OpenAI - Codex Docs Changes

agent-approvals-security.md +7 −5

Details

24- **Codex cloud**: Runs in isolated OpenAI-managed containers, preventing access to your host system or unrelated data. Uses a two-phase runtime model: setup runs before the agent phase and can access the network to install specified dependencies, then the agent phase runs offline by default unless you enable internet access for that environment. Secrets configured for cloud environments are available only during setup and are removed before the agent phase starts.24- **Codex cloud**: Runs in isolated OpenAI-managed containers, preventing access to your host system or unrelated data. Uses a two-phase runtime model: setup runs before the agent phase and can access the network to install specified dependencies, then the agent phase runs offline by default unless you enable internet access for that environment. Secrets configured for cloud environments are available only during setup and are removed before the agent phase starts.

25- **Codex CLI / IDE extension**: OS-level mechanisms enforce sandbox policies. Defaults include no network access and write permissions limited to the active workspace. You can configure the sandbox, approval policy, and network settings based on your risk tolerance.25- **Codex CLI / IDE extension**: OS-level mechanisms enforce sandbox policies. Defaults include no network access and write permissions limited to the active workspace. You can configure the sandbox, approval policy, and network settings based on your risk tolerance.

26 26

~~27In the `Auto` preset (for example, `--full-auto`), Codex can read files, make edits, and run commands in the working directory automatically.~~27In the `Auto` preset (for example, `--sandbox workspace-write --ask-for-approval on-request`), Codex can read files, make edits, and run commands in the working directory automatically.

28 28

29Codex asks for approval to edit files outside the workspace or to run commands that require network access. If you want to chat or plan without making changes, switch to `read-only` mode with the `/permissions` command.29Codex asks for approval to edit files outside the workspace or to run commands that require network access. If you want to chat or plan without making changes, switch to `read-only` mode with the `/permissions` command.

30 30

150 150

152| ----------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |152| ----------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |

153| Auto (preset) | *no flags needed* or `--full-auto` | Codex can read files, make edits, and run commands in the workspace. Codex requires approval to edit outside the workspace or to access network. |153| Auto (preset) | *no flags needed* or `--sandbox workspace-write --ask-for-approval on-request` | Codex can read files, make edits, and run commands in the workspace. Codex requires approval to edit outside the workspace or to access network. |

154| Safe read-only browsing | `--sandbox read-only --ask-for-approval on-request` | Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network. |154| Safe read-only browsing | `--sandbox read-only --ask-for-approval on-request` | Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network. |

156| Automatically edit but ask for approval to run untrusted commands | `--sandbox workspace-write --ask-for-approval untrusted` | Codex can read and edit files but asks for approval before running untrusted commands. |156| Automatically edit but ask for approval to run untrusted commands | `--sandbox workspace-write --ask-for-approval untrusted` | Codex can read and edit files but asks for approval before running untrusted commands. |

157| Dangerous full access | `--dangerously-bypass-approvals-and-sandbox` (alias: `--yolo`) | [Elevated Risk](https://help.openai.com/articles/20001061) No sandbox; no approvals *(not recommended)* |157| Dangerous full access | `--dangerously-bypass-approvals-and-sandbox` (alias: `--yolo`) | [Elevated Risk](https://help.openai.com/articles/20001061) No sandbox; no approvals *(not recommended)* |

158 158

159`--full-auto` is a convenience alias for `--sandbox workspace-write --ask-for-approval on-request`.159For non-interactive runs, use `codex exec --sandbox workspace-write`; Codex keeps older `codex exec --full-auto` invocations as a deprecated compatibility path and prints a warning.

160 160

161With `--ask-for-approval untrusted`, Codex runs only known-safe read operations automatically. Commands that can mutate state or trigger external execution paths (for example, destructive Git operations or Git output/config-override flags) require approval.161With `--ask-for-approval untrusted`, Codex runs only known-safe read operations automatically. Commands that can mutate state or trigger external execution paths (for example, destructive Git operations or Git output/config-override flags) require approval.

162 162

202 202

203```bash203```bash

204# macOS204# macOS

205codex sandbox macos [--full-auto] [--log-denials] [COMMAND]...205codex sandbox macos [--permissions-profile <name>] [--log-denials] [COMMAND]...

206# Linux206# Linux

207codex sandbox linux [--full-auto] [COMMAND]...207codex sandbox linux [--permissions-profile <name>] [COMMAND]...

208# Windows

209codex sandbox windows [--permissions-profile <name>] [COMMAND]...

208```210```

209 211

210The `sandbox` command is also available as `codex debug`, and the platform helpers have aliases (for example `codex sandbox seatbelt` and `codex sandbox landlock`).212The `sandbox` command is also available as `codex debug`, and the platform helpers have aliases (for example `codex sandbox seatbelt` and `codex sandbox landlock`).

app-server.md +6 −1

Details

222- `thread/turns/list` - page through a stored thread's turn history without resuming it.222- `thread/turns/list` - page through a stored thread's turn history without resuming it.

223- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.

224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.

225- `thread/goal/set` - set the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/updated`.

226- `thread/goal/get` - read the current goal for a loaded thread (experimental; requires `capabilities.experimentalApi`).

227- `thread/goal/clear` - clear the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/cleared`.

225- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.228- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.

226- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.229- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.

227- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.230- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.

242- `command/exec/terminate` - stop a running `command/exec` session.245- `command/exec/terminate` - stop a running `command/exec` session.

243- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.246- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.

244- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.247- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.

248- `modelProvider/capabilities/read` - read provider capability bounds for model/provider combinations (experimental; requires `capabilities.experimentalApi`).

245- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.249- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.

246- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.250- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.

247- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).251- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).

248- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).252- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).

249- `skills/changed` (notify) - emitted when watched local skill files change.253- `skills/changed` (notify) - emitted when watched local skill files change.

250- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.254- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.

255- `marketplace/upgrade` - refresh a configured Git marketplace, or all configured Git marketplaces when you omit the marketplace name.

251- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.256- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.

252- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.257- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.

253- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.258- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.

265- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).270- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).

266- `config/read` - fetch the effective configuration on disk after resolving configuration layering.271- `config/read` - fetch the effective configuration on disk after resolving configuration layering.

267- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).272- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).

268- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home); plugin imports emit `externalAgentConfig/import/completed`.273- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home). Supported item types include config, skills, `AGENTS.md`, plugins, MCP server config, subagents, hooks, commands, and sessions; plugin imports emit `externalAgentConfig/import/completed`.

269- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.274- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.

270- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.275- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.

271- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).276- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).

app/settings.md +33 −4

Details

30 30

31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)

32 32

33### Codex pets

35 Codex pets are optional animated companions for the app. In **Settings**,

36choose **Pets** to select a built-in pet or refresh custom pets from your

37local Codex home. Type `/pet` in the composer, use **Wake Pet** or **Tuck Away Pet** in Settings, or

38 press <kbd>Cmd+K</kbd> or <kbd>Ctrl+K</kbd> and run the same commands to

39 toggle the floating overlay.

41 The overlay keeps active Codex work visible while you use other apps. It

42 shows the active thread, reflects whether Codex is running, waiting for

43 input, or ready for review, and pairs that state with a short progress

44 prompt so you can glance at what changed without reopening the thread.

461/8

48CodexI found a tiny loose thread in settings. Want me to tug it?

50To create your own pet, install the `hatch-pet` skill:

52```text

53$skill-installer hatch-pet

54```

56Reload skills from the command menu. Press <kbd>Cmd+K</kbd> or <kbd>Ctrl+K</kbd>,

57choose **Force Reload Skills**, then ask the skill to create a pet:

59```text

60$hatch-pet create a new pet inspired by my recent projects

61```

33## Git63## Git

34 64

35Use Git settings to standardize branch naming and choose whether Codex uses force65Use Git settings to standardize branch naming and choose whether Codex uses force

46## Browser use76## Browser use

47 77

48Use these settings to install or enable the bundled Browser plugin and manage78Use these settings to install or enable the bundled Browser plugin and manage

~~49allowlisted and blocklisted websites. Codex asks before using a website~~79allowed and blocked websites. Codex asks before using a website unless you've

~~50unless you’ve allowlisted it. Removing a site from the blocklist lets Codex ask~~80allowed it. Removing a site from the blocked list lets Codex ask

51again before using it in the browser.81again before using it in the browser.

52 82

53See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and83See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and

58On macOS, check your Computer Use settings to review desktop-app access and related88On macOS, check your Computer Use settings to review desktop-app access and related

59preferences after setup. To revoke system-level access, update Screen Recording89preferences after setup. To revoke system-level access, update Screen Recording

60or Accessibility permissions in macOS Privacy & Security settings. The feature90or Accessibility permissions in macOS Privacy & Security settings. The feature

~~61isn’t available in the European Economic Area, the United Kingdom, or Switzerland~~91isn't available in the EEA, the United Kingdom, or Switzerland at launch.

~~62at launch.~~

63 92

64## Personalization93## Personalization

65 94

cli/features.md +1 −1

Details

254 254

255## Slash commands255## Slash commands

256 256

257Slash commands give you quick access to specialized workflows like `/review`, `/fork`, or your own reusable prompts. Codex ships with a curated set of built-ins, and you can create custom ones for team-specific tasks or personal shortcuts.257Slash commands give you quick access to specialized workflows like `/review`, `/fork`, `/side`, or your own reusable prompts. Codex ships with a curated set of built-ins, and you can create custom ones for team-specific tasks or personal shortcuts.

258 258

259See the [slash commands guide](https://developers.openai.com/codex/guides/slash-commands) to browse the catalog of built-ins, learn how to author custom commands, and understand where they live on disk.259See the [slash commands guide](https://developers.openai.com/codex/guides/slash-commands) to browse the catalog of built-ins, learn how to author custom commands, and understand where they live on disk.

260 260

cli/reference.md +238 −25

Details

~~23| `--full-auto` | `boolean` | Shortcut for low-friction local work: sets `--ask-for-approval on-request` and `--sandbox workspace-write`. |~~

118 117

119Key118Key

120 119

121`--full-auto`

~~122~~

123Type / Values

~~124~~

125`boolean`

~~126~~

127Details

~~128~~

129Shortcut for low-friction local work: sets `--ask-for-approval on-request` and `--sandbox workspace-write`.

~~130~~

131Key

~~132~~

133`--image, -i`120`--image, -i`

134 121

135Type / Values122Type / Values

268| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |255| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |

269| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |256| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |

270| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |257| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |

258| [`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models) | Experimental | Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog. |

271| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |259| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |

272| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |260| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |

273| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |261| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |

278| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |266| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |

279| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |267| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |

280| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |268| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |

281| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes. |269| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS, Linux, or Windows sandboxes. |

270| [`codex update`](https://developers.openai.com/codex/cli/reference#codex-update) | Stable | Check for and apply a Codex CLI update when the installed release supports self-update. |

282 271

283Key272Key

284 273

366 355

367Key356Key

368 357

358[`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models)

359

360Maturity

361

362Experimental

363

364Details

365

366Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog.

367

368Key

369

369[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)370[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)

370 371

371Maturity372Maturity

494 495

495Details496Details

496 497

497Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes.498Run arbitrary commands inside Codex-provided macOS, Linux, or Windows sandboxes.

499

500Key

501

502[`codex update`](https://developers.openai.com/codex/cli/reference#codex-update)

503

504Maturity

505

506Stable

507

508Details

509

510Check for and apply a Codex CLI update when the installed release supports self-update.

498 511

499Expand to view all512Expand to view all

500 513

502 515

503### `codex` (interactive)516### `codex` (interactive)

504 517

505Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing and `--full-auto` to let Codex run most commands without prompts.518Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing. For low-friction local work, use `--sandbox workspace-write --ask-for-approval on-request`.

506 519

507Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication. See [Codex CLI features](https://developers.openai.com/codex/cli/features#connect-the-tui-to-a-remote-app-server) for setup examples and authentication guidance.520Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication. See [Codex CLI features](https://developers.openai.com/codex/cli/features#connect-the-tui-to-a-remote-app-server) for setup examples and authentication guidance.

508 521

665 678

666This debug flow initializes with `experimentalApi: true`, starts a thread, sends a turn, and streams server notifications. Use it to reproduce and inspect app-server protocol behavior locally.679This debug flow initializes with `experimentalApi: true`, starts a thread, sends a turn, and streams server notifications. Use it to reproduce and inspect app-server protocol behavior locally.

667 680

681### `codex debug models`

682

683Print the raw model catalog Codex sees as JSON.

684

685| Key | Type / Values | Details |

686| --- | --- | --- |

687| `--bundled` | `boolean` | Skip refresh and print only the model catalog bundled with the current Codex binary. |

688

689Key

690

691`--bundled`

692

693Type / Values

694

695`boolean`

696

697Details

698

699Skip refresh and print only the model catalog bundled with the current Codex binary.

700

701Use `--bundled` when you want to inspect only the catalog bundled with the current binary, without refreshing from the remote models endpoint.

702

668### `codex apply`703### `codex apply`

669 704

670Apply the most recent diff from a Codex cloud task to your local repository. You must authenticate and have access to the task.705Apply the most recent diff from a Codex cloud task to your local repository. You must authenticate and have access to the task.

911| `--ignore-rules` | `boolean` | Do not load user or project execpolicy `.rules` files for this run. |

912| `--ignore-user-config` | `boolean` | Do not load `$CODEX_HOME/config.toml`. Authentication still uses `CODEX_HOME`. |

944 981

945Details982Details

946 983

947Apply the low-friction automation preset (`workspace-write` sandbox and `on-request` approvals).984Deprecated compatibility flag. Prefer `--sandbox workspace-write`; Codex prints a warning when this flag is used.

985

986Key

987

988`--ignore-rules`

989

990Type / Values

991

992`boolean`

993

994Details

995

996Do not load user or project execpolicy `.rules` files for this run.

997

998Key

999

1000`--ignore-user-config`

1001

1002Type / Values

1003

1004`boolean`

1005

1006Details

1007

1008Do not load `$CODEX_HOME/config.toml`. Authentication still uses `CODEX_HOME`.

948 1009

949Key1010Key

950 1011

1543 1604

1544| Key | Type / Values | Details |1605| Key | Type / Values | Details |

1545| --- | --- | --- |1606| --- | --- | --- |

1607| `--allow-unix-socket` | `path` | Allow the sandboxed command to bind or connect Unix sockets rooted at this path. Repeat to allow multiple paths. |

1608| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1611| `--log-denials` | `boolean` | Capture macOS sandbox denials with `log stream` while the command runs and print them after exit. |

1612| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1549 1614

1550Key1615Key

1551 1616

1617`--allow-unix-socket`

1618

1619Type / Values

1620

1621`path`

1622

1623Details

1624

1625Allow the sandboxed command to bind or connect Unix sockets rooted at this path. Repeat to allow multiple paths.

1626

1627Key

1628

1629`--cd, -C`

1630

1631Type / Values

1632

1633`DIR`

1634

1635Details

1636

1637Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1638

1639Key

1640

1552`--config, -c`1641`--config, -c`

1553 1642

1554Type / Values1643Type / Values

1561 1650

1562Key1651Key

1563 1652

1564`--full-auto`1653`--include-managed-config`

1654

1655Type / Values

1656

1657`boolean`

1658

1659Details

1660

1661Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1662

1663Key

1664

1665`--log-denials`

1565 1666

1566Type / Values1667Type / Values

1567 1668

1569 1670

1570Details1671Details

1571 1672

1572Grant write access to the current workspace and `/tmp` without approvals.1673Capture macOS sandbox denials with `log stream` while the command runs and print them after exit.

1674

1675Key

1676

1677`--permissions-profile`

1678

1679Type / Values

1680

1681`NAME`

1682

1683Details

1684

1685Apply a named permissions profile from the active configuration stack.

1573 1686

1574Key1687Key

1575 1688

1587 1700

1588| Key | Type / Values | Details |1701| Key | Type / Values | Details |

1589| --- | --- | --- |1702| --- | --- | --- |

1703| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1706| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1593 1708

1594Key1709Key

1595 1710

1711`--cd, -C`

1712

1713Type / Values

1714

1715`DIR`

1716

1717Details

1718

1719Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1720

1721Key

1722

1596`--config, -c`1723`--config, -c`

1597 1724

1598Type / Values1725Type / Values

1605 1732

1606Key1733Key

1607 1734

1608`--full-auto`1735`--include-managed-config`

1609 1736

1610Type / Values1737Type / Values

1611 1738

1613 1740

1614Details1741Details

1615 1742

1616Grant write access to the current workspace and `/tmp` inside the Landlock sandbox.1743Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1744

1745Key

1746

1747`--permissions-profile`

1748

1749Type / Values

1750

1751`NAME`

1752

1753Details

1754

1755Apply a named permissions profile from the active configuration stack.

1617 1756

1618Key1757Key

1619 1758

1627 1766

1628Command to execute under Landlock + seccomp. Provide the executable after `--`.1767Command to execute under Landlock + seccomp. Provide the executable after `--`.

1629 1768

1769#### Windows

1770

1771| Key | Type / Values | Details |

1772| --- | --- | --- |

1773| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1774| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |

1775| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |

1776| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1777| `COMMAND...` | `var-args` | Command to execute under the native Windows sandbox. Provide the executable after `--`. |

1778

1779Key

1780

1781`--cd, -C`

1782

1783Type / Values

1784

1785`DIR`

1786

1787Details

1788

1789Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1790

1791Key

1792

1793`--config, -c`

1794

1795Type / Values

1796

1797`key=value`

1798

1799Details

1800

1801Configuration overrides applied before launching the sandbox (repeatable).

1802

1803Key

1804

1805`--include-managed-config`

1806

1807Type / Values

1808

1809`boolean`

1810

1811Details

1812

1813Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1814

1815Key

1816

1817`--permissions-profile`

1818

1819Type / Values

1820

1821`NAME`

1822

1823Details

1824

1825Apply a named permissions profile from the active configuration stack.

1826

1827Key

1828

1829`COMMAND...`

1830

1831Type / Values

1832

1833`var-args`

1834

1835Details

1836

1837Command to execute under the native Windows sandbox. Provide the executable after `--`.

1838

1839### `codex update`

1840

1841Check for and apply a Codex CLI update when the installed release supports self-update. Debug builds print a message telling you to install a release build instead.

1842

1630## Flag combinations and safety tips1843## Flag combinations and safety tips

1631 1844

1632- Set `--full-auto` for unattended local work, but avoid combining it with `--dangerously-bypass-approvals-and-sandbox` unless you are inside a dedicated sandbox VM.1845- Use `--sandbox workspace-write` for unattended local work that can stay inside the workspace, and avoid `--dangerously-bypass-approvals-and-sandbox` unless you are inside a dedicated sandbox VM.

1633- When you need to grant Codex write access to more directories, prefer `--add-dir` rather than forcing `--sandbox danger-full-access`.1846- When you need to grant Codex write access to more directories, prefer `--add-dir` rather than forcing `--sandbox danger-full-access`.

1634- Pair `--json` with `--output-last-message` in CI to capture machine-readable progress and a final natural-language summary.1847- Pair `--json` with `--output-last-message` in CI to capture machine-readable progress and a final natural-language summary.

1635 1848

cli/slash-commands.md +29 −1

Details

38| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |38| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |

~~40| [`/mcp`](#list-mcp-tools-with-mcp) | List configured Model Context Protocol (MCP) tools. | Check which external tools Codex can call during the session. |~~40| [`/mcp`](#list-mcp-tools-with-mcp) | List configured Model Context Protocol (MCP) tools. | Check which external tools Codex can call during the session; add `verbose` for server details. |

42| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |42| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |

46| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |46| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |

48| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |48| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |

49| [`/side`](#start-a-side-conversation-with-side) | Start an ephemeral side conversation. | Ask a focused follow-up without disrupting the main thread's transcript. |

49| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |50| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |

50| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |51| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |

54| [`/debug-config`](#inspect-config-layers-with-debug-config) | Print config layer and requirements diagnostics. | Debug precedence and policy requirements, including experimental network constraints. |55| [`/debug-config`](#inspect-config-layers-with-debug-config) | Print config layer and requirements diagnostics. | Debug precedence and policy requirements, including experimental network constraints. |

55| [`/statusline`](#configure-footer-items-with-statusline) | Configure TUI status-line fields interactively. | Pick and reorder footer items (model/context/limits/git/tokens/session) and persist in config.toml. |56| [`/statusline`](#configure-footer-items-with-statusline) | Configure TUI status-line fields interactively. | Pick and reorder footer items (model/context/limits/git/tokens/session) and persist in config.toml. |

56| [`/title`](#configure-terminal-title-items-with-title) | Configure terminal window or tab title fields interactively. | Pick and reorder title items such as project, status, thread, branch, model, and task progress. |57| [`/title`](#configure-terminal-title-items-with-title) | Configure terminal window or tab title fields interactively. | Pick and reorder title items such as project, status, thread, branch, model, and task progress. |

58| [`/keymap`](#remap-tui-shortcuts-with-keymap) | Remap TUI keyboard shortcuts. | Inspect and persist custom shortcut bindings in `config.toml`. |

57 59

58`/quit` and `/exit` both exit the CLI. Use them only after you have saved or60`/quit` and `/exit` both exit the CLI. Use them only after you have saved or

59committed any important work.61committed any important work.

199Available title items include app name, project, spinner, status, thread, git201Available title items include app name, project, spinner, status, thread, git

200branch, model, and task progress.202branch, model, and task progress.

201 203

204### Remap TUI shortcuts with `/keymap`

205

206Use `/keymap` to inspect, update, and persist keyboard shortcut bindings for the TUI.

207

2081. Type `/keymap`.

2092. Pick the shortcut context and action you want to change.

2103. Enter the new binding or remove the existing one.

211

212Expected: Codex updates the active keymap and writes the custom binding to `tui.keymap` in `config.toml`.

213

214Key bindings use names such as `ctrl-a`, `shift-enter`, and `page-down`. Context-specific bindings override `tui.keymap.global`; an empty binding list unbinds the action.

215

202### Check background terminals with `/ps`216### Check background terminals with `/ps`

203 217

2041. Type `/ps`.2181. Type `/ps`.

268If you need to fork a saved session instead of the current one, run282If you need to fork a saved session instead of the current one, run

269`codex fork` in your terminal to open the session picker.283`codex fork` in your terminal to open the session picker.

270 284

285### Start a side conversation with `/side`

286

287Use `/side` to start an ephemeral fork from the current conversation without switching away from the main task.

288

2891. Type `/side` to open a side conversation.

2902. Optionally add inline text, for example `/side Check whether this plan has an obvious risk`.

2913. Return to the parent thread after the focused detour finishes.

292

293Expected: Codex opens a side conversation whose transcript is separate from the parent thread. While you are in side mode, the TUI continues to show parent-thread status so you can see whether the main task is still running.

294

295`/side` is unavailable inside another side conversation and during review mode.

296

271### Generate `AGENTS.md` with `/init`297### Generate `AGENTS.md` with `/init`

272 298

2731. Run `/init` in the directory where you want Codex to look for persistent instructions.2991. Run `/init` in the directory where you want Codex to look for persistent instructions.

292 318

293Expected: You see the configured Model Context Protocol (MCP) tools Codex can call in this session.319Expected: You see the configured Model Context Protocol (MCP) tools Codex can call in this session.

294 320

321Use `/mcp verbose` to include detailed server diagnostics. If you pass anything other than `verbose`, Codex shows the command usage.

322

295### Browse apps with `/apps`323### Browse apps with `/apps`

296 324

2971. Type `/apps`.3251. Type `/apps`.

concepts/sandboxing.md +4 −3

Details

145- `never`: Codex doesn't stop for approval prompts.145- `never`: Codex doesn't stop for approval prompts.

146 146

147Full access means using `sandbox_mode = "danger-full-access"` together with147Full access means using `sandbox_mode = "danger-full-access"` together with

148`approval_policy = "never"`. By contrast, `--full-auto` is the lower-risk local148`approval_policy = "never"`. By contrast, the lower-risk local automation

149automation preset: `sandbox_mode = "workspace-write"` and149preset is `sandbox_mode = "workspace-write"` together with

150`approval_policy = "on-request"`.150`approval_policy = "on-request"`, or the matching CLI flags

151`--sandbox workspace-write --ask-for-approval on-request`.

151 152

152If you need Codex to work across more than one directory, writable roots let153If you need Codex to work across more than one directory, writable roots let

153you extend the places it can modify without removing the sandbox entirely. If154you extend the places it can modify without removing the sandbox entirely. If

config-advanced.md +68 −2

Details

90 90

91## Hooks (experimental)91## Hooks (experimental)

92 92

~~93Codex can also load lifecycle hooks from `hooks.json` files that sit next to~~93Codex can also load lifecycle hooks from either `hooks.json` files or inline

~~94active config layers.~~94`[hooks]` tables in `config.toml` files that sit next to active config layers.

95 95

96In practice, the two most useful locations are:96In practice, the two most useful locations are:

97 97

98- `~/.codex/hooks.json`98- `~/.codex/hooks.json`

99- `~/.codex/config.toml`

99- `<repo>/.codex/hooks.json`100- `<repo>/.codex/hooks.json`

101- `<repo>/.codex/config.toml`

100 102

101Project-local hooks load only when the project `.codex/` layer is trusted.103Project-local hooks load only when the project `.codex/` layer is trusted.

102User-level hooks remain independent of project trust.104User-level hooks remain independent of project trust.

108codex_hooks = true110codex_hooks = true

109```111```

110 112

113Inline TOML hooks use the same event structure as `hooks.json`:

114

115```toml

116[[hooks.PreToolUse]]

117matcher = "^Bash$"

118

119[[hooks.PreToolUse.hooks]]

120type = "command"

121command = '/usr/bin/python3 "$(git rev-parse --show-toplevel)/.codex/hooks/pre_tool_use_policy.py"'

122timeout = 30

123statusMessage = "Checking Bash command"

124```

125

126If a single layer contains both `hooks.json` and inline `[hooks]`, Codex loads

127both and warns. Prefer one representation per layer.

128

111For the current event list, input fields, output behavior, and limitations, see129For the current event list, input fields, output behavior, and limitations, see

112[Hooks](https://developers.openai.com/codex/hooks).130[Hooks](https://developers.openai.com/codex/hooks).

113 131

178 196

179The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

180 198

199### Amazon Bedrock provider

200

201Codex includes a built-in `amazon-bedrock` model provider. Set it directly as

202`model_provider`; unlike custom providers, this built-in provider supports only

203the nested AWS profile and region overrides.

204

205```toml

206model_provider = "amazon-bedrock"

207model = "<bedrock-model-id>"

208

209[model_providers.amazon-bedrock.aws]

210profile = "default"

211region = "eu-central-1"

212```

213

214If you omit `profile`, Codex uses the standard AWS credential chain. Set

215`region` to the supported Bedrock region that should handle requests.

216

181## OSS mode (local providers)217## OSS mode (local providers)

182 218

183Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.219Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.

267"""303"""

268```304```

269 305

306### Named permission profiles

307

308Set `default_permissions` to reuse a sandbox profile by name. Codex includes

309the built-in profiles `:read-only`, `:workspace`, and `:danger-no-sandbox`:

310

311```toml

312default_permissions = ":workspace"

313```

314

315For custom profiles, point `default_permissions` at a name you define under

316`[permissions.<name>]`:

317

318```toml

319default_permissions = "workspace"

320

321[permissions.workspace.filesystem]

322":project_roots" = { "." = "write", "**/*.env" = "none" }

323glob_scan_max_depth = 3

324

325[permissions.workspace.network]

326enabled = true

327mode = "limited"

328

329[permissions.workspace.network.domains]

330"api.openai.com" = "allow"

331```

332

333Use built-in names with a leading colon. Custom names don't use a leading

334colon and must have matching `permissions` tables.

335

270Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).336Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).

271 337

272In workspace-write mode, some environments keep `.git/` and `.codex/`338In workspace-write mode, some environments keep `.git/` and `.codex/`

config-basic.md +23 −1

Details

69 69

70For mode-by-mode behavior (including protected `.git`/`.codex` paths and network defaults), see [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).70For mode-by-mode behavior (including protected `.git`/`.codex` paths and network defaults), see [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

71 71

72#### Permission profiles

74Use a named permission profile when you want one reusable filesystem or network policy across sessions:

76```toml

77default_permissions = ":workspace"

78```

80Built-in profiles include `:read-only`, `:workspace`, and `:danger-no-sandbox`. For custom filesystem or network rules, define `[permissions.<name>]` tables and set `default_permissions` to that name.

72#### Windows sandbox mode82#### Windows sandbox mode

73 83

74When running Codex natively on Windows, set the native sandbox mode to `elevated` in the `windows` table. Use `unelevated` only if you don't have administrator permissions or if elevated setup fails.84When running Codex natively on Windows, set the native sandbox mode to `elevated` in the `windows` table. Use `unelevated` only if you don't have administrator permissions or if elevated setup fails.

111 121

112You can override this later in an active session with `/personality` or per thread/turn when using the app-server APIs.122You can override this later in an active session with `/personality` or per thread/turn when using the app-server APIs.

113 123

124#### TUI keymap

125

126Customize terminal shortcuts under `tui.keymap`. Context-specific bindings override `tui.keymap.global`, and an empty list unbinds the action.

127

128```toml

129[tui.keymap.global]

130open_transcript = "ctrl-t"

131

132[tui.keymap.composer]

133submit = ["enter", "ctrl-m"]

134```

135

114#### Command environment136#### Command environment

115 137

116Control which environment variables Codex forwards to spawned commands.138Control which environment variables Codex forwards to spawned commands.

148| Key | Default | Maturity | Description |170| Key | Default | Maturity | Description |

149| -------------------- | :-------------------: | ------------ | ---------------------------------------------------------------------------------------- |171| -------------------- | :-------------------: | ------------ | ---------------------------------------------------------------------------------------- |

config-reference.md +238 −4

Details

~~45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |~~45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

104| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

219| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

221| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

222| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

227| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

629 636

630Details637Details

631 638

632Name of the default permissions profile to apply to sandboxed tool calls.639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

633 640

634Key641Key

635 642

701 708

702Details709Details

703 710

704Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

705 712

706Key713Key

707 714

957 964

958Key965Key

959 966

967`hooks`

968

969Type / Values

970

971`table`

972

973Details

974

975Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

976

977Key

978

960`instructions`979`instructions`

961 980

962Type / Values981Type / Values

1341 1360

1342Key1361Key

1343 1362

1363`memories.min_rate_limit_remaining_percent`

1364

1365Type / Values

1366

1367`number`

1368

1369Details

1370

1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1372

1373Key

1374

1344`memories.min_rollout_idle_hours`1375`memories.min_rollout_idle_hours`

1345 1376

1346Type / Values1377Type / Values

1689 1720

1690Key1721Key

1691 1722

1723`model_providers.amazon-bedrock.aws.profile`

1724

1725Type / Values

1726

1727`string`

1728

1729Details

1730

1731AWS profile name used by the built-in `amazon-bedrock` provider.

1732

1733Key

1734

1735`model_providers.amazon-bedrock.aws.region`

1736

1737Type / Values

1738

1739`string`

1740

1741Details

1742

1743AWS region used by the built-in `amazon-bedrock` provider.

1744

1745Key

1746

1692`model_reasoning_effort`1747`model_reasoning_effort`

1693 1748

1694Type / Values1749Type / Values

2709 2764

2710Key2765Key

2711 2766

2767`tool_suggest.disabled_tools`

2768

2769Type / Values

2770

2771`array<table>`

2772

2773Details

2774

2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2776

2777Key

2778

2712`tool_suggest.discoverables`2779`tool_suggest.discoverables`

2713 2780

2714Type / Values2781Type / Values

2781 2848

2782Key2849Key

2783 2850

2851`tui.keymap.<context>.<action>`

2852

2853Type / Values

2854

2855`string | array<string>`

2856

2857Details

2858

2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

2860

2861Key

2862

2863`tui.keymap.<context>.<action> = []`

2864

2865Type / Values

2866

2867`empty array`

2868

2869Details

2870

2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

2872

2873Key

2874

2784`tui.model_availability_nux.<model>`2875`tui.model_availability_nux.<model>`

2785 2876

2786Type / Values2877Type / Values

2953| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

2956| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3053| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

3054| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

3055| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2957| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |3056| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2961| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |3060| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

3061| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

3062| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

3063| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

3041 3143

3042Key3144Key

3043 3145

3146`features.browser_use`

3147

3148Type / Values

3149

3150`boolean`

3151

3152Details

3153

3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3155

3156Key

3157

3158`features.computer_use`

3159

3160Type / Values

3161

3162`boolean`

3163

3164Details

3165

3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3167

3168Key

3169

3170`features.in_app_browser`

3171

3172Type / Values

3173

3174`boolean`

3175

3176Details

3177

3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

3179

3180Key

3181

3044`guardian_policy_config`3182`guardian_policy_config`

3045 3183

3046Type / Values3184Type / Values

3053 3191

3054Key3192Key

3055 3193

3194`hooks`

3195

3196Type / Values

3197

3198`table`

3199

3200Details

3201

3202Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3203

3204Key

3205

3206`hooks.<Event>`

3207

3208Type / Values

3209

3210`array<table>`

3211

3212Details

3213

3214Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3215

3216Key

3217

3218`hooks.<Event>[].hooks`

3219

3220Type / Values

3221

3222`array<table>`

3223

3224Details

3225

3226Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3227

3228Key

3229

3230`hooks.managed_dir`

3231

3232Type / Values

3233

3234`string (absolute path)`

3235

3236Details

3237

3238Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3239

3240Key

3241

3242`hooks.windows_managed_dir`

3243

3244Type / Values

3245

3246`string (absolute path)`

3247

3248Details

3249

3250Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3251

3252Key

3253

3056`mcp_servers`3254`mcp_servers`

3057 3255

3058Type / Values3256Type / Values

3113 3311

3114Key3312Key

3115 3313

3314`remote_sandbox_config`

3315

3316Type / Values

3317

3318`array<table>`

3319

3320Details

3321

3322Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3323

3324Key

3325

3326`remote_sandbox_config[].allowed_sandbox_modes`

3327

3328Type / Values

3329

3330`array<string>`

3331

3332Details

3333

3334Allowed sandbox modes to apply when this host-specific entry matches.

3335

3336Key

3337

3338`remote_sandbox_config[].hostname_patterns`

3339

3340Type / Values

3341

3342`array<string>`

3343

3344Details

3345

3346Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3347

3348Key

3349

3116`rules`3350`rules`

3117 3351

3118Type / Values3352Type / Values

config-sample.md +39 −2

Details

130# - workspace-write130# - workspace-write

131# - danger-full-access (no sandbox; extremely risky)131# - danger-full-access (no sandbox; extremely risky)

132sandbox_mode = "read-only"132sandbox_mode = "read-only"

133# Named permissions profile to apply by default. Required before using [permissions.<name>].133# Named permissions profile to apply by default. Built-ins:

134# default_permissions = "workspace"134# :read-only | :workspace | :danger-no-sandbox

135# Use a custom name such as "workspace" only when you also define [permissions.workspace].

136# default_permissions = ":workspace"

135 137

136# Example filesystem profile. Use `"none"` to deny reads for exact paths or138# Example filesystem profile. Use `"none"` to deny reads for exact paths or

137# glob patterns. On platforms that need pre-expanded glob matches, set139# glob patterns. On platforms that need pre-expanded glob matches, set

358# You can also add custom .tmTheme files under $CODEX_HOME/themes.360# You can also add custom .tmTheme files under $CODEX_HOME/themes.

359# theme = "catppuccin-mocha"361# theme = "catppuccin-mocha"

360 362

363# Custom key bindings. Context-specific bindings override [tui.keymap.global].

364# Use [] to unbind an action.

365# [tui.keymap.global]

366# open_transcript = "ctrl-t"

367# open_external_editor = []

368#

369# [tui.keymap.composer]

370# submit = ["enter", "ctrl-m"]

371

361# Internal tooltip state keyed by model slug. Usually managed by Codex.372# Internal tooltip state keyed by model slug. Usually managed by Codex.

362# [tui.model_availability_nux]373# [tui.model_availability_nux]

363# "gpt-5.4" = 1374# "gpt-5.4" = 1

407# use_memories = true418# use_memories = true

408# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search419# disable_on_external_context = false # legacy alias: no_memories_if_mcp_or_web_search

409 420

421################################################################################

422# Lifecycle hooks can be configured here inline or in a sibling hooks.json.

423################################################################################

424

425# [hooks]

426# [[hooks.PreToolUse]]

427# matcher = "^Bash$"

428#

429# [[hooks.PreToolUse.hooks]]

430# type = "command"

431# command = 'python3 "/absolute/path/to/pre_tool_use_policy.py"'

432# timeout = 30

433# statusMessage = "Checking Bash command"

434

410################################################################################435################################################################################

411# Define MCP servers under this table. Leave empty to disable.436# Define MCP servers under this table. Leave empty to disable.

412################################################################################437################################################################################

454# - openai479# - openai

455# - ollama480# - ollama

456# - lmstudio481# - lmstudio

482# - amazon-bedrock

457# These IDs are reserved. Use a different ID for custom providers.483# These IDs are reserved. Use a different ID for custom providers.

458 484

459[model_providers]485[model_providers]

460 486

487# --- Example: built-in Amazon Bedrock provider options ---

488# model_provider = "amazon-bedrock"

489# model = "<bedrock-model-id>"

490# [model_providers.amazon-bedrock.aws]

491# profile = "default"

492# region = "eu-central-1"

493

461# --- Example: OpenAI data residency with explicit base URL or headers ---494# --- Example: OpenAI data residency with explicit base URL or headers ---

462# [model_providers.openaidr]495# [model_providers.openaidr]

463# name = "OpenAI Data Residency"496# name = "OpenAI Data Residency"

528# { type = "connector", id = "gmail" },561# { type = "connector", id = "gmail" },

529# { type = "plugin", id = "figma@openai-curated" },562# { type = "plugin", id = "figma@openai-curated" },

530# ]563# ]

564# disabled_tools = [

565# { type = "plugin", id = "slack@openai-curated" },

566# { type = "connector", id = "connector_googlecalendar" },

567# ]

531 568

532################################################################################569################################################################################

533# Profiles (named presets)570# Profiles (named presets)

enterprise/admin-setup.md +10 −1

Details

139 139

140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).

141 141

142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules.142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules. To disable Browser Use, the in-app browser, or Computer Use, see [Pin feature flags](https://developers.openai.com/codex/enterprise/managed-configuration#pin-feature-flags).

143 143

144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)

145 145

166allowed_approval_policies = ["on-request"]166allowed_approval_policies = ["on-request"]

167```167```

168 168

169Example: disable Browser Use, the in-app browser, and Computer Use:

170

171```toml

172[features]

173browser_use = false

174in_app_browser = false

175computer_use = false

176```

177

169Example: add a restrictive command rule when you want admins to block or gate specific commands:178Example: add a restrictive command rule when you want admins to block or gate specific commands:

170 179

171```toml180```toml

enterprise/managed-configuration.md +77 −3

Details

7 7

8## Admin-enforced requirements (requirements.toml)8## Admin-enforced requirements (requirements.toml)

9 9

10Requirements constrain security-sensitive settings (approval policy, approvals reviewer, automatic review policy, sandbox mode, web search mode, and optionally which MCP servers users can enable). When resolving configuration (for example from `config.toml`, profiles, or CLI config overrides), if a value conflicts with an enforced rule, Codex falls back to a compatible value and notifies the user. If you configure an `mcp_servers` allowlist, Codex enables an MCP server only when both its name and identity match an approved entry; otherwise, Codex disables it.10Requirements constrain security-sensitive settings (approval policy, approvals reviewer, automatic review policy, sandbox mode, web search mode, managed hooks, and optionally which MCP servers users can enable). When resolving configuration (for example from `config.toml`, profiles, or CLI config overrides), if a value conflicts with an enforced rule, Codex falls back to a compatible value and notifies the user. If you configure an `mcp_servers` allowlist, Codex enables an MCP server only when both its name and identity match an approved entry; otherwise, Codex disables it.

11 11

12Requirements can also constrain [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) via the `[features]` table in `requirements.toml`. Note that features aren't always security-sensitive, but enterprises can pin values if desired. Omitted keys remain unconstrained.12Requirements can also constrain [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) via the `[features]` table in `requirements.toml`. Note that features aren't always security-sensitive, but enterprises can pin values if desired. Omitted keys remain unconstrained.

13 13

72allowed_sandbox_modes = ["read-only", "workspace-write"]72allowed_sandbox_modes = ["read-only", "workspace-write"]

73```73```

74 74

75### Override sandbox requirements by host

77Use `[[remote_sandbox_config]]` when one managed policy should apply different

78sandbox requirements on different hosts. For example, you can keep a stricter

79default for laptops while allowing workspace writes on matching devboxes or CI

80runners. Host-specific entries currently override `allowed_sandbox_modes` only:

82```toml

83allowed_sandbox_modes = ["read-only"]

85[[remote_sandbox_config]]

86hostname_patterns = ["*.devbox.example.com", "runner-??.ci.example.com"]

87allowed_sandbox_modes = ["read-only", "workspace-write"]

88```

90Codex compares each `hostname_patterns` entry against the best-effort resolved

91host name. It prefers the fully qualified domain name when available and falls

92back to the local host name. Matching is case-insensitive; `*` matches any

93sequence of characters, and `?` matches one character.

95The first matching `[[remote_sandbox_config]]` entry wins within the same

96requirements source. If no entry matches, Codex keeps the top-level

97`allowed_sandbox_modes`. Hostname matching is for policy selection only; don't

98treat it as authenticated device proof.

75You can also constrain web search mode:100You can also constrain web search mode:

76 101

77```toml102```toml

81`allowed_web_search_modes = []` allows only `"disabled"`.106`allowed_web_search_modes = []` allows only `"disabled"`.

82For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.

83 108

~~84You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags):~~109### Pin feature flags

85 110

~~86```~~111You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users

112receiving a managed `requirements.toml`:

113

114```toml

87[features]115[features]

88personality = true116personality = true

89unified_exec = false117unified_exec = false

118

119# Disable specific Codex feature surfaces when needed.

120browser_use = false

121in_app_browser = false

122computer_use = false

90```123```

91 124

92Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.125Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.

93 126

127- `in_app_browser = false` disables the in-app browser pane.

128- `browser_use = false` disables Browser Use and Browser Agent availability.

129- `computer_use = false` disables Computer Use availability and related

130 install or enablement flows.

131

132If omitted, these features are allowed by policy, subject to normal client,

133platform, and rollout availability.

134

94### Configure automatic review policy135### Configure automatic review policy

95 136

96Use `allowed_approvals_reviewers` to require or allow automatic review. Set it137Use `allowed_approvals_reviewers` to require or allow automatic review. Set it

137Windows, managed `deny_read` applies to direct file tools; shell subprocess178Windows, managed `deny_read` applies to direct file tools; shell subprocess

138reads don't use this sandbox rule.179reads don't use this sandbox rule.

139 180

181### Enforce managed hooks from requirements

182

183Admins can also define managed lifecycle hooks directly in `requirements.toml`.

184Use `[hooks]` for the hook configuration itself, and point `managed_dir` at the

185directory where your MDM or endpoint-management tooling installs the referenced

186scripts.

187

188```toml

189[features]

190codex_hooks = true

191

192[hooks]

193managed_dir = "/enterprise/hooks"

194windows_managed_dir = 'C:\enterprise\hooks'

195

196[[hooks.PreToolUse]]

197matcher = "^Bash$"

198

199[[hooks.PreToolUse.hooks]]

200type = "command"

201command = "python3 /enterprise/hooks/pre_tool_use_policy.py"

202timeout = 30

203statusMessage = "Checking managed Bash command"

204```

205

206Notes:

207

208- Codex enforces the hook configuration from `requirements.toml`, but it does

209 not distribute the scripts in `managed_dir`.

210- Deliver those scripts separately with your MDM or device-management solution.

211- Managed hook commands should reference absolute script paths under the

212 configured managed directory.

213

140### Enforce command rules from requirements214### Enforce command rules from requirements

141 215

142Admins can also enforce restrictive command rules from `requirements.toml`216Admins can also enforce restrictive command rules from `requirements.toml`

github-action.md +1 −1

Details

84Fine-tune how Codex runs by setting the action inputs that map to `codex exec` options:84Fine-tune how Codex runs by setting the action inputs that map to `codex exec` options:

85 85

86- `prompt` or `prompt-file` (choose one): Inline instructions or a repository path to Markdown or text with your task. Consider storing prompts in `.github/codex/prompts/`.86- `prompt` or `prompt-file` (choose one): Inline instructions or a repository path to Markdown or text with your task. Consider storing prompts in `.github/codex/prompts/`.

~~87- `codex-args`: Extra CLI flags. Provide a JSON array (for example `["--full-auto"]`) or a shell string (`--full-auto --sandbox danger-full-access`) to allow edits, streaming, or MCP configuration.~~87- `codex-args`: Extra CLI flags. Provide a JSON array (for example `["--json"]`) or a shell string (`--sandbox workspace-write --json`) to allow edits, streaming, or MCP configuration.

88- `model` and `effort`: Pick the Codex agent configuration you want; leave empty for defaults.88- `model` and `effort`: Pick the Codex agent configuration you want; leave empty for defaults.

89- `sandbox`: Match the sandbox mode (`workspace-write`, `read-only`, `danger-full-access`) to the permissions Codex needs during the run.89- `sandbox`: Match the sandbox mode (`workspace-write`, `read-only`, `danger-full-access`) to the permissions Codex needs during the run.

90- `output-file`: Save the final Codex message to disk so later steps can upload or diff it.90- `output-file`: Save the final Codex message to disk so later steps can upload or diff it.

hooks.md +115 −48

Details

1# Hooks1# Hooks

2 2

~~3Experimental. Hooks are under active development. Windows support temporarily~~

~~4disabled.~~

6Hooks are an extensibility framework for Codex. They allow3Hooks are an extensibility framework for Codex. They allow

7you to inject your own scripts into the agentic loop, enabling features such as:4you to inject your own scripts into the agentic loop, enabling features such as:

8 5

23 20

24- Matching hooks from multiple files all run.21- Matching hooks from multiple files all run.

25- Multiple matching command hooks for the same event are launched concurrently,22- Multiple matching command hooks for the same event are launched concurrently,

~~26 so one hook can’t prevent another matching hook from starting.~~23 so one hook cannot prevent another matching hook from starting.

27- `PreToolUse`, `PermissionRequest`, `PostToolUse`, `UserPromptSubmit`, and24- `PreToolUse`, `PermissionRequest`, `PostToolUse`, `UserPromptSubmit`, and

28 `Stop` run at turn scope.25 `Stop` run at turn scope.

~~29- Hooks are currently disabled on Windows.~~

30 26

31## Where Codex looks for hooks27## Where Codex looks for hooks

32 28

~~33Codex discovers `hooks.json` next to active config layers.~~29Codex discovers hooks next to active config layers in either of these forms:

31- `hooks.json`

32- inline `[hooks]` tables inside `config.toml`

34 33

~~35In practice, the two most useful locations are:~~34Installed plugins can also bundle lifecycle config through their plugin

35manifest or a default `hooks/hooks.json` file. See [Build

36plugins](https://developers.openai.com/codex/plugins/build#bundled-mcp-servers-and-lifecycle-config) for the

37plugin packaging rules.

39In practice, the four most useful locations are:

36 40

37- `~/.codex/hooks.json`41- `~/.codex/hooks.json`

42- `~/.codex/config.toml`

38- `<repo>/.codex/hooks.json`43- `<repo>/.codex/hooks.json`

44- `<repo>/.codex/config.toml`

39 45

~~40If more than one `hooks.json` file exists, Codex loads all matching hooks.~~46If more than one hook source exists, Codex loads all matching hooks.

~~41Higher-precedence config layers don’t replace lower-precedence hooks.~~47Higher-precedence config layers do not replace lower-precedence hooks.

48If a single layer contains both `hooks.json` and inline `[hooks]`, Codex

49merges them and warns at startup. Prefer one representation per layer.

42 50

43Project-local hooks load only when the project `.codex/` layer is trusted. In51Project-local hooks load only when the project `.codex/` layer is trusted. In

44untrusted projects, Codex still loads user and system hooks from their own52untrusted projects, Codex still loads user and system hooks from their own

131Notes:139Notes:

132 140

133- `timeout` is in seconds.141- `timeout` is in seconds.

134- `timeoutSec` is also accepted as an alias.

135- If `timeout` is omitted, Codex uses `600` seconds.142- If `timeout` is omitted, Codex uses `600` seconds.

136- `statusMessage` is optional.143- `statusMessage` is optional.

137- Commands run with the session `cwd` as their working directory.144- Commands run with the session `cwd` as their working directory.

139 relative path such as `.codex/hooks/...`. Codex may be started from a146 relative path such as `.codex/hooks/...`. Codex may be started from a

140 subdirectory, and a git-root-based path keeps the hook location stable.147 subdirectory, and a git-root-based path keeps the hook location stable.

141 148

149Equivalent inline TOML in `config.toml`:

150

151```toml

152[features]

153codex_hooks = true

154

155[[hooks.PreToolUse]]

156matcher = "^Bash$"

157

158[[hooks.PreToolUse.hooks]]

159type = "command"

160command = '/usr/bin/python3 "$(git rev-parse --show-toplevel)/.codex/hooks/pre_tool_use_policy.py"'

161timeout = 30

162statusMessage = "Checking Bash command"

163

164[[hooks.PostToolUse]]

165matcher = "^Bash$"

166

167[[hooks.PostToolUse.hooks]]

168type = "command"

169command = '/usr/bin/python3 "$(git rev-parse --show-toplevel)/.codex/hooks/post_tool_use_review.py"'

170timeout = 30

171statusMessage = "Reviewing Bash output"

172```

173

174## Managed hooks from `requirements.toml`

175

176Enterprise-managed requirements can also define hooks inline under `[hooks]`.

177This is useful when admins want to enforce the hook configuration while

178delivering the actual scripts through MDM or another device-management system.

179

180```toml

181[features]

182codex_hooks = true

183

184[hooks]

185managed_dir = "/enterprise/hooks"

186windows_managed_dir = 'C:\enterprise\hooks'

187

188[[hooks.PreToolUse]]

189matcher = "^Bash$"

190

191[[hooks.PreToolUse.hooks]]

192type = "command"

193command = "python3 /enterprise/hooks/pre_tool_use_policy.py"

194timeout = 30

195statusMessage = "Checking managed Bash command"

196```

197

198Notes for managed hooks:

199

200- `managed_dir` is used on macOS and Linux.

201- `windows_managed_dir` is used on Windows.

202- Codex does not distribute the scripts in `managed_dir`; your enterprise

203 tooling must install and update them separately.

204- Managed hook commands should use absolute script paths under the configured

205 managed directory.

206

142## Matcher patterns207## Matcher patterns

143 208

144The `matcher` field is a regex string that filters when hooks fire. Use `"*"`,209The `matcher` field is a regex string that filters when hooks fire. Use `"*"`,

149 214

151| --- | --- | --- |216| --- | --- | --- |

223

224\*For `apply_patch`, matchers can also use `Edit` or `Write`.

158 225

159Examples:226Examples:

160 227

161- `Bash`228- `Bash`

162- `startup|resume`229- `^apply_patch$`

163- `Edit|Write`230- `Edit|Write`

~~164~~ 231- `mcp__filesystem__read_file`

165That last example is still a valid regex, but current Codex `PreToolUse` and232- `mcp__filesystem__.*`

166`PostToolUse` events only emit `Bash`, so it won’t match anything today.233- `startup|resume|clear`

167 234

168## Common input fields235## Common input fields

169 236

242 309

243### PreToolUse310### PreToolUse

244 311

245Work in progress312`PreToolUse` can intercept Bash, file edits performed through `apply_patch`,

~~246~~ 313and MCP tool calls. It is still a guardrail rather than a complete enforcement

247Currently `PreToolUse` only supports Bash tool interception. The model can314boundary because Codex can often perform equivalent work through another

248still work around this by writing its own script to disk and then running that315supported tool path.

249script with Bash, so treat this as a useful guardrail rather than a complete

250enforcement boundary

251 316

252This doesn't intercept all shell calls yet, only the simple ones. The newer317This doesn't intercept all shell calls yet, only the simple ones. The newer

253 `unified_exec` mechanism allows richer streaming stdin/stdout handling of318 `unified_exec` mechanism allows richer streaming stdin/stdout handling of

254shell, but interception is incomplete. Similarly, this doesn’t intercept MCP,319 shell, but interception is incomplete. Similarly, this doesn't intercept

255Write, WebSearch, or other non-shell tool calls.320 `WebSearch` or other non-shell, non-MCP tool calls.

256 321

257`matcher` is applied to `tool_name`, which currently always equals `Bash`.322`matcher` is applied to `tool_name` and matcher aliases. For file edits through

323`apply_patch`, matchers can use `apply_patch`, `Edit`, or `Write`; hook input

324still reports `tool_name: "apply_patch"`.

258 325

259Fields in addition to [Common input fields](#common-input-fields):326Fields in addition to [Common input fields](#common-input-fields):

260 327

262| --- | --- | --- |329| --- | --- | --- |

267 334

268Plain text on `stdout` is ignored.335Plain text on `stdout` is ignored.

269 336

297 364

298### PermissionRequest365### PermissionRequest

299 366

300Work in progress

~~301~~

302`PermissionRequest` runs when Codex is about to ask for approval, such as a367`PermissionRequest` runs when Codex is about to ask for approval, such as a

303shell escalation or managed-network approval. It can allow the request, deny368shell escalation or managed-network approval. It can allow the request, deny

304the request, or decline to decide and let the normal approval prompt continue.369the request, or decline to decide and let the normal approval prompt continue.

305It doesn't run for commands that don't need approval.370It doesn't run for commands that don't need approval.

306 371

307`matcher` is applied to `tool_name`, which currently always equals `Bash`.372`matcher` is applied to `tool_name` and matcher aliases. Current canonical

373values include `Bash`, `apply_patch`, and MCP tool names such as

374`mcp__server__tool`; `apply_patch` also matches `Edit` and `Write`.

308 375

309Fields in addition to [Common input fields](#common-input-fields):376Fields in addition to [Common input fields](#common-input-fields):

310 377

312| --- | --- | --- |379| --- | --- | --- |

317 384

318Plain text on `stdout` is ignored.385Plain text on `stdout` is ignored.

354 421

355### PostToolUse422### PostToolUse

356 423

357Work in progress424`PostToolUse` runs after supported tools produce output, including Bash,

~~358~~ 425`apply_patch`, and MCP tool calls. For Bash, it also runs after commands that

359Currently `PostToolUse` only supports Bash tool results. It’s not limited to426exit with a non-zero status. It can't undo side effects from the tool that

360commands that exit successfully: non-interactive `exec_command` calls can still427already ran.

361trigger `PostToolUse` when Codex emits a Bash post-tool payload. It can’t undo

362side effects from the command that already ran.

363 428

364This doesn't intercept all shell calls yet, only the simple ones. The newer429This doesn't intercept all shell calls yet, only the simple ones. The newer

365 `unified_exec` mechanism allows richer streaming stdin/stdout handling of430 `unified_exec` mechanism allows richer streaming stdin/stdout handling of

366shell, but interception is incomplete. Similarly, this doesn’t intercept MCP,431 shell, but interception is incomplete. Similarly, this doesn't intercept

367Write, WebSearch, or other non-shell tool calls.432 `WebSearch` or other non-shell, non-MCP tool calls.

368 433

369`matcher` is applied to `tool_name`, which currently always equals `Bash`.434`matcher` is applied to `tool_name` and matcher aliases. For file edits through

435`apply_patch`, matchers can use `apply_patch`, `Edit`, or `Write`; hook input

436still reports `tool_name: "apply_patch"`.

370 437

371Fields in addition to [Common input fields](#common-input-fields):438Fields in addition to [Common input fields](#common-input-fields):

372 439

374| --- | --- | --- |441| --- | --- | --- |

380 447

381Plain text on `stdout` is ignored.448Plain text on `stdout` is ignored.

382 449

integrations/github.md +48 −9

Details

~~1# Use Codex in GitHub~~1# Codex code review in GitHub

2 2

~~3Use Codex to review pull requests without leaving GitHub. Add a pull request comment with `@codex review`, and Codex replies with a standard GitHub code review.~~3Use Codex code review to get another high-signal review pass on GitHub pull

4requests. Codex reviews the pull request diff, follows your repository guidance,

5and posts a standard GitHub code review focused on serious issues.

4 6

~~5## Set up code review~~7## Before you start

9Make sure you have:

11- [Codex cloud](https://developers.openai.com/codex/cloud) set up for the repository you want to review.

12- Access to [Codex code review settings](https://chatgpt.com/codex/settings/code-review).

13- An `AGENTS.md` file if you want Codex to follow repository-specific review guidance.

15## Set up Codex code review

6 16

71. Set up [Codex cloud](https://developers.openai.com/codex/cloud).171. Set up [Codex cloud](https://developers.openai.com/codex/cloud).

~~82. Go to [Codex settings](https://chatgpt.com/codex/settings/code-review) and turn on **Code review** for your repository.~~182. Go to [Codex settings](https://chatgpt.com/codex/settings/code-review).

193. Turn on **Code review** for your repository.

9 20

10![Codex settings showing the Code review toggle](/images/codex/code-review/code-review-settings.png)21![Codex settings showing the Code review toggle](/images/codex/code-review/code-review-settings.png)

11 22

~~12## Request a review~~23## Request a Codex review

13 24

141. In a pull request comment, mention `@codex review`.251. In a pull request comment, mention `@codex review`.

152. Wait for Codex to react (👀) and post a review.262. Wait for Codex to react (👀) and post a review.

16 27

17![A pull request comment with @codex review](/images/codex/code-review/review-trigger.png)28![A pull request comment with @codex review](/images/codex/code-review/review-trigger.png)

18 29

~~19Codex posts a review on the pull request, just like a teammate would.~~30Codex posts a review on the pull request, just like a teammate would. In

31GitHub, Codex flags only P0 and P1 issues so review comments stay focused on

32high-priority risks.

20 33

21![Example Codex code review on a pull request](/images/codex/code-review/review-example.png)34![Example Codex code review on a pull request](/images/codex/code-review/review-example.png)

22 35

23## Enable automatic reviews36## Enable automatic reviews

24 37

25If you want Codex to review every pull request automatically, turn on **Automatic reviews** in [Codex settings](https://chatgpt.com/codex/settings/code-review). Codex will post a review whenever a new PR is opened for review, without needing an `@codex review` comment.38If you want Codex to review every pull request automatically, turn on

39**Automatic reviews** in [Codex settings](https://chatgpt.com/codex/settings/code-review).

40Codex will post a review whenever someone opens a new PR for review, without

41needing an `@codex review` comment.

26 42

27## Customize what Codex reviews43## Customize what Codex reviews

28 44

39 55

40Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.56Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.

41 57

~~42For a one-off focus, add it to your pull request comment, for example:~~58For a one-off focus, add it to your pull request comment:

43 59

44`@codex review for security regressions`60`@codex review for security regressions`

45 61

~~46In GitHub, Codex flags only P0 and P1 issues. If you want Codex to flag typos in documentation, add guidance in `AGENTS.md` (for example, “Treat typos in docs as P1.”).~~62If you want Codex to flag typos in documentation, add guidance in `AGENTS.md`

63(for example, “Treat typos in docs as P1.”).

65## Act on review findings

67After Codex posts a review, you can ask it to fix issues in the same pull

68request by leaving another comment:

70```md

71@codex fix the P1 issue

72```

74Codex starts a cloud task with the pull request as context and can push a fix

75back to the branch when it has permission to do so.

47 76

48## Give Codex other tasks77## Give Codex other tasks

49 78

52```md81```md

53@codex fix the CI failures82@codex fix the CI failures

54```83```

85## Troubleshoot code review

87If Codex doesn't react or post a review:

89- Confirm you turned on **Code review** for the repository in [Codex settings](https://chatgpt.com/codex/settings/code-review).

90- Confirm the pull request belongs to a repository with [Codex cloud](https://developers.openai.com/codex/cloud) set up.

91- Use the exact trigger `@codex review` in a pull request comment.

92- For automatic reviews, check that you turned on **Automatic reviews** and that

93 the pull request event matches your review trigger settings.

memories.md +6 −0

Details

42thread has been idle long enough to avoid summarizing work that's still in42thread has been idle long enough to avoid summarizing work that's still in

43progress.43progress.

44 44

45Memory generation can also skip a background pass when your Codex rate-limit

46remaining percentage is below the configured threshold, so Codex doesn't spend

47quota when you're near a limit.

45## Memory storage49## Memory storage

46 50

47Codex stores memories under your Codex home directory. By default, that's51Codex stores memories under your Codex home directory. By default, that's

82 external context such as MCP tool calls, web search, or tool search out of86 external context such as MCP tool calls, web search, or tool search out of

83 memory generation. The older `memories.no_memories_if_mcp_or_web_search` key87 memory generation. The older `memories.no_memories_if_mcp_or_web_search` key

84 is still accepted as an alias.88 is still accepted as an alias.

89- `memories.min_rate_limit_remaining_percent`: controls the minimum remaining

90 Codex rate-limit percentage required before memory generation starts.

85- `memories.extract_model`: overrides the model used for per-thread memory91- `memories.extract_model`: overrides the model used for per-thread memory

86 extraction.92 extraction.

87- `memories.consolidation_model`: overrides the model used for global memory93- `memories.consolidation_model`: overrides the model used for global memory

noninteractive.md +7 −3

Details

50 50

51By default, `codex exec` runs in a read-only sandbox. In automation, set the least permissions needed for the workflow:51By default, `codex exec` runs in a read-only sandbox. In automation, set the least permissions needed for the workflow:

52 52

~~53- Allow edits: `codex exec --full-auto "<task>"`~~53- Allow edits: `codex exec --sandbox workspace-write "<task>"`

54- Allow broader access: `codex exec --sandbox danger-full-access "<task>"`54- Allow broader access: `codex exec --sandbox danger-full-access "<task>"`

55 55

56Use `danger-full-access` only in a controlled environment (for example, an isolated CI runner or container).56Use `danger-full-access` only in a controlled environment (for example, an isolated CI runner or container).

57 57

58Codex keeps `codex exec --full-auto` as a deprecated compatibility flag and prints a warning. Prefer the explicit `--sandbox workspace-write` flag in new scripts.

60Use `--ignore-user-config` when you need a run that doesn't load `$CODEX_HOME/config.toml`, and `--ignore-rules` when you need to skip user and project execpolicy `.rules` files for a controlled automation environment.

58If you configure an enabled MCP server with `required = true` and it fails to initialize, `codex exec` exits with an error instead of continuing without that server.62If you configure an enabled MCP server with `required = true` and it fails to initialize, `codex exec` exits with an error instead of continuing without that server.

59 63

60## Make output machine-readable64## Make output machine-readable

76{"type":"turn.started"}80{"type":"turn.started"}

77{"type":"item.started","item":{"id":"item_1","type":"command_execution","command":"bash -lc ls","status":"in_progress"}}81{"type":"item.started","item":{"id":"item_1","type":"command_execution","command":"bash -lc ls","status":"in_progress"}}

78{"type":"item.completed","item":{"id":"item_3","type":"agent_message","text":"Repo contains docs, sdk, and examples directories."}}82{"type":"item.completed","item":{"id":"item_3","type":"agent_message","text":"Repo contains docs, sdk, and examples directories."}}

~~79{"type":"turn.completed","usage":{"input_tokens":24763,"cached_input_tokens":24448,"output_tokens":122}}~~83{"type":"turn.completed","usage":{"input_tokens":24763,"cached_input_tokens":24448,"output_tokens":122,"reasoning_output_tokens":0}}

80```84```

81 85

82If you only need the final message, write it to a file with `-o <path>`/`--output-last-message <path>`. This writes the final message to the file and still prints it to `stdout` (see [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) for details).86If you only need the final message, write it to a file with `-o <path>`/`--output-last-message <path>`. This writes the final message to the file and still prints it to `stdout` (see [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) for details).

230 234

231 - name: Run Codex235 - name: Run Codex

232 run: |236 run: |

233 codex exec --full-auto --sandbox workspace-write \237 codex exec --sandbox workspace-write \

234 "Read the repository, run the test suite, identify the minimal change needed to make all tests pass, implement only that change, and stop. Do not refactor unrelated files."238 "Read the repository, run the test suite, identify the minimal change needed to make all tests pass, implement only that change, and stop. Do not refactor unrelated files."

235 239

236 - name: Verify tests240 - name: Verify tests

plugins.md +3 −2

Details

44![Plugins list in Codex CLI](/images/codex/plugins/cli_light.png)44![Plugins list in Codex CLI](/images/codex/plugins/cli_light.png)

45 45

46The CLI plugin browser groups plugins by marketplace. Use the marketplace tabs46The CLI plugin browser groups plugins by marketplace. Use the marketplace tabs

~~47to switch sources, open a plugin to inspect details, and press `Space`~~47to switch sources, open a plugin to inspect details, install or uninstall

~~48on an installed plugin to toggle its enabled state.~~48marketplace entries, and press <kbd>Space</kbd> on an installed plugin to toggle

49its enabled state.

49 50

50### Install and use a plugin51### Install and use a plugin

51 52

plugins/build.md +47 −7

Details

304 304

305Every plugin has a manifest at `.codex-plugin/plugin.json`. It can also include305Every plugin has a manifest at `.codex-plugin/plugin.json`. It can also include

306a `skills/` directory, an `.app.json` file that points at one or more apps or306a `skills/` directory, an `.app.json` file that points at one or more apps or

307connectors, an `.mcp.json` file that configures MCP servers, and assets used to307connectors, an `.mcp.json` file that configures MCP servers, lifecycle config,

308present the plugin across supported surfaces.308and assets used to present the plugin across supported surfaces.

309 309

310- my-plugin/310- my-plugin/

311 311

319 - SKILL.md Optional: skill instructions319 - SKILL.md Optional: skill instructions

320 - .app.json Optional: app or connector mappings320 - .app.json Optional: app or connector mappings

321 - .mcp.json Optional: MCP server configuration321 - .mcp.json Optional: MCP server configuration

322 - hooks/

323

324 - hooks.json Optional: lifecycle configuration

322 - assets/ Optional: icons, logos, screenshots325 - assets/ Optional: icons, logos, screenshots

323 326

324Only `plugin.json` belongs in `.codex-plugin/`. Keep `skills/`, `assets/`,327Only `plugin.json` belongs in `.codex-plugin/`. Keep `skills/`, `assets/`,

325`.mcp.json`, and `.app.json` at the plugin root.328`.mcp.json`, `.app.json`, and lifecycle config files at the plugin root.

326 329

327Published plugins typically use a richer manifest than the minimal example that330Published plugins typically use a richer manifest than the minimal example that

328appears in quick-start scaffolds. The manifest has three jobs:331appears in quick-start scaffolds. The manifest has three jobs:

351 "skills": "./skills/",354 "skills": "./skills/",

352 "mcpServers": "./.mcp.json",355 "mcpServers": "./.mcp.json",

353 "apps": "./.app.json",356 "apps": "./.app.json",

357 "hooks": "./hooks/hooks.json",

354 "interface": {358 "interface": {

355 "displayName": "My Plugin",359 "displayName": "My Plugin",

356 "shortDescription": "Reusable skills and apps",360 "shortDescription": "Reusable skills and apps",

384- `name`, `version`, and `description` identify the plugin.388- `name`, `version`, and `description` identify the plugin.

385- `author`, `homepage`, `repository`, `license`, and `keywords` provide389- `author`, `homepage`, `repository`, `license`, and `keywords` provide

386 publisher and discovery metadata.390 publisher and discovery metadata.

387- `skills`, `mcpServers`, and `apps` point to bundled components relative to391- `skills`, `mcpServers`, `apps`, and `hooks` point to bundled components

388 the plugin root.392 relative to the plugin root.

389- `interface` controls how install surfaces present the plugin.393- `interface` controls how install surfaces present the plugin.

390 394

391Use the `interface` object for install-surface metadata:395Use the `interface` object for install-surface metadata:

404- Keep manifest paths relative to the plugin root and start them with `./`.408- Keep manifest paths relative to the plugin root and start them with `./`.

405- Store visual assets such as `composerIcon`, `logo`, and `screenshots` under409- Store visual assets such as `composerIcon`, `logo`, and `screenshots` under

406 `./assets/` when possible.410 `./assets/` when possible.

407- Use `skills` for bundled skill folders, `apps` for `.app.json`, and411- Use `skills` for bundled skill folders, `apps` for `.app.json`,

408 `mcpServers` for `.mcp.json`.412 `mcpServers` for `.mcp.json`, and `hooks` for lifecycle config.

413- If you omit `hooks` and the plugin includes `./hooks/hooks.json`, Codex loads

414 that default lifecycle config automatically.

415

416### Bundled MCP servers and lifecycle config

417

418`mcpServers` can point to an `.mcp.json` file that contains either a direct

419server map or a wrapped `mcp_servers` object.

420

421Direct server map:

422

423```json

424{

425 "docs": {

426 "command": "docs-mcp",

427 "args": ["--stdio"]

428 }

429}

430```

431

432Wrapped server map:

433

434```json

435{

436 "mcp_servers": {

437 "docs": {

438 "command": "docs-mcp",

439 "args": ["--stdio"]

440 }

441 }

442}

443```

444

445`hooks` can point to one lifecycle JSON file, an array of lifecycle JSON files,

446an inline lifecycle object, or an array of inline lifecycle objects. File paths

447must follow the same `./`-prefixed plugin-root path rules as other manifest

448paths. If you omit the manifest field, Codex still checks `./hooks/hooks.json`.

409 449

410### Publish official public plugins450### Publish official public plugins

411 451

skills.md +6 −2

Details

6 6

7Skills are available in the Codex CLI, IDE extension, and Codex app.7Skills are available in the Codex CLI, IDE extension, and Codex app.

8 8

9Skills use **progressive disclosure** to manage context efficiently: Codex starts with each skill’s metadata (`name`, `description`, file path, and optional metadata from `agents/openai.yaml`). Codex loads the full `SKILL.md` instructions only when it decides to use a skill.9Skills use **progressive disclosure** to manage context efficiently: Codex starts with each skill's name, description, and file path. Codex loads the full `SKILL.md` instructions only when it decides to use a skill.

11Codex includes an initial list of available skills in context so it can choose the right skill for a task. To avoid crowding out the rest of the prompt, this list is capped at roughly 2% of the model’s context window, or 8,000 characters when the context window is unknown. If many skills are installed, Codex shortens skill descriptions first. For very large skill sets, some skills may be omitted from the initial list, and Codex will show a warning.

13This budget applies only to the initial skills list. When Codex selects a skill, it still reads the full SKILL.md instructions for that skill.

10 14

11A skill is a directory with a `SKILL.md` file plus optional scripts and references. The `SKILL.md` file must include `name` and `description`.15A skill is a directory with a `SKILL.md` file plus optional scripts and references. The `SKILL.md` file must include `name` and `description`.

12 16

271. **Explicit invocation:** Include the skill directly in your prompt. In CLI/IDE, run `/skills` or type `$` to mention a skill.311. **Explicit invocation:** Include the skill directly in your prompt. In CLI/IDE, run `/skills` or type `$` to mention a skill.

282. **Implicit invocation:** Codex can choose a skill when your task matches the skill `description`.322. **Implicit invocation:** Codex can choose a skill when your task matches the skill `description`.

29 33

~~30Because implicit matching depends on `description`, write descriptions with clear scope and boundaries.~~34Because implicit matching depends on `description`, write concise descriptions with clear scope and boundaries. Front-load the key use case and trigger words so Codex can still match the skill if descriptions are shortened.

31 35

32## Create a skill36## Create a skill

33 37

use-cases/analyze-data-export.md +2 −2

Details

46 46

47## Skills & Plugins47## Skills & Plugins

48 48

~~49- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~49- Spreadsheet

50 50

51 Inspect tabular data, run calculations, and create charts or tables.51 Inspect tabular data, run calculations, and create charts or tables.

52- [Google Sheets](https://developers.openai.com/codex/plugins)52- [Google Sheets](https://developers.openai.com/codex/plugins)

55 55

56| Skill | Why use it |56| Skill | Why use it |

57| --- | --- |57| --- | --- |

~~58| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect tabular data, run calculations, and create charts or tables. |~~58| Spreadsheet | Inspect tabular data, run calculations, and create charts or tables. |

59| [Google Sheets](https://developers.openai.com/codex/plugins) | Analyze approved Google Sheets when the data lives in a shared spreadsheet. |59| [Google Sheets](https://developers.openai.com/codex/plugins) | Analyze approved Google Sheets when the data lives in a shared spreadsheet. |

60 60

61## Starter prompt61## Starter prompt

use-cases/clean-messy-data.md +2 −2

Details

46 46

47## Skills & Plugins47## Skills & Plugins

48 48

~~49- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~49- Spreadsheet

50 50

51 Inspect tabular files, clean columns, and produce reviewable outputs.51 Inspect tabular files, clean columns, and produce reviewable outputs.

52 52

53| Skill | Why use it |53| Skill | Why use it |

54| --- | --- |54| --- | --- |

~~55| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect tabular files, clean columns, and produce reviewable outputs. |~~55| Spreadsheet | Inspect tabular files, clean columns, and produce reviewable outputs. |

56 56

57## Starter prompt57## Starter prompt

58 58

use-cases/collections/game-development.md +2 −2

Details

57 57

58[![](/images/codex/codex-wallpaper-1.webp)58[![](/images/codex/codex-wallpaper-1.webp)

59 59

~~60### Review pull requests faster~~60### Codex code review for GitHub pull requests

61 61

~~62Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~62Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

63 63

64Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)64Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)

use-cases/collections/production-systems.md +2 −2

Details

76 76

77[![](/images/codex/codex-wallpaper-1.webp)77[![](/images/codex/codex-wallpaper-1.webp)

78 78

~~79### Review pull requests faster~~79### Codex code review for GitHub pull requests

80 80

~~81Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~81Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

82 82

83Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)[![](/images/codex/codex-wallpaper-1.webp)83Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)[![](/images/codex/codex-wallpaper-1.webp)

84 84

use-cases/collections/web-development.md +2 −2

Details

63 63

64[![](/images/codex/codex-wallpaper-1.webp)64[![](/images/codex/codex-wallpaper-1.webp)

65 65

~~66### Review pull requests faster~~66### Codex code review for GitHub pull requests

67 67

~~68Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~68Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

69 69

70Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)70Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)

use-cases/generate-slide-decks.md +12 −12

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [Slides](https://github.com/openai/skills/tree/main/skills/.curated/slides)~~51- Slides

52 52

53 Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks.53 Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks.

~~54- [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen)~~54- ImageGen

55 55

56 Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction.56 Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction.

57 57

58| Skill | Why use it |58| Skill | Why use it |

59| --- | --- |59| --- | --- |

60| [Slides](https://github.com/openai/skills/tree/main/skills/.curated/slides) | Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks. |60| Slides | Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks. |

~~61| [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen) | Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction. |~~61| ImageGen | Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction. |

62 62

63## Starter prompt63## Starter prompt

64 64

~~65Use $slides with $imagegen to edit this slide deck in the following way:~~65Use the $slides and $imagegen skills to edit this slide deck in the following way:

66 - If present, add logo.png in the bottom right corner on every slide66 - If present, add logo.png in the bottom right corner on every slide

67- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right67- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right

68- Preserve text as text and simple charts as native PowerPoint charts where practical.68- Preserve text as text and simple charts as native PowerPoint charts where practical.

75 - A copy of the slide deck with the changes applied75 - A copy of the slide deck with the changes applied

76 - notes on which slides were generated, rewritten, or left unchanged76 - notes on which slides were generated, rewritten, or left unchanged

77 77

78[Open in the Codex app](codex://new?prompt=Use+%24slides+with+%24imagegen+to+edit+this+slide+deck+in+the+following+way%3A+%0A-+If+present%2C+add+logo.png+in+the+bottom+right+corner+on+every+slide%0A-+On+slides+X%2C+Y+and+Z%2C+move+the+text+to+the+left+and+use+image+generation+to+generate+an+illustration+%28style%3A+abstract%2C+digital+art%29+on+the+right%0A-+Preserve+text+as+text+and+simple+charts+as+native+PowerPoint+charts+where+practical.%0A-+Add+these+slides%3A+%5Bdescribe+new+slides+here%5D%0A-+Use+the+existing+branding+on+new+slides+and+new+text+%28colors%2C+fonts%2C+layout%2C+etc.%29+%0A-+Render+the+updated+deck+to+slide+images%2C+review+the+output%2C+and+fix+layout+issues+before+delivery.%0A-+Run+overflow+and+font-substitution+checks+before+delivery%2C+especially+if+the+deck+is+dense.%0A-+Save+reusable+prompts+or+generation+notes+when+you+create+a+batch+of+related+images.%0A%0AOutput%3A%0A-+A+copy+of+the+slide+deck+with+the+changes+applied%0A-+notes+on+which+slides+were+generated%2C+rewritten%2C+or+left+unchanged "Open in the Codex app")78[Open in the Codex app](codex://new?prompt=Use+the+%24slides+and+%24imagegen+skills+to+edit+this+slide+deck+in+the+following+way%3A%0A-+If+present%2C+add+logo.png+in+the+bottom+right+corner+on+every+slide%0A-+On+slides+X%2C+Y+and+Z%2C+move+the+text+to+the+left+and+use+image+generation+to+generate+an+illustration+%28style%3A+abstract%2C+digital+art%29+on+the+right%0A-+Preserve+text+as+text+and+simple+charts+as+native+PowerPoint+charts+where+practical.%0A-+Add+these+slides%3A+%5Bdescribe+new+slides+here%5D%0A-+Use+the+existing+branding+on+new+slides+and+new+text+%28colors%2C+fonts%2C+layout%2C+etc.%29+%0A-+Render+the+updated+deck+to+slide+images%2C+review+the+output%2C+and+fix+layout+issues+before+delivery.%0A-+Run+overflow+and+font-substitution+checks+before+delivery%2C+especially+if+the+deck+is+dense.%0A-+Save+reusable+prompts+or+generation+notes+when+you+create+a+batch+of+related+images.%0A%0AOutput%3A%0A-+A+copy+of+the+slide+deck+with+the+changes+applied%0A-+notes+on+which+slides+were+generated%2C+rewritten%2C+or+left+unchanged "Open in the Codex app")

79 79

~~80Use $slides with $imagegen to edit this slide deck in the following way:~~80Use the $slides and $imagegen skills to edit this slide deck in the following way:

81 - If present, add logo.png in the bottom right corner on every slide81 - If present, add logo.png in the bottom right corner on every slide

82- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right82- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right

83- Preserve text as text and simple charts as native PowerPoint charts where practical.83- Preserve text as text and simple charts as native PowerPoint charts where practical.

92 92

93## Introduction93## Introduction

94 94

~~95You can use Codex to manipulate PowerPoint decks in a systematic way, using the Slides skill to create and edit decks with PptxGenJS, and using image generation to generate visuals for the slides.~~95You can use Codex to manipulate PowerPoint decks in a systematic way, using the slides system skill, which comes with Codex by default, to create and edit decks with PptxGenJS, and using image generation to generate visuals for the slides.

96 96

97Skills can be installed directly from the Codex app–see our [skills documentation](https://developers.openai.com/codex/skills) for more details.97Skills can be installed directly from the Codex app–see our [skills documentation](https://developers.openai.com/codex/skills) for more details.

98 98

102 102

103If a deck already exists, ask Codex to inspect it before making changes.103If a deck already exists, ask Codex to inspect it before making changes.

104 104

105The slides skill is opinionated here: match the source aspect ratio before you rebuild layout, and default to 16:9 only when the source material does not already define the deck size. If the references are screenshots or a PDF, ask Codex to render or inspect them first so it can compare slide geometry visually instead of guessing.105The slides system skill is opinionated here: match the source aspect ratio before you rebuild layout, and default to 16:9 only when the source material does not already define the deck size. If the references are screenshots or a PDF, ask Codex to render or inspect them first so it can compare slide geometry visually instead of guessing.

106 106

107## Keep the deck editable107## Keep the deck editable

108 108

112 112

113## Generate visuals intentionally113## Generate visuals intentionally

114 114

115Image generation is most useful when the slides need a cover image, a concept illustration, or a lightweight diagram that would otherwise take manual design work. Ask Codex to define the visual direction first, then reuse that direction consistently across the whole deck.115The imagegen system skill is already installed with Codex and is most useful when the slides need a cover image, a concept illustration, or a lightweight diagram that would otherwise take manual design work. Ask Codex to define the visual direction first, then reuse that direction consistently across the whole deck.

116 116

117When several slides need related visuals, have Codex save the prompts or generation notes it used. That makes the deck easier to extend later without starting over stylistically.117When several slides need related visuals, have Codex save the prompts or generation notes it used. That makes the deck easier to extend later without starting over stylistically.

118 118

120 120

121Deck automation works better when Codex treats each slide as its own decision. Some slides should preserve exact copy, some need a stronger headline and cleaner structure, and some should stay mostly untouched apart from asset cleanup or formatting fixes.121Deck automation works better when Codex treats each slide as its own decision. Some slides should preserve exact copy, some need a stronger headline and cleaner structure, and some should stay mostly untouched apart from asset cleanup or formatting fixes.

122 122

123The slides skill also ships with bundled layout helpers. Ask Codex to copy those helpers into the working directory and reuse them instead of reimplementing spacing, text-sizing, and image-placement logic on every deck.123The slides system skill also ships with bundled layout helpers. Ask Codex to copy those helpers into the working directory and reuse them instead of reimplementing spacing, text-sizing, and image-placement logic on every deck.

124 124

125## Validation before delivery125## Validation before delivery

126 126

127Decks are easy to get almost right and still ship with clipped text, substituted fonts, or layout drift that only shows up after export. The slides skill includes scripts to render decks to per-slide PNGs, build a quick montage for review, detect overflow beyond the slide canvas, and report missing or substituted fonts.127Decks are easy to get almost right and still ship with clipped text, substituted fonts, or layout drift that only shows up after export. The slides system skill includes scripts to render decks to per-slide PNGs, build a quick montage for review, detect overflow beyond the slide canvas, and report missing or substituted fonts.

128 128

129Ask Codex to use those checks before it hands back the final deck, especially when slides are dense or margins are tight.129Ask Codex to use those checks before it hands back the final deck, especially when slides are dense or margins are tight.

130 130

use-cases/github-code-reviews.md +8 −7

Details

~~1# Review pull requests faster | Codex use cases~~1# Codex code review for GitHub pull requests | Codex use cases

2 2

3Codex use cases3Codex use cases

4 4

8 8

9Codex use case9Codex use case

10 10

~~11# Review pull requests faster~~11# Codex code review for GitHub pull requests

12 12

13Catch regressions and potential issues before human review.13Catch regressions and potential issues before human review.

14 14

16 16

17Time horizon **5s**17Time horizon **5s**

18 18

~~19Use Codex in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.~~19Use Codex code review in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.

20 20

21## Best for21## Best for

22 22

29 29

30Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/github-code-reviews/?export=pdf)30Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/github-code-reviews/?export=pdf)

31 31

~~32Use Codex in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.~~32Use Codex code review in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.

33 33

34Easy34Easy

35 35

37 37

38Related links38Related links

39 39

~~40[Use Codex in GitHub](https://developers.openai.com/codex/integrations/github) [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)~~40[Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)

41 41

42## Best for42## Best for

43 43

62 62

63## How to use63## How to use

64 64

~~65Start by adding Codex code review to your GitHub organization or repository. See [Use Codex in GitHub](https://developers.openai.com/codex/integrations/github) for more details.~~65Start by adding Codex code review to your GitHub organization or repository.

66See [Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) for more details.

66 67

67You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.68You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.

68 69

70 71

71This will start a new cloud task that will fix the issue and update the pull request.72This will start a new cloud task that will fix the issue and update the pull request.

72 73

~~73## Define additional guidance~~74## Define review guidance

74 75

75To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:76To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:

76 77

use-cases/ios-liquid-glass.md +1 −1

Details

6 6

7Default options7Default options

8 8

~~9[SwiftUI](https://developer.apple.com/xcode/swiftui/) with `glassEffect`, `GlassEffectContainer`, and glass button styles~~9[SwiftUI](https://developer.apple.com/documentation/swiftui/) with `glassEffect`, `GlassEffectContainer`, and glass button styles

10 10

11Why it's needed11Why it's needed

12 12

use-cases/learn-a-new-concept.md +4 −4

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen)~~51- ImageGen

52 52

~~53 Generate illustrative, non-exact visual assets when a Markdown-native diagram is not enough.~~53 Generate illustrative, non-exact visual assets when a Mermaid diagram is not enough.

54 54

55| Skill | Why use it |55| Skill | Why use it |

56| --- | --- |56| --- | --- |

~~57| [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen) | Generate illustrative, non-exact visual assets when a Markdown-native diagram is not enough. |~~57| ImageGen | Generate illustrative, non-exact visual assets when a Mermaid diagram is not enough. |

58 58

59## Starter prompt59## Starter prompt

60 60

163- An experiment map that connects datasets, metrics, baselines, and reported claims.163- An experiment map that connects datasets, metrics, baselines, and reported claims.

164- A limitations diagram that separates assumptions, failure modes, and open questions.164- A limitations diagram that separates assumptions, failure modes, and open questions.

165 165

166For Markdown-first reports, ask for Mermaid when the destination supports it, or a small checked-in SVG/PNG asset when it does not. Ask Codex to use imagegen only when you need an illustrative, non-exact visual or something that doesn’t fit in a Markdown-native diagram.166For Markdown-first reports, ask for Mermaid when the destination supports it, or a small checked-in SVG/PNG asset when it does not. Ask Codex to use the imagegen system skill, which comes with Codex by default, only when you need an illustrative, non-exact visual or something that doesn't fit in a Markdown-native diagram.

167 167

168## Write the Markdown report168## Write the Markdown report

169 169

use-cases/new-hire-onboarding.md +3 −3

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~51- Spreadsheet

52 52

~~53 Inspect CSV, TSV, and Excel trackers; stage spreadsheet updates; and review tabular operations data before it becomes a source of truth.~~53 Inspect CSV, TSV, and Excel trackers, stage spreadsheet updates, and review tabular operations data before it becomes a source of truth.

54- [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive)54- [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive)

55 55

56 Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context.56 Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context.

60 60

61| Skill | Why use it |61| Skill | Why use it |

62| --- | --- |62| --- | --- |

63| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect CSV, TSV, and Excel trackers; stage spreadsheet updates; and review tabular operations data before it becomes a source of truth. |63| Spreadsheet | Inspect CSV, TSV, and Excel trackers, stage spreadsheet updates, and review tabular operations data before it becomes a source of truth. |

64| [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive) | Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context. |64| [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive) | Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context. |

65| [Notion](https://github.com/openai/plugins/tree/main/plugins/notion) | Reference onboarding plans, project pages, checklists, and team wikis that already live in Notion. |65| [Notion](https://github.com/openai/plugins/tree/main/plugins/notion) | Reference onboarding plans, project pages, checklists, and team wikis that already live in Notion. |

66 66

use-cases/refactor-your-codebase.md +1 −1

Details

115 115

116## Use skills for repeatable patterns116## Use skills for repeatable patterns

117 117

118[Skills](https://developers.openai.com/codex/guides/skills) are useful when the same cleanup rules repeat across repos, services, or teams. Use framework-specific skills when available, add security and CI skills around risky cleanups, and create a team skill when you have a proven checklist for unused-code removal, module extraction, or legacy-pattern modernization.118[Skills](https://developers.openai.com/codex/skills) are useful when the same cleanup rules repeat across repos, services, or teams. Use framework-specific skills when available, add security and CI skills around risky cleanups, and create a team skill when you have a proven checklist for unused-code removal, module extraction, or legacy-pattern modernization.

119If you end up doing the same modernization pass across more than one codebase, Codex can help turn the first successful pass into a reusable skill.119If you end up doing the same modernization pass across more than one codebase, Codex can help turn the first successful pass into a reusable skill.

120 120

121## Related use cases121## Related use cases

OpenAI - Codex Docs Changes 2026-04-24 18:20 UTC → 2026-05-01 18:29 UTC