12Supported transports:12Supported transports:
13 13
14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).
15- `websocket` (`--listen ws://IP:PORT`, experimental): one JSON-RPC message per WebSocket text frame.15- `websocket` (`--listen ws://IP:PORT`, experimental and unsupported): one JSON-RPC message per WebSocket text frame.
16- `off` (`--listen off`): don't expose a local transport.
17
18When you run with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:
19
20- `GET /readyz` returns `200 OK` once the listener accepts new connections.
21- `GET /healthz` returns `200 OK` when the request doesn't include an `Origin` header.
22- Requests with an `Origin` header are rejected with `403 Forbidden`.
23
24WebSocket transport is experimental and unsupported. Loopback listeners such as `ws://127.0.0.1:PORT` are appropriate for localhost and SSH port-forwarding workflows. Non-loopback WebSocket listeners currently allow unauthenticated connections by default during rollout, so configure WebSocket auth before exposing one remotely.
25
26Supported WebSocket auth flags:
27
28- `--ws-auth capability-token --ws-token-file /absolute/path`
29- `--ws-auth capability-token --ws-token-sha256 HEX`
30- `--ws-auth signed-bearer-token --ws-shared-secret-file /absolute/path`
31
32For signed bearer tokens, you can also set `--ws-issuer`, `--ws-audience`, and `--ws-max-clock-skew-seconds`. Clients present the credential as `Authorization: Bearer <token>` during the WebSocket handshake, and app-server enforces auth before JSON-RPC `initialize`.
33
34Prefer `--ws-token-file` over passing raw bearer tokens on the command line. Use `--ws-token-sha256` only when the client keeps the raw high-entropy token in a separate local secret store; the hash is only a verifier, and clients still need the original token.
16 35
17In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.36In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.
18 37
199- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.218- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.
200- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.219- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.
201- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.220- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.
202- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters. Returned `thread` objects include runtime `status`.221- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filters. Returned `thread` objects include runtime `status`.
222- `thread/turns/list` - page through a stored thread's turn history without resuming it.
203- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.
204- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.
225- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.
205- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.226- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.
206- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread and emits `thread/closed`.227- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.
207- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.228- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.
208- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.229- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.
209- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.230- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.
211- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).232- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).
212- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.233- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.
213- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."234- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."
235- `thread/inject_items` - append raw Responses API items to a loaded thread's model-visible history without starting a user turn.
214- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.236- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.
215- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.237- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.
216- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.238- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.
218- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.240- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.
219- `command/exec/resize` - resize a running PTY-backed `command/exec` session.241- `command/exec/resize` - resize a running PTY-backed `command/exec` session.
220- `command/exec/terminate` - stop a running `command/exec` session.242- `command/exec/terminate` - stop a running `command/exec` session.
243- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.
221- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.244- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.
222- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.245- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.
246- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.
223- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).247- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).
224- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).248- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).
225- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace errors, featured plugin ids, and the development-only `forceRemoteSync` option.249- `skills/changed` (notify) - emitted when watched local skill files change.
226- `plugin/read` - read one plugin by marketplace path and plugin name, including bundled skills, apps, and MCP server names.250- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.
227- `plugin/install` - install a plugin from a marketplace path.251- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.
252- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.
253- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.
228- `plugin/uninstall` - uninstall an installed plugin.254- `plugin/uninstall` - uninstall an installed plugin.
229- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.255- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.
230- `skills/config/write` - enable or disable skills by path.256- `skills/config/write` - enable or disable skills by path.
233- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.259- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.
234- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.260- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.
235- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.261- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.
262- `mcpServer/tool/call` - call a tool on a thread's configured MCP server.
263- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread.
236- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.264- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.
237- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).265- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).
238- `config/read` - fetch the effective configuration on disk after resolving configuration layering.266- `config/read` - fetch the effective configuration on disk after resolving configuration layering.
239- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).267- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).
240- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home).268- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home); plugin imports emit `externalAgentConfig/import/completed`.
241- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.269- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.
242- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.270- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.
243- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).271- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).
244- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, and `fs/copy` - operate on absolute filesystem paths through the app-server v2 filesystem API.272- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, `fs/copy`, `fs/watch`, `fs/unwatch`, and `fs/changed` (notify) - operate on absolute filesystem paths through the app-server v2 filesystem API.
273
274Plugin summaries include a `source` union. Local plugins return
275`{ "type": "local", "path": ... }`, Git-backed marketplace entries return
276`{ "type": "git", "url": ..., "path": ..., "refName": ..., "sha": ... }`,
277and remote catalog entries return `{ "type": "remote" }`. For remote-only
278catalog entries, `PluginMarketplaceEntry.path` can be `null`; pass
279`remoteMarketplaceName` instead of `marketplacePath` when reading or installing
280those plugins.
245 281
246## Models282## Models
247 283
310## Threads346## Threads
311 347
312- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.348- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.
313- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filtering.349- `thread/turns/list` pages through a stored thread's turn history without resuming it.
350- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filtering.
314- `thread/loaded/list` returns the thread IDs currently in memory.351- `thread/loaded/list` returns the thread IDs currently in memory.
315- `thread/archive` moves the thread's persisted JSONL log into the archived directory.352- `thread/archive` moves the thread's persisted JSONL log into the archived directory.
316- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed`.353- `thread/metadata/update` patches stored thread metadata, currently including persisted `gitInfo`.
354- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed` after an inactivity grace period.
317- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.355- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.
318- `thread/compact/start` triggers compaction and returns `{}` immediately.356- `thread/compact/start` triggers compaction and returns `{}` immediately.
319- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.357- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.
358- `thread/inject_items` appends raw Responses API items to a loaded thread's model-visible history without starting a user turn.
320 359
321### Start or resume a thread360### Start or resume a thread
322 361
387 426
388Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.427Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.
389 428
429### List thread turns
430
431Use `thread/turns/list` to page a stored thread's turn history without resuming it. Results default to newest-first so clients can fetch older turns with `nextCursor`. The response also includes `backwardsCursor`; pass it as `cursor` with `sortDirection: "asc"` to fetch turns newer than the first item from the earlier page.
432
433```json
434{ "method": "thread/turns/list", "id": 20, "params": {
435 "threadId": "thr_123",
436 "limit": 50,
437 "sortDirection": "desc"
438} }
439{ "id": 20, "result": {
440 "data": [],
441 "nextCursor": "older-turns-cursor-or-null",
442 "backwardsCursor": "newer-turns-cursor-or-null"
443} }
444```
445
390### List threads (with pagination & filters)446### List threads (with pagination & filters)
391 447
392`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:448`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:
398- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.454- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.
399- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).455- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).
400- `cwd` - restrict results to threads whose session current working directory exactly matches this path.456- `cwd` - restrict results to threads whose session current working directory exactly matches this path.
457- `searchTerm` - search stored thread summaries and metadata before pagination.
401 458
402`sourceKinds` accepts the following values:459`sourceKinds` accepts the following values:
403 460
431 488
432When `nextCursor` is `null`, you have reached the final page.489When `nextCursor` is `null`, you have reached the final page.
433 490
491### Update stored thread metadata
492
493Use `thread/metadata/update` to patch stored thread metadata without resuming the thread. Today this supports persisted `gitInfo`; omitted fields are left unchanged, and explicit `null` clears a stored value.
494
495```json
496{ "method": "thread/metadata/update", "id": 21, "params": {
497 "threadId": "thr_123",
498 "gitInfo": { "branch": "feature/sidebar-pr" }
499} }
500{ "id": 21, "result": {
501 "thread": {
502 "id": "thr_123",
503 "gitInfo": { "sha": null, "branch": "feature/sidebar-pr", "originUrl": null }
504 }
505} }
506```
507
434### Track thread status changes508### Track thread status changes
435 509
436`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.510`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.
462- `notSubscribed` when the connection wasn't subscribed to that thread.536- `notSubscribed` when the connection wasn't subscribed to that thread.
463- `notLoaded` when the thread isn't loaded.537- `notLoaded` when the thread isn't loaded.
464 538
465If this was the last subscriber, the server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.539If this was the last subscriber, the server keeps the thread loaded until it has no subscribers and no thread activity for 30 minutes. When the grace period expires, app-server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.
466 540
467```json541```json
468{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }542{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }
469{ "id": 22, "result": { "status": "unsubscribed" } }543{ "id": 22, "result": { "status": "unsubscribed" } }
544```
545
546If the thread later expires:
547
548```json
470{ "method": "thread/status/changed", "params": {549{ "method": "thread/status/changed", "params": {
471 "threadId": "thr_123",550 "threadId": "thr_123",
472 "status": { "type": "notLoaded" }551 "status": { "type": "notLoaded" }
615{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }694{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }
616```695```
617 696
697### Inject items into a thread
698
699Use `thread/inject_items` to append prebuilt Responses API items to a loaded thread's prompt history without starting a user turn. These items are persisted to the rollout and included in subsequent model requests.
700
701```json
702{ "method": "thread/inject_items", "id": 31, "params": {
703 "threadId": "thr_123",
704 "items": [
705 {
706 "type": "message",
707 "role": "assistant",
708 "content": [{ "type": "output_text", "text": "Previously computed context." }]
709 }
710 ]
711} }
712{ "id": 31, "result": {} }
713```
714
618### Steer an active turn715### Steer an active turn
619 716
620Use `turn/steer` to append more user input to the active in-flight turn.717Use `turn/steer` to append more user input to the active in-flight turn.
796- `elevated` - run the elevated Windows sandbox setup path.893- `elevated` - run the elevated Windows sandbox setup path.
797- `unelevated` - run the legacy setup/preflight path.894- `unelevated` - run the legacy setup/preflight path.
798 895
896## Filesystem
897
898The v2 filesystem APIs operate on absolute paths. Use `fs/watch` when a client needs to invalidate UI state after a file or directory changes.
899
900```json
901{ "method": "fs/watch", "id": 54, "params": {
902 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",
903 "path": "/Users/me/project/.git/HEAD"
904} }
905{ "id": 54, "result": { "path": "/Users/me/project/.git/HEAD" } }
906{ "method": "fs/changed", "params": {
907 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",
908 "changedPaths": ["/Users/me/project/.git/HEAD"]
909} }
910{ "method": "fs/unwatch", "id": 55, "params": {
911 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1"
912} }
913{ "id": 55, "result": {} }
914```
915
916Watching a file emits `fs/changed` for that file path, including updates delivered by replace or rename operations.
917
799## Events918## Events
800 919
801Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.920Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.
1016} }1135} }
1017```1136```
1018 1137
1138The server also emits `skills/changed` notifications when watched local skill files change. Treat this as an invalidation signal and rerun `skills/list` with your current params when needed.
1139
1019To enable or disable a skill by path:1140To enable or disable a skill by path:
1020 1141
1021```json1142```json
1222{ "id": 64, "result": {} }1343{ "id": 64, "result": {} }
1223```1344```
1224 1345
1225Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, and `MCP_SERVER_CONFIG`. Detection returns only items that still have work to do. For example, AGENTS migration is skipped when `AGENTS.md` already exists and is non-empty, and skill imports don’t overwrite existing skill directories.1346When a request includes plugin imports, the server emits `externalAgentConfig/import/completed` after the import finishes. This notification may arrive immediately after the response or after background remote imports complete.
1347
1348Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, `PLUGINS`,
1349and `MCP_SERVER_CONFIG`. For `PLUGINS` items, `details.plugins` lists each
1350`marketplaceName` and the `pluginNames` Codex can try to migrate. Detection
1351returns only items that still have work to do. For example, Codex skips AGENTS
1352migration when `AGENTS.md` already exists and is non-empty, and skill imports
1353don't overwrite existing skill directories.
1354
1355When detecting plugins from `.claude/settings.json`, Codex reads configured
1356marketplace sources from `extraKnownMarketplaces`. If `enabledPlugins` contains
1357plugins from `claude-plugins-official` but the marketplace source is missing,
1358Codex infers `anthropics/claude-plugins-official` as the source.
1226 1359
1227## Auth endpoints1360## Auth endpoints
1228 1361
1229The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.1362The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, inspect ChatGPT rate limits, and notify workspace owners about depleted credits or usage limits.
1230 1363
1231### Authentication modes1364### Authentication modes
1232 1365
1233Codex supports three authentication modes. `account/updated.authMode` shows the active mode, and `account/read` also reports it.1366Codex supports these authentication modes. `account/updated.authMode` shows the active mode and includes the current ChatGPT `planType` when available. `account/read` also reports account and plan details.
1234 1367
1235- **API key (`apikey`)** - the caller supplies an OpenAI API key and Codex stores it for API requests.1368- **API key (`apikey`)** - the caller supplies an OpenAI API key with `type: "apiKey"`, and Codex stores it for API requests.
1236- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically.1369- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically. Start with `type: "chatgpt"` for the browser flow or `type: "chatgptDeviceCode"` for the device-code flow.
1237- **ChatGPT external tokens (`chatgptAuthTokens`)** - a host app supplies `idToken` and `accessToken` directly. Codex stores these tokens in memory, and the host app must refresh them when asked.1370- **ChatGPT external tokens (`chatgptAuthTokens`)** - experimental and intended for host apps that already own the user's ChatGPT auth lifecycle. The host app supplies an `accessToken`, `chatgptAccountId`, and optional `chatgptPlanType` directly, and must refresh the token when asked.
1238 1371
1239### API overview1372### API overview
1240 1373
1241- `account/read` - fetch current account info; optionally refresh tokens.1374- `account/read` - fetch current account info; optionally refresh tokens.
1242- `account/login/start` - begin login (`apiKey`, `chatgpt`, or `chatgptAuthTokens`).1375- `account/login/start` - begin login (`apiKey`, `chatgpt`, `chatgptDeviceCode`, or experimental `chatgptAuthTokens`).
1243- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).1376- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).
1244- `account/login/cancel` - cancel a pending ChatGPT login by `loginId`.1377- `account/login/cancel` - cancel a pending managed ChatGPT login by `loginId`.
1245- `account/logout` - sign out; triggers `account/updated`.1378- `account/logout` - sign out; triggers `account/updated`.
1246- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`).1379- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`) and includes `planType` when available.
1247- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.1380- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.
1248- `account/rateLimits/read` - fetch ChatGPT rate limits.1381- `account/rateLimits/read` - fetch ChatGPT rate limits.
1249- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.1382- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.
1383- `account/sendAddCreditsNudgeEmail` - ask ChatGPT to email a workspace owner about depleted credits or a reached usage limit.
1250- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.1384- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.
1385- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread; payload includes `{ name, status, error }`.
1251 1386
1252### 1) Check auth state1387### 1) Check auth state
1253 1388
1319 ```1454 ```
1320 1455
1321 ```json1456 ```json
1322 { "method": "account/updated", "params": { "authMode": "apikey" } }1457 {
1458 "method": "account/updated",
1459 "params": { "authMode": "apikey", "planType": null }
1460 }
1323 ```1461 ```
1324 1462
1325### 3) Log in with ChatGPT (browser flow)1463### 3) Log in with ChatGPT (browser flow)
1351 ```1489 ```
1352 1490
1353 ```json1491 ```json
1354 { "method": "account/updated", "params": { "authMode": "chatgpt" } }1492 {
1493 "method": "account/updated",
1494 "params": { "authMode": "chatgpt", "planType": "plus" }
1495 }
1496 ```
1497
1498### 3b) Log in with ChatGPT (device-code flow)
1499
1500Use this flow when your client owns the sign-in ceremony or when a browser callback is brittle.
1501
15021. Start:
1503
1504 ```json
1505 {
1506 "method": "account/login/start",
1507 "id": 4,
1508 "params": { "type": "chatgptDeviceCode" }
1509 }
1510 ```
1511
1512 ```json
1513 {
1514 "id": 4,
1515 "result": {
1516 "type": "chatgptDeviceCode",
1517 "loginId": "<uuid>",
1518 "verificationUrl": "https://auth.openai.com/codex/device",
1519 "userCode": "ABCD-1234"
1520 }
1521 }
1522 ```
15232. Show `verificationUrl` and `userCode` to the user; the frontend owns the UX.
15243. Wait for notifications:
1525
1526 ```json
1527 {
1528 "method": "account/login/completed",
1529 "params": { "loginId": "<uuid>", "success": true, "error": null }
1530 }
1531 ```
1532
1533 ```json
1534 {
1535 "method": "account/updated",
1536 "params": { "authMode": "chatgpt", "planType": "plus" }
1537 }
1355 ```1538 ```
1356 1539
1357### 3b) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)1540### 3c) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)
1358 1541
1359Use this mode when a host application owns the user’s ChatGPT auth lifecycle and supplies tokens directly.1542Use this experimental mode only when a host application owns the user's ChatGPT auth lifecycle and supplies tokens directly. Clients must set `capabilities.experimentalApi = true` during `initialize` before using this login type.
1360 1543
13611. Send:15441. Send:
1362 1545
1366 "id": 7,1549 "id": 7,
1367 "params": {1550 "params": {
1368 "type": "chatgptAuthTokens",1551 "type": "chatgptAuthTokens",
1369 "idToken": "<jwt>",1552 "accessToken": "<jwt>",
1370 "accessToken": "<jwt>"1553 "chatgptAccountId": "org-123",
1554 "chatgptPlanType": "business"
1371 }1555 }
1372 }1556 }
1373 ```1557 ```
1388 ```json1572 ```json
1389 {1573 {
1390 "method": "account/updated",1574 "method": "account/updated",
1391 "params": { "authMode": "chatgptAuthTokens" }1575 "params": { "authMode": "chatgptAuthTokens", "planType": "business" }
1392 }1576 }
1393 ```1577 ```
1394 1578
1400 "id": 8,1584 "id": 8,
1401 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }1585 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }
1402}1586}
1403{ "id": 8, "result": { "idToken": "<jwt>", "accessToken": "<jwt>" } }1587{ "id": 8, "result": { "accessToken": "<jwt>", "chatgptAccountId": "org-123", "chatgptPlanType": "business" } }
1404```1588```
1405 1589
1406The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.1590The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.
1417```json1601```json
1418{ "method": "account/logout", "id": 5 }1602{ "method": "account/logout", "id": 5 }
1419{ "id": 5, "result": {} }1603{ "id": 5, "result": {} }
1420{ "method": "account/updated", "params": { "authMode": null } }1604{ "method": "account/updated", "params": { "authMode": null, "planType": null } }
1421```1605```
1422 1606
1423### 6) Rate limits (ChatGPT)1607### 6) Rate limits (ChatGPT)
1429 "limitId": "codex",1613 "limitId": "codex",
1430 "limitName": null,1614 "limitName": null,
1431 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1615 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },
1432 "secondary": null1616 "secondary": null,
1617 "rateLimitReachedType": null
1433 },1618 },
1434 "rateLimitsByLimitId": {1619 "rateLimitsByLimitId": {
1435 "codex": {1620 "codex": {
1436 "limitId": "codex",1621 "limitId": "codex",
1437 "limitName": null,1622 "limitName": null,
1438 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1623 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },
1439 "secondary": null1624 "secondary": null,
1625 "rateLimitReachedType": null
1440 },1626 },
1441 "codex_other": {1627 "codex_other": {
1442 "limitId": "codex_other",1628 "limitId": "codex_other",
1443 "limitName": "codex_other",1629 "limitName": "codex_other",
1444 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },1630 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },
1445 "secondary": null1631 "secondary": null,
1632 "rateLimitReachedType": null
1446 }1633 }
1447 }1634 }
1448} }1635} }
1463- `usedPercent` is current usage within the quota window.1650- `usedPercent` is current usage within the quota window.
1464- `windowDurationMins` is the quota window length.1651- `windowDurationMins` is the quota window length.
1465- `resetsAt` is a Unix timestamp (seconds) for the next reset.1652- `resetsAt` is a Unix timestamp (seconds) for the next reset.
1653- `planType` is included when the backend returns the ChatGPT plan associated with a bucket.
1654- `credits` is included when the backend returns remaining workspace credit details.
1655- `rateLimitReachedType` identifies the backend-classified limit state when one has been reached.
1656
1657### 7) Notify a workspace owner about a limit
1658
1659Use `account/sendAddCreditsNudgeEmail` to ask ChatGPT to email a workspace owner when credits are depleted or a usage limit has been reached.
1660
1661```json
1662{ "method": "account/sendAddCreditsNudgeEmail", "id": 7, "params": { "creditType": "credits" } }
1663{ "id": 7, "result": { "status": "sent" } }
1664```
1665
1666Use `creditType: "credits"` when workspace credits are depleted, or `creditType: "usage_limit"` when the workspace usage limit has been reached. If the owner was already notified recently, the response status is `cooldown_active`.
