OpenAI - Codex Docs Changes 2026-04-21 06:45 UTC → 2026-04-23 12:28 UTC

73- `<writable_root>/.codex` is protected as read-only when it exists as a directory.73- `<writable_root>/.codex` is protected as read-only when it exists as a directory.

74- Protection is recursive, so everything under those paths is read-only.74- Protection is recursive, so everything under those paths is read-only.

75 75 

76### Deny reads with filesystem profiles

77 

78Named permission profiles can also deny reads for exact paths or glob patterns.

79This is useful when a workspace should stay writable but specific sensitive

80files, such as local environment files, must stay unreadable:

81 

82```toml

83default_permissions = "workspace"

84 

85[permissions.workspace.filesystem]

86":project_roots" = { "." = "write", "**/*.env" = "none" }

87glob_scan_max_depth = 3

88```

89 

90Use `"none"` for paths or globs that Codex shouldn't read. The sandbox policy

91evaluates globs for local macOS and Linux command execution. On platforms that

92pre-expand glob matches before the sandbox starts, set `glob_scan_max_depth` for

93unbounded `**` patterns, or list explicit depths such as `*.env`, `*/*.env`, and

94`*/*/*.env`.

95 

76### Run without approval prompts96### Run without approval prompts

77 97 

78You can disable approval prompts with `--ask-for-approval never` or `-a never` (shorthand).98You can disable approval prompts with `--ask-for-approval never` or `-a never` (shorthand).

12 12 

13The Codex app is available on macOS and Windows.13The Codex app is available on macOS and Windows.

14 14 

15Most Codex app features are available on both platforms. Platform-specific

16exceptions are noted in the relevant docs.

17 

151. Download and install the Codex app181. Download and install the Codex app

16 19 

17 Download the Codex app for Windows or macOS. Choose the Intel build if you’re using an Intel-based Mac.20 Download the Codex app for macOS or Windows. Choose the Intel build if you're using an Intel-based Mac.

18 21 

19 [Download for macOS (Apple Silicon)](https://persistent.oaistatic.com/codex-app-prod/Codex.dmg)[Download for macOS (Intel)](https://persistent.oaistatic.com/codex-app-prod/Codex-latest-x64.dmg)22 [Download for macOS (Apple Silicon)](https://persistent.oaistatic.com/codex-app-prod/Codex.dmg)[Download for macOS (Intel)](https://persistent.oaistatic.com/codex-app-prod/Codex-latest-x64.dmg)

20 23 

12Supported transports:12Supported transports:

13 13 

14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).

15- `websocket` (`--listen ws://IP:PORT`, experimental): one JSON-RPC message per WebSocket text frame.15- `websocket` (`--listen ws://IP:PORT`, experimental and unsupported): one JSON-RPC message per WebSocket text frame.

16- `off` (`--listen off`): don't expose a local transport.

17 

18When you run with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:

19 

20- `GET /readyz` returns `200 OK` once the listener accepts new connections.

21- `GET /healthz` returns `200 OK` when the request doesn't include an `Origin` header.

22- Requests with an `Origin` header are rejected with `403 Forbidden`.

23 

24WebSocket transport is experimental and unsupported. Loopback listeners such as `ws://127.0.0.1:PORT` are appropriate for localhost and SSH port-forwarding workflows. Non-loopback WebSocket listeners currently allow unauthenticated connections by default during rollout, so configure WebSocket auth before exposing one remotely.

25 

26Supported WebSocket auth flags:

27 

28- `--ws-auth capability-token --ws-token-file /absolute/path`

29- `--ws-auth capability-token --ws-token-sha256 HEX`

30- `--ws-auth signed-bearer-token --ws-shared-secret-file /absolute/path`

31 

32For signed bearer tokens, you can also set `--ws-issuer`, `--ws-audience`, and `--ws-max-clock-skew-seconds`. Clients present the credential as `Authorization: Bearer <token>` during the WebSocket handshake, and app-server enforces auth before JSON-RPC `initialize`.

33 

34Prefer `--ws-token-file` over passing raw bearer tokens on the command line. Use `--ws-token-sha256` only when the client keeps the raw high-entropy token in a separate local secret store; the hash is only a verifier, and clients still need the original token.

16 35 

17In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.36In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.

18 37 

199- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.218- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.

200- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.219- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.

201- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.220- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.

202- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters. Returned `thread` objects include runtime `status`.221- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filters. Returned `thread` objects include runtime `status`.

222- `thread/turns/list` - page through a stored thread's turn history without resuming it.

203- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.

204- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.

225- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.

205- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.226- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.

206- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread and emits `thread/closed`.227- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.

207- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.228- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.

208- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.229- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.

209- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.230- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.

211- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).232- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).

212- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.233- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.

213- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."234- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."

235- `thread/inject_items` - append raw Responses API items to a loaded thread's model-visible history without starting a user turn.

214- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.236- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.

215- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.237- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.

216- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.238- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.

218- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.240- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.

219- `command/exec/resize` - resize a running PTY-backed `command/exec` session.241- `command/exec/resize` - resize a running PTY-backed `command/exec` session.

220- `command/exec/terminate` - stop a running `command/exec` session.242- `command/exec/terminate` - stop a running `command/exec` session.

243- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.

221- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.244- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.

222- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.245- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.

246- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.

223- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).247- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).

224- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).248- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).

225- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace errors, featured plugin ids, and the development-only `forceRemoteSync` option.249- `skills/changed` (notify) - emitted when watched local skill files change.

226- `plugin/read` - read one plugin by marketplace path and plugin name, including bundled skills, apps, and MCP server names.250- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.

227- `plugin/install` - install a plugin from a marketplace path.251- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.

252- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.

253- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.

228- `plugin/uninstall` - uninstall an installed plugin.254- `plugin/uninstall` - uninstall an installed plugin.

229- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.255- `app/list` - list available apps (connectors) with pagination plus accessibility/enabled metadata.

230- `skills/config/write` - enable or disable skills by path.256- `skills/config/write` - enable or disable skills by path.

233- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.259- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.

234- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.260- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.

235- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.261- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.

262- `mcpServer/tool/call` - call a tool on a thread's configured MCP server.

263- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread.

236- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.264- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.

237- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).265- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).

238- `config/read` - fetch the effective configuration on disk after resolving configuration layering.266- `config/read` - fetch the effective configuration on disk after resolving configuration layering.

239- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).267- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).

240- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home).268- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home); plugin imports emit `externalAgentConfig/import/completed`.

241- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.269- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.

242- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.270- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.

243- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).271- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).

244- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, and `fs/copy` - operate on absolute filesystem paths through the app-server v2 filesystem API.272- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, `fs/copy`, `fs/watch`, `fs/unwatch`, and `fs/changed` (notify) - operate on absolute filesystem paths through the app-server v2 filesystem API.

273 

274Plugin summaries include a `source` union. Local plugins return

275`{ "type": "local", "path": ... }`, Git-backed marketplace entries return

276`{ "type": "git", "url": ..., "path": ..., "refName": ..., "sha": ... }`,

277and remote catalog entries return `{ "type": "remote" }`. For remote-only

278catalog entries, `PluginMarketplaceEntry.path` can be `null`; pass

279`remoteMarketplaceName` instead of `marketplacePath` when reading or installing

280those plugins.

245 281 

246## Models282## Models

247 283 

310## Threads346## Threads

311 347 

312- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.348- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.

313- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filtering.349- `thread/turns/list` pages through a stored thread's turn history without resuming it.

350- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filtering.

314- `thread/loaded/list` returns the thread IDs currently in memory.351- `thread/loaded/list` returns the thread IDs currently in memory.

315- `thread/archive` moves the thread's persisted JSONL log into the archived directory.352- `thread/archive` moves the thread's persisted JSONL log into the archived directory.

316- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed`.353- `thread/metadata/update` patches stored thread metadata, currently including persisted `gitInfo`.

354- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed` after an inactivity grace period.

317- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.355- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.

318- `thread/compact/start` triggers compaction and returns `{}` immediately.356- `thread/compact/start` triggers compaction and returns `{}` immediately.

319- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.357- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.

358- `thread/inject_items` appends raw Responses API items to a loaded thread's model-visible history without starting a user turn.

320 359 

321### Start or resume a thread360### Start or resume a thread

322 361 

387 426 

388Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.427Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.

389 428 

429### List thread turns

430 

431Use `thread/turns/list` to page a stored thread's turn history without resuming it. Results default to newest-first so clients can fetch older turns with `nextCursor`. The response also includes `backwardsCursor`; pass it as `cursor` with `sortDirection: "asc"` to fetch turns newer than the first item from the earlier page.

432 

433```json

434{ "method": "thread/turns/list", "id": 20, "params": {

435 "threadId": "thr_123",

436 "limit": 50,

437 "sortDirection": "desc"

438} }

439{ "id": 20, "result": {

440 "data": [],

441 "nextCursor": "older-turns-cursor-or-null",

442 "backwardsCursor": "newer-turns-cursor-or-null"

443} }

444```

445 

390### List threads (with pagination & filters)446### List threads (with pagination & filters)

391 447 

392`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:448`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:

398- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.454- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.

399- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).455- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).

400- `cwd` - restrict results to threads whose session current working directory exactly matches this path.456- `cwd` - restrict results to threads whose session current working directory exactly matches this path.

457- `searchTerm` - search stored thread summaries and metadata before pagination.

401 458 

402`sourceKinds` accepts the following values:459`sourceKinds` accepts the following values:

403 460 

431 488 

432When `nextCursor` is `null`, you have reached the final page.489When `nextCursor` is `null`, you have reached the final page.

433 490 

491### Update stored thread metadata

492 

493Use `thread/metadata/update` to patch stored thread metadata without resuming the thread. Today this supports persisted `gitInfo`; omitted fields are left unchanged, and explicit `null` clears a stored value.

494 

495```json

496{ "method": "thread/metadata/update", "id": 21, "params": {

497 "threadId": "thr_123",

498 "gitInfo": { "branch": "feature/sidebar-pr" }

499} }

500{ "id": 21, "result": {

501 "thread": {

502 "id": "thr_123",

503 "gitInfo": { "sha": null, "branch": "feature/sidebar-pr", "originUrl": null }

504 }

505} }

506```

507 

434### Track thread status changes508### Track thread status changes

435 509 

436`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.510`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.

462- `notSubscribed` when the connection wasn't subscribed to that thread.536- `notSubscribed` when the connection wasn't subscribed to that thread.

463- `notLoaded` when the thread isn't loaded.537- `notLoaded` when the thread isn't loaded.

464 538 

465If this was the last subscriber, the server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.539If this was the last subscriber, the server keeps the thread loaded until it has no subscribers and no thread activity for 30 minutes. When the grace period expires, app-server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.

466 540 

467```json541```json

468{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }542{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }

469{ "id": 22, "result": { "status": "unsubscribed" } }543{ "id": 22, "result": { "status": "unsubscribed" } }

544```

545 

546If the thread later expires:

547 

548```json

470{ "method": "thread/status/changed", "params": {549{ "method": "thread/status/changed", "params": {

471 "threadId": "thr_123",550 "threadId": "thr_123",

472 "status": { "type": "notLoaded" }551 "status": { "type": "notLoaded" }

615{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }694{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }

616```695```

617 696 

697### Inject items into a thread

698 

699Use `thread/inject_items` to append prebuilt Responses API items to a loaded thread's prompt history without starting a user turn. These items are persisted to the rollout and included in subsequent model requests.

700 

701```json

702{ "method": "thread/inject_items", "id": 31, "params": {

703 "threadId": "thr_123",

704 "items": [

705 {

706 "type": "message",

707 "role": "assistant",

708 "content": [{ "type": "output_text", "text": "Previously computed context." }]

709 }

710 ]

711} }

712{ "id": 31, "result": {} }

713```

714 

618### Steer an active turn715### Steer an active turn

619 716 

620Use `turn/steer` to append more user input to the active in-flight turn.717Use `turn/steer` to append more user input to the active in-flight turn.

796- `elevated` - run the elevated Windows sandbox setup path.893- `elevated` - run the elevated Windows sandbox setup path.

797- `unelevated` - run the legacy setup/preflight path.894- `unelevated` - run the legacy setup/preflight path.

798 895 

896## Filesystem

897 

898The v2 filesystem APIs operate on absolute paths. Use `fs/watch` when a client needs to invalidate UI state after a file or directory changes.

899 

900```json

901{ "method": "fs/watch", "id": 54, "params": {

902 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",

903 "path": "/Users/me/project/.git/HEAD"

904} }

905{ "id": 54, "result": { "path": "/Users/me/project/.git/HEAD" } }

906{ "method": "fs/changed", "params": {

907 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",

908 "changedPaths": ["/Users/me/project/.git/HEAD"]

909} }

910{ "method": "fs/unwatch", "id": 55, "params": {

911 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1"

912} }

913{ "id": 55, "result": {} }

914```

915 

916Watching a file emits `fs/changed` for that file path, including updates delivered by replace or rename operations.

917 

799## Events918## Events

800 919 

801Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.920Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.

1016} }1135} }

1017```1136```

1018 1137 

1138The server also emits `skills/changed` notifications when watched local skill files change. Treat this as an invalidation signal and rerun `skills/list` with your current params when needed.

1139 

1019To enable or disable a skill by path:1140To enable or disable a skill by path:

1020 1141 

1021```json1142```json

1222{ "id": 64, "result": {} }1343{ "id": 64, "result": {} }

1223```1344```

1224 1345 

1225Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, and `MCP_SERVER_CONFIG`. Detection returns only items that still have work to do. For example, AGENTS migration is skipped when `AGENTS.md` already exists and is non-empty, and skill imports don’t overwrite existing skill directories.1346When a request includes plugin imports, the server emits `externalAgentConfig/import/completed` after the import finishes. This notification may arrive immediately after the response or after background remote imports complete.

1347 

1348Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, `PLUGINS`,

1349and `MCP_SERVER_CONFIG`. For `PLUGINS` items, `details.plugins` lists each

1350`marketplaceName` and the `pluginNames` Codex can try to migrate. Detection

1351returns only items that still have work to do. For example, Codex skips AGENTS

1352migration when `AGENTS.md` already exists and is non-empty, and skill imports

1353don't overwrite existing skill directories.

1354 

1355When detecting plugins from `.claude/settings.json`, Codex reads configured

1356marketplace sources from `extraKnownMarketplaces`. If `enabledPlugins` contains

1357plugins from `claude-plugins-official` but the marketplace source is missing,

1358Codex infers `anthropics/claude-plugins-official` as the source.

1226 1359 

1227## Auth endpoints1360## Auth endpoints

1228 1361 

1229The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.1362The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, inspect ChatGPT rate limits, and notify workspace owners about depleted credits or usage limits.

1230 1363 

1231### Authentication modes1364### Authentication modes

1232 1365 

1233Codex supports three authentication modes. `account/updated.authMode` shows the active mode, and `account/read` also reports it.1366Codex supports these authentication modes. `account/updated.authMode` shows the active mode and includes the current ChatGPT `planType` when available. `account/read` also reports account and plan details.

1234 1367 

1235- **API key (`apikey`)** - the caller supplies an OpenAI API key and Codex stores it for API requests.1368- **API key (`apikey`)** - the caller supplies an OpenAI API key with `type: "apiKey"`, and Codex stores it for API requests.

1236- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically.1369- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically. Start with `type: "chatgpt"` for the browser flow or `type: "chatgptDeviceCode"` for the device-code flow.

1237- **ChatGPT external tokens (`chatgptAuthTokens`)** - a host app supplies `idToken` and `accessToken` directly. Codex stores these tokens in memory, and the host app must refresh them when asked.1370- **ChatGPT external tokens (`chatgptAuthTokens`)** - experimental and intended for host apps that already own the user's ChatGPT auth lifecycle. The host app supplies an `accessToken`, `chatgptAccountId`, and optional `chatgptPlanType` directly, and must refresh the token when asked.

1238 1371 

1239### API overview1372### API overview

1240 1373 

1241- `account/read` - fetch current account info; optionally refresh tokens.1374- `account/read` - fetch current account info; optionally refresh tokens.

1242- `account/login/start` - begin login (`apiKey`, `chatgpt`, or `chatgptAuthTokens`).1375- `account/login/start` - begin login (`apiKey`, `chatgpt`, `chatgptDeviceCode`, or experimental `chatgptAuthTokens`).

1243- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).1376- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).

1244- `account/login/cancel` - cancel a pending ChatGPT login by `loginId`.1377- `account/login/cancel` - cancel a pending managed ChatGPT login by `loginId`.

1245- `account/logout` - sign out; triggers `account/updated`.1378- `account/logout` - sign out; triggers `account/updated`.

1246- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`).1379- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`) and includes `planType` when available.

1247- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.1380- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.

1248- `account/rateLimits/read` - fetch ChatGPT rate limits.1381- `account/rateLimits/read` - fetch ChatGPT rate limits.

1249- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.1382- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.

1383- `account/sendAddCreditsNudgeEmail` - ask ChatGPT to email a workspace owner about depleted credits or a reached usage limit.

1250- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.1384- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.

1385- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread; payload includes `{ name, status, error }`.

1251 1386 

1252### 1) Check auth state1387### 1) Check auth state

1253 1388 

1319 ```1454 ```

1320 1455 

1321 ```json1456 ```json

1322 { "method": "account/updated", "params": { "authMode": "apikey" } }1457 {

1458 "method": "account/updated",

1459 "params": { "authMode": "apikey", "planType": null }

1460 }

1323 ```1461 ```

1324 1462 

1325### 3) Log in with ChatGPT (browser flow)1463### 3) Log in with ChatGPT (browser flow)

1351 ```1489 ```

1352 1490 

1353 ```json1491 ```json

1354 { "method": "account/updated", "params": { "authMode": "chatgpt" } }1492 {

1493 "method": "account/updated",

1494 "params": { "authMode": "chatgpt", "planType": "plus" }

1495 }

1496 ```

1497 

1498### 3b) Log in with ChatGPT (device-code flow)

1499 

1500Use this flow when your client owns the sign-in ceremony or when a browser callback is brittle.

1501 

15021. Start:

1503 

1504 ```json

1505 {

1506 "method": "account/login/start",

1507 "id": 4,

1508 "params": { "type": "chatgptDeviceCode" }

1509 }

1510 ```

1511 

1512 ```json

1513 {

1514 "id": 4,

1515 "result": {

1516 "type": "chatgptDeviceCode",

1517 "loginId": "<uuid>",

1518 "verificationUrl": "https://auth.openai.com/codex/device",

1519 "userCode": "ABCD-1234"

1520 }

1521 }

1522 ```

15232. Show `verificationUrl` and `userCode` to the user; the frontend owns the UX.

15243. Wait for notifications:

1525 

1526 ```json

1527 {

1528 "method": "account/login/completed",

1529 "params": { "loginId": "<uuid>", "success": true, "error": null }

1530 }

1531 ```

1532 

1533 ```json

1534 {

1535 "method": "account/updated",

1536 "params": { "authMode": "chatgpt", "planType": "plus" }

1537 }

1355 ```1538 ```

1356 1539 

1357### 3b) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)1540### 3c) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)

1358 1541 

1359Use this mode when a host application owns the user’s ChatGPT auth lifecycle and supplies tokens directly.1542Use this experimental mode only when a host application owns the user's ChatGPT auth lifecycle and supplies tokens directly. Clients must set `capabilities.experimentalApi = true` during `initialize` before using this login type.

1360 1543 

13611. Send:15441. Send:

1362 1545 

1366 "id": 7,1549 "id": 7,

1367 "params": {1550 "params": {

1368 "type": "chatgptAuthTokens",1551 "type": "chatgptAuthTokens",

1369 "idToken": "<jwt>",1552 "accessToken": "<jwt>",

1370 "accessToken": "<jwt>"1553 "chatgptAccountId": "org-123",

1554 "chatgptPlanType": "business"

1371 }1555 }

1372 }1556 }

1373 ```1557 ```

1388 ```json1572 ```json

1389 {1573 {

1390 "method": "account/updated",1574 "method": "account/updated",

1391 "params": { "authMode": "chatgptAuthTokens" }1575 "params": { "authMode": "chatgptAuthTokens", "planType": "business" }

1392 }1576 }

1393 ```1577 ```

1394 1578 

1400 "id": 8,1584 "id": 8,

1401 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }1585 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }

1402}1586}

1403{ "id": 8, "result": { "idToken": "<jwt>", "accessToken": "<jwt>" } }1587{ "id": 8, "result": { "accessToken": "<jwt>", "chatgptAccountId": "org-123", "chatgptPlanType": "business" } }

1404```1588```

1405 1589 

1406The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.1590The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.

1417```json1601```json

1418{ "method": "account/logout", "id": 5 }1602{ "method": "account/logout", "id": 5 }

1419{ "id": 5, "result": {} }1603{ "id": 5, "result": {} }

1420{ "method": "account/updated", "params": { "authMode": null } }1604{ "method": "account/updated", "params": { "authMode": null, "planType": null } }

1421```1605```

1422 1606 

1423### 6) Rate limits (ChatGPT)1607### 6) Rate limits (ChatGPT)

1429 "limitId": "codex",1613 "limitId": "codex",

1430 "limitName": null,1614 "limitName": null,

1431 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1615 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },

1432 "secondary": null1616 "secondary": null,

1617 "rateLimitReachedType": null

1433 },1618 },

1434 "rateLimitsByLimitId": {1619 "rateLimitsByLimitId": {

1435 "codex": {1620 "codex": {

1436 "limitId": "codex",1621 "limitId": "codex",

1437 "limitName": null,1622 "limitName": null,

1438 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1623 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },

1439 "secondary": null1624 "secondary": null,

1625 "rateLimitReachedType": null

1440 },1626 },

1441 "codex_other": {1627 "codex_other": {

1442 "limitId": "codex_other",1628 "limitId": "codex_other",

1443 "limitName": "codex_other",1629 "limitName": "codex_other",

1444 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },1630 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },

1445 "secondary": null1631 "secondary": null,

1632 "rateLimitReachedType": null

1446 }1633 }

1447 }1634 }

1448} }1635} }

1463- `usedPercent` is current usage within the quota window.1650- `usedPercent` is current usage within the quota window.

1464- `windowDurationMins` is the quota window length.1651- `windowDurationMins` is the quota window length.

1465- `resetsAt` is a Unix timestamp (seconds) for the next reset.1652- `resetsAt` is a Unix timestamp (seconds) for the next reset.

1653- `planType` is included when the backend returns the ChatGPT plan associated with a bucket.

1654- `credits` is included when the backend returns remaining workspace credit details.

1655- `rateLimitReachedType` identifies the backend-classified limit state when one has been reached.

1656 

1657### 7) Notify a workspace owner about a limit

1658 

1659Use `account/sendAddCreditsNudgeEmail` to ask ChatGPT to email a workspace owner when credits are depleted or a usage limit has been reached.

1660 

1661```json

1662{ "method": "account/sendAddCreditsNudgeEmail", "id": 7, "params": { "creditType": "credits" } }

1663{ "id": 7, "result": { "status": "sent" } }

1664```

1665 

1666Use `creditType: "credits"` when workspace credits are depleted, or `creditType: "usage_limit"` when the workspace usage limit has been reached. If the owner was already notified recently, the response status is `cooldown_active`.

3The Codex app is a focused desktop experience for working on Codex threads in parallel,3The Codex app is a focused desktop experience for working on Codex threads in parallel,

4with built-in worktree support, automations, and Git functionality.4with built-in worktree support, automations, and Git functionality.

5 5 

6Most Codex app features are available on both macOS and Windows.

7Platform-specific exceptions are noted below.

8 

6---9---

7 10 

8## Multitask across projects11## Multitask across projects

247 250 

248You can ask in natural language or explicitly invoke the image generation skill by including `$imagegen` in your prompt.251You can ask in natural language or explicitly invoke the image generation skill by including `$imagegen` in your prompt.

249 252 

250Built-in image generation uses `gpt-image-1.5`, counts toward your general Codex usage limits, and uses included limits 3-5x faster on average than similar turns without image generation, depending on image quality and size. For details, see [Pricing](https://developers.openai.com/codex/pricing#image-generation-usage-limits). For prompting tips and model details, see the [image generation guide](https://developers.openai.com/api/docs/guides/image-generation).253Built-in image generation uses `gpt-image-2`, counts toward your general Codex usage limits, and uses included limits 3-5x faster on average than similar turns without image generation, depending on image quality and size. For details, see [Pricing](https://developers.openai.com/codex/pricing#image-generation-usage-limits). For prompting tips and model details, see the [image generation guide](https://developers.openai.com/api/docs/guides/image-generation).

251 254 

252For larger batches of image generation, set `OPENAI_API_KEY` in your environment variables and ask Codex to generate images through the API so API pricing applies instead.255For larger batches of image generation, set `OPENAI_API_KEY` in your environment variables and ask Codex to generate images through the API so API pricing applies instead.

253 256 

2 2 

3The [Codex app for Windows](https://get.microsoft.com/installer/download/9PLM9XGG6VKS?cid=website_cta_psi) gives you one interface for3The [Codex app for Windows](https://get.microsoft.com/installer/download/9PLM9XGG6VKS?cid=website_cta_psi) gives you one interface for

4working across projects, running parallel agent threads, and reviewing results.4working across projects, running parallel agent threads, and reviewing results.

5The Windows app supports core workflows such as worktrees, automations, Git

6functionality, the in-app browser, artifact previews, plugins, and skills.

5It runs natively on Windows using PowerShell and the7It runs natively on Windows using PowerShell and the

6[Windows sandbox](https://developers.openai.com/codex/windows#windows-sandbox), or you can configure it to8[Windows sandbox](https://developers.openai.com/codex/windows#windows-sandbox), or you can configure it to

7run in [Windows Subsystem for Linux 2 (WSL2)](#windows-subsystem-for-linux-wsl).9run in [Windows Subsystem for Linux 2 (WSL2)](#windows-subsystem-for-linux-wsl).

43 43 

44 npm i -g @openai/codex@latestCopy44 npm i -g @openai/codex@latestCopy

45 45 

46The Codex CLI is available on macOS and Linux. Windows support is46The Codex CLI is available on macOS, Windows, and Linux. On Windows, run Codex

47experimental. For the best Windows experience, use Codex in a WSL2 workspace47 natively in PowerShell with the Windows sandbox, or use WSL2 when you need a

48and follow our [Windows setup guide](https://developers.openai.com/codex/windows).48Linux-native environment. For setup details, see the

49[Windows setup guide](https://developers.openai.com/codex/windows).

49 50 

50If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).51If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

51 52 

22- Watch Codex explain its plan before making a change, and approve or reject steps inline.22- Watch Codex explain its plan before making a change, and approve or reject steps inline.

23- Read syntax-highlighted markdown code blocks and diffs in the TUI, then use `/theme` to preview and save a preferred theme.23- Read syntax-highlighted markdown code blocks and diffs in the TUI, then use `/theme` to preview and save a preferred theme.

24- Use `/clear` to wipe the terminal and start a fresh chat, or press <kbd>Ctrl</kbd>+<kbd>L</kbd> to clear the screen without starting a new conversation.24- Use `/clear` to wipe the terminal and start a fresh chat, or press <kbd>Ctrl</kbd>+<kbd>L</kbd> to clear the screen without starting a new conversation.

25- Use `/copy` to copy the latest completed Codex output. If a turn is still running, Codex copies the most recent finished output instead of in-progress text.25- Use `/copy` or press <kbd>Ctrl</kbd>+<kbd>O</kbd> to copy the latest completed Codex output. If a turn is still running, Codex copies the most recent finished output instead of in-progress text.

26- Press <kbd>Tab</kbd> while Codex is running to queue follow-up text, slash commands, or `!` shell commands for the next turn.

26- Navigate draft history in the composer with <kbd>Up</kbd>/<kbd>Down</kbd>; Codex restores prior draft text and image placeholders.27- Navigate draft history in the composer with <kbd>Up</kbd>/<kbd>Down</kbd>; Codex restores prior draft text and image placeholders.

28- Press <kbd>Ctrl</kbd>+<kbd>R</kbd> to search prompt history from the composer, then press <kbd>Enter</kbd> to accept a match or <kbd>Esc</kbd> to cancel.

27- Press <kbd>Ctrl</kbd>+<kbd>C</kbd> or use `/exit` to close the interactive session when you're done.29- Press <kbd>Ctrl</kbd>+<kbd>C</kbd> or use `/exit` to close the interactive session when you're done.

28 30 

29## Resuming conversations31## Resuming conversations

160 162 

161You can ask in natural language or explicitly invoke the image generation skill by including `$imagegen` in your prompt.163You can ask in natural language or explicitly invoke the image generation skill by including `$imagegen` in your prompt.

162 164 

163Built-in image generation uses `gpt-image-1.5`, counts toward your general Codex usage limits, and uses included limits 3-5x faster on average than similar turns without image generation, depending on image quality and size. For details, see [Pricing](https://developers.openai.com/codex/pricing#image-generation-usage-limits). For prompting tips and model details, see the [image generation guide](https://developers.openai.com/api/docs/guides/image-generation).165Built-in image generation uses `gpt-image-2`, counts toward your general Codex usage limits, and uses included limits 3-5x faster on average than similar turns without image generation, depending on image quality and size. For details, see [Pricing](https://developers.openai.com/codex/pricing#image-generation-usage-limits). For prompting tips and model details, see the [image generation guide](https://developers.openai.com/api/docs/guides/image-generation).

164 166 

165For larger batches of image generation, set `OPENAI_API_KEY` in your environment variables and ask Codex to generate images through the API so API pricing applies instead.167For larger batches of image generation, set `OPENAI_API_KEY` in your environment variables and ask Codex to generate images through the API so API pricing applies instead.

166 168 

271## Tips and shortcuts273## Tips and shortcuts

272 274 

273- Type `@` in the composer to open a fuzzy file search over the workspace root; press <kbd>Tab</kbd> or <kbd>Enter</kbd> to drop the highlighted path into your message.275- Type `@` in the composer to open a fuzzy file search over the workspace root; press <kbd>Tab</kbd> or <kbd>Enter</kbd> to drop the highlighted path into your message.

274- Press `Enter` while Codex is running to inject new instructions into the current turn, or press `Tab` to queue a follow-up prompt for the next turn.276- Press <kbd>Enter</kbd> while Codex is running to inject new instructions into the current turn, or press <kbd>Tab</kbd> to queue follow-up input for the next turn. Queued input can be a normal prompt, a slash command such as `/review`, or a `!` shell command. Codex parses queued slash commands when they run.

275- Prefix a line with `!` to run a local shell command (for example, `!ls`). Codex treats the output like a user-provided command result and still applies your approval and sandbox settings.277- Prefix a line with `!` to run a local shell command (for example, `!ls`). Codex treats the output like a user-provided command result and still applies your approval and sandbox settings.

276- Tap <kbd>Esc</kbd> twice while the composer is empty to edit your previous user message. Continue pressing <kbd>Esc</kbd> to walk further back in the transcript, then hit <kbd>Enter</kbd> to fork from that point.278- Tap <kbd>Esc</kbd> twice while the composer is empty to edit your previous user message. Continue pressing <kbd>Esc</kbd> to walk further back in the transcript, then hit <kbd>Enter</kbd> to fork from that point.

277- Launch Codex from any directory using `codex --cd <path>` to set the working root without running `cd` first. The active path appears in the TUI header.279- Launch Codex from any directory using `codex --cd <path>` to set the working root without running `cd` first. The active path appears in the TUI header.

262| Key | Maturity | Details |262| Key | Maturity | Details |

263| --- | --- | --- |263| --- | --- | --- |

264| [`codex`](https://developers.openai.com/codex/cli/reference#codex-interactive) | Stable | Launch the terminal UI. Accepts the global flags above plus an optional prompt or image attachments. |264| [`codex`](https://developers.openai.com/codex/cli/reference#codex-interactive) | Stable | Launch the terminal UI. Accepts the global flags above plus an optional prompt or image attachments. |

265| [`codex app`](https://developers.openai.com/codex/cli/reference#codex-app) | Stable | Launch the Codex desktop app on macOS, optionally opening a specific workspace path. |265| [`codex app`](https://developers.openai.com/codex/cli/reference#codex-app) | Stable | Launch the Codex desktop app on macOS or Windows. On macOS, Codex can open a workspace path; on Windows, Codex prints the path to open. |

266| [`codex app-server`](https://developers.openai.com/codex/cli/reference#codex-app-server) | Experimental | Launch the Codex app server for local development or debugging. |266| [`codex app-server`](https://developers.openai.com/codex/cli/reference#codex-app-server) | Experimental | Launch the Codex app server for local development or debugging. |

267| [`codex apply`](https://developers.openai.com/codex/cli/reference#codex-apply) | Stable | Apply the latest diff generated by a Codex Cloud task to your local working tree. Alias: `codex a`. |267| [`codex apply`](https://developers.openai.com/codex/cli/reference#codex-apply) | Stable | Apply the latest diff generated by a Codex Cloud task to your local working tree. Alias: `codex a`. |

268| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |268| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |

276| [`codex logout`](https://developers.openai.com/codex/cli/reference#codex-logout) | Stable | Remove stored authentication credentials. |276| [`codex logout`](https://developers.openai.com/codex/cli/reference#codex-logout) | Stable | Remove stored authentication credentials. |

277| [`codex mcp`](https://developers.openai.com/codex/cli/reference#codex-mcp) | Experimental | Manage Model Context Protocol servers (list, add, remove, authenticate). |277| [`codex mcp`](https://developers.openai.com/codex/cli/reference#codex-mcp) | Experimental | Manage Model Context Protocol servers (list, add, remove, authenticate). |

278| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |278| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |

279| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |

279| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |280| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |

280| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes. |281| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes. |

281 282 

301 302 

302Details303Details

303 304 

304Launch the Codex desktop app on macOS, optionally opening a specific workspace path.305Launch the Codex desktop app on macOS or Windows. On macOS, Codex can open a workspace path; on Windows, Codex prints the path to open.

305 306 

306Key307Key

307 308 

461 462 

462Key463Key

463 464 

465[`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace)

466 

467Maturity

468 

469Experimental

470 

471Details

472 

473Add, upgrade, or remove plugin marketplaces from Git or local sources.

474 

475Key

476 

464[`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume)477[`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume)

465 478 

466Maturity479Maturity

595 608 

596### `codex app`609### `codex app`

597 610 

598Launch Codex Desktop from the terminal on macOS and optionally open a specific workspace path.611Launch Codex Desktop from the terminal on macOS or Windows. On macOS, Codex can open a specific workspace path; on Windows, Codex prints the path to open.

599 612 

600| Key | Type / Values | Details |613| Key | Type / Values | Details |

601| --- | --- | --- |614| --- | --- | --- |

602| `--download-url` | `url` | Advanced override for the Codex desktop DMG download URL used during install. |615| `--download-url` | `url` | Advanced override for the Codex desktop installer URL used during install. |

603| `PATH` | `path` | Workspace path to open in Codex Desktop (`codex app` is available on macOS only). |616| `PATH` | `path` | Workspace path for Codex Desktop. On macOS, Codex opens this path; on Windows, Codex prints the path. |

604 617 

605Key618Key

606 619 

612 625 

613Details626Details

614 627 

615Advanced override for the Codex desktop DMG download URL used during install.628Advanced override for the Codex desktop installer URL used during install.

616 629 

617Key630Key

618 631 

624 637 

625Details638Details

626 639 

627Workspace path to open in Codex Desktop (`codex app` is available on macOS only).640Workspace path for Codex Desktop. On macOS, Codex opens this path; on Windows, Codex prints the path.

628 641 

629`codex app` installs/opens the desktop app on macOS, then opens the provided workspace path. This subcommand is macOS-only.642`codex app` opens an installed Codex Desktop app, or starts the installer when

643the app is missing. On macOS, Codex opens the provided workspace path; on

644Windows, it prints the path to open after installation.

630 645 

631### `codex debug app-server send-message-v2`646### `codex debug app-server send-message-v2`

632 647 

1381 1396 

1382OAuth actions (`login`, `logout`) only work with streamable HTTP servers (and only when the server supports OAuth).1397OAuth actions (`login`, `logout`) only work with streamable HTTP servers (and only when the server supports OAuth).

1383 1398 

1399### `codex plugin marketplace`

1400 

1401Manage plugin marketplace sources that Codex can browse and install from.

1402 

1403| Key | Type / Values | Details |

1404| --- | --- | --- |

1405| `add <source>` | `[--ref REF] [--sparse PATH]` | Install a plugin marketplace from GitHub shorthand, a Git URL, an SSH URL, or a local marketplace root directory. `--sparse` is supported only for Git sources and can be repeated. |

1406| `remove <marketplace-name>` | | Remove a configured plugin marketplace. |

1407| `upgrade [marketplace-name]` | | Refresh one configured Git marketplace, or all configured Git marketplaces when no name is provided. |

1408 

1409Key

1410 

1411`add <source>`

1412 

1413Type / Values

1414 

1415`[--ref REF] [--sparse PATH]`

1416 

1417Details

1418 

1419Install a plugin marketplace from GitHub shorthand, a Git URL, an SSH URL, or a local marketplace root directory. `--sparse` is supported only for Git sources and can be repeated.

1420 

1421Key

1422 

1423`remove <marketplace-name>`

1424 

1425Details

1426 

1427Remove a configured plugin marketplace.

1428 

1429Key

1430 

1431`upgrade [marketplace-name]`

1432 

1433Details

1434 

1435Refresh one configured Git marketplace, or all configured Git marketplaces when no name is provided.

1436 

1437`codex plugin marketplace add` accepts GitHub shorthand such as `owner/repo` or

1438`owner/repo@ref`, HTTP or HTTPS Git URLs, SSH Git URLs, and local marketplace

1439root directories. Use `--ref` to pin a Git ref, and repeat `--sparse PATH` to

1440use a sparse checkout for Git-backed marketplace repositories.

1441 

1384### `codex mcp-server`1442### `codex mcp-server`

1385 1443 

1386Run Codex as an MCP server over stdio so that other tools can connect. This command inherits global configuration overrides and exits when the downstream client closes the connection.1444Run Codex as an MCP server over stdio so that other tools can connect. This command inherits global configuration overrides and exits when the downstream client closes the connection.

16Codex ships with the following commands. Open the slash popup and start typing16Codex ships with the following commands. Open the slash popup and start typing

17the command name to filter the list.17the command name to filter the list.

18 18 

19When a task is already running, you can type a slash command and press `Tab` to

20queue it for the next turn. Codex parses queued slash commands when they run, so

21command menus and errors appear after the current turn finishes. Slash

22completion still works before you queue the command.

23 

19| Command | Purpose | When to use it |24| Command | Purpose | When to use it |

20| ------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |25| ------------------------------------------------------------------------------- | --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |

21| [`/permissions`](#update-permissions-with-permissions) | Set what Codex can do without asking first. | Relax or tighten approval requirements mid-session, such as switching between Auto and Read Only. |26| [`/permissions`](#update-permissions-with-permissions) | Set what Codex can do without asking first. | Relax or tighten approval requirements mid-session, such as switching between Auto and Read Only. |

25| [`/plugins`](#browse-plugins-with-plugins) | Browse installed and discoverable plugins. | Inspect plugin tools, install suggested plugins, or manage plugin availability. |30| [`/plugins`](#browse-plugins-with-plugins) | Browse installed and discoverable plugins. | Inspect plugin tools, install suggested plugins, or manage plugin availability. |

26| [`/clear`](#clear-the-terminal-and-start-a-new-chat-with-clear) | Clear the terminal and start a fresh chat. | Reset the visible UI and conversation together when you want a fresh start. |31| [`/clear`](#clear-the-terminal-and-start-a-new-chat-with-clear) | Clear the terminal and start a fresh chat. | Reset the visible UI and conversation together when you want a fresh start. |

27| [`/compact`](#keep-transcripts-lean-with-compact) | Summarize the visible conversation to free tokens. | Use after long runs so Codex retains key points without blowing the context window. |32| [`/compact`](#keep-transcripts-lean-with-compact) | Summarize the visible conversation to free tokens. | Use after long runs so Codex retains key points without blowing the context window. |

28| [`/copy`](#copy-the-latest-response-with-copy) | Copy the latest completed Codex output. | Grab the latest finished response or plan text without manually selecting it. |33| [`/copy`](#copy-the-latest-response-with-copy) | Copy the latest completed Codex output. | Grab the latest finished response or plan text without manually selecting it. You can also press `Ctrl+O`. |

29| [`/diff`](#review-changes-with-diff) | Show the Git diff, including files Git isn't tracking yet. | Review Codex's edits before you commit or run tests. |34| [`/diff`](#review-changes-with-diff) | Show the Git diff, including files Git isn't tracking yet. | Review Codex's edits before you commit or run tests. |

30| [`/exit`](#exit-the-cli-with-quit-or-exit) | Exit the CLI (same as `/quit`). | Alternative spelling; both commands exit the session. |35| [`/exit`](#exit-the-cli-with-quit-or-exit) | Exit the CLI (same as `/quit`). | Alternative spelling; both commands exit the session. |

31| [`/experimental`](#toggle-experimental-features-with-experimental) | Toggle experimental features. | Enable optional features such as subagents from the CLI. |36| [`/experimental`](#toggle-experimental-features-with-experimental) | Toggle experimental features. | Enable optional features such as subagents from the CLI. |

138the in-progress response. The command is unavailable before the first completed143the in-progress response. The command is unavailable before the first completed

139Codex output and immediately after a rollback.144Codex output and immediately after a rollback.

140 145 

146You can also press <kbd>Ctrl</kbd>+<kbd>O</kbd> from the main TUI to copy the

147latest completed response without opening the slash command menu.

148 

141### Grant sandbox read access with `/sandbox-add-read-dir`149### Grant sandbox read access with `/sandbox-add-read-dir`

142 150 

143This command is available only when running the CLI natively on Windows.151This command is available only when running the CLI natively on Windows.

295### Browse plugins with `/plugins`303### Browse plugins with `/plugins`

296 304 

2971. Type `/plugins`.3051. Type `/plugins`.

2982. Pick a plugin from the list to inspect its capabilities or available actions.3062. Choose a marketplace tab, then pick a plugin to inspect its capabilities or available actions.

299 307 

300Expected: Codex opens the plugin browser so you can review installed plugins and308Expected: Codex opens the plugin browser so you can review installed plugins,

301discoverable plugins that your configuration allows.309discoverable plugins that your configuration allows, and installed plugin state.

310Press <kbd>Space</kbd> on an installed plugin to toggle its enabled state.

302 311 

303### Switch agent threads with `/agent`312### Switch agent threads with `/agent`

304 313 

67 67 

68Codex surfaces a startup warning when `bwrap` is missing or when the helper68Codex surfaces a startup warning when `bwrap` is missing or when the helper

69can't create the needed user namespace. On distributions that restrict this69can't create the needed user namespace. On distributions that restrict this

70AppArmor setting, you can enable it with:70AppArmor setting, prefer loading the `bwrap` AppArmor profile so `bwrap` can

71keep working without disabling the restriction globally.

72 

73**Ubuntu AppArmor note:** On Ubuntu 25.04, installing `bubblewrap` from

74 Ubuntu's package repository should work without extra AppArmor setup. The

75 `bwrap-userns-restrict` profile ships in the `apparmor` package at

76 `/etc/apparmor.d/bwrap-userns-restrict`.

77 

78On Ubuntu 24.04, Codex may still warn that it can't create the needed user

79namespace after `bubblewrap` is installed. Copy and load the extra profile:

80 

81```bash

82sudo apt update

83sudo apt install apparmor-profiles apparmor-utils

84sudo install -m 0644 \

85 /usr/share/apparmor/extra-profiles/bwrap-userns-restrict \

86 /etc/apparmor.d/bwrap-userns-restrict

87sudo apparmor_parser -r /etc/apparmor.d/bwrap-userns-restrict

88```

89 

90`apparmor_parser -r` loads the profile into the kernel without a reboot. You

91can also reload all AppArmor profiles:

92 

93```bash

94sudo systemctl reload apparmor.service

95```

96 

97If that profile is unavailable or does not resolve the issue, you can disable

98the AppArmor unprivileged user namespace restriction with:

71 99 

72```bash100```bash

73sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0101sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0

131Managed network profiles use map tables such as159Managed network profiles use map tables such as

132`[permissions.<name>.network.domains]` and160`[permissions.<name>.network.domains]` and

133`[permissions.<name>.network.unix_sockets]` for domain and socket rules.161`[permissions.<name>.network.unix_sockets]` for domain and socket rules.

162Filesystem profiles can also deny reads for exact paths or glob patterns by

163setting matching entries to `"none"`; use this to keep files such as local

164secrets unreadable without turning off workspace writes.

134 165 

135When a workflow needs a specific exception, use [rules](https://developers.openai.com/codex/rules). Rules166When a workflow needs a specific exception, use [rules](https://developers.openai.com/codex/rules). Rules

136let you allow, prompt, or forbid command prefixes outside the sandbox, which is167let you allow, prompt, or forbid command prefixes outside the sandbox, which is

370 370 

371#### Metrics catalog371#### Metrics catalog

372 372 

373Each metric includes the required fields plus the default context fields above. Every metric is prefixed by `codex.`.373Each metric includes the required fields plus the default context fields above. Metric names below omit the `codex.` prefix.

374Most metric names are centralized in `codex-rs/otel/src/metrics/names.rs`; feature-specific metrics emitted outside that file are included here too.

374If a metric includes the `tool` field, it reflects the internal tool used (for example, `apply_patch` or `shell`) and doesn't contain the actual shell command or patch `codex` is trying to apply.375If a metric includes the `tool` field, it reflects the internal tool used (for example, `apply_patch` or `shell`) and doesn't contain the actual shell command or patch `codex` is trying to apply.

375 376 

377#### Runtime and model transport

378 

379| Metric | Type | Fields | Description |

380| --- | --- | --- | --- |

381| `api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |

382| `api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |

383| `sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |

384| `sse_event.duration_ms` | histogram | `kind`, `success` | SSE event processing duration in milliseconds. |

385| `websocket.request` | counter | `success` | WebSocket request count by success/failure. |

386| `websocket.request.duration_ms` | histogram | `success` | WebSocket request duration in milliseconds. |

387| `websocket.event` | counter | `kind`, `success` | WebSocket message/event count by type and success/failure. |

388| `websocket.event.duration_ms` | histogram | `kind`, `success` | WebSocket message/event processing duration in milliseconds. |

389| `responses_api_overhead.duration_ms` | histogram | | Responses API overhead timing from websocket responses. |

390| `responses_api_inference_time.duration_ms` | histogram | | Responses API inference timing from websocket responses. |

391| `responses_api_engine_iapi_ttft.duration_ms` | histogram | | Responses API engine IAPI time-to-first-token timing. |

392| `responses_api_engine_service_ttft.duration_ms` | histogram | | Responses API engine service time-to-first-token timing. |

393| `responses_api_engine_iapi_tbt.duration_ms` | histogram | | Responses API engine IAPI time-between-token timing. |

394| `responses_api_engine_service_tbt.duration_ms` | histogram | | Responses API engine service time-between-token timing. |

395| `transport.fallback_to_http` | counter | `from_wire_api` | WebSocket-to-HTTP fallback count. |

396| `remote_models.fetch_update.duration_ms` | histogram | | Time to fetch remote model definitions. |

397| `remote_models.load_cache.duration_ms` | histogram | | Time to load the remote model cache. |

398| `startup_prewarm.duration_ms` | histogram | `status` | Startup prewarm duration by outcome. |

399| `startup_prewarm.age_at_first_turn_ms` | histogram | `status` | Startup prewarm age when the first real turn resolves it. |

400| `cloud_requirements.fetch.duration_ms` | histogram | | Workspace-managed cloud requirements fetch duration. |

401| `cloud_requirements.fetch_attempt` | counter | See note | Workspace-managed cloud requirements fetch attempts. |

402| `cloud_requirements.fetch_final` | counter | See note | Final workspace-managed cloud requirements fetch outcome. |

403| `cloud_requirements.load` | counter | `trigger`, `outcome` | Workspace-managed cloud requirements load outcome. |

404 

405The `cloud_requirements.fetch_attempt` metric includes `trigger`, `attempt`, `outcome`, and `status_code` fields. The `cloud_requirements.fetch_final` metric includes `trigger`, `outcome`, `reason`, `attempt_count`, and `status_code` fields.

406 

407#### Turn and tool activity

408 

409| Metric | Type | Fields | Description |

410| --- | --- | --- | --- |

411| `turn.e2e_duration_ms` | histogram | | End-to-end time for a full turn. |

412| `turn.ttft.duration_ms` | histogram | | Time to first token for a turn. |

413| `turn.ttfm.duration_ms` | histogram | | Time to first model output item for a turn. |

414| `turn.network_proxy` | counter | `active`, `tmp_mem_enabled` | Whether the managed network proxy was active for the turn. |

415| `turn.memory` | counter | `read_allowed`, `feature_enabled`, `config_use_memories`, `has_citations` | Per-turn memory read availability and memory citation usage. |

416| `turn.tool.call` | histogram | `tmp_mem_enabled` | Number of tool calls in the turn. |

417| `turn.token_usage` | histogram | `token_type`, `tmp_mem_enabled` | Per-turn token usage by token type (`total`, `input`, `cached_input`, `output`, or `reasoning_output`). |

418| `tool.call` | counter | `tool`, `success` | Tool invocation count by tool name and success/failure. |

419| `tool.call.duration_ms` | histogram | `tool`, `success` | Tool execution duration in milliseconds by tool name and outcome. |

420| `tool.unified_exec` | counter | `tty` | Unified exec tool calls by TTY mode. |

421| `approval.requested` | counter | `tool`, `approved` | Tool approval request result (`approved`, `approved_with_amendment`, `approved_for_session`, `denied`, `abort`). |

422| `mcp.call` | counter | See note | MCP tool invocation result. |

423| `mcp.call.duration_ms` | histogram | See note | MCP tool invocation duration. |

424| `mcp.tools.list.duration_ms` | histogram | `cache` | MCP tool-list duration, including cache hit/miss state. |

425| `mcp.tools.fetch_uncached.duration_ms` | histogram | | Duration of uncached MCP tool fetches. |

426| `mcp.tools.cache_write.duration_ms` | histogram | | Duration of Codex Apps MCP tool-cache writes. |

427| `hooks.run` | counter | `hook_name`, `source`, `status` | Hook run count by hook name, source, and status. |

428| `hooks.run.duration_ms` | histogram | `hook_name`, `source`, `status` | Hook run duration in milliseconds. |

429 

430The `mcp.call` and `mcp.call.duration_ms` metrics include `status`; normal tool-call emissions also include `tool`, plus `connector_id` and `connector_name` when available. Blocked Codex Apps MCP calls may emit `mcp.call` with only `status`.

431 

432#### Threads, tasks, and features

433 

376| Metric | Type | Fields | Description |434| Metric | Type | Fields | Description |

377| --- | --- | --- | --- |435| --- | --- | --- | --- |

378| `feature.state` | counter | `feature`, `value` | Feature values that differ from defaults (emit one row per non-default). |436| `feature.state` | counter | `feature`, `value` | Feature values that differ from defaults (emit one row per non-default). |

379| `thread.started` | counter | `is_git` | New thread created. |437| `status_line` | counter | | Session started with a configured status line. |

380| `thread.fork` | counter | | New thread created by forking an existing thread. |438| `model_warning` | counter | | Warning sent to the model. |

439| `thread.started` | counter | `is_git` | New thread created, tagged by whether the working directory is in a Git repo. |

440| `conversation.turn.count` | counter | | User/assistant turns per thread, recorded at the end of the thread. |

441| `thread.fork` | counter | `source` | New thread created by forking an existing thread. |

381| `thread.rename` | counter | | Thread renamed. |442| `thread.rename` | counter | | Thread renamed. |

443| `thread.side` | counter | `source` | Side conversation created. |

444| `thread.skills.enabled_total` | histogram | | Number of skills enabled for a new thread. |

445| `thread.skills.kept_total` | histogram | | Number of enabled skills kept after prompt rendering. |

446| `thread.skills.truncated` | histogram | | Whether skill rendering truncated the enabled skills list (`1` or `0`). |

382| `task.compact` | counter | `type` | Number of compactions per type (`remote` or `local`), including manual and auto. |447| `task.compact` | counter | `type` | Number of compactions per type (`remote` or `local`), including manual and auto. |

383| `task.user_shell` | counter | | Number of user shell actions (`!` in the TUI for example). |

384| `task.review` | counter | | Number of reviews triggered. |448| `task.review` | counter | | Number of reviews triggered. |

385| `task.undo` | counter | | Number of undo actions triggered. |449| `task.undo` | counter | | Number of undo actions triggered. |

386| `approval.requested` | counter | `tool`, `approved` | Tool approval request result (`approved`, `approved_with_amendment`, `approved_for_session`, `denied`, `abort`). |450| `task.user_shell` | counter | | Number of user shell actions (`!` in the TUI for example). |

387| `conversation.turn.count` | counter | | User/assistant turns per thread, recorded at the end of the thread. |451| `shell_snapshot` | counter | See note | Whether taking a shell snapshot succeeded. |

388| `turn.e2e_duration_ms` | histogram | | End-to-end time for a full turn. |

389| `mcp.call` | counter | `status` | MCP tool invocation result (`ok` or error string). |

390| `model_warning` | counter | | Warning sent to the model. |

391| `tool.call` | counter | `tool`, `success` | Tool invocation result (`success`: `true` or `false`). |

392| `tool.call.duration_ms` | histogram | `tool`, `success` | Tool execution time. |

393| `remote_models.fetch_update.duration_ms` | histogram | | Time to fetch remote model definitions. |

394| `remote_models.load_cache.duration_ms` | histogram | | Time to load the remote model cache. |

395| `shell_snapshot` | counter | `success` | Whether taking a shell snapshot succeeded. |

396| `shell_snapshot.duration_ms` | histogram | `success` | Time to take a shell snapshot. |452| `shell_snapshot.duration_ms` | histogram | `success` | Time to take a shell snapshot. |

397| `db.init` | counter | `status` | State DB initialization outcomes (`opened`, `created`, `open_error`, `init_error`). |453| `skill.injected` | counter | `status`, `skill` | Skill injection outcomes by skill. |

454| `plugins.startup_sync` | counter | `transport`, `status` | Curated plugin startup sync attempts. |

455| `plugins.startup_sync.final` | counter | `transport`, `status` | Final curated plugin startup sync outcome. |

456| `multi_agent.spawn` | counter | `role` | Agent spawns by role. |

457| `multi_agent.resume` | counter | | Agent resumes. |

458| `multi_agent.nickname_pool_reset` | counter | | Agent nickname pool resets. |

459 

460The `shell_snapshot` metric includes `success` and, on failures, `failure_reason`.

461 

462#### Memory and local state

463 

464| Metric | Type | Fields | Description |

465| --- | --- | --- | --- |

466| `memory.phase1` | counter | `status` | Memory phase 1 job counts by status. |

467| `memory.phase1.e2e_ms` | histogram | | End-to-end duration for memory phase 1. |

468| `memory.phase1.output` | counter | | Memory phase 1 outputs written. |

469| `memory.phase1.token_usage` | histogram | `token_type` | Memory phase 1 token usage by token type. |

470| `memory.phase2` | counter | `status` | Memory phase 2 job counts by status. |

471| `memory.phase2.e2e_ms` | histogram | | End-to-end duration for memory phase 2. |

472| `memory.phase2.input` | counter | | Memory phase 2 input count. |

473| `memory.phase2.token_usage` | histogram | `token_type` | Memory phase 2 token usage by token type. |

474| `memories.usage` | counter | `kind`, `tool`, `success` | Memory usage by kind, tool, and success/failure. |

475| `external_agent_config.detect` | counter | See note | External agent config detections by migration item type. |

476| `external_agent_config.import` | counter | See note | External agent config imports by migration item type. |

398| `db.backfill` | counter | `status` | Initial state DB backfill results (`upserted`, `failed`). |477| `db.backfill` | counter | `status` | Initial state DB backfill results (`upserted`, `failed`). |

399| `db.backfill.duration_ms` | histogram | `status` | Duration of the initial state DB backfill, tagged with `success`, `failed`, or `partial_failure`. |478| `db.backfill.duration_ms` | histogram | `status` | Duration of the initial state DB backfill. |

400| `db.error` | counter | `stage` | Errors during state DB operations (for example, `extract_metadata_from_rollout`, `backfill_sessions`, `apply_rollout_items`). |479| `db.error` | counter | `stage` | Errors during state DB operations. |

401| `db.compare_error` | counter | `stage`, `reason` | State DB discrepancies detected during reconciliation. |480 

481The `external_agent_config.detect` and `external_agent_config.import` metrics include `migration_type`; skills migrations also include `skills_count`.

482 

483#### Windows sandbox

484 

485| Metric | Type | Fields | Description |

486| --- | --- | --- | --- |

487| `windows_sandbox.setup_success` | counter | `originator`, `mode` | Windows sandbox setup successes. |

488| `windows_sandbox.setup_failure` | counter | `originator`, `mode` | Windows sandbox setup failures. |

489| `windows_sandbox.setup_duration_ms` | histogram | `result`, `originator`, `mode` | Windows sandbox setup duration. |

490| `windows_sandbox.elevated_setup_success` | counter | | Elevated Windows sandbox setup successes. |

491| `windows_sandbox.elevated_setup_failure` | counter | See note | Elevated Windows sandbox setup failures. |

492| `windows_sandbox.elevated_setup_canceled` | counter | See note | Canceled elevated Windows sandbox setup attempts. |

493| `windows_sandbox.elevated_setup_duration_ms` | histogram | `result` | Elevated Windows sandbox setup duration. |

494| `windows_sandbox.elevated_prompt_shown` | counter | | Elevated sandbox setup prompt shown. |

495| `windows_sandbox.elevated_prompt_accept` | counter | | Elevated sandbox setup prompt accepted. |

496| `windows_sandbox.elevated_prompt_use_legacy` | counter | | User chose legacy sandbox from the elevated prompt. |

497| `windows_sandbox.elevated_prompt_quit` | counter | | User quit from the elevated prompt. |

498| `windows_sandbox.fallback_prompt_shown` | counter | | Fallback sandbox prompt shown. |

499| `windows_sandbox.fallback_retry_elevated` | counter | | User retried elevated setup from the fallback prompt. |

500| `windows_sandbox.fallback_use_legacy` | counter | | User chose legacy sandbox from the fallback prompt. |

501| `windows_sandbox.fallback_prompt_quit` | counter | | User quit from the fallback prompt. |

502| `windows_sandbox.legacy_setup_preflight_failed` | counter | See note | Legacy Windows sandbox setup preflight failure. |

503| `windows_sandbox.setup_elevated_sandbox_command` | counter | | Elevated sandbox setup command invoked. |

504| `windows_sandbox.createprocessasuserw_failed` | counter | `error_code`, `path_kind`, `exe`, `level` | Windows `CreateProcessAsUserW` failures. |

505 

506The elevated setup failure metrics include `code` and `message` when Windows setup failure details are available, and may include `originator` when emitted from the shared setup path. The `windows_sandbox.legacy_setup_preflight_failed` metric includes `originator` when emitted from the shared setup path, but fallback-prompt preflight failures may not include any fields.

402 507 

403### Feedback controls508### Feedback controls

404 509 

476- `notify` runs an external program (good for webhooks, desktop notifiers, CI hooks).581- `notify` runs an external program (good for webhooks, desktop notifiers, CI hooks).

477- `tui.notifications` is built in to the TUI and can optionally filter by event type (for example, `agent-turn-complete` and `approval-requested`).582- `tui.notifications` is built in to the TUI and can optionally filter by event type (for example, `agent-turn-complete` and `approval-requested`).

478- `tui.notification_method` controls how the TUI emits terminal notifications (`auto`, `osc9`, or `bel`).583- `tui.notification_method` controls how the TUI emits terminal notifications (`auto`, `osc9`, or `bel`).

584- `tui.notification_condition` controls whether TUI notifications fire only when

585 the terminal is `unfocused` or `always`.

479 586 

480In `auto` mode, Codex prefers OSC 9 notifications (a terminal escape sequence some terminals interpret as a desktop notification) and falls back to BEL (`\x07`) otherwise.587In `auto` mode, Codex prefers OSC 9 notifications (a terminal escape sequence some terminals interpret as a desktop notification) and falls back to BEL (`\x07`) otherwise.

481 588 

522 629 

523- `tui.notifications`: enable/disable notifications (or restrict to specific types)630- `tui.notifications`: enable/disable notifications (or restrict to specific types)

524- `tui.notification_method`: choose `auto`, `osc9`, or `bel` for terminal notifications631- `tui.notification_method`: choose `auto`, `osc9`, or `bel` for terminal notifications

632- `tui.notification_condition`: choose `unfocused` or `always` for when

633 notifications fire

525- `tui.animations`: enable/disable ASCII animations and shimmer effects634- `tui.animations`: enable/disable ASCII animations and shimmer effects

526- `tui.alternate_screen`: control alternate screen usage (set to `never` to keep terminal scrollback)635- `tui.alternate_screen`: control alternate screen usage (set to `never` to keep terminal scrollback)

527- `tui.show_tooltips`: show or hide onboarding tooltips on the welcome screen636- `tui.show_tooltips`: show or hide onboarding tooltips on the welcome screen

84| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |84| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

85| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |85| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

86| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |86| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

87| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |87| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

88| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

88| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |89| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

89| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |90| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

90| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |91| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

94| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |95| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

95| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |96| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

96| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |97| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

98| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

97| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |99| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

98| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |100| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

99| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |101| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

101| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |103| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

102| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |104| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

103| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |105| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

104| `memories.no_memories_if_mcp_or_web_search` | `boolean` | When `true`, threads that use MCP tool calls or web search are kept out of memory generation. Defaults to `false`. |

105| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |106| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

106| `model` | `string` | Model to use (e.g., `gpt-5.4`). |107| `model` | `string` | Model to use (e.g., `gpt-5.4`). |

107| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |108| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

161| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |162| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

162| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |163| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

163| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |164| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

164| `permissions.<name>.filesystem.":project_roots".<subpath>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself. |165| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

165| `permissions.<name>.filesystem.<path>` | `"read" | "write" | "none" | table` | Grant direct access for a path or special token, or scope nested entries under that root. |166| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

167| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

166| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |168| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

167| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |169| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

168| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |170| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

221| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |223| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

222| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |224| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

223| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |225| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

224| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |226| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

227| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

225| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |228| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

226| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |229| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

227| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |230| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

1126 1129 

1127Type / Values1130Type / Values

1128 1131 

1129`array<string>`1132`array<string | { name = string, source = "local" | "remote" }>`

1130 1133 

1131Details1134Details

1132 1135 

1133Additional environment variables to whitelist for an MCP stdio server.1136Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1137 

1138Key

1139 

1140`mcp_servers.<id>.experimental_environment`

1141 

1142Type / Values

1143 

1144`local | remote`

1145 

1146Details

1147 

1148Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1134 1149 

1135Key1150Key

1136 1151 

1242 1257 

1243Key1258Key

1244 1259 

1260`memories.disable_on_external_context`

1261 

1262Type / Values

1263 

1264`boolean`

1265 

1266Details

1267 

1268When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1269 

1270Key

1271 

1245`memories.extract_model`1272`memories.extract_model`

1246 1273 

1247Type / Values1274Type / Values

1326 1353 

1327Key1354Key

1328 1355 

1329`memories.no_memories_if_mcp_or_web_search`

1330 

1331Type / Values

1332 

1333`boolean`

1334 

1335Details

1336 

1337When `true`, threads that use MCP tool calls or web search are kept out of memory generation. Defaults to `false`.

1338 

1339Key

1340 

1341`memories.use_memories`1356`memories.use_memories`

1342 1357 

1343Type / Values1358Type / Values

2046 2061 

2047Key2062Key

2048 2063 

2049`permissions.<name>.filesystem.":project_roots".<subpath>`2064`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

2050 2065 

2051Type / Values2066Type / Values

2052 2067 

2054 2069 

2055Details2070Details

2056 2071 

2057Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself.2072Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

2058 2073 

2059Key2074Key

2060 2075 

2061`permissions.<name>.filesystem.<path>`2076`permissions.<name>.filesystem.<path-or-glob>`

2062 2077 

2063Type / Values2078Type / Values

2064 2079 

2066 2081 

2067Details2082Details

2068 2083 

2069Grant direct access for a path or special token, or scope nested entries under that root.2084Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

2085 

2086Key

2087 

2088`permissions.<name>.filesystem.glob_scan_max_depth`

2089 

2090Type / Values

2091 

2092`number`

2093 

2094Details

2095 

2096Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2070 2097 

2071Key2098Key

2072 2099 

2766 2793 

2767Key2794Key

2768 2795 

2796`tui.notification_condition`

2797 

2798Type / Values

2799 

2800`unfocused | always`

2801 

2802Details

2803 

2804Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2805 

2806Key

2807 

2769`tui.notification_method`2808`tui.notification_method`

2770 2809 

2771Type / Values2810Type / Values

2774 2813 

2775Details2814Details

2776 2815 

2777Notification method for unfocused terminal notifications (default: auto).2816Notification method for terminal notifications (default: auto).

2778 2817 

2779Key2818Key

2780 2819 

2918| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2957| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2919| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2958| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2920| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |2959| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2960| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

2921| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |2961| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2922| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |2962| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2923| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |2963| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

3048 3088 

3049Key3089Key

3050 3090 

3091`permissions.filesystem.deny_read`

3092 

3093Type / Values

3094 

3095`array<string>`

3096 

3097Details

3098 

3099Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3100 

3101Key

3102 

3051`rules`3103`rules`

3052 3104 

3053Type / Values3105Type / Values

133# Named permissions profile to apply by default. Required before using [permissions.<name>].133# Named permissions profile to apply by default. Required before using [permissions.<name>].

134# default_permissions = "workspace"134# default_permissions = "workspace"

135 135 

136# Example filesystem profile. Use `"none"` to deny reads for exact paths or

137# glob patterns. On platforms that need pre-expanded glob matches, set

138# glob_scan_max_depth when using unbounded patterns such as `**`.

139# [permissions.workspace.filesystem]

140# glob_scan_max_depth = 3

141# ":project_roots" = { "." = "write", "**/*.env" = "none" }

142# "/absolute/path/to/secrets" = "none"

143 

136################################################################################144################################################################################

137# Authentication & Login145# Authentication & Login

138################################################################################146################################################################################

323# Notification mechanism for terminal alerts: auto | osc9 | bel. Default: "auto"331# Notification mechanism for terminal alerts: auto | osc9 | bel. Default: "auto"

324# notification_method = "auto"332# notification_method = "auto"

325 333 

334# When notifications fire: unfocused (default) | always

335# notification_condition = "unfocused"

336 

326# Enables welcome/status/spinner animations. Default: true337# Enables welcome/status/spinner animations. Default: true

327animations = true338animations = true

328 339 

387# skill_mcp_dependency_install = true398# skill_mcp_dependency_install = true

388# prevent_idle_sleep = false399# prevent_idle_sleep = false

389 400 

401################################################################################

402# Memories (table)

403################################################################################

404 

405# Enable memories with [features].memories, then tune memory behavior here.

406# [memories]

407# generate_memories = true

408# use_memories = true

409# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search

410 

390################################################################################411################################################################################

391# Define MCP servers under this table. Leave empty to disable.412# Define MCP servers under this table. Leave empty to disable.

392################################################################################413################################################################################

400# command = "docs-server" # required421# command = "docs-server" # required

401# args = ["--port", "4000"] # optional422# args = ["--port", "4000"] # optional

402# env = { "API_KEY" = "value" } # optional key/value pairs copied as-is423# env = { "API_KEY" = "value" } # optional key/value pairs copied as-is

403# env_vars = ["ANOTHER_SECRET"] # optional: forward these from the parent env424# env_vars = ["ANOTHER_SECRET"] # optional: forward local parent env vars

425# env_vars = ["LOCAL_TOKEN", { name = "REMOTE_TOKEN", source = "remote" }]

404# cwd = "/path/to/server" # optional working directory override426# cwd = "/path/to/server" # optional working directory override

427# experimental_environment = "remote" # experimental: run stdio via a remote executor

405# startup_timeout_sec = 10.0 # optional; default 10.0 seconds428# startup_timeout_sec = 10.0 # optional; default 10.0 seconds

406# # startup_timeout_ms = 10000 # optional alias for startup timeout (milliseconds)429# # startup_timeout_ms = 10000 # optional alias for startup timeout (milliseconds)

407# tool_timeout_sec = 60.0 # optional; default 60.0 seconds430# tool_timeout_sec = 60.0 # optional; default 60.0 seconds

19 19 

201. Cloud-managed requirements (ChatGPT Business or Enterprise)201. Cloud-managed requirements (ChatGPT Business or Enterprise)

212. macOS managed preferences (MDM) via `com.openai.codex:requirements_toml_base64`212. macOS managed preferences (MDM) via `com.openai.codex:requirements_toml_base64`

223. System `requirements.toml` (`/etc/codex/requirements.toml` on Unix systems, including Linux/macOS)223. System `requirements.toml` (`/etc/codex/requirements.toml` on Unix systems, including Linux/macOS, or `%ProgramData%\OpenAI\Codex\requirements.toml` on Windows)

23 23 

24Across layers, Codex merges requirements per field: if an earlier layer sets a field (including an empty list), later layers don't override that field, but lower layers can still fill fields that remain unset.24Across layers, Codex merges requirements per field: if an earlier layer sets a field (including an empty list), later layers don't override that field, but lower layers can still fill fields that remain unset.

25 25 

91 91 

92Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.92Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.

93 93 

94### Enforce deny-read requirements

95 

96Admins can deny reads for exact paths or glob patterns with

97`[permissions.filesystem]`. Users can't weaken these requirements with local

98configuration.

99 

100```toml

101[permissions.filesystem]

102deny_read = [

103 "/Users/alice/.ssh",

104 "./private/**/*.txt",

105]

106```

107 

108When deny-read requirements are present, Codex constrains local sandbox mode to

109`read-only` or `workspace-write` so the requirement can be enforced. On native

110Windows, managed `deny_read` applies to direct file tools; shell subprocess

111reads don’t use this sandbox requirement.

112 

94### Enforce command rules from requirements113### Enforce command rules from requirements

95 114 

96Admins can also enforce restrictive command rules from `requirements.toml`115Admins can also enforce restrictive command rules from `requirements.toml`

9- Send the conversation to a custom logging/analytics engine9- Send the conversation to a custom logging/analytics engine

10- Scan your team's prompts to block accidentally pasting API keys10- Scan your team's prompts to block accidentally pasting API keys

11- Summarize conversations to create persistent memories automatically11- Summarize conversations to create persistent memories automatically

12- Run a custom validator when a conversation turn stops, enforcing standards12- Run a custom validation check when a conversation turn stops, enforcing standards

13- Customize prompting when in a certain directory13- Customize prompting when in a certain directory

14 14 

15Hooks are behind a feature flag in `config.toml`:15Hooks are behind a feature flag in `config.toml`:

23 23 

24- Matching hooks from multiple files all run.24- Matching hooks from multiple files all run.

25- Multiple matching command hooks for the same event are launched concurrently,25- Multiple matching command hooks for the same event are launched concurrently,

26 so one hook cannot prevent another matching hook from starting.26 so one hook can’t prevent another matching hook from starting.

27- `PreToolUse`, `PostToolUse`, `UserPromptSubmit`, and `Stop` run at turn27- `PreToolUse`, `PermissionRequest`, `PostToolUse`, `UserPromptSubmit`, and

28 scope.28 `Stop` run at turn scope.

29- Hooks are currently disabled on Windows.29- Hooks are currently disabled on Windows.

30 30 

31## Where Codex looks for hooks31## Where Codex looks for hooks

38- `<repo>/.codex/hooks.json`38- `<repo>/.codex/hooks.json`

39 39 

40If more than one `hooks.json` file exists, Codex loads all matching hooks.40If more than one `hooks.json` file exists, Codex loads all matching hooks.

41Higher-precedence config layers do not replace lower-precedence hooks.41Higher-precedence config layers don’t replace lower-precedence hooks.

42 42 

43## Config shape43## Config shape

44 44 

75 ]75 ]

76 }76 }

77 ],77 ],

78 "PermissionRequest": [

79 {

80 "matcher": "Bash",

81 "hooks": [

82 {

83 "type": "command",

84 "command": "/usr/bin/python3 \"$(git rev-parse --show-toplevel)/.codex/hooks/permission_request.py\"",

85 "statusMessage": "Checking approval request"

86 }

87 ]

88 }

89 ],

78 "PostToolUse": [90 "PostToolUse": [

79 {91 {

80 "matcher": "Bash",92 "matcher": "Bash",

133 145 

134| Event | What `matcher` filters | Notes |146| Event | What `matcher` filters | Notes |

135| --- | --- | --- |147| --- | --- | --- |

148| `PermissionRequest` | tool name | Current Codex runtime only emits `Bash`. |

136| `PostToolUse` | tool name | Current Codex runtime only emits `Bash`. |149| `PostToolUse` | tool name | Current Codex runtime only emits `Bash`. |

137| `PreToolUse` | tool name | Current Codex runtime only emits `Bash`. |150| `PreToolUse` | tool name | Current Codex runtime only emits `Bash`. |

138| `SessionStart` | start source | Current runtime values are `startup` and `resume`. |151| `SessionStart` | start source | Current runtime values are `startup` and `resume`. |

146- `Edit|Write`159- `Edit|Write`

147 160 

148That last example is still a valid regex, but current Codex `PreToolUse` and161That last example is still a valid regex, but current Codex `PreToolUse` and

149`PostToolUse` events only emit `Bash`, so it will not match anything today.162`PostToolUse` events only emit `Bash`, so it won’t match anything today.

150 163 

151## Common input fields164## Common input fields

152 165 

189 202 

190Exit `0` with no output is treated as success and Codex continues.203Exit `0` with no output is treated as success and Codex continues.

191 204 

192`PreToolUse` supports `systemMessage`, but `continue`, `stopReason`, and205`PreToolUse` and `PermissionRequest` support `systemMessage`, but `continue`,

193`suppressOutput` are not currently supported for that event.206`stopReason`, and `suppressOutput` aren't currently supported for those events.

194 207 

195`PostToolUse` supports `systemMessage`, `continue: false`, and `stopReason`.208`PostToolUse` supports `systemMessage`, `continue: false`, and `stopReason`.

196`suppressOutput` is parsed but not currently supported for that event.209`suppressOutput` is parsed but not currently supported for that event.

278`updatedInput`, `additionalContext`, `continue: false`, `stopReason`, and291`updatedInput`, `additionalContext`, `continue: false`, `stopReason`, and

279`suppressOutput` are parsed but not supported yet, so they fail open.292`suppressOutput` are parsed but not supported yet, so they fail open.

280 293 

294### PermissionRequest

295 

296Work in progress

297 

298`PermissionRequest` runs when Codex is about to ask for approval, such as a

299shell escalation or managed-network approval. It can allow the request, deny

300the request, or decline to decide and let the normal approval prompt continue.

301It doesn't run for commands that don't need approval.

302 

303`matcher` is applied to `tool_name`, which currently always equals `Bash`.

304 

305Fields in addition to [Common input fields](#common-input-fields):

306 

307| Field | Type | Meaning |

308| --- | --- | --- |

309| `turn_id` | `string` | Codex-specific extension. Active Codex turn id |

310| `tool_name` | `string` | Currently always `Bash` |

311| `tool_input.command` | `string` | Shell command associated with the approval request |

312| `tool_input.description` | `string | null` | Human-readable approval reason, when Codex has one |

313 

314Plain text on `stdout` is ignored.

315 

316To approve the request, return:

317 

318```json

319{

320 "hookSpecificOutput": {

321 "hookEventName": "PermissionRequest",

322 "decision": {

323 "behavior": "allow"

324 }

325 }

326}

327```

328 

329To deny the request, return:

330 

331```json

332{

333 "hookSpecificOutput": {

334 "hookEventName": "PermissionRequest",

335 "decision": {

336 "behavior": "deny",

337 "message": "Blocked by repository policy."

338 }

339 }

340}

341```

342 

343If multiple matching hooks return decisions, any `deny` wins. Otherwise, an

344`allow` lets the request proceed without surfacing the approval prompt. If no

345matching hook decides, Codex uses the normal approval flow.

346 

347Don't return `updatedInput`, `updatedPermissions`, or `interrupt` for

348`PermissionRequest`; those fields are reserved for future behavior and fail

349closed today.

350 

281### PostToolUse351### PostToolUse

282 352 

283Work in progress353Work in progress

284 354 

285Currently `PostToolUse` only supports Bash tool results. It is not limited to355Currently `PostToolUse` only supports Bash tool results. It’s not limited to

286commands that exit successfully: non-interactive `exec_command` calls can still356commands that exit successfully: non-interactive `exec_command` calls can still

287trigger `PostToolUse` when Codex emits a Bash post-tool payload. It cannot undo357trigger `PostToolUse` when Codex emits a Bash post-tool payload. It can’t undo

288side effects from the command that already ran.358side effects from the command that already ran.

289 359 

290This doesn't intercept all shell calls yet, only the simple ones. The newer360This doesn't intercept all shell calls yet, only the simple ones. The newer

321 391 

322That `additionalContext` text is added as extra developer context.392That `additionalContext` text is added as extra developer context.

323 393 

324For this event, `decision: "block"` does not undo the completed Bash command.394For this event, `decision: "block"` doesn't undo the completed Bash command.

325Instead, Codex records the feedback, replaces the tool result with that395Instead, Codex records the feedback, replaces the tool result with that

326feedback, and continues the model from the hook-provided message.396feedback, and continues the model from the hook-provided message.

327 397 

336 406 

337### UserPromptSubmit407### UserPromptSubmit

338 408 

339`matcher` is not currently used for this event.409`matcher` isn't currently used for this event.

340 410 

341Fields in addition to [Common input fields](#common-input-fields):411Fields in addition to [Common input fields](#common-input-fields):

342 412 

343| Field | Type | Meaning |413| Field | Type | Meaning |

344| --- | --- | --- |414| --- | --- | --- |

345| `turn_id` | `string` | Codex-specific extension. Active Codex turn id |415| `turn_id` | `string` | Codex-specific extension. Active Codex turn id |

346| `prompt` | `string` | User prompt that is about to be sent |416| `prompt` | `string` | User prompt that's about to be sent |