SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-02-19 20:53 UTC → 2026-04-20 06:53 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
19 Feb 2026, 20:53
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
20 Apr 2026, 06:53
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +1307 −353

Details

6 6 

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 

9| Key | Type / Values | Details |11| Key | Type / Values | Details |

10| --- | --- | --- |12| --- | --- | --- |

11| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

12| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

13| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

14| `approval_policy` | `untrusted | on-request | never` | Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

15| `apps.<id>.disabled_reason` | `unknown | user` | Optional reason attached when an app/connector is disabled. |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | guardian_subagent` | Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent. |

28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |

32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |

33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |

16| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |

35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

17| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |39| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

18| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |40| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

19| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |41| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

42| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

20| `compact_prompt` | `string` | Inline override for the history compaction prompt. |43| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

44| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

21| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |45| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

22| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |46| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

23| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |47| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

24| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

25| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |48| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

26| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

27| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |49| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

28| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |50| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` (under development; off by default). |

29| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |51| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

30| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |52| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

31| `features.elevated_windows_sandbox` | `boolean` | Enable the elevated Windows sandbox pipeline (experimental). |53| `features.guardian_approval` | `boolean` | Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). Use with `approvals_reviewer = "guardian_subagent"`. |

32| `features.experimental_windows_sandbox` | `boolean` | Run the Windows restricted-token sandbox (experimental). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

33| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default). |55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

34| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

35| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

36| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

37| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

38| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

39| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

40| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

41| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

42| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

43| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

44| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

45| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

46| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

51| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

52| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

53| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

54| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

55| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |73| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

56| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |74| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

57| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |75| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

76| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |

58| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |77| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |

59| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |78| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |

60| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |79| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |

67| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |86| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

68| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |87| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |

69| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |88| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

89| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

70| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |90| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

91| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

71| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |92| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

72| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |93| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

73| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |94| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

74| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |95| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

75| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |96| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

97| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

98| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

99| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

100| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

101| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

102| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

103| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

104| `memories.no_memories_if_mcp_or_web_search` | `boolean` | When `true`, threads that use MCP tool calls or web search are kept out of memory generation. Defaults to `false`. |

105| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

106| `model` | `string` | Model to use (e.g., `gpt-5.4`). |

76| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |107| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

108| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

77| `model_context_window` | `number` | Context window tokens available to the active model. |109| `model_context_window` | `number` | Context window tokens available to the active model. |

78| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |110| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

79| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |111| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

112| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

113| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

114| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

115| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

116| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

117| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

118| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

80| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |119| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

81| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |120| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

82| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |121| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

89| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |128| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

90| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |129| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

91| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |130| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

92| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |131| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

132| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

93| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |133| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

94| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |134| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

95| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |135| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

96| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |136| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

97| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |137| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

98| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |138| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

99| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |139| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

101| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |141| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

102| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |142| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

103| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |143| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

144| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

104| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |145| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

105| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |146| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

106| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |147| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

111| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |152| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

112| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |153| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

113| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |154| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

155| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

114| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |156| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

115| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |157| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

116| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |158| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

118| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |160| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

119| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |161| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

120| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |162| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

163| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

164| `permissions.<name>.filesystem.":project_roots".<subpath>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself. |

165| `permissions.<name>.filesystem.<path>` | `"read" | "write" | "none" | table` | Grant direct access for a path or special token, or scope nested entries under that root. |

166| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

167| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

168| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

169| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

170| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

171| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

172| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

173| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

174| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

175| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

176| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

177| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

121| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |178| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

179| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

122| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |180| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

123| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |181| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

124| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |182| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

125| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |183| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

126| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |184| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

185| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

127| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |186| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

128| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |187| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

188| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

189| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

190| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

129| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |191| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

192| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

130| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |193| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

131| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |194| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

132| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |195| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

137| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |200| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

138| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |201| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

139| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |202| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

203| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

140| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |204| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

141| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |205| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

142| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |206| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

147| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |211| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |

148| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |212| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |

149| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |213| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |

214| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

150| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |215| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

151| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |216| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

152| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |217| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

218| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

219| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

153| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |220| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

154| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |221| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

155| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |222| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

223| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

156| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |224| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |

157| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |225| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

158| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |226| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

159| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |227| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

228| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

229| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

160| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |230| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

161| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |231| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

232| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

233| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

162 234 

163Key235Key

164 236 

186 258 

187Key259Key

188 260 

189`agents.max_threads`261`agents.<name>.nickname_candidates`

190 262 

191Type / Values263Type / Values

192 264 

193`number`265`array<string>`

194 266 

195Details267Details

196 268 

197Maximum number of agent threads that can be open concurrently.269Optional pool of display nicknames for spawned agents in that role.

198 270 

199Key271Key

200 272 

201`approval_policy`273`agents.job_max_runtime_seconds`

202 274 

203Type / Values275Type / Values

204 276 

205`untrusted | on-request | never`277`number`

206 278 

207Details279Details

208 280 

209Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.281Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.

210 282 

211Key283Key

212 284 

213`apps.<id>.disabled_reason`285`agents.max_depth`

214 286 

215Type / Values287Type / Values

216 288 

217`unknown | user`289`number`

218 290 

219Details291Details

220 292 

221Optional reason attached when an app/connector is disabled.293Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).

222 294 

223Key295Key

224 296 

225`apps.<id>.enabled`297`agents.max_threads`

226 298 

227Type / Values299Type / Values

228 300 

229`boolean`301`number`

230 302 

231Details303Details

232 304 

233Enable or disable a specific app/connector by id (default: true).305Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

234 306 

235Key307Key

236 308 

237`chatgpt_base_url`309`allow_login_shell`

238 310 

239Type / Values311Type / Values

240 312 

241`string`313`boolean`

242 314 

243Details315Details

244 316 

245Override the base URL used during the ChatGPT login flow.317Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.

246 318 

247Key319Key

248 320 

249`check_for_update_on_startup`321`analytics.enabled`

250 322 

251Type / Values323Type / Values

252 324 

254 326 

255Details327Details

256 328 

257Check for Codex updates on startup (set to false only when updates are centrally managed).329Enable or disable analytics for this machine/profile. When unset, the client default applies.

258 330 

259Key331Key

260 332 

261`cli_auth_credentials_store`333`approval_policy`

262 334 

263Type / Values335Type / Values

264 336 

265`file | keyring | auto`337`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

266 338 

267Details339Details

268 340 

269Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).341Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

270 342 

271Key343Key

272 344 

273`compact_prompt`345`approval_policy.granular.mcp_elicitations`

274 346 

275Type / Values347Type / Values

276 348 

277`string`349`boolean`

278 350 

279Details351Details

280 352 

281Inline override for the history compaction prompt.353When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

282 354 

283Key355Key

284 356 

285`developer_instructions`357`approval_policy.granular.request_permissions`

286 358 

287Type / Values359Type / Values

288 360 

289`string`361`boolean`

290 362 

291Details363Details

292 364 

293Additional developer instructions injected into the session (optional).365When `true`, prompts from the `request_permissions` tool are allowed to surface.

294 366 

295Key367Key

296 368 

297`disable_paste_burst`369`approval_policy.granular.rules`

298 370 

299Type / Values371Type / Values

300 372 

302 374 

303Details375Details

304 376 

305Disable burst-paste detection in the TUI.377When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

306 378 

307Key379Key

308 380 

309`experimental_compact_prompt_file`381`approval_policy.granular.sandbox_approval`

310 382 

311Type / Values383Type / Values

312 384 

313`string (path)`385`boolean`

314 386 

315Details387Details

316 388 

317Load the compaction prompt override from a file (experimental).389When `true`, sandbox escalation approval prompts are allowed to surface.

318 390 

319Key391Key

320 392 

321`experimental_use_freeform_apply_patch`393`approval_policy.granular.skill_approval`

322 394 

323Type / Values395Type / Values

324 396 

326 398 

327Details399Details

328 400 

329Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.401When `true`, skill-script approval prompts are allowed to surface.

330 402 

331Key403Key

332 404 

333`experimental_use_unified_exec_tool`405`approvals_reviewer`

334 406 

335Type / Values407Type / Values

336 408 

337`boolean`409`user | guardian_subagent`

338 410 

339Details411Details

340 412 

341Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.413Select who reviews eligible approval prompts. Defaults to `user`; `guardian_subagent` routes supported reviews through the Guardian reviewer subagent.

342 414 

343Key415Key

344 416 

345`features.apply_patch_freeform`417`apps._default.destructive_enabled`

346 418 

347Type / Values419Type / Values

348 420 

350 422 

351Details423Details

352 424 

353Expose the freeform `apply_patch` tool (experimental).425Default allow/deny for app tools with `destructive_hint = true`.

354 426 

355Key427Key

356 428 

357`features.apps`429`apps._default.enabled`

358 430 

359Type / Values431Type / Values

360 432 

362 434 

363Details435Details

364 436 

365Enable ChatGPT Apps/connectors support (experimental).437Default app enabled state for all apps unless overridden per app.

366 438 

367Key439Key

368 440 

369`features.apps_mcp_gateway`441`apps._default.open_world_enabled`

370 442 

371Type / Values443Type / Values

372 444 

374 446 

375Details447Details

376 448 

377Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).449Default allow/deny for app tools with `open_world_hint = true`.

378 450 

379Key451Key

380 452 

381`features.child_agents_md`453`apps.<id>.default_tools_approval_mode`

382 454 

383Type / Values455Type / Values

384 456 

385`boolean`457`auto | prompt | approve`

386 458 

387Details459Details

388 460 

389Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).461Default approval behavior for tools in this app unless a per-tool override exists.

390 462 

391Key463Key

392 464 

393`features.collaboration_modes`465`apps.<id>.default_tools_enabled`

394 466 

395Type / Values467Type / Values

396 468 

398 470 

399Details471Details

400 472 

401Enable collaboration modes such as plan mode (stable; on by default).473Default enabled state for tools in this app unless a per-tool override exists.

402 474 

403Key475Key

404 476 

405`features.elevated_windows_sandbox`477`apps.<id>.destructive_enabled`

406 478 

407Type / Values479Type / Values

408 480 

410 482 

411Details483Details

412 484 

413Enable the elevated Windows sandbox pipeline (experimental).485Allow or block tools in this app that advertise `destructive_hint = true`.

414 486 

415Key487Key

416 488 

417`features.experimental_windows_sandbox`489`apps.<id>.enabled`

418 490 

419Type / Values491Type / Values

420 492 

422 494 

423Details495Details

424 496 

425Run the Windows restricted-token sandbox (experimental).497Enable or disable a specific app/connector by id (default: true).

426 498 

427Key499Key

428 500 

429`features.multi_agent`501`apps.<id>.open_world_enabled`

430 502 

431Type / Values503Type / Values

432 504 

434 506 

435Details507Details

436 508 

437Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default).509Allow or block tools in this app that advertise `open_world_hint = true`.

438 510 

439Key511Key

440 512 

441`features.personality`513`apps.<id>.tools.<tool>.approval_mode`

442 514 

443Type / Values515Type / Values

444 516 

445`boolean`517`auto | prompt | approve`

446 518 

447Details519Details

448 520 

449Enable personality selection controls (stable; on by default).521Per-tool approval behavior override for a single app tool.

450 522 

451Key523Key

452 524 

453`features.powershell_utf8`525`apps.<id>.tools.<tool>.enabled`

454 526 

455Type / Values527Type / Values

456 528 

458 530 

459Details531Details

460 532 

461Force PowerShell UTF-8 output (defaults to true).533Per-tool enabled override for an app tool (for example `repos/list`).

462 534 

463Key535Key

464 536 

465`features.remote_models`537`background_terminal_max_timeout`

466 538 

467Type / Values539Type / Values

468 540 

469`boolean`541`number`

470 542 

471Details543Details

472 544 

473Refresh remote model list before showing readiness (experimental).545Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.

474 546 

475Key547Key

476 548 

477`features.request_rule`549`chatgpt_base_url`

478 550 

479Type / Values551Type / Values

480 552 

481`boolean`553`string`

482 554 

483Details555Details

484 556 

485Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).557Override the base URL used during the ChatGPT login flow.

486 558 

487Key559Key

488 560 

489`features.runtime_metrics`561`check_for_update_on_startup`

490 562 

491Type / Values563Type / Values

492 564 

494 566 

495Details567Details

496 568 

497Show runtime metrics summary in TUI turn separators (experimental).569Check for Codex updates on startup (set to false only when updates are centrally managed).

498 570 

499Key571Key

500 572 

501`features.search_tool`573`cli_auth_credentials_store`

502 574 

503Type / Values575Type / Values

504 576 

505`boolean`577`file | keyring | auto`

506 578 

507Details579Details

508 580 

509Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).581Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).

510 582 

511Key583Key

512 584 

513`features.shell_snapshot`585`commit_attribution`

514 586 

515Type / Values587Type / Values

516 588 

517`boolean`589`string`

518 590 

519Details591Details

520 592 

521Snapshot shell environment to speed up repeated commands (beta).593Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

522 594 

523Key595Key

524 596 

525`features.shell_tool`597`compact_prompt`

526 598 

527Type / Values599Type / Values

528 600 

529`boolean`601`string`

530 602 

531Details603Details

532 604 

533Enable the default `shell` tool for running commands (stable; on by default).605Inline override for the history compaction prompt.

534 606 

535Key607Key

536 608 

537`features.unified_exec`609`default_permissions`

538 610 

539Type / Values611Type / Values

540 612 

541`boolean`613`string`

542 614 

543Details615Details

544 616 

545Use the unified PTY-backed exec tool (beta).617Name of the default permissions profile to apply to sandboxed tool calls.

546 618 

547Key619Key

548 620 

549`features.use_linux_sandbox_bwrap`621`developer_instructions`

550 622 

551Type / Values623Type / Values

552 624 

553`boolean`625`string`

554 626 

555Details627Details

556 628 

557Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).629Additional developer instructions injected into the session (optional).

558 630 

559Key631Key

560 632 

561`features.web_search`633`disable_paste_burst`

562 634 

563Type / Values635Type / Values

564 636 

566 638 

567Details639Details

568 640 

569Deprecated legacy toggle; prefer the top-level `web_search` setting.641Disable burst-paste detection in the TUI.

570 642 

571Key643Key

572 644 

573`features.web_search_cached`645`experimental_compact_prompt_file`

574 646 

575Type / Values647Type / Values

576 648 

577`boolean`649`string (path)`

578 650 

579Details651Details

580 652 

581Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.653Load the compaction prompt override from a file (experimental).

582 654 

583Key655Key

584 656 

585`features.web_search_request`657`experimental_use_unified_exec_tool`

586 658 

587Type / Values659Type / Values

588 660 

590 662 

591Details663Details

592 664 

593Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.665Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

594 666 

595Key667Key

596 668 

597`feedback.enabled`669`features.apps`

598 670 

599Type / Values671Type / Values

600 672 

602 674 

603Details675Details

604 676 

605Enable feedback submission via `/feedback` across Codex surfaces (default: true).677Enable ChatGPT Apps/connectors support (experimental).

606 678 

607Key679Key

608 680 

609`file_opener`681`features.codex_hooks`

610 682 

611Type / Values683Type / Values

612 684 

613`vscode | vscode-insiders | windsurf | cursor | none`685`boolean`

614 686 

615Details687Details

616 688 

617URI scheme used to open citations from Codex output (default: `vscode`).689Enable lifecycle hooks loaded from `hooks.json` (under development; off by default).

618 690 

619Key691Key

620 692 

621`forced_chatgpt_workspace_id`693`features.enable_request_compression`

622 694 

623Type / Values695Type / Values

624 696 

625`string (uuid)`697`boolean`

626 698 

627Details699Details

628 700 

629Limit ChatGPT logins to a specific workspace identifier.701Compress streaming request bodies with zstd when supported (stable; on by default).

630 702 

631Key703Key

632 704 

633`forced_login_method`705`features.fast_mode`

634 706 

635Type / Values707Type / Values

636 708 

637`chatgpt | api`709`boolean`

638 710 

639Details711Details

640 712 

641Restrict Codex to a specific authentication method.713Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

642 714 

643Key715Key

644 716 

645`hide_agent_reasoning`717`features.guardian_approval`

646 718 

647Type / Values719Type / Values

648 720 

650 722 

651Details723Details

652 724 

653Suppress reasoning events in both the TUI and `codex exec` output.725Route eligible approval requests through the guardian reviewer subagent (experimental; off by default). Use with `approvals_reviewer = "guardian_subagent"`.

654 726 

655Key727Key

656 728 

657`history.max_bytes`729`features.memories`

658 730 

659Type / Values731Type / Values

660 732 

661`number`733`boolean`

662 734 

663Details735Details

664 736 

665If set, caps the history file size in bytes by dropping oldest entries.737Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

666 738 

667Key739Key

668 740 

669`history.persistence`741`features.multi_agent`

670 742 

671Type / Values743Type / Values

672 744 

673`save-all | none`745`boolean`

674 746 

675Details747Details

676 748 

677Control whether Codex saves session transcripts to history.jsonl.749Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

678 750 

679Key751Key

680 752 

681`include_apply_patch_tool`753`features.personality`

682 754 

683Type / Values755Type / Values

684 756 

686 758 

687Details759Details

688 760 

689Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.761Enable personality selection controls (stable; on by default).

690 762 

691Key763Key

692 764 

693`instructions`765`features.prevent_idle_sleep`

694 766 

695Type / Values767Type / Values

696 768 

697`string`769`boolean`

698 770 

699Details771Details

700 772 

701Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.773Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

702 774 

703Key775Key

704 776 

705`log_dir`777`features.shell_snapshot`

706 778 

707Type / Values779Type / Values

708 780 

709`string (path)`781`boolean`

710 782 

711Details783Details

712 784 

713Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.785Snapshot shell environment to speed up repeated commands (stable; on by default).

714 786 

715Key787Key

716 788 

717`mcp_oauth_callback_port`789`features.shell_tool`

718 790 

719Type / Values791Type / Values

720 792 

721`integer`793`boolean`

722 794 

723Details795Details

724 796 

725Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.797Enable the default `shell` tool for running commands (stable; on by default).

726 798 

727Key799Key

728 800 

729`mcp_oauth_credentials_store`801`features.skill_mcp_dependency_install`

730 802 

731Type / Values803Type / Values

732 804 

733`auto | file | keyring`805`boolean`

734 806 

735Details807Details

736 808 

737Preferred store for MCP OAuth credentials.809Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

738 810 

739Key811Key

740 812 

741`mcp_servers.<id>.args`813`features.undo`

742 814 

743Type / Values815Type / Values

744 816 

745`array<string>`817`boolean`

746 818 

747Details819Details

748 820 

749Arguments passed to the MCP stdio server command.821Enable undo support (stable; off by default).

750 822 

751Key823Key

752 824 

753`mcp_servers.<id>.bearer_token_env_var`825`features.unified_exec`

754 826 

755Type / Values827Type / Values

756 828 

757`string`829`boolean`

758 830 

759Details831Details

760 832 

761Environment variable sourcing the bearer token for an MCP HTTP server.833Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

762 834 

763Key835Key

764 836 

765`mcp_servers.<id>.command`837`features.web_search`

766 838 

767Type / Values839Type / Values

768 840 

769`string`841`boolean`

770 842 

771Details843Details

772 844 

773Launcher command for an MCP stdio server.845Deprecated legacy toggle; prefer the top-level `web_search` setting.

774 846 

775Key847Key

776 848 

777`mcp_servers.<id>.cwd`849`features.web_search_cached`

778 850 

779Type / Values851Type / Values

780 852 

781`string`853`boolean`

782 854 

783Details855Details

784 856 

785Working directory for the MCP stdio server process.857Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.

786 858 

787Key859Key

788 860 

789`mcp_servers.<id>.disabled_tools`861`features.web_search_request`

790 862 

791Type / Values863Type / Values

792 864 

793`array<string>`865`boolean`

794 866 

795Details867Details

796 868 

797Deny list applied after `enabled_tools` for the MCP server.869Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.

798 870 

799Key871Key

800 872 

801`mcp_servers.<id>.enabled`873`feedback.enabled`

802 874 

803Type / Values875Type / Values

804 876 

806 878 

807Details879Details

808 880 

809Disable an MCP server without removing its configuration.881Enable feedback submission via `/feedback` across Codex surfaces (default: true).

810 882 

811Key883Key

812 884 

813`mcp_servers.<id>.enabled_tools`885`file_opener`

814 886 

815Type / Values887Type / Values

816 888 

817`array<string>`889`vscode | vscode-insiders | windsurf | cursor | none`

818 890 

819Details891Details

820 892 

821Allow list of tool names exposed by the MCP server.893URI scheme used to open citations from Codex output (default: `vscode`).

822 894 

823Key895Key

824 896 

825`mcp_servers.<id>.env`897`forced_chatgpt_workspace_id`

826 898 

827Type / Values899Type / Values

828 900 

829`map<string,string>`901`string (uuid)`

830 902 

831Details903Details

832 904 

833Environment variables forwarded to the MCP stdio server.905Limit ChatGPT logins to a specific workspace identifier.

834 906 

835Key907Key

836 908 

837`mcp_servers.<id>.env_http_headers`909`forced_login_method`

838 910 

839Type / Values911Type / Values

840 912 

841`map<string,string>`913`chatgpt | api`

842 914 

843Details915Details

844 916 

845HTTP headers populated from environment variables for an MCP HTTP server.917Restrict Codex to a specific authentication method.

846 918 

847Key919Key

848 920 

849`mcp_servers.<id>.env_vars`921`hide_agent_reasoning`

850 922 

851Type / Values923Type / Values

852 924 

853`array<string>`925`boolean`

854 926 

855Details927Details

856 928 

857Additional environment variables to whitelist for an MCP stdio server.929Suppress reasoning events in both the TUI and `codex exec` output.

858 930 

859Key931Key

860 932 

861`mcp_servers.<id>.http_headers`933`history.max_bytes`

862 934 

863Type / Values935Type / Values

864 936 

865`map<string,string>`937`number`

866 938 

867Details939Details

868 940 

869Static HTTP headers included with each MCP HTTP request.941If set, caps the history file size in bytes by dropping oldest entries.

870 942 

871Key943Key

872 944 

873`mcp_servers.<id>.required`945`history.persistence`

874 946 

875Type / Values947Type / Values

876 948 

877`boolean`949`save-all | none`

878 950 

879Details951Details

880 952 

881When true, fail startup/resume if this enabled MCP server cannot initialize.953Control whether Codex saves session transcripts to history.jsonl.

882 954 

883Key955Key

884 956 

885`mcp_servers.<id>.startup_timeout_ms`957`instructions`

886 958 

887Type / Values959Type / Values

888 960 

889`number`961`string`

890 962 

891Details963Details

892 964 

893Alias for `startup_timeout_sec` in milliseconds.965Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.

894 966 

895Key967Key

896 968 

897`mcp_servers.<id>.startup_timeout_sec`969`log_dir`

898 970 

899Type / Values971Type / Values

900 972 

901`number`973`string (path)`

902 974 

903Details975Details

904 976 

905Override the default 10s startup timeout for an MCP server.977Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.

906 978 

907Key979Key

908 980 

909`mcp_servers.<id>.tool_timeout_sec`981`mcp_oauth_callback_port`

910 982 

911Type / Values983Type / Values

912 984 

913`number`985`integer`

914 986 

915Details987Details

916 988 

917Override the default 60s per-tool timeout for an MCP server.989Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.

918 990 

919Key991Key

920 992 

921`mcp_servers.<id>.url`993`mcp_oauth_callback_url`

922 994 

923Type / Values995Type / Values

924 996 

926 998 

927Details999Details

928 1000 

929Endpoint for an MCP streamable HTTP server.1001Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.

930 1002 

931Key1003Key

932 1004 

933`model`1005`mcp_oauth_credentials_store`

934 1006 

935Type / Values1007Type / Values

936 1008 

937`string`1009`auto | file | keyring`

938 1010 

939Details1011Details

940 1012 

941Model to use (e.g., `gpt-5-codex`).1013Preferred store for MCP OAuth credentials.

942 1014 

943Key1015Key

944 1016 

945`model_auto_compact_token_limit`1017`mcp_servers.<id>.args`

946 1018 

947Type / Values1019Type / Values

948 1020 

949`number`1021`array<string>`

950 1022 

951Details1023Details

952 1024 

953Token threshold that triggers automatic history compaction (unset uses model defaults).1025Arguments passed to the MCP stdio server command.

954 1026 

955Key1027Key

956 1028 

957`model_context_window`1029`mcp_servers.<id>.bearer_token_env_var`

958 1030 

959Type / Values1031Type / Values

960 1032 

961`number`1033`string`

962 1034 

963Details1035Details

964 1036 

965Context window tokens available to the active model.1037Environment variable sourcing the bearer token for an MCP HTTP server.

966 1038 

967Key1039Key

968 1040 

969`model_instructions_file`1041`mcp_servers.<id>.command`

970 1042 

971Type / Values1043Type / Values

972 1044 

973`string (path)`1045`string`

974 1046 

975Details1047Details

976 1048 

977Replacement for built-in instructions instead of `AGENTS.md`.1049Launcher command for an MCP stdio server.

978 1050 

979Key1051Key

980 1052 

981`model_provider`1053`mcp_servers.<id>.cwd`

982 1054 

983Type / Values1055Type / Values

984 1056 

986 1058 

987Details1059Details

988 1060 

989Provider id from `model_providers` (default: `openai`).1061Working directory for the MCP stdio server process.

990 1062 

991Key1063Key

992 1064 

993`model_providers.<id>.base_url`1065`mcp_servers.<id>.disabled_tools`

994 1066 

995Type / Values1067Type / Values

996 1068 

997`string`1069`array<string>`

998 1070 

999Details1071Details

1000 1072 

1001API base URL for the model provider.1073Deny list applied after `enabled_tools` for the MCP server.

1002 1074 

1003Key1075Key

1004 1076 

1005`model_providers.<id>.env_http_headers`1077`mcp_servers.<id>.enabled`

1078 

1079Type / Values

1080 

1081`boolean`

1082 

1083Details

1084 

1085Disable an MCP server without removing its configuration.

1086 

1087Key

1088 

1089`mcp_servers.<id>.enabled_tools`

1090 

1091Type / Values

1092 

1093`array<string>`

1094 

1095Details

1096 

1097Allow list of tool names exposed by the MCP server.

1098 

1099Key

1100 

1101`mcp_servers.<id>.env`

1006 1102 

1007Type / Values1103Type / Values

1008 1104 

1010 1106 

1011Details1107Details

1012 1108 

1013HTTP headers populated from environment variables when present.1109Environment variables forwarded to the MCP stdio server.

1014 1110 

1015Key1111Key

1016 1112 

1017`model_providers.<id>.env_key`1113`mcp_servers.<id>.env_http_headers`

1018 1114 

1019Type / Values1115Type / Values

1020 1116 

1021`string`1117`map<string,string>`

1022 1118 

1023Details1119Details

1024 1120 

1025Environment variable supplying the provider API key.1121HTTP headers populated from environment variables for an MCP HTTP server.

1026 1122 

1027Key1123Key

1028 1124 

1029`model_providers.<id>.env_key_instructions`1125`mcp_servers.<id>.env_vars`

1126 

1127Type / Values

1128 

1129`array<string>`

1130 

1131Details

1132 

1133Additional environment variables to whitelist for an MCP stdio server.

1134 

1135Key

1136 

1137`mcp_servers.<id>.http_headers`

1138 

1139Type / Values

1140 

1141`map<string,string>`

1142 

1143Details

1144 

1145Static HTTP headers included with each MCP HTTP request.

1146 

1147Key

1148 

1149`mcp_servers.<id>.oauth_resource`

1030 1150 

1031Type / Values1151Type / Values

1032 1152 

1034 1154 

1035Details1155Details

1036 1156 

1037Optional setup guidance for the provider API key.1157Optional RFC 8707 OAuth resource parameter to include during MCP login.

1038 1158 

1039Key1159Key

1040 1160 

1041`model_providers.<id>.experimental_bearer_token`1161`mcp_servers.<id>.required`

1162 

1163Type / Values

1164 

1165`boolean`

1166 

1167Details

1168 

1169When true, fail startup/resume if this enabled MCP server cannot initialize.

1170 

1171Key

1172 

1173`mcp_servers.<id>.scopes`

1174 

1175Type / Values

1176 

1177`array<string>`

1178 

1179Details

1180 

1181OAuth scopes to request when authenticating to that MCP server.

1182 

1183Key

1184 

1185`mcp_servers.<id>.startup_timeout_ms`

1186 

1187Type / Values

1188 

1189`number`

1190 

1191Details

1192 

1193Alias for `startup_timeout_sec` in milliseconds.

1194 

1195Key

1196 

1197`mcp_servers.<id>.startup_timeout_sec`

1198 

1199Type / Values

1200 

1201`number`

1202 

1203Details

1204 

1205Override the default 10s startup timeout for an MCP server.

1206 

1207Key

1208 

1209`mcp_servers.<id>.tool_timeout_sec`

1210 

1211Type / Values

1212 

1213`number`

1214 

1215Details

1216 

1217Override the default 60s per-tool timeout for an MCP server.

1218 

1219Key

1220 

1221`mcp_servers.<id>.url`

1042 1222 

1043Type / Values1223Type / Values

1044 1224 

1046 1226 

1047Details1227Details

1048 1228 

1049Direct bearer token for the provider (discouraged; use `env_key`).1229Endpoint for an MCP streamable HTTP server.

1050 1230 

1051Key1231Key

1052 1232 

1053`model_providers.<id>.http_headers`1233`memories.consolidation_model`

1054 1234 

1055Type / Values1235Type / Values

1056 1236 

1057`map<string,string>`1237`string`

1058 1238 

1059Details1239Details

1060 1240 

1061Static HTTP headers added to provider requests.1241Optional model override for global memory consolidation.

1062 1242 

1063Key1243Key

1064 1244 

1065`model_providers.<id>.name`1245`memories.extract_model`

1066 1246 

1067Type / Values1247Type / Values

1068 1248 

1070 1250 

1071Details1251Details

1072 1252 

1073Display name for a custom model provider.1253Optional model override for per-thread memory extraction.

1074 1254 

1075Key1255Key

1076 1256 

1077`model_providers.<id>.query_params`1257`memories.generate_memories`

1078 1258 

1079Type / Values1259Type / Values

1080 1260 

1081`map<string,string>`1261`boolean`

1082 1262 

1083Details1263Details

1084 1264 

1085Extra query parameters appended to provider requests.1265When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1086 1266 

1087Key1267Key

1088 1268 

1089`model_providers.<id>.request_max_retries`1269`memories.max_raw_memories_for_consolidation`

1090 1270 

1091Type / Values1271Type / Values

1092 1272 

1094 1274 

1095Details1275Details

1096 1276 

1097Retry count for HTTP requests to the provider (default: 4).1277Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1098 1278 

1099Key1279Key

1100 1280 

1101`model_providers.<id>.requires_openai_auth`1281`memories.max_rollout_age_days`

1282 

1283Type / Values

1284 

1285`number`

1286 

1287Details

1288 

1289Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1290 

1291Key

1292 

1293`memories.max_rollouts_per_startup`

1294 

1295Type / Values

1296 

1297`number`

1298 

1299Details

1300 

1301Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1302 

1303Key

1304 

1305`memories.max_unused_days`

1306 

1307Type / Values

1308 

1309`number`

1310 

1311Details

1312 

1313Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1314 

1315Key

1316 

1317`memories.min_rollout_idle_hours`

1318 

1319Type / Values

1320 

1321`number`

1322 

1323Details

1324 

1325Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1326 

1327Key

1328 

1329`memories.no_memories_if_mcp_or_web_search`

1102 1330 

1103Type / Values1331Type / Values

1104 1332 

1106 1334 

1107Details1335Details

1108 1336 

1109The provider uses OpenAI authentication (defaults to false).1337When `true`, threads that use MCP tool calls or web search are kept out of memory generation. Defaults to `false`.

1110 1338 

1111Key1339Key

1112 1340 

1113`model_providers.<id>.stream_idle_timeout_ms`1341`memories.use_memories`

1342 

1343Type / Values

1344 

1345`boolean`

1346 

1347Details

1348 

1349When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1350 

1351Key

1352 

1353`model`

1354 

1355Type / Values

1356 

1357`string`

1358 

1359Details

1360 

1361Model to use (e.g., `gpt-5.4`).

1362 

1363Key

1364 

1365`model_auto_compact_token_limit`

1114 1366 

1115Type / Values1367Type / Values

1116 1368 

1118 1370 

1119Details1371Details

1120 1372 

1121Idle timeout for SSE streams in milliseconds (default: 300000).1373Token threshold that triggers automatic history compaction (unset uses model defaults).

1122 1374 

1123Key1375Key

1124 1376 

1125`model_providers.<id>.stream_max_retries`1377`model_catalog_json`

1378 

1379Type / Values

1380 

1381`string (path)`

1382 

1383Details

1384 

1385Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1386 

1387Key

1388 

1389`model_context_window`

1126 1390 

1127Type / Values1391Type / Values

1128 1392 

1130 1394 

1131Details1395Details

1132 1396 

1133Retry count for SSE streaming interruptions (default: 5).1397Context window tokens available to the active model.

1134 1398 

1135Key1399Key

1136 1400 

1137`model_providers.<id>.wire_api`1401`model_instructions_file`

1138 1402 

1139Type / Values1403Type / Values

1140 1404 

1141`chat | responses`1405`string (path)`

1142 1406 

1143Details1407Details

1144 1408 

1145Protocol used by the provider (defaults to `chat` if omitted).1409Replacement for built-in instructions instead of `AGENTS.md`.

1146 1410 

1147Key1411Key

1148 1412 

1149`model_reasoning_effort`1413`model_provider`

1150 1414 

1151Type / Values1415Type / Values

1152 1416 

1153`minimal | low | medium | high | xhigh`1417`string`

1154 1418 

1155Details1419Details

1156 1420 

1157Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1421Provider id from `model_providers` (default: `openai`).

1158 1422 

1159Key1423Key

1160 1424 

1161`model_reasoning_summary`1425`model_providers.<id>`

1162 1426 

1163Type / Values1427Type / Values

1164 1428 

1165`auto | concise | detailed | none`1429`table`

1166 1430 

1167Details1431Details

1168 1432 

1169Select reasoning summary detail or disable summaries entirely.1433Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1170 1434 

1171Key1435Key

1172 1436 

1173`model_supports_reasoning_summaries`1437`model_providers.<id>.auth`

1174 1438 

1175Type / Values1439Type / Values

1176 1440 

1177`boolean`1441`table`

1178 1442 

1179Details1443Details

1180 1444 

1181Force Codex to send or not send reasoning metadata.1445Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1182 1446 

1183Key1447Key

1184 1448 

1185`model_verbosity`1449`model_providers.<id>.auth.args`

1186 1450 

1187Type / Values1451Type / Values

1188 1452 

1189`low | medium | high`1453`array<string>`

1190 1454 

1191Details1455Details

1192 1456 

1193Control GPT-5 Responses API verbosity (defaults to `medium`).1457Arguments passed to the token command.

1194 1458 

1195Key1459Key

1196 1460 

1197`notice.hide_full_access_warning`1461`model_providers.<id>.auth.command`

1462 

1463Type / Values

1464 

1465`string`

1466 

1467Details

1468 

1469Command to run when Codex needs a bearer token. The command must print the token to stdout.

1470 

1471Key

1472 

1473`model_providers.<id>.auth.cwd`

1474 

1475Type / Values

1476 

1477`string (path)`

1478 

1479Details

1480 

1481Working directory for the token command.

1482 

1483Key

1484 

1485`model_providers.<id>.auth.refresh_interval_ms`

1486 

1487Type / Values

1488 

1489`number`

1490 

1491Details

1492 

1493How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1494 

1495Key

1496 

1497`model_providers.<id>.auth.timeout_ms`

1498 

1499Type / Values

1500 

1501`number`

1502 

1503Details

1504 

1505Maximum token command runtime in milliseconds (default: 5000).

1506 

1507Key

1508 

1509`model_providers.<id>.base_url`

1510 

1511Type / Values

1512 

1513`string`

1514 

1515Details

1516 

1517API base URL for the model provider.

1518 

1519Key

1520 

1521`model_providers.<id>.env_http_headers`

1522 

1523Type / Values

1524 

1525`map<string,string>`

1526 

1527Details

1528 

1529HTTP headers populated from environment variables when present.

1530 

1531Key

1532 

1533`model_providers.<id>.env_key`

1534 

1535Type / Values

1536 

1537`string`

1538 

1539Details

1540 

1541Environment variable supplying the provider API key.

1542 

1543Key

1544 

1545`model_providers.<id>.env_key_instructions`

1546 

1547Type / Values

1548 

1549`string`

1550 

1551Details

1552 

1553Optional setup guidance for the provider API key.

1554 

1555Key

1556 

1557`model_providers.<id>.experimental_bearer_token`

1558 

1559Type / Values

1560 

1561`string`

1562 

1563Details

1564 

1565Direct bearer token for the provider (discouraged; use `env_key`).

1566 

1567Key

1568 

1569`model_providers.<id>.http_headers`

1570 

1571Type / Values

1572 

1573`map<string,string>`

1574 

1575Details

1576 

1577Static HTTP headers added to provider requests.

1578 

1579Key

1580 

1581`model_providers.<id>.name`

1582 

1583Type / Values

1584 

1585`string`

1586 

1587Details

1588 

1589Display name for a custom model provider.

1590 

1591Key

1592 

1593`model_providers.<id>.query_params`

1594 

1595Type / Values

1596 

1597`map<string,string>`

1598 

1599Details

1600 

1601Extra query parameters appended to provider requests.

1602 

1603Key

1604 

1605`model_providers.<id>.request_max_retries`

1606 

1607Type / Values

1608 

1609`number`

1610 

1611Details

1612 

1613Retry count for HTTP requests to the provider (default: 4).

1614 

1615Key

1616 

1617`model_providers.<id>.requires_openai_auth`

1618 

1619Type / Values

1620 

1621`boolean`

1622 

1623Details

1624 

1625The provider uses OpenAI authentication (defaults to false).

1626 

1627Key

1628 

1629`model_providers.<id>.stream_idle_timeout_ms`

1630 

1631Type / Values

1632 

1633`number`

1634 

1635Details

1636 

1637Idle timeout for SSE streams in milliseconds (default: 300000).

1638 

1639Key

1640 

1641`model_providers.<id>.stream_max_retries`

1642 

1643Type / Values

1644 

1645`number`

1646 

1647Details

1648 

1649Retry count for SSE streaming interruptions (default: 5).

1650 

1651Key

1652 

1653`model_providers.<id>.supports_websockets`

1654 

1655Type / Values

1656 

1657`boolean`

1658 

1659Details

1660 

1661Whether that provider supports the Responses API WebSocket transport.

1662 

1663Key

1664 

1665`model_providers.<id>.wire_api`

1666 

1667Type / Values

1668 

1669`responses`

1670 

1671Details

1672 

1673Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1674 

1675Key

1676 

1677`model_reasoning_effort`

1678 

1679Type / Values

1680 

1681`minimal | low | medium | high | xhigh`

1682 

1683Details

1684 

1685Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1686 

1687Key

1688 

1689`model_reasoning_summary`

1690 

1691Type / Values

1692 

1693`auto | concise | detailed | none`

1694 

1695Details

1696 

1697Select reasoning summary detail or disable summaries entirely.

1698 

1699Key

1700 

1701`model_supports_reasoning_summaries`

1702 

1703Type / Values

1704 

1705`boolean`

1706 

1707Details

1708 

1709Force Codex to send or not send reasoning metadata.

1710 

1711Key

1712 

1713`model_verbosity`

1714 

1715Type / Values

1716 

1717`low | medium | high`

1718 

1719Details

1720 

1721Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1722 

1723Key

1724 

1725`notice.hide_full_access_warning`

1726 

1727Type / Values

1728 

1729`boolean`

1730 

1731Details

1732 

1733Track acknowledgement of the full access warning prompt.

1734 

1735Key

1736 

1737`notice.hide_gpt-5.1-codex-max_migration_prompt`

1738 

1739Type / Values

1740 

1741`boolean`

1742 

1743Details

1744 

1745Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1746 

1747Key

1748 

1749`notice.hide_gpt5_1_migration_prompt`

1750 

1751Type / Values

1752 

1753`boolean`

1754 

1755Details

1756 

1757Track acknowledgement of the GPT-5.1 migration prompt.

1758 

1759Key

1760 

1761`notice.hide_rate_limit_model_nudge`

1762 

1763Type / Values

1764 

1765`boolean`

1766 

1767Details

1768 

1769Track opt-out of the rate limit model switch reminder.

1770 

1771Key

1772 

1773`notice.hide_world_writable_warning`

1774 

1775Type / Values

1776 

1777`boolean`

1778 

1779Details

1780 

1781Track acknowledgement of the Windows world-writable directories warning.

1782 

1783Key

1784 

1785`notice.model_migrations`

1786 

1787Type / Values

1788 

1789`map<string,string>`

1790 

1791Details

1792 

1793Track acknowledged model migrations as old->new mappings.

1794 

1795Key

1796 

1797`notify`

1798 

1799Type / Values

1800 

1801`array<string>`

1802 

1803Details

1804 

1805Command invoked for notifications; receives a JSON payload from Codex.

1806 

1807Key

1808 

1809`openai_base_url`

1810 

1811Type / Values

1812 

1813`string`

1814 

1815Details

1816 

1817Base URL override for the built-in `openai` model provider.

1818 

1819Key

1820 

1821`oss_provider`

1822 

1823Type / Values

1824 

1825`lmstudio | ollama`

1826 

1827Details

1828 

1829Default local provider used when running with `--oss` (defaults to prompting if unset).

1830 

1831Key

1832 

1833`otel.environment`

1834 

1835Type / Values

1836 

1837`string`

1838 

1839Details

1840 

1841Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1842 

1843Key

1844 

1845`otel.exporter`

1846 

1847Type / Values

1848 

1849`none | otlp-http | otlp-grpc`

1850 

1851Details

1852 

1853Select the OpenTelemetry exporter and provide any endpoint metadata.

1854 

1855Key

1856 

1857`otel.exporter.<id>.endpoint`

1858 

1859Type / Values

1860 

1861`string`

1862 

1863Details

1864 

1865Exporter endpoint for OTEL logs.

1866 

1867Key

1868 

1869`otel.exporter.<id>.headers`

1870 

1871Type / Values

1872 

1873`map<string,string>`

1874 

1875Details

1876 

1877Static headers included with OTEL exporter requests.

1878 

1879Key

1880 

1881`otel.exporter.<id>.protocol`

1882 

1883Type / Values

1884 

1885`binary | json`

1886 

1887Details

1888 

1889Protocol used by the OTLP/HTTP exporter.

1890 

1891Key

1892 

1893`otel.exporter.<id>.tls.ca-certificate`

1894 

1895Type / Values

1896 

1897`string`

1898 

1899Details

1900 

1901CA certificate path for OTEL exporter TLS.

1902 

1903Key

1904 

1905`otel.exporter.<id>.tls.client-certificate`

1906 

1907Type / Values

1908 

1909`string`

1910 

1911Details

1912 

1913Client certificate path for OTEL exporter TLS.

1914 

1915Key

1916 

1917`otel.exporter.<id>.tls.client-private-key`

1918 

1919Type / Values

1920 

1921`string`

1922 

1923Details

1924 

1925Client private key path for OTEL exporter TLS.

1926 

1927Key

1928 

1929`otel.log_user_prompt`

1930 

1931Type / Values

1932 

1933`boolean`

1934 

1935Details

1936 

1937Opt in to exporting raw user prompts with OpenTelemetry logs.

1938 

1939Key

1940 

1941`otel.metrics_exporter`

1942 

1943Type / Values

1944 

1945`none | statsig | otlp-http | otlp-grpc`

1946 

1947Details

1948 

1949Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1950 

1951Key

1952 

1953`otel.trace_exporter`

1954 

1955Type / Values

1956 

1957`none | otlp-http | otlp-grpc`

1958 

1959Details

1960 

1961Select the OpenTelemetry trace exporter and provide any endpoint metadata.

1962 

1963Key

1964 

1965`otel.trace_exporter.<id>.endpoint`

1966 

1967Type / Values

1968 

1969`string`

1970 

1971Details

1972 

1973Trace exporter endpoint for OTEL logs.

1974 

1975Key

1976 

1977`otel.trace_exporter.<id>.headers`

1978 

1979Type / Values

1980 

1981`map<string,string>`

1982 

1983Details

1984 

1985Static headers included with OTEL trace exporter requests.

1986 

1987Key

1988 

1989`otel.trace_exporter.<id>.protocol`

1990 

1991Type / Values

1992 

1993`binary | json`

1994 

1995Details

1996 

1997Protocol used by the OTLP/HTTP trace exporter.

1998 

1999Key

2000 

2001`otel.trace_exporter.<id>.tls.ca-certificate`

1198 2002 

1199Type / Values2003Type / Values

1200 2004 

1201`boolean`2005`string`

1202 2006 

1203Details2007Details

1204 2008 

1205Track acknowledgement of the full access warning prompt.2009CA certificate path for OTEL trace exporter TLS.

1206 2010 

1207Key2011Key

1208 2012 

1209`notice.hide_gpt-5.1-codex-max_migration_prompt`2013`otel.trace_exporter.<id>.tls.client-certificate`

1210 2014 

1211Type / Values2015Type / Values

1212 2016 

1213`boolean`2017`string`

1214 2018 

1215Details2019Details

1216 2020 

1217Track acknowledgement of the gpt-5.1-codex-max migration prompt.2021Client certificate path for OTEL trace exporter TLS.

1218 2022 

1219Key2023Key

1220 2024 

1221`notice.hide_gpt5_1_migration_prompt`2025`otel.trace_exporter.<id>.tls.client-private-key`

1222 2026 

1223Type / Values2027Type / Values

1224 2028 

1225`boolean`2029`string`

1226 2030 

1227Details2031Details

1228 2032 

1229Track acknowledgement of the GPT-5.1 migration prompt.2033Client private key path for OTEL trace exporter TLS.

1230 2034 

1231Key2035Key

1232 2036 

1233`notice.hide_rate_limit_model_nudge`2037`permissions.<name>.filesystem`

1234 2038 

1235Type / Values2039Type / Values

1236 2040 

1237`boolean`2041`table`

1238 2042 

1239Details2043Details

1240 2044 

1241Track opt-out of the rate limit model switch reminder.2045Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

1242 2046 

1243Key2047Key

1244 2048 

1245`notice.hide_world_writable_warning`2049`permissions.<name>.filesystem.":project_roots".<subpath>`

1246 2050 

1247Type / Values2051Type / Values

1248 2052 

1249`boolean`2053`"read" | "write" | "none"`

1250 2054 

1251Details2055Details

1252 2056 

1253Track acknowledgement of the Windows world-writable directories warning.2057Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself.

1254 2058 

1255Key2059Key

1256 2060 

1257`notice.model_migrations`2061`permissions.<name>.filesystem.<path>`

1258 2062 

1259Type / Values2063Type / Values

1260 2064 

1261`map<string,string>`2065`"read" | "write" | "none" | table`

1262 2066 

1263Details2067Details

1264 2068 

1265Track acknowledged model migrations as old->new mappings.2069Grant direct access for a path or special token, or scope nested entries under that root.

1266 2070 

1267Key2071Key

1268 2072 

1269`notify`2073`permissions.<name>.network.allow_local_binding`

1270 2074 

1271Type / Values2075Type / Values

1272 2076 

1273`array<string>`2077`boolean`

1274 2078 

1275Details2079Details

1276 2080 

1277Command invoked for notifications; receives a JSON payload from Codex.2081Permit local bind/listen operations through the managed proxy.

1278 2082 

1279Key2083Key

1280 2084 

1281`oss_provider`2085`permissions.<name>.network.allow_upstream_proxy`

1282 2086 

1283Type / Values2087Type / Values

1284 2088 

1285`lmstudio | ollama`2089`boolean`

1286 2090 

1287Details2091Details

1288 2092 

1289Default local provider used when running with `--oss` (defaults to prompting if unset).2093Allow the managed proxy to chain to another upstream proxy.

1290 2094 

1291Key2095Key

1292 2096 

1293`otel.environment`2097`permissions.<name>.network.dangerously_allow_all_unix_sockets`

1294 2098 

1295Type / Values2099Type / Values

1296 2100 

1297`string`2101`boolean`

1298 2102 

1299Details2103Details

1300 2104 

1301Environment tag applied to emitted OpenTelemetry events (default: `dev`).2105Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

1302 2106 

1303Key2107Key

1304 2108 

1305`otel.exporter`2109`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

1306 2110 

1307Type / Values2111Type / Values

1308 2112 

1309`none | otlp-http | otlp-grpc`2113`boolean`

1310 2114 

1311Details2115Details

1312 2116 

1313Select the OpenTelemetry exporter and provide any endpoint metadata.2117Permit non-loopback bind addresses for the managed proxy listener.

1314 2118 

1315Key2119Key

1316 2120 

1317`otel.exporter.<id>.endpoint`2121`permissions.<name>.network.domains`

1318 2122 

1319Type / Values2123Type / Values

1320 2124 

1321`string`2125`map<string, allow | deny>`

1322 2126 

1323Details2127Details

1324 2128 

1325Exporter endpoint for OTEL logs.2129Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

1326 2130 

1327Key2131Key

1328 2132 

1329`otel.exporter.<id>.headers`2133`permissions.<name>.network.enable_socks5`

1330 2134 

1331Type / Values2135Type / Values

1332 2136 

1333`map<string,string>`2137`boolean`

1334 2138 

1335Details2139Details

1336 2140 

1337Static headers included with OTEL exporter requests.2141Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

1338 2142 

1339Key2143Key

1340 2144 

1341`otel.exporter.<id>.protocol`2145`permissions.<name>.network.enable_socks5_udp`

1342 2146 

1343Type / Values2147Type / Values

1344 2148 

1345`binary | json`2149`boolean`

1346 2150 

1347Details2151Details

1348 2152 

1349Protocol used by the OTLP/HTTP exporter.2153Allow UDP over the SOCKS5 listener when enabled.

1350 2154 

1351Key2155Key

1352 2156 

1353`otel.exporter.<id>.tls.ca-certificate`2157`permissions.<name>.network.enabled`

1354 2158 

1355Type / Values2159Type / Values

1356 2160 

1357`string`2161`boolean`

1358 2162 

1359Details2163Details

1360 2164 

1361CA certificate path for OTEL exporter TLS.2165Enable network access for this named permissions profile.

1362 2166 

1363Key2167Key

1364 2168 

1365`otel.exporter.<id>.tls.client-certificate`2169`permissions.<name>.network.mode`

1366 2170 

1367Type / Values2171Type / Values

1368 2172 

1369`string`2173`limited | full`

1370 2174 

1371Details2175Details

1372 2176 

1373Client certificate path for OTEL exporter TLS.2177Network proxy mode used for subprocess traffic.

1374 2178 

1375Key2179Key

1376 2180 

1377`otel.exporter.<id>.tls.client-private-key`2181`permissions.<name>.network.proxy_url`

1378 2182 

1379Type / Values2183Type / Values

1380 2184 

1382 2186 

1383Details2187Details

1384 2188 

1385Client private key path for OTEL exporter TLS.2189HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

1386 2190 

1387Key2191Key

1388 2192 

1389`otel.log_user_prompt`2193`permissions.<name>.network.socks_url`

1390 2194 

1391Type / Values2195Type / Values

1392 2196 

1393`boolean`2197`string`

1394 2198 

1395Details2199Details

1396 2200 

1397Opt in to exporting raw user prompts with OpenTelemetry logs.2201SOCKS5 proxy endpoint used by this permissions profile.

1398 2202 

1399Key2203Key

1400 2204 

1401`otel.trace_exporter`2205`permissions.<name>.network.unix_sockets`

1402 2206 

1403Type / Values2207Type / Values

1404 2208 

1405`none | otlp-http | otlp-grpc`2209`map<string, allow | none>`

1406 2210 

1407Details2211Details

1408 2212 

1409Select the OpenTelemetry trace exporter and provide any endpoint metadata.2213Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

1410 2214 

1411Key2215Key

1412 2216 

1413`otel.trace_exporter.<id>.endpoint`2217`personality`

1414 2218 

1415Type / Values2219Type / Values

1416 2220 

1417`string`2221`none | friendly | pragmatic`

1418 2222 

1419Details2223Details

1420 2224 

1421Trace exporter endpoint for OTEL logs.2225Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

1422 2226 

1423Key2227Key

1424 2228 

1425`otel.trace_exporter.<id>.headers`2229`plan_mode_reasoning_effort`

1426 2230 

1427Type / Values2231Type / Values

1428 2232 

1429`map<string,string>`2233`none | minimal | low | medium | high | xhigh`

1430 2234 

1431Details2235Details

1432 2236 

1433Static headers included with OTEL trace exporter requests.2237Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

1434 2238 

1435Key2239Key

1436 2240 

1437`otel.trace_exporter.<id>.protocol`2241`profile`

1438 2242 

1439Type / Values2243Type / Values

1440 2244 

1441`binary | json`2245`string`

1442 2246 

1443Details2247Details

1444 2248 

1445Protocol used by the OTLP/HTTP trace exporter.2249Default profile applied at startup (equivalent to `--profile`).

1446 2250 

1447Key2251Key

1448 2252 

1449`otel.trace_exporter.<id>.tls.ca-certificate`2253`profiles.<name>.*`

1450 2254 

1451Type / Values2255Type / Values

1452 2256 

1453`string`2257`various`

1454 2258 

1455Details2259Details

1456 2260 

1457CA certificate path for OTEL trace exporter TLS.2261Profile-scoped overrides for any of the supported configuration keys.

1458 2262 

1459Key2263Key

1460 2264 

1461`otel.trace_exporter.<id>.tls.client-certificate`2265`profiles.<name>.analytics.enabled`

1462 2266 

1463Type / Values2267Type / Values

1464 2268 

1465`string`2269`boolean`

1466 2270 

1467Details2271Details

1468 2272 

1469Client certificate path for OTEL trace exporter TLS.2273Profile-scoped analytics enablement override.

1470 2274 

1471Key2275Key

1472 2276 

1473`otel.trace_exporter.<id>.tls.client-private-key`2277`profiles.<name>.experimental_use_unified_exec_tool`

1474 2278 

1475Type / Values2279Type / Values

1476 2280 

1477`string`2281`boolean`

1478 2282 

1479Details2283Details

1480 2284 

1481Client private key path for OTEL trace exporter TLS.2285Legacy name for enabling unified exec; prefer `[features].unified_exec`.

1482 2286 

1483Key2287Key

1484 2288 

1485`personality`2289`profiles.<name>.model_catalog_json`

1486 2290 

1487Type / Values2291Type / Values

1488 2292 

1489`none | friendly | pragmatic`2293`string (path)`

1490 2294 

1491Details2295Details

1492 2296 

1493Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.2297Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

1494 2298 

1495Key2299Key

1496 2300 

1497`profile`2301`profiles.<name>.model_instructions_file`

1498 2302 

1499Type / Values2303Type / Values

1500 2304 

1501`string`2305`string (path)`

1502 2306 

1503Details2307Details

1504 2308 

1505Default profile applied at startup (equivalent to `--profile`).2309Profile-scoped replacement for the built-in instruction file.

1506 2310 

1507Key2311Key

1508 2312 

1509`profiles.<name>.*`2313`profiles.<name>.oss_provider`

1510 2314 

1511Type / Values2315Type / Values

1512 2316 

1513`various`2317`lmstudio | ollama`

1514 2318 

1515Details2319Details

1516 2320 

1517Profile-scoped overrides for any of the supported configuration keys.2321Profile-scoped OSS provider for `--oss` sessions.

1518 2322 

1519Key2323Key

1520 2324 

1521`profiles.<name>.experimental_use_freeform_apply_patch`2325`profiles.<name>.personality`

1522 2326 

1523Type / Values2327Type / Values

1524 2328 

1525`boolean`2329`none | friendly | pragmatic`

1526 2330 

1527Details2331Details

1528 2332 

1529Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2333Profile-scoped communication style override for supported models.

1530 2334 

1531Key2335Key

1532 2336 

1533`profiles.<name>.experimental_use_unified_exec_tool`2337`profiles.<name>.plan_mode_reasoning_effort`

1534 2338 

1535Type / Values2339Type / Values

1536 2340 

1537`boolean`2341`none | minimal | low | medium | high | xhigh`

1538 2342 

1539Details2343Details

1540 2344 

1541Legacy name for enabling unified exec; prefer `[features].unified_exec`.2345Profile-scoped Plan-mode reasoning override.

1542 2346 

1543Key2347Key

1544 2348 

1545`profiles.<name>.include_apply_patch_tool`2349`profiles.<name>.service_tier`

1546 2350 

1547Type / Values2351Type / Values

1548 2352 

1549`boolean`2353`flex | fast`

1550 2354 

1551Details2355Details

1552 2356 

1553Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2357Profile-scoped service tier preference for new turns.

1554 2358 

1555Key2359Key

1556 2360 

1557`profiles.<name>.oss_provider`2361`profiles.<name>.tools_view_image`

1558 2362 

1559Type / Values2363Type / Values

1560 2364 

1561`lmstudio | ollama`2365`boolean`

1562 2366 

1563Details2367Details

1564 2368 

1565Profile-scoped OSS provider for `--oss` sessions.2369Enable or disable the `view_image` tool in that profile.

1566 2370 

1567Key2371Key

1568 2372 

1569`profiles.<name>.personality`2373`profiles.<name>.web_search`

1570 2374 

1571Type / Values2375Type / Values

1572 2376 

1573`none | friendly | pragmatic`2377`disabled | cached | live`

1574 2378 

1575Details2379Details

1576 2380 

1577Profile-scoped communication style override for supported models.2381Profile-scoped web search mode override (default: `"cached"`).

1578 2382 

1579Key2383Key

1580 2384 

1581`profiles.<name>.web_search`2385`profiles.<name>.windows.sandbox`

1582 2386 

1583Type / Values2387Type / Values

1584 2388 

1585`disabled | cached | live`2389`unelevated | elevated`

1586 2390 

1587Details2391Details

1588 2392 

1589Profile-scoped web search mode override (default: `"cached"`).2393Profile-scoped Windows sandbox mode override.

1590 2394 

1591Key2395Key

1592 2396 

1710 2514 

1711Key2515Key

1712 2516 

2517`service_tier`

2518 

2519Type / Values

2520 

2521`flex | fast`

2522 

2523Details

2524 

2525Preferred service tier for new turns.

2526 

2527Key

2528 

1713`shell_environment_policy.exclude`2529`shell_environment_policy.exclude`

1714 2530 

1715Type / Values2531Type / Values

1830 2646 

1831Key2647Key

1832 2648 

2649`sqlite_home`

2650 

2651Type / Values

2652 

2653`string (path)`

2654 

2655Details

2656 

2657Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

2658 

2659Key

2660 

1833`suppress_unstable_features_warning`2661`suppress_unstable_features_warning`

1834 2662 

1835Type / Values2663Type / Values

1854 2682 

1855Key2683Key

1856 2684 

1857`tools.web_search`2685`tool_suggest.discoverables`

2686 

2687Type / Values

2688 

2689`array<table>`

2690 

2691Details

2692 

2693Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2694 

2695Key

2696 

2697`tools.view_image`

1858 2698 

1859Type / Values2699Type / Values

1860 2700 

1862 2702 

1863Details2703Details

1864 2704 

1865Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2705Enable the local-image attachment tool `view_image`.

2706 

2707Key

2708 

2709`tools.web_search`

2710 

2711Type / Values

2712 

2713`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2714 

2715Details

2716 

2717Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

1866 2718 

1867Key2719Key

1868 2720 

1902 2754 

1903Key2755Key

1904 2756 

2757`tui.model_availability_nux.<model>`

2758 

2759Type / Values

2760 

2761`integer`

2762 

2763Details

2764 

2765Internal startup-tooltip state keyed by model slug.

2766 

2767Key

2768 

1905`tui.notification_method`2769`tui.notification_method`

1906 2770 

1907Type / Values2771Type / Values

1950 2814 

1951Key2815Key

1952 2816 

2817`tui.terminal_title`

2818 

2819Type / Values

2820 

2821`array<string> | null`

2822 

2823Details

2824 

2825Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2826 

2827Key

2828 

2829`tui.theme`

2830 

2831Type / Values

2832 

2833`string`

2834 

2835Details

2836 

2837Syntax-highlighting theme override (kebab-case theme name).

2838 

2839Key

2840 

1953`web_search`2841`web_search`

1954 2842 

1955Type / Values2843Type / Values

1972 2860 

1973Track Windows onboarding acknowledgement (Windows only).2861Track Windows onboarding acknowledgement (Windows only).

1974 2862 

2863Key

2864 

2865`windows.sandbox`

2866 

2867Type / Values

2868 

2869`unelevated | elevated`

2870 

2871Details

2872 

2873Windows-only native sandbox mode when running Codex natively on Windows.

2874 

2875Key

2876 

2877`windows.sandbox_private_desktop`

2878 

2879Type / Values

2880 

2881`boolean`

2882 

2883Details

2884 

2885Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2886 

1975Expand to view all2887Expand to view all

1976 2888 

1977You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2889You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

1986 2898 

1987## `requirements.toml`2899## `requirements.toml`

1988 2900 

1989`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users cant override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/security#admin-enforced-requirements-requirementstoml).2901`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users can't override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/enterprise/managed-configuration#admin-enforced-requirements-requirementstoml).

1990 2902 

1991For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched2903For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

1992requirements. See the security page for precedence details.2904requirements. See the security page for precedence details.

1993 2905 

2906Use `[features]` in `requirements.toml` to pin feature flags by the same

2907canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

2908 

1994| Key | Type / Values | Details |2909| Key | Type / Values | Details |

1995| --- | --- | --- |2910| --- | --- | --- |

1996| `allowed_approval_policies` | `array<string>` | Allowed values for `approval\_policy`. |2911| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

2912| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`). |

1997| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |2913| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

1998| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2914| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2915| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2916| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

1999| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |2917| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2000| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2918| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2001| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2919| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2018 2936 

2019Details2937Details

2020 2938 

2021Allowed values for `approval\_policy`.2939Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

2940 

2941Key

2942 

2943`allowed_approvals_reviewers`

2944 

2945Type / Values

2946 

2947`array<string>`

2948 

2949Details

2950 

2951Allowed values for `approvals_reviewer` (for example `user` and `guardian_subagent`).

2022 2952 

2023Key2953Key

2024 2954 

2046 2976 

2047Key2977Key

2048 2978 

2979`features`

2980 

2981Type / Values

2982 

2983`table`

2984 

2985Details

2986 

2987Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

2988 

2989Key

2990 

2991`features.<name>`

2992 

2993Type / Values

2994 

2995`boolean`

2996 

2997Details

2998 

2999Require a specific canonical feature key to stay enabled or disabled.

3000 

3001Key

3002 

2049`mcp_servers`3003`mcp_servers`

2050 3004 

2051Type / Values3005Type / Values