config-advanced.md +57 −8
196 196
197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.197The auth command receives no `stdin` and must print the token to stdout. Codex trims surrounding whitespace, treats an empty token as an error, and refreshes proactively at `refresh_interval_ms`; set `refresh_interval_ms = 0` to refresh only after an authentication retry. Don't combine `[model_providers.<id>.auth]` with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.
198 198
199### Amazon Bedrock provider
200
201Codex includes a built-in `amazon-bedrock` model provider. Set it directly as
202`model_provider`; unlike custom providers, this built-in provider supports only
203the nested AWS profile and region overrides.
204
205```toml
206model_provider = "amazon-bedrock"
207model = "<bedrock-model-id>"
208
209[model_providers.amazon-bedrock.aws]
210profile = "default"
211region = "eu-central-1"
212```
213
214If you omit `profile`, Codex uses the standard AWS credential chain. Set
215`region` to the supported Bedrock region that should handle requests.
216
199## OSS mode (local providers)217## OSS mode (local providers)
200 218
201Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.219Codex can run against a local "open source" provider (for example, Ollama or LM Studio) when you pass `--oss`. If you pass `--oss` without specifying a provider, Codex uses `oss_provider` as the default.
285"""303"""
286```304```
287 305
306### Named permission profiles
307
308Set `default_permissions` to reuse a sandbox profile by name. Codex includes
309the built-in profiles `:read-only`, `:workspace`, and `:danger-no-sandbox`:
310
311```toml
312default_permissions = ":workspace"
313```
314
315For custom profiles, point `default_permissions` at a name you define under
316`[permissions.<name>]`:
317
318```toml
319default_permissions = "workspace"
320
321[permissions.workspace.filesystem]
322":project_roots" = { "." = "write", "**/*.env" = "none" }
323glob_scan_max_depth = 3
324
325[permissions.workspace.network]
326enabled = true
327mode = "limited"
328
329[permissions.workspace.network.domains]
330"api.openai.com" = "allow"
331```
332
333Use built-in names with a leading colon. Custom names don't use a leading
334colon and must have matching `permissions` tables.
335
288Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).336Need the complete key list (including profile-scoped overrides and requirements constraints)? See [Configuration Reference](https://developers.openai.com/codex/config-reference) and [Managed configuration](https://developers.openai.com/codex/enterprise/managed-configuration).
289 337
290In workspace-write mode, some environments keep `.git/` and `.codex/`338In workspace-write mode, some environments keep `.git/` and `.codex/`
291 read-only even when the rest of the workspace is writable. This is why339 read-only even when the rest of the workspace is writable. This is why
292 commands like `git commit` may still require approval to run outside the340 commands like `git commit` may still require approval to run outside the
293341sandbox. If you want Codex to skip specific commands (for example, block `git commit` outside the sandbox), use sandbox. If you want Codex to skip specific commands (for example, block `git
294342[rules](https://developers.openai.com/codex/rules). commit` outside the sandbox), use
343 <a href="/codex/rules">rules</a>.
295 344
296Disable sandboxing entirely (use only if your environment already isolates processes):345Disable sandboxing entirely (use only if your environment already isolates processes):
297 346
369Each metric below also includes default metadata tags: `auth_mode`, `originator`, `session_source`, `model`, and `app.version`.418Each metric below also includes default metadata tags: `auth_mode`, `originator`, `session_source`, `model`, and `app.version`.
370 419
371| Metric | Type | Fields | Description |420| Metric | Type | Fields | Description |
372421| --- | --- | --- | --- || ------------------------------------- | --------- | ------------------- | ----------------------------------------------------------------- |
373| `codex.api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |422| `codex.api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |
374| `codex.api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |423| `codex.api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |
375| `codex.sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |424| `codex.sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |
411#### Runtime and model transport460#### Runtime and model transport
412 461
413| Metric | Type | Fields | Description |462| Metric | Type | Fields | Description |
414463| --- | --- | --- | --- || ----------------------------------------------- | --------- | -------------------- | ------------------------------------------------------------ |
415| `api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |464| `api_request` | counter | `status`, `success` | API request count by HTTP status and success/failure. |
416| `api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |465| `api_request.duration_ms` | histogram | `status`, `success` | API request duration in milliseconds. |
417| `sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |466| `sse_event` | counter | `kind`, `success` | SSE event count by event kind and success/failure. |
441#### Turn and tool activity490#### Turn and tool activity
442 491
443| Metric | Type | Fields | Description |492| Metric | Type | Fields | Description |
444493| --- | --- | --- | --- || -------------------------------------- | --------- | ------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
445| `turn.e2e_duration_ms` | histogram | | End-to-end time for a full turn. |494| `turn.e2e_duration_ms` | histogram | | End-to-end time for a full turn. |
446| `turn.ttft.duration_ms` | histogram | | Time to first token for a turn. |495| `turn.ttft.duration_ms` | histogram | | Time to first token for a turn. |
447| `turn.ttfm.duration_ms` | histogram | | Time to first model output item for a turn. |496| `turn.ttfm.duration_ms` | histogram | | Time to first model output item for a turn. |
466#### Threads, tasks, and features515#### Threads, tasks, and features
467 516
468| Metric | Type | Fields | Description |517| Metric | Type | Fields | Description |
469518| --- | --- | --- | --- || --------------------------------- | --------- | --------------------- | -------------------------------------------------------------------------------- |
470| `feature.state` | counter | `feature`, `value` | Feature values that differ from defaults (emit one row per non-default). |519| `feature.state` | counter | `feature`, `value` | Feature values that differ from defaults (emit one row per non-default). |
471| `status_line` | counter | | Session started with a configured status line. |520| `status_line` | counter | | Session started with a configured status line. |
472| `model_warning` | counter | | Warning sent to the model. |521| `model_warning` | counter | | Warning sent to the model. |
496#### Memory and local state545#### Memory and local state
497 546
498| Metric | Type | Fields | Description |547| Metric | Type | Fields | Description |
499548| --- | --- | --- | --- || ------------------------------ | --------- | ------------------------- | --------------------------------------------------------- |
500| `memory.phase1` | counter | `status` | Memory phase 1 job counts by status. |549| `memory.phase1` | counter | `status` | Memory phase 1 job counts by status. |
501| `memory.phase1.e2e_ms` | histogram | | End-to-end duration for memory phase 1. |550| `memory.phase1.e2e_ms` | histogram | | End-to-end duration for memory phase 1. |
502| `memory.phase1.output` | counter | | Memory phase 1 outputs written. |551| `memory.phase1.output` | counter | | Memory phase 1 outputs written. |
517#### Windows sandbox566#### Windows sandbox
518 567
519| Metric | Type | Fields | Description |568| Metric | Type | Fields | Description |
520569| --- | --- | --- | --- || ------------------------------------------------ | --------- | ----------------------------------------- | ----------------------------------------------------- |
521| `windows_sandbox.setup_success` | counter | `originator`, `mode` | Windows sandbox setup successes. |570| `windows_sandbox.setup_success` | counter | `originator`, `mode` | Windows sandbox setup successes. |
522| `windows_sandbox.setup_failure` | counter | `originator`, `mode` | Windows sandbox setup failures. |571| `windows_sandbox.setup_failure` | counter | `originator`, `mode` | Windows sandbox setup failures. |
523| `windows_sandbox.setup_duration_ms` | histogram | `result`, `originator`, `mode` | Windows sandbox setup duration. |572| `windows_sandbox.setup_duration_ms` | histogram | `result`, `originator`, `mode` | Windows sandbox setup duration. |