OpenAI - Codex Docs Changes

agent-approvals-security.md +7 −5

Details

24- **Codex cloud**: Runs in isolated OpenAI-managed containers, preventing access to your host system or unrelated data. Uses a two-phase runtime model: setup runs before the agent phase and can access the network to install specified dependencies, then the agent phase runs offline by default unless you enable internet access for that environment. Secrets configured for cloud environments are available only during setup and are removed before the agent phase starts.24- **Codex cloud**: Runs in isolated OpenAI-managed containers, preventing access to your host system or unrelated data. Uses a two-phase runtime model: setup runs before the agent phase and can access the network to install specified dependencies, then the agent phase runs offline by default unless you enable internet access for that environment. Secrets configured for cloud environments are available only during setup and are removed before the agent phase starts.

25- **Codex CLI / IDE extension**: OS-level mechanisms enforce sandbox policies. Defaults include no network access and write permissions limited to the active workspace. You can configure the sandbox, approval policy, and network settings based on your risk tolerance.25- **Codex CLI / IDE extension**: OS-level mechanisms enforce sandbox policies. Defaults include no network access and write permissions limited to the active workspace. You can configure the sandbox, approval policy, and network settings based on your risk tolerance.

26 26

~~27In the `Auto` preset (for example, `--full-auto`), Codex can read files, make edits, and run commands in the working directory automatically.~~27In the `Auto` preset (for example, `--sandbox workspace-write --ask-for-approval on-request`), Codex can read files, make edits, and run commands in the working directory automatically.

28 28

29Codex asks for approval to edit files outside the workspace or to run commands that require network access. If you want to chat or plan without making changes, switch to `read-only` mode with the `/permissions` command.29Codex asks for approval to edit files outside the workspace or to run commands that require network access. If you want to chat or plan without making changes, switch to `read-only` mode with the `/permissions` command.

30 30

150 150

152| ----------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |152| ----------------------------------------------------------------- | ------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------ |

153| Auto (preset) | *no flags needed* or `--full-auto` | Codex can read files, make edits, and run commands in the workspace. Codex requires approval to edit outside the workspace or to access network. |153| Auto (preset) | *no flags needed* or `--sandbox workspace-write --ask-for-approval on-request` | Codex can read files, make edits, and run commands in the workspace. Codex requires approval to edit outside the workspace or to access network. |

154| Safe read-only browsing | `--sandbox read-only --ask-for-approval on-request` | Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network. |154| Safe read-only browsing | `--sandbox read-only --ask-for-approval on-request` | Codex can read files and answer questions. Codex requires approval to make edits, run commands, or access network. |

156| Automatically edit but ask for approval to run untrusted commands | `--sandbox workspace-write --ask-for-approval untrusted` | Codex can read and edit files but asks for approval before running untrusted commands. |156| Automatically edit but ask for approval to run untrusted commands | `--sandbox workspace-write --ask-for-approval untrusted` | Codex can read and edit files but asks for approval before running untrusted commands. |

157| Dangerous full access | `--dangerously-bypass-approvals-and-sandbox` (alias: `--yolo`) | [Elevated Risk](https://help.openai.com/articles/20001061) No sandbox; no approvals *(not recommended)* |157| Dangerous full access | `--dangerously-bypass-approvals-and-sandbox` (alias: `--yolo`) | [Elevated Risk](https://help.openai.com/articles/20001061) No sandbox; no approvals *(not recommended)* |

158 158

159`--full-auto` is a convenience alias for `--sandbox workspace-write --ask-for-approval on-request`.159For non-interactive runs, use `codex exec --sandbox workspace-write`; Codex keeps older `codex exec --full-auto` invocations as a deprecated compatibility path and prints a warning.

160 160

161With `--ask-for-approval untrusted`, Codex runs only known-safe read operations automatically. Commands that can mutate state or trigger external execution paths (for example, destructive Git operations or Git output/config-override flags) require approval.161With `--ask-for-approval untrusted`, Codex runs only known-safe read operations automatically. Commands that can mutate state or trigger external execution paths (for example, destructive Git operations or Git output/config-override flags) require approval.

162 162

202 202

203```bash203```bash

204# macOS204# macOS

205codex sandbox macos [--full-auto] [--log-denials] [COMMAND]...205codex sandbox macos [--permissions-profile <name>] [--log-denials] [COMMAND]...

206# Linux206# Linux

207codex sandbox linux [--full-auto] [COMMAND]...207codex sandbox linux [--permissions-profile <name>] [COMMAND]...

208# Windows

209codex sandbox windows [--permissions-profile <name>] [COMMAND]...

208```210```

209 211

210The `sandbox` command is also available as `codex debug`, and the platform helpers have aliases (for example `codex sandbox seatbelt` and `codex sandbox landlock`).212The `sandbox` command is also available as `codex debug`, and the platform helpers have aliases (for example `codex sandbox seatbelt` and `codex sandbox landlock`).

app-server.md +6 −1

Details

222- `thread/turns/list` - page through a stored thread's turn history without resuming it.222- `thread/turns/list` - page through a stored thread's turn history without resuming it.

223- `thread/loaded/list` - list the thread ids currently loaded in memory.223- `thread/loaded/list` - list the thread ids currently loaded in memory.

224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.224- `thread/name/set` - set or update a thread's user-facing name for a loaded thread or a persisted rollout; emits `thread/name/updated`.

225- `thread/goal/set` - set the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/updated`.

226- `thread/goal/get` - read the current goal for a loaded thread (experimental; requires `capabilities.experimentalApi`).

227- `thread/goal/clear` - clear the goal for a loaded thread (experimental; requires `capabilities.experimentalApi`); emits `thread/goal/cleared`.

225- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.228- `thread/metadata/update` - patch SQLite-backed stored thread metadata; currently supports persisted `gitInfo`.

226- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.229- `thread/archive` - move a thread's log file into the archived directory; returns `{}` on success and emits `thread/archived`.

227- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.230- `thread/unsubscribe` - unsubscribe this connection from thread turn/item events. If this was the last subscriber, the server unloads the thread after a no-subscriber inactivity grace period and emits `thread/closed`.

242- `command/exec/terminate` - stop a running `command/exec` session.245- `command/exec/terminate` - stop a running `command/exec` session.

243- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.246- `command/exec/outputDelta` (notify) - emitted for base64-encoded stdout/stderr chunks from a streaming `command/exec` session.

244- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.247- `model/list` - list available models (set `includeHidden: true` to include entries with `hidden: true`) with effort options, optional `upgrade`, and `inputModalities`.

248- `modelProvider/capabilities/read` - read provider capability bounds for model/provider combinations (experimental; requires `capabilities.experimentalApi`).

245- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.249- `experimentalFeature/list` - list feature flags with lifecycle stage metadata and cursor pagination.

246- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.250- `experimentalFeature/enablement/set` - patch in-memory runtime enablement for supported feature keys such as `apps` and `plugins`.

247- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).251- `collaborationMode/list` - list collaboration mode presets (experimental, no pagination).

248- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).252- `skills/list` - list skills for one or more `cwd` values (supports `forceReload` and optional `perCwdExtraUserRoots`).

249- `skills/changed` (notify) - emitted when watched local skill files change.253- `skills/changed` (notify) - emitted when watched local skill files change.

250- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.254- `marketplace/add` - add a remote plugin marketplace and persist it into the user's marketplace config.

255- `marketplace/upgrade` - refresh a configured Git marketplace, or all configured Git marketplaces when you omit the marketplace name.

251- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.256- `plugin/list` - list discovered plugin marketplaces and plugin state, including install/auth policy metadata, marketplace load errors, featured plugin ids, and local, Git, or remote plugin source metadata.

252- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.257- `plugin/read` - read one plugin by marketplace path or remote marketplace name and plugin name, including bundled skills, apps, and MCP server names when those details are available.

253- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.258- `plugin/install` - install a plugin from a marketplace path or remote marketplace name.

265- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).270- `feedback/upload` - submit a feedback report (classification + optional reason/logs + conversation id, plus optional `extraLogFiles` attachments).

266- `config/read` - fetch the effective configuration on disk after resolving configuration layering.271- `config/read` - fetch the effective configuration on disk after resolving configuration layering.

267- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).272- `externalAgentConfig/detect` - detect external-agent artifacts that can be migrated with `includeHome` and optional `cwds`; each detected item includes `cwd` (`null` for home).

268- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home); plugin imports emit `externalAgentConfig/import/completed`.273- `externalAgentConfig/import` - apply selected external-agent migration items by passing explicit `migrationItems` with `cwd` (`null` for home). Supported item types include config, skills, `AGENTS.md`, plugins, MCP server config, subagents, hooks, commands, and sessions; plugin imports emit `externalAgentConfig/import/completed`.

269- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.274- `config/value/write` - write a single configuration key/value to the user's `config.toml` on disk.

270- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.275- `config/batchWrite` - apply configuration edits atomically to the user's `config.toml` on disk.

271- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).276- `configRequirements/read` - fetch requirements from `requirements.toml` and/or MDM, including allow-lists, pinned `featureRequirements`, and residency/network requirements (or `null` if you haven't set any up).

app/settings.md +34 −4

Details

30 30

31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)31![Codex app Appearance settings showing theme selection, color controls, and font options](/images/codex/app/theme-selection-light.webp)

32 32

33### Codex pets

35 Codex pets are optional animated companions for the app. In **Settings**,

36 go to **Appearance** and choose **Pets** to select a built-in pet or

37 refresh custom pets from your local Codex home. Type `/pet` in the

38 composer, use **Wake Pet** or **Tuck Away Pet** in **Settings > Appearance**, or

39 press <kbd>Cmd+K</kbd> or <kbd>Ctrl+K</kbd> and run the same commands to

40 toggle the floating overlay.

42 The overlay keeps active Codex work visible while you use other apps. It

43 shows the active thread, reflects whether Codex is running, waiting for

44 input, or ready for review, and pairs that state with a short progress

45 prompt so you can glance at what changed without reopening the thread.

471/8

49CodexI found a tiny loose thread in settings. Want me to tug it?

51To create your own pet, install the `hatch-pet` skill:

53```text

54$skill-installer hatch-pet

55```

57Reload skills from the command menu. Press <kbd>Cmd+K</kbd> or <kbd>Ctrl+K</kbd>,

58choose **Force Reload Skills**, then ask the skill to create a pet:

60```text

61$hatch-pet create a new pet inspired by my recent projects

62```

33## Git64## Git

34 65

35Use Git settings to standardize branch naming and choose whether Codex uses force66Use Git settings to standardize branch naming and choose whether Codex uses force

46## Browser use77## Browser use

47 78

48Use these settings to install or enable the bundled Browser plugin and manage79Use these settings to install or enable the bundled Browser plugin and manage

~~49allowlisted and blocklisted websites. Codex asks before using a website~~80allowed and blocked websites. Codex asks before using a website unless you've

~~50unless you’ve allowlisted it. Removing a site from the blocklist lets Codex ask~~81allowed it. Removing a site from the blocked list lets Codex ask

51again before using it in the browser.82again before using it in the browser.

52 83

53See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and84See [In-app browser](https://developers.openai.com/codex/app/browser) for browser preview, comment, and

58On macOS, check your Computer Use settings to review desktop-app access and related89On macOS, check your Computer Use settings to review desktop-app access and related

59preferences after setup. To revoke system-level access, update Screen Recording90preferences after setup. To revoke system-level access, update Screen Recording

60or Accessibility permissions in macOS Privacy & Security settings. The feature91or Accessibility permissions in macOS Privacy & Security settings. The feature

~~61isn’t available in the European Economic Area, the United Kingdom, or Switzerland~~92isn't available in the EEA, the United Kingdom, or Switzerland at launch.

~~62at launch.~~

63 93

64## Personalization94## Personalization

65 95

cli/features.md +1 −1

Details

254 254

255## Slash commands255## Slash commands

256 256

257Slash commands give you quick access to specialized workflows like `/review`, `/fork`, or your own reusable prompts. Codex ships with a curated set of built-ins, and you can create custom ones for team-specific tasks or personal shortcuts.257Slash commands give you quick access to specialized workflows like `/review`, `/fork`, `/side`, or your own reusable prompts. Codex ships with a curated set of built-ins, and you can create custom ones for team-specific tasks or personal shortcuts.

258 258

259See the [slash commands guide](https://developers.openai.com/codex/guides/slash-commands) to browse the catalog of built-ins, learn how to author custom commands, and understand where they live on disk.259See the [slash commands guide](https://developers.openai.com/codex/guides/slash-commands) to browse the catalog of built-ins, learn how to author custom commands, and understand where they live on disk.

260 260

cli/reference.md +238 −25

Details

~~23| `--full-auto` | `boolean` | Shortcut for low-friction local work: sets `--ask-for-approval on-request` and `--sandbox workspace-write`. |~~

118 117

119Key118Key

120 119

121`--full-auto`

~~122~~

123Type / Values

~~124~~

125`boolean`

~~126~~

127Details

~~128~~

129Shortcut for low-friction local work: sets `--ask-for-approval on-request` and `--sandbox workspace-write`.

~~130~~

131Key

~~132~~

133`--image, -i`120`--image, -i`

134 121

135Type / Values122Type / Values

268| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |255| [`codex cloud`](https://developers.openai.com/codex/cli/reference#codex-cloud) | Experimental | Browse or execute Codex Cloud tasks from the terminal without opening the TUI. Alias: `codex cloud-tasks`. |

269| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |256| [`codex completion`](https://developers.openai.com/codex/cli/reference#codex-completion) | Stable | Generate shell completion scripts for Bash, Zsh, Fish, or PowerShell. |

270| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |257| [`codex debug app-server send-message-v2`](https://developers.openai.com/codex/cli/reference#codex-debug-app-server-send-message-v2) | Experimental | Debug app-server by sending a single V2 message through the built-in test client. |

258| [`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models) | Experimental | Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog. |

271| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |259| [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) | Stable | Run Codex non-interactively. Alias: `codex e`. Stream results to stdout or JSONL and optionally resume previous sessions. |

272| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |260| [`codex execpolicy`](https://developers.openai.com/codex/cli/reference#codex-execpolicy) | Experimental | Evaluate execpolicy rule files and see whether a command would be allowed, prompted, or blocked. |

273| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |261| [`codex features`](https://developers.openai.com/codex/cli/reference#codex-features) | Stable | List feature flags and persistently enable or disable them in `config.toml`. |

278| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |266| [`codex mcp-server`](https://developers.openai.com/codex/cli/reference#codex-mcp-server) | Experimental | Run Codex itself as an MCP server over stdio. Useful when another agent consumes Codex. |

279| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |267| [`codex plugin marketplace`](https://developers.openai.com/codex/cli/reference#codex-plugin-marketplace) | Experimental | Add, upgrade, or remove plugin marketplaces from Git or local sources. |

280| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |268| [`codex resume`](https://developers.openai.com/codex/cli/reference#codex-resume) | Stable | Continue a previous interactive session by ID or resume the most recent conversation. |

281| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes. |269| [`codex sandbox`](https://developers.openai.com/codex/cli/reference#codex-sandbox) | Experimental | Run arbitrary commands inside Codex-provided macOS, Linux, or Windows sandboxes. |

270| [`codex update`](https://developers.openai.com/codex/cli/reference#codex-update) | Stable | Check for and apply a Codex CLI update when the installed release supports self-update. |

282 271

283Key272Key

284 273

366 355

367Key356Key

368 357

358[`codex debug models`](https://developers.openai.com/codex/cli/reference#codex-debug-models)

359

360Maturity

361

362Experimental

363

364Details

365

366Print the raw model catalog Codex sees, including an option to inspect only the bundled catalog.

367

368Key

369

369[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)370[`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec)

370 371

371Maturity372Maturity

494 495

495Details496Details

496 497

497Run arbitrary commands inside Codex-provided macOS seatbelt or Linux bubblewrap sandboxes.498Run arbitrary commands inside Codex-provided macOS, Linux, or Windows sandboxes.

499

500Key

501

502[`codex update`](https://developers.openai.com/codex/cli/reference#codex-update)

503

504Maturity

505

506Stable

507

508Details

509

510Check for and apply a Codex CLI update when the installed release supports self-update.

498 511

499Expand to view all512Expand to view all

500 513

502 515

503### `codex` (interactive)516### `codex` (interactive)

504 517

505Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing and `--full-auto` to let Codex run most commands without prompts.518Running `codex` with no subcommand launches the interactive terminal UI (TUI). The agent accepts the global flags above plus image attachments. Web search defaults to cached mode; use `--search` to switch to live browsing. For low-friction local work, use `--sandbox workspace-write --ask-for-approval on-request`.

506 519

507Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication. See [Codex CLI features](https://developers.openai.com/codex/cli/features#connect-the-tui-to-a-remote-app-server) for setup examples and authentication guidance.520Use `--remote ws://host:port` or `--remote wss://host:port` to connect the TUI to an app server started with `codex app-server --listen ws://IP:PORT`. Add `--remote-auth-token-env <ENV_VAR>` when the server requires a bearer token for WebSocket authentication. See [Codex CLI features](https://developers.openai.com/codex/cli/features#connect-the-tui-to-a-remote-app-server) for setup examples and authentication guidance.

508 521

665 678

666This debug flow initializes with `experimentalApi: true`, starts a thread, sends a turn, and streams server notifications. Use it to reproduce and inspect app-server protocol behavior locally.679This debug flow initializes with `experimentalApi: true`, starts a thread, sends a turn, and streams server notifications. Use it to reproduce and inspect app-server protocol behavior locally.

667 680

681### `codex debug models`

682

683Print the raw model catalog Codex sees as JSON.

684

685| Key | Type / Values | Details |

686| --- | --- | --- |

687| `--bundled` | `boolean` | Skip refresh and print only the model catalog bundled with the current Codex binary. |

688

689Key

690

691`--bundled`

692

693Type / Values

694

695`boolean`

696

697Details

698

699Skip refresh and print only the model catalog bundled with the current Codex binary.

700

701Use `--bundled` when you want to inspect only the catalog bundled with the current binary, without refreshing from the remote models endpoint.

702

668### `codex apply`703### `codex apply`

669 704

670Apply the most recent diff from a Codex cloud task to your local repository. You must authenticate and have access to the task.705Apply the most recent diff from a Codex cloud task to your local repository. You must authenticate and have access to the task.

911| `--ignore-rules` | `boolean` | Do not load user or project execpolicy `.rules` files for this run. |

912| `--ignore-user-config` | `boolean` | Do not load `$CODEX_HOME/config.toml`. Authentication still uses `CODEX_HOME`. |

944 981

945Details982Details

946 983

947Apply the low-friction automation preset (`workspace-write` sandbox and `on-request` approvals).984Deprecated compatibility flag. Prefer `--sandbox workspace-write`; Codex prints a warning when this flag is used.

985

986Key

987

988`--ignore-rules`

989

990Type / Values

991

992`boolean`

993

994Details

995

996Do not load user or project execpolicy `.rules` files for this run.

997

998Key

999

1000`--ignore-user-config`

1001

1002Type / Values

1003

1004`boolean`

1005

1006Details

1007

1008Do not load `$CODEX_HOME/config.toml`. Authentication still uses `CODEX_HOME`.

948 1009

949Key1010Key

950 1011

1543 1604

1544| Key | Type / Values | Details |1605| Key | Type / Values | Details |

1545| --- | --- | --- |1606| --- | --- | --- |

1607| `--allow-unix-socket` | `path` | Allow the sandboxed command to bind or connect Unix sockets rooted at this path. Repeat to allow multiple paths. |

1608| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1611| `--log-denials` | `boolean` | Capture macOS sandbox denials with `log stream` while the command runs and print them after exit. |

1612| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1549 1614

1550Key1615Key

1551 1616

1617`--allow-unix-socket`

1618

1619Type / Values

1620

1621`path`

1622

1623Details

1624

1625Allow the sandboxed command to bind or connect Unix sockets rooted at this path. Repeat to allow multiple paths.

1626

1627Key

1628

1629`--cd, -C`

1630

1631Type / Values

1632

1633`DIR`

1634

1635Details

1636

1637Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1638

1639Key

1640

1552`--config, -c`1641`--config, -c`

1553 1642

1554Type / Values1643Type / Values

1561 1650

1562Key1651Key

1563 1652

1564`--full-auto`1653`--include-managed-config`

1654

1655Type / Values

1656

1657`boolean`

1658

1659Details

1660

1661Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1662

1663Key

1664

1665`--log-denials`

1565 1666

1566Type / Values1667Type / Values

1567 1668

1569 1670

1570Details1671Details

1571 1672

1572Grant write access to the current workspace and `/tmp` without approvals.1673Capture macOS sandbox denials with `log stream` while the command runs and print them after exit.

1674

1675Key

1676

1677`--permissions-profile`

1678

1679Type / Values

1680

1681`NAME`

1682

1683Details

1684

1685Apply a named permissions profile from the active configuration stack.

1573 1686

1574Key1687Key

1575 1688

1587 1700

1588| Key | Type / Values | Details |1701| Key | Type / Values | Details |

1589| --- | --- | --- |1702| --- | --- | --- |

1703| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1706| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1593 1708

1594Key1709Key

1595 1710

1711`--cd, -C`

1712

1713Type / Values

1714

1715`DIR`

1716

1717Details

1718

1719Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1720

1721Key

1722

1596`--config, -c`1723`--config, -c`

1597 1724

1598Type / Values1725Type / Values

1605 1732

1606Key1733Key

1607 1734

1608`--full-auto`1735`--include-managed-config`

1609 1736

1610Type / Values1737Type / Values

1611 1738

1613 1740

1614Details1741Details

1615 1742

1616Grant write access to the current workspace and `/tmp` inside the Landlock sandbox.1743Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1744

1745Key

1746

1747`--permissions-profile`

1748

1749Type / Values

1750

1751`NAME`

1752

1753Details

1754

1755Apply a named permissions profile from the active configuration stack.

1617 1756

1618Key1757Key

1619 1758

1627 1766

1628Command to execute under Landlock + seccomp. Provide the executable after `--`.1767Command to execute under Landlock + seccomp. Provide the executable after `--`.

1629 1768

1769#### Windows

1770

1771| Key | Type / Values | Details |

1772| --- | --- | --- |

1773| `--cd, -C` | `DIR` | Working directory used for profile resolution and command execution. Requires `--permissions-profile`. |

1774| `--config, -c` | `key=value` | Configuration overrides applied before launching the sandbox (repeatable). |

1775| `--include-managed-config` | `boolean` | Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`. |

1776| `--permissions-profile` | `NAME` | Apply a named permissions profile from the active configuration stack. |

1777| `COMMAND...` | `var-args` | Command to execute under the native Windows sandbox. Provide the executable after `--`. |

1778

1779Key

1780

1781`--cd, -C`

1782

1783Type / Values

1784

1785`DIR`

1786

1787Details

1788

1789Working directory used for profile resolution and command execution. Requires `--permissions-profile`.

1790

1791Key

1792

1793`--config, -c`

1794

1795Type / Values

1796

1797`key=value`

1798

1799Details

1800

1801Configuration overrides applied before launching the sandbox (repeatable).

1802

1803Key

1804

1805`--include-managed-config`

1806

1807Type / Values

1808

1809`boolean`

1810

1811Details

1812

1813Include managed requirements while resolving an explicit permissions profile. Requires `--permissions-profile`.

1814

1815Key

1816

1817`--permissions-profile`

1818

1819Type / Values

1820

1821`NAME`

1822

1823Details

1824

1825Apply a named permissions profile from the active configuration stack.

1826

1827Key

1828

1829`COMMAND...`

1830

1831Type / Values

1832

1833`var-args`

1834

1835Details

1836

1837Command to execute under the native Windows sandbox. Provide the executable after `--`.

1838

1839### `codex update`

1840

1841Check for and apply a Codex CLI update when the installed release supports self-update. Debug builds print a message telling you to install a release build instead.

1842

1630## Flag combinations and safety tips1843## Flag combinations and safety tips

1631 1844

1632- Set `--full-auto` for unattended local work, but avoid combining it with `--dangerously-bypass-approvals-and-sandbox` unless you are inside a dedicated sandbox VM.1845- Use `--sandbox workspace-write` for unattended local work that can stay inside the workspace, and avoid `--dangerously-bypass-approvals-and-sandbox` unless you are inside a dedicated sandbox VM.

1633- When you need to grant Codex write access to more directories, prefer `--add-dir` rather than forcing `--sandbox danger-full-access`.1846- When you need to grant Codex write access to more directories, prefer `--add-dir` rather than forcing `--sandbox danger-full-access`.

1634- Pair `--json` with `--output-last-message` in CI to capture machine-readable progress and a final natural-language summary.1847- Pair `--json` with `--output-last-message` in CI to capture machine-readable progress and a final natural-language summary.

1635 1848

cli/slash-commands.md +29 −1

Details

38| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |38| [`/init`](#generate-agentsmd-with-init) | Generate an `AGENTS.md` scaffold in the current directory. | Capture persistent instructions for the repository or subdirectory you're working in. |

~~40| [`/mcp`](#list-mcp-tools-with-mcp) | List configured Model Context Protocol (MCP) tools. | Check which external tools Codex can call during the session. |~~40| [`/mcp`](#list-mcp-tools-with-mcp) | List configured Model Context Protocol (MCP) tools. | Check which external tools Codex can call during the session; add `verbose` for server details. |

42| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |42| [`/model`](#set-the-active-model-with-model) | Choose the active model (and reasoning effort, when available). | Switch between general-purpose models (`gpt-4.1-mini`) and deeper reasoning models before running a task. |

46| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |46| [`/ps`](#check-background-terminals-with-ps) | Show experimental background terminals and their recent output. | Check long-running commands without leaving the main transcript. |

48| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |48| [`/fork`](#fork-the-current-conversation-with-fork) | Fork the current conversation into a new thread. | Branch the active session to explore a new approach without losing the current transcript. |

49| [`/side`](#start-a-side-conversation-with-side) | Start an ephemeral side conversation. | Ask a focused follow-up without disrupting the main thread's transcript. |

49| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |50| [`/resume`](#resume-a-saved-conversation-with-resume) | Resume a saved conversation from your session list. | Continue work from a previous CLI session without starting over. |

50| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |51| [`/new`](#start-a-new-conversation-with-new) | Start a new conversation inside the same CLI session. | Reset the chat context without leaving the CLI when you want a fresh prompt in the same repo. |

54| [`/debug-config`](#inspect-config-layers-with-debug-config) | Print config layer and requirements diagnostics. | Debug precedence and policy requirements, including experimental network constraints. |55| [`/debug-config`](#inspect-config-layers-with-debug-config) | Print config layer and requirements diagnostics. | Debug precedence and policy requirements, including experimental network constraints. |

55| [`/statusline`](#configure-footer-items-with-statusline) | Configure TUI status-line fields interactively. | Pick and reorder footer items (model/context/limits/git/tokens/session) and persist in config.toml. |56| [`/statusline`](#configure-footer-items-with-statusline) | Configure TUI status-line fields interactively. | Pick and reorder footer items (model/context/limits/git/tokens/session) and persist in config.toml. |

56| [`/title`](#configure-terminal-title-items-with-title) | Configure terminal window or tab title fields interactively. | Pick and reorder title items such as project, status, thread, branch, model, and task progress. |57| [`/title`](#configure-terminal-title-items-with-title) | Configure terminal window or tab title fields interactively. | Pick and reorder title items such as project, status, thread, branch, model, and task progress. |

58| [`/keymap`](#remap-tui-shortcuts-with-keymap) | Remap TUI keyboard shortcuts. | Inspect and persist custom shortcut bindings in `config.toml`. |

57 59

58`/quit` and `/exit` both exit the CLI. Use them only after you have saved or60`/quit` and `/exit` both exit the CLI. Use them only after you have saved or

59committed any important work.61committed any important work.

199Available title items include app name, project, spinner, status, thread, git201Available title items include app name, project, spinner, status, thread, git

200branch, model, and task progress.202branch, model, and task progress.

201 203

204### Remap TUI shortcuts with `/keymap`

205

206Use `/keymap` to inspect, update, and persist keyboard shortcut bindings for the TUI.

207

2081. Type `/keymap`.

2092. Pick the shortcut context and action you want to change.

2103. Enter the new binding or remove the existing one.

211

212Expected: Codex updates the active keymap and writes the custom binding to `tui.keymap` in `config.toml`.

213

214Key bindings use names such as `ctrl-a`, `shift-enter`, and `page-down`. Context-specific bindings override `tui.keymap.global`; an empty binding list unbinds the action.

215

202### Check background terminals with `/ps`216### Check background terminals with `/ps`

203 217

2041. Type `/ps`.2181. Type `/ps`.

268If you need to fork a saved session instead of the current one, run282If you need to fork a saved session instead of the current one, run

269`codex fork` in your terminal to open the session picker.283`codex fork` in your terminal to open the session picker.

270 284

285### Start a side conversation with `/side`

286

287Use `/side` to start an ephemeral fork from the current conversation without switching away from the main task.

288

2891. Type `/side` to open a side conversation.

2902. Optionally add inline text, for example `/side Check whether this plan has an obvious risk`.

2913. Return to the parent thread after the focused detour finishes.

292

293Expected: Codex opens a side conversation whose transcript is separate from the parent thread. While you are in side mode, the TUI continues to show parent-thread status so you can see whether the main task is still running.

294

295`/side` is unavailable inside another side conversation and during review mode.

296

271### Generate `AGENTS.md` with `/init`297### Generate `AGENTS.md` with `/init`

272 298

2731. Run `/init` in the directory where you want Codex to look for persistent instructions.2991. Run `/init` in the directory where you want Codex to look for persistent instructions.

292 318

293Expected: You see the configured Model Context Protocol (MCP) tools Codex can call in this session.319Expected: You see the configured Model Context Protocol (MCP) tools Codex can call in this session.

294 320

321Use `/mcp verbose` to include detailed server diagnostics. If you pass anything other than `verbose`, Codex shows the command usage.

322

295### Browse apps with `/apps`323### Browse apps with `/apps`

296 324

2971. Type `/apps`.3251. Type `/apps`.

concepts/sandboxing.md +4 −3

Details

145- `never`: Codex doesn't stop for approval prompts.145- `never`: Codex doesn't stop for approval prompts.

146 146

147Full access means using `sandbox_mode = "danger-full-access"` together with147Full access means using `sandbox_mode = "danger-full-access"` together with

148`approval_policy = "never"`. By contrast, `--full-auto` is the lower-risk local148`approval_policy = "never"`. By contrast, the lower-risk local automation

149automation preset: `sandbox_mode = "workspace-write"` and149preset is `sandbox_mode = "workspace-write"` together with

150`approval_policy = "on-request"`.150`approval_policy = "on-request"`, or the matching CLI flags

151`--sandbox workspace-write --ask-for-approval on-request`.

151 152

152If you need Codex to work across more than one directory, writable roots let153If you need Codex to work across more than one directory, writable roots let

153you extend the places it can modify without removing the sandbox entirely. If154you extend the places it can modify without removing the sandbox entirely. If

config-advanced.md +48 −0

Details

196 196

197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

198 198

199### Amazon Bedrock provider

200

201Codex includes a built-in `amazon-bedrock` model provider. Set it directly as

202`model_provider`; unlike custom providers, this built-in provider supports only

203the nested AWS profile and region overrides.

204

205```toml

206model_provider = "amazon-bedrock"

207model = "<bedrock-model-id>"

208

209[model_providers.amazon-bedrock.aws]

210profile = "default"

211region = "eu-central-1"

212```

213

214If you omit `profile`, Codex uses the standard AWS credential chain. Set

215`region` to the supported Bedrock region that should handle requests.

216

199## OSS mode (local providers)217## OSS mode (local providers)

200 218

201Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.219Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.

285"""303"""

286```304```

287 305

306### Named permission profiles

307

308Set `default_permissions` to reuse a sandbox profile by name. Codex includes

309the built-in profiles `:read-only`, `:workspace`, and `:danger-no-sandbox`:

310

311```toml

312default_permissions = ":workspace"

313```

314

315For custom profiles, point `default_permissions` at a name you define under

316`[permissions.<name>]`:

317

318```toml

319default_permissions = "workspace"

320

321[permissions.workspace.filesystem]

322":project_roots" = { "." = "write", "**/*.env" = "none" }

323glob_scan_max_depth = 3

324

325[permissions.workspace.network]

326enabled = true

327mode = "limited"

328

329[permissions.workspace.network.domains]

330"api.openai.com" = "allow"

331```

332

333Use built-in names with a leading colon. Custom names don't use a leading

334colon and must have matching `permissions` tables.

335

288Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).336Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).

289 337

290In workspace-write mode, some environments keep `.git/` and `.codex/`338In workspace-write mode, some environments keep `.git/` and `.codex/`

config-basic.md +22 −0

Details

69 69

70For mode-by-mode behavior (including protected `.git`/`.codex` paths and network defaults), see [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).70For mode-by-mode behavior (including protected `.git`/`.codex` paths and network defaults), see [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

71 71

72#### Permission profiles

74Use a named permission profile when you want one reusable filesystem or network policy across sessions:

76```toml

77default_permissions = ":workspace"

78```

80Built-in profiles include `:read-only`, `:workspace`, and `:danger-no-sandbox`. For custom filesystem or network rules, define `[permissions.<name>]` tables and set `default_permissions` to that name.

72#### Windows sandbox mode82#### Windows sandbox mode

73 83

74When running Codex natively on Windows, set the native sandbox mode to `elevated` in the `windows` table. Use `unelevated` only if you don't have administrator permissions or if elevated setup fails.84When running Codex natively on Windows, set the native sandbox mode to `elevated` in the `windows` table. Use `unelevated` only if you don't have administrator permissions or if elevated setup fails.

111 121

112You can override this later in an active session with `/personality` or per thread/turn when using the app-server APIs.122You can override this later in an active session with `/personality` or per thread/turn when using the app-server APIs.

113 123

124#### TUI keymap

125

126Customize terminal shortcuts under `tui.keymap`. Context-specific bindings override `tui.keymap.global`, and an empty list unbinds the action.

127

128```toml

129[tui.keymap.global]

130open_transcript = "ctrl-t"

131

132[tui.keymap.composer]

133submit = ["enter", "ctrl-m"]

134```

135

114#### Command environment136#### Command environment

115 137

116Control which environment variables Codex forwards to spawned commands.138Control which environment variables Codex forwards to spawned commands.

config-reference.md +93 −28

Details

~~45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |~~45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

220| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

222| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

223| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

228| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

630 636

631Details637Details

632 638

633Name of the default permissions profile to apply to sandboxed tool calls.639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

634 640

635Key641Key

636 642

1354 1360

1355Key1361Key

1356 1362

1363`memories.min_rate_limit_remaining_percent`

1364

1365Type / Values

1366

1367`number`

1368

1369Details

1370

1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1372

1373Key

1374

1357`memories.min_rollout_idle_hours`1375`memories.min_rollout_idle_hours`

1358 1376

1359Type / Values1377Type / Values

1702 1720

1703Key1721Key

1704 1722

1723`model_providers.amazon-bedrock.aws.profile`

1724

1725Type / Values

1726

1727`string`

1728

1729Details

1730

1731AWS profile name used by the built-in `amazon-bedrock` provider.

1732

1733Key

1734

1735`model_providers.amazon-bedrock.aws.region`

1736

1737Type / Values

1738

1739`string`

1740

1741Details

1742

1743AWS region used by the built-in `amazon-bedrock` provider.

1744

1745Key

1746

1705`model_reasoning_effort`1747`model_reasoning_effort`

1706 1748

1707Type / Values1749Type / Values

2722 2764

2723Key2765Key

2724 2766

2767`tool_suggest.disabled_tools`

2768

2769Type / Values

2770

2771`array<table>`

2772

2773Details

2774

2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2776

2777Key

2778

2725`tool_suggest.discoverables`2779`tool_suggest.discoverables`

2726 2780

2727Type / Values2781Type / Values

2794 2848

2795Key2849Key

2796 2850

2851`tui.keymap.<context>.<action>`

2852

2853Type / Values

2854

2855`string | array<string>`

2856

2857Details

2858

2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

2860

2861Key

2862

2863`tui.keymap.<context>.<action> = []`

2864

2865Type / Values

2866

2867`empty array`

2868

2869Details

2870

2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

2872

2873Key

2874

2797`tui.model_availability_nux.<model>`2875`tui.model_availability_nux.<model>`

2798 2876

2799Type / Values2877Type / Values

2966| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2967| `feature_requirements` | `table` | Alias for `features` in `requirements.toml`. Use it to pin feature values by canonical feature key. |

2968| `feature_requirements.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. You can also set `features.browser_use`. |

2969| `feature_requirements.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. You can also set `features.computer_use`. |

2970| `feature_requirements.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. You can also set `features.in_app_browser`. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

2973| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

2974| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

2975| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3042 3119

3043Key3120Key

3044 3121

3045`feature_requirements`3122`features`

3046 3123

3047Type / Values3124Type / Values

3048 3125

3050 3127

3051Details3128Details

3052 3129

3053Alias for `features` in `requirements.toml`. Use it to pin feature values by canonical feature key.3130Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

3054 3131

3055Key3132Key

3056 3133

3057`feature_requirements.browser_use`3134`features.<name>`

3058 3135

3059Type / Values3136Type / Values

3060 3137

3062 3139

3063Details3140Details

3064 3141

3065Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. You can also set `features.browser_use`.3142Require a specific canonical feature key to stay enabled or disabled.

3066 3143

3067Key3144Key

3068 3145

3069`feature_requirements.computer_use`3146`features.browser_use`

3070 3147

3071Type / Values3148Type / Values

3072 3149

3074 3151

3075Details3152Details

3076 3153

3077Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. You can also set `features.computer_use`.3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3078 3155

3079Key3156Key

3080 3157

3081`feature_requirements.in_app_browser`3158`features.computer_use`

3082 3159

3083Type / Values3160Type / Values

3084 3161

3086 3163

3087Details3164Details

3088 3165

3089Set to `false` in `requirements.toml` to disable the in-app browser pane. You can also set `features.in_app_browser`.3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3090 3167

3091Key3168Key

3092 3169

3093`features`3170`features.in_app_browser`

~~3094~~

3095Type / Values

~~3096~~

3097`table`

~~3098~~

3099Details

~~3100~~

3101Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

~~3102~~

3103Key

~~3104~~

3105`features.<name>`

3106 3171

3107Type / Values3172Type / Values

3108 3173

3110 3175

3111Details3176Details

3112 3177

3113Require a specific canonical feature key to stay enabled or disabled.3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

3114 3179

3115Key3180Key

3116 3181

config-sample.md +25 −2

Details

130# - workspace-write130# - workspace-write

131# - danger-full-access (no sandbox; extremely risky)131# - danger-full-access (no sandbox; extremely risky)

132sandbox_mode = "read-only"132sandbox_mode = "read-only"

133# Named permissions profile to apply by default. Required before using [permissions.<name>].133# Named permissions profile to apply by default. Built-ins:

134# default_permissions = "workspace"134# :read-only | :workspace | :danger-no-sandbox

135# Use a custom name such as "workspace" only when you also define [permissions.workspace].

136# default_permissions = ":workspace"

135 137

136# Example filesystem profile. Use `"none"` to deny reads for exact paths or138# Example filesystem profile. Use `"none"` to deny reads for exact paths or

137# glob patterns. On platforms that need pre-expanded glob matches, set139# glob patterns. On platforms that need pre-expanded glob matches, set

358# You can also add custom .tmTheme files under $CODEX_HOME/themes.360# You can also add custom .tmTheme files under $CODEX_HOME/themes.

359# theme = "catppuccin-mocha"361# theme = "catppuccin-mocha"

360 362

363# Custom key bindings. Context-specific bindings override [tui.keymap.global].

364# Use [] to unbind an action.

365# [tui.keymap.global]

366# open_transcript = "ctrl-t"

367# open_external_editor = []

368#

369# [tui.keymap.composer]

370# submit = ["enter", "ctrl-m"]

371

361# Internal tooltip state keyed by model slug. Usually managed by Codex.372# Internal tooltip state keyed by model slug. Usually managed by Codex.

362# [tui.model_availability_nux]373# [tui.model_availability_nux]

363# "gpt-5.4" = 1374# "gpt-5.4" = 1

468# - openai479# - openai

469# - ollama480# - ollama

470# - lmstudio481# - lmstudio

482# - amazon-bedrock

471# These IDs are reserved. Use a different ID for custom providers.483# These IDs are reserved. Use a different ID for custom providers.

472 484

473[model_providers]485[model_providers]

474 486

487# --- Example: built-in Amazon Bedrock provider options ---

488# model_provider = "amazon-bedrock"

489# model = "<bedrock-model-id>"

490# [model_providers.amazon-bedrock.aws]

491# profile = "default"

492# region = "eu-central-1"

493

475# --- Example: OpenAI data residency with explicit base URL or headers ---494# --- Example: OpenAI data residency with explicit base URL or headers ---

476# [model_providers.openaidr]495# [model_providers.openaidr]

477# name = "OpenAI Data Residency"496# name = "OpenAI Data Residency"

542# { type = "connector", id = "gmail" },561# { type = "connector", id = "gmail" },

543# { type = "plugin", id = "figma@openai-curated" },562# { type = "plugin", id = "figma@openai-curated" },

544# ]563# ]

564# disabled_tools = [

565# { type = "plugin", id = "slack@openai-curated" },

566# { type = "connector", id = "connector_googlecalendar" },

567# ]

545 568

546################################################################################569################################################################################

547# Profiles (named presets)570# Profiles (named presets)

enterprise/admin-setup.md +10 −1

Details

139 139

140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).140Codex Admins can deploy admin-enforced `requirements.toml` policies from the Codex [Policies page](https://chatgpt.com/codex/settings/policies).

141 141

142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules. To disable Browser Use, the in-app browser, or Computer Use, see [Disable Codex feature surfaces](https://developers.openai.com/codex/enterprise/managed-configuration#disable-codex-feature-surfaces).142Use this page when you want to apply different local Codex constraints to different groups without distributing device-level files first. The managed policy uses the same `requirements.toml` format described in [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration), so you can define allowed approval policies, sandbox modes, web search behavior, MCP server allowlists, feature pins, and restrictive command rules. To disable Browser Use, the in-app browser, or Computer Use, see [Pin feature flags](https://developers.openai.com/codex/enterprise/managed-configuration#pin-feature-flags).

143 143

144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)144![Codex policies and configurations page](/images/codex/enterprise/policies_and_configurations_page.png)

145 145

166allowed_approval_policies = ["on-request"]166allowed_approval_policies = ["on-request"]

167```167```

168 168

169Example: disable Browser Use, the in-app browser, and Computer Use:

170

171```toml

172[features]

173browser_use = false

174in_app_browser = false

175computer_use = false

176```

177

169Example: add a restrictive command rule when you want admins to block or gate specific commands:178Example: add a restrictive command rule when you want admins to block or gate specific commands:

170 179

171```toml180```toml

enterprise/managed-configuration.md +8 −13

Details

106`allowed_web_search_modes = []` allows only `"disabled"`.106`allowed_web_search_modes = []` allows only `"disabled"`.

107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.107For example, `allowed_web_search_modes = ["cached"]` prevents live web search even in `danger-full-access` sessions.

108 108

109You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags):109### Pin feature flags

110 110

111```111You can also pin [feature flags](https://developers.openai.com/codex/config-basic/#feature-flags) for users

112receiving a managed `requirements.toml`:

113

114```toml

112[features]115[features]

113personality = true116personality = true

114unified_exec = false117unified_exec = false

115```

~~116~~

117Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.

118 118

119### Disable Codex feature surfaces119# Disable specific Codex feature surfaces when needed.

~~120~~

121Admins can use `[feature_requirements]` to disable specific Codex feature

122surfaces for users receiving a managed `requirements.toml`. You can also set

123the same keys in the existing `[features]` table.

~~124~~

125```

126[feature_requirements]

127browser_use = false120browser_use = false

128in_app_browser = false121in_app_browser = false

129computer_use = false122computer_use = false

130```123```

131 124

125Use the canonical feature keys from `config.toml`'s `[features]` table. Codex normalizes the resulting feature set to meet these pins and rejects conflicting writes to `config.toml` or profile-scoped feature settings.

126

132- `in_app_browser = false` disables the in-app browser pane.127- `in_app_browser = false` disables the in-app browser pane.

133- `browser_use = false` disables Browser Use and Browser Agent availability.128- `browser_use = false` disables Browser Use and Browser Agent availability.

134- `computer_use = false` disables Computer Use availability and related129- `computer_use = false` disables Computer Use availability and related

github-action.md +1 −1

Details

84Fine-tune how Codex runs by setting the action inputs that map to `codex exec` options:84Fine-tune how Codex runs by setting the action inputs that map to `codex exec` options:

85 85

86- `prompt` or `prompt-file` (choose one): Inline instructions or a repository path to Markdown or text with your task. Consider storing prompts in `.github/codex/prompts/`.86- `prompt` or `prompt-file` (choose one): Inline instructions or a repository path to Markdown or text with your task. Consider storing prompts in `.github/codex/prompts/`.

~~87- `codex-args`: Extra CLI flags. Provide a JSON array (for example `["--full-auto"]`) or a shell string (`--full-auto --sandbox danger-full-access`) to allow edits, streaming, or MCP configuration.~~87- `codex-args`: Extra CLI flags. Provide a JSON array (for example `["--json"]`) or a shell string (`--sandbox workspace-write --json`) to allow edits, streaming, or MCP configuration.

88- `model` and `effort`: Pick the Codex agent configuration you want; leave empty for defaults.88- `model` and `effort`: Pick the Codex agent configuration you want; leave empty for defaults.

89- `sandbox`: Match the sandbox mode (`workspace-write`, `read-only`, `danger-full-access`) to the permissions Codex needs during the run.89- `sandbox`: Match the sandbox mode (`workspace-write`, `read-only`, `danger-full-access`) to the permissions Codex needs during the run.

90- `output-file`: Save the final Codex message to disk so later steps can upload or diff it.90- `output-file`: Save the final Codex message to disk so later steps can upload or diff it.

hooks.md +5 −0

Details

31- `hooks.json`31- `hooks.json`

32- inline `[hooks]` tables inside `config.toml`32- inline `[hooks]` tables inside `config.toml`

33 33

34Installed plugins can also bundle lifecycle config through their plugin

35manifest or a default `hooks/hooks.json` file. See [Build

36plugins](https://developers.openai.com/codex/plugins/build#bundled-mcp-servers-and-lifecycle-config) for the

37plugin packaging rules.

34In practice, the four most useful locations are:39In practice, the four most useful locations are:

35 40

36- `~/.codex/hooks.json`41- `~/.codex/hooks.json`

integrations/github.md +48 −9

Details

~~1# Use Codex in GitHub~~1# Codex code review in GitHub

2 2

~~3Use Codex to review pull requests without leaving GitHub. Add a pull request comment with `@codex review`, and Codex replies with a standard GitHub code review.~~3Use Codex code review to get another high-signal review pass on GitHub pull

4requests. Codex reviews the pull request diff, follows your repository guidance,

5and posts a standard GitHub code review focused on serious issues.

4 6

~~5## Set up code review~~7## Before you start

9Make sure you have:

11- [Codex cloud](https://developers.openai.com/codex/cloud) set up for the repository you want to review.

12- Access to [Codex code review settings](https://chatgpt.com/codex/settings/code-review).

13- An `AGENTS.md` file if you want Codex to follow repository-specific review guidance.

15## Set up Codex code review

6 16

71. Set up [Codex cloud](https://developers.openai.com/codex/cloud).171. Set up [Codex cloud](https://developers.openai.com/codex/cloud).

~~82. Go to [Codex settings](https://chatgpt.com/codex/settings/code-review) and turn on **Code review** for your repository.~~182. Go to [Codex settings](https://chatgpt.com/codex/settings/code-review).

193. Turn on **Code review** for your repository.

9 20

10![Codex settings showing the Code review toggle](/images/codex/code-review/code-review-settings.png)21![Codex settings showing the Code review toggle](/images/codex/code-review/code-review-settings.png)

11 22

~~12## Request a review~~23## Request a Codex review

13 24

141. In a pull request comment, mention `@codex review`.251. In a pull request comment, mention `@codex review`.

152. Wait for Codex to react (👀) and post a review.262. Wait for Codex to react (👀) and post a review.

16 27

17![A pull request comment with @codex review](/images/codex/code-review/review-trigger.png)28![A pull request comment with @codex review](/images/codex/code-review/review-trigger.png)

18 29

~~19Codex posts a review on the pull request, just like a teammate would.~~30Codex posts a review on the pull request, just like a teammate would. In

31GitHub, Codex flags only P0 and P1 issues so review comments stay focused on

32high-priority risks.

20 33

21![Example Codex code review on a pull request](/images/codex/code-review/review-example.png)34![Example Codex code review on a pull request](/images/codex/code-review/review-example.png)

22 35

23## Enable automatic reviews36## Enable automatic reviews

24 37

25If you want Codex to review every pull request automatically, turn on **Automatic reviews** in [Codex settings](https://chatgpt.com/codex/settings/code-review). Codex will post a review whenever a new PR is opened for review, without needing an `@codex review` comment.38If you want Codex to review every pull request automatically, turn on

39**Automatic reviews** in [Codex settings](https://chatgpt.com/codex/settings/code-review).

40Codex will post a review whenever someone opens a new PR for review, without

41needing an `@codex review` comment.

26 42

27## Customize what Codex reviews43## Customize what Codex reviews

28 44

39 55

40Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.56Codex applies guidance from the closest `AGENTS.md` to each changed file. You can place more specific instructions deeper in the tree when particular packages need extra scrutiny.

41 57

~~42For a one-off focus, add it to your pull request comment, for example:~~58For a one-off focus, add it to your pull request comment:

43 59

44`@codex review for security regressions`60`@codex review for security regressions`

45 61

~~46In GitHub, Codex flags only P0 and P1 issues. If you want Codex to flag typos in documentation, add guidance in `AGENTS.md` (for example, “Treat typos in docs as P1.”).~~62If you want Codex to flag typos in documentation, add guidance in `AGENTS.md`

63(for example, “Treat typos in docs as P1.”).

65## Act on review findings

67After Codex posts a review, you can ask it to fix issues in the same pull

68request by leaving another comment:

70```md

71@codex fix the P1 issue

72```

74Codex starts a cloud task with the pull request as context and can push a fix

75back to the branch when it has permission to do so.

47 76

48## Give Codex other tasks77## Give Codex other tasks

49 78

52```md81```md

53@codex fix the CI failures82@codex fix the CI failures

54```83```

85## Troubleshoot code review

87If Codex doesn't react or post a review:

89- Confirm you turned on **Code review** for the repository in [Codex settings](https://chatgpt.com/codex/settings/code-review).

90- Confirm the pull request belongs to a repository with [Codex cloud](https://developers.openai.com/codex/cloud) set up.

91- Use the exact trigger `@codex review` in a pull request comment.

92- For automatic reviews, check that you turned on **Automatic reviews** and that

93 the pull request event matches your review trigger settings.

memories.md +6 −0

Details

42thread has been idle long enough to avoid summarizing work that's still in42thread has been idle long enough to avoid summarizing work that's still in

43progress.43progress.

44 44

45Memory generation can also skip a background pass when your Codex rate-limit

46remaining percentage is below the configured threshold, so Codex doesn't spend

47quota when you're near a limit.

45## Memory storage49## Memory storage

46 50

47Codex stores memories under your Codex home directory. By default, that's51Codex stores memories under your Codex home directory. By default, that's

82 external context such as MCP tool calls, web search, or tool search out of86 external context such as MCP tool calls, web search, or tool search out of

83 memory generation. The older `memories.no_memories_if_mcp_or_web_search` key87 memory generation. The older `memories.no_memories_if_mcp_or_web_search` key

84 is still accepted as an alias.88 is still accepted as an alias.

89- `memories.min_rate_limit_remaining_percent`: controls the minimum remaining

90 Codex rate-limit percentage required before memory generation starts.

85- `memories.extract_model`: overrides the model used for per-thread memory91- `memories.extract_model`: overrides the model used for per-thread memory

86 extraction.92 extraction.

87- `memories.consolidation_model`: overrides the model used for global memory93- `memories.consolidation_model`: overrides the model used for global memory

migrate.md +79 −0 added

Details

1# Migrate to Codex

3Use the import flow to bring your instructions, configuration, skills, MCP

4servers, hooks, subagents, and recent sessions from another agent into Codex.

5Codex migrates the parts it can handle directly and can open a follow-up thread

6to help migrate anything that remains.

8![Import from another agent in General settings](/images/codex/migrate/import-flow-light.png)

10## Start the migration

121. Open **Settings** in the Codex app.

132. On the **General** page, find **Import other agent setup**.

143. Select **Import** or **Import again**.

154. Review what Codex found, choose what to bring over, then select **Import**.

165. After the import finishes, select **View imported files** if you want to inspect the result.

18## How migration works

20Codex checks both your user-level setup and the current project. User-level

21setup comes from files on your machine; project-level setup comes from files in

22the repository you have open.

24When you import, Codex:

261. Detects the setup it can find.

272. Imports the selected items it can migrate directly.

283. Checks again after the import finishes.

294. Offers to continue the migration in a new thread if anything still needs

30 follow-up work.

32## What Codex can import

34| Detected setup | Codex destination |

35| ------------------------------------- | -------------------------------------- |

36| Instruction files | [`AGENTS.md`](https://developers.openai.com/codex/guides/agents-md) |

37| `settings.json` | [`config.toml`](https://developers.openai.com/codex/config-basic) |

38| Skills | [Codex skills](https://developers.openai.com/codex/skills) |

39| Recent sessions from the last 30 days | Codex threads and projects |

40| MCP server configuration | [Codex MCP configuration](https://developers.openai.com/codex/mcp) |

41| Hooks | [Codex hooks](https://developers.openai.com/codex/hooks) |

42| Slash commands | [Codex skills](https://developers.openai.com/codex/skills) |

43| Subagents | [Codex agents](https://developers.openai.com/codex/subagents) |

45## Finish remaining setup in a new thread

47Some detected setup does not have a clean one-to-one mapping into Codex. For

48those items, Codex can open a new thread with the

49[`migrate-to-codex`](https://github.com/openai/skills/tree/main/skills/.curated/migrate-to-codex)

50skill to help finish the migration.

52When that happens, Codex shows the remaining setup and offers **Continue in

53Codex**.

55![Additional setup found after import](/images/codex/migrate/additional-setup-light.png)

57If you continue, Codex opens a new thread with the remaining work already filled

58in. The thread keeps user-level setup separate from project-level setup so you

59can see where each remaining item belongs.

61![Follow-up migration task in Codex](/images/codex/migrate/continue-with-codex-light.png)

63## What to review after import

65Review any migrated setup before you rely on it, especially:

67- Tool restrictions or permissions in imported skills and agents.

68- MCP server settings that use custom authentication, headers, environment

69 variables, or transports.

70- Hooks whose behavior may differ in Codex.

71- Plugins, marketplaces, or other remaining setup that needs manual follow-up.

72- Prompt templates or command-style prompts that depend on arguments, shell

73 interpolation, or file-path placeholders.

75## After you switch

77Once the import finishes, open one of your migrated projects and continue from

78there. If you are new to Codex, see the [quickstart](https://developers.openai.com/codex/quickstart) for the

79rest of the setup flow.

noninteractive.md +7 −3

Details

50 50

51By default, `codex exec` runs in a read-only sandbox. In automation, set the least permissions needed for the workflow:51By default, `codex exec` runs in a read-only sandbox. In automation, set the least permissions needed for the workflow:

52 52

~~53- Allow edits: `codex exec --full-auto "<task>"`~~53- Allow edits: `codex exec --sandbox workspace-write "<task>"`

54- Allow broader access: `codex exec --sandbox danger-full-access "<task>"`54- Allow broader access: `codex exec --sandbox danger-full-access "<task>"`

55 55

56Use `danger-full-access` only in a controlled environment (for example, an isolated CI runner or container).56Use `danger-full-access` only in a controlled environment (for example, an isolated CI runner or container).

57 57

58Codex keeps `codex exec --full-auto` as a deprecated compatibility flag and prints a warning. Prefer the explicit `--sandbox workspace-write` flag in new scripts.

60Use `--ignore-user-config` when you need a run that doesn't load `$CODEX_HOME/config.toml`, and `--ignore-rules` when you need to skip user and project execpolicy `.rules` files for a controlled automation environment.

58If you configure an enabled MCP server with `required = true` and it fails to initialize, `codex exec` exits with an error instead of continuing without that server.62If you configure an enabled MCP server with `required = true` and it fails to initialize, `codex exec` exits with an error instead of continuing without that server.

59 63

60## Make output machine-readable64## Make output machine-readable

76{"type":"turn.started"}80{"type":"turn.started"}

77{"type":"item.started","item":{"id":"item_1","type":"command_execution","command":"bash -lc ls","status":"in_progress"}}81{"type":"item.started","item":{"id":"item_1","type":"command_execution","command":"bash -lc ls","status":"in_progress"}}

78{"type":"item.completed","item":{"id":"item_3","type":"agent_message","text":"Repo contains docs, sdk, and examples directories."}}82{"type":"item.completed","item":{"id":"item_3","type":"agent_message","text":"Repo contains docs, sdk, and examples directories."}}

~~79{"type":"turn.completed","usage":{"input_tokens":24763,"cached_input_tokens":24448,"output_tokens":122}}~~83{"type":"turn.completed","usage":{"input_tokens":24763,"cached_input_tokens":24448,"output_tokens":122,"reasoning_output_tokens":0}}

80```84```

81 85

82If you only need the final message, write it to a file with `-o <path>`/`--output-last-message <path>`. This writes the final message to the file and still prints it to `stdout` (see [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) for details).86If you only need the final message, write it to a file with `-o <path>`/`--output-last-message <path>`. This writes the final message to the file and still prints it to `stdout` (see [`codex exec`](https://developers.openai.com/codex/cli/reference#codex-exec) for details).

230 234

231 - name: Run Codex235 - name: Run Codex

232 run: |236 run: |

233 codex exec --full-auto --sandbox workspace-write \237 codex exec --sandbox workspace-write \

234 "Read the repository, run the test suite, identify the minimal change needed to make all tests pass, implement only that change, and stop. Do not refactor unrelated files."238 "Read the repository, run the test suite, identify the minimal change needed to make all tests pass, implement only that change, and stop. Do not refactor unrelated files."

235 239

236 - name: Verify tests240 - name: Verify tests

plugins.md +3 −2

Details

44![Plugins list in Codex CLI](/images/codex/plugins/cli_light.png)44![Plugins list in Codex CLI](/images/codex/plugins/cli_light.png)

45 45

46The CLI plugin browser groups plugins by marketplace. Use the marketplace tabs46The CLI plugin browser groups plugins by marketplace. Use the marketplace tabs

~~47to switch sources, open a plugin to inspect details, and press `Space`~~47to switch sources, open a plugin to inspect details, install or uninstall

~~48on an installed plugin to toggle its enabled state.~~48marketplace entries, and press <kbd>Space</kbd> on an installed plugin to toggle

49its enabled state.

49 50

50### Install and use a plugin51### Install and use a plugin

51 52

plugins/build.md +47 −7

Details

304 304

305Every plugin has a manifest at `.codex-plugin/plugin.json`. It can also include305Every plugin has a manifest at `.codex-plugin/plugin.json`. It can also include

306a `skills/` directory, an `.app.json` file that points at one or more apps or306a `skills/` directory, an `.app.json` file that points at one or more apps or

307connectors, an `.mcp.json` file that configures MCP servers, and assets used to307connectors, an `.mcp.json` file that configures MCP servers, lifecycle config,

308present the plugin across supported surfaces.308and assets used to present the plugin across supported surfaces.

309 309

310- my-plugin/310- my-plugin/

311 311

319 - SKILL.md Optional: skill instructions319 - SKILL.md Optional: skill instructions

320 - .app.json Optional: app or connector mappings320 - .app.json Optional: app or connector mappings

321 - .mcp.json Optional: MCP server configuration321 - .mcp.json Optional: MCP server configuration

322 - hooks/

323

324 - hooks.json Optional: lifecycle configuration

322 - assets/ Optional: icons, logos, screenshots325 - assets/ Optional: icons, logos, screenshots

323 326

324Only `plugin.json` belongs in `.codex-plugin/`. Keep `skills/`, `assets/`,327Only `plugin.json` belongs in `.codex-plugin/`. Keep `skills/`, `assets/`,

325`.mcp.json`, and `.app.json` at the plugin root.328`.mcp.json`, `.app.json`, and lifecycle config files at the plugin root.

326 329

327Published plugins typically use a richer manifest than the minimal example that330Published plugins typically use a richer manifest than the minimal example that

328appears in quick-start scaffolds. The manifest has three jobs:331appears in quick-start scaffolds. The manifest has three jobs:

351 "skills": "./skills/",354 "skills": "./skills/",

352 "mcpServers": "./.mcp.json",355 "mcpServers": "./.mcp.json",

353 "apps": "./.app.json",356 "apps": "./.app.json",

357 "hooks": "./hooks/hooks.json",

354 "interface": {358 "interface": {

355 "displayName": "My Plugin",359 "displayName": "My Plugin",

356 "shortDescription": "Reusable skills and apps",360 "shortDescription": "Reusable skills and apps",

384- `name`, `version`, and `description` identify the plugin.388- `name`, `version`, and `description` identify the plugin.

385- `author`, `homepage`, `repository`, `license`, and `keywords` provide389- `author`, `homepage`, `repository`, `license`, and `keywords` provide

386 publisher and discovery metadata.390 publisher and discovery metadata.

387- `skills`, `mcpServers`, and `apps` point to bundled components relative to391- `skills`, `mcpServers`, `apps`, and `hooks` point to bundled components

388 the plugin root.392 relative to the plugin root.

389- `interface` controls how install surfaces present the plugin.393- `interface` controls how install surfaces present the plugin.

390 394

391Use the `interface` object for install-surface metadata:395Use the `interface` object for install-surface metadata:

404- Keep manifest paths relative to the plugin root and start them with `./`.408- Keep manifest paths relative to the plugin root and start them with `./`.

405- Store visual assets such as `composerIcon`, `logo`, and `screenshots` under409- Store visual assets such as `composerIcon`, `logo`, and `screenshots` under

406 `./assets/` when possible.410 `./assets/` when possible.

407- Use `skills` for bundled skill folders, `apps` for `.app.json`, and411- Use `skills` for bundled skill folders, `apps` for `.app.json`,

408 `mcpServers` for `.mcp.json`.412 `mcpServers` for `.mcp.json`, and `hooks` for lifecycle config.

413- If you omit `hooks` and the plugin includes `./hooks/hooks.json`, Codex loads

414 that default lifecycle config automatically.

415

416### Bundled MCP servers and lifecycle config

417

418`mcpServers` can point to an `.mcp.json` file that contains either a direct

419server map or a wrapped `mcp_servers` object.

420

421Direct server map:

422

423```json

424{

425 "docs": {

426 "command": "docs-mcp",

427 "args": ["--stdio"]

428 }

429}

430```

431

432Wrapped server map:

433

434```json

435{

436 "mcp_servers": {

437 "docs": {

438 "command": "docs-mcp",

439 "args": ["--stdio"]

440 }

441 }

442}

443```

444

445`hooks` can point to one lifecycle JSON file, an array of lifecycle JSON files,

446an inline lifecycle object, or an array of inline lifecycle objects. File paths

447must follow the same `./`-prefixed plugin-root path rules as other manifest

448paths. If you omit the manifest field, Codex still checks `./hooks/hooks.json`.

409 449

410### Publish official public plugins450### Publish official public plugins

411 451

quickstart.md +10 −2

Details

45 If you need more inspiration, explore [Codex use cases](https://developers.openai.com/codex/use-cases).45 If you need more inspiration, explore [Codex use cases](https://developers.openai.com/codex/use-cases).

46 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).46 If you’re new to Codex, read the [best practices guide](https://developers.openai.com/codex/learn/best-practices).

47 47

~~48 [Learn more about the Codex app](https://developers.openai.com/codex/app)~~

50Install the Codex extension for your IDE.48Install the Codex extension for your IDE.

51 49

521. Install the Codex extension501. Install the Codex extension

135 ```133 ```

136 134

137 [Learn more about Codex cloud](https://developers.openai.com/codex/cloud)135 [Learn more about Codex cloud](https://developers.openai.com/codex/cloud)

136

137## Next steps

138

139[Learn more about the Codex app

140

141Use the Codex app to work with your local projects.](https://developers.openai.com/codex/app)

142[Migrate to Codex

143

144 Move supported instruction files, MCP server configuration, skills, and

145subagents into Codex.](https://developers.openai.com/codex/migrate)

use-cases/analyze-data-export.md +2 −2

Details

46 46

47## Skills & Plugins47## Skills & Plugins

48 48

~~49- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~49- Spreadsheet

50 50

51 Inspect tabular data, run calculations, and create charts or tables.51 Inspect tabular data, run calculations, and create charts or tables.

52- [Google Sheets](https://developers.openai.com/codex/plugins)52- [Google Sheets](https://developers.openai.com/codex/plugins)

55 55

56| Skill | Why use it |56| Skill | Why use it |

57| --- | --- |57| --- | --- |

~~58| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect tabular data, run calculations, and create charts or tables. |~~58| Spreadsheet | Inspect tabular data, run calculations, and create charts or tables. |

59| [Google Sheets](https://developers.openai.com/codex/plugins) | Analyze approved Google Sheets when the data lives in a shared spreadsheet. |59| [Google Sheets](https://developers.openai.com/codex/plugins) | Analyze approved Google Sheets when the data lives in a shared spreadsheet. |

60 60

61## Starter prompt61## Starter prompt

use-cases/clean-messy-data.md +2 −2

Details

46 46

47## Skills & Plugins47## Skills & Plugins

48 48

~~49- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~49- Spreadsheet

50 50

51 Inspect tabular files, clean columns, and produce reviewable outputs.51 Inspect tabular files, clean columns, and produce reviewable outputs.

52 52

53| Skill | Why use it |53| Skill | Why use it |

54| --- | --- |54| --- | --- |

~~55| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect tabular files, clean columns, and produce reviewable outputs. |~~55| Spreadsheet | Inspect tabular files, clean columns, and produce reviewable outputs. |

56 56

57## Starter prompt57## Starter prompt

58 58

use-cases/collections/game-development.md +2 −2

Details

57 57

58[![](/images/codex/codex-wallpaper-1.webp)58[![](/images/codex/codex-wallpaper-1.webp)

59 59

~~60### Review pull requests faster~~60### Codex code review for GitHub pull requests

61 61

~~62Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~62Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

63 63

64Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)64Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)

use-cases/collections/production-systems.md +2 −2

Details

76 76

77[![](/images/codex/codex-wallpaper-1.webp)77[![](/images/codex/codex-wallpaper-1.webp)

78 78

~~79### Review pull requests faster~~79### Codex code review for GitHub pull requests

80 80

~~81Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~81Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

82 82

83Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)[![](/images/codex/codex-wallpaper-1.webp)83Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)[![](/images/codex/codex-wallpaper-1.webp)

84 84

use-cases/collections/web-development.md +2 −2

Details

63 63

64[![](/images/codex/codex-wallpaper-1.webp)64[![](/images/codex/codex-wallpaper-1.webp)

65 65

~~66### Review pull requests faster~~66### Codex code review for GitHub pull requests

67 67

~~68Use Codex in GitHub to automatically surface regressions, missing tests, and documentation...~~68Use Codex code review in GitHub to automatically surface regressions, missing tests, and...

69 69

70Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)70Integrations Workflow](https://developers.openai.com/codex/use-cases/github-code-reviews)

use-cases/generate-slide-decks.md +12 −12

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [Slides](https://github.com/openai/skills/tree/main/skills/.curated/slides)~~51- Slides

52 52

53 Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks.53 Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks.

~~54- [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen)~~54- ImageGen

55 55

56 Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction.56 Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction.

57 57

58| Skill | Why use it |58| Skill | Why use it |

59| --- | --- |59| --- | --- |

60| [Slides](https://github.com/openai/skills/tree/main/skills/.curated/slides) | Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks. |60| Slides | Create and edit `.pptx` decks in JavaScript with PptxGenJS, bundled helpers, and render and validation scripts for overflow, overlap, and font checks. |

~~61| [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen) | Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction. |~~61| ImageGen | Generate illustrations, cover art, diagrams, and slide visuals that match one reusable visual direction. |

62 62

63## Starter prompt63## Starter prompt

64 64

~~65Use $slides with $imagegen to edit this slide deck in the following way:~~65Use the $slides and $imagegen skills to edit this slide deck in the following way:

66 - If present, add logo.png in the bottom right corner on every slide66 - If present, add logo.png in the bottom right corner on every slide

67- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right67- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right

68- Preserve text as text and simple charts as native PowerPoint charts where practical.68- Preserve text as text and simple charts as native PowerPoint charts where practical.

75 - A copy of the slide deck with the changes applied75 - A copy of the slide deck with the changes applied

76 - notes on which slides were generated, rewritten, or left unchanged76 - notes on which slides were generated, rewritten, or left unchanged

77 77

78[Open in the Codex app](codex://new?prompt=Use+%24slides+with+%24imagegen+to+edit+this+slide+deck+in+the+following+way%3A+%0A-+If+present%2C+add+logo.png+in+the+bottom+right+corner+on+every+slide%0A-+On+slides+X%2C+Y+and+Z%2C+move+the+text+to+the+left+and+use+image+generation+to+generate+an+illustration+%28style%3A+abstract%2C+digital+art%29+on+the+right%0A-+Preserve+text+as+text+and+simple+charts+as+native+PowerPoint+charts+where+practical.%0A-+Add+these+slides%3A+%5Bdescribe+new+slides+here%5D%0A-+Use+the+existing+branding+on+new+slides+and+new+text+%28colors%2C+fonts%2C+layout%2C+etc.%29+%0A-+Render+the+updated+deck+to+slide+images%2C+review+the+output%2C+and+fix+layout+issues+before+delivery.%0A-+Run+overflow+and+font-substitution+checks+before+delivery%2C+especially+if+the+deck+is+dense.%0A-+Save+reusable+prompts+or+generation+notes+when+you+create+a+batch+of+related+images.%0A%0AOutput%3A%0A-+A+copy+of+the+slide+deck+with+the+changes+applied%0A-+notes+on+which+slides+were+generated%2C+rewritten%2C+or+left+unchanged "Open in the Codex app")78[Open in the Codex app](codex://new?prompt=Use+the+%24slides+and+%24imagegen+skills+to+edit+this+slide+deck+in+the+following+way%3A%0A-+If+present%2C+add+logo.png+in+the+bottom+right+corner+on+every+slide%0A-+On+slides+X%2C+Y+and+Z%2C+move+the+text+to+the+left+and+use+image+generation+to+generate+an+illustration+%28style%3A+abstract%2C+digital+art%29+on+the+right%0A-+Preserve+text+as+text+and+simple+charts+as+native+PowerPoint+charts+where+practical.%0A-+Add+these+slides%3A+%5Bdescribe+new+slides+here%5D%0A-+Use+the+existing+branding+on+new+slides+and+new+text+%28colors%2C+fonts%2C+layout%2C+etc.%29+%0A-+Render+the+updated+deck+to+slide+images%2C+review+the+output%2C+and+fix+layout+issues+before+delivery.%0A-+Run+overflow+and+font-substitution+checks+before+delivery%2C+especially+if+the+deck+is+dense.%0A-+Save+reusable+prompts+or+generation+notes+when+you+create+a+batch+of+related+images.%0A%0AOutput%3A%0A-+A+copy+of+the+slide+deck+with+the+changes+applied%0A-+notes+on+which+slides+were+generated%2C+rewritten%2C+or+left+unchanged "Open in the Codex app")

79 79

~~80Use $slides with $imagegen to edit this slide deck in the following way:~~80Use the $slides and $imagegen skills to edit this slide deck in the following way:

81 - If present, add logo.png in the bottom right corner on every slide81 - If present, add logo.png in the bottom right corner on every slide

82- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right82- On slides X, Y and Z, move the text to the left and use image generation to generate an illustration (style: abstract, digital art) on the right

83- Preserve text as text and simple charts as native PowerPoint charts where practical.83- Preserve text as text and simple charts as native PowerPoint charts where practical.

92 92

93## Introduction93## Introduction

94 94

~~95You can use Codex to manipulate PowerPoint decks in a systematic way, using the Slides skill to create and edit decks with PptxGenJS, and using image generation to generate visuals for the slides.~~95You can use Codex to manipulate PowerPoint decks in a systematic way, using the slides system skill, which comes with Codex by default, to create and edit decks with PptxGenJS, and using image generation to generate visuals for the slides.

96 96

97Skills can be installed directly from the Codex app–see our [skills documentation](https://developers.openai.com/codex/skills) for more details.97Skills can be installed directly from the Codex app–see our [skills documentation](https://developers.openai.com/codex/skills) for more details.

98 98

102 102

103If a deck already exists, ask Codex to inspect it before making changes.103If a deck already exists, ask Codex to inspect it before making changes.

104 104

105The slides skill is opinionated here: match the source aspect ratio before you rebuild layout, and default to 16:9 only when the source material does not already define the deck size. If the references are screenshots or a PDF, ask Codex to render or inspect them first so it can compare slide geometry visually instead of guessing.105The slides system skill is opinionated here: match the source aspect ratio before you rebuild layout, and default to 16:9 only when the source material does not already define the deck size. If the references are screenshots or a PDF, ask Codex to render or inspect them first so it can compare slide geometry visually instead of guessing.

106 106

107## Keep the deck editable107## Keep the deck editable

108 108

112 112

113## Generate visuals intentionally113## Generate visuals intentionally

114 114

115Image generation is most useful when the slides need a cover image, a concept illustration, or a lightweight diagram that would otherwise take manual design work. Ask Codex to define the visual direction first, then reuse that direction consistently across the whole deck.115The imagegen system skill is already installed with Codex and is most useful when the slides need a cover image, a concept illustration, or a lightweight diagram that would otherwise take manual design work. Ask Codex to define the visual direction first, then reuse that direction consistently across the whole deck.

116 116

117When several slides need related visuals, have Codex save the prompts or generation notes it used. That makes the deck easier to extend later without starting over stylistically.117When several slides need related visuals, have Codex save the prompts or generation notes it used. That makes the deck easier to extend later without starting over stylistically.

118 118

120 120

121Deck automation works better when Codex treats each slide as its own decision. Some slides should preserve exact copy, some need a stronger headline and cleaner structure, and some should stay mostly untouched apart from asset cleanup or formatting fixes.121Deck automation works better when Codex treats each slide as its own decision. Some slides should preserve exact copy, some need a stronger headline and cleaner structure, and some should stay mostly untouched apart from asset cleanup or formatting fixes.

122 122

123The slides skill also ships with bundled layout helpers. Ask Codex to copy those helpers into the working directory and reuse them instead of reimplementing spacing, text-sizing, and image-placement logic on every deck.123The slides system skill also ships with bundled layout helpers. Ask Codex to copy those helpers into the working directory and reuse them instead of reimplementing spacing, text-sizing, and image-placement logic on every deck.

124 124

125## Validation before delivery125## Validation before delivery

126 126

127Decks are easy to get almost right and still ship with clipped text, substituted fonts, or layout drift that only shows up after export. The slides skill includes scripts to render decks to per-slide PNGs, build a quick montage for review, detect overflow beyond the slide canvas, and report missing or substituted fonts.127Decks are easy to get almost right and still ship with clipped text, substituted fonts, or layout drift that only shows up after export. The slides system skill includes scripts to render decks to per-slide PNGs, build a quick montage for review, detect overflow beyond the slide canvas, and report missing or substituted fonts.

128 128

129Ask Codex to use those checks before it hands back the final deck, especially when slides are dense or margins are tight.129Ask Codex to use those checks before it hands back the final deck, especially when slides are dense or margins are tight.

130 130

use-cases/github-code-reviews.md +8 −7

Details

~~1# Review pull requests faster | Codex use cases~~1# Codex code review for GitHub pull requests | Codex use cases

2 2

3Codex use cases3Codex use cases

4 4

8 8

9Codex use case9Codex use case

10 10

~~11# Review pull requests faster~~11# Codex code review for GitHub pull requests

12 12

13Catch regressions and potential issues before human review.13Catch regressions and potential issues before human review.

14 14

16 16

17Time horizon **5s**17Time horizon **5s**

18 18

~~19Use Codex in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.~~19Use Codex code review in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.

20 20

21## Best for21## Best for

22 22

29 29

30Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/github-code-reviews/?export=pdf)30Copy page [Export as PDF](https://developers.openai.com/codex/use-cases/github-code-reviews/?export=pdf)

31 31

~~32Use Codex in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.~~32Use Codex code review in GitHub to automatically surface regressions, missing tests, and documentation issues directly on a pull request.

33 33

34Easy34Easy

35 35

37 37

38Related links38Related links

39 39

~~40[Use Codex in GitHub](https://developers.openai.com/codex/integrations/github) [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)~~40[Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) [Custom instructions with AGENTS.md](https://developers.openai.com/codex/guides/agents-md)

41 41

42## Best for42## Best for

43 43

62 62

63## How to use63## How to use

64 64

~~65Start by adding Codex code review to your GitHub organization or repository. See [Use Codex in GitHub](https://developers.openai.com/codex/integrations/github) for more details.~~65Start by adding Codex code review to your GitHub organization or repository.

66See [Codex code review in GitHub](https://developers.openai.com/codex/integrations/github) for more details.

66 67

67You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.68You can set up Codex to automatically review every pull request, or you can request a review with `@codex review` in a pull request comment.

68 69

70 71

71This will start a new cloud task that will fix the issue and update the pull request.72This will start a new cloud task that will fix the issue and update the pull request.

72 73

~~73## Define additional guidance~~74## Define review guidance

74 75

75To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:76To customize what Codex reviews, add or update a top-level `AGENTS.md` with a section like this:

76 77

use-cases/ios-liquid-glass.md +1 −1

Details

6 6

7Default options7Default options

8 8

~~9[SwiftUI](https://developer.apple.com/xcode/swiftui/) with `glassEffect`, `GlassEffectContainer`, and glass button styles~~9[SwiftUI](https://developer.apple.com/documentation/swiftui/) with `glassEffect`, `GlassEffectContainer`, and glass button styles

10 10

11Why it's needed11Why it's needed

12 12

use-cases/learn-a-new-concept.md +4 −4

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen)~~51- ImageGen

52 52

~~53 Generate illustrative, non-exact visual assets when a Markdown-native diagram is not enough.~~53 Generate illustrative, non-exact visual assets when a Mermaid diagram is not enough.

54 54

55| Skill | Why use it |55| Skill | Why use it |

56| --- | --- |56| --- | --- |

~~57| [ImageGen](https://github.com/openai/skills/tree/main/skills/.curated/imagegen) | Generate illustrative, non-exact visual assets when a Markdown-native diagram is not enough. |~~57| ImageGen | Generate illustrative, non-exact visual assets when a Mermaid diagram is not enough. |

58 58

59## Starter prompt59## Starter prompt

60 60

163- An experiment map that connects datasets, metrics, baselines, and reported claims.163- An experiment map that connects datasets, metrics, baselines, and reported claims.

164- A limitations diagram that separates assumptions, failure modes, and open questions.164- A limitations diagram that separates assumptions, failure modes, and open questions.

165 165

166For Markdown-first reports, ask for Mermaid when the destination supports it, or a small checked-in SVG/PNG asset when it does not. Ask Codex to use imagegen only when you need an illustrative, non-exact visual or something that doesn’t fit in a Markdown-native diagram.166For Markdown-first reports, ask for Mermaid when the destination supports it, or a small checked-in SVG/PNG asset when it does not. Ask Codex to use the imagegen system skill, which comes with Codex by default, only when you need an illustrative, non-exact visual or something that doesn't fit in a Markdown-native diagram.

167 167

168## Write the Markdown report168## Write the Markdown report

169 169

use-cases/new-hire-onboarding.md +3 −3

Details

48 48

49## Skills & Plugins49## Skills & Plugins

50 50

~~51- [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet)~~51- Spreadsheet

52 52

~~53 Inspect CSV, TSV, and Excel trackers; stage spreadsheet updates; and review tabular operations data before it becomes a source of truth.~~53 Inspect CSV, TSV, and Excel trackers, stage spreadsheet updates, and review tabular operations data before it becomes a source of truth.

54- [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive)54- [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive)

55 55

56 Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context.56 Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context.

60 60

61| Skill | Why use it |61| Skill | Why use it |

62| --- | --- |62| --- | --- |

63| [Spreadsheet](https://github.com/openai/skills/tree/main/skills/.curated/spreadsheet) | Inspect CSV, TSV, and Excel trackers; stage spreadsheet updates; and review tabular operations data before it becomes a source of truth. |63| Spreadsheet | Inspect CSV, TSV, and Excel trackers, stage spreadsheet updates, and review tabular operations data before it becomes a source of truth. |

64| [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive) | Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context. |64| [Google Drive](https://github.com/openai/plugins/tree/main/plugins/google-drive) | Bring approved docs, tracker templates, exports, and shared onboarding folders into the task context. |

65| [Notion](https://github.com/openai/plugins/tree/main/plugins/notion) | Reference onboarding plans, project pages, checklists, and team wikis that already live in Notion. |65| [Notion](https://github.com/openai/plugins/tree/main/plugins/notion) | Reference onboarding plans, project pages, checklists, and team wikis that already live in Notion. |

66 66

use-cases/refactor-your-codebase.md +1 −1

Details

115 115

116## Use skills for repeatable patterns116## Use skills for repeatable patterns

117 117

118[Skills](https://developers.openai.com/codex/guides/skills) are useful when the same cleanup rules repeat across repos, services, or teams. Use framework-specific skills when available, add security and CI skills around risky cleanups, and create a team skill when you have a proven checklist for unused-code removal, module extraction, or legacy-pattern modernization.118[Skills](https://developers.openai.com/codex/skills) are useful when the same cleanup rules repeat across repos, services, or teams. Use framework-specific skills when available, add security and CI skills around risky cleanups, and create a team skill when you have a proven checklist for unused-code removal, module extraction, or legacy-pattern modernization.

119If you end up doing the same modernization pass across more than one codebase, Codex can help turn the first successful pass into a reusable skill.119If you end up doing the same modernization pass across more than one codebase, Codex can help turn the first successful pass into a reusable skill.

120 120

121## Related use cases121## Related use cases

OpenAI - Codex Docs Changes 2026-04-25 06:37 UTC → 2026-05-02 06:45 UTC