model_providers.<id>` entry.

78 78

79```toml79```toml

~~80export OPENAI_BASE_URL="https://api.openai.com/v1"~~80openai_base_url = "https://us.api.openai.com/v1"

~~81codex~~

82```81```

83 82

84## Project config files (`.codex/config.toml`)83## Project config files (`.codex/config.toml`)

87 86

88For security, Codex loads project-scoped config files only when the project is trusted. If the project is untrusted, Codex ignores `.codex/config.toml` files in the project.87For security, Codex loads project-scoped config files only when the project is trusted. If the project is untrusted, Codex ignores `.codex/config.toml` files in the project.

89 88

~~90Relative paths inside a project config (for example, `experimental_instructions_file`) are resolved relative to the `.codex/` folder that contains the `config.toml`.~~89Relative paths inside a project config (for example, `model_instructions_file`) are resolved relative to the `.codex/` folder that contains the `config.toml`.

91 90

92## Agent roles (`[agents]` in `config.toml`)91## Agent roles (`[agents]` in `config.toml`)

93 92

~~94For multi-agent role configuration (`[agents]` in `config.toml`), see [Multi-agents](https://developers.openai.com/codex/multi-agent).~~93For subagent role configuration (`[agents]` in `config.toml`), see [Subagents](https://developers.openai.com/codex/subagents).

95 94

96## Project root detection95## Project root detection

97 96

190 189

191Pick approval strictness (affects when Codex pauses) and sandbox level (affects file/network access).190Pick approval strictness (affects when Codex pauses) and sandbox level (affects file/network access).

192 191

193For operational details that are easy to miss while editing `config.toml`, see [Common sandbox and approval combinations](https://developers.openai.com/codex/agent-approvals-security#common-sandbox-and-approval-combinations), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).192For operational details to keep in mind while editing `config.toml`, see [Common sandbox and approval combinations](https://developers.openai.com/codex/agent-approvals-security#common-sandbox-and-approval-combinations), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

194 193

195You can also use a granular reject policy (`approval_policy = { reject = { ... } }`) to auto-reject only selected prompt categories, such as sandbox approvals, `execpolicy` rule prompts, or MCP input requests (`mcp_elicitations`), while keeping other prompts interactive.194You can also use a granular approval policy (`approval_policy = { granular = { ... } }`) to allow or auto-reject individual prompt categories. This is useful when you want normal interactive approvals for some cases but want others, such as `request_permissions` or skill-script prompts, to fail closed automatically.

196 195

197```196```

198approval_policy = "untrusted" # Other options: on-request, never, or { reject = { ... } }197approval_policy = "untrusted" # Other options: on-request, never, or { granular = { ... } }

199sandbox_mode = "workspace-write"198sandbox_mode = "workspace-write"

200allow_login_shell = false # Optional hardening: disallow login shells for shell tools199allow_login_shell = false # Optional hardening: disallow login shells for shell tools

201 200

201# Example granular approval policy:

202# approval_policy = { granular = {

203# sandbox_approval = true,

204# rules = true,

205# mcp_elicitations = true,

206# request_permissions = false,

207# skill_approval = false

208# } }

209

202[sandbox_workspace_write]210[sandbox_workspace_write]

203exclude_tmpdir_env_var = false # Allow $TMPDIR211exclude_tmpdir_env_var = false # Allow $TMPDIR

204exclude_slash_tmp = false # Allow /tmp212exclude_slash_tmp = false # Allow /tmp

config-basic.md +8 −14

Details

147 147

148| Key | Default | Maturity | Description |148| Key | Default | Maturity | Description |

149| -------------------- | :-------------------: | ------------ | ---------------------------------------------------------------------------------------- |149| -------------------- | :-------------------: | ------------ | ---------------------------------------------------------------------------------------- |

168 162

169The Maturity column uses feature maturity labels such as Experimental, Beta,163The Maturity column uses feature maturity labels such as Experimental, Beta,

170 and Stable. See [Feature Maturity](https://developers.openai.com/codex/feature-maturity) for how to164 and Stable. See [Feature Maturity](https://developers.openai.com/codex/feature-maturity) for how to

config-reference.md +534 −131

Details

12| --- | --- | --- |12| --- | --- | --- |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

18| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

19| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

~~20| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |~~21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

41| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

43| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

~~41| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |~~

~~43| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |~~

48| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |

~~52| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |~~

~~53| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |~~

~~54| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |~~

~~55| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |~~

58| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

59| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

~~69| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |~~

86| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

88| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

112| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

124| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

143| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

146| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

147| `permissions.<name>.network.allow_unix_sockets` | `array<string>` | Allowlist of Unix socket paths permitted through the managed proxy. |

148| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

149| `permissions.<name>.network.allowed_domains` | `array<string>` | Allowlist of domains permitted through the managed proxy. |

150| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

151| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

152| `permissions.<name>.network.denied_domains` | `array<string>` | Denylist of domains blocked by the managed proxy. |

153| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

154| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

155| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

157| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

158| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

143| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

144| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |165| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

166| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

171| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

199| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

172| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |200| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

203| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

175| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |204| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |

208| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

179| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |209| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

212| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

182 213

183Key214Key

184 215

206 237

207Key238Key

208 239

240`agents.<name>.nickname_candidates`

241

242Type / Values

243

244`array<string>`

245

246Details

247

248Optional pool of display nicknames for spawned agents in that role.

249

250Key

251

209`agents.job_max_runtime_seconds`252`agents.job_max_runtime_seconds`

210 253

211Type / Values254Type / Values

238 281

239Details282Details

240 283

241Maximum number of agent threads that can be open concurrently.284Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

242 285

243Key286Key

244 287

254 297

255Key298Key

256 299

300`analytics.enabled`

301

302Type / Values

303

304`boolean`

305

306Details

307

308Enable or disable analytics for this machine/profile. When unset, the client default applies.

309

310Key

311

257`approval_policy`312`approval_policy`

258 313

259Type / Values314Type / Values

260 315

261`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`316`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

262 317

263Details318Details

264 319

265Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.320Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

266 321

267Key322Key

268 323

269`approval_policy.reject.mcp_elicitations`324`approval_policy.granular.mcp_elicitations`

270 325

271Type / Values326Type / Values

272 327

274 329

275Details330Details

276 331

277When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.332When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

278 333

279Key334Key

280 335

281`approval_policy.reject.rules`336`approval_policy.granular.request_permissions`

282 337

283Type / Values338Type / Values

284 339

286 341

287Details342Details

288 343

289When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.344When `true`, prompts from the `request_permissions` tool are allowed to surface.

290 345

291Key346Key

292 347

293`approval_policy.reject.sandbox_approval`348`approval_policy.granular.rules`

294 349

295Type / Values350Type / Values

296 351

298 353

299Details354Details

300 355

301When `true`, sandbox escalation approval prompts are auto-rejected.356When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

357

358Key

359

360`approval_policy.granular.sandbox_approval`

361

362Type / Values

363

364`boolean`

365

366Details

367

368When `true`, sandbox escalation approval prompts are allowed to surface.

369

370Key

371

372`approval_policy.granular.skill_approval`

373

374Type / Values

375

376`boolean`

377

378Details

379

380When `true`, skill-script approval prompts are allowed to surface.

302 381

303Key382Key

304 383

470 549

471Key550Key

472 551

473`compact_prompt`552`commit_attribution`

474 553

475Type / Values554Type / Values

476 555

478 557

479Details558Details

480 559

481Inline override for the history compaction prompt.560Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

482 561

483Key562Key

484 563

485`developer_instructions`564`compact_prompt`

486 565

487Type / Values566Type / Values

488 567

490 569

491Details570Details

492 571

493Additional developer instructions injected into the session (optional).572Inline override for the history compaction prompt.

494 573

495Key574Key

496 575

497`disable_paste_burst`576`default_permissions`

498 577

499Type / Values578Type / Values

500 579

501`boolean`580`string`

502 581

503Details582Details

504 583

505Disable burst-paste detection in the TUI.584Name of the default permissions profile to apply to sandboxed tool calls.

506 585

507Key586Key

508 587

509`experimental_compact_prompt_file`588`developer_instructions`

510 589

511Type / Values590Type / Values

512 591

513`string (path)`592`string`

514 593

515Details594Details

516 595

517Load the compaction prompt override from a file (experimental).596Additional developer instructions injected into the session (optional).

518 597

519Key598Key

520 599

521`experimental_use_freeform_apply_patch`600`disable_paste_burst`

522 601

523Type / Values602Type / Values

524 603

526 605

527Details606Details

528 607

529Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.608Disable burst-paste detection in the TUI.

530 609

531Key610Key

532 611

533`experimental_use_unified_exec_tool`612`experimental_compact_prompt_file`

534 613

535Type / Values614Type / Values

536 615

537`boolean`616`string (path)`

538 617

539Details618Details

540 619

541Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.620Load the compaction prompt override from a file (experimental).

542 621

543Key622Key

544 623

545`features.apply_patch_freeform`624`experimental_use_unified_exec_tool`

546 625

547Type / Values626Type / Values

548 627

550 629

551Details630Details

552 631

553Expose the freeform `apply_patch` tool (experimental).632Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

554 633

555Key634Key

556 635

566 645

567Key646Key

568 647

569`features.apps_mcp_gateway`648`features.enable_request_compression`

570 649

571Type / Values650Type / Values

572 651

574 653

575Details654Details

576 655

577Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).656Compress streaming request bodies with zstd when supported (stable; on by default).

578 657

579Key658Key

580 659

581`features.child_agents_md`660`features.fast_mode`

582 661

583Type / Values662Type / Values

584 663

586 665

587Details666Details

588 667

589Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).668Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

~~590~~

591Key

~~592~~

593`features.collaboration_modes`

~~594~~

595Type / Values

~~596~~

597`boolean`

~~598~~

599Details

~~600~~

601Enable collaboration modes such as plan mode (stable; on by default).

602 669

603Key670Key

604 671

610 677

611Details678Details

612 679

613Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).680Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

614 681

615Key682Key

616 683

626 693

627Key694Key

628 695

629`features.powershell_utf8`696`features.prevent_idle_sleep`

630 697

631Type / Values698Type / Values

632 699

634 701

635Details702Details

636 703

637Force PowerShell UTF-8 output (defaults to true).704Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

638 705

639Key706Key

640 707

641`features.remote_models`708`features.shell_snapshot`

~~642~~

643Type / Values

~~644~~

645`boolean`

~~646~~

647Details

~~648~~

649Refresh remote model list before showing readiness (experimental).

~~650~~

651Key

~~652~~

653`features.request_rule`

654 709

655Type / Values710Type / Values

656 711

658 713

659Details714Details

660 715

661Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).716Snapshot shell environment to speed up repeated commands (stable; on by default).

662 717

663Key718Key

664 719

665`features.runtime_metrics`720`features.shell_tool`

666 721

667Type / Values722Type / Values

668 723

670 725

671Details726Details

672 727

673Show runtime metrics summary in TUI turn separators (experimental).728Enable the default `shell` tool for running commands (stable; on by default).

674 729

675Key730Key

676 731

677`features.search_tool`732`features.skill_mcp_dependency_install`

678 733

679Type / Values734Type / Values

680 735

682 737

683Details738Details

684 739

685Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).740Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

686 741

687Key742Key

688 743

689`features.shell_snapshot`744`features.smart_approvals`

690 745

691Type / Values746Type / Values

692 747

694 749

695Details750Details

696 751

697Snapshot shell environment to speed up repeated commands (beta).752Route eligible approval requests through the guardian reviewer subagent (experimental; off by default).

698 753

699Key754Key

700 755

701`features.shell_tool`756`features.undo`

702 757

703Type / Values758Type / Values

704 759

706 761

707Details762Details

708 763

709Enable the default `shell` tool for running commands (stable; on by default).764Enable undo support (stable; off by default).

710 765

711Key766Key

712 767

718 773

719Details774Details

720 775

721Use the unified PTY-backed exec tool (beta).776Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

~~722~~

723Key

~~724~~

725`features.use_linux_sandbox_bwrap`

~~726~~

727Type / Values

~~728~~

729`boolean`

~~730~~

731Details

~~732~~

733Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

734 777

735Key778Key

736 779

854 897

855Key898Key

856 899

857`include_apply_patch_tool`

~~858~~

859Type / Values

~~860~~

861`boolean`

~~862~~

863Details

~~864~~

865Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.

~~866~~

867Key

~~868~~

869`instructions`900`instructions`

870 901

871Type / Values902Type / Values

1058 1089

1059Key1090Key

1060 1091

1092`mcp_servers.<id>.oauth_resource`

1093

1094Type / Values

1095

1096`string`

1097

1098Details

1099

1100Optional RFC 8707 OAuth resource parameter to include during MCP login.

1101

1102Key

1103

1061`mcp_servers.<id>.required`1104`mcp_servers.<id>.required`

1062 1105

1063Type / Values1106Type / Values

1070 1113

1071Key1114Key

1072 1115

1116`mcp_servers.<id>.scopes`

1117

1118Type / Values

1119

1120`array<string>`

1121

1122Details

1123

1124OAuth scopes to request when authenticating to that MCP server.

1125

1126Key

1127

1073`mcp_servers.<id>.startup_timeout_ms`1128`mcp_servers.<id>.startup_timeout_ms`

1074 1129

1075Type / Values1130Type / Values

1334 1389

1335Key1390Key

1336 1391

1392`model_providers.<id>.supports_websockets`

1393

1394Type / Values

1395

1396`boolean`

1397

1398Details

1399

1400Whether that provider supports the Responses API WebSocket transport.

1401

1402Key

1403

1337`model_providers.<id>.wire_api`1404`model_providers.<id>.wire_api`

1338 1405

1339Type / Values1406Type / Values

1340 1407

1341`chat | responses`1408`responses`

1342 1409

1343Details1410Details

1344 1411

1345Protocol used by the provider (defaults to `chat` if omitted).1412Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1346 1413

1347Key1414Key

1348 1415

1390 1457

1391Details1458Details

1392 1459

1393Control GPT-5 Responses API verbosity (defaults to `medium`).1460Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1394 1461

1395Key1462Key

1396 1463

1478 1545

1479Key1546Key

1480 1547

1548`openai_base_url`

1549

1550Type / Values

1551

1552`string`

1553

1554Details

1555

1556Base URL override for the built-in `openai` model provider.

1557

1558Key

1559

1481`oss_provider`1560`oss_provider`

1482 1561

1483Type / Values1562Type / Values

1598 1677

1599Key1678Key

1600 1679

1680`otel.metrics_exporter`

1681

1682Type / Values

1683

1684`none | statsig | otlp-http | otlp-grpc`

1685

1686Details

1687

1688Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1689

1690Key

1691

1601`otel.trace_exporter`1692`otel.trace_exporter`

1602 1693

1603Type / Values1694Type / Values

1682 1773

1683Key1774Key

1684 1775

1776`permissions.<name>.filesystem`

1777

1778Type / Values

1779

1780`table`

1781

1782Details

1783

1784Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

1785

1786Key

1787

1788`permissions.<name>.filesystem.":project_roots".<subpath>`

1789

1790Type / Values

1791

1792`"read" | "write" | "none"`

1793

1794Details

1795

1796Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself.

1797

1798Key

1799

1800`permissions.<name>.filesystem.<path>`

1801

1802Type / Values

1803

1804`"read" | "write" | "none" | table`

1805

1806Details

1807

1808Grant direct access for a path or special token, or scope nested entries under that root.

1809

1810Key

1811

1812`permissions.<name>.network.allow_local_binding`

1813

1814Type / Values

1815

1816`boolean`

1817

1818Details

1819

1820Permit local bind/listen operations through the managed proxy.

1821

1822Key

1823

1824`permissions.<name>.network.allow_unix_sockets`

1825

1826Type / Values

1827

1828`array<string>`

1829

1830Details

1831

1832Allowlist of Unix socket paths permitted through the managed proxy.

1833

1834Key

1835

1836`permissions.<name>.network.allow_upstream_proxy`

1837

1838Type / Values

1839

1840`boolean`

1841

1842Details

1843

1844Allow the managed proxy to chain to another upstream proxy.

1845

1846Key

1847

1848`permissions.<name>.network.allowed_domains`

1849

1850Type / Values

1851

1852`array<string>`

1853

1854Details

1855

1856Allowlist of domains permitted through the managed proxy.

1857

1858Key

1859

1860`permissions.<name>.network.dangerously_allow_all_unix_sockets`

1861

1862Type / Values

1863

1864`boolean`

1865

1866Details

1867

1868Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

1869

1870Key

1871

1872`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

1873

1874Type / Values

1875

1876`boolean`

1877

1878Details

1879

1880Permit non-loopback bind addresses for the managed proxy listener.

1881

1882Key

1883

1884`permissions.<name>.network.denied_domains`

1885

1886Type / Values

1887

1888`array<string>`

1889

1890Details

1891

1892Denylist of domains blocked by the managed proxy.

1893

1894Key

1895

1896`permissions.<name>.network.enable_socks5`

1897

1898Type / Values

1899

1900`boolean`

1901

1902Details

1903

1904Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

1905

1906Key

1907

1908`permissions.<name>.network.enable_socks5_udp`

1909

1910Type / Values

1911

1912`boolean`

1913

1914Details

1915

1916Allow UDP over the SOCKS5 listener when enabled.

1917

1918Key

1919

1920`permissions.<name>.network.enabled`

1921

1922Type / Values

1923

1924`boolean`

1925

1926Details

1927

1928Enable network access for this named permissions profile.

1929

1930Key

1931

1932`permissions.<name>.network.mode`

1933

1934Type / Values

1935

1936`limited | full`

1937

1938Details

1939

1940Network proxy mode used for subprocess traffic.

1941

1942Key

1943

1944`permissions.<name>.network.proxy_url`

1945

1946Type / Values

1947

1948`string`

1949

1950Details

1951

1952HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

1953

1954Key

1955

1956`permissions.<name>.network.socks_url`

1957

1958Type / Values

1959

1960`string`

1961

1962Details

1963

1964SOCKS5 proxy endpoint used by this permissions profile.

1965

1966Key

1967

1685`personality`1968`personality`

1686 1969

1687Type / Values1970Type / Values

1694 1977

1695Key1978Key

1696 1979

1980`plan_mode_reasoning_effort`

1981

1982Type / Values

1983

1985

1986Details

1987

1988Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

1989

1990Key

1991

1697`profile`1992`profile`

1698 1993

1699Type / Values1994Type / Values

1718 2013

1719Key2014Key

1720 2015

1721`profiles.<name>.experimental_use_freeform_apply_patch`2016`profiles.<name>.analytics.enabled`

1722 2017

1723Type / Values2018Type / Values

1724 2019

1726 2021

1727Details2022Details

1728 2023

1729Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2024Profile-scoped analytics enablement override.

1730 2025

1731Key2026Key

1732 2027

1742 2037

1743Key2038Key

1744 2039

1745`profiles.<name>.include_apply_patch_tool`2040`profiles.<name>.model_catalog_json`

1746 2041

1747Type / Values2042Type / Values

1748 2043

1749`boolean`2044`string (path)`

1750 2045

1751Details2046Details

1752 2047

1753Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2048Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

1754 2049

1755Key2050Key

1756 2051

1757`profiles.<name>.model_catalog_json`2052`profiles.<name>.model_instructions_file`

1758 2053

1759Type / Values2054Type / Values

1760 2055

1762 2057

1763Details2058Details

1764 2059

1765Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).2060Profile-scoped replacement for the built-in instruction file.

1766 2061

1767Key2062Key

1768 2063

1790 2085

1791Key2086Key

1792 2087

2088`profiles.<name>.plan_mode_reasoning_effort`

2089

2090Type / Values

2091

2093

2094Details

2095

2096Profile-scoped Plan-mode reasoning override.

2097

2098Key

2099

2100`profiles.<name>.service_tier`

2101

2102Type / Values

2103

2104`flex | fast`

2105

2106Details

2107

2108Profile-scoped service tier preference for new turns.

2109

2110Key

2111

2112`profiles.<name>.tools_view_image`

2113

2114Type / Values

2115

2116`boolean`

2117

2118Details

2119

2120Enable or disable the `view_image` tool in that profile.

2121

2122Key

2123

1793`profiles.<name>.web_search`2124`profiles.<name>.web_search`

1794 2125

1795Type / Values2126Type / Values

1802 2133

1803Key2134Key

1804 2135

2136`profiles.<name>.windows.sandbox`

2137

2138Type / Values

2139

2140`unelevated | elevated`

2141

2142Details

2143

2144Profile-scoped Windows sandbox mode override.

2145

2146Key

2147

1805`project_doc_fallback_filenames`2148`project_doc_fallback_filenames`

1806 2149

1807Type / Values2150Type / Values

1922 2265

1923Key2266Key

1924 2267

2268`service_tier`

2269

2270Type / Values

2271

2272`flex | fast`

2273

2274Details

2275

2276Preferred service tier for new turns.

2277

2278Key

2279

1925`shell_environment_policy.exclude`2280`shell_environment_policy.exclude`

1926 2281

1927Type / Values2282Type / Values

2078 2433

2079Key2434Key

2080 2435

2081`tools.web_search`2436`tools.view_image`

2082 2437

2083Type / Values2438Type / Values

2084 2439

2086 2441

2087Details2442Details

2088 2443

2089Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2444Enable the local-image attachment tool `view_image`.

2445

2446Key

2447

2448`tools.web_search`

2449

2450Type / Values

2451

2452`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2453

2454Details

2455

2456Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2090 2457

2091Key2458Key

2092 2459

2126 2493

2127Key2494Key

2128 2495

2496`tui.model_availability_nux.<model>`

2497

2498Type / Values

2499

2500`integer`

2501

2502Details

2503

2504Internal startup-tooltip state keyed by model slug.

2505

2506Key

2507

2129`tui.notification_method`2508`tui.notification_method`

2130 2509

2131Type / Values2510Type / Values

2174 2553

2175Key2554Key

2176 2555

2556`tui.theme`

2557

2558Type / Values

2559

2560`string`

2561

2562Details

2563

2564Syntax-highlighting theme override (kebab-case theme name).

2565

2566Key

2567

2177`web_search`2568`web_search`

2178 2569

2179Type / Values2570Type / Values

2208 2599

2209Windows-only native sandbox mode when running Codex natively on Windows.2600Windows-only native sandbox mode when running Codex natively on Windows.

2210 2601

2602Key

2603

2604`windows.sandbox_private_desktop`

2605

2606Type / Values

2607

2608`boolean`

2609

2610Details

2611

2612Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2613

2211Expand to view all2614Expand to view all

2212 2615

2213You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2616You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2232 2635

2233| Key | Type / Values | Details |2636| Key | Type / Values | Details |

2234| --- | --- | --- |2637| --- | --- | --- |

2237| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2640| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2259 2662

2260Details2663Details

2261 2664

2262Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).2665Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

2263 2666

2264Key2667Key

2265 2668

config-sample.md +138 −123

Details

15```toml15```toml

16# Codex example configuration (config.toml)16# Codex example configuration (config.toml)

17#17#

~~18# This file lists all keys Codex reads from config.toml, along with default~~18# This file lists the main keys Codex reads from config.toml, along with default

19# behaviors, recommended examples, and concise explanations. Adjust as needed.19# behaviors, recommended examples, and concise explanations. Adjust as needed.

20#20#

21# Notes21# Notes

30# Primary model used by Codex. Recommended example for most users: "gpt-5.4".30# Primary model used by Codex. Recommended example for most users: "gpt-5.4".

31model = "gpt-5.4"31model = "gpt-5.4"

32 32

~~33# Default communication style for supported models. Default: "friendly".~~33# Communication style for supported models. Allowed values: none | friendly | pragmatic

~~34# Allowed values: none | friendly | pragmatic~~34# personality = "pragmatic"

~~35# personality = "friendly"~~

36 35

37# Optional model override for /review. Default: unset (uses current session model).36# Optional model override for /review. Default: unset (uses current session model).

38# review_model = "gpt-5.4"37# review_model = "gpt-5.4"

43# Default OSS provider for --oss sessions. When unset, Codex prompts. Default: unset.42# Default OSS provider for --oss sessions. When unset, Codex prompts. Default: unset.

44# oss_provider = "ollama"43# oss_provider = "ollama"

45 44

~~46# Optional manual model metadata. When unset, Codex auto-detects from model.~~45# Preferred service tier. `fast` is honored only when enabled in [features].

~~47# Uncomment to force values.~~46# service_tier = "flex" # fast | flex

48# Optional manual model metadata. When unset, Codex uses model or preset defaults.

48# model_context_window = 128000 # tokens; default: auto for model49# model_context_window = 128000 # tokens; default: auto for model

~~49# model_auto_compact_token_limit = 0 # tokens; unset uses model defaults~~50# model_auto_compact_token_limit = 64000 # tokens; unset uses model defaults

~~50# tool_output_token_limit = 10000 # tokens stored per tool output~~51# tool_output_token_limit = 12000 # tokens stored per tool output

51# model_catalog_json = "/absolute/path/to/models.json" # optional startup-only model catalog override52# model_catalog_json = "/absolute/path/to/models.json" # optional startup-only model catalog override

52# background_terminal_max_timeout = 300000 # ms; max empty write_stdin poll window (default 5m)53# background_terminal_max_timeout = 300000 # ms; max empty write_stdin poll window (default 5m)

53# log_dir = "/absolute/path/to/codex-logs" # directory for Codex logs; default: "$CODEX_HOME/log"54# log_dir = "/absolute/path/to/codex-logs" # directory for Codex logs; default: "$CODEX_HOME/log"

57# Reasoning & Verbosity (Responses API capable models)58# Reasoning & Verbosity (Responses API capable models)

58################################################################################59################################################################################

59 60

~~61model_reasoning_effort = "medium"~~62# model_reasoning_effort = "medium"

65# plan_mode_reasoning_effort = "high"

62 66

64# model_reasoning_summary = "auto"68# model_reasoning_summary = "auto"

65 69

~~66# Text verbosity for GPT-5 family (Responses API): low | medium | high (default: medium)~~70# Text verbosity for GPT-5 family (Responses API): low | medium | high

67# model_verbosity = "medium"71# model_verbosity = "medium"

68 72

~~69# Force enable or disable reasoning summaries for current model~~73# Force enable or disable reasoning summaries for current model.

70# model_supports_reasoning_summaries = true74# model_supports_reasoning_summaries = true

71 75

72################################################################################76################################################################################

76# Additional user instructions are injected before AGENTS.md. Default: unset.80# Additional user instructions are injected before AGENTS.md. Default: unset.

77# developer_instructions = ""81# developer_instructions = ""

78 82

~~79# (Ignored) Optional legacy base instructions override (prefer AGENTS.md). Default: unset.~~

~~80# instructions = ""~~

82# Inline override for the history compaction prompt. Default: unset.83# Inline override for the history compaction prompt. Default: unset.

83# compact_prompt = ""84# compact_prompt = ""

84 85

86# Override the default commit co-author trailer. Set to "" to disable it.

87# commit_attribution = "Jane Doe <jane@example.com>"

85# Override built-in base instructions with a file path. Default: unset.89# Override built-in base instructions with a file path. Default: unset.

86# model_instructions_file = "/absolute/or/relative/path/to/instructions.txt"90# model_instructions_file = "/absolute/or/relative/path/to/instructions.txt"

87 91

~~88# Migration note: experimental_instructions_file was renamed to model_instructions_file (deprecated).~~

90# Load the compact prompt override from a file. Default: unset.92# Load the compact prompt override from a file. Default: unset.

91# experimental_compact_prompt_file = "/absolute/or/relative/path/to/compact_prompt.txt"93# experimental_compact_prompt_file = "/absolute/or/relative/path/to/compact_prompt.txt"

92 94

~~93# Legacy name for apply_patch_freeform. Default: false~~

~~94include_apply_patch_tool = false~~

96################################################################################95################################################################################

97# Notifications96# Notifications

98################################################################################97################################################################################

99 98

100# External notifier program (argv array). When unset: disabled.99# External notifier program (argv array). When unset: disabled.

101# Example: notify = ["notify-send", "Codex"]100# notify = ["notify-send", "Codex"]

102notify = [ ]

103 101

104################################################################################102################################################################################

105# Approval & Sandbox103# Approval & Sandbox

109# - untrusted: only known-safe read-only commands auto-run; others prompt107# - untrusted: only known-safe read-only commands auto-run; others prompt

110# - on-request: model decides when to ask (default)108# - on-request: model decides when to ask (default)

111# - never: never prompt (risky)109# - never: never prompt (risky)

112# - { reject = { ... } }: auto-reject selected prompt categories110# - { granular = { ... } }: allow or auto-reject selected prompt categories

113approval_policy = "on-request"111approval_policy = "on-request"

114# Example granular auto-reject policy:112# Example granular policy:

115# approval_policy = { reject = { sandbox_approval = true, rules = false, mcp_elicitations = false } }113# approval_policy = { granular = {

114# sandbox_approval = true,

115# rules = true,

116# mcp_elicitations = true,

117# request_permissions = false,

118# skill_approval = false

119# } }

116 120

117# Allow login-shell semantics for shell-based tools when they request `login = true`.121# Allow login-shell semantics for shell-based tools when they request `login = true`.

118# Default: true. Set false to force non-login shells and reject explicit login-shell requests.122# Default: true. Set false to force non-login shells and reject explicit login-shell requests.

124# - danger-full-access (no sandbox; extremely risky)128# - danger-full-access (no sandbox; extremely risky)

125sandbox_mode = "read-only"129sandbox_mode = "read-only"

126 130

127[windows]

128# Native Windows sandbox mode (Windows only): unelevated | elevated

129sandbox = "unelevated"

~~130~~

131################################################################################131################################################################################

132# Authentication & Login132# Authentication & Login

133################################################################################133################################################################################

135# Where to persist CLI login credentials: file (default) | keyring | auto135# Where to persist CLI login credentials: file (default) | keyring | auto

136cli_auth_credentials_store = "file"136cli_auth_credentials_store = "file"

137 137

138# Base URL for ChatGPT auth flow (not OpenAI API). Default:138# Base URL for ChatGPT auth flow (not OpenAI API).

139chatgpt_base_url = "https://chatgpt.com/backend-api/"139chatgpt_base_url = "https://chatgpt.com/backend-api/"

140 140

141# Optional base URL override for the built-in OpenAI provider.

142# openai_base_url = "https://us.api.openai.com/v1"

143

141# Restrict ChatGPT login to a specific workspace id. Default: unset.144# Restrict ChatGPT login to a specific workspace id. Default: unset.

142# forced_chatgpt_workspace_id = ""145# forced_chatgpt_workspace_id = "00000000-0000-0000-0000-000000000000"

143 146

144# Force login mechanism when Codex would normally auto-select. Default: unset.147# Force login mechanism when Codex would normally auto-select. Default: unset.

145# Allowed values: chatgpt | api148# Allowed values: chatgpt | api

204# If you use --yolo or another full access sandbox setting, web search defaults to live.205# If you use --yolo or another full access sandbox setting, web search defaults to live.

205web_search = "cached"206web_search = "cached"

206 207

207################################################################################

208# Profiles (named presets)

209################################################################################

~~210~~

211# Active profile name. When unset, no profile is applied.208# Active profile name. When unset, no profile is applied.

212# profile = "default"209# profile = "default"

213 210

211# Suppress the warning shown when under-development feature flags are enabled.

212# suppress_unstable_features_warning = true

213

214################################################################################214################################################################################

215# Agents (multi-agent roles and limits)215# Agents (multi-agent roles and limits)

216################################################################################216################################################################################

217 217

218# [agents]218[agents]

219# Maximum concurrently open agent threads. Default: 6219# Maximum concurrently open agent threads. Default: 6

220# max_threads = 6220# max_threads = 6

221# Maximum nested spawn depth. Root session starts at depth 0. Default: 1221# Maximum nested spawn depth. Root session starts at depth 0. Default: 1

224# job_max_runtime_seconds = 1800224# job_max_runtime_seconds = 1800

225 225

226# [agents.reviewer]226# [agents.reviewer]

227# description = "Find security, correctness, and test risks in code."227# description = "Find correctness, security, and test risks in code."

228# config_file = "./agents/reviewer.toml" # relative to the config.toml that defines it228# config_file = "./agents/reviewer.toml" # relative to the config.toml that defines it

229# nickname_candidates = ["Athena", "Ada"]

229 230

230################################################################################231################################################################################

231# Skills (per-skill overrides)232# Skills (per-skill overrides)

236# path = "/path/to/skill/SKILL.md"237# path = "/path/to/skill/SKILL.md"

237# enabled = false238# enabled = false

238 239

239################################################################################

240# Experimental toggles (legacy; prefer [features])

241################################################################################

~~242~~

243experimental_use_unified_exec_tool = false

~~244~~

245# Include apply_patch via freeform editing path (affects default tool set). Default: false

246experimental_use_freeform_apply_patch = false

~~247~~

248################################################################################240################################################################################

249# Sandbox settings (tables)241# Sandbox settings (tables)

250################################################################################242################################################################################

267[shell_environment_policy]259[shell_environment_policy]

268# inherit: all (default) | core | none260# inherit: all (default) | core | none

269inherit = "all"261inherit = "all"

270# Skip default excludes for names containing KEY/SECRET/TOKEN (case-insensitive). Default: true262# Skip default excludes for names containing KEY/SECRET/TOKEN (case-insensitive). Default: false

271ignore_default_excludes = true263ignore_default_excludes = false

272# Case-insensitive glob patterns to remove (e.g., "AWS_*", "AZURE_*"). Default: []264# Case-insensitive glob patterns to remove (e.g., "AWS_*", "AZURE_*"). Default: []

273exclude = []265exclude = []

274# Explicit key/value overrides (always win). Default: {}266# Explicit key/value overrides (always win). Default: {}

278# Experimental: run via user shell profile. Default: false270# Experimental: run via user shell profile. Default: false

279experimental_use_profile = false271experimental_use_profile = false

280 272

273################################################################################

274# Managed network proxy settings

275################################################################################

276

277[permissions.network]

278# enabled = true

279# proxy_url = "http://127.0.0.1:43128"

280# admin_url = "http://127.0.0.1:43129"

281# enable_socks5 = false

282# socks_url = "http://127.0.0.1:43130"

283# enable_socks5_udp = false

284# allow_upstream_proxy = false

285# dangerously_allow_non_loopback_proxy = false

286# dangerously_allow_non_loopback_admin = false

287# dangerously_allow_all_unix_sockets = false

288# mode = "limited" # limited | full

289# allowed_domains = ["api.openai.com"]

290# denied_domains = ["example.com"]

291# allow_unix_sockets = ["/var/run/docker.sock"]

292# allow_local_binding = false

293

281################################################################################294################################################################################

282# History (table)295# History (table)

283################################################################################296################################################################################

286# save-all (default) | none299# save-all (default) | none

287persistence = "save-all"300persistence = "save-all"

288# Maximum bytes for history file; oldest entries are trimmed when exceeded. Example: 5242880301# Maximum bytes for history file; oldest entries are trimmed when exceeded. Example: 5242880

289# max_bytes = 0302# max_bytes = 5242880

290 303

291################################################################################304################################################################################

292# UI, Notifications, and Misc (tables)305# UI, Notifications, and Misc (tables)

318# You can also add custom .tmTheme files under $CODEX_HOME/themes.331# You can also add custom .tmTheme files under $CODEX_HOME/themes.

319# theme = "catppuccin-mocha"332# theme = "catppuccin-mocha"

320 333

334# Internal tooltip state keyed by model slug. Usually managed by Codex.

335# [tui.model_availability_nux]

336# "gpt-5.4" = 1

337

338# Enable or disable analytics for this machine. When unset, Codex uses its default behavior.

339[analytics]

340enabled = true

341

321# Control whether users can submit feedback from `/feedback`. Default: true342# Control whether users can submit feedback from `/feedback`. Default: true

322[feedback]343[feedback]

323enabled = true344enabled = true

331# "hide_gpt-5.1-codex-max_migration_prompt" = true352# "hide_gpt-5.1-codex-max_migration_prompt" = true

332# model_migrations = { "gpt-4.1" = "gpt-5.1" }353# model_migrations = { "gpt-4.1" = "gpt-5.1" }

333 354

334# Suppress the warning shown when under-development feature flags are enabled.

335# suppress_unstable_features_warning = true

~~336~~

337################################################################################355################################################################################

338# Centralized Feature Flags (preferred)356# Centralized Feature Flags (preferred)

339################################################################################357################################################################################

342# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.360# Leave this table empty to accept defaults. Set explicit booleans to opt in/out.

343# shell_tool = true361# shell_tool = true

344# apps = false362# apps = false

345# apps_mcp_gateway = false363# unified_exec = true

346# web_search_cached = false364# shell_snapshot = true

347# web_search_request = false365# multi_agent = true

348# unified_exec = false

349# shell_snapshot = false

350# apply_patch_freeform = false

351# multi_agent = false

352# search_tool = false

353# personality = true366# personality = true

354# request_rule = true367# fast_mode = true

355# collaboration_modes = true368# smart_approvals = false

356# use_linux_sandbox_bwrap = false369# enable_request_compression = true

357# remote_models = false370# skill_mcp_dependency_install = true

358# runtime_metrics = false371# prevent_idle_sleep = false

359# powershell_utf8 = true

360# child_agents_md = false

361 372

362################################################################################373################################################################################

363# Define MCP servers under this table. Leave empty to disable.374# Define MCP servers under this table. Leave empty to disable.

379# tool_timeout_sec = 60.0 # optional; default 60.0 seconds390# tool_timeout_sec = 60.0 # optional; default 60.0 seconds

380# enabled_tools = ["search", "summarize"] # optional allow-list391# enabled_tools = ["search", "summarize"] # optional allow-list

381# disabled_tools = ["slow-tool"] # optional deny-list (applied after allow-list)392# disabled_tools = ["slow-tool"] # optional deny-list (applied after allow-list)

393# scopes = ["read:docs"] # optional OAuth scopes

394# oauth_resource = "https://docs.example.com/" # optional OAuth resource

382 395

383# --- Example: Streamable HTTP transport ---396# --- Example: Streamable HTTP transport ---

384# [mcp_servers.github]397# [mcp_servers.github]

391# startup_timeout_sec = 10.0 # optional404# startup_timeout_sec = 10.0 # optional

392# tool_timeout_sec = 60.0 # optional405# tool_timeout_sec = 60.0 # optional

393# enabled_tools = ["list_issues"] # optional allow-list406# enabled_tools = ["list_issues"] # optional allow-list

407# disabled_tools = ["delete_issue"] # optional deny-list

408# scopes = ["repo"] # optional OAuth scopes

394 409

395################################################################################410################################################################################

396# Model Providers411# Model Providers

397################################################################################412################################################################################

398 413

399# Built-ins include:414# Built-ins include:

400# - openai (Responses API; requires login or OPENAI_API_KEY via auth flow)415# - openai

401# - oss (Chat Completions API; defaults to http://localhost:11434/v1)416# - ollama

417# - lmstudio

402 418

403[model_providers]419[model_providers]

404 420

406# [model_providers.openaidr]422# [model_providers.openaidr]

407# name = "OpenAI Data Residency"423# name = "OpenAI Data Residency"

408# base_url = "https://us.api.openai.com/v1" # example with 'us' domain prefix424# base_url = "https://us.api.openai.com/v1" # example with 'us' domain prefix

409# wire_api = "responses" # "responses" | "chat" (default varies)425# wire_api = "responses" # only supported value

410# # requires_openai_auth = true # built-in OpenAI defaults to true426# # requires_openai_auth = true # built-in OpenAI defaults to true

411# # request_max_retries = 4 # default 4; max 100427# # request_max_retries = 4 # default 4; max 100

412# # stream_max_retries = 5 # default 5; max 100428# # stream_max_retries = 5 # default 5; max 100

413# # stream_idle_timeout_ms = 300000 # default 300_000 (5m)429# # stream_idle_timeout_ms = 300000 # default 300_000 (5m)

430# # supports_websockets = true # optional

414# # experimental_bearer_token = "sk-example" # optional dev-only direct bearer token431# # experimental_bearer_token = "sk-example" # optional dev-only direct bearer token

415# # http_headers = { "X-Example" = "value" }432# # http_headers = { "X-Example" = "value" }

416# # env_http_headers = { "OpenAI-Organization" = "OPENAI_ORGANIZATION", "OpenAI-Project" = "OPENAI_PROJECT" }433# # env_http_headers = { "OpenAI-Organization" = "OPENAI_ORGANIZATION", "OpenAI-Project" = "OPENAI_PROJECT" }

417 434

418# --- Example: Azure (Chat/Responses depending on endpoint) ---435# --- Example: Azure/OpenAI-compatible provider ---

419# [model_providers.azure]436# [model_providers.azure]

420# name = "Azure"437# name = "Azure"

421# base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"438# base_url = "https://YOUR_PROJECT_NAME.openai.azure.com/openai"

422# wire_api = "responses" # or "chat" per endpoint439# wire_api = "responses"

423# query_params = { api-version = "2025-04-01-preview" }440# query_params = { api-version = "2025-04-01-preview" }

424# env_key = "AZURE_OPENAI_API_KEY"441# env_key = "AZURE_OPENAI_API_KEY"

425# # env_key_instructions = "Set AZURE_OPENAI_API_KEY in your environment"442# env_key_instructions = "Set AZURE_OPENAI_API_KEY in your environment"

443# # supports_websockets = false

426 444

427# --- Example: Local OSS (e.g., Ollama-compatible) ---445# --- Example: Local OSS (e.g., Ollama-compatible) ---

428# [model_providers.ollama]446# [model_providers.ollama]

429# name = "Ollama"447# name = "Ollama"

430# base_url = "http://localhost:11434/v1"448# base_url = "http://localhost:11434/v1"

431# wire_api = "chat"449# wire_api = "responses"

~~432~~

433################################################################################

434# Profiles (named presets)

435################################################################################

~~436~~

437[profiles]

~~438~~

439# [profiles.default]

440# model = "gpt-5.4"

441# model_provider = "openai"

442# approval_policy = "on-request"

443# sandbox_mode = "read-only"

444# oss_provider = "ollama"

445# model_reasoning_effort = "medium"

446# model_reasoning_summary = "auto"

447# model_verbosity = "medium"

448# personality = "friendly" # or "pragmatic" or "none"

449# chatgpt_base_url = "https://chatgpt.com/backend-api/"

450# model_catalog_json = "./models.json"

451# experimental_compact_prompt_file = "./compact_prompt.txt"

452# include_apply_patch_tool = false

453# experimental_use_unified_exec_tool = false

454# experimental_use_freeform_apply_patch = false

455# tools.web_search = false # deprecated legacy alias; prefer top-level `web_search`

456# features = { unified_exec = false }

457 450

458################################################################################451################################################################################

459# Apps / Connectors452# Apps / Connectors

477# enabled = false470# enabled = false

478# approval_mode = "approve"471# approval_mode = "approve"

479 472

473################################################################################

474# Profiles (named presets)

475################################################################################

476

477[profiles]

478

479# [profiles.default]

480# model = "gpt-5.4"

481# model_provider = "openai"

482# approval_policy = "on-request"

483# sandbox_mode = "read-only"

484# service_tier = "flex"

485# oss_provider = "ollama"

486# model_reasoning_effort = "medium"

487# plan_mode_reasoning_effort = "high"

488# model_reasoning_summary = "auto"

489# model_verbosity = "medium"

490# personality = "pragmatic" # or "friendly" or "none"

491# chatgpt_base_url = "https://chatgpt.com/backend-api/"

492# model_catalog_json = "./models.json"

493# model_instructions_file = "/absolute/or/relative/path/to/instructions.txt"

494# experimental_compact_prompt_file = "./compact_prompt.txt"

495# tools_view_image = true

496# features = { unified_exec = false }

497

480################################################################################498################################################################################

481# Projects (trust levels)499# Projects (trust levels)

482################################################################################500################################################################################

483 501

484# Mark specific worktrees as trusted or untrusted.

485[projects]502[projects]

503# Mark specific worktrees as trusted or untrusted.

486# [projects."/absolute/path/to/project"]504# [projects."/absolute/path/to/project"]

487# trust_level = "trusted" # or "untrusted"505# trust_level = "trusted" # or "untrusted"

488 506

507################################################################################

508# Tools

509################################################################################

510

511[tools]

512# view_image = true

513

489################################################################################514################################################################################

490# OpenTelemetry (OTEL) - disabled by default515# OpenTelemetry (OTEL) - disabled by default

491################################################################################516################################################################################

499exporter = "none"524exporter = "none"

500# Trace exporter: none (default) | otlp-http | otlp-grpc525# Trace exporter: none (default) | otlp-http | otlp-grpc

501trace_exporter = "none"526trace_exporter = "none"

527# Metrics exporter: none | statsig | otlp-http | otlp-grpc

528metrics_exporter = "statsig"

502 529

503# Example OTLP/HTTP exporter configuration530# Example OTLP/HTTP exporter configuration

504# [otel.exporter."otlp-http"]531# [otel.exporter."otlp-http"]

508# [otel.exporter."otlp-http".headers]535# [otel.exporter."otlp-http".headers]

509# "x-otlp-api-key" = "${OTLP_TOKEN}"536# "x-otlp-api-key" = "${OTLP_TOKEN}"

510 537

511# Example OTLP/gRPC exporter configuration

512# [otel.exporter."otlp-grpc"]

513# endpoint = "https://otel.example.com:4317",

514# headers = { "x-otlp-meta" = "abc123" }

~~515~~

516# Example OTLP exporter with mutual TLS

517# [otel.exporter."otlp-http"]

518# endpoint = "https://otel.example.com/v1/logs"

519# protocol = "binary"

~~520~~

521# [otel.exporter."otlp-http".headers]

522# "x-otlp-api-key" = "${OTLP_TOKEN}"

~~523~~

524# [otel.exporter."otlp-http".tls]538# [otel.exporter."otlp-http".tls]

525# ca-certificate = "certs/otel-ca.pem"539# ca-certificate = "certs/otel-ca.pem"

526# client-certificate = "/etc/codex/certs/client.pem"540# client-certificate = "/etc/codex/certs/client.pem"

527# client-private-key = "/etc/codex/certs/client-key.pem"541# client-private-key = "/etc/codex/certs/client-key.pem"

528```

529 542

530################################################################################543# Example OTLP/gRPC trace exporter configuration

544# [otel.trace_exporter."otlp-grpc"]

545# endpoint = "https://otel.example.com:4317"

546# headers = { "x-otlp-meta" = "abc123" }

531 547

548################################################################################

532# Windows549# Windows

~~533~~

534################################################################################550################################################################################

535 551

536[windows]552[windows]

~~537~~ 553# Native Windows sandbox mode (Windows only): unelevated | elevated

538# Native Windows sandbox mode (Windows only). The example below uses the554sandbox = "unelevated"

~~539~~ 555```

540# recommended elevated mode.

~~541~~

542sandbox = “elevated”

enterprise/admin-setup.md +230 −77

Details

1# Admin Setup1# Admin Setup

2 2

3![Codex enterprise admin toggle](/images/codex/codex_enterprise_admin.png)

3This guide is for ChatGPT Enterprise admins who want to set up Codex for their workspace.5This guide is for ChatGPT Enterprise admins who want to set up Codex for their workspace.

4 6

5Use this page as the step-by-step rollout guide. It focuses on setup order and decision points. For detailed policy, configuration, and monitoring details, use the linked pages: [Authentication](https://developers.openai.com/codex/auth), [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security), [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), and [Governance](https://developers.openai.com/codex/enterprise/governance).7Use this page as the step-by-step rollout guide. For detailed policy, configuration, and monitoring details, use the linked pages: [Authentication](https://developers.openai.com/codex/auth), [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security), [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), and [Governance](https://developers.openai.com/codex/enterprise/governance).

6 8

7## Enterprise-grade security and privacy9## Enterprise-grade security and privacy

8 10

9Codex supports ChatGPT Enterprise security features, including:11Codex supports ChatGPT Enterprise security features, including:

10 12

11- No training on enterprise data13- No training on enterprise data

~~12- Zero data retention for the App, CLI, and IDE (code remains in developer environment)~~14- Zero data retention for the App, CLI, and IDE (code stays in the developer environment)

13- Residency and retention that follow ChatGPT Enterprise policies15- Residency and retention that follow ChatGPT Enterprise policies

14- Granular user access controls16- Granular user access controls

15- Data encryption at rest (AES-256) and in transit (TLS 1.2+)17- Data encryption at rest (AES-256) and in transit (TLS 1.2+)

18- Audit logging via the ChatGPT Compliance API

16 19

17For security controls and runtime protections, see [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security). Refer to [Zero Data Retention (ZDR)](https://platform.openai.com/docs/guides/your-data#zero-data-retention) for more details.20For security controls and runtime protections, see [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security). Refer to [Zero Data Retention (ZDR)](https://platform.openai.com/docs/guides/your-data#zero-data-retention) for more details.

21For a broader enterprise security overview, see the [Codex security white paper](https://trust.openai.com/?itemUid=382f924d-54f3-43a8-a9df-c39e6c959958&source=click).

18 22

~~19## Local vs. cloud setup~~23## Pre-requisites: Determine owners and rollout strategy

~~21Codex operates in two environments: local and cloud.~~

~~231. **Codex local** includes the Codex app, CLI, and IDE extension. The agent runs on the developer’s computer in a sandbox.~~

242. **Codex cloud** includes hosted Codex features (including Codex cloud, iOS, Code Review, and tasks created by the [Slack integration](https://developers.openai.com/codex/integrations/slack) or [Linear integration](https://developers.openai.com/codex/integrations/linear)). The agent runs remotely in a hosted container with your codebase.

~~26You can enable local, cloud, or both, and control access with workspace settings and role-based access control (RBAC).~~

~~28## Step 0: Owners and rollout decision~~

~~30Ensure you have the following owners:~~

31 24

~~32- Workspace owner with access to ChatGPT Enterprise~~25During your rollout, team members may support different aspects of integrating Codex into your organization. Ensure you have the following owners:

~~33- IT management owner for managed configuration~~

~~34- Governance owner for analytics / compliance review~~

35 26

~~36A rollout decision:~~27- **ChatGPT Enterprise workspace owner:** required to configure Codex settings in your workspace.

28- **Security owner:** determines agent permissions settings for Codex.

29- **Analytics owner:** integrates analytics and compliance APIs into your data pipelines.

37 30

~~38- Codex local only (Codex app, CLI, and IDE extension)~~31Decide which Codex surfaces you will use:

~~39- Codex cloud only (Codex web, GitHub code review)~~

~~40- Both local + cloud~~

41 32

~~42Review [authentication](https://developers.openai.com/codex/auth) before rollout:~~33- **Codex local:** includes the Codex app, CLI, and IDE extension. The agent runs on the developer's computer in a sandbox.

34- **Codex cloud:** includes hosted Codex features (including Codex cloud, iOS, Code Review, and tasks created by the [Slack integration](https://developers.openai.com/codex/integrations/slack) or [Linear integration](https://developers.openai.com/codex/integrations/linear)). The agent runs remotely in a hosted container with your codebase.

35- **Both:** use local + cloud together.

43 36

~~44- Codex local supports ChatGPT sign-in or API keys. Confirm MFA/SSO requirements and any managed login restrictions in authentication~~37You can enable local, cloud, or both, and control access with workspace settings and role-based access control (RBAC).

~~45- Codex cloud requires ChatGPT sign-in~~

46 38

~~47## Step 1: Enable workspace toggles~~39## Step 1: Enable Codex in your workspace

48 40

~~49Turn on only the Codex features you plan to roll out in this phase.~~41You configure access to Codex in ChatGPT Enterprise workspace settings.

50 42

51Go to [Workspace Settings > Settings and Permissions](https://chatgpt.com/admin/settings).43Go to [Workspace Settings > Settings and Permissions](https://chatgpt.com/admin/settings).

52 44

53### Codex local45### Codex local

54 46

47Codex local is enabled by default for new ChatGPT Enterprise workspaces. If

48 you are not a ChatGPT workspace owner, you can test whether you have access by

49 [installing Codex](https://developers.openai.com/codex/quickstart) and logging in with your work email.

55Turn on **Allow members to use Codex Local**.51Turn on **Allow members to use Codex Local**.

56 52

57This enables use of the Codex app, CLI, and IDE extension for allowed users.53This enables use of the Codex app, CLI, and IDE extension for allowed users.

60 56

61#### Enable device code authentication for Codex CLI57#### Enable device code authentication for Codex CLI

62 58

~~63Allow developers to sign in with device codes when using Codex CLI in a non-interactive environment. More details in [authentication](https://developers.openai.com/codex/auth/).~~59Allow developers to sign in with a device code when using Codex CLI in a non-interactive environment (for example, a remote development box). More details are in [authentication](https://developers.openai.com/codex/auth/).

64 60

65![Codex local toggle](/images/codex/enterprise/local-toggle-config.png)61![Codex local toggle](/images/codex/enterprise/local-toggle-config.png)

66 62

82 78

83Note that it may take up to 10 minutes for Codex to appear in ChatGPT.79Note that it may take up to 10 minutes for Codex to appear in ChatGPT.

84 80

~~85#### Allow members to administer Codex~~

87Allows users to view overall Codex [workspace analytics](https://chatgpt.com/codex/settings/analytics), access [cloud-managed requirements](https://chatgpt.com/codex/settings/managed-configs), and manage Cloud environments (edit and delete).

~~89Codex cloud not required.~~

91#### Enable Codex Slack app to post answers on task completion81#### Enable Codex Slack app to post answers on task completion

92 82

93Codex posts its full answer back to Slack when the task completes. Otherwise, Codex posts only a link to the task.83Codex posts its full answer back to Slack when the task completes. Otherwise, Codex posts only a link to the task.

98 88

99By default, Codex cloud agents have no internet access during runtime to help protect against security and safety risks like prompt injection.89By default, Codex cloud agents have no internet access during runtime to help protect against security and safety risks like prompt injection.

100 90

101This setting enables users to use an allowlist for common software dependency domains, add more domains and trusted sites, and specify allowed HTTP methods.91This setting lets users use an allowlist for common software dependency domains, add domains and trusted sites, and specify allowed HTTP methods.

102 92

103For security implications of internet access and runtime controls, see [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security).93For security implications of internet access and runtime controls, see [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security).

104 94

106 96

107## Step 2: Set up custom roles (RBAC)97## Step 2: Set up custom roles (RBAC)

108 98

109Use RBAC to control which users or groups can access Codex local and Codex cloud.99Use RBAC to control granular permissions for access Codex local and Codex cloud.

100

101![Codex cloud toggle](/images/codex/enterprise/rbac_custom_roles.png)

110 102

111### What RBAC lets you do103### What RBAC lets you do

112 104

113Workspace Owners can use RBAC in ChatGPT admin settings to:105Workspace Owners can use RBAC in ChatGPT admin settings to:

114 106

115- Set a default role for users who are not assigned any custom role107- Set a default role for users who aren't assigned any custom role

116- Create custom roles with granular permissions108- Create custom roles with granular permissions

117- Assign one or more custom roles to Groups (including SCIM-synced groups)109- Assign one or more custom roles to Groups

110- Automatically sync users into Groups via SCIM

118- Manage roles centrally from the Custom Roles tab111- Manage roles centrally from the Custom Roles tab

119 112

120Users can inherit multiple roles, and permissions resolve to the maximum allowed across those roles.113Users can inherit more than one role, and permissions resolve to the most permissive (least restrictive) access across those roles.

114

115### Create a Codex Admin group

116

117Set up a dedicated "Codex Admin" group rather than granting Codex administration to a broad audience.

118

119The **Allow members to administer Codex** toggle grants the Codex Admin role. Codex Admins can:

120

121- View Codex [workspace analytics](https://chatgpt.com/codex/settings/analytics)

122- Open the Codex [Policies page](https://chatgpt.com/codex/settings/policies) to manage cloud-managed `requirements.toml` policies

123- Assign those managed policies to user groups or configure a default fallback policy

124- Manage Codex cloud environments, including editing and deleting environments

125

126Use this role for the small set of admins who own Codex rollout, policy management, and governance. It's not required for general Codex users. You don't need Codex cloud to enable this toggle.

127

128Recommended rollout pattern:

129

130- Create a "Codex Users" group for people who should use Codex

131- Create a separate "Codex Admin" group for the smaller set of people who should manage Codex settings and policies

132- Assign the custom role with **Allow members to administer Codex** enabled only to the "Codex Admin" group

133- Keep membership in the "Codex Admin" group limited to workspace owners or designated platform, IT, and governance operators

134- If you use SCIM, back the "Codex Admin" group with your identity provider so membership changes are auditable and centrally managed

121 135

122### Important behavior to plan for136This separation makes it easier to roll out Codex while keeping analytics, environment management, and policy deployment limited to trusted admins. For RBAC setup details and the full permission model, see the [OpenAI RBAC Help Center article](https://help.openai.com/en/articles/11750701-rbac).

123 137

124Users in any custom role group do not use the workspace default permissions.138## Step 3: Configure Codex local requirements

125 139

126If you are gradually rolling out Codex, one suggestion is to have a “Codex Users” group and a second “Codex Admin” group that has the “Allow members to administer Codex” toggle enabled.140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).

127 141

128For RBAC setup details and the full permission model, see the [OpenAI RBAC Help Center article](https://help.openai.com/en/articles/11750701-rbac).142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules.

129 143

130## Step 3: Configure Codex local managed settings144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)

131 145

132For Codex local, set an admin-approved baseline for local behavior before broader rollout.146Recommended setup:

133 147

134### Use managed configuration for two different goals1481. Create a baseline policy for most users, then create stricter or more permissive variants only where needed.

1492. Assign each managed policy to a specific user group, and configure a default fallback policy for everyone else.

1503. Order group rules with care. If a user matches more than one group-specific rule, the first matching rule applies.

1514. Treat each policy as a complete profile for that group. Codex doesn't fill missing fields from later matching group rules.

135 152

136- **Requirements** (`requirements.toml`): Admin-enforced constraints users cannot override153These cloud-managed policies apply across Codex local surfaces when users sign in with ChatGPT, including the Codex app, CLI, and IDE extension.

137- **Managed defaults** (`managed_config.toml`): Starting values applied when Codex launches

138 154

139### Team Config155### Example requirements.toml policies

156

157Use cloud-managed `requirements.toml` policies to enforce the guardrails you want for each group. The snippets below are examples you can adapt, not required settings.

158

159![Example managed requirements policy](/images/codex/enterprise/example_policy.png)

160

161Example: limit web search, sandbox mode, and approvals for a standard local rollout:

162

163```toml

164allowed_web_search_modes = ["disabled", "cached"]

165allowed_sandbox_modes = ["workspace-write"]

166allowed_approval_policies = ["on-request"]

167```

168

169Example: add a restrictive command rule when you want admins to block or gate specific commands:

170

171```toml

172[rules]

173prefix_rules = [

174 { pattern = [{ token = "git" }, { any_of = ["push", "commit"] }], decision = "prompt", justification = "Require review before mutating remote history." },

175]

176```

177

178You can use either example on its own or combine them in a single managed policy for a group. For exact keys, precedence, and more examples, see [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration) and [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security).

179

180### Checking user policies

181

182Use the policy lookup tools at the end of the workflow to confirm which managed policy applies to a user. You can check policy assignment by group or by entering a user email.

183

184![Policy lookup by group or user email](/images/codex/enterprise/policy_lookup.png)

185

186If you plan to restrict login method or workspace for local clients, see the admin-managed authentication restrictions in [Authentication](https://developers.openai.com/codex/auth).

187

188## Step 4: Standardize local configuration with Team Config

140 189

141Teams who want to standardize Codex across an organization can use Team Config to share defaults, rules, and skills without duplicating setup on every local configuration.190Teams who want to standardize Codex across an organization can use Team Config to share defaults, rules, and skills without duplicating setup on every local configuration.

142 191

192You can check Team Config settings into the repository under the `.codex` directory. Codex automatically picks up Team Config settings when a user opens that repository.

193

194Start with Team Config for your highest-traffic repositories so teams get consistent behavior in the places they use Codex most.

195

144| ------------------------------------ | ------------- | ---------------------------------------------------------------------------- |197| ------------------------------------ | ------------- | ---------------------------------------------------------------------------- |

148 201

149For locations and precedence, see [Config basics](https://developers.openai.com/codex/config-basic#configuration-precedence).202For locations and precedence, see [Config basics](https://developers.openai.com/codex/config-basic#configuration-precedence).

150 203

151### Recommended first decisions for local rollout204## Step 5: Configure Codex cloud usage (if enabled)

152 205

153Define a baseline for your pilot:206This step covers repository and environment setup after you enable the Codex cloud workspace toggle.

~~154~~

155- Approval policy posture

156- Sandbox mode posture

157- Web search posture

158- MCP / connectors policy

159- Local logging and telemetry posture

~~160~~

161For exact keys, precedence, MDM deployment, and examples, see [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration) and [Agent approvals & security](https://developers.openai.com/codex/agent-approvals-security).

~~162~~

163If you plan to restrict login method or workspace for local clients, see the admin-managed authentication restrictions in [Authentication](https://developers.openai.com/codex/auth).

~~164~~

165## Step 4: Configure Codex cloud usage (if enabled)

~~166~~

167This step covers repository and environment setup after the Codex cloud workspace toggle is enabled.

168 207

169### Connect Codex cloud to repositories208### Connect Codex cloud to repositories

170 209

1711. Navigate to [Codex](https://chatgpt.com/codex) and select **Get started**2101. Navigate to [Codex](https://chatgpt.com/codex) and select **Get started**

1722. Select **Connect to GitHub** to install the ChatGPT GitHub Connector if you haven't already connected GitHub to ChatGPT2112. Select **Connect to GitHub** to install the ChatGPT GitHub Connector if you haven't already connected GitHub to ChatGPT

1733. Install or authorize the ChatGPT GitHub Connector2123. Install or connect the ChatGPT GitHub Connector

1744. Choose an installation target for the ChatGPT Connector (typically your main organization)2134. Choose an installation target for the ChatGPT Connector (typically your main organization)

1755. Allow the repositories you want to connect to Codex2145. Allow the repositories you want to connect to Codex

176 215

216For GitHub Enterprise Managed Users (EMU), an organization owner must install

217 the Codex GitHub App for the organization before users can connect

218 repositories in Codex cloud.

219

177For more, see [Cloud environments](https://developers.openai.com/codex/cloud/environments).220For more, see [Cloud environments](https://developers.openai.com/codex/cloud/environments).

178 221

179Codex uses short-lived, least-privilege GitHub App installation tokens for each operation and respects the user's existing GitHub repository permissions and branch protection rules.222Codex uses short-lived, least-privilege GitHub App installation tokens for each operation and respects the user's existing GitHub repository permissions and branch protection rules.

180 223

181### Configure IP addresses (as needed)224### Configure IP addresses

182 225

183Configure connector / IP allow lists if required by your network policy with these [egress IP ranges](https://openai.com/chatgpt-agents.json).226If your GitHub organization controls the IP addresses that apps use to connect, make sure to include these [egress IP ranges](https://openai.com/chatgpt-agents.json).

184 227

185These IP ranges can change. Consider checking them automatically and updating your allow list based on the latest values.228These IP ranges can change. Consider checking them automatically and updating your allow list based on the latest values.

186 229

188 231

189To allow Codex to perform code reviews on GitHub, go to [Settings → Code review](https://chatgpt.com/codex/settings/code-review).232To allow Codex to perform code reviews on GitHub, go to [Settings → Code review](https://chatgpt.com/codex/settings/code-review).

190 233

191Code review can be configured at the repository level. Users can also enable auto review for their PRs and choose when Codex automatically triggers a review. More details on [GitHub](https://developers.openai.com/codex/integrations/github) integration page.234You can configure code review at the repository level. Users can also enable auto review for their PRs and choose when Codex automatically triggers a review. More details are on the [GitHub integration page](https://developers.openai.com/codex/integrations/github).

235

236Use the overview page to confirm your workspace has code review turned on and to see the available review controls.

237

238![Code review settings overview](/images/codex/enterprise/code_review_settings_overview.png)

239

240 Use the auto review settings to decide whether Codex should review pull

241 requests automatically for connected repositories.

242

243![Automatic code review settings](/images/codex/enterprise/auto_code_review_settings.png)

244

245 Use review triggers to control which pull request events should start a

246 Codex review.

247

248![Code review trigger settings](/images/codex/enterprise/review_triggers.png)

249

250### Configure Codex security

192 251

193Additional integration docs for [Slack](https://developers.openai.com/codex/integrations/slack), [GitHub](https://developers.openai.com/codex/integrations/github), and [Linear](https://developers.openai.com/codex/integrations/linear).252Codex Security helps engineering and security teams find, confirm, and remediate likely vulnerabilities in connected GitHub repositories.

194 253

195## Step 5: Set up governance and observability254At a high level, Codex Security:

196 255

197Codex gives enterprise teams several options for visibility into adoption and impact. Set up governance early so your team can monitor adoption, investigate issues, and support compliance workflows.256- scans connected repositories commit by commit

257- ranks likely findings and confirms them when possible

258- shows structured findings with evidence, criticality, and suggested remediation

259- lets teams refine a repository threat model to improve prioritization and review quality

260

261For setup, scan creation, findings review, and threat model guidance, see [Codex Security setup](https://developers.openai.com/codex/security/setup). For a product overview, see [Codex Security](https://developers.openai.com/codex/security).

262

263Integration docs are also available for [Slack](https://developers.openai.com/codex/integrations/slack), [GitHub](https://developers.openai.com/codex/integrations/github), and [Linear](https://developers.openai.com/codex/integrations/linear).

264

265## Step 6: Set up governance and observability

266

267Codex gives enterprise teams options for visibility into adoption and impact. Set up governance early so your team can track adoption, investigate issues, and support compliance workflows.

198 268

199### Codex governance typically uses269### Codex governance typically uses

200 270

201- Analytics Dashboard for quick, self-serve visibility271- Analytics Dashboard for quick, self-serve visibility

202- Analytics API for programmatic reporting and BI integration272- Analytics API for programmatic reporting and business intelligence integration

203- Compliance API for audit and investigation workflows273- Compliance API for audit and investigation workflows

204 274

205### Recommended minimum setup275### Recommended baseline setup

206 276

207- Assign an owner for adoption reporting277- Assign an owner for adoption reporting

208- Assign an owner for audit and compliance review278- Assign an owner for audit and compliance review

209- Define a review cadence279- Define a review cadence

210- Decide what success looks like280- Decide what success looks like

211 281

212For details and examples, see [Governance](https://developers.openai.com/codex/enterprise/governance).282### Analytics API setup steps

283

284To set up the Analytics API key:

285

2861. Sign in to the [OpenAI API Platform Portal](https://platform.openai.com) as an owner or admin, and select the correct organization.

2872. Go to the [API keys page](https://platform.openai.com/settings/organization/api-keys).

2883. Create a new secret key dedicated to Codex Analytics, and give it a descriptive name such as Codex Analytics API.

2894. Select the appropriate project for your organization. If you only have one project, the default project is fine.

2905. Set the key permissions to Read only, since this API only retrieves analytics data.

2916. Copy the key value and store it securely, because you can only view it once.

2927. Email [support@openai.com](mailto:support@openai.com) to have that key scoped to `codex.enterprise.analytics.read` only. Wait for OpenAI to confirm your API key has Codex Analytics API access.

293

294![Codex analytics key creation](/images/codex/codex_analytics_key.png)

295

296To use the Analytics API key:

297

2981. Find your `workspace_id` in the [ChatGPT Admin console](https://chatgpt.com/admin) under Workspace details.

2992. Call the Analytics API at `https://api.chatgpt.com/v1/analytics/codex` using your Platform API key, and include your `workspace_id` in the path.

3003. Choose the endpoint you want to query:

301

302- /workspaces/`{workspace_id}`/usage

303- /workspaces/`{workspace_id}`/code_reviews

304- /workspaces/`{workspace_id}`/code_review_responses

305

3064. Set a reporting date range with `start_time` and `end_time` if needed.

3075. Retrieve the next page of results with `next_page` if the response spans more than one page.

308

309Example curl command to retrieve workspace usage:

310

311```bash

312curl -H "Authorization: Bearer YOUR_PLATFORM_API_KEY" \

313 "https://api.chatgpt.com/v1/analytics/codex/workspaces/WORKSPACE_ID/usage"

314```

315

316For more details on the Analytics API, see [Analytics API](https://developers.openai.com/codex/enterprise/governance#analytics-api).

317

318### Compliance API setup steps

319

320To set up the Compliance API key:

321

3221. Sign in to the [OpenAI API Platform Portal](https://platform.openai.com) as an owner or admin, and select the correct organization.

3232. Go to the [API keys page](https://platform.openai.com/settings/organization/api-keys).

3243. Create a new secret key dedicated to Compliance API and select the appropriate project for your organization. If you only have one project, the default project is fine.

3254. Choose All permissions.

3265. Copy the key value and store it securely, because you can only view it once.

3276. Send an email to [support@openai.com](mailto:support@openai.com) with:

328

329- the last 4 digits of the API key

330- the key name

331- the created-by name

332- the scope needed: `read`, `delete`, or both

333

3347. Wait for OpenAI to confirm your API key has Compliance API access.

335

336To use the Compliance API key:

337

3381. Find your `workspace_id` in the [ChatGPT Admin console](https://chatgpt.com/admin) under Workspace details.

3392. Use the Compliance API at `https://api.chatgpt.com/v1/`

3403. Pass your Compliance API key in the Authorization header as a Bearer token.

3414. For Codex-related compliance data, use these endpoints:

342

343- /compliance/workspaces/`{workspace_id}`/logs

344- /compliance/workspaces/`{workspace_id}`/logs/`{log_file_id}`

345- /compliance/workspaces/`{workspace_id}`/codex_tasks

346- /compliance/workspaces/`{workspace_id}`/codex_environments

347

3485. For most Codex compliance integrations, start with the logs endpoint and request Codex event types such as CODEX_LOG or CODEX_SECURITY_LOG.

3496. Use /logs to list available Codex compliance log files, then /logs/`{log_file_id}` to download a specific file.

350

351Example curl command to list compliance log files:

352

353```bash

354curl -L -H "Authorization: Bearer YOUR_COMPLIANCE_API_KEY" \

355 "https://api.chatgpt.com/v1/compliance/workspaces/WORKSPACE_ID/logs?event_type=CODEX_LOG&after=2026-03-01T00:00:00Z"

356```

357

358Example curl command to list Codex tasks:

359

360```bash

361curl -H "Authorization: Bearer YOUR_COMPLIANCE_API_KEY" \

362 "https://api.chatgpt.com/v1/compliance/workspaces/WORKSPACE_ID/codex_tasks"

363```

364

365For more details on the Compliance API, see [Compliance API](https://developers.openai.com/codex/enterprise/governance#compliance-api).

213 366

214## Step 6: Confirm and validate setup367## Step 7: Confirm and verify setup

215 368

216### What to verify369### What to verify

217 370

219- (If enabled) Users can sign in to Codex cloud (ChatGPT sign-in required)372- (If enabled) Users can sign in to Codex cloud (ChatGPT sign-in required)

220- MFA and SSO requirements match your enterprise security policy373- MFA and SSO requirements match your enterprise security policy

221- RBAC and workspace toggles produce the expected access behavior374- RBAC and workspace toggles produce the expected access behavior

222- Managed configuration is applied for users375- Managed configuration applies for users

223- Governance data is visible for admins376- Governance data is visible for admins

224 377

225For authentication options and enterprise login restrictions, see [Authentication](https://developers.openai.com/codex/auth).378For authentication options and enterprise login restrictions, see [Authentication](https://developers.openai.com/codex/auth).

226 379

227Once your team is confident with setup, you can confidently roll Codex out to additional teams and organizations.380Once your team is confident with setup, you can roll Codex out to more teams and organizations.

enterprise/managed-configuration.md +10 −10

Details

7 7

8## Admin-enforced requirements (requirements.toml)8## Admin-enforced requirements (requirements.toml)

9 9

10Requirements constrain security-sensitive settings (approval policy, sandbox mode, web search mode, and optionally which MCP servers can be enabled). When resolving configuration (for example from `config.toml`, profiles, or CLI config overrides), if a value conflicts with an enforced requirement, Codex falls back to a requirements-compatible value and notifies the user. If an `mcp_servers` allowlist is configured, Codex enables an MCP server only when both its name and identity match an approved entry; otherwise, Codex disables it.10Requirements constrain security-sensitive settings (approval policy, sandbox mode, web search mode, and optionally which MCP servers users can enable). When resolving configuration (for example from `config.toml`, profiles, or CLI config overrides), if a value conflicts with an enforced rule, Codex falls back to a compatible value and notifies the user. If you configure an `mcp_servers` allowlist, Codex enables an MCP server only when both its name and identity match an approved entry; otherwise, Codex disables it.

11 11

12Requirements can also be used to constrain [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) via the `[features]` table in `requirements.toml`. Note features are generally not security-sensitive, but enterprises have the option of pinning values, if desired. Omitted keys remain unconstrained.12Requirements can also constrain [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) via the `[features]` table in `requirements.toml`. Note that features aren't always security-sensitive, but enterprises can pin values if desired. Omitted keys remain unconstrained.

13 13

14For the exact key list, see the [`requirements.toml` section in Configuration Reference](https://developers.openai.com/codex/config-reference#requirementstoml).14For the exact key list, see the [`requirements.toml` section in Configuration Reference](https://developers.openai.com/codex/config-reference#requirementstoml).

15 15

16### Locations and precedence16### Locations and precedence

17 17

~~18Requirements layers are applied in this order (earlier wins per field):~~18Codex applies requirements layers in this order (earlier wins per field):

19 19

201. Cloud-managed requirements (ChatGPT Business or Enterprise)201. Cloud-managed requirements (ChatGPT Business or Enterprise)

212. macOS managed preferences (MDM) via `com.openai.codex:requirements_toml_base64`212. macOS managed preferences (MDM) via `com.openai.codex:requirements_toml_base64`

223. System `requirements.toml` (`/etc/codex/requirements.toml` on Unix systems, including Linux/macOS)223. System `requirements.toml` (`/etc/codex/requirements.toml` on Unix systems, including Linux/macOS)

23 23

24Across layers, requirements are merged per field: if an earlier layer sets a field (including an empty list), later layers do not override that field, but lower layers can still fill fields that remain unset.24Across layers, Codex merges requirements per field: if an earlier layer sets a field (including an empty list), later layers don't override that field, but lower layers can still fill fields that remain unset.

25 25

26For backwards compatibility, Codex also interprets legacy `managed_config.toml` fields `approval_policy` and `sandbox_mode` as requirements (allowing only that single value).26For backwards compatibility, Codex also interprets legacy `managed_config.toml` fields `approval_policy` and `sandbox_mode` as requirements (allowing only that single value).

27 27

53 53

54Admins can configure different managed requirements for different user groups, and also set a default fallback requirements policy.54Admins can configure different managed requirements for different user groups, and also set a default fallback requirements policy.

55 55

~~56If a user matches multiple group-specific rules, the first matching rule applies. Codex does not fill unset requirement fields from later matching group rules.~~56If a user matches more than one group-specific rule, the first matching rule applies. Codex doesn't fill unset fields from later matching group rules.

57 57

58For example, if the first matching group rule sets only `allowed_sandbox_modes = ["read-only"]` and a later matching group rule sets `allowed_approval_policies = ["on-request"]`, Codex applies only the first matching group rule and does not fill `allowed_approval_policies` from the later rule.58For example, if the first matching group rule sets only `allowed_sandbox_modes = ["read-only"]` and a later matching group rule sets `allowed_approval_policies = ["on-request"]`, Codex applies only the first matching group rule and doesn't fill `allowed_approval_policies` from the later rule.

59 59

60#### How Codex applies cloud-managed requirements locally60#### How Codex applies cloud-managed requirements locally

61 61

62When a user starts Codex and signs in with ChatGPT on a Business or Enterprise plan, Codex applies managed requirements on a best-effort basis. Codex first checks for a valid, unexpired local managed requirements cache entry and uses it if available. If the cache is missing, expired, invalid, or does not match the current auth identity, Codex attempts to fetch managed requirements from the service (with retries) and writes a new signed cache entry on success. If no valid cached entry is available and the fetch fails or times out, Codex continues without the managed requirements layer.62When a user starts Codex and signs in with ChatGPT on a Business or Enterprise plan, Codex applies managed requirements on a best-effort basis. Codex first checks for a valid, unexpired local managed requirements cache entry and uses it if available. If the cache is missing, expired, corrupted, or doesn't match the current auth identity, Codex attempts to fetch managed requirements from the service (with retries) and writes a new signed cache entry on success. If no valid cached entry is available and the fetch fails or times out, Codex continues without the managed requirements layer.

63 63

~~64After cache resolution, managed requirements are enforced as part of the normal requirements layering described above.~~64After cache resolution, Codex enforces managed requirements as part of the normal requirements layering described above.

65 65

66### Example requirements.toml66### Example requirements.toml

67 67

78allowed_web_search_modes = ["cached"] # "disabled" remains implicitly allowed78allowed_web_search_modes = ["cached"] # "disabled" remains implicitly allowed

79```79```

80 80

~~81`allowed_web_search_modes = []` effectively allows only `"disabled"`.~~81`allowed_web_search_modes = []` allows only `"disabled"`.

82For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.82For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.

83 83

84You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags):84You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags):

89unified_exec = false89unified_exec = false

90```90```

91 91

92Use the canonical feature keys from `config.toml`’s `[features]` table. Codex normalizes the effective feature set to satisfy these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.92Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.

93 93

94### Enforce command rules from requirements94### Enforce command rules from requirements

95 95

ide.md +1 −0

Details

64To see all available commands and bind them as keyboard shortcuts, select the settings icon in the Codex chat and select **Keyboard shortcuts**.64To see all available commands and bind them as keyboard shortcuts, select the settings icon in the Codex chat and select **Keyboard shortcuts**.

65You can also refer to the [Codex IDE extension commands](https://developers.openai.com/codex/ide/commands) page.65You can also refer to the [Codex IDE extension commands](https://developers.openai.com/codex/ide/commands) page.

66For a list of supported slash commands, see [Codex IDE extension slash commands](https://developers.openai.com/codex/ide/slash-commands).66For a list of supported slash commands, see [Codex IDE extension slash commands](https://developers.openai.com/codex/ide/slash-commands).

67If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

67 68

68---69---

69 70

learn/best-practices.md +223 −0 added

Details

1# Best practices

3If you’re new to Codex or coding agents in general, this guide will help you get better results faster. It covers the core habits that make Codex more effective across the [CLI](https://developers.openai.com/codex/cli), [IDE extension](https://developers.openai.com/codex/ide), and the [Codex app](https://developers.openai.com/codex/app), from prompting and planning to validation, MCP, skills, and automations.

5Codex works best when you treat it less like a one-off assistant and more like a teammate you configure and improve over time.

7A useful way to think about this: start with the right task context, use `AGENTS.md` for durable guidance, configure Codex to match your workflow, connect external systems with MCP, turn repeated work into skills, and automate stable workflows.

9## Strong first use: Context and prompts

11Codex is already strong enough to be useful even when your prompt isn't perfect. You can often hand it a hard problem with minimal setup and still get a strong result. Clear [prompting](https://developers.openai.com/codex/prompting) isn't required to get value, but it does make results more reliable, especially in larger codebases or higher-stakes tasks.

13If you work in a large or complex repository, the biggest unlock is giving Codex the right task context and a clear structure for what you want done.

15A good default is to include four things in your prompt:

17- **Goal:** What are you trying to change or build?

18- **Context:** Which files, folders, docs, examples, or errors matter for this task? You can @ mention certain files as context.

19- **Constraints:** What standards, architecture, safety requirements, or conventions should Codex follow?

20- **Done when:** What should be true before the task is complete, such as tests passing, behavior changing, or a bug no longer reproducing?

22This helps Codex stay scoped, make fewer assumptions, and produce work that's easier to review.

24Choose a reasoning level based on how hard the task is and test what works best for your workflow. Different users and tasks work best with different settings.

26- Low for faster, well-scoped tasks

27- Medium or High for more complex changes or debugging

28- Extra High for long, agentic, reasoning-heavy tasks

30To provide context faster, try using speech dictation inside the Codex app to

31 dictate what you want Codex to do rather than typing it.

33## Plan first for difficult tasks

35If the task is complex, ambiguous, or hard to describe well, ask Codex to plan before it starts coding.

37A few approaches work well:

39**Use Plan mode:** For most users, this is the easiest and most effective option. Plan mode lets Codex gather context, ask clarifying questions, and build a stronger plan before implementation. Toggle with `/plan` or <kbd>Shift</kbd>+<kbd>Tab</kbd>.

41**Ask Codex to interview you:** If you have a rough idea of what you want but aren't sure how to describe it well, ask Codex to question you first. Tell it to challenge your assumptions and turn the fuzzy idea into something concrete before writing code.

43**Use a PLANS.md template:** For more advanced workflows, you can configure Codex to follow a `PLANS.md` or execution-plan template for longer-running or multi-step work. For more detail, see the [execution plans guide](https://developers.openai.com/cookbook/articles/codex_exec_plans).

45## Make guidance reusable with `AGENTS.md`

47Once a prompting pattern works, the next step is to stop repeating it manually. That's where [AGENTS.md](https://developers.openai.com/codex/guides/agents-md) comes in.

49Think of `AGENTS.md` as an open-format README for agents. It loads into context automatically and is the best place to encode how you and your team want Codex to work in a repository.

51A good `AGENTS.md` covers:

53- repo layout and important directories

54- How to run the project

55- Build, test, and lint commands

56- Engineering conventions and PR expectations

57- Constraints and do-not rules

58- What done means and how to verify work

60The `/init` slash command in the CLI is the quick-start command to scaffold a starter `AGENTS.md` in the current directory. It's a great starting point, but you should edit the result to match how your team actually builds, tests, reviews, and ships code.

62You can create `AGENTS.md` files at different levels: a global `AGENTS.md` for personal defaults that sits in `~/.codex`, a repo-level file for shared standards, and more specific files in subdirectories for local rules. If there’s a more specific file closer to your current directory, that guidance wins.

64Keep it practical. A short, accurate `AGENTS.md` is more useful than a long file full of vague rules. Start with the basics, then add new rules only after you notice repeated mistakes.

66If `AGENTS.md` starts getting too large, keep the main file concise and reference task-specific markdown files for things like planning, code review, or architecture.

68When Codex makes the same mistake twice, ask it for a retrospective and update

69 `AGENTS.md`. Guidance stays practical and based on real friction.

71## Configure Codex for consistency

73Configuration is one of the main ways to make Codex behave more consistently across sessions and surfaces. For example, you can set defaults for model choice, reasoning effort, sandbox mode, approval policy, profiles, and MCP setup.

75A good starting pattern is:

77- Keep personal defaults in `~/.codex/config.toml` (Settings → Configuration → Open config.toml from the Codex app)

78- Keep repo-specific behavior in `.codex/config.toml`

79- Use command-line overrides only for one-off situations (if you use the CLI)

81[`config.toml`](https://developers.openai.com/codex/config-basic) is where you define durable preferences such as MCP servers, profiles, multi-agent setup, and feature flags. You can edit it directly or ask Codex to update it for you.

83Codex ships with operating level sandboxing and has two key knobs that you can control. Approval mode determines when Codex asks for your permission to run a command and sandbox mode determines if Codex can read or write in the directory and what files the agent can access.

85If you're new to coding agents, start with the default permissions. Keep approval and sandboxing tight by default, then loosen permissions only for trusted repos or specific workflows once the need is clear.

87Note that the CLI, IDE, and Codex app all share the same configuration layers. Learn more on the [sample configuration](https://developers.openai.com/codex/config-sample) page.

89Configure Codex for your real environment early. Many quality issues are

90 really setup issues, like the wrong working directory, missing write access,

91 wrong model defaults, or missing tools and connectors.

93## Improve reliability with testing and review

95Don't stop at asking Codex to make a change. Ask it to create tests when needed, run the relevant checks, confirm the result, and review the work before you accept it.

97Codex can do this loop for you, but only if it knows what “good” looks like. That guidance can come from either the prompt or `AGENTS.md`.

99That can include:

100

101- Writing or updating tests for the change

102- Running the right test suites

103- Checking lint, formatting, or type checks

104- Confirming the final behavior matches the request

105- Reviewing the diff for bugs, regressions, or risky patterns

106

107Toggle the diff panel in the Codex app to directly [review

108 changes](https://developers.openai.com/codex/app/review) locally. Click on a specific row to provide

109 feedback that gets fed as context to the next Codex turn.

110

111A useful option here is the slash command `/review`, which gives you a few ways to review code:

112

113- Review against a base branch for PR-style review

114- Review uncommitted changes

115- Review a commit

116- Use custom review instructions

117

118If you and your team have a `code_review.md` file and reference it from `AGENTS.md`, Codex can follow that guidance during review as well. This is a strong pattern for teams that want review behavior to stay consistent across repositories and contributors.

119

120Codex shouldn't just generate code. With the right instructions, it can also help **test it, check it, and review it**.

121

122If you use GitHub Cloud, you can set up Codex to run [code reviews for your PRs](https://developers.openai.com/codex/integrations/github). At OpenAI, Codex reviews 100% of PRs. You can enable automatic reviews or have Codex reactively review when you @Codex.

123

124## Use MCPs for external context

125

126Use MCPs when the context Codex needs lives outside the repo. It lets Codex connect to the tools and systems you already use, so you don't have to keep copying and pasting live information into prompts.

127

128[Model Context Protocol](https://developers.openai.com/codex/mcp), or MCP, is an open standard for connecting Codex to external tools and systems.

129

130Use MCP when:

131

132- The needed context lives outside the repo

133- The data changes frequently

134- You want Codex to use a tool rather than rely on pasted instructions

135- You need a repeatable integration across users or projects

136

137Codex supports both STDIO and Streamable HTTP servers with OAuth.

138

139In the Codex App, head to Settings → MCP servers to see custom and recommended servers. Often, Codex can help you install the needed servers. All you need to do is ask. You can also use the `codex mcp add` command in the CLI to add your custom servers with a name, URL, and other details.

140

141Add tools only when they unlock a real workflow. Do not start by wiring in

142 every tool you use. Start with one or two tools that clearly remove a manual

143 loop you already do often, then expand from there.

144

145## Turn repeatable work into skills

146

147Once a workflow becomes repeatable, stop relying on long prompts or repeated back-and-forth. Use a [Skill](https://developers.openai.com/codex/skills) to package the instructions in a SKILL.md file, context, and supporting logic Codex should apply consistently. Skills work across the CLI, IDE extension, and Codex app.

148

149Keep each skill scoped to one job. Start with 2 to 3 concrete use cases, define clear inputs and outputs, and write the description so it says what the skill does and when to use it. Include the kinds of trigger phrases a user would actually say.

150

151Don't try to cover every edge case up front. Start with one representative task, get it working well, then turn that workflow into a skill and improve from there. Include scripts or extra assets only when they improve reliability.

152

153A good rule of thumb: if you keep reusing the same prompt or correcting the same workflow, it should probably become a skill.

154

155Skills are especially useful for recurring jobs like:

156

157- Log triage

158- Release note drafting

159- PR review against a checklist

160- Migration planning

161- Telemetry or incident summaries

162- Standard debugging flows

163

164The `$skill-creator` skill is the best place to start to scaffold the first version of a skill and to use the `$skill-installer` skill to install it locally. One of the most important parts of a skill is the description. It should say what the skill does and when to use it.

165

166Personal skills are stored in `$HOME/.agents/skills`, and shared team skills

167 can be checked into `.agents/skills` inside a repository. This is especially

168 helpful for onboarding new teammates.

169

170## Use automations for repeated work

171

172Once a workflow is stable, you can schedule Codex to run it in the background for you. In the Codex app, [automations](https://developers.openai.com/codex/app/automations) let you choose the project, prompt, cadence, and execution environment for a recurring task.

173

174Once a task becomes repetitive for you, you can create an automation in the Automations tab on the Codex app. You can choose which project it runs in, the prompt it runs (you can invoke skills), and the cadence it will run. You can also choose whether the automation runs in a dedicated git worktree or in your local environment. Learn more about [git worktrees](https://developers.openai.com/codex/app/worktrees).

175

176Good candidates include:

177

178- Summarizing recent commits

179- Scanning for likely bugs

180- Drafting release notes

181- Checking CI failures

182- Producing standup summaries

183- Running repeatable analysis workflows on a schedule

184

185A useful rule is that skills define the method, automations define the schedule. If a workflow still needs a lot of steering, turn it into a skill first. Once it's predictable, automation becomes a force multiplier.

186

187Use automations for reflection and maintenance, not just execution. Review

188 recent sessions, summarize repeated friction, and improve prompts,

189 instructions, or workflow setup over time.

190

191## Organize long-running work with session controls

192

193Codex sessions aren't just chat history. They're working threads that accumulate context, decisions, and actions over time, so managing them well has a big impact on quality.

194

195The Codex app UI makes thread management easiest because you can pin threads and create worktrees. If you are using the CLI, these [slash commands](https://developers.openai.com/codex/cli/slash-commands) are especially useful:

196

197- `/experimental` to toggle experimental features and add to your `config.toml`

198- `/resume` to resume a saved conversation

199- `/fork` to create a new thread while preserving the original transcript

200- `/compact` when the thread is getting long and you want a summarized version of earlier context. Note that Codex does automatically compact conversations for you

201- `/agent` when you are running parallel agents and want to switch between the active agent thread

202- `/theme` to choose a syntax highlighting theme

203- `/apps` to use ChatGPT apps directly in Codex

204- `/status` to inspect the current session state

205

206Keep one thread per coherent unit of work. If the work is still part of the same problem, staying in the same thread is often better because it preserves the reasoning trail. Fork only when the work truly branches.

207

208Use Codex’s [subagent](https://developers.openai.com/codex/concepts/subagents) workflows to offload bounded

209 work from the main thread. Keep the main agent focused on the core problem,

210 and use subagents for tasks like exploration, tests, or triage.

211

212## Common mistakes

213

214A few common mistakes to avoid when first using Codex:

215

216- Overloading the prompt with durable rules instead of moving them into `AGENTS.md` or a skill

217- Not letting the agent see its work by not giving details on how to best run build and test commands

218- Skipping planning on multi-step and complex tasks

219- Giving Codex full permission to your computer before you understand the workflow

220- Running live threads on the same files without using git worktrees

221- Turning a recurring task into an automation before it's reliable manually

222- Treating Codex like something you have to watch step by step instead of using it in parallel with your own work

223- Using one thread per project instead of one thread per task. This leads to bloated context and worse results over time

mcp.md +5 −1

Details

79 79

80If your MCP OAuth flow must use a specific callback URL (for example, a remote devbox ingress URL or a custom callback path), set `mcp_oauth_callback_url`. Codex uses this value as the OAuth `redirect_uri` while still using `mcp_oauth_callback_port` for the callback listener port. Local callback URLs (for example `localhost`) bind on loopback; non-local callback URLs bind on `0.0.0.0` so the callback can reach the host.80If your MCP OAuth flow must use a specific callback URL (for example, a remote devbox ingress URL or a custom callback path), set `mcp_oauth_callback_url`. Codex uses this value as the OAuth `redirect_uri` while still using `mcp_oauth_callback_port` for the callback listener port. Local callback URLs (for example `localhost`) bind on loopback; non-local callback URLs bind on `0.0.0.0` so the callback can reach the host.

81 81

82If the MCP server advertises `scopes_supported`, Codex prefers those

83server-advertised scopes during OAuth login. Otherwise, Codex falls back to the

84scopes configured in `config.toml`.

82#### config.toml examples86#### config.toml examples

83 87

84```toml88```toml

117 121

118The list of MCP servers keeps growing. Here are a few common ones:122The list of MCP servers keeps growing. Here are a few common ones:

119 123

120- [OpenAI Docs MCP](/resources/docs-mcp): Search and read OpenAI developer docs.124- [OpenAI Docs MCP](/learn/docs-mcp): Search and read OpenAI developer docs.

121- [Context7](https://github.com/upstash/context7): Connect to up-to-date developer documentation.125- [Context7](https://github.com/upstash/context7): Connect to up-to-date developer documentation.

122- Figma [Local](https://developers.figma.com/docs/figma-mcp-server/local-server-installation/) and [Remote](https://developers.figma.com/docs/figma-mcp-server/remote-server-installation/): Access your Figma designs.126- Figma [Local](https://developers.figma.com/docs/figma-mcp-server/local-server-installation/) and [Remote](https://developers.figma.com/docs/figma-mcp-server/remote-server-installation/): Access your Figma designs.

123- [Playwright](https://www.npmjs.com/package/@playwright/mcp): Control and inspect a browser using Playwright.127- [Playwright](https://www.npmjs.com/package/@playwright/mcp): Control and inspect a browser using Playwright.

models.md +28 −3

Details

26 26

27API Access27API Access

28 28

29![gpt-5.4-mini](/images/api/models/gpt-5-mini.jpg)

31gpt-5.4-mini

33Fast, efficient mini model for responsive coding tasks and subagents.

35codex -m gpt-5.4-mini

37Copy command

39Capability

41Speed

43Codex CLI & SDK

45Codex app & IDE extension

47Codex Cloud

49ChatGPT Credits

51API Access

29![gpt-5.3-codex](/images/codex/codex-wallpaper-1.webp)53![gpt-5.3-codex](/images/codex/codex-wallpaper-1.webp)

30 54

31gpt-5.3-codex55gpt-5.3-codex

76 100

77For most tasks in Codex, start with `gpt-5.4`. It combines strong coding,101For most tasks in Codex, start with `gpt-5.4`. It combines strong coding,

78reasoning, native computer use, and broader professional workflows in one102reasoning, native computer use, and broader professional workflows in one

~~79model. The `gpt-5.3-codex-spark` model is available in research preview for~~103model. Use `gpt-5.4-mini` when you want a faster, lower-cost option for

~~80ChatGPT Pro subscribers and is optimized for near-instant, real-time coding~~104lighter coding tasks or subagents. The `gpt-5.3-codex-spark` model is

~~81iteration.~~105available in research preview for ChatGPT Pro subscribers and is optimized for

106near-instant, real-time coding iteration.

82 107

83## Alternative models108## Alternative models

84 109

multi-agent.md +0 −311 deleted

File DeletedView Diff

~~1# Multi-agents~~

3Codex can run multi-agent workflows by spawning specialized agents in parallel and then collecting their results in one response. This can be particularly helpful for complex tasks that are highly parallel, such as codebase exploration or implementing a multi-step feature plan.

~~5With multi-agent workflows you can also define your own set of agents with different model configurations and instructions depending on the agent.~~

7For the concepts and tradeoffs behind multi-agent workflows (including context pollution/context rot and model-selection guidance), see [Multi-agents concepts](https://developers.openai.com/codex/concepts/multi-agents).

~~9## Enable multi-agent~~

~~11Multi-agent workflows are currently experimental and need to be explicitly enabled.~~

~~13You can enable this feature from the CLI with `/experimental`. Enable~~

~~14**Multi-agents**, then restart Codex.~~

~~16Multi-agent activity is currently surfaced in the CLI. Visibility in other~~

~~17surfaces (the Codex app and IDE Extension) is coming soon.~~

~~19You can also add the [`multi_agent` feature flag](https://developers.openai.com/codex/config-basic#feature-flags) directly to your configuration file (`~/.codex/config.toml`):~~

~~21```~~

~~22[features]~~

~~23multi_agent = true~~

~~24```~~

~~26## Typical workflow~~

~~28Codex handles orchestration across agents, including spawning new sub-agents, routing follow-up instructions, waiting for results, and closing agent threads.~~

~~30When many agents are running, Codex waits until all requested results are available, then returns a consolidated response.~~

~~32Codex will automatically decide when to spawn a new agent or you can explicitly ask it to do so.~~

~~34For long-running commands or polling workflows, Codex can also use the built-in `monitor` role, which is tuned for waiting and repeated status checks.~~

~~36To see it in action, try the following prompt on your project:~~

~~38```~~

~~39I would like to review the following points on the current PR (this branch vs main). Spawn one agent per point, wait for all of them, and summarize the result for each point.~~

~~401. Security issue~~

~~412. Code quality~~

~~423. Bugs~~

~~434. Race~~

~~445. Test flakiness~~

~~456. Maintainability of the code~~

~~46```~~

~~48## Managing sub-agents~~

~~50- Use `/agent` in the CLI to switch between active agent threads and inspect the ongoing thread.~~

~~51- Ask Codex directly to steer a running sub-agent, stop it, or close completed agent threads.~~

~~52- The `wait` tool supports long polling windows for monitoring workflows (up to 1 hour per call).~~

~~54## Process CSV batches with sub-agents~~

56Use `spawn_agents_on_csv` when you have many similar tasks that can be expressed as one row per work item. Codex reads the CSV, spawns one worker sub-agent per row, waits for the full batch to finish, and exports the combined results to CSV.

~~58This works well for repeated audits such as:~~

~~60- reviewing one file, package, or service per row~~

~~61- checking a list of incidents, PRs, or migration targets~~

~~62- generating structured summaries for many similar inputs~~

~~64The tool accepts:~~

~~66- `csv_path` for the source CSV~~

~~67- `instruction` for the worker prompt template, using `{column_name}` placeholders~~

~~68- `id_column` when you want stable item ids from a specific column~~

~~69- `output_schema` when each worker should return a JSON object with a fixed shape~~

~~70- `output_csv_path`, `max_concurrency`, and `max_runtime_seconds` for job control~~

~~72Each worker must call `report_agent_job_result` exactly once. If a worker exits without reporting a result, that row is marked as failed in the exported CSV.~~

~~74Example prompt:~~

~~76```~~

~~77Create /tmp/components.csv with columns path,owner and one row per frontend component.~~

~~79Then call spawn_agents_on_csv with:~~

~~80- csv_path: /tmp/components.csv~~

~~81- id_column: path~~

~~82- instruction: "Review {path} owned by {owner}. Return JSON with keys path, risk, summary, and follow_up via report_agent_job_result."~~

~~83- output_csv_path: /tmp/components-review.csv~~

~~84- output_schema: an object with required string fields path, risk, summary, and follow_up~~

~~85```~~

87When you run this through `codex exec`, Codex shows a single-line progress update on `stderr` while the batch is running. The exported CSV includes the original row data plus metadata such as `job_id`, `item_id`, `status`, `last_error`, and `result_json`.

~~89Related runtime settings:~~

~~91- `agents.max_threads` caps how many agent threads can stay open concurrently.~~

~~92- `agents.job_max_runtime_seconds` sets the default per-worker timeout for CSV fan-out jobs. A per-call `max_runtime_seconds` override takes precedence.~~

~~93- `sqlite_home` controls where Codex stores the SQLite-backed state used for agent jobs and their exported results.~~

~~95## Approvals and sandbox controls~~

~~97Sub-agents inherit your current sandbox policy.~~

~~99In interactive CLI sessions, approval requests can surface from inactive agent~~

100threads even while you are looking at the main thread. The approval overlay

101shows the source thread label, and you can press `o` to open that thread before

102you approve, reject, or answer the request.

~~103~~

104In non-interactive flows, or whenever a run cannot surface a fresh approval,

105an action that needs new approval fails and the error is surfaced back to the

106parent workflow.

~~107~~

108Codex also reapplies the parent turn’s live runtime overrides when it spawns a

109child. That includes sandbox and approval choices you set interactively during

110the session, such as `/approvals` changes or `--yolo`, even if the selected

111agent role loads a config file with different defaults.

~~112~~

113You can also override the sandbox configuration for individual [agent roles](#agent-roles) such as explicitly marking an agent to work in read-only mode.

~~114~~

115## Agent roles

~~116~~

117You configure agent roles in the `[agents]` section of your [configuration](https://developers.openai.com/codex/config-basic#configuration-precedence).

~~118~~

119Agent roles can be defined either in your local configuration (typically `~/.codex/config.toml`) or shared in a project-specific `.codex/config.toml`.

~~120~~

121Each role can provide guidance (`description`) for when Codex should use this agent, and optionally load a

122role-specific config file (`config_file`) when Codex spawns an agent with that role.

~~123~~

124Codex ships with built-in roles:

~~125~~

126- `default`: general-purpose fallback role.

127- `worker`: execution-focused role for implementation and fixes.

128- `explorer`: read-heavy codebase exploration role.

129- `monitor`: long-running command/task monitoring role (optimized for waiting/polling).

~~130~~

131Each agent role can override your default configuration. Common settings to override for an agent role are:

~~132~~

133- `model` and `model_reasoning_effort` to select a specific model for your agent role

134- `sandbox_mode` to mark an agent as `read-only`

135- `developer_instructions` to give the agent role additional instructions without relying on the parent agent for passing them

~~136~~

137### Schema

~~138~~

140| --- | --- | --- | --- |

~~147~~

148**Notes:**

~~149~~

150- Unknown fields in `[agents.<name>]` are rejected.

151- `agents.max_depth` defaults to `1`, which allows a direct child agent to spawn but prevents deeper nesting.

152- `agents.job_max_runtime_seconds` is optional. When you leave it unset, `spawn_agents_on_csv` falls back to its per-call default timeout of 1800 seconds per worker.

153- Relative `config_file` paths are resolved relative to the `config.toml` file that defines the role.

154- `agents.<name>.config_file` is validated at config load time and must point to an existing file.

155- If a role name matches a built-in role (for example, `explorer`), your user-defined role takes precedence.

156- If Codex can’t load a role config file, agent spawns can fail until you fix the file.

157- Any configuration not set by the agent role will be inherited from the parent session.

~~158~~

159### Example agent roles

~~160~~

161The best role definitions are narrow and opinionated. Give each role one clear job, a tool surface that matches that job, and instructions that keep it from drifting into adjacent work.

~~162~~

163#### Example 1: PR review team

~~164~~

165This pattern splits review into three focused roles:

~~166~~

167- `explorer` maps the codebase and gathers evidence.

168- `reviewer` looks for correctness, security, and test risks.

169- `docs_researcher` checks framework or API documentation through a dedicated MCP server.

~~170~~

171Project config (`.codex/config.toml`):

~~172~~

173```

174[agents]

175max_threads = 6

176max_depth = 1

~~177~~

178[agents.explorer]

179description = "Read-only codebase explorer for gathering evidence before changes are proposed."

180config_file = "agents/explorer.toml"

~~181~~

182[agents.reviewer]

183description = "PR reviewer focused on correctness, security, and missing tests."

184config_file = "agents/reviewer.toml"

~~185~~

186[agents.docs_researcher]

187description = "Documentation specialist that uses the docs MCP server to verify APIs and framework behavior."

188config_file = "agents/docs-researcher.toml"

189```

~~190~~

191`agents/explorer.toml`:

~~192~~

193```

194model = "gpt-5.3-codex-spark"

195model_reasoning_effort = "medium"

196sandbox_mode = "read-only"

197developer_instructions = """

198Stay in exploration mode.

199Trace the real execution path, cite files and symbols, and avoid proposing fixes unless the parent agent asks for them.

200Prefer fast search and targeted file reads over broad scans.

201"""

202```

~~203~~

204`agents/reviewer.toml`:

~~205~~

206```

207model = "gpt-5.3-codex"

208model_reasoning_effort = "high"

209sandbox_mode = "read-only"

210developer_instructions = """

211Review code like an owner.

212Prioritize correctness, security, behavior regressions, and missing test coverage.

213Lead with concrete findings, include reproduction steps when possible, and avoid style-only comments unless they hide a real bug.

214"""

215```

~~216~~

217`agents/docs-researcher.toml`:

~~218~~

219```

220model = "gpt-5.3-codex-spark"

221model_reasoning_effort = "medium"

222sandbox_mode = "read-only"

223developer_instructions = """

224Use the docs MCP server to confirm APIs, options, and version-specific behavior.

225Return concise answers with links or exact references when available.

226Do not make code changes.

227"""

~~228~~

229[mcp_servers.openaiDeveloperDocs]

230url = "https://developers.openai.com/mcp"

231```

~~232~~

233This setup works well for prompts like:

~~234~~

235```

236Review this branch against main. Have explorer map the affected code paths, reviewer find real risks, and docs_researcher verify the framework APIs that the patch relies on.

237```

~~238~~

239#### Example 2: frontend integration debugging team

~~240~~

241This pattern is useful for UI regressions, flaky browser flows, or integration bugs that cross application code and the running product.

~~242~~

243Project config (`.codex/config.toml`):

~~244~~

245```

246[agents]

247max_threads = 6

248max_depth = 1

~~249~~

250[agents.explorer]

251description = "Read-only codebase explorer for locating the relevant frontend and backend code paths."

252config_file = "agents/explorer.toml"

~~253~~

254[agents.browser_debugger]

255description = "UI debugger that uses browser tooling to reproduce issues and capture evidence."

256config_file = "agents/browser-debugger.toml"

~~257~~

258[agents.worker]

259description = "Implementation-focused agent for small, targeted fixes after the issue is understood."

260config_file = "agents/worker.toml"

261```

~~262~~

263`agents/explorer.toml`:

~~264~~

265```

266model = "gpt-5.3-codex-spark"

267model_reasoning_effort = "medium"

268sandbox_mode = "read-only"

269developer_instructions = """

270Map the code that owns the failing UI flow.

271Identify entry points, state transitions, and likely files before the worker starts editing.

272"""

273```

~~274~~

275`agents/browser-debugger.toml`:

~~276~~

277```

278model = "gpt-5.3-codex"

279model_reasoning_effort = "high"

280sandbox_mode = "workspace-write"

281developer_instructions = """

282Reproduce the issue in the browser, capture exact steps, and report what the UI actually does.

283Use browser tooling for screenshots, console output, and network evidence.

284Do not edit application code.

285"""

~~286~~

287[mcp_servers.chrome_devtools]

288url = "http://localhost:3000/mcp"

289startup_timeout_sec = 20

290```

~~291~~

292`agents/worker.toml`:

~~293~~

294```

295model = "gpt-5.3-codex"

296model_reasoning_effort = "medium"

297developer_instructions = """

298Own the fix once the issue is reproduced.

299Make the smallest defensible change, keep unrelated files untouched, and validate only the behavior you changed.

300"""

~~301~~

302[[skills.config]]

303path = "/Users/me/.agents/skills/docs-editor/SKILL.md"

304enabled = false

305```

~~306~~

307This setup works well for prompts like:

~~308~~

309```

310Investigate why the settings modal fails to save. Have browser_debugger reproduce it, explorer trace the responsible code path, and worker implement the smallest fix once the failure mode is clear.

311```

open-source.md +1 −1

Details

2 2

3OpenAI develops key parts of Codex in the open. That work lives on GitHub so you can follow progress, report issues, and contribute improvements.3OpenAI develops key parts of Codex in the open. That work lives on GitHub so you can follow progress, report issues, and contribute improvements.

4 4

5If you maintain a widely used open-source project or want to nominate maintainers stewarding important projects, you can also [apply to the Codex open source program](https://developers.openai.com/codex/community/codex-for-oss) for API credits, ChatGPT Pro with Codex, and selective access to Codex Security.5If you maintain a widely used open-source project or want to nominate maintainers stewarding important projects, you can also [apply to the Codex for OSS program](https://developers.openai.com/community/codex-for-oss) for API credits, ChatGPT Pro with Codex, and selective access to Codex Security.

6 6

7## Open-source components7## Open-source components

8 8

overview.md +3 −3

Details

22 22

23 Learn more](https://developers.openai.com/codex/explore) [### Community23 Learn more](https://developers.openai.com/codex/explore) [### Community

24 24

~~25Explore Codex Ambassadors and upcoming community meetups by location.~~25Read community posts, explore meetups, and connect with Codex builders.

26 26

~~27 See community](https://developers.openai.com/codex/community/meetups) [### Codex for OSS~~27 See community](/community) [### Codex for Open Source

28 28

30 30

~~31 Learn more](https://developers.openai.com/codex/community/codex-for-oss)~~31 Learn more](https://developers.openai.com/community/codex-for-oss)

quickstart.md +3 −0

Details

41- Find and fix bugs in my codebase with minimal, high-confidence changes.40- Find and fix bugs in my codebase with minimal, high-confidence changes.

42 41

43 If you need more inspiration, check out the [explore section](https://developers.openai.com/codex/explore).42 If you need more inspiration, check out the [explore section](https://developers.openai.com/codex/explore).

43 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

44 44

45 [Learn more about the Codex app](https://developers.openai.com/codex/app)45 [Learn more about the Codex app](https://developers.openai.com/codex/app)

46 46

694. Use Git checkpoints694. Use Git checkpoints

70 70

71 Codex can modify your codebase, so consider creating Git checkpoints before and after each task so you can easily revert changes if needed.71 Codex can modify your codebase, so consider creating Git checkpoints before and after each task so you can easily revert changes if needed.

72 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

72 73

73 [Learn more about the Codex IDE extension](https://developers.openai.com/codex/ide)74 [Learn more about the Codex IDE extension](https://developers.openai.com/codex/ide)

74 75

1004. Use Git checkpoints1014. Use Git checkpoints

101 102

102 Codex can modify your codebase, so consider creating Git checkpoints before and after each task so you can easily revert changes if needed.103 Codex can modify your codebase, so consider creating Git checkpoints before and after each task so you can easily revert changes if needed.

104 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

103 105

104[Learn more about the Codex CLI](https://developers.openai.com/codex/cli)106[Learn more about the Codex CLI](https://developers.openai.com/codex/cli)

105 107

security.md +1 −1

Details

26 26

27## Access and prerequisites27## Access and prerequisites

28 28

29Codex Security works with connected GitHub repositories through Codex cloud. OpenAI manages access. If you need access or a repository isn’t visible, contact your OpenAI account team and confirm the repository is available through your Codex cloud workspace.29Codex Security works with connected GitHub repositories through Codex Web. OpenAI manages access. If you need access or a repository isn't visible, contact your OpenAI account team and confirm the repository is available through your Codex Web workspace.

30 30

31## Related docs31## Related docs

32 32

speed.md +5 −3

Details

8Fast mode is currently supported on GPT-5.4. When enabled, speed is increased8Fast mode is currently supported on GPT-5.4. When enabled, speed is increased

9by 1.5x and credits are consumed at a 2x rate.9by 1.5x and credits are consumed at a 2x rate.

10 10

~~11Enable it by typing `/fast`. It’s available in Codex IDE Extensions, Codex~~11Use `/fast on`, `/fast off`, or `/fast status` in the CLI to change or inspect

~~12CLI, and the Codex app when you sign in with ChatGPT. With an API key, Codex~~12the current setting. You can also persist the default with `service_tier = "fast"` plus `[features].fast_mode = true` in `config.toml`. Fast mode is

~~13uses standard API pricing instead and you can’t use `/fast`.~~13available in the Codex IDE extension, Codex CLI, and the Codex app when you

14sign in with ChatGPT. With an API key, Codex uses standard API pricing instead

15and you can't use Fast mode credits.

14 16

15[17[

16Your browser does not support the video tag.18Your browser does not support the video tag.

subagents.md +340 −0 added

Details

1# Subagents

3Codex can run subagent workflows by spawning specialized agents in parallel and then collecting their results in one response. This can be particularly helpful for complex tasks that are highly parallel, such as codebase exploration or implementing a multi-step feature plan.

5With subagent workflows, you can also define your own custom agents with different model configurations and instructions depending on the task.

7For the concepts and tradeoffs behind subagent workflows, including context pollution, context rot, and model-selection guidance, see [Subagent concepts](https://developers.openai.com/codex/concepts/subagents).

9## Availability

11Current Codex releases enable subagent workflows by default.

13Subagent activity is currently surfaced in the Codex app and CLI. Visibility

14 in the IDE Extension is coming soon.

16Codex only spawns subagents when you explicitly ask it to. Because each

17subagent does its own model and tool work, subagent workflows consume more

18tokens than comparable single-agent runs.

20## Typical workflow

22Codex handles orchestration across agents, including spawning new subagents,

23routing follow-up instructions, waiting for results, and closing agent

24threads.

26When many agents are running, Codex waits until all requested results are

27available, then returns a consolidated response.

29Codex only spawns a new agent when you explicitly ask it to do so.

31To see it in action, try the following prompt on your project:

33```text

34I would like to review the following points on the current PR (this branch vs main). Spawn one agent per point, wait for all of them, and summarize the result for each point.

351. Security issue

362. Code quality

373. Bugs

384. Race

395. Test flakiness

406. Maintainability of the code

41```

43## Managing subagents

45- Use `/agent` in the CLI to switch between active agent threads and inspect the ongoing thread.

46- Ask Codex directly to steer a running subagent, stop it, or close completed agent threads.

48## Approvals and sandbox controls

50Subagents inherit your current sandbox policy.

52In interactive CLI sessions, approval requests can surface from inactive agent

53threads even while you are looking at the main thread. The approval overlay

54shows the source thread label, and you can press `o` to open that thread before

55you approve, reject, or answer the request.

57In non-interactive flows, or whenever a run can't surface a fresh approval, an

58action that needs new approval fails and Codex surfaces the error back to the

59parent workflow.

61Codex also reapplies the parent turn's live runtime overrides when it spawns a

62child. That includes sandbox and approval choices you set interactively during

63the session, such as `/approvals` changes or `--yolo`, even if the selected

64custom agent file sets different defaults.

66You can also override the sandbox configuration for individual [custom agents](#custom-agents), such as explicitly marking one to work in read-only mode.

68## Custom agents

70Codex ships with built-in agents:

72- `default`: general-purpose fallback agent.

73- `worker`: execution-focused agent for implementation and fixes.

74- `explorer`: read-heavy codebase exploration agent.

76To define your own custom agents, add standalone TOML files under

77`~/.codex/agents/` for personal agents or `.codex/agents/` for project-scoped

78agents.

80Each file defines one custom agent. Codex loads these files as configuration

81layers for spawned sessions, so custom agents can override the same settings as

82a normal Codex session config. That can feel heavier than a dedicated agent

83manifest, and the format may evolve as authoring and sharing mature.

85Every standalone custom agent file must define:

87- `name`

88- `description`

89- `developer_instructions`

91Optional fields such as `nickname_candidates`, `model`,

92`model_reasoning_effort`, `sandbox_mode`, `mcp_servers`, and `skills.config`

93inherit from the parent session when you omit them.

95### Global settings

97Global subagent settings still live under `[agents]` in your [configuration](https://developers.openai.com/codex/config-basic#configuration-precedence).

100| --- | --- | --- | --- |

104

105**Notes:**

106

107- `agents.max_threads` defaults to `6` when you leave it unset.

108- `agents.max_depth` defaults to `1`, which allows a direct child agent to spawn but prevents deeper nesting.

109- `agents.job_max_runtime_seconds` is optional. When you leave it unset, `spawn_agents_on_csv` falls back to its per-call default timeout of 1800 seconds per worker.

110- If a custom agent name matches a built-in agent such as `explorer`, your custom agent takes precedence.

111

112### Custom agent file schema

113

115| --- | --- | --- | --- |

120

121You can also include other supported `config.toml` keys in a custom agent file, such as `model`, `model_reasoning_effort`, `sandbox_mode`, `mcp_servers`, and `skills.config`.

122

123Codex identifies the custom agent by its `name` field. Matching the filename to

124the agent name is the simplest convention, but the `name` field is the source

125of truth.

126

127### Display nicknames

128

129Use `nickname_candidates` when you want Codex to assign more readable display

130names to spawned agents. This is especially helpful when you run many

131instances of the same custom agent and want the UI to show distinct labels

132instead of repeating the same agent name.

133

134Nicknames are presentation-only. Codex still identifies and spawns the agent by

135its `name`.

136

137Nickname candidates must be a non-empty list of unique names. Each nickname can

138use ASCII letters, digits, spaces, hyphens, and underscores.

139

140Example:

141

142```toml

143name = "reviewer"

144description = "PR reviewer focused on correctness, security, and missing tests."

145developer_instructions = """

146Review code like an owner.

147Prioritize correctness, security, behavior regressions, and missing test coverage.

148"""

149nickname_candidates = ["Atlas", "Delta", "Echo"]

150```

151

152In practice, the Codex app and CLI can show the nicknames where agent activity

153appears, while the underlying agent type stays

154`reviewer`.

155

156### Example custom agents

157

158The best custom agents are narrow and opinionated. Give each one clear job, a

159tool surface that matches that job, and instructions that keep it from

160drifting into adjacent work.

161

162#### Example 1: PR review

163

164This pattern splits review across three focused custom agents:

165

166- `pr_explorer` maps the codebase and gathers evidence.

167- `reviewer` looks for correctness, security, and test risks.

168- `docs_researcher` checks framework or API documentation through a dedicated MCP server.

169

170Project config (`.codex/config.toml`):

171

172```toml

173[agents]

174max_threads = 6

175max_depth = 1

176```

177

178`.codex/agents/pr-explorer.toml`:

179

180```toml

181name = "pr_explorer"

182description = "Read-only codebase explorer for gathering evidence before changes are proposed."

183model = "gpt-5.3-codex-spark"

184model_reasoning_effort = "medium"

185sandbox_mode = "read-only"

186developer_instructions = """

187Stay in exploration mode.

188Trace the real execution path, cite files and symbols, and avoid proposing fixes unless the parent agent asks for them.

189Prefer fast search and targeted file reads over broad scans.

190"""

191```

192

193`.codex/agents/reviewer.toml`:

194

195```toml

196name = "reviewer"

197description = "PR reviewer focused on correctness, security, and missing tests."

198model = "gpt-5.4"

199model_reasoning_effort = "high"

200sandbox_mode = "read-only"

201developer_instructions = """

202Review code like an owner.

203Prioritize correctness, security, behavior regressions, and missing test coverage.

204Lead with concrete findings, include reproduction steps when possible, and avoid style-only comments unless they hide a real bug.

205"""

206```

207

208`.codex/agents/docs-researcher.toml`:

209

210```toml

211name = "docs_researcher"

212description = "Documentation specialist that uses the docs MCP server to verify APIs and framework behavior."

213model = "gpt-5.4-mini"

214model_reasoning_effort = "medium"

215sandbox_mode = "read-only"

216developer_instructions = """

217Use the docs MCP server to confirm APIs, options, and version-specific behavior.

218Return concise answers with links or exact references when available.

219Do not make code changes.

220"""

221

222[mcp_servers.openaiDeveloperDocs]

223url = "https://developers.openai.com/mcp"

224```

225

226This setup works well for prompts like:

227

228```text

229Review this branch against main. Have pr_explorer map the affected code paths, reviewer find real risks, and docs_researcher verify the framework APIs that the patch relies on.

230```

231

232## Process CSV batches with subagents (experimental)

233

234This workflow is experimental and may change as subagent support evolves.

235Use `spawn_agents_on_csv` when you have many similar tasks that map to one row per work item. Codex reads the CSV, spawns one worker subagent per row, waits for the full batch to finish, and exports the combined results to CSV.

236

237This works well for repeated audits such as:

238

239- reviewing one file, package, or service per row

240- checking a list of incidents, PRs, or migration targets

241- generating structured summaries for many similar inputs

242

243The tool accepts:

244

245- `csv_path` for the source CSV

246- `instruction` for the worker prompt template, using `{column_name}` placeholders

247- `id_column` when you want stable item ids from a specific column

248- `output_schema` when each worker should return a JSON object with a fixed shape

249- `output_csv_path`, `max_concurrency`, and `max_runtime_seconds` for job control

250

251Each worker must call `report_agent_job_result` exactly once. If a worker exits without reporting a result, Codex marks that row with an error in the exported CSV.

252

253Example prompt:

254

255```text

256Create /tmp/components.csv with columns path,owner and one row per frontend component.

257

258Then call spawn_agents_on_csv with:

259- csv_path: /tmp/components.csv

260- id_column: path

261- instruction: "Review {path} owned by {owner}. Return JSON with keys path, risk, summary, and follow_up via report_agent_job_result."

262- output_csv_path: /tmp/components-review.csv

263- output_schema: an object with required string fields path, risk, summary, and follow_up

264```

265

266When you run this through `codex exec`, Codex shows a single-line progress update on `stderr` while the batch is running. The exported CSV includes the original row data plus metadata such as `job_id`, `item_id`, `status`, `last_error`, and `result_json`.

267

268Related runtime settings:

269

270- `agents.max_threads` caps how many agent threads can stay open concurrently.

271- `agents.job_max_runtime_seconds` sets the default per-worker timeout for CSV fan-out jobs. A per-call `max_runtime_seconds` override takes precedence.

272- `sqlite_home` controls where Codex stores the SQLite-backed state used for agent jobs and their exported results.

273

274#### Example 2: Frontend integration debugging

275

276This pattern is useful for UI regressions, flaky browser flows, or integration bugs that cross application code and the running product.

277

278Project config (`.codex/config.toml`):

279

280```toml

281[agents]

282max_threads = 6

283max_depth = 1

284```

285

286`.codex/agents/code-mapper.toml`:

287

288```toml

289name = "code_mapper"

290description = "Read-only codebase explorer for locating the relevant frontend and backend code paths."

291model = "gpt-5.4-mini"

292model_reasoning_effort = "medium"

293sandbox_mode = "read-only"

294developer_instructions = """

295Map the code that owns the failing UI flow.

296Identify entry points, state transitions, and likely files before the worker starts editing.

297"""

298```

299

300`.codex/agents/browser-debugger.toml`:

301

302```toml

303name = "browser_debugger"

304description = "UI debugger that uses browser tooling to reproduce issues and capture evidence."

305model = "gpt-5.4"

306model_reasoning_effort = "high"

307sandbox_mode = "workspace-write"

308developer_instructions = """

309Reproduce the issue in the browser, capture exact steps, and report what the UI actually does.

310Use browser tooling for screenshots, console output, and network evidence.

311Do not edit application code.

312"""

313

314[mcp_servers.chrome_devtools]

315url = "http://localhost:3000/mcp"

316startup_timeout_sec = 20

317```

318

319`.codex/agents/ui-fixer.toml`:

320

321```toml

322name = "ui_fixer"

323description = "Implementation-focused agent for small, targeted fixes after the issue is understood."

324model = "gpt-5.3-codex-spark"

325model_reasoning_effort = "medium"

326developer_instructions = """

327Own the fix once the issue is reproduced.

328Make the smallest defensible change, keep unrelated files untouched, and validate only the behavior you changed.

329"""

330

331[[skills.config]]

332path = "/Users/me/.agents/skills/docs-editor/SKILL.md"

333enabled = false

334```

335

336This setup works well for prompts like:

337

338```text

339Investigate why the settings modal fails to save. Have browser_debugger reproduce it, code_mapper trace the responsible code path, and ui_fixer implement the smallest fix once the failure mode is clear.

340```

windows.md +11 −0

Details

26- Uses a Restricted Token approach with filesystem ACLs to limit which files the sandbox can write to.26- Uses a Restricted Token approach with filesystem ACLs to limit which files the sandbox can write to.

27- Runs commands as a dedicated Windows Sandbox User.27- Runs commands as a dedicated Windows Sandbox User.

28- Limits network access by installing Windows Firewall rules.28- Limits network access by installing Windows Firewall rules.

29- Uses a private desktop by default for stronger UI isolation. Set `windows.sandbox_private_desktop = false` only if you need the older `Winsta0\\Default` behavior for compatibility.

31### Sandbox permissions

33Running Codex in full access mode means Codex is not limited to your project

34 directory and might perform unintentional destructive actions that can lead to

35 data loss. For safer automation, keep sandbox boundaries in place and use

36 [rules](https://developers.openai.com/codex/rules) for specific exceptions, or set your [approval policy to

37 never](https://developers.openai.com/codex/agent-approvals-security#run-without-approval-prompts) to have

38 Codex attempt to solve problems without asking for escalated permissions,

39 based on your [approval and security setup](https://developers.openai.com/codex/agent-approvals-security).

29 40

30### Grant sandbox read access41### Grant sandbox read access

31 42

OpenAI - Codex Docs Changes 2026-03-07 18:10 UTC → 2026-03-18 12:23 UTC