config-advanced.md +70 −20
88 88
89Relative paths inside a project config (for example, `model_instructions_file`) are resolved relative to the `.codex/` folder that contains the `config.toml`.89Relative paths inside a project config (for example, `model_instructions_file`) are resolved relative to the `.codex/` folder that contains the `config.toml`.
90 90
9191## Hooks (experimental)Project config files can't override settings that redirect credentials, change
92provider auth, or run machine-local notification/telemetry commands.
93Codex ignores the following keys in project-local `.codex/config.toml` and
94prints a startup warning when it sees them: `openai_base_url`,
95`chatgpt_base_url`, `model_provider`, `model_providers`, `notify`, `profile`,
96`profiles`, `experimental_realtime_ws_base_url`, and `otel`. Set those keys in
97your user-level `~/.codex/config.toml` instead.
98
99## Hooks
92 100
93Codex can also load lifecycle hooks from either `hooks.json` files or inline101Codex can also load lifecycle hooks from either `hooks.json` files or inline
94`[hooks]` tables in `config.toml` files that sit next to active config layers.102`[hooks]` tables in `config.toml` files that sit next to active config layers.
95 103
96104In practice, the two most useful locations are:In practice, the four most useful locations are:
97 105
98- `~/.codex/hooks.json`106- `~/.codex/hooks.json`
99- `~/.codex/config.toml`107- `~/.codex/config.toml`
103Project-local hooks load only when the project `.codex/` layer is trusted.111Project-local hooks load only when the project `.codex/` layer is trusted.
104User-level hooks remain independent of project trust.112User-level hooks remain independent of project trust.
105 113
106Turn hooks on with:
107
108```toml
109[features]
110codex_hooks = true
111```
112
113Inline TOML hooks use the same event structure as `hooks.json`:114Inline TOML hooks use the same event structure as `hooks.json`:
114 115
115```toml116```toml
196 197
197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.198The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.
198 199
200### Amazon Bedrock provider
201
202Codex includes a built-in `amazon-bedrock` model provider. Set it directly as
203`model_provider`; unlike custom providers, this built-in provider supports only
204the nested AWS profile and region overrides.
205
206```toml
207model_provider = "amazon-bedrock"
208model = "<bedrock-model-id>"
209
210[model_providers.amazon-bedrock.aws]
211profile = "default"
212region = "eu-central-1"
213```
214
215If you omit `profile`, Codex uses the standard AWS credential chain. Set
216`region` to the supported Bedrock region that should handle requests.
217
199## OSS mode (local providers)218## OSS mode (local providers)
200 219
201Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.220Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.
285"""304"""
286```305```
287 306
307### Named permission profiles
308
309Set `default_permissions` to reuse a sandbox profile by name. Codex includes
310the built-in profiles `:read-only`, `:workspace`, and `:danger-no-sandbox`:
311
312```toml
313default_permissions = ":workspace"
314```
315
316For custom profiles, point `default_permissions` at a name you define under
317`[permissions.<name>]`:
318
319```toml
320default_permissions = "workspace"
321
322[permissions.workspace.filesystem]
323":project_roots" = { "." = "write", "**/*.env" = "none" }
324glob_scan_max_depth = 3
325
326[permissions.workspace.network]
327enabled = true
328mode = "limited"
329
330[permissions.workspace.network.domains]
331"api.openai.com" = "allow"
332```
333
334Use built-in names with a leading colon. Custom names don't use a leading
335colon and must have matching `permissions` tables.
336
288Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).337Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).
289 338
290In workspace-write mode, some environments keep `.git/` and `.codex/`339In workspace-write mode, some environments keep `.git/` and `.codex/`
291 read-only even when the rest of the workspace is writable. This is why340 read-only even when the rest of the workspace is writable. This is why
292 commands like `git commit` may still require approval to run outside the341 commands like `git commit` may still require approval to run outside the
293342sandbox. If you want Codex to skip specific commands (for example, block `git commit` outside the sandbox), use sandbox. If you want Codex to skip specific commands (for example, block `git
294343[rules](https://developers.openai.com/codex/rules). commit` outside the sandbox), use
344 <a href="/codex/rules">rules</a>.
295 345
296Disable sandboxing entirely (use only if your environment already isolates processes):346Disable sandboxing entirely (use only if your environment already isolates processes):
297 347
369Each metric below also includes default metadata tags: `auth_mode`, `originator`, `session_source`, `model`, and `app.version`.419Each metric below also includes default metadata tags: `auth_mode`, `originator`, `session_source`, `model`, and `app.version`.
370 420
371| Metric | Type | Fields | Description |421| Metric | Type | Fields | Description |
372422| --- | --- | --- | --- || ------------------------------------- | --------- | ------------------- | ----------------------------------------------------------------- |
373| `codex.api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |423| `codex.api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |
374| `codex.api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |424| `codex.api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |
375| `codex.sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |425| `codex.sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |
411#### Runtime and model transport461#### Runtime and model transport
412 462
413| Metric | Type | Fields | Description |463| Metric | Type | Fields | Description |
414464| --- | --- | --- | --- || ----------------------------------------------- | --------- | -------------------- | ------------------------------------------------------------ |
415| `api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |465| `api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |
416| `api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |466| `api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |
417| `sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |467| `sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |
420| `websocket.request.duration_ms` | histogram | `success` | WebSocket request duration in milliseconds. |470| `websocket.request.duration_ms` | histogram | `success` | WebSocket request duration in milliseconds. |
421| `websocket.event` | counter | `kind`, `success` | WebSocket message/event count by type and success/failure. |471| `websocket.event` | counter | `kind`, `success` | WebSocket message/event count by type and success/failure. |
422| `websocket.event.duration_ms` | histogram | `kind`, `success` | WebSocket message/event processing duration in milliseconds. |472| `websocket.event.duration_ms` | histogram | `kind`, `success` | WebSocket message/event processing duration in milliseconds. |
423473| `responses_api_overhead.duration_ms` | histogram | | Responses API overhead timing from websocket responses. || `responses_api_overhead.duration_ms` | histogram | | Responses API overhead timing from WebSocket responses. |
424474| `responses_api_inference_time.duration_ms` | histogram | | Responses API inference timing from websocket responses. || `responses_api_inference_time.duration_ms` | histogram | | Responses API inference timing from WebSocket responses. |
425| `responses_api_engine_iapi_ttft.duration_ms` | histogram | | Responses API engine IAPI time-to-first-token timing. |475| `responses_api_engine_iapi_ttft.duration_ms` | histogram | | Responses API engine IAPI time-to-first-token timing. |
426| `responses_api_engine_service_ttft.duration_ms` | histogram | | Responses API engine service time-to-first-token timing. |476| `responses_api_engine_service_ttft.duration_ms` | histogram | | Responses API engine service time-to-first-token timing. |
427| `responses_api_engine_iapi_tbt.duration_ms` | histogram | | Responses API engine IAPI time-between-token timing. |477| `responses_api_engine_iapi_tbt.duration_ms` | histogram | | Responses API engine IAPI time-between-token timing. |
441#### Turn and tool activity491#### Turn and tool activity
442 492
443| Metric | Type | Fields | Description |493| Metric | Type | Fields | Description |
444494| --- | --- | --- | --- || -------------------------------------- | --------- | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
445| `turn.e2e_duration_ms` | histogram | | End-to-end time for a full turn. |495| `turn.e2e_duration_ms` | histogram | | End-to-end time for a full turn. |
446| `turn.ttft.duration_ms` | histogram | | Time to first token for a turn. |496| `turn.ttft.duration_ms` | histogram | | Time to first token for a turn. |
447| `turn.ttfm.duration_ms` | histogram | | Time to first model output item for a turn. |497| `turn.ttfm.duration_ms` | histogram | | Time to first model output item for a turn. |
456| `mcp.call` | counter | See note | MCP tool invocation result. |506| `mcp.call` | counter | See note | MCP tool invocation result. |
457| `mcp.call.duration_ms` | histogram | See note | MCP tool invocation duration. |507| `mcp.call.duration_ms` | histogram | See note | MCP tool invocation duration. |
458| `mcp.tools.list.duration_ms` | histogram | `cache` | MCP tool-list duration, including cache hit/miss state. |508| `mcp.tools.list.duration_ms` | histogram | `cache` | MCP tool-list duration, including cache hit/miss state. |
459509| `mcp.tools.fetch_uncached.duration_ms` | histogram | | Duration of uncached MCP tool fetches. || `mcp.tools.fetch_uncached.duration_ms` | histogram | | Duration of MCP tool fetches that miss the cache. |
460| `mcp.tools.cache_write.duration_ms` | histogram | | Duration of Codex Apps MCP tool-cache writes. |510| `mcp.tools.cache_write.duration_ms` | histogram | | Duration of Codex Apps MCP tool-cache writes. |
461| `hooks.run` | counter | `hook_name`, `source`, `status` | Hook run count by hook name, source, and status. |511| `hooks.run` | counter | `hook_name`, `source`, `status` | Hook run count by hook name, source, and status. |
462| `hooks.run.duration_ms` | histogram | `hook_name`, `source`, `status` | Hook run duration in milliseconds. |512| `hooks.run.duration_ms` | histogram | `hook_name`, `source`, `status` | Hook run duration in milliseconds. |
466#### Threads, tasks, and features516#### Threads, tasks, and features
467 517
468| Metric | Type | Fields | Description |518| Metric | Type | Fields | Description |
469519| --- | --- | --- | --- || --------------------------------- | --------- | --------------------- | -------------------------------------------------------------------------------- |
470| `feature.state` | counter | `feature`, `value` | Feature values that differ from defaults (emit one row per non-default). |520| `feature.state` | counter | `feature`, `value` | Feature values that differ from defaults (emit one row per non-default). |
471| `status_line` | counter | | Session started with a configured status line. |521| `status_line` | counter | | Session started with a configured status line. |
472| `model_warning` | counter | | Warning sent to the model. |522| `model_warning` | counter | | Warning sent to the model. |
496#### Memory and local state546#### Memory and local state
497 547
498| Metric | Type | Fields | Description |548| Metric | Type | Fields | Description |
499549| --- | --- | --- | --- || ------------------------------ | --------- | ------------------------- | --------------------------------------------------------- |
500| `memory.phase1` | counter | `status` | Memory phase 1 job counts by status. |550| `memory.phase1` | counter | `status` | Memory phase 1 job counts by status. |
501| `memory.phase1.e2e_ms` | histogram | | End-to-end duration for memory phase 1. |551| `memory.phase1.e2e_ms` | histogram | | End-to-end duration for memory phase 1. |
502| `memory.phase1.output` | counter | | Memory phase 1 outputs written. |552| `memory.phase1.output` | counter | | Memory phase 1 outputs written. |
517#### Windows sandbox567#### Windows sandbox
518 568
519| Metric | Type | Fields | Description |569| Metric | Type | Fields | Description |
520570| --- | --- | --- | --- || ------------------------------------------------ | --------- | ----------------------------------------- | ----------------------------------------------------- |
521| `windows_sandbox.setup_success` | counter | `originator`, `mode` | Windows sandbox setup successes. |571| `windows_sandbox.setup_success` | counter | `originator`, `mode` | Windows sandbox setup successes. |
522| `windows_sandbox.setup_failure` | counter | `originator`, `mode` | Windows sandbox setup failures. |572| `windows_sandbox.setup_failure` | counter | `originator`, `mode` | Windows sandbox setup failures. |
523| `windows_sandbox.setup_duration_ms` | histogram | `result`, `originator`, `mode` | Windows sandbox setup duration. |573| `windows_sandbox.setup_duration_ms` | histogram | `result`, `originator`, `mode` | Windows sandbox setup duration. |