12Supported transports:12Supported transports:
13 13
14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).14- `stdio` (`--listen stdio://`, default): newline-delimited JSON (JSONL).
15- `websocket` (`--listen ws://IP:PORT`, experimental): one JSON-RPC message per WebSocket text frame.15- `websocket` (`--listen ws://IP:PORT`, experimental and unsupported): one JSON-RPC message per WebSocket text frame.
16- `off` (`--listen off`): don't expose a local transport.
17
18When you run with `--listen ws://IP:PORT`, the same listener also serves basic HTTP health probes:
19
20- `GET /readyz` returns `200 OK` once the listener accepts new connections.
21- `GET /healthz` returns `200 OK` when the request doesn't include an `Origin` header.
22- Requests with an `Origin` header are rejected with `403 Forbidden`.
23
24WebSocket transport is experimental and unsupported. Loopback listeners such as `ws://127.0.0.1:PORT` are appropriate for localhost and SSH port-forwarding workflows. Non-loopback WebSocket listeners currently allow unauthenticated connections by default during rollout, so configure WebSocket auth before exposing one remotely.
25
26Supported WebSocket auth flags:
27
28- `--ws-auth capability-token --ws-token-file /absolute/path`
29- `--ws-auth capability-token --ws-token-sha256 HEX`
30- `--ws-auth signed-bearer-token --ws-shared-secret-file /absolute/path`
31
32For signed bearer tokens, you can also set `--ws-issuer`, `--ws-audience`, and `--ws-max-clock-skew-seconds`. Clients present the credential as `Authorization: Bearer <token>` during the WebSocket handshake, and app-server enforces auth before JSON-RPC `initialize`.
33
34Prefer `--ws-token-file` over passing raw bearer tokens on the command line. Use `--ws-token-sha256` only when the client keeps the raw high-entropy token in a separate local secret store; the hash is only a verifier, and clients still need the original token.
16 35
17In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.36In WebSocket mode, app-server uses bounded queues. When request ingress is full, the server rejects new requests with JSON-RPC error code `-32001` and message `"Server overloaded; retry later."` Clients should retry with an exponentially increasing delay and jitter.
18 37
199- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.218- `thread/resume` - reopen an existing thread by id so later `turn/start` calls append to it.
200- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.219- `thread/fork` - fork a thread into a new thread id by copying stored history; emits `thread/started` for the new thread.
201- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.220- `thread/read` - read a stored thread by id without resuming it; set `includeTurns` to return full turn history. Returned `thread` objects include runtime `status`.
202- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filters. Returned `thread` objects include runtime `status`.221- `thread/list` - page through stored thread logs; supports cursor-based pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filters. Returned `thread` objects include runtime `status`.
222- `thread/turns/list` - page through a stored thread's turn history without resuming it.
203- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.
204- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.
225- `thread/goal/set` - set the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/updated`.
226- `thread/goal/get` - read the current goal for a loaded thread (experimental; requires `capabilities.experimentalApi`).
227- `thread/goal/clear` - clear the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/cleared`.
228- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.
205- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.229- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.
206- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread and emits `thread/closed`.230- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.
207- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.231- `thread/unarchive` - restore an archived thread rollout back into the active sessions directory; returns the restored `thread` and emits `thread/unarchived`.
208- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.232- `thread/status/changed` - notification emitted when a loaded thread's runtime `status` changes.
209- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.233- `thread/compact/start` - trigger conversation history compaction for a thread; returns `{}` immediately while progress streams via `turn/*` and `item/*` notifications.
211- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).235- `thread/backgroundTerminals/clean` - stop all running background terminals for a thread (experimental; requires `capabilities.experimentalApi`).
212- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.236- `thread/rollback` - drop the last N turns from the in-memory context and persist a rollback marker; returns the updated `thread`.
213- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."237- `turn/start` - add user input to a thread and begin Codex generation; responds with the initial `turn` and streams events. For `collaborationMode`, `settings.developer_instructions: null` means "use built-in instructions for the selected mode."
238- `thread/inject_items` - append raw Responses API items to a loaded thread's model-visible history without starting a user turn.
214- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.239- `turn/steer` - append user input to the active in-flight turn for a thread; returns the accepted `turnId`.
215- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.240- `turn/interrupt` - request cancellation of an in-flight turn; success is `{}` and the turn ends with `status: "interrupted"`.
216- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.241- `review/start` - kick off the Codex reviewer for a thread; emits `enteredReviewMode` and `exitedReviewMode` items.
218- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.243- `command/exec/write` - write `stdin` bytes to a running `command/exec` session or close `stdin`.
219- `command/exec/resize` - resize a running PTY-backed `command/exec` session.244- `command/exec/resize` - resize a running PTY-backed `command/exec` session.
220- `command/exec/terminate` - stop a running `command/exec` session.245- `command/exec/terminate` - stop a running `command/exec` session.
246- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.
221- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.247- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.
248- `modelProvider/capabilities/read` - read provider capability bounds for model/provider combinations (experimental; requires `capabilities.experimentalApi`).
222- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.249- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.
250- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.
223- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).251- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).
224- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).252- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).
253- `skills/changed` (notify) - emitted when watched local skill files change.
254- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.
255- `marketplace/upgrade` - refresh a configured Git marketplace, or all configured Git marketplaces when you omit the marketplace name.
225- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.256- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.
226- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.257- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.
227- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.258- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.
233- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.264- `config/mcpServer/reload` - reload MCP server configuration from disk and queue a refresh for loaded threads.
234- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.265- `mcpServerStatus/list` - list MCP servers, tools, resources, and auth status (cursor + limit pagination). Use `detail: "full"` for full data or `detail: "toolsAndAuthOnly"` to omit resources.
235- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.266- `mcpServer/resource/read` - read a single MCP resource through an initialized MCP server.
267- `mcpServer/tool/call` - call a tool on a thread's configured MCP server.
268- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread.
236- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.269- `windowsSandbox/setupStart` - start Windows sandbox setup for `elevated` or `unelevated` mode; returns quickly and later emits `windowsSandbox/setupCompleted`.
237- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).270- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).
238- `config/read` - fetch the effective configuration on disk after resolving configuration layering.271- `config/read` - fetch the effective configuration on disk after resolving configuration layering.
239- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).272- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).
240- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home).273- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home). Supported item types include config, skills, `AGENTS.md`, plugins, MCP server config, subagents, hooks, commands, and sessions; plugin imports emit `externalAgentConfig/import/completed`.
241- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.274- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.
242- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.275- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.
243- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).276- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).
244- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, and `fs/copy` - operate on absolute filesystem paths through the app-server v2 filesystem API.277- `fs/readFile`, `fs/writeFile`, `fs/createDirectory`, `fs/getMetadata`, `fs/readDirectory`, `fs/remove`, `fs/copy`, `fs/watch`, `fs/unwatch`, and `fs/changed` (notify) - operate on absolute filesystem paths through the app-server v2 filesystem API.
245 278
246Plugin summaries include a `source` union. Local plugins return279Plugin summaries include a `source` union. Local plugins return
247`{ "type": "local", "path": ... }`, Git-backed marketplace entries return280`{ "type": "local", "path": ... }`, Git-backed marketplace entries return
318## Threads351## Threads
319 352
320- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.353- `thread/read` reads a stored thread without subscribing to it; set `includeTurns` to include turns.
321- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, and `cwd` filtering.354- `thread/turns/list` pages through a stored thread's turn history without resuming it.
355- `thread/list` supports cursor pagination plus `modelProviders`, `sourceKinds`, `archived`, `cwd`, and `searchTerm` filtering.
322- `thread/loaded/list` returns the thread IDs currently in memory.356- `thread/loaded/list` returns the thread IDs currently in memory.
323- `thread/archive` moves the thread's persisted JSONL log into the archived directory.357- `thread/archive` moves the thread's persisted JSONL log into the archived directory.
324- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed`.358- `thread/metadata/update` patches stored thread metadata, currently including persisted `gitInfo`.
359- `thread/unsubscribe` unsubscribes the current connection from a loaded thread and can trigger `thread/closed` after an inactivity grace period.
325- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.360- `thread/unarchive` restores an archived thread rollout back into the active sessions directory.
326- `thread/compact/start` triggers compaction and returns `{}` immediately.361- `thread/compact/start` triggers compaction and returns `{}` immediately.
327- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.362- `thread/rollback` drops the last N turns from the in-memory context and records a rollback marker in the thread's persisted JSONL log.
363- `thread/inject_items` appends raw Responses API items to a loaded thread's model-visible history without starting a user turn.
328 364
329### Start or resume a thread365### Start or resume a thread
330 366
395 431
396Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.432Unlike `thread/resume`, `thread/read` doesn't load the thread into memory or emit `thread/started`.
397 433
434### List thread turns
435
436Use `thread/turns/list` to page a stored thread's turn history without resuming it. Results default to newest-first so clients can fetch older turns with `nextCursor`. The response also includes `backwardsCursor`; pass it as `cursor` with `sortDirection: "asc"` to fetch turns newer than the first item from the earlier page.
437
438```json
439{ "method": "thread/turns/list", "id": 20, "params": {
440 "threadId": "thr_123",
441 "limit": 50,
442 "sortDirection": "desc"
443} }
444{ "id": 20, "result": {
445 "data": [],
446 "nextCursor": "older-turns-cursor-or-null",
447 "backwardsCursor": "newer-turns-cursor-or-null"
448} }
449```
450
398### List threads (with pagination & filters)451### List threads (with pagination & filters)
399 452
400`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:453`thread/list` lets you render a history UI. Results default to newest-first by `createdAt`. Filters apply before pagination. Pass any combination of:
406- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.459- `sourceKinds` - restrict results to specific thread sources. When omitted or `[]`, the server defaults to interactive sources only: `cli` and `vscode`.
407- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).460- `archived` - when `true`, list archived threads only. When `false` or omitted, list non-archived threads (default).
408- `cwd` - restrict results to threads whose session current working directory exactly matches this path.461- `cwd` - restrict results to threads whose session current working directory exactly matches this path.
462- `searchTerm` - search stored thread summaries and metadata before pagination.
409 463
410`sourceKinds` accepts the following values:464`sourceKinds` accepts the following values:
411 465
439 493
440When `nextCursor` is `null`, you have reached the final page.494When `nextCursor` is `null`, you have reached the final page.
441 495
496### Update stored thread metadata
497
498Use `thread/metadata/update` to patch stored thread metadata without resuming the thread. Today this supports persisted `gitInfo`; omitted fields are left unchanged, and explicit `null` clears a stored value.
499
500```json
501{ "method": "thread/metadata/update", "id": 21, "params": {
502 "threadId": "thr_123",
503 "gitInfo": { "branch": "feature/sidebar-pr" }
504} }
505{ "id": 21, "result": {
506 "thread": {
507 "id": "thr_123",
508 "gitInfo": { "sha": null, "branch": "feature/sidebar-pr", "originUrl": null }
509 }
510} }
511```
512
442### Track thread status changes513### Track thread status changes
443 514
444`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.515`thread/status/changed` is emitted whenever a loaded thread's runtime status changes. The payload includes `threadId` and the new `status`.
470- `notSubscribed` when the connection wasn't subscribed to that thread.541- `notSubscribed` when the connection wasn't subscribed to that thread.
471- `notLoaded` when the thread isn't loaded.542- `notLoaded` when the thread isn't loaded.
472 543
473If this was the last subscriber, the server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.544If this was the last subscriber, the server keeps the thread loaded until it has no subscribers and no thread activity for 30 minutes. When the grace period expires, app-server unloads the thread and emits a `thread/status/changed` transition to `notLoaded` plus `thread/closed`.
474 545
475```json546```json
476{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }547{ "method": "thread/unsubscribe", "id": 22, "params": { "threadId": "thr_123" } }
477{ "id": 22, "result": { "status": "unsubscribed" } }548{ "id": 22, "result": { "status": "unsubscribed" } }
549```
550
551If the thread later expires:
552
553```json
478{ "method": "thread/status/changed", "params": {554{ "method": "thread/status/changed", "params": {
479 "threadId": "thr_123",555 "threadId": "thr_123",
480 "status": { "type": "notLoaded" }556 "status": { "type": "notLoaded" }
623{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }699{ "id": 30, "result": { "turn": { "id": "turn_456", "status": "inProgress", "items": [], "error": null } } }
624```700```
625 701
702### Inject items into a thread
703
704Use `thread/inject_items` to append prebuilt Responses API items to a loaded thread's prompt history without starting a user turn. These items are persisted to the rollout and included in subsequent model requests.
705
706```json
707{ "method": "thread/inject_items", "id": 31, "params": {
708 "threadId": "thr_123",
709 "items": [
710 {
711 "type": "message",
712 "role": "assistant",
713 "content": [{ "type": "output_text", "text": "Previously computed context." }]
714 }
715 ]
716} }
717{ "id": 31, "result": {} }
718```
719
626### Steer an active turn720### Steer an active turn
627 721
628Use `turn/steer` to append more user input to the active in-flight turn.722Use `turn/steer` to append more user input to the active in-flight turn.
804- `elevated` - run the elevated Windows sandbox setup path.898- `elevated` - run the elevated Windows sandbox setup path.
805- `unelevated` - run the legacy setup/preflight path.899- `unelevated` - run the legacy setup/preflight path.
806 900
901## Filesystem
902
903The v2 filesystem APIs operate on absolute paths. Use `fs/watch` when a client needs to invalidate UI state after a file or directory changes.
904
905```json
906{ "method": "fs/watch", "id": 54, "params": {
907 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",
908 "path": "/Users/me/project/.git/HEAD"
909} }
910{ "id": 54, "result": { "path": "/Users/me/project/.git/HEAD" } }
911{ "method": "fs/changed", "params": {
912 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1",
913 "changedPaths": ["/Users/me/project/.git/HEAD"]
914} }
915{ "method": "fs/unwatch", "id": 55, "params": {
916 "watchId": "0195ec6b-1d6f-7c2e-8c7a-56f2c4a8b9d1"
917} }
918{ "id": 55, "result": {} }
919```
920
921Watching a file emits `fs/changed` for that file path, including updates delivered by replace or rename operations.
922
807## Events923## Events
808 924
809Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.925Event notifications are the server-initiated stream for thread lifecycles, turn lifecycles, and the items within them. After you start or resume a thread, keep reading the active transport stream for `thread/started`, `thread/archived`, `thread/unarchived`, `thread/closed`, `thread/status/changed`, `turn/*`, `item/*`, and `serverRequest/resolved` notifications.
1024} }1140} }
1025```1141```
1026 1142
1143The server also emits `skills/changed` notifications when watched local skill files change. Treat this as an invalidation signal and rerun `skills/list` with your current params when needed.
1144
1027To enable or disable a skill by path:1145To enable or disable a skill by path:
1028 1146
1029```json1147```json
1230{ "id": 64, "result": {} }1348{ "id": 64, "result": {} }
1231```1349```
1232 1350
1351When a request includes plugin imports, the server emits `externalAgentConfig/import/completed` after the import finishes. This notification may arrive immediately after the response or after background remote imports complete.
1352
1233Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, `PLUGINS`,1353Supported `itemType` values are `AGENTS_MD`, `CONFIG`, `SKILLS`, `PLUGINS`,
1234and `MCP_SERVER_CONFIG`. For `PLUGINS` items, `details.plugins` lists each1354and `MCP_SERVER_CONFIG`. For `PLUGINS` items, `details.plugins` lists each
1235`marketplaceName` and the `pluginNames` Codex can try to migrate. Detection1355`marketplaceName` and the `pluginNames` Codex can try to migrate. Detection
1244 1364
1245## Auth endpoints1365## Auth endpoints
1246 1366
1247The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, and inspect ChatGPT rate limits.1367The JSON-RPC auth/account surface exposes request/response methods plus server-initiated notifications (no `id`). Use these to determine auth state, start or cancel logins, logout, inspect ChatGPT rate limits, and notify workspace owners about depleted credits or usage limits.
1248 1368
1249### Authentication modes1369### Authentication modes
1250 1370
1251Codex supports three authentication modes. `account/updated.authMode` shows the active mode, and `account/read` also reports it.1371Codex supports these authentication modes. `account/updated.authMode` shows the active mode and includes the current ChatGPT `planType` when available. `account/read` also reports account and plan details.
1252 1372
1253- **API key (`apikey`)** - the caller supplies an OpenAI API key and Codex stores it for API requests.1373- **API key (`apikey`)** - the caller supplies an OpenAI API key with `type: "apiKey"`, and Codex stores it for API requests.
1254- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically.1374- **ChatGPT managed (`chatgpt`)** - Codex owns the ChatGPT OAuth flow, persists tokens, and refreshes them automatically. Start with `type: "chatgpt"` for the browser flow or `type: "chatgptDeviceCode"` for the device-code flow.
1255- **ChatGPT external tokens (`chatgptAuthTokens`)** - a host app supplies `idToken` and `accessToken` directly. Codex stores these tokens in memory, and the host app must refresh them when asked.1375- **ChatGPT external tokens (`chatgptAuthTokens`)** - experimental and intended for host apps that already own the user's ChatGPT auth lifecycle. The host app supplies an `accessToken`, `chatgptAccountId`, and optional `chatgptPlanType` directly, and must refresh the token when asked.
1256 1376
1257### API overview1377### API overview
1258 1378
1259- `account/read` - fetch current account info; optionally refresh tokens.1379- `account/read` - fetch current account info; optionally refresh tokens.
1260- `account/login/start` - begin login (`apiKey`, `chatgpt`, or `chatgptAuthTokens`).1380- `account/login/start` - begin login (`apiKey`, `chatgpt`, `chatgptDeviceCode`, or experimental `chatgptAuthTokens`).
1261- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).1381- `account/login/completed` (notify) - emitted when a login attempt finishes (success or error).
1262- `account/login/cancel` - cancel a pending ChatGPT login by `loginId`.1382- `account/login/cancel` - cancel a pending managed ChatGPT login by `loginId`.
1263- `account/logout` - sign out; triggers `account/updated`.1383- `account/logout` - sign out; triggers `account/updated`.
1264- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`).1384- `account/updated` (notify) - emitted whenever auth mode changes (`authMode`: `apikey`, `chatgpt`, `chatgptAuthTokens`, or `null`) and includes `planType` when available.
1265- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.1385- `account/chatgptAuthTokens/refresh` (server request) - request fresh externally managed ChatGPT tokens after an authorization error.
1266- `account/rateLimits/read` - fetch ChatGPT rate limits.1386- `account/rateLimits/read` - fetch ChatGPT rate limits.
1267- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.1387- `account/rateLimits/updated` (notify) - emitted whenever a user's ChatGPT rate limits change.
1388- `account/sendAddCreditsNudgeEmail` - ask ChatGPT to email a workspace owner about depleted credits or a reached usage limit.
1268- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.1389- `mcpServer/oauthLogin/completed` (notify) - emitted after a `mcpServer/oauth/login` flow finishes; payload includes `{ name, success, error? }`.
1390- `mcpServer/startupStatus/updated` (notify) - emitted when a configured MCP server's startup status changes for a loaded thread; payload includes `{ name, status, error }`.
1269 1391
1270### 1) Check auth state1392### 1) Check auth state
1271 1393
1337 ```1459 ```
1338 1460
1339 ```json1461 ```json
1340 { "method": "account/updated", "params": { "authMode": "apikey" } }1462 {
1463 "method": "account/updated",
1464 "params": { "authMode": "apikey", "planType": null }
1465 }
1341 ```1466 ```
1342 1467
1343### 3) Log in with ChatGPT (browser flow)1468### 3) Log in with ChatGPT (browser flow)
1369 ```1494 ```
1370 1495
1371 ```json1496 ```json
1372 { "method": "account/updated", "params": { "authMode": "chatgpt" } }1497 {
1498 "method": "account/updated",
1499 "params": { "authMode": "chatgpt", "planType": "plus" }
1500 }
1373 ```1501 ```
1374 1502
1375### 3b) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)1503### 3b) Log in with ChatGPT (device-code flow)
1504
1505Use this flow when your client owns the sign-in ceremony or when a browser callback is brittle.
1376 1506
1377Use this mode when a host application owns the user’s ChatGPT auth lifecycle and supplies tokens directly.15071. Start:
1508
1509 ```json
1510 {
1511 "method": "account/login/start",
1512 "id": 4,
1513 "params": { "type": "chatgptDeviceCode" }
1514 }
1515 ```
1516
1517 ```json
1518 {
1519 "id": 4,
1520 "result": {
1521 "type": "chatgptDeviceCode",
1522 "loginId": "<uuid>",
1523 "verificationUrl": "https://auth.openai.com/codex/device",
1524 "userCode": "ABCD-1234"
1525 }
1526 }
1527 ```
15282. Show `verificationUrl` and `userCode` to the user; the frontend owns the UX.
15293. Wait for notifications:
1530
1531 ```json
1532 {
1533 "method": "account/login/completed",
1534 "params": { "loginId": "<uuid>", "success": true, "error": null }
1535 }
1536 ```
1537
1538 ```json
1539 {
1540 "method": "account/updated",
1541 "params": { "authMode": "chatgpt", "planType": "plus" }
1542 }
1543 ```
1544
1545### 3c) Log in with externally managed ChatGPT tokens (`chatgptAuthTokens`)
1546
1547Use this experimental mode only when a host application owns the user's ChatGPT auth lifecycle and supplies tokens directly. Clients must set `capabilities.experimentalApi = true` during `initialize` before using this login type.
1378 1548
13791. Send:15491. Send:
1380 1550
1384 "id": 7,1554 "id": 7,
1385 "params": {1555 "params": {
1386 "type": "chatgptAuthTokens",1556 "type": "chatgptAuthTokens",
1387 "idToken": "<jwt>",1557 "accessToken": "<jwt>",
1388 "accessToken": "<jwt>"1558 "chatgptAccountId": "org-123",
1559 "chatgptPlanType": "business"
1389 }1560 }
1390 }1561 }
1391 ```1562 ```
1406 ```json1577 ```json
1407 {1578 {
1408 "method": "account/updated",1579 "method": "account/updated",
1409 "params": { "authMode": "chatgptAuthTokens" }1580 "params": { "authMode": "chatgptAuthTokens", "planType": "business" }
1410 }1581 }
1411 ```1582 ```
1412 1583
1418 "id": 8,1589 "id": 8,
1419 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }1590 "params": { "reason": "unauthorized", "previousAccountId": "org-123" }
1420}1591}
1421{ "id": 8, "result": { "idToken": "<jwt>", "accessToken": "<jwt>" } }1592{ "id": 8, "result": { "accessToken": "<jwt>", "chatgptAccountId": "org-123", "chatgptPlanType": "business" } }
1422```1593```
1423 1594
1424The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.1595The server retries the original request after a successful refresh response. Requests time out after about 10 seconds.
1435```json1606```json
1436{ "method": "account/logout", "id": 5 }1607{ "method": "account/logout", "id": 5 }
1437{ "id": 5, "result": {} }1608{ "id": 5, "result": {} }
1438{ "method": "account/updated", "params": { "authMode": null } }1609{ "method": "account/updated", "params": { "authMode": null, "planType": null } }
1439```1610```
1440 1611
1441### 6) Rate limits (ChatGPT)1612### 6) Rate limits (ChatGPT)
1447 "limitId": "codex",1618 "limitId": "codex",
1448 "limitName": null,1619 "limitName": null,
1449 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1620 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },
1450 "secondary": null1621 "secondary": null,
1622 "rateLimitReachedType": null
1451 },1623 },
1452 "rateLimitsByLimitId": {1624 "rateLimitsByLimitId": {
1453 "codex": {1625 "codex": {
1454 "limitId": "codex",1626 "limitId": "codex",
1455 "limitName": null,1627 "limitName": null,
1456 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },1628 "primary": { "usedPercent": 25, "windowDurationMins": 15, "resetsAt": 1730947200 },
1457 "secondary": null1629 "secondary": null,
1630 "rateLimitReachedType": null
1458 },1631 },
1459 "codex_other": {1632 "codex_other": {
1460 "limitId": "codex_other",1633 "limitId": "codex_other",
1461 "limitName": "codex_other",1634 "limitName": "codex_other",
1462 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },1635 "primary": { "usedPercent": 42, "windowDurationMins": 60, "resetsAt": 1730950800 },
1463 "secondary": null1636 "secondary": null,
1637 "rateLimitReachedType": null
1464 }1638 }
1465 }1639 }
1466} }1640} }
1481- `usedPercent` is current usage within the quota window.1655- `usedPercent` is current usage within the quota window.
1482- `windowDurationMins` is the quota window length.1656- `windowDurationMins` is the quota window length.
1483- `resetsAt` is a Unix timestamp (seconds) for the next reset.1657- `resetsAt` is a Unix timestamp (seconds) for the next reset.
1658- `planType` is included when the backend returns the ChatGPT plan associated with a bucket.
1659- `credits` is included when the backend returns remaining workspace credit details.
1660- `rateLimitReachedType` identifies the backend-classified limit state when one has been reached.
1661
1662### 7) Notify a workspace owner about a limit
1663
1664Use `account/sendAddCreditsNudgeEmail` to ask ChatGPT to email a workspace owner when credits are depleted or a usage limit has been reached.
1665
1666```json
1667{ "method": "account/sendAddCreditsNudgeEmail", "id": 7, "params": { "creditType": "credits" } }
1668{ "id": 7, "result": { "status": "sent" } }
1669```
1670
1671Use `creditType: "credits"` when workspace credits are depleted, or `creditType: "usage_limit"` when the workspace usage limit has been reached. If the owner was already notified recently, the response status is `cooldown_active`.
