SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-02-19 20:37 UTC → 2026-04-24 18:20 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
19 Feb 2026, 20:37
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
24 Apr 2026, 18:20
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +1293 −276

Details

1# Configuration Reference1# Configuration Reference

2 2 

3Complete reference for Codex config.toml and requirements.toml

4 

5Use this page as a searchable reference for Codex configuration files. For conceptual guidance and examples, start with [Config basics](https://developers.openai.com/codex/config-basic) and [Advanced Config](https://developers.openai.com/codex/config-advanced).3Use this page as a searchable reference for Codex configuration files. For conceptual guidance and examples, start with [Config basics](https://developers.openai.com/codex/config-basic) and [Advanced Config](https://developers.openai.com/codex/config-advanced).

6 4 

7## `config.toml`5## `config.toml`

8 6 

9User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

10 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 

11| Key | Type / Values | Details |11| Key | Type / Values | Details |

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

16| `approval_policy` | `untrusted | on-request | never` | Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

17| `apps.<id>.disabled_reason` | `unknown | user` | Optional reason attached when an app/connector is disabled. |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |

32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |

33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |

18| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |

35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

19| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

20| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

21| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

22| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

23| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

24| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

25| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

26| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

27| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

28| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

29| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

30| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` (under development; off by default). |

31| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

32| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

33| `features.elevated_windows_sandbox` | `boolean` | Enable the elevated Windows sandbox pipeline (experimental). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

34| `features.experimental_windows_sandbox` | `boolean` | Run the Windows restricted-token sandbox (experimental). |55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

35| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default). |

36| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

37| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

38| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

39| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

40| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

41| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

42| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

43| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

44| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

45| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

46| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

47| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

48| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

53| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

54| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

55| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

56| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

57| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |73| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

58| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |74| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

59| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |75| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

76| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |

60| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |77| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |

61| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |78| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |

62| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |79| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |

67| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |84| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

68| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |85| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

69| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |86| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

70| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |87| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

88| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

71| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |89| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

90| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

72| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |91| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

92| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

73| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |93| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

74| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |94| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

75| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |95| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

76| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |96| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

77| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |97| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

98| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

99| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

100| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

101| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

102| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

103| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

104| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

105| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

106| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

107| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

78| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |108| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

109| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

79| `model_context_window` | `number` | Context window tokens available to the active model. |110| `model_context_window` | `number` | Context window tokens available to the active model. |

80| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |111| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

81| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |112| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

113| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

114| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

115| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

116| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

117| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

118| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

119| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

82| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |120| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

83| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |121| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

84| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |122| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

91| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |129| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

92| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |130| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

93| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |131| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

94| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |132| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

133| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

95| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |134| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

96| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |135| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

97| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |136| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

98| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |137| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

99| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |138| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

100| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |139| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

101| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |140| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

103| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |142| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

104| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |143| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

105| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |144| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

145| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

106| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |146| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

107| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |147| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

108| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |148| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

113| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |153| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

114| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |154| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

115| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |155| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

156| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

116| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |157| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

117| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |158| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

118| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |159| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

120| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |161| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

121| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |162| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

122| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |163| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

164| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

165| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

166| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

167| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

168| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

169| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

170| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

171| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

172| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

173| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

174| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

175| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

176| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

177| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

178| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

179| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

123| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |180| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

181| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

124| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |182| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

125| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |183| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

126| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |184| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

127| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |185| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

128| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |186| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

187| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

129| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |188| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

130| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |189| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

190| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

191| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

192| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

131| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |193| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

194| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

132| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |195| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

133| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |196| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

134| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |197| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

135| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |198| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

136| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |199| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

137| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |200| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

138| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |201| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

139| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |202| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

140| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |203| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

141| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |204| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

205| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

142| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |206| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

143| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |207| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

144| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |208| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

149| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |213| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |

150| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |214| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |

151| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |215| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |

216| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

152| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |217| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

153| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |218| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

154| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |219| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

220| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

221| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

155| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |222| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

156| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |223| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

157| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |224| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

158| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |225| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

226| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

227| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

159| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |228| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

160| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |229| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

161| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |230| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

231| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

232| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

162| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |233| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

163| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |234| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

235| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

236| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

164 237 

165Key238Key

166 239 

188 261 

189Key262Key

190 263 

191`agents.max_threads`264`agents.<name>.nickname_candidates`

192 265 

193Type / Values266Type / Values

194 267 

195`number`268`array<string>`

196 269 

197Details270Details

198 271 

199Maximum number of agent threads that can be open concurrently.272Optional pool of display nicknames for spawned agents in that role.

200 273 

201Key274Key

202 275 

203`approval_policy`276`agents.job_max_runtime_seconds`

204 277 

205Type / Values278Type / Values

206 279 

207`untrusted | on-request | never`280`number`

208 281 

209Details282Details

210 283 

211Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.284Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.

212 285 

213Key286Key

214 287 

215`apps.<id>.disabled_reason`288`agents.max_depth`

216 289 

217Type / Values290Type / Values

218 291 

219`unknown | user`292`number`

220 293 

221Details294Details

222 295 

223Optional reason attached when an app/connector is disabled.296Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).

224 297 

225Key298Key

226 299 

227`apps.<id>.enabled`300`agents.max_threads`

228 301 

229Type / Values302Type / Values

230 303 

231`boolean`304`number`

232 305 

233Details306Details

234 307 

235Enable or disable a specific app/connector by id (default: true).308Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

236 309 

237Key310Key

238 311 

239`chatgpt_base_url`312`allow_login_shell`

240 313 

241Type / Values314Type / Values

242 315 

243`string`316`boolean`

244 317 

245Details318Details

246 319 

247Override the base URL used during the ChatGPT login flow.320Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.

248 321 

249Key322Key

250 323 

251`check_for_update_on_startup`324`analytics.enabled`

252 325 

253Type / Values326Type / Values

254 327 

256 329 

257Details330Details

258 331 

259Check for Codex updates on startup (set to false only when updates are centrally managed).332Enable or disable analytics for this machine/profile. When unset, the client default applies.

260 333 

261Key334Key

262 335 

263`cli_auth_credentials_store`336`approval_policy`

264 337 

265Type / Values338Type / Values

266 339 

267`file | keyring | auto`340`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

268 341 

269Details342Details

270 343 

271Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).344Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

272 345 

273Key346Key

274 347 

275`compact_prompt`348`approval_policy.granular.mcp_elicitations`

276 349 

277Type / Values350Type / Values

278 351 

279`string`352`boolean`

280 353 

281Details354Details

282 355 

283Inline override for the history compaction prompt.356When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

284 357 

285Key358Key

286 359 

287`developer_instructions`360`approval_policy.granular.request_permissions`

288 361 

289Type / Values362Type / Values

290 363 

291`string`364`boolean`

292 365 

293Details366Details

294 367 

295Additional developer instructions injected into the session (optional).368When `true`, prompts from the `request_permissions` tool are allowed to surface.

296 369 

297Key370Key

298 371 

299`disable_paste_burst`372`approval_policy.granular.rules`

300 373 

301Type / Values374Type / Values

302 375 

304 377 

305Details378Details

306 379 

307Disable burst-paste detection in the TUI.380When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

308 381 

309Key382Key

310 383 

311`experimental_compact_prompt_file`384`approval_policy.granular.sandbox_approval`

312 385 

313Type / Values386Type / Values

314 387 

315`string (path)`388`boolean`

316 389 

317Details390Details

318 391 

319Load the compaction prompt override from a file (experimental).392When `true`, sandbox escalation approval prompts are allowed to surface.

320 393 

321Key394Key

322 395 

323`experimental_use_freeform_apply_patch`396`approval_policy.granular.skill_approval`

324 397 

325Type / Values398Type / Values

326 399 

328 401 

329Details402Details

330 403 

331Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.404When `true`, skill-script approval prompts are allowed to surface.

332 405 

333Key406Key

334 407 

335`experimental_use_unified_exec_tool`408`approvals_reviewer`

336 409 

337Type / Values410Type / Values

338 411 

339`boolean`412`user | auto_review`

340 413 

341Details414Details

342 415 

343Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.416Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

344 417 

345Key418Key

346 419 

347`features.apply_patch_freeform`420`apps._default.destructive_enabled`

348 421 

349Type / Values422Type / Values

350 423 

352 425 

353Details426Details

354 427 

355Expose the freeform `apply_patch` tool (experimental).428Default allow/deny for app tools with `destructive_hint = true`.

356 429 

357Key430Key

358 431 

359`features.apps`432`apps._default.enabled`

360 433 

361Type / Values434Type / Values

362 435 

364 437 

365Details438Details

366 439 

367Enable ChatGPT Apps/connectors support (experimental).440Default app enabled state for all apps unless overridden per app.

368 441 

369Key442Key

370 443 

371`features.apps_mcp_gateway`444`apps._default.open_world_enabled`

372 445 

373Type / Values446Type / Values

374 447 

376 449 

377Details450Details

378 451 

379Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).452Default allow/deny for app tools with `open_world_hint = true`.

380 453 

381Key454Key

382 455 

383`features.child_agents_md`456`apps.<id>.default_tools_approval_mode`

384 457 

385Type / Values458Type / Values

386 459 

387`boolean`460`auto | prompt | approve`

388 461 

389Details462Details

390 463 

391Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).464Default approval behavior for tools in this app unless a per-tool override exists.

392 465 

393Key466Key

394 467 

395`features.collaboration_modes`468`apps.<id>.default_tools_enabled`

396 469 

397Type / Values470Type / Values

398 471 

400 473 

401Details474Details

402 475 

403Enable collaboration modes such as plan mode (stable; on by default).476Default enabled state for tools in this app unless a per-tool override exists.

404 477 

405Key478Key

406 479 

407`features.elevated_windows_sandbox`480`apps.<id>.destructive_enabled`

408 481 

409Type / Values482Type / Values

410 483 

412 485 

413Details486Details

414 487 

415Enable the elevated Windows sandbox pipeline (experimental).488Allow or block tools in this app that advertise `destructive_hint = true`.

416 489 

417Key490Key

418 491 

419`features.experimental_windows_sandbox`492`apps.<id>.enabled`

420 493 

421Type / Values494Type / Values

422 495 

424 497 

425Details498Details

426 499 

427Run the Windows restricted-token sandbox (experimental).500Enable or disable a specific app/connector by id (default: true).

428 501 

429Key502Key

430 503 

431`features.multi_agent`504`apps.<id>.open_world_enabled`

432 505 

433Type / Values506Type / Values

434 507 

436 509 

437Details510Details

438 511 

439Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default).512Allow or block tools in this app that advertise `open_world_hint = true`.

440 513 

441Key514Key

442 515 

443`features.personality`516`apps.<id>.tools.<tool>.approval_mode`

444 517 

445Type / Values518Type / Values

446 519 

447`boolean`520`auto | prompt | approve`

448 521 

449Details522Details

450 523 

451Enable personality selection controls (stable; on by default).524Per-tool approval behavior override for a single app tool.

452 525 

453Key526Key

454 527 

455`features.powershell_utf8`528`apps.<id>.tools.<tool>.enabled`

456 529 

457Type / Values530Type / Values

458 531 

460 533 

461Details534Details

462 535 

463Force PowerShell UTF-8 output (defaults to true).536Per-tool enabled override for an app tool (for example `repos/list`).

464 537 

465Key538Key

466 539 

467`features.remote_models`540`auto_review.policy`

468 541 

469Type / Values542Type / Values

470 543 

471`boolean`544`string`

472 545 

473Details546Details

474 547 

475Refresh remote model list before showing readiness (experimental).548Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

476 549 

477Key550Key

478 551 

479`features.request_rule`552`background_terminal_max_timeout`

480 553 

481Type / Values554Type / Values

482 555 

483`boolean`556`number`

484 557 

485Details558Details

486 559 

487Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).560Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.

488 561 

489Key562Key

490 563 

491`features.runtime_metrics`564`chatgpt_base_url`

492 565 

493Type / Values566Type / Values

494 567 

495`boolean`568`string`

496 569 

497Details570Details

498 571 

499Show runtime metrics summary in TUI turn separators (experimental).572Override the base URL used during the ChatGPT login flow.

500 573 

501Key574Key

502 575 

503`features.search_tool`576`check_for_update_on_startup`

504 577 

505Type / Values578Type / Values

506 579 

508 581 

509Details582Details

510 583 

511Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).584Check for Codex updates on startup (set to false only when updates are centrally managed).

512 585 

513Key586Key

514 587 

515`features.shell_snapshot`588`cli_auth_credentials_store`

516 589 

517Type / Values590Type / Values

518 591 

519`boolean`592`file | keyring | auto`

520 593 

521Details594Details

522 595 

523Snapshot shell environment to speed up repeated commands (beta).596Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).

524 597 

525Key598Key

526 599 

527`features.shell_tool`600`commit_attribution`

528 601 

529Type / Values602Type / Values

530 603 

531`boolean`604`string`

532 605 

533Details606Details

534 607 

535Enable the default `shell` tool for running commands (stable; on by default).608Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

536 609 

537Key610Key

538 611 

539`features.unified_exec`612`compact_prompt`

540 613 

541Type / Values614Type / Values

542 615 

543`boolean`616`string`

544 617 

545Details618Details

546 619 

547Use the unified PTY-backed exec tool (beta).620Inline override for the history compaction prompt.

548 621 

549Key622Key

550 623 

551`features.use_linux_sandbox_bwrap`624`default_permissions`

552 625 

553Type / Values626Type / Values

554 627 

555`boolean`628`string`

556 629 

557Details630Details

558 631 

559Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).632Name of the default permissions profile to apply to sandboxed tool calls.

560 633 

561Key634Key

562 635 

563`features.web_search`636`developer_instructions`

564 637 

565Type / Values638Type / Values

566 639 

567`boolean`640`string`

568 641 

569Details642Details

570 643 

571Deprecated legacy toggle; prefer the top-level `web_search` setting.644Additional developer instructions injected into the session (optional).

572 645 

573Key646Key

574 647 

575`features.web_search_cached`648`disable_paste_burst`

576 649 

577Type / Values650Type / Values

578 651 

580 653 

581Details654Details

582 655 

583Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.656Disable burst-paste detection in the TUI.

584 657 

585Key658Key

586 659 

587`features.web_search_request`660`experimental_compact_prompt_file`

588 661 

589Type / Values662Type / Values

590 663 

591`boolean`664`string (path)`

592 665 

593Details666Details

594 667 

595Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.668Load the compaction prompt override from a file (experimental).

596 669 

597Key670Key

598 671 

599`feedback.enabled`672`experimental_use_unified_exec_tool`

600 673 

601Type / Values674Type / Values

602 675 

604 677 

605Details678Details

606 679 

607Enable feedback submission via `/feedback` across Codex surfaces (default: true).680Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

608 681 

609Key682Key

610 683 

611`file_opener`684`features.apps`

612 685 

613Type / Values686Type / Values

614 687 

615`vscode | vscode-insiders | windsurf | cursor | none`688`boolean`

616 689 

617Details690Details

618 691 

619URI scheme used to open citations from Codex output (default: `vscode`).692Enable ChatGPT Apps/connectors support (experimental).

620 693 

621Key694Key

622 695 

623`forced_chatgpt_workspace_id`696`features.codex_hooks`

624 697 

625Type / Values698Type / Values

626 699 

627`string (uuid)`700`boolean`

628 701 

629Details702Details

630 703 

631Limit ChatGPT logins to a specific workspace identifier.704Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).

632 705 

633Key706Key

634 707 

635`forced_login_method`708`features.enable_request_compression`

636 709 

637Type / Values710Type / Values

638 711 

639`chatgpt | api`712`boolean`

640 713 

641Details714Details

642 715 

643Restrict Codex to a specific authentication method.716Compress streaming request bodies with zstd when supported (stable; on by default).

644 717 

645Key718Key

646 719 

647`hide_agent_reasoning`720`features.fast_mode`

648 721 

649Type / Values722Type / Values

650 723 

652 725 

653Details726Details

654 727 

655Suppress reasoning events in both the TUI and `codex exec` output.728Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

656 729 

657Key730Key

658 731 

659`history.max_bytes`732`features.memories`

660 733 

661Type / Values734Type / Values

662 735 

663`number`736`boolean`

664 737 

665Details738Details

666 739 

667If set, caps the history file size in bytes by dropping oldest entries.740Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

668 741 

669Key742Key

670 743 

671`history.persistence`744`features.multi_agent`

672 745 

673Type / Values746Type / Values

674 747 

675`save-all | none`748`boolean`

676 749 

677Details750Details

678 751 

679Control whether Codex saves session transcripts to history.jsonl.752Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

680 753 

681Key754Key

682 755 

683`include_apply_patch_tool`756`features.personality`

684 757 

685Type / Values758Type / Values

686 759 

688 761 

689Details762Details

690 763 

691Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.764Enable personality selection controls (stable; on by default).

692 765 

693Key766Key

694 767 

695`instructions`768`features.prevent_idle_sleep`

696 769 

697Type / Values770Type / Values

698 771 

699`string`772`boolean`

700 773 

701Details774Details

702 775 

703Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.776Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

704 777 

705Key778Key

706 779 

707`log_dir`780`features.shell_snapshot`

708 781 

709Type / Values782Type / Values

710 783 

711`string (path)`784`boolean`

712 785 

713Details786Details

714 787 

715Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.788Snapshot shell environment to speed up repeated commands (stable; on by default).

716 789 

717Key790Key

718 791 

719`mcp_oauth_callback_port`792`features.shell_tool`

720 793 

721Type / Values794Type / Values

722 795 

723`integer`796`boolean`

724 797 

725Details798Details

726 799 

727Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.800Enable the default `shell` tool for running commands (stable; on by default).

728 801 

729Key802Key

730 803 

731`mcp_oauth_credentials_store`804`features.skill_mcp_dependency_install`

732 805 

733Type / Values806Type / Values

734 807 

735`auto | file | keyring`808`boolean`

736 809 

737Details810Details

738 811 

739Preferred store for MCP OAuth credentials.812Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

740 813 

741Key814Key

742 815 

743`mcp_servers.<id>.args`816`features.undo`

744 817 

745Type / Values818Type / Values

746 819 

747`array<string>`820`boolean`

748 821 

749Details822Details

750 823 

751Arguments passed to the MCP stdio server command.824Enable undo support (stable; off by default).

752 825 

753Key826Key

754 827 

755`mcp_servers.<id>.bearer_token_env_var`828`features.unified_exec`

756 829 

757Type / Values830Type / Values

758 831 

759`string`832`boolean`

760 833 

761Details834Details

762 835 

763Environment variable sourcing the bearer token for an MCP HTTP server.836Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

764 837 

765Key838Key

766 839 

767`mcp_servers.<id>.command`840`features.web_search`

768 841 

769Type / Values842Type / Values

770 843 

771`string`844`boolean`

772 845 

773Details846Details

774 847 

775Launcher command for an MCP stdio server.848Deprecated legacy toggle; prefer the top-level `web_search` setting.

776 849 

777Key850Key

778 851 

779`mcp_servers.<id>.cwd`852`features.web_search_cached`

780 853 

781Type / Values854Type / Values

782 855 

783`string`856`boolean`

784 857 

785Details858Details

786 859 

787Working directory for the MCP stdio server process.860Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.

788 861 

789Key862Key

790 863 

791`mcp_servers.<id>.disabled_tools`864`features.web_search_request`

792 865 

793Type / Values866Type / Values

794 867 

795`array<string>`868`boolean`

796 869 

797Details870Details

798 871 

799Deny list applied after `enabled_tools` for the MCP server.872Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.

800 873 

801Key874Key

802 875 

803`mcp_servers.<id>.enabled`876`feedback.enabled`

804 877 

805Type / Values878Type / Values

806 879 

808 881 

809Details882Details

810 883 

811Disable an MCP server without removing its configuration.884Enable feedback submission via `/feedback` across Codex surfaces (default: true).

812 885 

813Key886Key

814 887 

815`mcp_servers.<id>.enabled_tools`888`file_opener`

816 889 

817Type / Values890Type / Values

818 891 

819`array<string>`892`vscode | vscode-insiders | windsurf | cursor | none`

820 893 

821Details894Details

822 895 

823Allow list of tool names exposed by the MCP server.896URI scheme used to open citations from Codex output (default: `vscode`).

824 897 

825Key898Key

826 899 

827`mcp_servers.<id>.env`900`forced_chatgpt_workspace_id`

828 901 

829Type / Values902Type / Values

830 903 

831`map<string,string>`904`string (uuid)`

832 905 

833Details906Details

834 907 

835Environment variables forwarded to the MCP stdio server.908Limit ChatGPT logins to a specific workspace identifier.

836 909 

837Key910Key

838 911 

839`mcp_servers.<id>.env_http_headers`912`forced_login_method`

840 913 

841Type / Values914Type / Values

842 915 

843`map<string,string>`916`chatgpt | api`

844 917 

845Details918Details

846 919 

847HTTP headers populated from environment variables for an MCP HTTP server.920Restrict Codex to a specific authentication method.

848 921 

849Key922Key

850 923 

851`mcp_servers.<id>.env_vars`924`hide_agent_reasoning`

852 925 

853Type / Values926Type / Values

854 927 

855`array<string>`928`boolean`

856 929 

857Details930Details

858 931 

859Additional environment variables to whitelist for an MCP stdio server.932Suppress reasoning events in both the TUI and `codex exec` output.

860 933 

861Key934Key

862 935 

863`mcp_servers.<id>.http_headers`936`history.max_bytes`

864 937 

865Type / Values938Type / Values

866 939 

867`map<string,string>`940`number`

868 941 

869Details942Details

870 943 

871Static HTTP headers included with each MCP HTTP request.944If set, caps the history file size in bytes by dropping oldest entries.

872 945 

873Key946Key

874 947 

875`mcp_servers.<id>.required`948`history.persistence`

876 949 

877Type / Values950Type / Values

878 951 

879`boolean`952`save-all | none`

880 953 

881Details954Details

882 955 

883When true, fail startup/resume if this enabled MCP server cannot initialize.956Control whether Codex saves session transcripts to history.jsonl.

884 957 

885Key958Key

886 959 

887`mcp_servers.<id>.startup_timeout_ms`960`instructions`

888 961 

889Type / Values962Type / Values

890 963 

891`number`964`string`

892 965 

893Details966Details

894 967 

895Alias for `startup_timeout_sec` in milliseconds.968Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.

896 969 

897Key970Key

898 971 

899`mcp_servers.<id>.startup_timeout_sec`972`log_dir`

900 973 

901Type / Values974Type / Values

902 975 

903`number`976`string (path)`

904 977 

905Details978Details

906 979 

907Override the default 10s startup timeout for an MCP server.980Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.

908 981 

909Key982Key

910 983 

911`mcp_servers.<id>.tool_timeout_sec`984`mcp_oauth_callback_port`

912 985 

913Type / Values986Type / Values

914 987 

915`number`988`integer`

916 989 

917Details990Details

918 991 

919Override the default 60s per-tool timeout for an MCP server.992Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.

920 993 

921Key994Key

922 995 

923`mcp_servers.<id>.url`996`mcp_oauth_callback_url`

924 997 

925Type / Values998Type / Values

926 999 

928 1001 

929Details1002Details

930 1003 

931Endpoint for an MCP streamable HTTP server.1004Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.

932 1005 

933Key1006Key

934 1007 

935`model`1008`mcp_oauth_credentials_store`

936 1009 

937Type / Values1010Type / Values

938 1011 

939`string`1012`auto | file | keyring`

940 1013 

941Details1014Details

942 1015 

943Model to use (e.g., `gpt-5-codex`).1016Preferred store for MCP OAuth credentials.

944 1017 

945Key1018Key

946 1019 

947`model_auto_compact_token_limit`1020`mcp_servers.<id>.args`

948 1021 

949Type / Values1022Type / Values

950 1023 

951`number`1024`array<string>`

952 1025 

953Details1026Details

954 1027 

955Token threshold that triggers automatic history compaction (unset uses model defaults).1028Arguments passed to the MCP stdio server command.

956 1029 

957Key1030Key

958 1031 

959`model_context_window`1032`mcp_servers.<id>.bearer_token_env_var`

960 1033 

961Type / Values1034Type / Values

962 1035 

963`number`1036`string`

964 1037 

965Details1038Details

966 1039 

967Context window tokens available to the active model.1040Environment variable sourcing the bearer token for an MCP HTTP server.

968 1041 

969Key1042Key

970 1043 

971`model_instructions_file`1044`mcp_servers.<id>.command`

972 1045 

973Type / Values1046Type / Values

974 1047 

975`string (path)`1048`string`

976 1049 

977Details1050Details

978 1051 

979Replacement for built-in instructions instead of `AGENTS.md`.1052Launcher command for an MCP stdio server.

980 1053 

981Key1054Key

982 1055 

983`model_provider`1056`mcp_servers.<id>.cwd`

984 1057 

985Type / Values1058Type / Values

986 1059 

988 1061 

989Details1062Details

990 1063 

991Provider id from `model_providers` (default: `openai`).1064Working directory for the MCP stdio server process.

992 1065 

993Key1066Key

994 1067 

995`model_providers.<id>.base_url`1068`mcp_servers.<id>.disabled_tools`

1069 

1070Type / Values

1071 

1072`array<string>`

1073 

1074Details

1075 

1076Deny list applied after `enabled_tools` for the MCP server.

1077 

1078Key

1079 

1080`mcp_servers.<id>.enabled`

1081 

1082Type / Values

1083 

1084`boolean`

1085 

1086Details

1087 

1088Disable an MCP server without removing its configuration.

1089 

1090Key

1091 

1092`mcp_servers.<id>.enabled_tools`

1093 

1094Type / Values

1095 

1096`array<string>`

1097 

1098Details

1099 

1100Allow list of tool names exposed by the MCP server.

1101 

1102Key

1103 

1104`mcp_servers.<id>.env`

1105 

1106Type / Values

1107 

1108`map<string,string>`

1109 

1110Details

1111 

1112Environment variables forwarded to the MCP stdio server.

1113 

1114Key

1115 

1116`mcp_servers.<id>.env_http_headers`

1117 

1118Type / Values

1119 

1120`map<string,string>`

1121 

1122Details

1123 

1124HTTP headers populated from environment variables for an MCP HTTP server.

1125 

1126Key

1127 

1128`mcp_servers.<id>.env_vars`

1129 

1130Type / Values

1131 

1132`array<string | { name = string, source = "local" | "remote" }>`

1133 

1134Details

1135 

1136Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1137 

1138Key

1139 

1140`mcp_servers.<id>.experimental_environment`

1141 

1142Type / Values

1143 

1144`local | remote`

1145 

1146Details

1147 

1148Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1149 

1150Key

1151 

1152`mcp_servers.<id>.http_headers`

1153 

1154Type / Values

1155 

1156`map<string,string>`

1157 

1158Details

1159 

1160Static HTTP headers included with each MCP HTTP request.

1161 

1162Key

1163 

1164`mcp_servers.<id>.oauth_resource`

1165 

1166Type / Values

1167 

1168`string`

1169 

1170Details

1171 

1172Optional RFC 8707 OAuth resource parameter to include during MCP login.

1173 

1174Key

1175 

1176`mcp_servers.<id>.required`

1177 

1178Type / Values

1179 

1180`boolean`

1181 

1182Details

1183 

1184When true, fail startup/resume if this enabled MCP server cannot initialize.

1185 

1186Key

1187 

1188`mcp_servers.<id>.scopes`

1189 

1190Type / Values

1191 

1192`array<string>`

1193 

1194Details

1195 

1196OAuth scopes to request when authenticating to that MCP server.

1197 

1198Key

1199 

1200`mcp_servers.<id>.startup_timeout_ms`

1201 

1202Type / Values

1203 

1204`number`

1205 

1206Details

1207 

1208Alias for `startup_timeout_sec` in milliseconds.

1209 

1210Key

1211 

1212`mcp_servers.<id>.startup_timeout_sec`

1213 

1214Type / Values

1215 

1216`number`

1217 

1218Details

1219 

1220Override the default 10s startup timeout for an MCP server.

1221 

1222Key

1223 

1224`mcp_servers.<id>.tool_timeout_sec`

1225 

1226Type / Values

1227 

1228`number`

1229 

1230Details

1231 

1232Override the default 60s per-tool timeout for an MCP server.

1233 

1234Key

1235 

1236`mcp_servers.<id>.url`

1237 

1238Type / Values

1239 

1240`string`

1241 

1242Details

1243 

1244Endpoint for an MCP streamable HTTP server.

1245 

1246Key

1247 

1248`memories.consolidation_model`

1249 

1250Type / Values

1251 

1252`string`

1253 

1254Details

1255 

1256Optional model override for global memory consolidation.

1257 

1258Key

1259 

1260`memories.disable_on_external_context`

1261 

1262Type / Values

1263 

1264`boolean`

1265 

1266Details

1267 

1268When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1269 

1270Key

1271 

1272`memories.extract_model`

1273 

1274Type / Values

1275 

1276`string`

1277 

1278Details

1279 

1280Optional model override for per-thread memory extraction.

1281 

1282Key

1283 

1284`memories.generate_memories`

1285 

1286Type / Values

1287 

1288`boolean`

1289 

1290Details

1291 

1292When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1293 

1294Key

1295 

1296`memories.max_raw_memories_for_consolidation`

1297 

1298Type / Values

1299 

1300`number`

1301 

1302Details

1303 

1304Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1305 

1306Key

1307 

1308`memories.max_rollout_age_days`

1309 

1310Type / Values

1311 

1312`number`

1313 

1314Details

1315 

1316Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1317 

1318Key

1319 

1320`memories.max_rollouts_per_startup`

1321 

1322Type / Values

1323 

1324`number`

1325 

1326Details

1327 

1328Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1329 

1330Key

1331 

1332`memories.max_unused_days`

1333 

1334Type / Values

1335 

1336`number`

1337 

1338Details

1339 

1340Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1341 

1342Key

1343 

1344`memories.min_rollout_idle_hours`

1345 

1346Type / Values

1347 

1348`number`

1349 

1350Details

1351 

1352Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1353 

1354Key

1355 

1356`memories.use_memories`

1357 

1358Type / Values

1359 

1360`boolean`

1361 

1362Details

1363 

1364When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1365 

1366Key

1367 

1368`model`

1369 

1370Type / Values

1371 

1372`string`

1373 

1374Details

1375 

1376Model to use (e.g., `gpt-5.5`).

1377 

1378Key

1379 

1380`model_auto_compact_token_limit`

1381 

1382Type / Values

1383 

1384`number`

1385 

1386Details

1387 

1388Token threshold that triggers automatic history compaction (unset uses model defaults).

1389 

1390Key

1391 

1392`model_catalog_json`

1393 

1394Type / Values

1395 

1396`string (path)`

1397 

1398Details

1399 

1400Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1401 

1402Key

1403 

1404`model_context_window`

1405 

1406Type / Values

1407 

1408`number`

1409 

1410Details

1411 

1412Context window tokens available to the active model.

1413 

1414Key

1415 

1416`model_instructions_file`

1417 

1418Type / Values

1419 

1420`string (path)`

1421 

1422Details

1423 

1424Replacement for built-in instructions instead of `AGENTS.md`.

1425 

1426Key

1427 

1428`model_provider`

1429 

1430Type / Values

1431 

1432`string`

1433 

1434Details

1435 

1436Provider id from `model_providers` (default: `openai`).

1437 

1438Key

1439 

1440`model_providers.<id>`

1441 

1442Type / Values

1443 

1444`table`

1445 

1446Details

1447 

1448Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1449 

1450Key

1451 

1452`model_providers.<id>.auth`

1453 

1454Type / Values

1455 

1456`table`

1457 

1458Details

1459 

1460Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1461 

1462Key

1463 

1464`model_providers.<id>.auth.args`

1465 

1466Type / Values

1467 

1468`array<string>`

1469 

1470Details

1471 

1472Arguments passed to the token command.

1473 

1474Key

1475 

1476`model_providers.<id>.auth.command`

1477 

1478Type / Values

1479 

1480`string`

1481 

1482Details

1483 

1484Command to run when Codex needs a bearer token. The command must print the token to stdout.

1485 

1486Key

1487 

1488`model_providers.<id>.auth.cwd`

1489 

1490Type / Values

1491 

1492`string (path)`

1493 

1494Details

1495 

1496Working directory for the token command.

1497 

1498Key

1499 

1500`model_providers.<id>.auth.refresh_interval_ms`

1501 

1502Type / Values

1503 

1504`number`

1505 

1506Details

1507 

1508How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1509 

1510Key

1511 

1512`model_providers.<id>.auth.timeout_ms`

1513 

1514Type / Values

1515 

1516`number`

1517 

1518Details

1519 

1520Maximum token command runtime in milliseconds (default: 5000).

1521 

1522Key

1523 

1524`model_providers.<id>.base_url`

996 1525 

997Type / Values1526Type / Values

998 1527 

1136 1665 

1137Key1666Key

1138 1667 

1668`model_providers.<id>.supports_websockets`

1669 

1670Type / Values

1671 

1672`boolean`

1673 

1674Details

1675 

1676Whether that provider supports the Responses API WebSocket transport.

1677 

1678Key

1679 

1139`model_providers.<id>.wire_api`1680`model_providers.<id>.wire_api`

1140 1681 

1141Type / Values1682Type / Values

1142 1683 

1143`chat | responses`1684`responses`

1144 1685 

1145Details1686Details

1146 1687 

1147Protocol used by the provider (defaults to `chat` if omitted).1688Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1148 1689 

1149Key1690Key

1150 1691 

1192 1733 

1193Details1734Details

1194 1735 

1195Control GPT-5 Responses API verbosity (defaults to `medium`).1736Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1196 1737 

1197Key1738Key

1198 1739 

1280 1821 

1281Key1822Key

1282 1823 

1824`openai_base_url`

1825 

1826Type / Values

1827 

1828`string`

1829 

1830Details

1831 

1832Base URL override for the built-in `openai` model provider.

1833 

1834Key

1835 

1283`oss_provider`1836`oss_provider`

1284 1837 

1285Type / Values1838Type / Values

1300 1853 

1301Details1854Details

1302 1855 

1303Environment tag applied to emitted OpenTelemetry events (default: `dev`).1856Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1857 

1858Key

1859 

1860`otel.exporter`

1861 

1862Type / Values

1863 

1864`none | otlp-http | otlp-grpc`

1865 

1866Details

1867 

1868Select the OpenTelemetry exporter and provide any endpoint metadata.

1869 

1870Key

1871 

1872`otel.exporter.<id>.endpoint`

1873 

1874Type / Values

1875 

1876`string`

1877 

1878Details

1879 

1880Exporter endpoint for OTEL logs.

1881 

1882Key

1883 

1884`otel.exporter.<id>.headers`

1885 

1886Type / Values

1887 

1888`map<string,string>`

1889 

1890Details

1891 

1892Static headers included with OTEL exporter requests.

1893 

1894Key

1895 

1896`otel.exporter.<id>.protocol`

1897 

1898Type / Values

1899 

1900`binary | json`

1901 

1902Details

1903 

1904Protocol used by the OTLP/HTTP exporter.

1905 

1906Key

1907 

1908`otel.exporter.<id>.tls.ca-certificate`

1909 

1910Type / Values

1911 

1912`string`

1913 

1914Details

1915 

1916CA certificate path for OTEL exporter TLS.

1917 

1918Key

1919 

1920`otel.exporter.<id>.tls.client-certificate`

1921 

1922Type / Values

1923 

1924`string`

1925 

1926Details

1927 

1928Client certificate path for OTEL exporter TLS.

1929 

1930Key

1931 

1932`otel.exporter.<id>.tls.client-private-key`

1933 

1934Type / Values

1935 

1936`string`

1937 

1938Details

1939 

1940Client private key path for OTEL exporter TLS.

1941 

1942Key

1943 

1944`otel.log_user_prompt`

1945 

1946Type / Values

1947 

1948`boolean`

1949 

1950Details

1951 

1952Opt in to exporting raw user prompts with OpenTelemetry logs.

1953 

1954Key

1955 

1956`otel.metrics_exporter`

1957 

1958Type / Values

1959 

1960`none | statsig | otlp-http | otlp-grpc`

1961 

1962Details

1963 

1964Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1965 

1966Key

1967 

1968`otel.trace_exporter`

1969 

1970Type / Values

1971 

1972`none | otlp-http | otlp-grpc`

1973 

1974Details

1975 

1976Select the OpenTelemetry trace exporter and provide any endpoint metadata.

1977 

1978Key

1979 

1980`otel.trace_exporter.<id>.endpoint`

1981 

1982Type / Values

1983 

1984`string`

1985 

1986Details

1987 

1988Trace exporter endpoint for OTEL logs.

1989 

1990Key

1991 

1992`otel.trace_exporter.<id>.headers`

1993 

1994Type / Values

1995 

1996`map<string,string>`

1997 

1998Details

1999 

2000Static headers included with OTEL trace exporter requests.

2001 

2002Key

2003 

2004`otel.trace_exporter.<id>.protocol`

2005 

2006Type / Values

2007 

2008`binary | json`

2009 

2010Details

2011 

2012Protocol used by the OTLP/HTTP trace exporter.

2013 

2014Key

2015 

2016`otel.trace_exporter.<id>.tls.ca-certificate`

2017 

2018Type / Values

2019 

2020`string`

2021 

2022Details

2023 

2024CA certificate path for OTEL trace exporter TLS.

2025 

2026Key

2027 

2028`otel.trace_exporter.<id>.tls.client-certificate`

2029 

2030Type / Values

2031 

2032`string`

2033 

2034Details

2035 

2036Client certificate path for OTEL trace exporter TLS.

2037 

2038Key

2039 

2040`otel.trace_exporter.<id>.tls.client-private-key`

2041 

2042Type / Values

2043 

2044`string`

2045 

2046Details

2047 

2048Client private key path for OTEL trace exporter TLS.

2049 

2050Key

2051 

2052`permissions.<name>.filesystem`

2053 

2054Type / Values

2055 

2056`table`

2057 

2058Details

2059 

2060Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

2061 

2062Key

2063 

2064`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

2065 

2066Type / Values

2067 

2068`"read" | "write" | "none"`

2069 

2070Details

2071 

2072Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

1304 2073 

1305Key2074Key

1306 2075 

1307`otel.exporter`2076`permissions.<name>.filesystem.<path-or-glob>`

1308 2077 

1309Type / Values2078Type / Values

1310 2079 

1311`none | otlp-http | otlp-grpc`2080`"read" | "write" | "none" | table`

1312 2081 

1313Details2082Details

1314 2083 

1315Select the OpenTelemetry exporter and provide any endpoint metadata.2084Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

1316 2085 

1317Key2086Key

1318 2087 

1319`otel.exporter.<id>.endpoint`2088`permissions.<name>.filesystem.glob_scan_max_depth`

1320 2089 

1321Type / Values2090Type / Values

1322 2091 

1323`string`2092`number`

1324 2093 

1325Details2094Details

1326 2095 

1327Exporter endpoint for OTEL logs.2096Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

1328 2097 

1329Key2098Key

1330 2099 

1331`otel.exporter.<id>.headers`2100`permissions.<name>.network.allow_local_binding`

1332 2101 

1333Type / Values2102Type / Values

1334 2103 

1335`map<string,string>`2104`boolean`

1336 2105 

1337Details2106Details

1338 2107 

1339Static headers included with OTEL exporter requests.2108Permit local bind/listen operations through the managed proxy.

1340 2109 

1341Key2110Key

1342 2111 

1343`otel.exporter.<id>.protocol`2112`permissions.<name>.network.allow_upstream_proxy`

1344 2113 

1345Type / Values2114Type / Values

1346 2115 

1347`binary | json`2116`boolean`

1348 2117 

1349Details2118Details

1350 2119 

1351Protocol used by the OTLP/HTTP exporter.2120Allow the managed proxy to chain to another upstream proxy.

1352 2121 

1353Key2122Key

1354 2123 

1355`otel.exporter.<id>.tls.ca-certificate`2124`permissions.<name>.network.dangerously_allow_all_unix_sockets`

1356 2125 

1357Type / Values2126Type / Values

1358 2127 

1359`string`2128`boolean`

1360 2129 

1361Details2130Details

1362 2131 

1363CA certificate path for OTEL exporter TLS.2132Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

1364 2133 

1365Key2134Key

1366 2135 

1367`otel.exporter.<id>.tls.client-certificate`2136`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

1368 2137 

1369Type / Values2138Type / Values

1370 2139 

1371`string`2140`boolean`

1372 2141 

1373Details2142Details

1374 2143 

1375Client certificate path for OTEL exporter TLS.2144Permit non-loopback bind addresses for the managed proxy listener.

1376 2145 

1377Key2146Key

1378 2147 

1379`otel.exporter.<id>.tls.client-private-key`2148`permissions.<name>.network.domains`

1380 2149 

1381Type / Values2150Type / Values

1382 2151 

1383`string`2152`map<string, allow | deny>`

1384 2153 

1385Details2154Details

1386 2155 

1387Client private key path for OTEL exporter TLS.2156Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

1388 2157 

1389Key2158Key

1390 2159 

1391`otel.log_user_prompt`2160`permissions.<name>.network.enable_socks5`

1392 2161 

1393Type / Values2162Type / Values

1394 2163 

1396 2165 

1397Details2166Details

1398 2167 

1399Opt in to exporting raw user prompts with OpenTelemetry logs.2168Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

1400 2169 

1401Key2170Key

1402 2171 

1403`otel.trace_exporter`2172`permissions.<name>.network.enable_socks5_udp`

1404 2173 

1405Type / Values2174Type / Values

1406 2175 

1407`none | otlp-http | otlp-grpc`2176`boolean`

1408 2177 

1409Details2178Details

1410 2179 

1411Select the OpenTelemetry trace exporter and provide any endpoint metadata.2180Allow UDP over the SOCKS5 listener when enabled.

1412 2181 

1413Key2182Key

1414 2183 

1415`otel.trace_exporter.<id>.endpoint`2184`permissions.<name>.network.enabled`

1416 2185 

1417Type / Values2186Type / Values

1418 2187 

1419`string`2188`boolean`

1420 2189 

1421Details2190Details

1422 2191 

1423Trace exporter endpoint for OTEL logs.2192Enable network access for this named permissions profile.

1424 2193 

1425Key2194Key

1426 2195 

1427`otel.trace_exporter.<id>.headers`2196`permissions.<name>.network.mode`

1428 2197 

1429Type / Values2198Type / Values

1430 2199 

1431`map<string,string>`2200`limited | full`

1432 2201 

1433Details2202Details

1434 2203 

1435Static headers included with OTEL trace exporter requests.2204Network proxy mode used for subprocess traffic.

1436 2205 

1437Key2206Key

1438 2207 

1439`otel.trace_exporter.<id>.protocol`2208`permissions.<name>.network.proxy_url`

1440 2209 

1441Type / Values2210Type / Values

1442 2211 

1443`binary | json`2212`string`

1444 2213 

1445Details2214Details

1446 2215 

1447Protocol used by the OTLP/HTTP trace exporter.2216HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

1448 2217 

1449Key2218Key

1450 2219 

1451`otel.trace_exporter.<id>.tls.ca-certificate`2220`permissions.<name>.network.socks_url`

1452 2221 

1453Type / Values2222Type / Values

1454 2223 

1456 2225 

1457Details2226Details

1458 2227 

1459CA certificate path for OTEL trace exporter TLS.2228SOCKS5 proxy endpoint used by this permissions profile.

1460 2229 

1461Key2230Key

1462 2231 

1463`otel.trace_exporter.<id>.tls.client-certificate`2232`permissions.<name>.network.unix_sockets`

1464 2233 

1465Type / Values2234Type / Values

1466 2235 

1467`string`2236`map<string, allow | none>`

1468 2237 

1469Details2238Details

1470 2239 

1471Client certificate path for OTEL trace exporter TLS.2240Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

1472 2241 

1473Key2242Key

1474 2243 

1475`otel.trace_exporter.<id>.tls.client-private-key`2244`personality`

1476 2245 

1477Type / Values2246Type / Values

1478 2247 

1479`string`2248`none | friendly | pragmatic`

1480 2249 

1481Details2250Details

1482 2251 

1483Client private key path for OTEL trace exporter TLS.2252Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

1484 2253 

1485Key2254Key

1486 2255 

1487`personality`2256`plan_mode_reasoning_effort`

1488 2257 

1489Type / Values2258Type / Values

1490 2259 

1491`none | friendly | pragmatic`2260`none | minimal | low | medium | high | xhigh`

1492 2261 

1493Details2262Details

1494 2263 

1495Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.2264Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

1496 2265 

1497Key2266Key

1498 2267 

1520 2289 

1521Key2290Key

1522 2291 

1523`profiles.<name>.experimental_use_freeform_apply_patch`2292`profiles.<name>.analytics.enabled`

1524 2293 

1525Type / Values2294Type / Values

1526 2295 

1528 2297 

1529Details2298Details

1530 2299 

1531Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2300Profile-scoped analytics enablement override.

1532 2301 

1533Key2302Key

1534 2303 

1544 2313 

1545Key2314Key

1546 2315 

1547`profiles.<name>.include_apply_patch_tool`2316`profiles.<name>.model_catalog_json`

1548 2317 

1549Type / Values2318Type / Values

1550 2319 

1551`boolean`2320`string (path)`

2321 

2322Details

2323 

2324Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

2325 

2326Key

2327 

2328`profiles.<name>.model_instructions_file`

2329 

2330Type / Values

2331 

2332`string (path)`

1552 2333 

1553Details2334Details

1554 2335 

1555Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2336Profile-scoped replacement for the built-in instruction file.

1556 2337 

1557Key2338Key

1558 2339 

1580 2361 

1581Key2362Key

1582 2363 

2364`profiles.<name>.plan_mode_reasoning_effort`

2365 

2366Type / Values

2367 

2368`none | minimal | low | medium | high | xhigh`

2369 

2370Details

2371 

2372Profile-scoped Plan-mode reasoning override.

2373 

2374Key

2375 

2376`profiles.<name>.service_tier`

2377 

2378Type / Values

2379 

2380`flex | fast`

2381 

2382Details

2383 

2384Profile-scoped service tier preference for new turns.

2385 

2386Key

2387 

2388`profiles.<name>.tools_view_image`

2389 

2390Type / Values

2391 

2392`boolean`

2393 

2394Details

2395 

2396Enable or disable the `view_image` tool in that profile.

2397 

2398Key

2399 

1583`profiles.<name>.web_search`2400`profiles.<name>.web_search`

1584 2401 

1585Type / Values2402Type / Values

1592 2409 

1593Key2410Key

1594 2411 

2412`profiles.<name>.windows.sandbox`

2413 

2414Type / Values

2415 

2416`unelevated | elevated`

2417 

2418Details

2419 

2420Profile-scoped Windows sandbox mode override.

2421 

2422Key

2423 

1595`project_doc_fallback_filenames`2424`project_doc_fallback_filenames`

1596 2425 

1597Type / Values2426Type / Values

1636 2465 

1637Details2466Details

1638 2467 

1639Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2468Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

1640 2469 

1641Key2470Key

1642 2471 

1712 2541 

1713Key2542Key

1714 2543 

2544`service_tier`

2545 

2546Type / Values

2547 

2548`flex | fast`

2549 

2550Details

2551 

2552Preferred service tier for new turns.

2553 

2554Key

2555 

1715`shell_environment_policy.exclude`2556`shell_environment_policy.exclude`

1716 2557 

1717Type / Values2558Type / Values

1832 2673 

1833Key2674Key

1834 2675 

2676`sqlite_home`

2677 

2678Type / Values

2679 

2680`string (path)`

2681 

2682Details

2683 

2684Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

2685 

2686Key

2687 

1835`suppress_unstable_features_warning`2688`suppress_unstable_features_warning`

1836 2689 

1837Type / Values2690Type / Values

1856 2709 

1857Key2710Key

1858 2711 

1859`tools.web_search`2712`tool_suggest.discoverables`

2713 

2714Type / Values

2715 

2716`array<table>`

2717 

2718Details

2719 

2720Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2721 

2722Key

2723 

2724`tools.view_image`

1860 2725 

1861Type / Values2726Type / Values

1862 2727 

1864 2729 

1865Details2730Details

1866 2731 

1867Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2732Enable the local-image attachment tool `view_image`.

2733 

2734Key

2735 

2736`tools.web_search`

2737 

2738Type / Values

2739 

2740`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2741 

2742Details

2743 

2744Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

1868 2745 

1869Key2746Key

1870 2747 

1904 2781 

1905Key2782Key

1906 2783 

2784`tui.model_availability_nux.<model>`

2785 

2786Type / Values

2787 

2788`integer`

2789 

2790Details

2791 

2792Internal startup-tooltip state keyed by model slug.

2793 

2794Key

2795 

2796`tui.notification_condition`

2797 

2798Type / Values

2799 

2800`unfocused | always`

2801 

2802Details

2803 

2804Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2805 

2806Key

2807 

1907`tui.notification_method`2808`tui.notification_method`

1908 2809 

1909Type / Values2810Type / Values

1912 2813 

1913Details2814Details

1914 2815 

1915Notification method for unfocused terminal notifications (default: auto).2816Notification method for terminal notifications (default: auto).

1916 2817 

1917Key2818Key

1918 2819 

1952 2853 

1953Key2854Key

1954 2855 

2856`tui.terminal_title`

2857 

2858Type / Values

2859 

2860`array<string> | null`

2861 

2862Details

2863 

2864Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2865 

2866Key

2867 

2868`tui.theme`

2869 

2870Type / Values

2871 

2872`string`

2873 

2874Details

2875 

2876Syntax-highlighting theme override (kebab-case theme name).

2877 

2878Key

2879 

1955`web_search`2880`web_search`

1956 2881 

1957Type / Values2882Type / Values

1974 2899 

1975Track Windows onboarding acknowledgement (Windows only).2900Track Windows onboarding acknowledgement (Windows only).

1976 2901 

2902Key

2903 

2904`windows.sandbox`

2905 

2906Type / Values

2907 

2908`unelevated | elevated`

2909 

2910Details

2911 

2912Windows-only native sandbox mode when running Codex natively on Windows.

2913 

2914Key

2915 

2916`windows.sandbox_private_desktop`

2917 

2918Type / Values

2919 

2920`boolean`

2921 

2922Details

2923 

2924Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2925 

1977Expand to view all2926Expand to view all

1978 2927 

1979You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2928You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

1988 2937 

1989## `requirements.toml`2938## `requirements.toml`

1990 2939 

1991`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users cant override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/security#admin-enforced-requirements-requirementstoml).2940`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users can't override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/enterprise/managed-configuration#admin-enforced-requirements-requirementstoml).

1992 2941 

1993For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched2942For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

1994requirements. See the security page for precedence details.2943requirements. See the security page for precedence details.

1995 2944 

2945Use `[features]` in `requirements.toml` to pin feature flags by the same

2946canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

2947 

1996| Key | Type / Values | Details |2948| Key | Type / Values | Details |

1997| --- | --- | --- |2949| --- | --- | --- |

1998| `allowed_approval_policies` | `array<string>` | Allowed values for `approval\_policy`. |2950| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

2951| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

1999| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |2952| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2000| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2953| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2954| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2955| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

2956| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

2001| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |2957| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2002| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2958| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2003| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2959| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2004| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |2960| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2961| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

2005| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |2962| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2006| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |2963| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2007| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |2964| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2020 2977 

2021Details2978Details

2022 2979 

2023Allowed values for `approval\_policy`.2980Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

2981 

2982Key

2983 

2984`allowed_approvals_reviewers`

2985 

2986Type / Values

2987 

2988`array<string>`

2989 

2990Details

2991 

2992Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2024 2993 

2025Key2994Key

2026 2995 

2048 3017 

2049Key3018Key

2050 3019 

3020`features`

3021 

3022Type / Values

3023 

3024`table`

3025 

3026Details

3027 

3028Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

3029 

3030Key

3031 

3032`features.<name>`

3033 

3034Type / Values

3035 

3036`boolean`

3037 

3038Details

3039 

3040Require a specific canonical feature key to stay enabled or disabled.

3041 

3042Key

3043 

3044`guardian_policy_config`

3045 

3046Type / Values

3047 

3048`string`

3049 

3050Details

3051 

3052Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3053 

3054Key

3055 

2051`mcp_servers`3056`mcp_servers`

2052 3057 

2053Type / Values3058Type / Values

2096 3101 

2097Key3102Key

2098 3103 

3104`permissions.filesystem.deny_read`

3105 

3106Type / Values

3107 

3108`array<string>`

3109 

3110Details

3111 

3112Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3113 

3114Key

3115 

2099`rules`3116`rules`

2100 3117 

2101Type / Values3118Type / Values