OpenAI - Codex Docs Changes

agent-approvals-security.md +49 −6

Details

24- **Codex cloud**: Runs in isolated OpenAI-managed containers, preventing access to your host system or unrelated data. Uses a two-phase runtime model: setup runs before the agent phase and can access the network to install specified dependencies, then the agent phase runs offline by default unless you enable internet access for that environment. Secrets configured for cloud environments are available only during setup and are removed before the agent phase starts.24- **Codex cloud**: Runs in isolated OpenAI-managed containers, preventing access to your host system or unrelated data. Uses a two-phase runtime model: setup runs before the agent phase and can access the network to install specified dependencies, then the agent phase runs offline by default unless you enable internet access for that environment. Secrets configured for cloud environments are available only during setup and are removed before the agent phase starts.

25- **Codex CLI / IDE extension**: OS-level mechanisms enforce sandbox policies. Defaults include no network access and write permissions limited to the active workspace. You can configure the sandbox, approval policy, and network settings based on your risk tolerance.25- **Codex CLI / IDE extension**: OS-level mechanisms enforce sandbox policies. Defaults include no network access and write permissions limited to the active workspace. You can configure the sandbox, approval policy, and network settings based on your risk tolerance.

26 26

~~27In the `Auto` preset (for example, `--full-auto`), Codex can read files, make edits, and run commands in the working directory automatically.~~27In the `Auto` preset (for example, `--sandbox workspace-write --ask-for-approval on-request`), Codex can read files, make edits, and run commands in the working directory automatically.

28 28

29Codex asks for approval to edit files outside the workspace or to run commands that require network access. If you want to chat or plan without making changes, switch to `read-only` mode with the `/permissions` command.29Codex asks for approval to edit files outside the workspace or to run commands that require network access. If you want to chat or plan without making changes, switch to `read-only` mode with the `/permissions` command.

30 30

103 103

104For a middle ground, `approval_policy = { granular = { ... } }` lets you keep specific approval prompt categories interactive while automatically rejecting others. The granular policy covers sandbox approvals, execpolicy-rule prompts, MCP prompts, `request_permissions` prompts, and skill-script approvals.104For a middle ground, `approval_policy = { granular = { ... } }` lets you keep specific approval prompt categories interactive while automatically rejecting others. The granular policy covers sandbox approvals, execpolicy-rule prompts, MCP prompts, `request_permissions` prompts, and skill-script approvals.

105 105

106Set `approvals_reviewer = "guardian_subagent"` to route eligible approval reviews through the Guardian reviewer subagent instead of prompting the user directly. Admin requirements can constrain this with `allowed_approvals_reviewers`.106### Automatic approval reviews

107

108By default, approval requests route to you:

109

110```toml

111approvals_reviewer = "user"

112```

113

114Automatic approval reviews apply when approvals are interactive, such as

115`approval_policy = "on-request"` or a granular approval policy. Set

116`approvals_reviewer = "auto_review"` to route eligible approval requests

117through a reviewer agent before Codex runs the request:

118

119```toml

120approval_policy = "on-request"

121approvals_reviewer = "auto_review"

122```

123

124The reviewer evaluates only actions that already need approval, such as sandbox

125escalations, network requests, `request_permissions` prompts, or side-effecting

126app and MCP tool calls. Actions that stay inside the sandbox continue without an

127extra review step.

128

129The reviewer policy checks for data exfiltration, credential probing, persistent

130security weakening, and destructive actions. Low-risk and medium-risk actions

131can proceed when policy allows them. The policy denies critical-risk actions.

132High-risk actions require enough user authorization and no matching deny rule.

133Timeouts, parse failures, and review errors fail closed.

134

135The [default reviewer policy](https://github.com/openai/codex/blob/main/codex-rs/core/src/guardian/policy.md)

136is in the open-source Codex repository. Enterprises can replace its

137tenant-specific section with `guardian_policy_config` in managed requirements.

138Local `[auto_review].policy` text is also supported, but managed requirements

139take precedence. For setup details, see

140[Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration#configure-automatic-review-policy).

141

142In the Codex app, these reviews appear as automatic review items with a status such

143as Reviewing, Approved, Denied, Stopped, or Timed out. They can also include a

144risk level for the reviewed request.

145

146Automatic review uses extra model calls, so it can add to Codex usage. Admins

147can constrain it with `allowed_approvals_reviewers`.

107 148

108### Common sandbox and approval combinations149### Common sandbox and approval combinations

109 150

111| ----------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |152| ----------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |

112| Auto (preset) | *no flags needed* or `--full-auto` | Codex can read files, make edits, and run commands in the workspace. Codex requires approval to edit outside the workspace or to access network. |153| Auto (preset) | *no flags needed* or `--sandbox workspace-write --ask-for-approval on-request` | Codex can read files, make edits, and run commands in the workspace. Codex requires approval to edit outside the workspace or to access network. |

113| Safe read-only browsing | `--sandbox read-only --ask-for-approval on-request` | Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network. |154| Safe read-only browsing | `--sandbox read-only --ask-for-approval on-request` | Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network. |

115| Automatically edit but ask for approval to run untrusted commands | `--sandbox workspace-write --ask-for-approval untrusted` | Codex can read and edit files but asks for approval before running untrusted commands. |156| Automatically edit but ask for approval to run untrusted commands | `--sandbox workspace-write --ask-for-approval untrusted` | Codex can read and edit files but asks for approval before running untrusted commands. |

116| Dangerous full access | `--dangerously-bypass-approvals-and-sandbox` (alias: `--yolo`) | [Elevated Risk](https://help.openai.com/articles/20001061) No sandbox; no approvals *(not recommended)* |157| Dangerous full access | `--dangerously-bypass-approvals-and-sandbox` (alias: `--yolo`) | [Elevated Risk](https://help.openai.com/articles/20001061) No sandbox; no approvals *(not recommended)* |

117 158

118`--full-auto` is a convenience alias for `--sandbox workspace-write --ask-for-approval on-request`.159For non-interactive runs, use `codex exec --sandbox workspace-write`; Codex keeps older `codex exec --full-auto` invocations as a deprecated compatibility path and prints a warning.

119 160

120With `--ask-for-approval untrusted`, Codex runs only known-safe read operations automatically. Commands that can mutate state or trigger external execution paths (for example, destructive Git operations or Git output/config-override flags) require approval.161With `--ask-for-approval untrusted`, Codex runs only known-safe read operations automatically. Commands that can mutate state or trigger external execution paths (for example, destructive Git operations or Git output/config-override flags) require approval.

121 162

161 202

162```bash203```bash

163# macOS204# macOS

164codex sandbox macos [--full-auto] [--log-denials] [COMMAND]...205codex sandbox macos [--permissions-profile <name>] [--log-denials] [COMMAND]...

165# Linux206# Linux

166codex sandbox linux [--full-auto] [COMMAND]...207codex sandbox linux [--permissions-profile <name>] [COMMAND]...

208# Windows

209codex sandbox windows [--permissions-profile <name>] [COMMAND]...

167```210```

168 211

169The `sandbox` command is also available as `codex debug`, and the platform helpers have aliases (for example `codex sandbox seatbelt` and `codex sandbox landlock`).212The `sandbox` command is also available as `codex debug`, and the platform helpers have aliases (for example `codex sandbox seatbelt` and `codex sandbox landlock`).

app.md +1 −1

Details

66 66

67Run commands in each thread and launch repeatable project actions.](https://developers.openai.com/codex/app/features#integrated-terminal)[### In-app browser67Run commands in each thread and launch repeatable project actions.](https://developers.openai.com/codex/app/features#integrated-terminal)[### In-app browser

68 68

~~69Open unauthenticated local or public pages and comment on rendered output.](https://developers.openai.com/codex/app/browser)[### Image generation~~69Open rendered pages, leave comments, or let Codex operate local browser flows.](https://developers.openai.com/codex/app/browser)[### Image generation

70 70

71Generate or edit images in a thread while you work on the surrounding code and assets.](https://developers.openai.com/codex/app/features#image-generation)[### Automations71Generate or edit images in a thread while you work on the surrounding code and assets.](https://developers.openai.com/codex/app/features#image-generation)[### Automations

72 72

app-server.md +6 −1

Details

222- `thread/turns/list` - page through a stored thread's turn history without resuming it.222- `thread/turns/list` - page through a stored thread's turn history without resuming it.

223- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.

224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.

225- `thread/goal/set` - set the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/updated`.

226- `thread/goal/get` - read the current goal for a loaded thread (experimental; requires `capabilities.experimentalApi`).

227- `thread/goal/clear` - clear the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/cleared`.

225- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.228- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.

226- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.229- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.

227- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.230- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.

242- `command/exec/terminate` - stop a running `command/exec` session.245- `command/exec/terminate` - stop a running `command/exec` session.

243- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.246- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.

244- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.247- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.

248- `modelProvider/capabilities/read` - read provider capability bounds for model/provider combinations (experimental; requires `capabilities.experimentalApi`).

245- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.249- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.

246- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.250- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.

247- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).251- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).

248- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).252- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).

249- `skills/changed` (notify) - emitted when watched local skill files change.253- `skills/changed` (notify) - emitted when watched local skill files change.

250- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.254- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.

255- `marketplace/upgrade` - refresh a configured Git marketplace, or all configured Git marketplaces when you omit the marketplace name.

251- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.256- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.

252- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.257- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.

253- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.258- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.

265- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).270- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).

266- `config/read` - fetch the effective configuration on disk after resolving configuration layering.271- `config/read` - fetch the effective configuration on disk after resolving configuration layering.

267- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).272- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).

268- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home); plugin imports emit `externalAgentConfig/import/completed`.273- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home). Supported item types include config, skills, `AGENTS.md`, plugins, MCP server config, subagents, hooks, commands, and sessions; plugin imports emit `externalAgentConfig/import/completed`.

269- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.274- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.

270- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.275- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.

271- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).276- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).

app/browser.md +22 −0

Details

20 20

21![Codex app showing a browser comment on a local web app preview](/images/codex/app/in-app-browser-light.webp)21![Codex app showing a browser comment on a local web app preview](/images/codex/app/in-app-browser-light.webp)

22 22

23## Browser use

25Browser use lets Codex operate the in-app browser directly. Use it for local

26development servers and file-backed previews when Codex needs to click, type,

27inspect rendered state, take screenshots, or verify a fix in the page.

29To use it, install and enable the Browser plugin. Then ask Codex to use the

30browser in your task, or reference it directly with `@Browser`. The app keeps

31browser use inside the in-app browser and lets you manage allowed and blocked

32websites from settings.

34Example:

36```text

37Use the browser to open http://localhost:3000/settings, reproduce the layout

38bug, and fix only the overflowing controls.

39```

41Codex asks before using a website unless you've allowed it. Removing a site from

42the allowed list means Codex asks again before using it; removing a site from the

43blocked list means Codex can ask again instead of treating it as blocked.

23## Preview a page45## Preview a page

24 46

251. Start your app's development server in the [integrated terminal](https://developers.openai.com/codex/app/features#integrated-terminal) or with a [local environment action](https://developers.openai.com/codex/app/local-environments#actions).471. Start your app's development server in the [integrated terminal](https://developers.openai.com/codex/app/features#integrated-terminal) or with a [local environment action](https://developers.openai.com/codex/app/local-environments#actions).

app/features.md +11 −1

Details

4with built-in worktree support, automations, and Git functionality.4with built-in worktree support, automations, and Git functionality.

5 5

6Most Codex app features are available on both macOS and Windows.6Most Codex app features are available on both macOS and Windows.

~~7Platform-specific exceptions are noted below.~~7The sections below note platform-specific exceptions.

8 8

9---9---

10 10

146Use browser comments to mark specific elements or areas on a page, then ask146Use browser comments to mark specific elements or areas on a page, then ask

147Codex to address that feedback.147Codex to address that feedback.

148 148

149When you want Codex to operate the page directly, use

150[browser use](https://developers.openai.com/codex/app/browser#browser-use) for local development servers and

151file-backed pages. You can manage the Browser plugin, allowed websites, and

152blocked websites from settings.

153

149![Codex app showing a browser comment on a local web app preview](/images/codex/app/in-app-browser-light.webp)154![Codex app showing a browser comment on a local web app preview](/images/codex/app/in-app-browser-light.webp)

150 155

151## Computer use156## Computer use

225opening separate projects or using worktrees rather than asking Codex to roam230opening separate projects or using worktrees rather than asking Codex to roam

226outside the project root.231outside the project root.

227 232

233If [automatic review](https://developers.openai.com/codex/agent-approvals-security#automatic-approval-reviews)

234is available in your workspace, you can choose it from the permissions selector.

235It keeps the same sandbox boundary but routes eligible approval requests through

236the configured review policy instead of waiting for you.

237

228For a high-level overview, see [sandboxing](https://developers.openai.com/codex/concepts/sandboxing). For238For a high-level overview, see [sandboxing](https://developers.openai.com/codex/concepts/sandboxing). For

229configuration details, see the239configuration details, see the

230[agent approvals & security documentation](https://developers.openai.com/codex/agent-approvals-security).240[agent approvals & security documentation](https://developers.openai.com/codex/agent-approvals-security).

app/settings.md +42 −2

Details

30 30

31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)

32 32

33### Codex pets

35 Codex pets are optional animated companions for the app. In **Settings**,

36 go to **Appearance** and choose **Pets** to select a built-in pet or

37 refresh custom pets from your local Codex home. Type `/pet` in the

38 composer, use **Wake Pet** or **Tuck Away Pet** in **Settings > Appearance**, or

39 press <kbd>Cmd+K</kbd> or <kbd>Ctrl+K</kbd> and run the same commands to

40 toggle the floating overlay.

42 The overlay keeps active Codex work visible while you use other apps. It

43 shows the active thread, reflects whether Codex is running, waiting for

44 input, or ready for review, and pairs that state with a short progress

45 prompt so you can glance at what changed without reopening the thread.

471/8

49CodexI found a tiny loose thread in settings. Want me to tug it?

51To create your own pet, install the `hatch-pet` skill:

53```text

54$skill-installer hatch-pet

55```

57Reload skills from the command menu. Press <kbd>Cmd+K</kbd> or <kbd>Ctrl+K</kbd>,

58choose **Force Reload Skills**, then ask the skill to create a pet:

60```text

61$hatch-pet create a new pet inspired by my recent projects

62```

33## Git64## Git

34 65

35Use Git settings to standardize branch naming and choose whether Codex uses force66Use Git settings to standardize branch naming and choose whether Codex uses force

43also apply to the Codex CLI and IDE extension because the MCP configuration lives in74also apply to the Codex CLI and IDE extension because the MCP configuration lives in

44`config.toml`. See the [Model Context Protocol docs](https://developers.openai.com/codex/mcp) for details.75`config.toml`. See the [Model Context Protocol docs](https://developers.openai.com/codex/mcp) for details.

45 76

77## Browser use

79Use these settings to install or enable the bundled Browser plugin and manage

80allowed and blocked websites. Codex asks before using a website unless you've

81allowed it. Removing a site from the blocked list lets Codex ask

82again before using it in the browser.

84See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and

85browser use workflows.

46## Computer Use87## Computer Use

47 88

48On macOS, check your Computer Use settings to review desktop-app access and related89On macOS, check your Computer Use settings to review desktop-app access and related

49preferences after setup. To revoke system-level access, update Screen Recording90preferences after setup. To revoke system-level access, update Screen Recording

50or Accessibility permissions in macOS Privacy & Security settings. The feature91or Accessibility permissions in macOS Privacy & Security settings. The feature

~~51isn’t available in the European Economic Area, the United Kingdom, or Switzerland~~92isn't available in the EEA, the United Kingdom, or Switzerland at launch.

~~52at launch.~~

53 93

54## Personalization94## Personalization

55 95

cli.md +4 −3

Details

43 43

44 npm i -g @openai/codex@latestCopy44 npm i -g @openai/codex@latestCopy

45 45

~~46The Codex CLI is available on macOS and Linux. Windows support is~~46The Codex CLI is available on macOS, Windows, and Linux. On Windows, run Codex

~~47experimental. For the best Windows experience, use Codex in a WSL2 workspace~~47 natively in PowerShell with the Windows sandbox, or use WSL2 when you need a

~~48and follow our [Windows setup guide](https://developers.openai.com/codex/windows).~~48Linux-native environment. For setup details, see the

49[Windows setup guide](https://developers.openai.com/codex/windows).

49 50

50If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).51If you're new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

51 52

cli/features.md +8 −8

Details

107 107

108## Models and reasoning108## Models and reasoning

109 109

110For most tasks in Codex, `gpt-5.4` is the recommended model. It brings the110For most tasks in Codex, `gpt-5.5` is the recommended model when it is

111industry-leading coding capabilities of `gpt-5.3-codex` to OpenAI’s flagship111available. It is OpenAI's newest frontier model for complex coding, computer

112frontier model, combining frontier coding performance with stronger reasoning,112use, knowledge work, and research workflows, with stronger planning, tool use,

113native computer use, and broader professional workflows. For extra fast tasks,113and follow-through on multi-step tasks. If `gpt-5.5` is not yet available,

114ChatGPT Pro subscribers have access to the GPT-5.3-Codex-Spark model in114continue using `gpt-5.4`. For extra fast tasks, ChatGPT Pro subscribers have

115research preview.115access to the GPT-5.3-Codex-Spark model in research preview.

116 116

117Switch models mid-session with the `/model` command, or specify one when launching the CLI.117Switch models mid-session with the `/model` command, or specify one when launching the CLI.

118 118

119```bash119```bash

120codex --model gpt-5.4120codex --model gpt-5.5

121```121```

122 122

123[Learn more about the models available in Codex](https://developers.openai.com/codex/models).123[Learn more about the models available in Codex](https://developers.openai.com/codex/models).

254 254

255## Slash commands255## Slash commands

256 256

257Slash commands give you quick access to specialized workflows like `/review`, `/fork`, or your own reusable prompts. Codex ships with a curated set of built-ins, and you can create custom ones for team-specific tasks or personal shortcuts.257Slash commands give you quick access to specialized workflows like `/review`, `/fork`, `/side`, or your own reusable prompts. Codex ships with a curated set of built-ins, and you can create custom ones for team-specific tasks or personal shortcuts.

258 258

259See the [slash commands guide](https://developers.openai.com/codex/guides/slash-commands) to browse the catalog of built-ins, learn how to author custom commands, and understand where they live on disk.259See the [slash commands guide](https://developers.openai.com/codex/guides/slash-commands) to browse the catalog of built-ins, learn how to author custom commands, and understand where they live on disk.

260 260

cli/reference.md +238 −25

Details

~~23| `--full-auto` | `boolean` | Shortcut for low-friction local work: sets `--ask-for-approval on-request` and `--sandbox workspace-write`. |~~

118 117

119Key118Key

120 119

121`--full-auto`

~~122~~

123Type / Values

~~124~~

125`boolean`

~~126~~

127Details

~~128~~

129Shortcut for low-friction local work: sets `--ask-for-approval on-request` and `--sandbox workspace-write`.

~~130~~

131Key

~~132~~

133`--image, -i`120`--image, -i`

134 121

135Type / Values122Type / Values

268| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |255| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |

269| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |256| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |

270| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |257| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |

258| [`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models) | Experimental | Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog. |

271| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |259| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |

272| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |260| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |

273| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |261| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |

278| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |266| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |

279| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |267| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |

280| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |268| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |

281| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes. |269| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS, Linux, or Windows sandboxes. |

270| [`codex update`](https://developers.openai.com/codex/cli/reference#codex-update) | Stable | Check for and apply a Codex CLI update when the installed release supports self-update. |

282 271

283Key272Key

284 273

366 355

367Key356Key

368 357

358[`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models)

359

360Maturity

361

362Experimental

363

364Details

365

366Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog.

367

368Key

369

369[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)370[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)

370 371

371Maturity372Maturity

494 495

495Details496Details

496 497

497Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes.498Run arbitrary commands inside Codex-provided macOS, Linux, or Windows sandboxes.

499

500Key

501

502[`codex update`](https://developers.openai.com/codex/cli/reference#codex-update)

503

504Maturity

505

506Stable

507

508Details

509

510Check for and apply a Codex CLI update when the installed release supports self-update.

498 511

499Expand to view all512Expand to view all

500 513

502 515

503### `codex` (interactive)516### `codex` (interactive)

504 517

505Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing and `--full-auto` to let Codex run most commands without prompts.518Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing. For low-friction local work, use `--sandbox workspace-write --ask-for-approval on-request`.

506 519

507Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication. See [Codex CLI features](https://developers.openai.com/codex/cli/features#connect-the-tui-to-a-remote-app-server) for setup examples and authentication guidance.520Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication. See [Codex CLI features](https://developers.openai.com/codex/cli/features#connect-the-tui-to-a-remote-app-server) for setup examples and authentication guidance.

508 521

665 678

666This debug flow initializes with `experimentalApi: true`, starts a thread, sends a turn, and streams server notifications. Use it to reproduce and inspect app-server protocol behavior locally.679This debug flow initializes with `experimentalApi: true`, starts a thread, sends a turn, and streams server notifications. Use it to reproduce and inspect app-server protocol behavior locally.

667 680

681### `codex debug models`

682

683Print the raw model catalog Codex sees as JSON.

684

685| Key | Type / Values | Details |

686| --- | --- | --- |

687| `--bundled` | `boolean` | Skip refresh and print only the model catalog bundled with the current Codex binary. |

688

689Key

690

691`--bundled`

692

693Type / Values

694

695`boolean`

696

697Details

698

699Skip refresh and print only the model catalog bundled with the current Codex binary.

700

701Use `--bundled` when you want to inspect only the catalog bundled with the current binary, without refreshing from the remote models endpoint.

702

668### `codex apply`703### `codex apply`

669 704

670Apply the most recent diff from a Codex cloud task to your local repository. You must authenticate and have access to the task.705Apply the most recent diff from a Codex cloud task to your local repository. You must authenticate and have access to the task.

911| `--ignore-rules` | `boolean` | Do not load user or project execpolicy `.rules` files for this run. |

912| `--ignore-user-config` | `boolean` | Do not load `$CODEX_HOME/config.toml`. Authentication still uses `CODEX_HOME`. |

944 981

945Details982Details

946 983

947Apply the low-friction automation preset (`workspace-write` sandbox and `on-request` approvals).984Deprecated compatibility flag. Prefer `--sandbox workspace-write`; Codex prints a warning when this flag is used.

985

986Key

987

988`--ignore-rules`

989

990Type / Values

991

992`boolean`

993

994Details

995

996Do not load user or project execpolicy `.rules` files for this run.

997

998Key

999

1000`--ignore-user-config`

1001

1002Type / Values

1003

1004`boolean`

1005

1006Details

1007

1008Do not load `$CODEX_HOME/config.toml`. Authentication still uses `CODEX_HOME`.

948 1009

949Key1010Key

950 1011

1543 1604

1544| Key | Type / Values | Details |1605| Key | Type / Values | Details |

1545| --- | --- | --- |1606| --- | --- | --- |

1607| `--allow-unix-socket` | `path` | Allow the sandboxed command to bind or connect Unix sockets rooted at this path. Repeat to allow multiple paths. |

1608| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1611| `--log-denials` | `boolean` | Capture macOS sandbox denials with `log stream` while the command runs and print them after exit. |

1612| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1549 1614

1550Key1615Key

1551 1616

1617`--allow-unix-socket`

1618

1619Type / Values

1620

1621`path`

1622

1623Details

1624

1625Allow the sandboxed command to bind or connect Unix sockets rooted at this path. Repeat to allow multiple paths.

1626

1627Key

1628

1629`--cd, -C`

1630

1631Type / Values

1632

1633`DIR`

1634

1635Details

1636

1637Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1638

1639Key

1640

1552`--config, -c`1641`--config, -c`

1553 1642

1554Type / Values1643Type / Values

1561 1650

1562Key1651Key

1563 1652

1564`--full-auto`1653`--include-managed-config`

1654

1655Type / Values

1656

1657`boolean`

1658

1659Details

1660

1661Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1662

1663Key

1664

1665`--log-denials`

1565 1666

1566Type / Values1667Type / Values

1567 1668

1569 1670

1570Details1671Details

1571 1672

1572Grant write access to the current workspace and `/tmp` without approvals.1673Capture macOS sandbox denials with `log stream` while the command runs and print them after exit.

1674

1675Key

1676

1677`--permissions-profile`

1678

1679Type / Values

1680

1681`NAME`

1682

1683Details

1684

1685Apply a named permissions profile from the active configuration stack.

1573 1686

1574Key1687Key

1575 1688

1587 1700

1588| Key | Type / Values | Details |1701| Key | Type / Values | Details |

1589| --- | --- | --- |1702| --- | --- | --- |

1703| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1706| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1593 1708

1594Key1709Key

1595 1710

1711`--cd, -C`

1712

1713Type / Values

1714

1715`DIR`

1716

1717Details

1718

1719Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1720

1721Key

1722

1596`--config, -c`1723`--config, -c`

1597 1724

1598Type / Values1725Type / Values

1605 1732

1606Key1733Key

1607 1734

1608`--full-auto`1735`--include-managed-config`

1609 1736

1610Type / Values1737Type / Values

1611 1738

1613 1740

1614Details1741Details

1615 1742

1616Grant write access to the current workspace and `/tmp` inside the Landlock sandbox.1743Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1744

1745Key

1746

1747`--permissions-profile`

1748

1749Type / Values

1750

1751`NAME`

1752

1753Details

1754

1755Apply a named permissions profile from the active configuration stack.

1617 1756

1618Key1757Key

1619 1758

1627 1766

1628Command to execute under Landlock + seccomp. Provide the executable after `--`.1767Command to execute under Landlock + seccomp. Provide the executable after `--`.

1629 1768

1769#### Windows

1770

1771| Key | Type / Values | Details |

1772| --- | --- | --- |

1773| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1774| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |

1775| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |

1776| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1777| `COMMAND...` | `var-args` | Command to execute under the native Windows sandbox. Provide the executable after `--`. |

1778

1779Key

1780

1781`--cd, -C`

1782

1783Type / Values

1784

1785`DIR`

1786

1787Details

1788

1789Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1790

1791Key

1792

1793`--config, -c`

1794

1795Type / Values

1796

1797`key=value`

1798

1799Details

1800

1801Configuration overrides applied before launching the sandbox (repeatable).

1802

1803Key

1804

1805`--include-managed-config`

1806

1807Type / Values

1808

1809`boolean`

1810

1811Details

1812

1813Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1814

1815Key

1816

1817`--permissions-profile`

1818

1819Type / Values

1820

1821`NAME`

1822

1823Details

1824

1825Apply a named permissions profile from the active configuration stack.

1826

1827Key

1828

1829`COMMAND...`

1830

1831Type / Values

1832

1833`var-args`

1834

1835Details

1836

1837Command to execute under the native Windows sandbox. Provide the executable after `--`.

1838

1839### `codex update`

1840

1841Check for and apply a Codex CLI update when the installed release supports self-update. Debug builds print a message telling you to install a release build instead.

1842

1630## Flag combinations and safety tips1843## Flag combinations and safety tips

1631 1844

1632- Set `--full-auto` for unattended local work, but avoid combining it with `--dangerously-bypass-approvals-and-sandbox` unless you are inside a dedicated sandbox VM.1845- Use `--sandbox workspace-write` for unattended local work that can stay inside the workspace, and avoid `--dangerously-bypass-approvals-and-sandbox` unless you are inside a dedicated sandbox VM.

1633- When you need to grant Codex write access to more directories, prefer `--add-dir` rather than forcing `--sandbox danger-full-access`.1846- When you need to grant Codex write access to more directories, prefer `--add-dir` rather than forcing `--sandbox danger-full-access`.

1634- Pair `--json` with `--output-last-message` in CI to capture machine-readable progress and a final natural-language summary.1847- Pair `--json` with `--output-last-message` in CI to capture machine-readable progress and a final natural-language summary.

1635 1848

cli/slash-commands.md +30 −2

Details

38| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |38| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |

~~40| [`/mcp`](#list-mcp-tools-with-mcp) | List configured Model Context Protocol (MCP) tools. | Check which external tools Codex can call during the session. |~~40| [`/mcp`](#list-mcp-tools-with-mcp) | List configured Model Context Protocol (MCP) tools. | Check which external tools Codex can call during the session; add `verbose` for server details. |

42| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |42| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |

44| [`/plan`](#switch-to-plan-mode-with-plan) | Switch to plan mode and optionally send a prompt. | Ask Codex to propose an execution plan before implementation work starts. |44| [`/plan`](#switch-to-plan-mode-with-plan) | Switch to plan mode and optionally send a prompt. | Ask Codex to propose an execution plan before implementation work starts. |

45| [`/personality`](#set-a-communication-style-with-personality) | Choose a communication style for responses. | Make Codex more concise, more explanatory, or more collaborative without changing your instructions. |45| [`/personality`](#set-a-communication-style-with-personality) | Choose a communication style for responses. | Make Codex more concise, more explanatory, or more collaborative without changing your instructions. |

46| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |46| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |

48| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |48| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |

49| [`/side`](#start-a-side-conversation-with-side) | Start an ephemeral side conversation. | Ask a focused follow-up without disrupting the main thread's transcript. |

49| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |50| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |

50| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |51| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |

54| [`/debug-config`](#inspect-config-layers-with-debug-config) | Print config layer and requirements diagnostics. | Debug precedence and policy requirements, including experimental network constraints. |55| [`/debug-config`](#inspect-config-layers-with-debug-config) | Print config layer and requirements diagnostics. | Debug precedence and policy requirements, including experimental network constraints. |

55| [`/statusline`](#configure-footer-items-with-statusline) | Configure TUI status-line fields interactively. | Pick and reorder footer items (model/context/limits/git/tokens/session) and persist in config.toml. |56| [`/statusline`](#configure-footer-items-with-statusline) | Configure TUI status-line fields interactively. | Pick and reorder footer items (model/context/limits/git/tokens/session) and persist in config.toml. |

56| [`/title`](#configure-terminal-title-items-with-title) | Configure terminal window or tab title fields interactively. | Pick and reorder title items such as project, status, thread, branch, model, and task progress. |57| [`/title`](#configure-terminal-title-items-with-title) | Configure terminal window or tab title fields interactively. | Pick and reorder title items such as project, status, thread, branch, model, and task progress. |

58| [`/keymap`](#remap-tui-shortcuts-with-keymap) | Remap TUI keyboard shortcuts. | Inspect and persist custom shortcut bindings in `config.toml`. |

57 59

58`/quit` and `/exit` both exit the CLI. Use them only after you have saved or60`/quit` and `/exit` both exit the CLI. Use them only after you have saved or

59committed any important work.61committed any important work.

199Available title items include app name, project, spinner, status, thread, git201Available title items include app name, project, spinner, status, thread, git

200branch, model, and task progress.202branch, model, and task progress.

201 203

204### Remap TUI shortcuts with `/keymap`

205

206Use `/keymap` to inspect, update, and persist keyboard shortcut bindings for the TUI.

207

2081. Type `/keymap`.

2092. Pick the shortcut context and action you want to change.

2103. Enter the new binding or remove the existing one.

211

212Expected: Codex updates the active keymap and writes the custom binding to `tui.keymap` in `config.toml`.

213

214Key bindings use names such as `ctrl-a`, `shift-enter`, and `page-down`. Context-specific bindings override `tui.keymap.global`; an empty binding list unbinds the action.

215

202### Check background terminals with `/ps`216### Check background terminals with `/ps`

203 217

2041. Type `/ps`.2181. Type `/ps`.

268If you need to fork a saved session instead of the current one, run282If you need to fork a saved session instead of the current one, run

269`codex fork` in your terminal to open the session picker.283`codex fork` in your terminal to open the session picker.

270 284

285### Start a side conversation with `/side`

286

287Use `/side` to start an ephemeral fork from the current conversation without switching away from the main task.

288

2891. Type `/side` to open a side conversation.

2902. Optionally add inline text, for example `/side Check whether this plan has an obvious risk`.

2913. Return to the parent thread after the focused detour finishes.

292

293Expected: Codex opens a side conversation whose transcript is separate from the parent thread. While you are in side mode, the TUI continues to show parent-thread status so you can see whether the main task is still running.

294

295`/side` is unavailable inside another side conversation and during review mode.

296

271### Generate `AGENTS.md` with `/init`297### Generate `AGENTS.md` with `/init`

272 298

2731. Run `/init` in the directory where you want Codex to look for persistent instructions.2991. Run `/init` in the directory where you want Codex to look for persistent instructions.

292 318

293Expected: You see the configured Model Context Protocol (MCP) tools Codex can call in this session.319Expected: You see the configured Model Context Protocol (MCP) tools Codex can call in this session.

294 320

321Use `/mcp verbose` to include detailed server diagnostics. If you pass anything other than `verbose`, Codex shows the command usage.

322

295### Browse apps with `/apps`323### Browse apps with `/apps`

296 324

2971. Type `/apps`.3251. Type `/apps`.

concepts/sandboxing.md +10 −3

Details

145- `never`: Codex doesn't stop for approval prompts.145- `never`: Codex doesn't stop for approval prompts.

146 146

147Full access means using `sandbox_mode = "danger-full-access"` together with147Full access means using `sandbox_mode = "danger-full-access"` together with

148`approval_policy = "never"`. By contrast, `--full-auto` is the lower-risk local148`approval_policy = "never"`. By contrast, the lower-risk local automation

149automation preset: `sandbox_mode = "workspace-write"` and149preset is `sandbox_mode = "workspace-write"` together with

150`approval_policy = "on-request"`.150`approval_policy = "on-request"`, or the matching CLI flags

151`--sandbox workspace-write --ask-for-approval on-request`.

151 152

152If you need Codex to work across more than one directory, writable roots let153If you need Codex to work across more than one directory, writable roots let

153you extend the places it can modify without removing the sandbox entirely. If154you extend the places it can modify without removing the sandbox entirely. If

170[Codex app features](https://developers.openai.com/codex/app/features#approvals-and-sandboxing), and for the171[Codex app features](https://developers.openai.com/codex/app/features#approvals-and-sandboxing), and for the

171IDE-specific settings entry points, see [Codex IDE extension settings](https://developers.openai.com/codex/ide/settings).172IDE-specific settings entry points, see [Codex IDE extension settings](https://developers.openai.com/codex/ide/settings).

172 173

174Automatic review, when available, doesn't change the sandbox boundary. It

175reviews approval requests, such as sandbox escalations or network access, while

176actions already allowed inside the sandbox run without extra review. See

177[Automatic approval reviews](https://developers.openai.com/codex/agent-approvals-security#automatic-approval-reviews)

178for the policy behavior.

179

173Platform details live in the platform-specific docs. For native Windows setup,180Platform details live in the platform-specific docs. For native Windows setup,

174behavior, and troubleshooting, see [Windows](https://developers.openai.com/codex/windows). For admin181behavior, and troubleshooting, see [Windows](https://developers.openai.com/codex/windows). For admin

175requirements and organization-level constraints on sandboxing and approvals, see182requirements and organization-level constraints on sandboxing and approvals, see

concepts/subagents.md +11 −9

Details

65 65

66If you don't pin a model or `model_reasoning_effort`, Codex can choose a setup66If you don't pin a model or `model_reasoning_effort`, Codex can choose a setup

67that balances intelligence, speed, and price for the task. It may favor67that balances intelligence, speed, and price for the task. It may favor

~~68`gpt-5.4-mini` for fast scans or a higher-effort `gpt-5.4`~~68`gpt-5.4-mini` for fast scans or a higher-effort `gpt-5.5` configuration for

~~69configuration for more demanding reasoning. When you want finer control, steer that~~69more demanding reasoning when that model is available. When you want finer

~~70choice in your prompt or set `model` and `model_reasoning_effort` directly in~~70control, steer that choice in your prompt or set `model` and

~~71the agent file.~~71`model_reasoning_effort` directly in the agent file.

72 72

~~73For most tasks in Codex, start with `gpt-5.4`. Use `gpt-5.4-mini` when you~~73For most tasks in Codex, start with `gpt-5.5` when it is available. Continue

~~74want a faster, lower-cost option for lighter subagent work. If you have~~74 using `gpt-5.4` during the rollout if `gpt-5.5` is not yet available. Use

~~75ChatGPT Pro and want near-instant text-only iteration, `gpt-5.3-codex-spark`~~75 `gpt-5.4-mini` when you want a faster, lower-cost option for lighter subagent

~~76remains available in research preview.~~76 work. If you have ChatGPT Pro and want near-instant text-only iteration,

77 `gpt-5.3-codex-spark` remains available in research preview.

77 78

78### Model choice79### Model choice

79 80

~~80- **`gpt-5.4`**: Start here for most agents. It combines strong coding, reasoning, tool use, and broader workflows. The main agent and agents that coordinate ambiguous or multi-step work fit here.~~81- **`gpt-5.5`**: Start here for demanding agents when it is available. It is strongest for ambiguous, multi-step work that needs planning, tool use, validation, and follow-through across a larger context.

82- **`gpt-5.4`**: Use this when `gpt-5.5` is not yet available or when a workflow is pinned to GPT-5.4. It combines strong coding, reasoning, tool use, and broader workflows.

81- **`gpt-5.4-mini`**: Use for agents that favor speed and efficiency over depth, such as exploration, read-heavy scans, large-file review, or processing supporting documents. It works well for parallel workers that return distilled results to the main agent.83- **`gpt-5.4-mini`**: Use for agents that favor speed and efficiency over depth, such as exploration, read-heavy scans, large-file review, or processing supporting documents. It works well for parallel workers that return distilled results to the main agent.

82- **`gpt-5.3-codex-spark`**: If you have ChatGPT Pro, use this research preview model for near-instant, text-only iteration when latency matters more than broader capability.84- **`gpt-5.3-codex-spark`**: If you have ChatGPT Pro, use this research preview model for near-instant, text-only iteration when latency matters more than broader capability.

83 85

config-advanced.md +86 −4

Details

84 84

85In addition to your user config, Codex reads project-scoped overrides from `.codex/config.toml` files inside your repo. Codex walks from the project root to your current working directory and loads every `.codex/config.toml` it finds. If multiple files define the same key, the closest file to your working directory wins.85In addition to your user config, Codex reads project-scoped overrides from `.codex/config.toml` files inside your repo. Codex walks from the project root to your current working directory and loads every `.codex/config.toml` it finds. If multiple files define the same key, the closest file to your working directory wins.

86 86

~~87For security, Codex loads project-scoped config files only when the project is trusted. If the project is untrusted, Codex ignores `.codex/config.toml` files in the project.~~87For security, Codex loads project-scoped config files only when the project is trusted. If the project is untrusted, Codex ignores project `.codex/` layers, including `.codex/config.toml`, project-local hooks, and project-local rules. User and system layers remain separate and still load.

88 88

89Relative paths inside a project config (for example, `model_instructions_file`) are resolved relative to the `.codex/` folder that contains the `config.toml`.89Relative paths inside a project config (for example, `model_instructions_file`) are resolved relative to the `.codex/` folder that contains the `config.toml`.

90 90

91## Hooks (experimental)91## Hooks (experimental)

92 92

~~93Codex can also load lifecycle hooks from `hooks.json` files that sit next to~~93Codex can also load lifecycle hooks from either `hooks.json` files or inline

~~94active config layers.~~94`[hooks]` tables in `config.toml` files that sit next to active config layers.

95 95

96In practice, the two most useful locations are:96In practice, the two most useful locations are:

97 97

98- `~/.codex/hooks.json`98- `~/.codex/hooks.json`

99- `~/.codex/config.toml`

99- `<repo>/.codex/hooks.json`100- `<repo>/.codex/hooks.json`

101- `<repo>/.codex/config.toml`

102

103Project-local hooks load only when the project `.codex/` layer is trusted.

104User-level hooks remain independent of project trust.

100 105

101Turn hooks on with:106Turn hooks on with:

102 107

105codex_hooks = true110codex_hooks = true

106```111```

107 112

113Inline TOML hooks use the same event structure as `hooks.json`:

114

115```toml

116[[hooks.PreToolUse]]

117matcher = "^Bash$"

118

119[[hooks.PreToolUse.hooks]]

120type = "command"

121command = '/usr/bin/python3 "$(git rev-parse --show-toplevel)/.codex/hooks/pre_tool_use_policy.py"'

122timeout = 30

123statusMessage = "Checking Bash command"

124```

125

126If a single layer contains both `hooks.json` and inline `[hooks]`, Codex loads

127both and warns. Prefer one representation per layer.

128

108For the current event list, input fields, output behavior, and limitations, see129For the current event list, input fields, output behavior, and limitations, see

109[Hooks](https://developers.openai.com/codex/hooks).130[Hooks](https://developers.openai.com/codex/hooks).

110 131

175 196

176The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

177 198

199### Amazon Bedrock provider

200

201Codex includes a built-in `amazon-bedrock` model provider. Set it directly as

202`model_provider`; unlike custom providers, this built-in provider supports only

203the nested AWS profile and region overrides.

204

205```toml

206model_provider = "amazon-bedrock"

207model = "<bedrock-model-id>"

208

209[model_providers.amazon-bedrock.aws]

210profile = "default"

211region = "eu-central-1"

212```

213

214If you omit `profile`, Codex uses the standard AWS credential chain. Set

215`region` to the supported Bedrock region that should handle requests.

216

178## OSS mode (local providers)217## OSS mode (local providers)

179 218

180Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.219Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.

230 269

231You can also use a granular approval policy (`approval_policy = { granular = { ... } }`) to allow or auto-reject individual prompt categories. This is useful when you want normal interactive approvals for some cases but want others, such as `request_permissions` or skill-script prompts, to fail closed automatically.270You can also use a granular approval policy (`approval_policy = { granular = { ... } }`) to allow or auto-reject individual prompt categories. This is useful when you want normal interactive approvals for some cases but want others, such as `request_permissions` or skill-script prompts, to fail closed automatically.

232 271

233```272Set `approvals_reviewer = "auto_review"` to route eligible interactive approval

273requests through automatic review. This changes the reviewer, not the sandbox

274boundary.

275

276Use `[auto_review].policy` for local reviewer policy instructions. Managed

277`guardian_policy_config` takes precedence.

278

279```toml

234approval_policy = "untrusted" # Other options: on-request, never, or { granular = { ... } }280approval_policy = "untrusted" # Other options: on-request, never, or { granular = { ... } }

281approvals_reviewer = "user" # Or "auto_review" for automatic review

235sandbox_mode = "workspace-write"282sandbox_mode = "workspace-write"

236allow_login_shell = false # Optional hardening: disallow login shells for shell tools283allow_login_shell = false # Optional hardening: disallow login shells for shell tools

237 284

249exclude_slash_tmp = false # Allow /tmp296exclude_slash_tmp = false # Allow /tmp

250writable_roots = ["/Users/YOU/.pyenv/shims"]297writable_roots = ["/Users/YOU/.pyenv/shims"]

251network_access = false # Opt in to outbound network298network_access = false # Opt in to outbound network

299

300[auto_review]

301policy = """

302Use your organization's automatic review policy.

303"""

304```

305

306### Named permission profiles

307

308Set `default_permissions` to reuse a sandbox profile by name. Codex includes

309the built-in profiles `:read-only`, `:workspace`, and `:danger-no-sandbox`:

310

311```toml

312default_permissions = ":workspace"

252```313```

253 314

315For custom profiles, point `default_permissions` at a name you define under

316`[permissions.<name>]`:

317

318```toml

319default_permissions = "workspace"

320

321[permissions.workspace.filesystem]

322":project_roots" = { "." = "write", "**/*.env" = "none" }

323glob_scan_max_depth = 3

324

325[permissions.workspace.network]

326enabled = true

327mode = "limited"

328

329[permissions.workspace.network.domains]

330"api.openai.com" = "allow"

331```

332

333Use built-in names with a leading colon. Custom names don't use a leading

334colon and must have matching `permissions` tables.

335

254Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).336Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).

255 337

256In workspace-write mode, some environments keep `.git/` and `.codex/`338In workspace-write mode, some environments keep `.git/` and `.codex/`

config-basic.md +26 −5

Details

1# Config basics1# Config basics

2 2

3Codex reads configuration details from more than one location. Your personal defaults live in `~/.codex/config.toml`, and you can add project overrides with `.codex/config.toml` files. For security, Codex loads project config files only when you trust the project.3Codex reads configuration details from more than one location. Your personal defaults live in `~/.codex/config.toml`, and you can add project overrides with `.codex/config.toml` files. For security, Codex loads project `.codex/` layers only when you trust the project.

4 4

5## Codex configuration file5## Codex configuration file

6 6

27 27

28Use that precedence to set shared defaults at the top level and keep profiles focused on the values that differ.28Use that precedence to set shared defaults at the top level and keep profiles focused on the values that differ.

29 29

~~30If you mark a project as untrusted, Codex skips project-scoped `.codex/` layers (including `.codex/config.toml`) and falls back to user, system, and built-in defaults.~~30If you mark a project as untrusted, Codex skips project-scoped `.codex/` layers, including project-local config, hooks, and rules. User and system config still load, including user/global hooks and rules.

31 31

32For one-off overrides via `-c`/`--config` (including TOML quoting rules), see [Advanced Config](https://developers.openai.com/codex/config-advanced#one-off-overrides-from-the-cli).32For one-off overrides via `-c`/`--config` (including TOML quoting rules), see [Advanced Config](https://developers.openai.com/codex/config-advanced#one-off-overrides-from-the-cli).

33 33

46Choose the model Codex uses by default in the CLI and IDE.46Choose the model Codex uses by default in the CLI and IDE.

47 47

48```toml48```toml

~~49model = "gpt-5.4"~~49model = "gpt-5.5"

50```50```

51 51

52#### Approval prompts52#### Approval prompts

69 69

70For mode-by-mode behavior (including protected `.git`/`.codex` paths and network defaults), see [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).70For mode-by-mode behavior (including protected `.git`/`.codex` paths and network defaults), see [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

71 71

72#### Permission profiles

74Use a named permission profile when you want one reusable filesystem or network policy across sessions:

76```toml

77default_permissions = ":workspace"

78```

80Built-in profiles include `:read-only`, `:workspace`, and `:danger-no-sandbox`. For custom filesystem or network rules, define `[permissions.<name>]` tables and set `default_permissions` to that name.

72#### Windows sandbox mode82#### Windows sandbox mode

73 83

74When running Codex natively on Windows, set the native sandbox mode to `elevated` in the `windows` table. Use `unelevated` only if you don't have administrator permissions or if elevated setup fails.84When running Codex natively on Windows, set the native sandbox mode to `elevated` in the `windows` table. Use `unelevated` only if you don't have administrator permissions or if elevated setup fails.

111 121

112You can override this later in an active session with `/personality` or per thread/turn when using the app-server APIs.122You can override this later in an active session with `/personality` or per thread/turn when using the app-server APIs.

113 123

124#### TUI keymap

125

126Customize terminal shortcuts under `tui.keymap`. Context-specific bindings override `tui.keymap.global`, and an empty list unbinds the action.

127

128```toml

129[tui.keymap.global]

130open_transcript = "ctrl-t"

131

132[tui.keymap.composer]

133submit = ["enter", "ctrl-m"]

134```

135

114#### Command environment136#### Command environment

115 137

116Control which environment variables Codex forwards to spawned commands.138Control which environment variables Codex forwards to spawned commands.

148| Key | Default | Maturity | Description |170| Key | Default | Maturity | Description |

149| -------------------- | :-------------------: | ------------ | ---------------------------------------------------------------------------------------- |171| -------------------- | :-------------------: | ------------ | ---------------------------------------------------------------------------------------- |

config-reference.md +273 −26

Details

27| `approvals_reviewer` | `user | guardian_subagent` | Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent. |27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

38| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

~~44| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |~~45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

53| `features.guardian_approval` | `boolean` | Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). Use with `approvals_reviewer = "guardian_subagent"`. |

73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

104| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

109| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

219| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

221| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

222| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

227| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

409 416

410Type / Values417Type / Values

411 418

412`user | guardian_subagent`419`user | auto_review`

413 420

414Details421Details

415 422

416Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent.423Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

417 424

418Key425Key

419 426

537 544

538Key545Key

539 546

547`auto_review.policy`

548

549Type / Values

550

551`string`

552

553Details

554

555Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

556

557Key

558

540`background_terminal_max_timeout`559`background_terminal_max_timeout`

541 560

542Type / Values561Type / Values

617 636

618Details637Details

619 638

620Name of the default permissions profile to apply to sandboxed tool calls.639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

621 640

622Key641Key

623 642

689 708

690Details709Details

691 710

692Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

693 712

694Key713Key

695 714

717 736

718Key737Key

719 738

720`features.guardian_approval`

~~721~~

722Type / Values

~~723~~

724`boolean`

~~725~~

726Details

~~727~~

728Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). Use with `approvals_reviewer = "guardian_subagent"`.

~~729~~

730Key

~~731~~

732`features.memories`739`features.memories`

733 740

734Type / Values741Type / Values

957 964

958Key965Key

959 966

967`hooks`

968

969Type / Values

970

971`table`

972

973Details

974

975Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

976

977Key

978

960`instructions`979`instructions`

961 980

962Type / Values981Type / Values

1341 1360

1342Key1361Key

1343 1362

1363`memories.min_rate_limit_remaining_percent`

1364

1365Type / Values

1366

1367`number`

1368

1369Details

1370

1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1372

1373Key

1374

1344`memories.min_rollout_idle_hours`1375`memories.min_rollout_idle_hours`

1345 1376

1346Type / Values1377Type / Values

1373 1404

1374Details1405Details

1375 1406

1376Model to use (e.g., `gpt-5.4`).1407Model to use (e.g., `gpt-5.5`).

1377 1408

1378Key1409Key

1379 1410

1689 1720

1690Key1721Key

1691 1722

1723`model_providers.amazon-bedrock.aws.profile`

1724

1725Type / Values

1726

1727`string`

1728

1729Details

1730

1731AWS profile name used by the built-in `amazon-bedrock` provider.

1732

1733Key

1734

1735`model_providers.amazon-bedrock.aws.region`

1736

1737Type / Values

1738

1739`string`

1740

1741Details

1742

1743AWS region used by the built-in `amazon-bedrock` provider.

1744

1745Key

1746

1692`model_reasoning_effort`1747`model_reasoning_effort`

1693 1748

1694Type / Values1749Type / Values

2465 2520

2466Details2521Details

2467 2522

2468Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2523Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

2469 2524

2470Key2525Key

2471 2526

2709 2764

2710Key2765Key

2711 2766

2767`tool_suggest.disabled_tools`

2768

2769Type / Values

2770

2771`array<table>`

2772

2773Details

2774

2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2776

2777Key

2778

2712`tool_suggest.discoverables`2779`tool_suggest.discoverables`

2713 2780

2714Type / Values2781Type / Values

2781 2848

2782Key2849Key

2783 2850

2851`tui.keymap.<context>.<action>`

2852

2853Type / Values

2854

2855`string | array<string>`

2856

2857Details

2858

2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

2860

2861Key

2862

2863`tui.keymap.<context>.<action> = []`

2864

2865Type / Values

2866

2867`empty array`

2868

2869Details

2870

2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

2872

2873Key

2874

2784`tui.model_availability_nux.<model>`2875`tui.model_availability_nux.<model>`

2785 2876

2786Type / Values2877Type / Values

2948| Key | Type / Values | Details |3039| Key | Type / Values | Details |

2949| --- | --- | --- |3040| --- | --- | --- |

2953| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3053| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

3054| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

3055| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2956| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |3056| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2960| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |3060| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

3061| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

3062| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

3063| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2988 3091

2989Details3092Details

2990 3093

2991Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`).3094Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2992 3095

2993Key3096Key

2994 3097

3040 3143

3041Key3144Key

3042 3145

3146`features.browser_use`

3147

3148Type / Values

3149

3150`boolean`

3151

3152Details

3153

3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3155

3156Key

3157

3158`features.computer_use`

3159

3160Type / Values

3161

3162`boolean`

3163

3164Details

3165

3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3167

3168Key

3169

3170`features.in_app_browser`

3171

3172Type / Values

3173

3174`boolean`

3175

3176Details

3177

3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

3179

3180Key

3181

3182`guardian_policy_config`

3183

3184Type / Values

3185

3186`string`

3187

3188Details

3189

3190Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3191

3192Key

3193

3194`hooks`

3195

3196Type / Values

3197

3198`table`

3199

3200Details

3201

3202Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3203

3204Key

3205

3206`hooks.<Event>`

3207

3208Type / Values

3209

3210`array<table>`

3211

3212Details

3213

3214Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3215

3216Key

3217

3218`hooks.<Event>[].hooks`

3219

3220Type / Values

3221

3222`array<table>`

3223

3224Details

3225

3226Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3227

3228Key

3229

3230`hooks.managed_dir`

3231

3232Type / Values

3233

3234`string (absolute path)`

3235

3236Details

3237

3238Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3239

3240Key

3241

3242`hooks.windows_managed_dir`

3243

3244Type / Values

3245

3246`string (absolute path)`

3247

3248Details

3249

3250Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3251

3252Key

3253

3043`mcp_servers`3254`mcp_servers`

3044 3255

3045Type / Values3256Type / Values

3100 3311

3101Key3312Key

3102 3313

3314`remote_sandbox_config`

3315

3316Type / Values

3317

3318`array<table>`

3319

3320Details

3321

3322Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3323

3324Key

3325

3326`remote_sandbox_config[].allowed_sandbox_modes`

3327

3328Type / Values

3329

3330`array<string>`

3331

3332Details

3333

3334Allowed sandbox modes to apply when this host-specific entry matches.

3335

3336Key

3337

3338`remote_sandbox_config[].hostname_patterns`

3339

3340Type / Values

3341

3342`array<string>`

3343

3344Details

3345

3346Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3347

3348Key

3349

3103`rules`3350`rules`

3104 3351

3105Type / Values3352Type / Values

config-sample.md +43 −7

Details

27# Core Model Selection27# Core Model Selection

28################################################################################28################################################################################

29 29

~~30# Primary model used by Codex. Recommended example for most users: "gpt-5.4".~~30# Primary model used by Codex. Recommended example for most users: "gpt-5.5".

~~31model = "gpt-5.4"~~31model = "gpt-5.5"

32 32

33# Communication style for supported models. Allowed values: none | friendly | pragmatic33# Communication style for supported models. Allowed values: none | friendly | pragmatic

34# personality = "pragmatic"34# personality = "pragmatic"

35 35

36# Optional model override for /review. Default: unset (uses current session model).36# Optional model override for /review. Default: unset (uses current session model).

~~37# review_model = "gpt-5.4"~~37# review_model = "gpt-5.5"

38 38

39# Provider id selected from [model_providers]. Default: "openai".39# Provider id selected from [model_providers]. Default: "openai".

40model_provider = "openai"40model_provider = "openai"

109# - never: never prompt (risky)109# - never: never prompt (risky)

110# - { granular = { ... } }: allow or auto-reject selected prompt categories110# - { granular = { ... } }: allow or auto-reject selected prompt categories

111approval_policy = "on-request"111approval_policy = "on-request"

112# Who reviews eligible approval prompts: user (default) | guardian_subagent112# Who reviews eligible approval prompts: user (default) | auto_review

113# approvals_reviewer = "user"113# approvals_reviewer = "user"

114 114

115# Example granular policy:115# Example granular policy:

130# - workspace-write130# - workspace-write

131# - danger-full-access (no sandbox; extremely risky)131# - danger-full-access (no sandbox; extremely risky)

132sandbox_mode = "read-only"132sandbox_mode = "read-only"

133# Named permissions profile to apply by default. Required before using [permissions.<name>].133# Named permissions profile to apply by default. Built-ins:

134# default_permissions = "workspace"134# :read-only | :workspace | :danger-no-sandbox

135# Use a custom name such as "workspace" only when you also define [permissions.workspace].

136# default_permissions = ":workspace"

135 137

136# Example filesystem profile. Use `"none"` to deny reads for exact paths or138# Example filesystem profile. Use `"none"` to deny reads for exact paths or

137# glob patterns. On platforms that need pre-expanded glob matches, set139# glob patterns. On platforms that need pre-expanded glob matches, set

358# You can also add custom .tmTheme files under $CODEX_HOME/themes.360# You can also add custom .tmTheme files under $CODEX_HOME/themes.

359# theme = "catppuccin-mocha"361# theme = "catppuccin-mocha"

360 362

363# Custom key bindings. Context-specific bindings override [tui.keymap.global].

364# Use [] to unbind an action.

365# [tui.keymap.global]

366# open_transcript = "ctrl-t"

367# open_external_editor = []

368#

369# [tui.keymap.composer]

370# submit = ["enter", "ctrl-m"]

371

361# Internal tooltip state keyed by model slug. Usually managed by Codex.372# Internal tooltip state keyed by model slug. Usually managed by Codex.

362# [tui.model_availability_nux]373# [tui.model_availability_nux]

363# "gpt-5.4" = 1374# "gpt-5.4" = 1

393# multi_agent = true404# multi_agent = true

394# personality = true405# personality = true

395# fast_mode = true406# fast_mode = true

396# guardian_approval = false

397# enable_request_compression = true407# enable_request_compression = true

398# skill_mcp_dependency_install = true408# skill_mcp_dependency_install = true

399# prevent_idle_sleep = false409# prevent_idle_sleep = false

408# use_memories = true418# use_memories = true

409# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search419# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search

410 420

421################################################################################

422# Lifecycle hooks can be configured here inline or in a sibling hooks.json.

423################################################################################

424

425# [hooks]

426# [[hooks.PreToolUse]]

427# matcher = "^Bash$"

428#

429# [[hooks.PreToolUse.hooks]]

430# type = "command"

431# command = 'python3 "/absolute/path/to/pre_tool_use_policy.py"'

432# timeout = 30

433# statusMessage = "Checking Bash command"

434

411################################################################################435################################################################################

412# Define MCP servers under this table. Leave empty to disable.436# Define MCP servers under this table. Leave empty to disable.

413################################################################################437################################################################################

455# - openai479# - openai

456# - ollama480# - ollama

457# - lmstudio481# - lmstudio

482# - amazon-bedrock

458# These IDs are reserved. Use a different ID for custom providers.483# These IDs are reserved. Use a different ID for custom providers.

459 484

460[model_providers]485[model_providers]

461 486

487# --- Example: built-in Amazon Bedrock provider options ---

488# model_provider = "amazon-bedrock"

489# model = "<bedrock-model-id>"

490# [model_providers.amazon-bedrock.aws]

491# profile = "default"

492# region = "eu-central-1"

493

462# --- Example: OpenAI data residency with explicit base URL or headers ---494# --- Example: OpenAI data residency with explicit base URL or headers ---

463# [model_providers.openaidr]495# [model_providers.openaidr]

464# name = "OpenAI Data Residency"496# name = "OpenAI Data Residency"

529# { type = "connector", id = "gmail" },561# { type = "connector", id = "gmail" },

530# { type = "plugin", id = "figma@openai-curated" },562# { type = "plugin", id = "figma@openai-curated" },

531# ]563# ]

564# disabled_tools = [

565# { type = "plugin", id = "slack@openai-curated" },

566# { type = "connector", id = "connector_googlecalendar" },

567# ]

532 568

533################################################################################569################################################################################

534# Profiles (named presets)570# Profiles (named presets)

enterprise/admin-setup.md +10 −1

Details

139 139

140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).

141 141

142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules.142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules. To disable Browser Use, the in-app browser, or Computer Use, see [Pin feature flags](https://developers.openai.com/codex/enterprise/managed-configuration#pin-feature-flags).

143 143

144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)

145 145

166allowed_approval_policies = ["on-request"]166allowed_approval_policies = ["on-request"]

167```167```

168 168

169Example: disable Browser Use, the in-app browser, and Computer Use:

170

171```toml

172[features]

173browser_use = false

174in_app_browser = false

175computer_use = false

176```

177

169Example: add a restrictive command rule when you want admins to block or gate specific commands:178Example: add a restrictive command rule when you want admins to block or gate specific commands:

170 179

171```toml180```toml

enterprise/managed-configuration.md +106 −5

Details

7 7

8## Admin-enforced requirements (requirements.toml)8## Admin-enforced requirements (requirements.toml)

9 9

10Requirements constrain security-sensitive settings (approval policy, sandbox mode, web search mode, and optionally which MCP servers users can enable). When resolving configuration (for example from `config.toml`, profiles, or CLI config overrides), if a value conflicts with an enforced rule, Codex falls back to a compatible value and notifies the user. If you configure an `mcp_servers` allowlist, Codex enables an MCP server only when both its name and identity match an approved entry; otherwise, Codex disables it.10Requirements constrain security-sensitive settings (approval policy, approvals reviewer, automatic review policy, sandbox mode, web search mode, managed hooks, and optionally which MCP servers users can enable). When resolving configuration (for example from `config.toml`, profiles, or CLI config overrides), if a value conflicts with an enforced rule, Codex falls back to a compatible value and notifies the user. If you configure an `mcp_servers` allowlist, Codex enables an MCP server only when both its name and identity match an approved entry; otherwise, Codex disables it.

11 11

12Requirements can also constrain [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) via the `[features]` table in `requirements.toml`. Note that features aren't always security-sensitive, but enterprises can pin values if desired. Omitted keys remain unconstrained.12Requirements can also constrain [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) via the `[features]` table in `requirements.toml`. Note that features aren't always security-sensitive, but enterprises can pin values if desired. Omitted keys remain unconstrained.

13 13

72allowed_sandbox_modes = ["read-only", "workspace-write"]72allowed_sandbox_modes = ["read-only", "workspace-write"]

73```73```

74 74

75### Override sandbox requirements by host

77Use `[[remote_sandbox_config]]` when one managed policy should apply different

78sandbox requirements on different hosts. For example, you can keep a stricter

79default for laptops while allowing workspace writes on matching devboxes or CI

80runners. Host-specific entries currently override `allowed_sandbox_modes` only:

82```toml

83allowed_sandbox_modes = ["read-only"]

85[[remote_sandbox_config]]

86hostname_patterns = ["*.devbox.example.com", "runner-??.ci.example.com"]

87allowed_sandbox_modes = ["read-only", "workspace-write"]

88```

90Codex compares each `hostname_patterns` entry against the best-effort resolved

91host name. It prefers the fully qualified domain name when available and falls

92back to the local host name. Matching is case-insensitive; `*` matches any

93sequence of characters, and `?` matches one character.

95The first matching `[[remote_sandbox_config]]` entry wins within the same

96requirements source. If no entry matches, Codex keeps the top-level

97`allowed_sandbox_modes`. Hostname matching is for policy selection only; don't

98treat it as authenticated device proof.

75You can also constrain web search mode:100You can also constrain web search mode:

76 101

77```toml102```toml

81`allowed_web_search_modes = []` allows only `"disabled"`.106`allowed_web_search_modes = []` allows only `"disabled"`.

82For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.

83 108

~~84You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags):~~109### Pin feature flags

85 110

~~86```~~111You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users

112receiving a managed `requirements.toml`:

113

114```toml

87[features]115[features]

88personality = true116personality = true

89unified_exec = false117unified_exec = false

118

119# Disable specific Codex feature surfaces when needed.

120browser_use = false

121in_app_browser = false

122computer_use = false

90```123```

91 124

92Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.125Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.

93 126

127- `in_app_browser = false` disables the in-app browser pane.

128- `browser_use = false` disables Browser Use and Browser Agent availability.

129- `computer_use = false` disables Computer Use availability and related

130 install or enablement flows.

131

132If omitted, these features are allowed by policy, subject to normal client,

133platform, and rollout availability.

134

135### Configure automatic review policy

136

137Use `allowed_approvals_reviewers` to require or allow automatic review. Set it

138to `["auto_review"]` to require automatic review, or include `"user"` when users

139can choose manual approval.

140

141Set `guardian_policy_config` to replace the tenant-specific section of the

142automatic review policy. Codex still uses the built-in reviewer template and

143output contract. Managed `guardian_policy_config` takes precedence over local

144`[auto_review].policy`.

145

146```toml

147allowed_approval_policies = ["on-request"]

148allowed_approvals_reviewers = ["auto_review"]

149

150guardian_policy_config = """

151## Environment Profile

152- Trusted internal destinations include github.com/my-org, artifacts.example.com,

153 and internal CI systems.

154

155## Tenant Risk Taxonomy and Allow/Deny Rules

156- Treat uploads to unapproved third-party file-sharing services as high risk.

157- Deny actions that expose credentials or private source code to untrusted

158 destinations.

159"""

160```

161

94### Enforce deny-read requirements162### Enforce deny-read requirements

95 163

96Admins can deny reads for exact paths or glob patterns with164Admins can deny reads for exact paths or glob patterns with

106```174```

107 175

108When deny-read requirements are present, Codex constrains local sandbox mode to176When deny-read requirements are present, Codex constrains local sandbox mode to

109`read-only` or `workspace-write` so the requirement can be enforced. On native177`read-only` or `workspace-write` so Codex can enforce them. On native

110Windows, managed `deny_read` applies to direct file tools; shell subprocess178Windows, managed `deny_read` applies to direct file tools; shell subprocess

111reads don’t use this sandbox requirement.179reads don't use this sandbox rule.

180

181### Enforce managed hooks from requirements

182

183Admins can also define managed lifecycle hooks directly in `requirements.toml`.

184Use `[hooks]` for the hook configuration itself, and point `managed_dir` at the

185directory where your MDM or endpoint-management tooling installs the referenced

186scripts.

187

188```toml

189[features]

190codex_hooks = true

191

192[hooks]

193managed_dir = "/enterprise/hooks"

194windows_managed_dir = 'C:\enterprise\hooks'

195

196[[hooks.PreToolUse]]

197matcher = "^Bash$"

198

199[[hooks.PreToolUse.hooks]]

200type = "command"

201command = "python3 /enterprise/hooks/pre_tool_use_policy.py"

202timeout = 30

203statusMessage = "Checking managed Bash command"

204```

205

206Notes:

207

208- Codex enforces the hook configuration from `requirements.toml`, but it does

209 not distribute the scripts in `managed_dir`.

210- Deliver those scripts separately with your MDM or device-management solution.

211- Managed hook commands should reference absolute script paths under the

212 configured managed directory.

112 213

113### Enforce command rules from requirements214### Enforce command rules from requirements

114 215

github-action.md +1 −1

Details

84Fine-tune how Codex runs by setting the action inputs that map to `codex exec` options:84Fine-tune how Codex runs by setting the action inputs that map to `codex exec` options:

85 85

86- `prompt` or `prompt-file` (choose one): Inline instructions or a repository path to Markdown or text with your task. Consider storing prompts in `.github/codex/prompts/`.86- `prompt` or `prompt-file` (choose one): Inline instructions or a repository path to Markdown or text with your task. Consider storing prompts in `.github/codex/prompts/`.

~~87- `codex-args`: Extra CLI flags. Provide a JSON array (for example `["--full-auto"]`) or a shell string (`--full-auto --sandbox danger-full-access`) to allow edits, streaming, or MCP configuration.~~87- `codex-args`: Extra CLI flags. Provide a JSON array (for example `["--json"]`) or a shell string (`--sandbox workspace-write --json`) to allow edits, streaming, or MCP configuration.

88- `model` and `effort`: Pick the Codex agent configuration you want; leave empty for defaults.88- `model` and `effort`: Pick the Codex agent configuration you want; leave empty for defaults.

89- `sandbox`: Match the sandbox mode (`workspace-write`, `read-only`, `danger-full-access`) to the permissions Codex needs during the run.89- `sandbox`: Match the sandbox mode (`workspace-write`, `read-only`, `danger-full-access`) to the permissions Codex needs during the run.

90- `output-file`: Save the final Codex message to disk so later steps can upload or diff it.90- `output-file`: Save the final Codex message to disk so later steps can upload or diff it.

hooks.md +119 −48

Details

1# Hooks1# Hooks

2 2

~~3Experimental. Hooks are under active development. Windows support temporarily~~

~~4disabled.~~

6Hooks are an extensibility framework for Codex. They allow3Hooks are an extensibility framework for Codex. They allow

7you to inject your own scripts into the agentic loop, enabling features such as:4you to inject your own scripts into the agentic loop, enabling features such as:

8 5

23 20

24- Matching hooks from multiple files all run.21- Matching hooks from multiple files all run.

25- Multiple matching command hooks for the same event are launched concurrently,22- Multiple matching command hooks for the same event are launched concurrently,

~~26 so one hook can’t prevent another matching hook from starting.~~23 so one hook cannot prevent another matching hook from starting.

27- `PreToolUse`, `PermissionRequest`, `PostToolUse`, `UserPromptSubmit`, and24- `PreToolUse`, `PermissionRequest`, `PostToolUse`, `UserPromptSubmit`, and

28 `Stop` run at turn scope.25 `Stop` run at turn scope.

~~29- Hooks are currently disabled on Windows.~~

30 26

31## Where Codex looks for hooks27## Where Codex looks for hooks

32 28

~~33Codex discovers `hooks.json` next to active config layers.~~29Codex discovers hooks next to active config layers in either of these forms:

31- `hooks.json`

32- inline `[hooks]` tables inside `config.toml`

34 33

~~35In practice, the two most useful locations are:~~34Installed plugins can also bundle lifecycle config through their plugin

35manifest or a default `hooks/hooks.json` file. See [Build

36plugins](https://developers.openai.com/codex/plugins/build#bundled-mcp-servers-and-lifecycle-config) for the

37plugin packaging rules.

39In practice, the four most useful locations are:

36 40

37- `~/.codex/hooks.json`41- `~/.codex/hooks.json`

42- `~/.codex/config.toml`

38- `<repo>/.codex/hooks.json`43- `<repo>/.codex/hooks.json`

44- `<repo>/.codex/config.toml`

46If more than one hook source exists, Codex loads all matching hooks.

47Higher-precedence config layers do not replace lower-precedence hooks.

48If a single layer contains both `hooks.json` and inline `[hooks]`, Codex

49merges them and warns at startup. Prefer one representation per layer.

39 50

~~40If more than one `hooks.json` file exists, Codex loads all matching hooks.~~51Project-local hooks load only when the project `.codex/` layer is trusted. In

~~41Higher-precedence config layers don’t replace lower-precedence hooks.~~52untrusted projects, Codex still loads user and system hooks from their own

53active config layers.

42 54

43## Config shape55## Config shape

44 56

127Notes:139Notes:

128 140

129- `timeout` is in seconds.141- `timeout` is in seconds.

130- `timeoutSec` is also accepted as an alias.

131- If `timeout` is omitted, Codex uses `600` seconds.142- If `timeout` is omitted, Codex uses `600` seconds.

132- `statusMessage` is optional.143- `statusMessage` is optional.

133- Commands run with the session `cwd` as their working directory.144- Commands run with the session `cwd` as their working directory.

135 relative path such as `.codex/hooks/...`. Codex may be started from a146 relative path such as `.codex/hooks/...`. Codex may be started from a

136 subdirectory, and a git-root-based path keeps the hook location stable.147 subdirectory, and a git-root-based path keeps the hook location stable.

137 148

149Equivalent inline TOML in `config.toml`:

150

151```toml

152[features]

153codex_hooks = true

154

155[[hooks.PreToolUse]]

156matcher = "^Bash$"

157

158[[hooks.PreToolUse.hooks]]

159type = "command"

160command = '/usr/bin/python3 "$(git rev-parse --show-toplevel)/.codex/hooks/pre_tool_use_policy.py"'

161timeout = 30

162statusMessage = "Checking Bash command"

163

164[[hooks.PostToolUse]]

165matcher = "^Bash$"

166

167[[hooks.PostToolUse.hooks]]

168type = "command"

169command = '/usr/bin/python3 "$(git rev-parse --show-toplevel)/.codex/hooks/post_tool_use_review.py"'

170timeout = 30

171statusMessage = "Reviewing Bash output"

172```

173

174## Managed hooks from `requirements.toml`

175

176Enterprise-managed requirements can also define hooks inline under `[hooks]`.

177This is useful when admins want to enforce the hook configuration while

178delivering the actual scripts through MDM or another device-management system.

179

180```toml

181[features]

182codex_hooks = true

183

184[hooks]

185managed_dir = "/enterprise/hooks"

186windows_managed_dir = 'C:\enterprise\hooks'

187

188[[hooks.PreToolUse]]

189matcher = "^Bash$"

190

191[[hooks.PreToolUse.hooks]]

192type = "command"

193command = "python3 /enterprise/hooks/pre_tool_use_policy.py"

194timeout = 30

195statusMessage = "Checking managed Bash command"

196```

197

198Notes for managed hooks:

199

200- `managed_dir` is used on macOS and Linux.

201- `windows_managed_dir` is used on Windows.

202- Codex does not distribute the scripts in `managed_dir`; your enterprise

203 tooling must install and update them separately.

204- Managed hook commands should use absolute script paths under the configured

205 managed directory.

206

138## Matcher patterns207## Matcher patterns

139 208

140The `matcher` field is a regex string that filters when hooks fire. Use `"*"`,209The `matcher` field is a regex string that filters when hooks fire. Use `"*"`,

145 214

147| --- | --- | --- |216| --- | --- | --- |

223

224\*For `apply_patch`, matchers can also use `Edit` or `Write`.

154 225

155Examples:226Examples:

156 227

157- `Bash`228- `Bash`

158- `startup|resume`229- `^apply_patch$`

159- `Edit|Write`230- `Edit|Write`

~~160~~ 231- `mcp__filesystem__read_file`

161That last example is still a valid regex, but current Codex `PreToolUse` and232- `mcp__filesystem__.*`

162`PostToolUse` events only emit `Bash`, so it won’t match anything today.233- `startup|resume|clear`

163 234

164## Common input fields235## Common input fields

165 236

238 309

239### PreToolUse310### PreToolUse

240 311

241Work in progress312`PreToolUse` can intercept Bash, file edits performed through `apply_patch`,

~~242~~ 313and MCP tool calls. It is still a guardrail rather than a complete enforcement

243Currently `PreToolUse` only supports Bash tool interception. The model can314boundary because Codex can often perform equivalent work through another

244still work around this by writing its own script to disk and then running that315supported tool path.

245script with Bash, so treat this as a useful guardrail rather than a complete

246enforcement boundary

247 316

248This doesn't intercept all shell calls yet, only the simple ones. The newer317This doesn't intercept all shell calls yet, only the simple ones. The newer

249 `unified_exec` mechanism allows richer streaming stdin/stdout handling of318 `unified_exec` mechanism allows richer streaming stdin/stdout handling of

250shell, but interception is incomplete. Similarly, this doesn’t intercept MCP,319 shell, but interception is incomplete. Similarly, this doesn't intercept

251Write, WebSearch, or other non-shell tool calls.320 `WebSearch` or other non-shell, non-MCP tool calls.

252 321

253`matcher` is applied to `tool_name`, which currently always equals `Bash`.322`matcher` is applied to `tool_name` and matcher aliases. For file edits through

323`apply_patch`, matchers can use `apply_patch`, `Edit`, or `Write`; hook input

324still reports `tool_name: "apply_patch"`.

254 325

255Fields in addition to [Common input fields](#common-input-fields):326Fields in addition to [Common input fields](#common-input-fields):

256 327

258| --- | --- | --- |329| --- | --- | --- |

263 334

264Plain text on `stdout` is ignored.335Plain text on `stdout` is ignored.

265 336

293 364

294### PermissionRequest365### PermissionRequest

295 366

296Work in progress

~~297~~

298`PermissionRequest` runs when Codex is about to ask for approval, such as a367`PermissionRequest` runs when Codex is about to ask for approval, such as a

299shell escalation or managed-network approval. It can allow the request, deny368shell escalation or managed-network approval. It can allow the request, deny

300the request, or decline to decide and let the normal approval prompt continue.369the request, or decline to decide and let the normal approval prompt continue.

301It doesn't run for commands that don't need approval.370It doesn't run for commands that don't need approval.

302 371

303`matcher` is applied to `tool_name`, which currently always equals `Bash`.372`matcher` is applied to `tool_name` and matcher aliases. Current canonical

373values include `Bash`, `apply_patch`, and MCP tool names such as

374`mcp__server__tool`; `apply_patch` also matches `Edit` and `Write`.

304 375

305Fields in addition to [Common input fields](#common-input-fields):376Fields in addition to [Common input fields](#common-input-fields):

306 377

308| --- | --- | --- |379| --- | --- | --- |

313 384

314Plain text on `stdout` is ignored.385Plain text on `stdout` is ignored.

350 421

351### PostToolUse422### PostToolUse

352 423

353Work in progress424`PostToolUse` runs after supported tools produce output, including Bash,

~~354~~ 425`apply_patch`, and MCP tool calls. For Bash, it also runs after commands that

355Currently `PostToolUse` only supports Bash tool results. It’s not limited to426exit with a non-zero status. It can't undo side effects from the tool that

356commands that exit successfully: non-interactive `exec_command` calls can still427already ran.

357trigger `PostToolUse` when Codex emits a Bash post-tool payload. It can’t undo

358side effects from the command that already ran.

359 428

360This doesn't intercept all shell calls yet, only the simple ones. The newer429This doesn't intercept all shell calls yet, only the simple ones. The newer

361 `unified_exec` mechanism allows richer streaming stdin/stdout handling of430 `unified_exec` mechanism allows richer streaming stdin/stdout handling of

362shell, but interception is incomplete. Similarly, this doesn’t intercept MCP,431 shell, but interception is incomplete. Similarly, this doesn't intercept

363Write, WebSearch, or other non-shell tool calls.432 `WebSearch` or other non-shell, non-MCP tool calls.

364 433

365`matcher` is applied to `tool_name`, which currently always equals `Bash`.434`matcher` is applied to `tool_name` and matcher aliases. For file edits through

435`apply_patch`, matchers can use `apply_patch`, `Edit`, or `Write`; hook input

436still reports `tool_name: "apply_patch"`.

366 437

367Fields in addition to [Common input fields](#common-input-fields):438Fields in addition to [Common input fields](#common-input-fields):

368 439

370| --- | --- | --- |441| --- | --- | --- |

376 447

377Plain text on `stdout` is ignored.448Plain text on `stdout` is ignored.

378 449

ide.md +4 −3

Details

16- [Download for Visual Studio Code Insiders](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt)16- [Download for Visual Studio Code Insiders](https://marketplace.visualstudio.com/items?itemName=openai.chatgpt)

17- [Download for JetBrains IDEs](#jetbrains-ide-integration)17- [Download for JetBrains IDEs](#jetbrains-ide-integration)

18 18

~~19The Codex VS Code extension is available on macOS and Linux. Windows support~~19Codex IDE integrations for VS Code-compatible editors and JetBrains IDEs are

~~20is experimental. For the best Windows experience, use Codex in a WSL2~~20 available on macOS, Windows, and Linux. On Windows, run Codex natively with

~~21workspace and follow our [Windows setup guide](https://developers.openai.com/codex/windows).~~21 the Windows sandbox, or use WSL2 when you need a Linux-native environment. For

22setup details, see the [Windows setup guide](https://developers.openai.com/codex/windows).

22 23

23After you install it, you'll find Codex in your editor sidebar.24After you install it, you'll find Codex in your editor sidebar.

24In VS Code, Codex opens in the right sidebar by default.25In VS Code, Codex opens in the right sidebar by default.

ide/settings.md +1 −1

Details

27| `chatgpt.runCodexInWindowsSubsystemForLinux` | Windows only: Run Codex in WSL when Windows Subsystem for Linux (WSL) is available. Recommended for improved sandbox security and better performance. Codex agent mode on Windows currently requires WSL. Changing this setting reloads VS Code to apply the change. |27| `chatgpt.runCodexInWindowsSubsystemForLinux` | Windows only: Run Codex in WSL when Windows Subsystem for Linux (WSL) is available. Use this when your repositories and tooling live in WSL2 or when you need Linux-native tooling. Otherwise, Codex can run natively on Windows with the Windows sandbox. Changing this setting reloads VS Code to apply the change. |

integrations/github.md +48 −9

Details

~~1# Use Codex in GitHub~~1# Codex code review in GitHub

2 2

~~3Use Codex to review pull requests without leaving GitHub. Add a pull request comment with `@codex review`, and Codex replies with a standard GitHub code review.~~3Use Codex code review to get another high-signal review pass on GitHub pull

4requests. Codex reviews the pull request diff, follows your repository guidance,

5and posts a standard GitHub code review focused on serious issues.

4 6

~~5## Set up code review~~7## Before you start

9Make sure you have:

11- [Codex cloud](https://developers.openai.com/codex/cloud) set up for the repository you want to review.

12- Access to [Codex code review settings](https://chatgpt.com/codex/settings/code-review).

13- An `AGENTS.md` file if you want Codex to follow repository-specific review guidance.

15## Set up Codex code review

6 16

71. Set up [Codex cloud](https://developers.openai.com/codex/cloud).171. Set up [Codex cloud](https://developers.openai.com/codex/cloud).

~~82. Go to [Codex settings](https://chatgpt.com/codex/settings/code-review) and turn on **Code review** for your repository.~~182. Go to [Codex settings](https://chatgpt.com/codex/settings/code-review).

193. Turn on **Code review** for your repository.

9 20

10![Codex settings showing the Code review toggle](/images/codex/code-review/code-review-settings.png)21![Codex settings showing the Code review toggle](/images/codex/code-review/code-review-settings.png)

11 22

~~12## Request a review~~23## Request a Codex review

13 24

141. In a pull request comment, mention `@codex review`.251. In a pull request comment, mention `@codex review`.

152. Wait for Codex to react (👀) and post a review.262. Wait for Codex to react (👀) and post a review.

16 27

17![A pull request comment with @codex review](/images/codex/code-review/review-trigger.png)28![A pull request comment with @codex review](/images/codex/code-review/review-trigger.png)

18 29

~~19Codex posts a review on the pull request, just like a teammate would.~~30Codex posts a review on the pull request, just like a teammate would. In

31GitHub, Codex flags only P0 and P1 issues so review comments stay focused on

32high-priority risks.

20 33

21![Example Codex code review on a pull request](/images/codex/code-review/review-example.png)34![Example Codex code review on a pull request](/images/codex/code-review/review-example.png)

22 35

23## Enable automatic reviews36## Enable automatic reviews

24 37

25If you want Codex to review every pull request automatically, turn on **Automatic reviews** in [Codex settings](https://chatgpt.com/codex/settings/code-review). Codex will post a review whenever a new PR is opened for review, without needing an `@codex review` comment.38If you want Codex to review every pull request automatically, turn on

39**Automatic reviews** in [Codex settings](https://chatgpt.com/codex/settings/code-review).

40Codex will post a review whenever someone opens a new PR for review, without

41needing an `@codex review` comment.

26 42

27## Customize what Codex reviews43## Customize what Codex reviews

28 44

39 55

40Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.56Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.

41 57

~~42For a one-off focus, add it to your pull request comment, for example:~~58For a one-off focus, add it to your pull request comment:

43 59

44`@codex review for security regressions`60`@codex review for security regressions`

45 61

~~46In GitHub, Codex flags only P0 and P1 issues. If you want Codex to flag typos in documentation, add guidance in `AGENTS.md` (for example, “Treat typos in docs as P1.”).~~62If you want Codex to flag typos in documentation, add guidance in `AGENTS.md`

63(for example, “Treat typos in docs as P1.”).

65## Act on review findings

67After Codex posts a review, you can ask it to fix issues in the same pull

68request by leaving another comment:

70```md

71@codex fix the P1 issue

72```

74Codex starts a cloud task with the pull request as context and can push a fix

75back to the branch when it has permission to do so.

47 76

48## Give Codex other tasks77## Give Codex other tasks

49 78

52```md81```md

53@codex fix the CI failures82@codex fix the CI failures

54```83```

85## Troubleshoot code review

87If Codex doesn't react or post a review:

89- Confirm you turned on **Code review** for the repository in [Codex settings](https://chatgpt.com/codex/settings/code-review).

90- Confirm the pull request belongs to a repository with [Codex cloud](https://developers.openai.com/codex/cloud) set up.

91- Use the exact trigger `@codex review` in a pull request comment.

92- For automatic reviews, check that you turned on **Automatic reviews** and that

93 the pull request event matches your review trigger settings.

memories.md +6 −0

Details

42thread has been idle long enough to avoid summarizing work that's still in42thread has been idle long enough to avoid summarizing work that's still in

43progress.43progress.

44 44

45Memory generation can also skip a background pass when your Codex rate-limit

46remaining percentage is below the configured threshold, so Codex doesn't spend

47quota when you're near a limit.

45## Memory storage49## Memory storage

46 50

47Codex stores memories under your Codex home directory. By default, that's51Codex stores memories under your Codex home directory. By default, that's

82 external context such as MCP tool calls, web search, or tool search out of86 external context such as MCP tool calls, web search, or tool search out of

83 memory generation. The older `memories.no_memories_if_mcp_or_web_search` key87 memory generation. The older `memories.no_memories_if_mcp_or_web_search` key

84 is still accepted as an alias.88 is still accepted as an alias.

89- `memories.min_rate_limit_remaining_percent`: controls the minimum remaining

90 Codex rate-limit percentage required before memory generation starts.

85- `memories.extract_model`: overrides the model used for per-thread memory91- `memories.extract_model`: overrides the model used for per-thread memory

86 extraction.92 extraction.

87- `memories.consolidation_model`: overrides the model used for global memory93- `memories.consolidation_model`: overrides the model used for global memory

migrate.md +79 −0 added

Details

1# Migrate to Codex

3Use the import flow to bring your instructions, configuration, skills, MCP

4servers, hooks, subagents, and recent sessions from another agent into Codex.

5Codex migrates the parts it can handle directly and can open a follow-up thread

6to help migrate anything that remains.

8![Import from another agent in General settings](/images/codex/migrate/import-flow-light.png)

10## Start the migration

121. Open **Settings** in the Codex app.

132. On the **General** page, find **Import other agent setup**.

143. Select **Import** or **Import again**.

154. Review what Codex found, choose what to bring over, then select **Import**.

165. After the import finishes, select **View imported files** if you want to inspect the result.

18## How migration works

20Codex checks both your user-level setup and the current project. User-level

21setup comes from files on your machine; project-level setup comes from files in

22the repository you have open.

24When you import, Codex:

261. Detects the setup it can find.

272. Imports the selected items it can migrate directly.

283. Checks again after the import finishes.

294. Offers to continue the migration in a new thread if anything still needs

30 follow-up work.

32## What Codex can import

34| Detected setup | Codex destination |

35| ------------------------------------- | -------------------------------------- |

36| Instruction files | [`AGENTS.md`](https://developers.openai.com/codex/guides/agents-md) |

37| `settings.json` | [`config.toml`](https://developers.openai.com/codex/config-basic) |

38| Skills | [Codex skills](https://developers.openai.com/codex/skills) |

39| Recent sessions from the last 30 days | Codex threads and projects |

40| MCP server configuration | [Codex MCP configuration](https://developers.openai.com/codex/mcp) |

41| Hooks | [Codex hooks](https://developers.openai.com/codex/hooks) |

42| Slash commands | [Codex skills](https://developers.openai.com/codex/skills) |

43| Subagents | [Codex agents](https://developers.openai.com/codex/subagents) |

45## Finish remaining setup in a new thread

47Some detected setup does not have a clean one-to-one mapping into Codex. For

48those items, Codex can open a new thread with the

49[`migrate-to-codex`](https://github.com/openai/skills/tree/main/skills/.curated/migrate-to-codex)

50skill to help finish the migration.

52When that happens, Codex shows the remaining setup and offers **Continue in

53Codex**.

55![Additional setup found after import](/images/codex/migrate/additional-setup-light.png)

57If you continue, Codex opens a new thread with the remaining work already filled

58in. The thread keeps user-level setup separate from project-level setup so you

59can see where each remaining item belongs.

61![Follow-up migration task in Codex](/images/codex/migrate/continue-with-codex-light.png)

63## What to review after import

65Review any migrated setup before you rely on it, especially:

67- Tool restrictions or permissions in imported skills and agents.

68- MCP server settings that use custom authentication, headers, environment

69 variables, or transports.

70- Hooks whose behavior may differ in Codex.

71- Plugins, marketplaces, or other remaining setup that needs manual follow-up.

72- Prompt templates or command-style prompts that depend on arguments, shell

73 interpolation, or file-path placeholders.

75## After you switch

77Once the import finishes, open one of your migrated projects and continue from

78there. If you are new to Codex, see the [quickstart](https://developers.openai.com/codex/quickstart) for the

79rest of the setup flow.

models.md +38 −9

Details

2 2

3## Recommended models3## Recommended models

4 4

5![gpt-5.5](/images/api/models/gpt-5.5.jpg)

7gpt-5.5

9OpenAI's newest frontier model for complex coding, computer use, knowledge work, and research workflows in Codex.

11codex -m gpt-5.5

13Copy command

15Capability

17Speed

19Codex CLI & SDK

21Codex app & IDE extension

23Codex Cloud

25ChatGPT Credits

27API Access

5![gpt-5.4](/images/api/models/gpt-5.4.jpg)29![gpt-5.4](/images/api/models/gpt-5.4.jpg)

6 30

7gpt-5.431gpt-5.4

98 122

99API Access123API Access

100 124

101For most tasks in Codex, start with `gpt-5.4`. It combines strong coding,125For most tasks in Codex, start with `gpt-5.5` when it appears in your model

102reasoning, native computer use, and broader professional workflows in one126 picker. It is strongest for complex coding, computer use, knowledge work, and

103model. Use `gpt-5.4-mini` when you want a faster, lower-cost option for127 research workflows. GPT-5.5 is currently available in Codex when you sign in

104lighter coding tasks or subagents. The `gpt-5.3-codex-spark` model is128 with ChatGPT; it isn't available with API-key authentication. During the

105available in research preview for ChatGPT Pro subscribers and is optimized for129 rollout, continue using `gpt-5.4` if `gpt-5.5` is not yet available. Use

106near-instant, real-time coding iteration.130 `gpt-5.4-mini` when you want a faster, lower-cost option for lighter coding

131 tasks or subagents. The `gpt-5.3-codex-spark` model is available in research

132 preview for ChatGPT Pro subscribers and is optimized for near-instant,

133 real-time coding iteration.

107 134

108## Alternative models135## Alternative models

109 136

134 161

135The Codex CLI and IDE extension use the same `config.toml` [configuration file](https://developers.openai.com/codex/config-basic). To specify a model, add a `model` entry to your configuration file. If you don't specify a model, the Codex app, CLI, or IDE Extension defaults to a recommended model.162The Codex CLI and IDE extension use the same `config.toml` [configuration file](https://developers.openai.com/codex/config-basic). To specify a model, add a `model` entry to your configuration file. If you don't specify a model, the Codex app, CLI, or IDE Extension defaults to a recommended model.

136 163

137```164```toml

138model = "gpt-5.4"165model = "gpt-5.5"

139```166```

140 167

168If `gpt-5.5` isn't available in your account yet, use `gpt-5.4`.

169

141### Choosing a different local model temporarily170### Choosing a different local model temporarily

142 171

143In the Codex CLI, you can use the `/model` command during an active thread to change the model. In the IDE extension, you can use the model selector below the input box to choose your model.172In the Codex CLI, you can use the `/model` command during an active thread to change the model. In the IDE extension, you can use the model selector below the input box to choose your model.

145To start a new Codex CLI thread with a specific model or to specify the model for `codex exec` you can use the `--model`/`-m` flag:174To start a new Codex CLI thread with a specific model or to specify the model for `codex exec` you can use the `--model`/`-m` flag:

146 175

147```bash176```bash

148codex -m gpt-5.4177codex -m gpt-5.5

149```178```

150 179

151### Choosing your model for cloud tasks180### Choosing your model for cloud tasks

noninteractive.md +7 −3

Details

50 50

51By default, `codex exec` runs in a read-only sandbox. In automation, set the least permissions needed for the workflow:51By default, `codex exec` runs in a read-only sandbox. In automation, set the least permissions needed for the workflow:

52 52

~~53- Allow edits: `codex exec --full-auto "<task>"`~~53- Allow edits: `codex exec --sandbox workspace-write "<task>"`

54- Allow broader access: `codex exec --sandbox danger-full-access "<task>"`54- Allow broader access: `codex exec --sandbox danger-full-access "<task>"`

55 55

56Use `danger-full-access` only in a controlled environment (for example, an isolated CI runner or container).56Use `danger-full-access` only in a controlled environment (for example, an isolated CI runner or container).

57 57

58Codex keeps `codex exec --full-auto` as a deprecated compatibility flag and prints a warning. Prefer the explicit `--sandbox workspace-write` flag in new scripts.

60Use `--ignore-user-config` when you need a run that doesn't load `$CODEX_HOME/config.toml`, and `--ignore-rules` when you need to skip user and project execpolicy `.rules` files for a controlled automation environment.

58If you configure an enabled MCP server with `required = true` and it fails to initialize, `codex exec` exits with an error instead of continuing without that server.62If you configure an enabled MCP server with `required = true` and it fails to initialize, `codex exec` exits with an error instead of continuing without that server.

59 63

60## Make output machine-readable64## Make output machine-readable

76{"type":"turn.started"}80{"type":"turn.started"}

77{"type":"item.started","item":{"id":"item_1","type":"command_execution","command":"bash -lc ls","status":"in_progress"}}81{"type":"item.started","item":{"id":"item_1","type":"command_execution","command":"bash -lc ls","status":"in_progress"}}

78{"type":"item.completed","item":{"id":"item_3","type":"agent_message","text":"Repo contains docs, sdk, and examples directories."}}82{"type":"item.completed","item":{"id":"item_3","type":"agent_message","text":"Repo contains docs, sdk, and examples directories."}}

~~79{"type":"turn.completed","usage":{"input_tokens":24763,"cached_input_tokens":24448,"output_tokens":122}}~~83{"type":"turn.completed","usage":{"input_tokens":24763,"cached_input_tokens":24448,"output_tokens":122,"reasoning_output_tokens":0}}

80```84```

81 85

82If you only need the final message, write it to a file with `-o <path>`/`--output-last-message <path>`. This writes the final message to the file and still prints it to `stdout` (see [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) for details).86If you only need the final message, write it to a file with `-o <path>`/`--output-last-message <path>`. This writes the final message to the file and still prints it to `stdout` (see [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) for details).

230 234

231 - name: Run Codex235 - name: Run Codex

232 run: |236 run: |

233 codex exec --full-auto --sandbox workspace-write \237 codex exec --sandbox workspace-write \

234 "Read the repository, run the test suite, identify the minimal change needed to make all tests pass, implement only that change, and stop. Do not refactor unrelated files."238 "Read the repository, run the test suite, identify the minimal change needed to make all tests pass, implement only that change, and stop. Do not refactor unrelated files."

235 239

236 - name: Verify tests240 - name: Verify tests

plugins.md +3 −2

Details

44![Plugins list in Codex CLI](/images/codex/plugins/cli_light.png)44![Plugins list in Codex CLI](/images/codex/plugins/cli_light.png)

45 45

46The CLI plugin browser groups plugins by marketplace. Use the marketplace tabs46The CLI plugin browser groups plugins by marketplace. Use the marketplace tabs

~~47to switch sources, open a plugin to inspect details, and press `Space`~~47to switch sources, open a plugin to inspect details, install or uninstall

~~48on an installed plugin to toggle its enabled state.~~48marketplace entries, and press <kbd>Space</kbd> on an installed plugin to toggle

49its enabled state.

49 50

50### Install and use a plugin51### Install and use a plugin

51 52

plugins/build.md +47 −7

Details

304 304

305Every plugin has a manifest at `.codex-plugin/plugin.json`. It can also include305Every plugin has a manifest at `.codex-plugin/plugin.json`. It can also include

306a `skills/` directory, an `.app.json` file that points at one or more apps or306a `skills/` directory, an `.app.json` file that points at one or more apps or

307connectors, an `.mcp.json` file that configures MCP servers, and assets used to307connectors, an `.mcp.json` file that configures MCP servers, lifecycle config,

308present the plugin across supported surfaces.308and assets used to present the plugin across supported surfaces.

309 309

310- my-plugin/310- my-plugin/

311 311

319 - SKILL.md Optional: skill instructions319 - SKILL.md Optional: skill instructions

320 - .app.json Optional: app or connector mappings320 - .app.json Optional: app or connector mappings

321 - .mcp.json Optional: MCP server configuration321 - .mcp.json Optional: MCP server configuration

322 - hooks/

323

324 - hooks.json Optional: lifecycle configuration

322 - assets/ Optional: icons, logos, screenshots325 - assets/ Optional: icons, logos, screenshots

323 326

324Only `plugin.json` belongs in `.codex-plugin/`. Keep `skills/`, `assets/`,327Only `plugin.json` belongs in `.codex-plugin/`. Keep `skills/`, `assets/`,

325`.mcp.json`, and `.app.json` at the plugin root.328`.mcp.json`, `.app.json`, and lifecycle config files at the plugin root.

326 329

327Published plugins typically use a richer manifest than the minimal example that330Published plugins typically use a richer manifest than the minimal example that

328appears in quick-start scaffolds. The manifest has three jobs:331appears in quick-start scaffolds. The manifest has three jobs:

351 "skills": "./skills/",354 "skills": "./skills/",

352 "mcpServers": "./.mcp.json",355 "mcpServers": "./.mcp.json",

353 "apps": "./.app.json",356 "apps": "./.app.json",

357 "hooks": "./hooks/hooks.json",

354 "interface": {358 "interface": {

355 "displayName": "My Plugin",359 "displayName": "My Plugin",

356 "shortDescription": "Reusable skills and apps",360 "shortDescription": "Reusable skills and apps",

384- `name`, `version`, and `description` identify the plugin.388- `name`, `version`, and `description` identify the plugin.

385- `author`, `homepage`, `repository`, `license`, and `keywords` provide389- `author`, `homepage`, `repository`, `license`, and `keywords` provide

386 publisher and discovery metadata.390 publisher and discovery metadata.

387- `skills`, `mcpServers`, and `apps` point to bundled components relative to391- `skills`, `mcpServers`, `apps`, and `hooks` point to bundled components

388 the plugin root.392 relative to the plugin root.

389- `interface` controls how install surfaces present the plugin.393- `interface` controls how install surfaces present the plugin.

390 394

391Use the `interface` object for install-surface metadata:395Use the `interface` object for install-surface metadata:

404- Keep manifest paths relative to the plugin root and start them with `./`.408- Keep manifest paths relative to the plugin root and start them with `./`.

405- Store visual assets such as `composerIcon`, `logo`, and `screenshots` under409- Store visual assets such as `composerIcon`, `logo`, and `screenshots` under

406 `./assets/` when possible.410 `./assets/` when possible.

407- Use `skills` for bundled skill folders, `apps` for `.app.json`, and411- Use `skills` for bundled skill folders, `apps` for `.app.json`,

408 `mcpServers` for `.mcp.json`.412 `mcpServers` for `.mcp.json`, and `hooks` for lifecycle config.

413- If you omit `hooks` and the plugin includes `./hooks/hooks.json`, Codex loads

414 that default lifecycle config automatically.

415

416### Bundled MCP servers and lifecycle config

417

418`mcpServers` can point to an `.mcp.json` file that contains either a direct

419server map or a wrapped `mcp_servers` object.

420

421Direct server map:

422

423```json

424{

425 "docs": {

426 "command": "docs-mcp",

427 "args": ["--stdio"]

428 }

429}

430```

431

432Wrapped server map:

433

434```json

435{

436 "mcp_servers": {

437 "docs": {

438 "command": "docs-mcp",

439 "args": ["--stdio"]

440 }

441 }

442}

443```

444

445`hooks` can point to one lifecycle JSON file, an array of lifecycle JSON files,

446an inline lifecycle object, or an array of inline lifecycle objects. File paths

447must follow the same `./`-prefixed plugin-root path rules as other manifest

448paths. If you omit the manifest field, Codex still checks `./hooks/hooks.json`.

409 449

410### Publish official public plugins450### Publish official public plugins

411 451

quickstart.md +10 −2

Details

45 If you need more inspiration, explore [Codex use cases](https://developers.openai.com/codex/use-cases).45 If you need more inspiration, explore [Codex use cases](https://developers.openai.com/codex/use-cases).

46 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).46 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

47 47

~~48 [Learn more about the Codex app](https://developers.openai.com/codex/app)~~

50Install the Codex extension for your IDE.48Install the Codex extension for your IDE.

51 49

521. Install the Codex extension501. Install the Codex extension

135 ```133 ```

136 134

137 [Learn more about Codex cloud](https://developers.openai.com/codex/cloud)135 [Learn more about Codex cloud](https://developers.openai.com/codex/cloud)

136

137## Next steps

138

139[Learn more about the Codex app

140

141Use the Codex app to work with your local projects.](https://developers.openai.com/codex/app)

142[Migrate to Codex

143

144 Move supported instruction files, MCP server configuration, skills, and

145subagents into Codex.](https://developers.openai.com/codex/migrate)

remote-connections.md +4 −4

Details

1# Remote connections1# Remote connections

2 2

3SSH remote connections are currently in alpha. To enable them today, set3SSH remote connections are currently in alpha. To enable them today, set

~~4`remote_control = true` in the `[features]` table in `~/.codex/config.toml`.~~4 `remote_connections = true` in the `[features]` table in

~~5Availability, setup flows, and supported environments may change as the~~5 `~/.codex/config.toml`. Availability, setup flows, and supported environments

~~6feature improves.~~6 may change as the feature improves.

7 7

8Remote connections let Codex work with projects that live on another8Remote connections let Codex work with projects that live on another

9SSH-accessible machine. Use them when the codebase, credentials, services, or9SSH-accessible machine. Use them when the codebase, credentials, services, or

48 48

49```toml49```toml

50[features]50[features]

~~51remote_control = true~~51remote_connections = true

52```52```

53 53

54Remote project threads run commands, read files, and write changes on the54Remote project threads run commands, read files, and write changes on the

rules.md +4 −2

Details

6 6

7## Create a rules file7## Create a rules file

8 8

~~91. Create a `.rules` file under `./codex/rules/` (for example, `~/.codex/rules/default.rules`).~~91. Create a `.rules` file under a `rules/` folder next to an active config layer (for example, `~/.codex/rules/default.rules`).

102. Add a rule. This example prompts before allowing `gh pr view` to run outside the sandbox.102. Add a rule. This example prompts before allowing `gh pr view` to run outside the sandbox.

11 11

12 ```python12 ```python

36 ```36 ```

373. Restart Codex.373. Restart Codex.

38 38

39Codex scans `rules/` under every [Team Config](https://developers.openai.com/codex/enterprise/admin-setup#team-config) location at startup. When you add a command to the allow list in the TUI, Codex writes to the user layer at `~/.codex/rules/default.rules` so future runs can skip the prompt.39Codex scans `rules/` under every active config layer at startup, including [Team Config](https://developers.openai.com/codex/enterprise/admin-setup#team-config) locations and the user layer at `~/.codex/rules/`. Project-local rules under `<repo>/.codex/rules/` load only when the project `.codex/` layer is trusted.

41When you add a command to the allow list in the TUI, Codex writes to the user layer at `~/.codex/rules/default.rules` so future runs can skip the prompt.

40 42

41When Smart approvals are enabled (the default), Codex may propose a43When Smart approvals are enabled (the default), Codex may propose a

42`prefix_rule` for you during escalation requests. Review the suggested prefix44`prefix_rule` for you during escalation requests. Review the suggested prefix

skills.md +6 −2

Details

6 6

7Skills are available in the Codex CLI, IDE extension, and Codex app.7Skills are available in the Codex CLI, IDE extension, and Codex app.

8 8

9Skills use **progressive disclosure** to manage context efficiently: Codex starts with each skill’s metadata (`name`, `description`, file path, and optional metadata from `agents/openai.yaml`). Codex loads the full `SKILL.md` instructions only when it decides to use a skill.9Skills use **progressive disclosure** to manage context efficiently: Codex starts with each skill's name, description, and file path. Codex loads the full `SKILL.md` instructions only when it decides to use a skill.

11Codex includes an initial list of available skills in context so it can choose the right skill for a task. To avoid crowding out the rest of the prompt, this list is capped at roughly 2% of the model’s context window, or 8,000 characters when the context window is unknown. If many skills are installed, Codex shortens skill descriptions first. For very large skill sets, some skills may be omitted from the initial list, and Codex will show a warning.

13This budget applies only to the initial skills list. When Codex selects a skill, it still reads the full SKILL.md instructions for that skill.

10 14

11A skill is a directory with a `SKILL.md` file plus optional scripts and references. The `SKILL.md` file must include `name` and `description`.15A skill is a directory with a `SKILL.md` file plus optional scripts and references. The `SKILL.md` file must include `name` and `description`.

12 16

271. **Explicit invocation:** Include the skill directly in your prompt. In CLI/IDE, run `/skills` or type `$` to mention a skill.311. **Explicit invocation:** Include the skill directly in your prompt. In CLI/IDE, run `/skills` or type `$` to mention a skill.

282. **Implicit invocation:** Codex can choose a skill when your task matches the skill `description`.322. **Implicit invocation:** Codex can choose a skill when your task matches the skill `description`.

29 33

~~30Because implicit matching depends on `description`, write descriptions with clear scope and boundaries.~~34Because implicit matching depends on `description`, write concise descriptions with clear scope and boundaries. Front-load the key use case and trigger words so Codex can still match the skill if descriptions are shortened.

31 35

32## Create a skill36## Create a skill

33 37

speed.md +8 −4

Details

5Codex offers the ability to increase the speed of the model for increased5Codex offers the ability to increase the speed of the model for increased

6credit consumption.6credit consumption.

7 7

~~8Fast mode is currently supported on GPT-5.4. When enabled, speed is increased~~8Fast mode increases supported model speed by 1.5x and consumes credits at a

~~9by 1.5x and credits are consumed at a 2x rate.~~9higher rate than Standard mode. It currently supports GPT-5.5 and GPT-5.4,

10consuming credits at 2.5x the Standard rate for GPT-5.5 and 2x the Standard

11rate for GPT-5.4.

10 12

11Use `/fast on`, `/fast off`, or `/fast status` in the CLI to change or inspect13Use `/fast on`, `/fast off`, or `/fast status` in the CLI to change or inspect

12the current setting. You can also persist the default with `service_tier = "fast"` plus `[features].fast_mode = true` in `config.toml`. Fast mode is14the current setting. You can also persist the default with `service_tier = "fast"` plus `[features].fast_mode = true` in `config.toml`. Fast mode is

20 22

21## Codex-Spark23## Codex-Spark

22 24

~~23GPT-5.3-Codex-Spark is a separate fast, less-capable Codex model optimized for near-instant, real-time coding iteration. Unlike fast mode, which speeds up GPT-5.4 at a higher credit rate,~~25GPT-5.3-Codex-Spark is a separate fast, less-capable Codex model optimized for

~~24Codex-Spark is its own model choice and has its own usage limits.~~26near-instant, real-time coding iteration. Unlike fast mode, which speeds up a

27supported model at a higher credit rate, Codex-Spark is its own model choice

28and has its own usage limits.

25 29

26During research preview Codex-Spark is only available for ChatGPT Pro subscribers.30During research preview Codex-Spark is only available for ChatGPT Pro subscribers.

use-cases/analyze-data-export.md +2 −2

Details

46 46

47## Skills & Plugins47## Skills & Plugins

48 48

~~49- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~49- Spreadsheet

50 50

51 Inspect tabular data, run calculations, and create charts or tables.51 Inspect tabular data, run calculations, and create charts or tables.

52- [Google Sheets](https://developers.openai.com/codex/plugins)52- [Google Sheets](https://developers.openai.com/codex/plugins)

55 55

56| Skill | Why use it |56| Skill | Why use it |

57| --- | --- |57| --- | --- |

~~58| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect tabular data, run calculations, and create charts or tables. |~~58| Spreadsheet | Inspect tabular data, run calculations, and create charts or tables. |

59| [Google Sheets](https://developers.openai.com/codex/plugins) | Analyze approved Google Sheets when the data lives in a shared spreadsheet. |59| [Google Sheets](https://developers.openai.com/codex/plugins) | Analyze approved Google Sheets when the data lives in a shared spreadsheet. |

60 60

61## Starter prompt61## Starter prompt

use-cases/clean-messy-data.md +2 −2

Details

46 46

47## Skills & Plugins47## Skills & Plugins

48 48

~~49- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~49- Spreadsheet

50 50

51 Inspect tabular files, clean columns, and produce reviewable outputs.51 Inspect tabular files, clean columns, and produce reviewable outputs.

52 52

53| Skill | Why use it |53| Skill | Why use it |

54| --- | --- |54| --- | --- |

~~55| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect tabular files, clean columns, and produce reviewable outputs. |~~55| Spreadsheet | Inspect tabular files, clean columns, and produce reviewable outputs. |

56 56

57## Starter prompt57## Starter prompt

58 58

use-cases/collections/game-development.md +2 −2

Details

57 57

58[![](/images/codex/codex-wallpaper-1.webp)58[![](/images/codex/codex-wallpaper-1.webp)

59 59

~~60### Review pull requests faster~~60### Codex code review for GitHub pull requests

61 61

~~62Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~62Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

63 63

64Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)64Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)

use-cases/collections/production-systems.md +2 −2

Details

76 76

77[![](/images/codex/codex-wallpaper-1.webp)77[![](/images/codex/codex-wallpaper-1.webp)

78 78

~~79### Review pull requests faster~~79### Codex code review for GitHub pull requests

80 80

~~81Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~81Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

82 82

83Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)[![](/images/codex/codex-wallpaper-1.webp)83Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)[![](/images/codex/codex-wallpaper-1.webp)

84 84

use-cases/collections/web-development.md +2 −2

Details

63 63

64[![](/images/codex/codex-wallpaper-1.webp)64[![](/images/codex/codex-wallpaper-1.webp)

65 65

~~66### Review pull requests faster~~66### Codex code review for GitHub pull requests

67 67

~~68Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~68Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

69 69

70Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)70Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)

use-cases/generate-slide-decks.md +12 −12

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [Slides](https://github.com/openai/skills/tree/main/skills/.curated/slides)~~51- Slides

52 52

53 Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks.53 Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks.

~~54- [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen)~~54- ImageGen

55 55

56 Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction.56 Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction.

57 57

58| Skill | Why use it |58| Skill | Why use it |

59| --- | --- |59| --- | --- |

60| [Slides](https://github.com/openai/skills/tree/main/skills/.curated/slides) | Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks. |60| Slides | Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks. |

~~61| [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen) | Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction. |~~61| ImageGen | Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction. |

62 62

63## Starter prompt63## Starter prompt

64 64

~~65Use $slides with $imagegen to edit this slide deck in the following way:~~65Use the $slides and $imagegen skills to edit this slide deck in the following way:

66 - If present, add logo.png in the bottom right corner on every slide66 - If present, add logo.png in the bottom right corner on every slide

67- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right67- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right

68- Preserve text as text and simple charts as native PowerPoint charts where practical.68- Preserve text as text and simple charts as native PowerPoint charts where practical.

75 - A copy of the slide deck with the changes applied75 - A copy of the slide deck with the changes applied

76 - notes on which slides were generated, rewritten, or left unchanged76 - notes on which slides were generated, rewritten, or left unchanged

77 77

78[Open in the Codex app](codex://new?prompt=Use+%24slides+with+%24imagegen+to+edit+this+slide+deck+in+the+following+way%3A+%0A-+If+present%2C+add+logo.png+in+the+bottom+right+corner+on+every+slide%0A-+On+slides+X%2C+Y+and+Z%2C+move+the+text+to+the+left+and+use+image+generation+to+generate+an+illustration+%28style%3A+abstract%2C+digital+art%29+on+the+right%0A-+Preserve+text+as+text+and+simple+charts+as+native+PowerPoint+charts+where+practical.%0A-+Add+these+slides%3A+%5Bdescribe+new+slides+here%5D%0A-+Use+the+existing+branding+on+new+slides+and+new+text+%28colors%2C+fonts%2C+layout%2C+etc.%29+%0A-+Render+the+updated+deck+to+slide+images%2C+review+the+output%2C+and+fix+layout+issues+before+delivery.%0A-+Run+overflow+and+font-substitution+checks+before+delivery%2C+especially+if+the+deck+is+dense.%0A-+Save+reusable+prompts+or+generation+notes+when+you+create+a+batch+of+related+images.%0A%0AOutput%3A%0A-+A+copy+of+the+slide+deck+with+the+changes+applied%0A-+notes+on+which+slides+were+generated%2C+rewritten%2C+or+left+unchanged "Open in the Codex app")78[Open in the Codex app](codex://new?prompt=Use+the+%24slides+and+%24imagegen+skills+to+edit+this+slide+deck+in+the+following+way%3A%0A-+If+present%2C+add+logo.png+in+the+bottom+right+corner+on+every+slide%0A-+On+slides+X%2C+Y+and+Z%2C+move+the+text+to+the+left+and+use+image+generation+to+generate+an+illustration+%28style%3A+abstract%2C+digital+art%29+on+the+right%0A-+Preserve+text+as+text+and+simple+charts+as+native+PowerPoint+charts+where+practical.%0A-+Add+these+slides%3A+%5Bdescribe+new+slides+here%5D%0A-+Use+the+existing+branding+on+new+slides+and+new+text+%28colors%2C+fonts%2C+layout%2C+etc.%29+%0A-+Render+the+updated+deck+to+slide+images%2C+review+the+output%2C+and+fix+layout+issues+before+delivery.%0A-+Run+overflow+and+font-substitution+checks+before+delivery%2C+especially+if+the+deck+is+dense.%0A-+Save+reusable+prompts+or+generation+notes+when+you+create+a+batch+of+related+images.%0A%0AOutput%3A%0A-+A+copy+of+the+slide+deck+with+the+changes+applied%0A-+notes+on+which+slides+were+generated%2C+rewritten%2C+or+left+unchanged "Open in the Codex app")

79 79

~~80Use $slides with $imagegen to edit this slide deck in the following way:~~80Use the $slides and $imagegen skills to edit this slide deck in the following way:

81 - If present, add logo.png in the bottom right corner on every slide81 - If present, add logo.png in the bottom right corner on every slide

82- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right82- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right

83- Preserve text as text and simple charts as native PowerPoint charts where practical.83- Preserve text as text and simple charts as native PowerPoint charts where practical.

92 92

93## Introduction93## Introduction

94 94

~~95You can use Codex to manipulate PowerPoint decks in a systematic way, using the Slides skill to create and edit decks with PptxGenJS, and using image generation to generate visuals for the slides.~~95You can use Codex to manipulate PowerPoint decks in a systematic way, using the slides system skill, which comes with Codex by default, to create and edit decks with PptxGenJS, and using image generation to generate visuals for the slides.

96 96

97Skills can be installed directly from the Codex app–see our [skills documentation](https://developers.openai.com/codex/skills) for more details.97Skills can be installed directly from the Codex app–see our [skills documentation](https://developers.openai.com/codex/skills) for more details.

98 98

102 102

103If a deck already exists, ask Codex to inspect it before making changes.103If a deck already exists, ask Codex to inspect it before making changes.

104 104

105The slides skill is opinionated here: match the source aspect ratio before you rebuild layout, and default to 16:9 only when the source material does not already define the deck size. If the references are screenshots or a PDF, ask Codex to render or inspect them first so it can compare slide geometry visually instead of guessing.105The slides system skill is opinionated here: match the source aspect ratio before you rebuild layout, and default to 16:9 only when the source material does not already define the deck size. If the references are screenshots or a PDF, ask Codex to render or inspect them first so it can compare slide geometry visually instead of guessing.

106 106

107## Keep the deck editable107## Keep the deck editable

108 108

112 112

113## Generate visuals intentionally113## Generate visuals intentionally

114 114

115Image generation is most useful when the slides need a cover image, a concept illustration, or a lightweight diagram that would otherwise take manual design work. Ask Codex to define the visual direction first, then reuse that direction consistently across the whole deck.115The imagegen system skill is already installed with Codex and is most useful when the slides need a cover image, a concept illustration, or a lightweight diagram that would otherwise take manual design work. Ask Codex to define the visual direction first, then reuse that direction consistently across the whole deck.

116 116

117When several slides need related visuals, have Codex save the prompts or generation notes it used. That makes the deck easier to extend later without starting over stylistically.117When several slides need related visuals, have Codex save the prompts or generation notes it used. That makes the deck easier to extend later without starting over stylistically.

118 118

120 120

121Deck automation works better when Codex treats each slide as its own decision. Some slides should preserve exact copy, some need a stronger headline and cleaner structure, and some should stay mostly untouched apart from asset cleanup or formatting fixes.121Deck automation works better when Codex treats each slide as its own decision. Some slides should preserve exact copy, some need a stronger headline and cleaner structure, and some should stay mostly untouched apart from asset cleanup or formatting fixes.

122 122

123The slides skill also ships with bundled layout helpers. Ask Codex to copy those helpers into the working directory and reuse them instead of reimplementing spacing, text-sizing, and image-placement logic on every deck.123The slides system skill also ships with bundled layout helpers. Ask Codex to copy those helpers into the working directory and reuse them instead of reimplementing spacing, text-sizing, and image-placement logic on every deck.

124 124

125## Validation before delivery125## Validation before delivery

126 126

127Decks are easy to get almost right and still ship with clipped text, substituted fonts, or layout drift that only shows up after export. The slides skill includes scripts to render decks to per-slide PNGs, build a quick montage for review, detect overflow beyond the slide canvas, and report missing or substituted fonts.127Decks are easy to get almost right and still ship with clipped text, substituted fonts, or layout drift that only shows up after export. The slides system skill includes scripts to render decks to per-slide PNGs, build a quick montage for review, detect overflow beyond the slide canvas, and report missing or substituted fonts.

128 128

129Ask Codex to use those checks before it hands back the final deck, especially when slides are dense or margins are tight.129Ask Codex to use those checks before it hands back the final deck, especially when slides are dense or margins are tight.

130 130

use-cases/github-code-reviews.md +8 −7

Details

~~1# Review pull requests faster | Codex use cases~~1# Codex code review for GitHub pull requests | Codex use cases

2 2

3Codex use cases3Codex use cases

4 4

8 8

9Codex use case9Codex use case

10 10

~~11# Review pull requests faster~~11# Codex code review for GitHub pull requests

12 12

13Catch regressions and potential issues before human review.13Catch regressions and potential issues before human review.

14 14

16 16

17Time horizon **5s**17Time horizon **5s**

18 18

~~19Use Codex in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.~~19Use Codex code review in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.

20 20

21## Best for21## Best for

22 22

29 29

30Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/github-code-reviews/?export=pdf)30Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/github-code-reviews/?export=pdf)

31 31

~~32Use Codex in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.~~32Use Codex code review in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.

33 33

34Easy34Easy

35 35

37 37

38Related links38Related links

39 39

~~40[Use Codex in GitHub](https://developers.openai.com/codex/integrations/github) [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)~~40[Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)

41 41

42## Best for42## Best for

43 43

62 62

63## How to use63## How to use

64 64

~~65Start by adding Codex code review to your GitHub organization or repository. See [Use Codex in GitHub](https://developers.openai.com/codex/integrations/github) for more details.~~65Start by adding Codex code review to your GitHub organization or repository.

66See [Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) for more details.

66 67

67You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.68You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.

68 69

70 71

71This will start a new cloud task that will fix the issue and update the pull request.72This will start a new cloud task that will fix the issue and update the pull request.

72 73

~~73## Define additional guidance~~74## Define review guidance

74 75

75To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:76To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:

76 77

use-cases/ios-liquid-glass.md +1 −1

Details

6 6

7Default options7Default options

8 8

~~9[SwiftUI](https://developer.apple.com/xcode/swiftui/) with `glassEffect`, `GlassEffectContainer`, and glass button styles~~9[SwiftUI](https://developer.apple.com/documentation/swiftui/) with `glassEffect`, `GlassEffectContainer`, and glass button styles

10 10

11Why it's needed11Why it's needed

12 12

use-cases/learn-a-new-concept.md +4 −4

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen)~~51- ImageGen

52 52

~~53 Generate illustrative, non-exact visual assets when a Markdown-native diagram is not enough.~~53 Generate illustrative, non-exact visual assets when a Mermaid diagram is not enough.

54 54

55| Skill | Why use it |55| Skill | Why use it |

56| --- | --- |56| --- | --- |

~~57| [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen) | Generate illustrative, non-exact visual assets when a Markdown-native diagram is not enough. |~~57| ImageGen | Generate illustrative, non-exact visual assets when a Mermaid diagram is not enough. |

58 58

59## Starter prompt59## Starter prompt

60 60

163- An experiment map that connects datasets, metrics, baselines, and reported claims.163- An experiment map that connects datasets, metrics, baselines, and reported claims.

164- A limitations diagram that separates assumptions, failure modes, and open questions.164- A limitations diagram that separates assumptions, failure modes, and open questions.

165 165

166For Markdown-first reports, ask for Mermaid when the destination supports it, or a small checked-in SVG/PNG asset when it does not. Ask Codex to use imagegen only when you need an illustrative, non-exact visual or something that doesn’t fit in a Markdown-native diagram.166For Markdown-first reports, ask for Mermaid when the destination supports it, or a small checked-in SVG/PNG asset when it does not. Ask Codex to use the imagegen system skill, which comes with Codex by default, only when you need an illustrative, non-exact visual or something that doesn't fit in a Markdown-native diagram.

167 167

168## Write the Markdown report168## Write the Markdown report

169 169

use-cases/new-hire-onboarding.md +3 −3

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~51- Spreadsheet

52 52

~~53 Inspect CSV, TSV, and Excel trackers; stage spreadsheet updates; and review tabular operations data before it becomes a source of truth.~~53 Inspect CSV, TSV, and Excel trackers, stage spreadsheet updates, and review tabular operations data before it becomes a source of truth.

54- [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive)54- [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive)

55 55

56 Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context.56 Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context.

60 60

61| Skill | Why use it |61| Skill | Why use it |

62| --- | --- |62| --- | --- |

63| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect CSV, TSV, and Excel trackers; stage spreadsheet updates; and review tabular operations data before it becomes a source of truth. |63| Spreadsheet | Inspect CSV, TSV, and Excel trackers, stage spreadsheet updates, and review tabular operations data before it becomes a source of truth. |

64| [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive) | Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context. |64| [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive) | Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context. |

65| [Notion](https://github.com/openai/plugins/tree/main/plugins/notion) | Reference onboarding plans, project pages, checklists, and team wikis that already live in Notion. |65| [Notion](https://github.com/openai/plugins/tree/main/plugins/notion) | Reference onboarding plans, project pages, checklists, and team wikis that already live in Notion. |

66 66

use-cases/refactor-your-codebase.md +1 −1

Details

115 115

116## Use skills for repeatable patterns116## Use skills for repeatable patterns

117 117

118[Skills](https://developers.openai.com/codex/guides/skills) are useful when the same cleanup rules repeat across repos, services, or teams. Use framework-specific skills when available, add security and CI skills around risky cleanups, and create a team skill when you have a proven checklist for unused-code removal, module extraction, or legacy-pattern modernization.118[Skills](https://developers.openai.com/codex/skills) are useful when the same cleanup rules repeat across repos, services, or teams. Use framework-specific skills when available, add security and CI skills around risky cleanups, and create a team skill when you have a proven checklist for unused-code removal, module extraction, or legacy-pattern modernization.

119If you end up doing the same modernization pass across more than one codebase, Codex can help turn the first successful pass into a reusable skill.119If you end up doing the same modernization pass across more than one codebase, Codex can help turn the first successful pass into a reusable skill.

120 120

121## Related use cases121## Related use cases

OpenAI - Codex Docs Changes 2026-04-23 00:46 UTC → 2026-05-02 06:45 UTC