SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-02-21 00:33 UTC → 2026-05-01 18:29 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
21 Feb 2026, 00:33
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
1 May 2026, 18:29
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Fri 1 18:29 Sat 2 00:48 Sat 2 06:45 Tue 5 23:00 Thu 7 17:08 Thu 7 20:02 Mon 11 18:00 Tue 12 01:59 Wed 13 00:57 Thu 14 07:00 Thu 14 21:00

config-reference.md +1659 −408

Details

6 6 

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11| Key | Type / Values | Details |

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

16| `approval_policy` | `untrusted | on-request | never` | Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

17| `apps.<id>.disabled_reason` | `unknown | user` | Optional reason attached when an app/connector is disabled. |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

31| `apps.<id>.default_tools_approval_mode` | `auto | prompt | approve` | Default approval behavior for tools in this app unless a per-tool override exists. |

32| `apps.<id>.default_tools_enabled` | `boolean` | Default enabled state for tools in this app unless a per-tool override exists. |

33| `apps.<id>.destructive_enabled` | `boolean` | Allow or block tools in this app that advertise `destructive_hint = true`. |

18| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |34| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |

35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

19| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

20| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

21| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

22| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

23| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

24| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

25| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

26| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

27| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

28| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

29| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

30| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

31| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

32| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

33| `features.elevated_windows_sandbox` | `boolean` | Enable the elevated Windows sandbox pipeline (experimental). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

34| `features.experimental_windows_sandbox` | `boolean` | Run the Windows restricted-token sandbox (experimental). |55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

35| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default). |

36| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

37| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

38| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

39| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

40| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

41| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

42| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

43| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

44| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

45| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

46| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

47| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

48| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

53| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

54| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

55| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

56| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

57| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

58| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

59| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

77| `mcp_oauth_callback_url` | `string` | Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port. |

60| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |78| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |

61| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |79| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |

62| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |80| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |

67| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

68| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

69| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

70| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

71| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

72| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

73| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

74| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

75| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

76| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

77| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

78| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

79| `model_context_window` | `number` | Context window tokens available to the active model. |112| `model_context_window` | `number` | Context window tokens available to the active model. |

80| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

81| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

82| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

83| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

84| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

91| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

92| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

93| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

94| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

95| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |138| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

96| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |139| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

97| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |140| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

98| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |141| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

99| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |142| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

100| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |143| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

101| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |144| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

103| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |146| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

104| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |147| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

105| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |148| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

149| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

106| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |150| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

107| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |151| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

108| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |152| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

113| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |157| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

114| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |158| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

115| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |159| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

160| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

116| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |161| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

117| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |162| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

118| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |163| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

120| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |165| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

121| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |166| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

122| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |167| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

168| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

169| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

170| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

171| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

172| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

173| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

174| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

175| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

176| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

177| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

178| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

179| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

180| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

181| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

182| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

183| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

123| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |184| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

185| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

124| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |186| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

125| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |187| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

126| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |188| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

127| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |189| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

128| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |190| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

191| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

129| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |192| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

130| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |193| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

194| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

195| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

196| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

131| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |197| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

198| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

132| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |199| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

133| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |200| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

134| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |201| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

135| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |202| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

136| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |203| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

137| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |204| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

138| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |205| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

139| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |206| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

140| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |207| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

141| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |208| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

209| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

142| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |210| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

143| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |211| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

144| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |212| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

149| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |217| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |

150| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |218| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |

151| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |219| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |

220| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

152| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |221| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

153| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |222| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

154| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

225| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

155| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

156| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |228| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

157| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |229| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

158| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

232| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

233| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

159| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |235| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

160| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |236| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

161| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |237| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

238| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

239| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

162| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |240| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

163| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |241| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

242| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

243| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

164 244 

165Key245Key

166 246 

188 268 

189Key269Key

190 270 

271`agents.<name>.nickname_candidates`

272 

273Type / Values

274 

275`array<string>`

276 

277Details

278 

279Optional pool of display nicknames for spawned agents in that role.

280 

281Key

282 

283`agents.job_max_runtime_seconds`

284 

285Type / Values

286 

287`number`

288 

289Details

290 

291Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.

292 

293Key

294 

295`agents.max_depth`

296 

297Type / Values

298 

299`number`

300 

301Details

302 

303Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).

304 

305Key

306 

191`agents.max_threads`307`agents.max_threads`

192 308 

193Type / Values309Type / Values

196 312 

197Details313Details

198 314 

199Maximum number of agent threads that can be open concurrently.315Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

316 

317Key

318 

319`allow_login_shell`

320 

321Type / Values

322 

323`boolean`

324 

325Details

326 

327Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.

328 

329Key

330 

331`analytics.enabled`

332 

333Type / Values

334 

335`boolean`

336 

337Details

338 

339Enable or disable analytics for this machine/profile. When unset, the client default applies.

200 340 

201Key341Key

202 342 

204 344 

205Type / Values345Type / Values

206 346 

207`untrusted | on-request | never`347`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

208 348 

209Details349Details

210 350 

211Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.351Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

212 352 

213Key353Key

214 354 

215`apps.<id>.disabled_reason`355`approval_policy.granular.mcp_elicitations`

216 356 

217Type / Values357Type / Values

218 358 

219`unknown | user`359`boolean`

220 360 

221Details361Details

222 362 

223Optional reason attached when an app/connector is disabled.363When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

224 364 

225Key365Key

226 366 

227`apps.<id>.enabled`367`approval_policy.granular.request_permissions`

228 368 

229Type / Values369Type / Values

230 370 

232 372 

233Details373Details

234 374 

235Enable or disable a specific app/connector by id (default: true).375When `true`, prompts from the `request_permissions` tool are allowed to surface.

236 376 

237Key377Key

238 378 

239`chatgpt_base_url`379`approval_policy.granular.rules`

240 380 

241Type / Values381Type / Values

242 382 

243`string`383`boolean`

244 384 

245Details385Details

246 386 

247Override the base URL used during the ChatGPT login flow.387When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

248 388 

249Key389Key

250 390 

251`check_for_update_on_startup`391`approval_policy.granular.sandbox_approval`

252 392 

253Type / Values393Type / Values

254 394 

256 396 

257Details397Details

258 398 

259Check for Codex updates on startup (set to false only when updates are centrally managed).399When `true`, sandbox escalation approval prompts are allowed to surface.

260 400 

261Key401Key

262 402 

263`cli_auth_credentials_store`403`approval_policy.granular.skill_approval`

264 404 

265Type / Values405Type / Values

266 406 

267`file | keyring | auto`407`boolean`

268 408 

269Details409Details

270 410 

271Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).411When `true`, skill-script approval prompts are allowed to surface.

272 412 

273Key413Key

274 414 

275`compact_prompt`415`approvals_reviewer`

276 416 

277Type / Values417Type / Values

278 418 

279`string`419`user | auto_review`

280 420 

281Details421Details

282 422 

283Inline override for the history compaction prompt.423Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

284 424 

285Key425Key

286 426 

287`developer_instructions`427`apps._default.destructive_enabled`

288 428 

289Type / Values429Type / Values

290 430 

291`string`431`boolean`

292 432 

293Details433Details

294 434 

295Additional developer instructions injected into the session (optional).435Default allow/deny for app tools with `destructive_hint = true`.

296 436 

297Key437Key

298 438 

299`disable_paste_burst`439`apps._default.enabled`

300 440 

301Type / Values441Type / Values

302 442 

304 444 

305Details445Details

306 446 

307Disable burst-paste detection in the TUI.447Default app enabled state for all apps unless overridden per app.

308 448 

309Key449Key

310 450 

311`experimental_compact_prompt_file`451`apps._default.open_world_enabled`

312 452 

313Type / Values453Type / Values

314 454 

315`string (path)`455`boolean`

316 456 

317Details457Details

318 458 

319Load the compaction prompt override from a file (experimental).459Default allow/deny for app tools with `open_world_hint = true`.

460 

461Key

462 

463`apps.<id>.default_tools_approval_mode`

464 

465Type / Values

466 

467`auto | prompt | approve`

468 

469Details

470 

471Default approval behavior for tools in this app unless a per-tool override exists.

320 472 

321Key473Key

322 474 

323`experimental_use_freeform_apply_patch`475`apps.<id>.default_tools_enabled`

324 476 

325Type / Values477Type / Values

326 478 

328 480 

329Details481Details

330 482 

331Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.483Default enabled state for tools in this app unless a per-tool override exists.

332 484 

333Key485Key

334 486 

335`experimental_use_unified_exec_tool`487`apps.<id>.destructive_enabled`

336 488 

337Type / Values489Type / Values

338 490 

340 492 

341Details493Details

342 494 

343Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.495Allow or block tools in this app that advertise `destructive_hint = true`.

344 496 

345Key497Key

346 498 

347`features.apply_patch_freeform`499`apps.<id>.enabled`

348 500 

349Type / Values501Type / Values

350 502 

352 504 

353Details505Details

354 506 

355Expose the freeform `apply_patch` tool (experimental).507Enable or disable a specific app/connector by id (default: true).

356 508 

357Key509Key

358 510 

359`features.apps`511`apps.<id>.open_world_enabled`

360 512 

361Type / Values513Type / Values

362 514 

364 516 

365Details517Details

366 518 

367Enable ChatGPT Apps/connectors support (experimental).519Allow or block tools in this app that advertise `open_world_hint = true`.

520 

521Key

522 

523`apps.<id>.tools.<tool>.approval_mode`

524 

525Type / Values

526 

527`auto | prompt | approve`

528 

529Details

530 

531Per-tool approval behavior override for a single app tool.

368 532 

369Key533Key

370 534 

371`features.apps_mcp_gateway`535`apps.<id>.tools.<tool>.enabled`

372 536 

373Type / Values537Type / Values

374 538 

376 540 

377Details541Details

378 542 

379Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).543Per-tool enabled override for an app tool (for example `repos/list`).

544 

545Key

546 

547`auto_review.policy`

548 

549Type / Values

550 

551`string`

552 

553Details

554 

555Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

556 

557Key

558 

559`background_terminal_max_timeout`

560 

561Type / Values

562 

563`number`

564 

565Details

566 

567Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.

568 

569Key

570 

571`chatgpt_base_url`

572 

573Type / Values

574 

575`string`

576 

577Details

578 

579Override the base URL used during the ChatGPT login flow.

380 580 

381Key581Key

382 582 

383`features.child_agents_md`583`check_for_update_on_startup`

384 584 

385Type / Values585Type / Values

386 586 

388 588 

389Details589Details

390 590 

391Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).591Check for Codex updates on startup (set to false only when updates are centrally managed).

592 

593Key

594 

595`cli_auth_credentials_store`

596 

597Type / Values

598 

599`file | keyring | auto`

600 

601Details

602 

603Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).

604 

605Key

606 

607`commit_attribution`

608 

609Type / Values

610 

611`string`

612 

613Details

614 

615Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

616 

617Key

618 

619`compact_prompt`

620 

621Type / Values

622 

623`string`

624 

625Details

626 

627Inline override for the history compaction prompt.

628 

629Key

630 

631`default_permissions`

632 

633Type / Values

634 

635`string`

636 

637Details

638 

639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

640 

641Key

642 

643`developer_instructions`

644 

645Type / Values

646 

647`string`

648 

649Details

650 

651Additional developer instructions injected into the session (optional).

392 652 

393Key653Key

394 654 

395`features.collaboration_modes`655`disable_paste_burst`

396 656 

397Type / Values657Type / Values

398 658 

400 660 

401Details661Details

402 662 

403Enable collaboration modes such as plan mode (stable; on by default).663Disable burst-paste detection in the TUI.

664 

665Key

666 

667`experimental_compact_prompt_file`

668 

669Type / Values

670 

671`string (path)`

672 

673Details

674 

675Load the compaction prompt override from a file (experimental).

404 676 

405Key677Key

406 678 

407`features.elevated_windows_sandbox`679`experimental_use_unified_exec_tool`

408 680 

409Type / Values681Type / Values

410 682 

412 684 

413Details685Details

414 686 

415Enable the elevated Windows sandbox pipeline (experimental).687Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

416 688 

417Key689Key

418 690 

419`features.experimental_windows_sandbox`691`features.apps`

420 692 

421Type / Values693Type / Values

422 694 

424 696 

425Details697Details

426 698 

427Run the Windows restricted-token sandbox (experimental).699Enable ChatGPT Apps/connectors support (experimental).

428 700 

429Key701Key

430 702 

431`features.multi_agent`703`features.codex_hooks`

432 704 

433Type / Values705Type / Values

434 706 

436 708 

437Details709Details

438 710 

439Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default).711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

440 712 

441Key713Key

442 714 

443`features.personality`715`features.enable_request_compression`

444 716 

445Type / Values717Type / Values

446 718 

448 720 

449Details721Details

450 722 

451Enable personality selection controls (stable; on by default).723Compress streaming request bodies with zstd when supported (stable; on by default).

452 724 

453Key725Key

454 726 

455`features.powershell_utf8`727`features.fast_mode`

456 728 

457Type / Values729Type / Values

458 730 

460 732 

461Details733Details

462 734 

463Force PowerShell UTF-8 output (defaults to true).735Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

464 736 

465Key737Key

466 738 

467`features.remote_models`739`features.memories`

468 740 

469Type / Values741Type / Values

470 742 

472 744 

473Details745Details

474 746 

475Refresh remote model list before showing readiness (experimental).747Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

476 748 

477Key749Key

478 750 

479`features.request_rule`751`features.multi_agent`

480 752 

481Type / Values753Type / Values

482 754 

484 756 

485Details757Details

486 758 

487Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).759Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

488 760 

489Key761Key

490 762 

491`features.runtime_metrics`763`features.personality`

492 764 

493Type / Values765Type / Values

494 766 

496 768 

497Details769Details

498 770 

499Show runtime metrics summary in TUI turn separators (experimental).771Enable personality selection controls (stable; on by default).

500 772 

501Key773Key

502 774 

503`features.search_tool`775`features.prevent_idle_sleep`

504 776 

505Type / Values777Type / Values

506 778 

508 780 

509Details781Details

510 782 

511Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).783Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

512 784 

513Key785Key

514 786 

520 792 

521Details793Details

522 794 

523Snapshot shell environment to speed up repeated commands (beta).795Snapshot shell environment to speed up repeated commands (stable; on by default).

524 796 

525Key797Key

526 798 

536 808 

537Key809Key

538 810 

539`features.unified_exec`811`features.skill_mcp_dependency_install`

812 

813Type / Values

814 

815`boolean`

816 

817Details

818 

819Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

820 

821Key

822 

823`features.undo`

540 824 

541Type / Values825Type / Values

542 826 

544 828 

545Details829Details

546 830 

547Use the unified PTY-backed exec tool (beta).831Enable undo support (stable; off by default).

548 832 

549Key833Key

550 834 

551`features.use_linux_sandbox_bwrap`835`features.unified_exec`

552 836 

553Type / Values837Type / Values

554 838 

556 840 

557Details841Details

558 842 

559Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).843Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

560 844 

561Key845Key

562 846 

680 964 

681Key965Key

682 966 

683`include_apply_patch_tool`967`hooks`

684 968 

685Type / Values969Type / Values

686 970 

687`boolean`971`table`

688 972 

689Details973Details

690 974 

691Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.975Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

692 976 

693Key977Key

694 978 

728 1012 

729Key1013Key

730 1014 

1015`mcp_oauth_callback_url`

1016 

1017Type / Values

1018 

1019`string`

1020 

1021Details

1022 

1023Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.

1024 

1025Key

1026 

731`mcp_oauth_credentials_store`1027`mcp_oauth_credentials_store`

732 1028 

733Type / Values1029Type / Values

852 1148 

853Type / Values1149Type / Values

854 1150 

855`array<string>`1151`array<string | { name = string, source = "local" | "remote" }>`

856 1152 

857Details1153Details

858 1154 

859Additional environment variables to whitelist for an MCP stdio server.1155Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

860 1156 

861Key1157Key

862 1158 

863`mcp_servers.<id>.http_headers`1159`mcp_servers.<id>.experimental_environment`

864 1160 

865Type / Values1161Type / Values

866 1162 

867`map<string,string>`1163`local | remote`

868 1164 

869Details1165Details

870 1166 

871Static HTTP headers included with each MCP HTTP request.1167Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

872 1168 

873Key1169Key

874 1170 

875`mcp_servers.<id>.required`1171`mcp_servers.<id>.http_headers`

876 1172 

877Type / Values1173Type / Values

878 1174 

879`boolean`1175`map<string,string>`

880 1176 

881Details1177Details

882 1178 

883When true, fail startup/resume if this enabled MCP server cannot initialize.1179Static HTTP headers included with each MCP HTTP request.

884 1180 

885Key1181Key

886 1182 

887`mcp_servers.<id>.startup_timeout_ms`1183`mcp_servers.<id>.oauth_resource`

888 1184 

889Type / Values1185Type / Values

890 1186 

891`number`1187`string`

892 1188 

893Details1189Details

894 1190 

895Alias for `startup_timeout_sec` in milliseconds.1191Optional RFC 8707 OAuth resource parameter to include during MCP login.

896 1192 

897Key1193Key

898 1194 

899`mcp_servers.<id>.startup_timeout_sec`1195`mcp_servers.<id>.required`

900 1196 

901Type / Values1197Type / Values

902 1198 

903`number`1199`boolean`

904 1200 

905Details1201Details

906 1202 

907Override the default 10s startup timeout for an MCP server.1203When true, fail startup/resume if this enabled MCP server cannot initialize.

908 

909Key

910 

911`mcp_servers.<id>.tool_timeout_sec`

912 

913Type / Values

914 

915`number`

916 

917Details

918 

919Override the default 60s per-tool timeout for an MCP server.

920 1204 

921Key1205Key

922 1206 

923`mcp_servers.<id>.url`1207`mcp_servers.<id>.scopes`

924 1208 

925Type / Values1209Type / Values

926 1210 

927`string`1211`array<string>`

928 1212 

929Details1213Details

930 1214 

931Endpoint for an MCP streamable HTTP server.1215OAuth scopes to request when authenticating to that MCP server.

932 1216 

933Key1217Key

934 1218 

935`model`1219`mcp_servers.<id>.startup_timeout_ms`

936 1220 

937Type / Values1221Type / Values

938 1222 

939`string`1223`number`

940 1224 

941Details1225Details

942 1226 

943Model to use (e.g., `gpt-5-codex`).1227Alias for `startup_timeout_sec` in milliseconds.

944 1228 

945Key1229Key

946 1230 

947`model_auto_compact_token_limit`1231`mcp_servers.<id>.startup_timeout_sec`

948 1232 

949Type / Values1233Type / Values

950 1234 

952 1236 

953Details1237Details

954 1238 

955Token threshold that triggers automatic history compaction (unset uses model defaults).1239Override the default 10s startup timeout for an MCP server.

956 1240 

957Key1241Key

958 1242 

959`model_context_window`1243`mcp_servers.<id>.tool_timeout_sec`

960 1244 

961Type / Values1245Type / Values

962 1246 

964 1248 

965Details1249Details

966 1250 

967Context window tokens available to the active model.1251Override the default 60s per-tool timeout for an MCP server.

968 1252 

969Key1253Key

970 1254 

971`model_instructions_file`1255`mcp_servers.<id>.url`

972 1256 

973Type / Values1257Type / Values

974 1258 

975`string (path)`1259`string`

976 1260 

977Details1261Details

978 1262 

979Replacement for built-in instructions instead of `AGENTS.md`.1263Endpoint for an MCP streamable HTTP server.

980 1264 

981Key1265Key

982 1266 

983`model_provider`1267`memories.consolidation_model`

984 1268 

985Type / Values1269Type / Values

986 1270 

988 1272 

989Details1273Details

990 1274 

991Provider id from `model_providers` (default: `openai`).1275Optional model override for global memory consolidation.

992 1276 

993Key1277Key

994 1278 

995`model_providers.<id>.base_url`1279`memories.disable_on_external_context`

996 1280 

997Type / Values1281Type / Values

998 1282 

999`string`1283`boolean`

1000 1284 

1001Details1285Details

1002 1286 

1003API base URL for the model provider.1287When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1004 1288 

1005Key1289Key

1006 1290 

1007`model_providers.<id>.env_http_headers`1291`memories.extract_model`

1008 1292 

1009Type / Values1293Type / Values

1010 1294 

1011`map<string,string>`1295`string`

1012 1296 

1013Details1297Details

1014 1298 

1015HTTP headers populated from environment variables when present.1299Optional model override for per-thread memory extraction.

1016 1300 

1017Key1301Key

1018 1302 

1019`model_providers.<id>.env_key`1303`memories.generate_memories`

1020 1304 

1021Type / Values1305Type / Values

1022 1306 

1023`string`1307`boolean`

1024 1308 

1025Details1309Details

1026 1310 

1027Environment variable supplying the provider API key.1311When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1028 1312 

1029Key1313Key

1030 1314 

1031`model_providers.<id>.env_key_instructions`1315`memories.max_raw_memories_for_consolidation`

1032 1316 

1033Type / Values1317Type / Values

1034 1318 

1035`string`1319`number`

1036 1320 

1037Details1321Details

1038 1322 

1039Optional setup guidance for the provider API key.1323Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1040 1324 

1041Key1325Key

1042 1326 

1043`model_providers.<id>.experimental_bearer_token`1327`memories.max_rollout_age_days`

1044 1328 

1045Type / Values1329Type / Values

1046 1330 

1047`string`1331`number`

1048 1332 

1049Details1333Details

1050 1334 

1051Direct bearer token for the provider (discouraged; use `env_key`).1335Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1052 1336 

1053Key1337Key

1054 1338 

1055`model_providers.<id>.http_headers`1339`memories.max_rollouts_per_startup`

1056 1340 

1057Type / Values1341Type / Values

1058 1342 

1059`map<string,string>`1343`number`

1060 1344 

1061Details1345Details

1062 1346 

1063Static HTTP headers added to provider requests.1347Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1064 1348 

1065Key1349Key

1066 1350 

1067`model_providers.<id>.name`1351`memories.max_unused_days`

1068 1352 

1069Type / Values1353Type / Values

1070 1354 

1071`string`1355`number`

1072 1356 

1073Details1357Details

1074 1358 

1075Display name for a custom model provider.1359Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1076 1360 

1077Key1361Key

1078 1362 

1079`model_providers.<id>.query_params`1363`memories.min_rate_limit_remaining_percent`

1080 1364 

1081Type / Values1365Type / Values

1082 1366 

1083`map<string,string>`1367`number`

1084 1368 

1085Details1369Details

1086 1370 

1087Extra query parameters appended to provider requests.1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1088 1372 

1089Key1373Key

1090 1374 

1091`model_providers.<id>.request_max_retries`1375`memories.min_rollout_idle_hours`

1092 1376 

1093Type / Values1377Type / Values

1094 1378 

1096 1380 

1097Details1381Details

1098 1382 

1099Retry count for HTTP requests to the provider (default: 4).1383Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1100 1384 

1101Key1385Key

1102 1386 

1103`model_providers.<id>.requires_openai_auth`1387`memories.use_memories`

1104 1388 

1105Type / Values1389Type / Values

1106 1390 

1108 1392 

1109Details1393Details

1110 1394 

1111The provider uses OpenAI authentication (defaults to false).1395When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1112 1396 

1113Key1397Key

1114 1398 

1115`model_providers.<id>.stream_idle_timeout_ms`1399`model`

1116 1400 

1117Type / Values1401Type / Values

1118 1402 

1119`number`1403`string`

1120 1404 

1121Details1405Details

1122 1406 

1123Idle timeout for SSE streams in milliseconds (default: 300000).1407Model to use (e.g., `gpt-5.5`).

1124 1408 

1125Key1409Key

1126 1410 

1127`model_providers.<id>.stream_max_retries`1411`model_auto_compact_token_limit`

1128 1412 

1129Type / Values1413Type / Values

1130 1414 

1132 1416 

1133Details1417Details

1134 1418 

1135Retry count for SSE streaming interruptions (default: 5).1419Token threshold that triggers automatic history compaction (unset uses model defaults).

1136 1420 

1137Key1421Key

1138 1422 

1139`model_providers.<id>.wire_api`1423`model_catalog_json`

1140 1424 

1141Type / Values1425Type / Values

1142 1426 

1143`chat | responses`1427`string (path)`

1144 1428 

1145Details1429Details

1146 1430 

1147Protocol used by the provider (defaults to `chat` if omitted).1431Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1148 1432 

1149Key1433Key

1150 1434 

1151`model_reasoning_effort`1435`model_context_window`

1152 1436 

1153Type / Values1437Type / Values

1154 1438 

1155`minimal | low | medium | high | xhigh`1439`number`

1156 1440 

1157Details1441Details

1158 1442 

1159Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1443Context window tokens available to the active model.

1160 1444 

1161Key1445Key

1162 1446 

1163`model_reasoning_summary`1447`model_instructions_file`

1164 1448 

1165Type / Values1449Type / Values

1166 1450 

1167`auto | concise | detailed | none`1451`string (path)`

1168 1452 

1169Details1453Details

1170 1454 

1171Select reasoning summary detail or disable summaries entirely.1455Replacement for built-in instructions instead of `AGENTS.md`.

1172 1456 

1173Key1457Key

1174 1458 

1175`model_supports_reasoning_summaries`1459`model_provider`

1176 1460 

1177Type / Values1461Type / Values

1178 1462 

1179`boolean`1463`string`

1180 1464 

1181Details1465Details

1182 1466 

1183Force Codex to send or not send reasoning metadata.1467Provider id from `model_providers` (default: `openai`).

1184 1468 

1185Key1469Key

1186 1470 

1187`model_verbosity`1471`model_providers.<id>`

1188 1472 

1189Type / Values1473Type / Values

1190 1474 

1191`low | medium | high`1475`table`

1192 1476 

1193Details1477Details

1194 1478 

1195Control GPT-5 Responses API verbosity (defaults to `medium`).1479Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1196 1480 

1197Key1481Key

1198 1482 

1199`notice.hide_full_access_warning`1483`model_providers.<id>.auth`

1200 1484 

1201Type / Values1485Type / Values

1202 1486 

1203`boolean`1487`table`

1204 1488 

1205Details1489Details

1206 1490 

1207Track acknowledgement of the full access warning prompt.1491Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1208 1492 

1209Key1493Key

1210 1494 

1211`notice.hide_gpt-5.1-codex-max_migration_prompt`1495`model_providers.<id>.auth.args`

1212 1496 

1213Type / Values1497Type / Values

1214 1498 

1215`boolean`1499`array<string>`

1216 1500 

1217Details1501Details

1218 1502 

1219Track acknowledgement of the gpt-5.1-codex-max migration prompt.1503Arguments passed to the token command.

1220 1504 

1221Key1505Key

1222 1506 

1223`notice.hide_gpt5_1_migration_prompt`1507`model_providers.<id>.auth.command`

1224 1508 

1225Type / Values1509Type / Values

1226 1510 

1227`boolean`1511`string`

1228 1512 

1229Details1513Details

1230 1514 

1231Track acknowledgement of the GPT-5.1 migration prompt.1515Command to run when Codex needs a bearer token. The command must print the token to stdout.

1232 1516 

1233Key1517Key

1234 1518 

1235`notice.hide_rate_limit_model_nudge`1519`model_providers.<id>.auth.cwd`

1236 1520 

1237Type / Values1521Type / Values

1238 1522 

1239`boolean`1523`string (path)`

1240 1524 

1241Details1525Details

1242 1526 

1243Track opt-out of the rate limit model switch reminder.1527Working directory for the token command.

1244 1528 

1245Key1529Key

1246 1530 

1247`notice.hide_world_writable_warning`1531`model_providers.<id>.auth.refresh_interval_ms`

1248 1532 

1249Type / Values1533Type / Values

1250 1534 

1251`boolean`1535`number`

1252 1536 

1253Details1537Details

1254 1538 

1255Track acknowledgement of the Windows world-writable directories warning.1539How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1256 1540 

1257Key1541Key

1258 1542 

1259`notice.model_migrations`1543`model_providers.<id>.auth.timeout_ms`

1260 1544 

1261Type / Values1545Type / Values

1262 1546 

1263`map<string,string>`1547`number`

1264 1548 

1265Details1549Details

1266 1550 

1267Track acknowledged model migrations as old->new mappings.1551Maximum token command runtime in milliseconds (default: 5000).

1268 1552 

1269Key1553Key

1270 1554 

1271`notify`1555`model_providers.<id>.base_url`

1272 1556 

1273Type / Values1557Type / Values

1274 1558 

1275`array<string>`1559`string`

1276 1560 

1277Details1561Details

1278 1562 

1279Command invoked for notifications; receives a JSON payload from Codex.1563API base URL for the model provider.

1280 1564 

1281Key1565Key

1282 1566 

1283`oss_provider`1567`model_providers.<id>.env_http_headers`

1284 1568 

1285Type / Values1569Type / Values

1286 1570 

1287`lmstudio | ollama`1571`map<string,string>`

1288 1572 

1289Details1573Details

1290 1574 

1291Default local provider used when running with `--oss` (defaults to prompting if unset).1575HTTP headers populated from environment variables when present.

1292 1576 

1293Key1577Key

1294 1578 

1295`otel.environment`1579`model_providers.<id>.env_key`

1296 1580 

1297Type / Values1581Type / Values

1298 1582 

1300 1584 

1301Details1585Details

1302 1586 

1303Environment tag applied to emitted OpenTelemetry events (default: `dev`).1587Environment variable supplying the provider API key.

1304 1588 

1305Key1589Key

1306 1590 

1307`otel.exporter`1591`model_providers.<id>.env_key_instructions`

1308 1592 

1309Type / Values1593Type / Values

1310 1594 

1311`none | otlp-http | otlp-grpc`1595`string`

1312 1596 

1313Details1597Details

1314 1598 

1315Select the OpenTelemetry exporter and provide any endpoint metadata.1599Optional setup guidance for the provider API key.

1316 1600 

1317Key1601Key

1318 1602 

1319`otel.exporter.<id>.endpoint`1603`model_providers.<id>.experimental_bearer_token`

1320 1604 

1321Type / Values1605Type / Values

1322 1606 

1324 1608 

1325Details1609Details

1326 1610 

1327Exporter endpoint for OTEL logs.1611Direct bearer token for the provider (discouraged; use `env_key`).

1328 1612 

1329Key1613Key

1330 1614 

1331`otel.exporter.<id>.headers`1615`model_providers.<id>.http_headers`

1332 1616 

1333Type / Values1617Type / Values

1334 1618 

1336 1620 

1337Details1621Details

1338 1622 

1339Static headers included with OTEL exporter requests.1623Static HTTP headers added to provider requests.

1340 1624 

1341Key1625Key

1342 1626 

1343`otel.exporter.<id>.protocol`1627`model_providers.<id>.name`

1344 1628 

1345Type / Values1629Type / Values

1346 1630 

1347`binary | json`1631`string`

1348 1632 

1349Details1633Details

1350 1634 

1351Protocol used by the OTLP/HTTP exporter.1635Display name for a custom model provider.

1352 1636 

1353Key1637Key

1354 1638 

1355`otel.exporter.<id>.tls.ca-certificate`1639`model_providers.<id>.query_params`

1356 1640 

1357Type / Values1641Type / Values

1358 1642 

1359`string`1643`map<string,string>`

1360 1644 

1361Details1645Details

1362 1646 

1363CA certificate path for OTEL exporter TLS.1647Extra query parameters appended to provider requests.

1364 1648 

1365Key1649Key

1366 1650 

1367`otel.exporter.<id>.tls.client-certificate`1651`model_providers.<id>.request_max_retries`

1368 1652 

1369Type / Values1653Type / Values

1370 1654 

1371`string`1655`number`

1372 1656 

1373Details1657Details

1374 1658 

1375Client certificate path for OTEL exporter TLS.1659Retry count for HTTP requests to the provider (default: 4).

1376 1660 

1377Key1661Key

1378 1662 

1379`otel.exporter.<id>.tls.client-private-key`1663`model_providers.<id>.requires_openai_auth`

1380 1664 

1381Type / Values1665Type / Values

1382 1666 

1383`string`1667`boolean`

1384 1668 

1385Details1669Details

1386 1670 

1387Client private key path for OTEL exporter TLS.1671The provider uses OpenAI authentication (defaults to false).

1388 1672 

1389Key1673Key

1390 1674 

1391`otel.log_user_prompt`1675`model_providers.<id>.stream_idle_timeout_ms`

1392 1676 

1393Type / Values1677Type / Values

1394 1678 

1395`boolean`1679`number`

1396 1680 

1397Details1681Details

1398 1682 

1399Opt in to exporting raw user prompts with OpenTelemetry logs.1683Idle timeout for SSE streams in milliseconds (default: 300000).

1400 1684 

1401Key1685Key

1402 1686 

1403`otel.trace_exporter`1687`model_providers.<id>.stream_max_retries`

1404 1688 

1405Type / Values1689Type / Values

1406 1690 

1407`none | otlp-http | otlp-grpc`1691`number`

1408 1692 

1409Details1693Details

1410 1694 

1411Select the OpenTelemetry trace exporter and provide any endpoint metadata.1695Retry count for SSE streaming interruptions (default: 5).

1412 1696 

1413Key1697Key

1414 1698 

1415`otel.trace_exporter.<id>.endpoint`1699`model_providers.<id>.supports_websockets`

1416 1700 

1417Type / Values1701Type / Values

1418 1702 

1419`string`1703`boolean`

1420 1704 

1421Details1705Details

1422 1706 

1423Trace exporter endpoint for OTEL logs.1707Whether that provider supports the Responses API WebSocket transport.

1424 1708 

1425Key1709Key

1426 1710 

1427`otel.trace_exporter.<id>.headers`1711`model_providers.<id>.wire_api`

1428 1712 

1429Type / Values1713Type / Values

1430 1714 

1431`map<string,string>`1715`responses`

1432 1716 

1433Details1717Details

1434 1718 

1435Static headers included with OTEL trace exporter requests.1719Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1436 1720 

1437Key1721Key

1438 1722 

1439`otel.trace_exporter.<id>.protocol`1723`model_providers.amazon-bedrock.aws.profile`

1440 1724 

1441Type / Values1725Type / Values

1442 1726 

1443`binary | json`1727`string`

1444 1728 

1445Details1729Details

1446 1730 

1447Protocol used by the OTLP/HTTP trace exporter.1731AWS profile name used by the built-in `amazon-bedrock` provider.

1448 1732 

1449Key1733Key

1450 1734 

1451`otel.trace_exporter.<id>.tls.ca-certificate`1735`model_providers.amazon-bedrock.aws.region`

1452 1736 

1453Type / Values1737Type / Values

1454 1738 

1456 1740 

1457Details1741Details

1458 1742 

1459CA certificate path for OTEL trace exporter TLS.1743AWS region used by the built-in `amazon-bedrock` provider.

1460 1744 

1461Key1745Key

1462 1746 

1463`otel.trace_exporter.<id>.tls.client-certificate`1747`model_reasoning_effort`

1464 1748 

1465Type / Values1749Type / Values

1466 1750 

1467`string`1751`minimal | low | medium | high | xhigh`

1468 1752 

1469Details1753Details

1470 1754 

1471Client certificate path for OTEL trace exporter TLS.1755Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1472 1756 

1473Key1757Key

1474 1758 

1475`otel.trace_exporter.<id>.tls.client-private-key`1759`model_reasoning_summary`

1476 1760 

1477Type / Values1761Type / Values

1478 1762 

1479`string`1763`auto | concise | detailed | none`

1480 1764 

1481Details1765Details

1482 1766 

1483Client private key path for OTEL trace exporter TLS.1767Select reasoning summary detail or disable summaries entirely.

1484 1768 

1485Key1769Key

1486 1770 

1487`personality`1771`model_supports_reasoning_summaries`

1488 1772 

1489Type / Values1773Type / Values

1490 1774 

1491`none | friendly | pragmatic`1775`boolean`

1492 1776 

1493Details1777Details

1494 1778 

1495Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.1779Force Codex to send or not send reasoning metadata.

1496 1780 

1497Key1781Key

1498 1782 

1499`profile`1783`model_verbosity`

1500 1784 

1501Type / Values1785Type / Values

1502 1786 

1503`string`1787`low | medium | high`

1504 1788 

1505Details1789Details

1506 1790 

1507Default profile applied at startup (equivalent to `--profile`).1791Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1508 1792 

1509Key1793Key

1510 1794 

1511`profiles.<name>.*`1795`notice.hide_full_access_warning`

1512 1796 

1513Type / Values1797Type / Values

1514 1798 

1515`various`1799`boolean`

1516 1800 

1517Details1801Details

1518 1802 

1519Profile-scoped overrides for any of the supported configuration keys.1803Track acknowledgement of the full access warning prompt.

1520 1804 

1521Key1805Key

1522 1806 

1523`profiles.<name>.experimental_use_freeform_apply_patch`1807`notice.hide_gpt-5.1-codex-max_migration_prompt`

1524 1808 

1525Type / Values1809Type / Values

1526 1810 

1528 1812 

1529Details1813Details

1530 1814 

1531Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1815Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1532 1816 

1533Key1817Key

1534 1818 

1535`profiles.<name>.experimental_use_unified_exec_tool`1819`notice.hide_gpt5_1_migration_prompt`

1536 1820 

1537Type / Values1821Type / Values

1538 1822 

1540 1824 

1541Details1825Details

1542 1826 

1543Legacy name for enabling unified exec; prefer `[features].unified_exec`.1827Track acknowledgement of the GPT-5.1 migration prompt.

1544 1828 

1545Key1829Key

1546 1830 

1547`profiles.<name>.include_apply_patch_tool`1831`notice.hide_rate_limit_model_nudge`

1548 1832 

1549Type / Values1833Type / Values

1550 1834 

1552 1836 

1553Details1837Details

1554 1838 

1555Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1839Track opt-out of the rate limit model switch reminder.

1556 1840 

1557Key1841Key

1558 1842 

1559`profiles.<name>.oss_provider`1843`notice.hide_world_writable_warning`

1560 1844 

1561Type / Values1845Type / Values

1562 1846 

1563`lmstudio | ollama`1847`boolean`

1564 1848 

1565Details1849Details

1566 1850 

1567Profile-scoped OSS provider for `--oss` sessions.1851Track acknowledgement of the Windows world-writable directories warning.

1568 1852 

1569Key1853Key

1570 1854 

1571`profiles.<name>.personality`1855`notice.model_migrations`

1856 

1857Type / Values

1858 

1859`map<string,string>`

1860 

1861Details

1862 

1863Track acknowledged model migrations as old->new mappings.

1864 

1865Key

1866 

1867`notify`

1868 

1869Type / Values

1870 

1871`array<string>`

1872 

1873Details

1874 

1875Command invoked for notifications; receives a JSON payload from Codex.

1876 

1877Key

1878 

1879`openai_base_url`

1880 

1881Type / Values

1882 

1883`string`

1884 

1885Details

1886 

1887Base URL override for the built-in `openai` model provider.

1888 

1889Key

1890 

1891`oss_provider`

1892 

1893Type / Values

1894 

1895`lmstudio | ollama`

1896 

1897Details

1898 

1899Default local provider used when running with `--oss` (defaults to prompting if unset).

1900 

1901Key

1902 

1903`otel.environment`

1904 

1905Type / Values

1906 

1907`string`

1908 

1909Details

1910 

1911Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1912 

1913Key

1914 

1915`otel.exporter`

1916 

1917Type / Values

1918 

1919`none | otlp-http | otlp-grpc`

1920 

1921Details

1922 

1923Select the OpenTelemetry exporter and provide any endpoint metadata.

1924 

1925Key

1926 

1927`otel.exporter.<id>.endpoint`

1928 

1929Type / Values

1930 

1931`string`

1932 

1933Details

1934 

1935Exporter endpoint for OTEL logs.

1936 

1937Key

1938 

1939`otel.exporter.<id>.headers`

1940 

1941Type / Values

1942 

1943`map<string,string>`

1944 

1945Details

1946 

1947Static headers included with OTEL exporter requests.

1948 

1949Key

1950 

1951`otel.exporter.<id>.protocol`

1952 

1953Type / Values

1954 

1955`binary | json`

1956 

1957Details

1958 

1959Protocol used by the OTLP/HTTP exporter.

1960 

1961Key

1962 

1963`otel.exporter.<id>.tls.ca-certificate`

1964 

1965Type / Values

1966 

1967`string`

1968 

1969Details

1970 

1971CA certificate path for OTEL exporter TLS.

1972 

1973Key

1974 

1975`otel.exporter.<id>.tls.client-certificate`

1976 

1977Type / Values

1978 

1979`string`

1980 

1981Details

1982 

1983Client certificate path for OTEL exporter TLS.

1984 

1985Key

1986 

1987`otel.exporter.<id>.tls.client-private-key`

1988 

1989Type / Values

1990 

1991`string`

1992 

1993Details

1994 

1995Client private key path for OTEL exporter TLS.

1996 

1997Key

1998 

1999`otel.log_user_prompt`

2000 

2001Type / Values

2002 

2003`boolean`

2004 

2005Details

2006 

2007Opt in to exporting raw user prompts with OpenTelemetry logs.

2008 

2009Key

2010 

2011`otel.metrics_exporter`

2012 

2013Type / Values

2014 

2015`none | statsig | otlp-http | otlp-grpc`

2016 

2017Details

2018 

2019Select the OpenTelemetry metrics exporter (defaults to `statsig`).

2020 

2021Key

2022 

2023`otel.trace_exporter`

2024 

2025Type / Values

2026 

2027`none | otlp-http | otlp-grpc`

2028 

2029Details

2030 

2031Select the OpenTelemetry trace exporter and provide any endpoint metadata.

2032 

2033Key

2034 

2035`otel.trace_exporter.<id>.endpoint`

2036 

2037Type / Values

2038 

2039`string`

2040 

2041Details

2042 

2043Trace exporter endpoint for OTEL logs.

2044 

2045Key

2046 

2047`otel.trace_exporter.<id>.headers`

2048 

2049Type / Values

2050 

2051`map<string,string>`

2052 

2053Details

2054 

2055Static headers included with OTEL trace exporter requests.

2056 

2057Key

2058 

2059`otel.trace_exporter.<id>.protocol`

2060 

2061Type / Values

2062 

2063`binary | json`

2064 

2065Details

2066 

2067Protocol used by the OTLP/HTTP trace exporter.

2068 

2069Key

2070 

2071`otel.trace_exporter.<id>.tls.ca-certificate`

2072 

2073Type / Values

2074 

2075`string`

2076 

2077Details

2078 

2079CA certificate path for OTEL trace exporter TLS.

2080 

2081Key

2082 

2083`otel.trace_exporter.<id>.tls.client-certificate`

2084 

2085Type / Values

2086 

2087`string`

2088 

2089Details

2090 

2091Client certificate path for OTEL trace exporter TLS.

2092 

2093Key

2094 

2095`otel.trace_exporter.<id>.tls.client-private-key`

2096 

2097Type / Values

2098 

2099`string`

2100 

2101Details

2102 

2103Client private key path for OTEL trace exporter TLS.

2104 

2105Key

2106 

2107`permissions.<name>.filesystem`

2108 

2109Type / Values

2110 

2111`table`

2112 

2113Details

2114 

2115Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

2116 

2117Key

2118 

2119`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

2120 

2121Type / Values

2122 

2123`"read" | "write" | "none"`

2124 

2125Details

2126 

2127Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

2128 

2129Key

2130 

2131`permissions.<name>.filesystem.<path-or-glob>`

2132 

2133Type / Values

2134 

2135`"read" | "write" | "none" | table`

2136 

2137Details

2138 

2139Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

2140 

2141Key

2142 

2143`permissions.<name>.filesystem.glob_scan_max_depth`

2144 

2145Type / Values

2146 

2147`number`

2148 

2149Details

2150 

2151Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2152 

2153Key

2154 

2155`permissions.<name>.network.allow_local_binding`

2156 

2157Type / Values

2158 

2159`boolean`

2160 

2161Details

2162 

2163Permit local bind/listen operations through the managed proxy.

2164 

2165Key

2166 

2167`permissions.<name>.network.allow_upstream_proxy`

2168 

2169Type / Values

2170 

2171`boolean`

2172 

2173Details

2174 

2175Allow the managed proxy to chain to another upstream proxy.

2176 

2177Key

2178 

2179`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2180 

2181Type / Values

2182 

2183`boolean`

2184 

2185Details

2186 

2187Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2188 

2189Key

2190 

2191`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2192 

2193Type / Values

2194 

2195`boolean`

2196 

2197Details

2198 

2199Permit non-loopback bind addresses for the managed proxy listener.

2200 

2201Key

2202 

2203`permissions.<name>.network.domains`

2204 

2205Type / Values

2206 

2207`map<string, allow | deny>`

2208 

2209Details

2210 

2211Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2212 

2213Key

2214 

2215`permissions.<name>.network.enable_socks5`

2216 

2217Type / Values

2218 

2219`boolean`

2220 

2221Details

2222 

2223Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2224 

2225Key

2226 

2227`permissions.<name>.network.enable_socks5_udp`

2228 

2229Type / Values

2230 

2231`boolean`

2232 

2233Details

2234 

2235Allow UDP over the SOCKS5 listener when enabled.

2236 

2237Key

2238 

2239`permissions.<name>.network.enabled`

2240 

2241Type / Values

2242 

2243`boolean`

2244 

2245Details

2246 

2247Enable network access for this named permissions profile.

2248 

2249Key

2250 

2251`permissions.<name>.network.mode`

2252 

2253Type / Values

2254 

2255`limited | full`

2256 

2257Details

2258 

2259Network proxy mode used for subprocess traffic.

2260 

2261Key

2262 

2263`permissions.<name>.network.proxy_url`

2264 

2265Type / Values

2266 

2267`string`

2268 

2269Details

2270 

2271HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2272 

2273Key

2274 

2275`permissions.<name>.network.socks_url`

2276 

2277Type / Values

2278 

2279`string`

2280 

2281Details

2282 

2283SOCKS5 proxy endpoint used by this permissions profile.

2284 

2285Key

2286 

2287`permissions.<name>.network.unix_sockets`

2288 

2289Type / Values

2290 

2291`map<string, allow | none>`

2292 

2293Details

2294 

2295Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2296 

2297Key

2298 

2299`personality`

2300 

2301Type / Values

2302 

2303`none | friendly | pragmatic`

2304 

2305Details

2306 

2307Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

2308 

2309Key

2310 

2311`plan_mode_reasoning_effort`

2312 

2313Type / Values

2314 

2315`none | minimal | low | medium | high | xhigh`

2316 

2317Details

2318 

2319Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

2320 

2321Key

2322 

2323`profile`

2324 

2325Type / Values

2326 

2327`string`

2328 

2329Details

2330 

2331Default profile applied at startup (equivalent to `--profile`).

2332 

2333Key

2334 

2335`profiles.<name>.*`

2336 

2337Type / Values

2338 

2339`various`

2340 

2341Details

2342 

2343Profile-scoped overrides for any of the supported configuration keys.

2344 

2345Key

2346 

2347`profiles.<name>.analytics.enabled`

2348 

2349Type / Values

2350 

2351`boolean`

2352 

2353Details

2354 

2355Profile-scoped analytics enablement override.

2356 

2357Key

2358 

2359`profiles.<name>.experimental_use_unified_exec_tool`

2360 

2361Type / Values

2362 

2363`boolean`

2364 

2365Details

2366 

2367Legacy name for enabling unified exec; prefer `[features].unified_exec`.

2368 

2369Key

2370 

2371`profiles.<name>.model_catalog_json`

2372 

2373Type / Values

2374 

2375`string (path)`

2376 

2377Details

2378 

2379Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

2380 

2381Key

2382 

2383`profiles.<name>.model_instructions_file`

2384 

2385Type / Values

2386 

2387`string (path)`

2388 

2389Details

2390 

2391Profile-scoped replacement for the built-in instruction file.

2392 

2393Key

2394 

2395`profiles.<name>.oss_provider`

2396 

2397Type / Values

2398 

2399`lmstudio | ollama`

2400 

2401Details

2402 

2403Profile-scoped OSS provider for `--oss` sessions.

2404 

2405Key

2406 

2407`profiles.<name>.personality`

1572 2408 

1573Type / Values2409Type / Values

1574 2410 

1576 2412 

1577Details2413Details

1578 2414 

1579Profile-scoped communication style override for supported models.2415Profile-scoped communication style override for supported models.

2416 

2417Key

2418 

2419`profiles.<name>.plan_mode_reasoning_effort`

2420 

2421Type / Values

2422 

2423`none | minimal | low | medium | high | xhigh`

2424 

2425Details

2426 

2427Profile-scoped Plan-mode reasoning override.

2428 

2429Key

2430 

2431`profiles.<name>.service_tier`

2432 

2433Type / Values

2434 

2435`flex | fast`

2436 

2437Details

2438 

2439Profile-scoped service tier preference for new turns.

2440 

2441Key

2442 

2443`profiles.<name>.tools_view_image`

2444 

2445Type / Values

2446 

2447`boolean`

2448 

2449Details

2450 

2451Enable or disable the `view_image` tool in that profile.

2452 

2453Key

2454 

2455`profiles.<name>.web_search`

2456 

2457Type / Values

2458 

2459`disabled | cached | live`

2460 

2461Details

2462 

2463Profile-scoped web search mode override (default: `"cached"`).

2464 

2465Key

2466 

2467`profiles.<name>.windows.sandbox`

2468 

2469Type / Values

2470 

2471`unelevated | elevated`

2472 

2473Details

2474 

2475Profile-scoped Windows sandbox mode override.

2476 

2477Key

2478 

2479`project_doc_fallback_filenames`

2480 

2481Type / Values

2482 

2483`array<string>`

2484 

2485Details

2486 

2487Additional filenames to try when `AGENTS.md` is missing.

2488 

2489Key

2490 

2491`project_doc_max_bytes`

2492 

2493Type / Values

2494 

2495`number`

2496 

2497Details

2498 

2499Maximum bytes read from `AGENTS.md` when building project instructions.

1580 2500 

1581Key2501Key

1582 2502 

1583`profiles.<name>.web_search`2503`project_root_markers`

2504 

2505Type / Values

2506 

2507`array<string>`

2508 

2509Details

2510 

2511List of project root marker filenames; used when searching parent directories for the project root.

2512 

2513Key

2514 

2515`projects.<path>.trust_level`

2516 

2517Type / Values

2518 

2519`string`

2520 

2521Details

2522 

2523Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

2524 

2525Key

2526 

2527`review_model`

2528 

2529Type / Values

2530 

2531`string`

2532 

2533Details

2534 

2535Optional model override used by `/review` (defaults to the current session model).

2536 

2537Key

2538 

2539`sandbox_mode`

2540 

2541Type / Values

2542 

2543`read-only | workspace-write | danger-full-access`

2544 

2545Details

2546 

2547Sandbox policy for filesystem and network access during command execution.

2548 

2549Key

2550 

2551`sandbox_workspace_write.exclude_slash_tmp`

2552 

2553Type / Values

2554 

2555`boolean`

2556 

2557Details

2558 

2559Exclude `/tmp` from writable roots in workspace-write mode.

2560 

2561Key

2562 

2563`sandbox_workspace_write.exclude_tmpdir_env_var`

2564 

2565Type / Values

2566 

2567`boolean`

2568 

2569Details

2570 

2571Exclude `$TMPDIR` from writable roots in workspace-write mode.

2572 

2573Key

2574 

2575`sandbox_workspace_write.network_access`

2576 

2577Type / Values

2578 

2579`boolean`

2580 

2581Details

2582 

2583Allow outbound network access inside the workspace-write sandbox.

2584 

2585Key

2586 

2587`sandbox_workspace_write.writable_roots`

2588 

2589Type / Values

2590 

2591`array<string>`

2592 

2593Details

2594 

2595Additional writable roots when `sandbox_mode = "workspace-write"`.

2596 

2597Key

2598 

2599`service_tier`

2600 

2601Type / Values

2602 

2603`flex | fast`

2604 

2605Details

2606 

2607Preferred service tier for new turns.

2608 

2609Key

2610 

2611`shell_environment_policy.exclude`

2612 

2613Type / Values

2614 

2615`array<string>`

2616 

2617Details

2618 

2619Glob patterns for removing environment variables after the defaults.

2620 

2621Key

2622 

2623`shell_environment_policy.experimental_use_profile`

2624 

2625Type / Values

2626 

2627`boolean`

2628 

2629Details

2630 

2631Use the user shell profile when spawning subprocesses.

2632 

2633Key

2634 

2635`shell_environment_policy.ignore_default_excludes`

2636 

2637Type / Values

2638 

2639`boolean`

2640 

2641Details

2642 

2643Keep variables containing KEY/SECRET/TOKEN before other filters run.

2644 

2645Key

2646 

2647`shell_environment_policy.include_only`

2648 

2649Type / Values

2650 

2651`array<string>`

2652 

2653Details

2654 

2655Whitelist of patterns; when set only matching variables are kept.

2656 

2657Key

2658 

2659`shell_environment_policy.inherit`

2660 

2661Type / Values

2662 

2663`all | core | none`

2664 

2665Details

2666 

2667Baseline environment inheritance when spawning subprocesses.

2668 

2669Key

2670 

2671`shell_environment_policy.set`

2672 

2673Type / Values

2674 

2675`map<string,string>`

2676 

2677Details

2678 

2679Explicit environment overrides injected into every subprocess.

2680 

2681Key

2682 

2683`show_raw_agent_reasoning`

2684 

2685Type / Values

2686 

2687`boolean`

2688 

2689Details

2690 

2691Surface raw reasoning content when the active model emits it.

2692 

2693Key

2694 

2695`skills.config`

2696 

2697Type / Values

2698 

2699`array<object>`

2700 

2701Details

2702 

2703Per-skill enablement overrides stored in config.toml.

2704 

2705Key

2706 

2707`skills.config.<index>.enabled`

2708 

2709Type / Values

2710 

2711`boolean`

2712 

2713Details

2714 

2715Enable or disable the referenced skill.

2716 

2717Key

2718 

2719`skills.config.<index>.path`

2720 

2721Type / Values

2722 

2723`string (path)`

2724 

2725Details

2726 

2727Path to a skill folder containing `SKILL.md`.

2728 

2729Key

2730 

2731`sqlite_home`

2732 

2733Type / Values

2734 

2735`string (path)`

2736 

2737Details

2738 

2739Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

2740 

2741Key

2742 

2743`suppress_unstable_features_warning`

2744 

2745Type / Values

2746 

2747`boolean`

2748 

2749Details

2750 

2751Suppress the warning that appears when under-development feature flags are enabled.

2752 

2753Key

2754 

2755`tool_output_token_limit`

1584 2756 

1585Type / Values2757Type / Values

1586 2758 

1587`disabled | cached | live`2759`number`

1588 2760 

1589Details2761Details

1590 2762 

1591Profile-scoped web search mode override (default: `"cached"`).2763Token budget for storing individual tool/function outputs in history.

1592 2764 

1593Key2765Key

1594 2766 

1595`project_doc_fallback_filenames`2767`tool_suggest.disabled_tools`

1596 2768 

1597Type / Values2769Type / Values

1598 2770 

1599`array<string>`2771`array<table>`

1600 2772 

1601Details2773Details

1602 2774 

1603Additional filenames to try when `AGENTS.md` is missing.2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

1604 2776 

1605Key2777Key

1606 2778 

1607`project_doc_max_bytes`2779`tool_suggest.discoverables`

1608 2780 

1609Type / Values2781Type / Values

1610 2782 

1611`number`2783`array<table>`

1612 2784 

1613Details2785Details

1614 2786 

1615Maximum bytes read from `AGENTS.md` when building project instructions.2787Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

1616 2788 

1617Key2789Key

1618 2790 

1619`project_root_markers`2791`tools.view_image`

1620 2792 

1621Type / Values2793Type / Values

1622 2794 

1623`array<string>`2795`boolean`

1624 2796 

1625Details2797Details

1626 2798 

1627List of project root marker filenames; used when searching parent directories for the project root.2799Enable the local-image attachment tool `view_image`.

1628 2800 

1629Key2801Key

1630 2802 

1631`projects.<path>.trust_level`2803`tools.web_search`

1632 2804 

1633Type / Values2805Type / Values

1634 2806 

1635`string`2807`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

1636 2808 

1637Details2809Details

1638 2810 

1639Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2811Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

1640 2812 

1641Key2813Key

1642 2814 

1643`review_model`2815`tui`

1644 2816 

1645Type / Values2817Type / Values

1646 2818 

1647`string`2819`table`

1648 2820 

1649Details2821Details

1650 2822 

1651Optional model override used by `/review` (defaults to the current session model).2823TUI-specific options such as enabling inline desktop notifications.

1652 2824 

1653Key2825Key

1654 2826 

1655`sandbox_mode`2827`tui.alternate_screen`

1656 2828 

1657Type / Values2829Type / Values

1658 2830 

1659`read-only | workspace-write | danger-full-access`2831`auto | always | never`

1660 2832 

1661Details2833Details

1662 2834 

1663Sandbox policy for filesystem and network access during command execution.2835Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).

1664 2836 

1665Key2837Key

1666 2838 

1667`sandbox_workspace_write.exclude_slash_tmp`2839`tui.animations`

1668 2840 

1669Type / Values2841Type / Values

1670 2842 

1672 2844 

1673Details2845Details

1674 2846 

1675Exclude `/tmp` from writable roots in workspace-write mode.2847Enable terminal animations (welcome screen, shimmer, spinner) (default: true).

1676 2848 

1677Key2849Key

1678 2850 

1679`sandbox_workspace_write.exclude_tmpdir_env_var`2851`tui.keymap.<context>.<action>`

1680 2852 

1681Type / Values2853Type / Values

1682 2854 

1683`boolean`2855`string | array<string>`

1684 2856 

1685Details2857Details

1686 2858 

1687Exclude `$TMPDIR` from writable roots in workspace-write mode.2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

1688 2860 

1689Key2861Key

1690 2862 

1691`sandbox_workspace_write.network_access`2863`tui.keymap.<context>.<action> = []`

1692 2864 

1693Type / Values2865Type / Values

1694 2866 

1695`boolean`2867`empty array`

1696 2868 

1697Details2869Details

1698 2870 

1699Allow outbound network access inside the workspace-write sandbox.2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

1700 2872 

1701Key2873Key

1702 2874 

1703`sandbox_workspace_write.writable_roots`2875`tui.model_availability_nux.<model>`

1704 2876 

1705Type / Values2877Type / Values

1706 2878 

1707`array<string>`2879`integer`

1708 2880 

1709Details2881Details

1710 2882 

1711Additional writable roots when `sandbox_mode = "workspace-write"`.2883Internal startup-tooltip state keyed by model slug.

1712 2884 

1713Key2885Key

1714 2886 

1715`shell_environment_policy.exclude`2887`tui.notification_condition`

1716 2888 

1717Type / Values2889Type / Values

1718 2890 

1719`array<string>`2891`unfocused | always`

1720 2892 

1721Details2893Details

1722 2894 

1723Glob patterns for removing environment variables after the defaults.2895Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

1724 2896 

1725Key2897Key

1726 2898 

1727`shell_environment_policy.experimental_use_profile`2899`tui.notification_method`

1728 2900 

1729Type / Values2901Type / Values

1730 2902 

1731`boolean`2903`auto | osc9 | bel`

1732 2904 

1733Details2905Details

1734 2906 

1735Use the user shell profile when spawning subprocesses.2907Notification method for terminal notifications (default: auto).

1736 2908 

1737Key2909Key

1738 2910 

1739`shell_environment_policy.ignore_default_excludes`2911`tui.notifications`

1740 2912 

1741Type / Values2913Type / Values

1742 2914 

1743`boolean`2915`boolean | array<string>`

1744 2916 

1745Details2917Details

1746 2918 

1747Keep variables containing KEY/SECRET/TOKEN before other filters run.2919Enable TUI notifications; optionally restrict to specific event types.

1748 2920 

1749Key2921Key

1750 2922 

1751`shell_environment_policy.include_only`2923`tui.show_tooltips`

1752 2924 

1753Type / Values2925Type / Values

1754 2926 

1755`array<string>`2927`boolean`

1756 2928 

1757Details2929Details

1758 2930 

1759Whitelist of patterns; when set only matching variables are kept.2931Show onboarding tooltips in the TUI welcome screen (default: true).

1760 2932 

1761Key2933Key

1762 2934 

1763`shell_environment_policy.inherit`2935`tui.status_line`

1764 2936 

1765Type / Values2937Type / Values

1766 2938 

1767`all | core | none`2939`array<string> | null`

1768 2940 

1769Details2941Details

1770 2942 

1771Baseline environment inheritance when spawning subprocesses.2943Ordered list of TUI footer status-line item identifiers. `null` disables the status line.

1772 2944 

1773Key2945Key

1774 2946 

1775`shell_environment_policy.set`2947`tui.terminal_title`

1776 2948 

1777Type / Values2949Type / Values

1778 2950 

1779`map<string,string>`2951`array<string> | null`

1780 2952 

1781Details2953Details

1782 2954 

1783Explicit environment overrides injected into every subprocess.2955Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

1784 2956 

1785Key2957Key

1786 2958 

1787`show_raw_agent_reasoning`2959`tui.theme`

1788 2960 

1789Type / Values2961Type / Values

1790 2962 

1791`boolean`2963`string`

1792 2964 

1793Details2965Details

1794 2966 

1795Surface raw reasoning content when the active model emits it.2967Syntax-highlighting theme override (kebab-case theme name).

1796 2968 

1797Key2969Key

1798 2970 

1799`skills.config`2971`web_search`

1800 2972 

1801Type / Values2973Type / Values

1802 2974 

1803`array<object>`2975`disabled | cached | live`

1804 2976 

1805Details2977Details

1806 2978 

1807Per-skill enablement overrides stored in config.toml.2979Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.

1808 2980 

1809Key2981Key

1810 2982 

1811`skills.config.<index>.enabled`2983`windows_wsl_setup_acknowledged`

1812 2984 

1813Type / Values2985Type / Values

1814 2986 

1816 2988 

1817Details2989Details

1818 2990 

1819Enable or disable the referenced skill.2991Track Windows onboarding acknowledgement (Windows only).

1820 2992 

1821Key2993Key

1822 2994 

1823`skills.config.<index>.path`2995`windows.sandbox`

1824 2996 

1825Type / Values2997Type / Values

1826 2998 

1827`string (path)`2999`unelevated | elevated`

1828 3000 

1829Details3001Details

1830 3002 

1831Path to a skill folder containing `SKILL.md`.3003Windows-only native sandbox mode when running Codex natively on Windows.

1832 3004 

1833Key3005Key

1834 3006 

1835`suppress_unstable_features_warning`3007`windows.sandbox_private_desktop`

1836 3008 

1837Type / Values3009Type / Values

1838 3010 

1840 3012 

1841Details3013Details

1842 3014 

1843Suppress the warning that appears when under-development feature flags are enabled.3015Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

1844 3016 

1845Key3017Expand to view all

1846 3018 

1847`tool_output_token_limit`3019You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

1848 3020 

1849Type / Values3021To get autocompletion and diagnostics when editing `config.toml` in VS Code or Cursor, you can install the [Even Better TOML](https://marketplace.visualstudio.com/items?itemName=tamasfe.even-better-toml) extension and add this line to the top of your `config.toml`:

1850 3022 

1851`number`3023```toml

3024#:schema https://developers.openai.com/codex/config-schema.json

3025```

1852 3026 

1853Details3027Note: Rename `experimental_instructions_file` to `model_instructions_file`. Codex deprecates the old key; update existing configs to the new name.

1854 3028 

1855Token budget for storing individual tool/function outputs in history.3029## `requirements.toml`

3030 

3031`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users can't override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/enterprise/managed-configuration#admin-enforced-requirements-requirementstoml).

3032 

3033For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

3034requirements. See the security page for precedence details.

3035 

3036Use `[features]` in `requirements.toml` to pin feature flags by the same

3037canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

3038 

3039| Key | Type / Values | Details |

3040| --- | --- | --- |

3041| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

3042| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

3043| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

3045| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

3046| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3053| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

3054| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

3055| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

3056| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

3057| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

3058| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

3059| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

3060| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

3061| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

3062| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

3063| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

3064| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

3065| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

3066| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

3067| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. |

3068| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. |

3069| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. |

3070| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. |

1856 3071 

1857Key3072Key

1858 3073 

1859`tools.web_search`3074`allowed_approval_policies`

1860 3075 

1861Type / Values3076Type / Values

1862 3077 

1863`boolean`3078`array<string>`

1864 3079 

1865Details3080Details

1866 3081 

1867Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.3082Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

1868 3083 

1869Key3084Key

1870 3085 

1871`tui`3086`allowed_approvals_reviewers`

1872 3087 

1873Type / Values3088Type / Values

1874 3089 

1875`table`3090`array<string>`

1876 3091 

1877Details3092Details

1878 3093 

1879TUI-specific options such as enabling inline desktop notifications.3094Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

1880 3095 

1881Key3096Key

1882 3097 

1883`tui.alternate_screen`3098`allowed_sandbox_modes`

1884 3099 

1885Type / Values3100Type / Values

1886 3101 

1887`auto | always | never`3102`array<string>`

1888 3103 

1889Details3104Details

1890 3105 

1891Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).3106Allowed values for `sandbox_mode`.

1892 3107 

1893Key3108Key

1894 3109 

1895`tui.animations`3110`allowed_web_search_modes`

1896 3111 

1897Type / Values3112Type / Values

1898 3113 

1899`boolean`3114`array<string>`

1900 3115 

1901Details3116Details

1902 3117 

1903Enable terminal animations (welcome screen, shimmer, spinner) (default: true).3118Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.

1904 3119 

1905Key3120Key

1906 3121 

1907`tui.notification_method`3122`features`

1908 3123 

1909Type / Values3124Type / Values

1910 3125 

1911`auto | osc9 | bel`3126`table`

1912 3127 

1913Details3128Details

1914 3129 

1915Notification method for unfocused terminal notifications (default: auto).3130Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

1916 3131 

1917Key3132Key

1918 3133 

1919`tui.notifications`3134`features.<name>`

1920 3135 

1921Type / Values3136Type / Values

1922 3137 

1923`boolean | array<string>`3138`boolean`

1924 3139 

1925Details3140Details

1926 3141 

1927Enable TUI notifications; optionally restrict to specific event types.3142Require a specific canonical feature key to stay enabled or disabled.

1928 3143 

1929Key3144Key

1930 3145 

1931`tui.show_tooltips`3146`features.browser_use`

1932 3147 

1933Type / Values3148Type / Values

1934 3149 

1936 3151 

1937Details3152Details

1938 3153 

1939Show onboarding tooltips in the TUI welcome screen (default: true).3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

1940 3155 

1941Key3156Key

1942 3157 

1943`tui.status_line`3158`features.computer_use`

1944 3159 

1945Type / Values3160Type / Values

1946 3161 

1947`array<string> | null`3162`boolean`

1948 3163 

1949Details3164Details

1950 3165 

1951Ordered list of TUI footer status-line item identifiers. `null` disables the status line.3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

1952 3167 

1953Key3168Key

1954 3169 

1955`web_search`3170`features.in_app_browser`

1956 3171 

1957Type / Values3172Type / Values

1958 3173 

1959`disabled | cached | live`3174`boolean`

1960 3175 

1961Details3176Details

1962 3177 

1963Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

1964 3179 

1965Key3180Key

1966 3181 

1967`windows_wsl_setup_acknowledged`3182`guardian_policy_config`

1968 3183 

1969Type / Values3184Type / Values

1970 3185 

1971`boolean`3186`string`

1972 3187 

1973Details3188Details

1974 3189 

1975Track Windows onboarding acknowledgement (Windows only).3190Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

1976 3191 

1977Expand to view all3192Key

1978 3193 

1979You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).3194`hooks`

1980 3195 

1981To get autocompletion and diagnostics when editing `config.toml` in VS Code or Cursor, you can install the [Even Better TOML](https://marketplace.visualstudio.com/items?itemName=tamasfe.even-better-toml) extension and add this line to the top of your `config.toml`:3196Type / Values

1982 3197 

1983```toml3198`table`

1984#:schema https://developers.openai.com/codex/config-schema.json

1985```

1986 3199 

1987Note: Rename `experimental_instructions_file` to `model_instructions_file`. Codex deprecates the old key; update existing configs to the new name.3200Details

1988 3201 

1989## `requirements.toml`3202Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

1990 3203 

1991`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users can’t override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/security#admin-enforced-requirements-requirementstoml).3204Key

1992 3205 

1993For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched3206`hooks.<Event>`

1994requirements. See the security page for precedence details.

1995 3207 

1996| Key | Type / Values | Details |3208Type / Values

1997| --- | --- | --- |3209 

1998| `allowed_approval_policies` | `array<string>` | Allowed values for `approval\_policy`. |3210`array<table>`

1999| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |3211 

2000| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3212Details

2001| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |3213 

2002| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |3214Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

2003| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2004| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2005| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2006| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2007| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2008| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. |

2009| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. |

2010| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. |

2011| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. |

2012 3215 

2013Key3216Key

2014 3217 

2015`allowed_approval_policies`3218`hooks.<Event>[].hooks`

2016 3219 

2017Type / Values3220Type / Values

2018 3221 

2019`array<string>`3222`array<table>`

2020 3223 

2021Details3224Details

2022 3225 

2023Allowed values for `approval\_policy`.3226Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

2024 3227 

2025Key3228Key

2026 3229 

2027`allowed_sandbox_modes`3230`hooks.managed_dir`

2028 3231 

2029Type / Values3232Type / Values

2030 3233 

2031`array<string>`3234`string (absolute path)`

2032 3235 

2033Details3236Details

2034 3237 

2035Allowed values for `sandbox_mode`.3238Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

2036 3239 

2037Key3240Key

2038 3241 

2039`allowed_web_search_modes`3242`hooks.windows_managed_dir`

2040 3243 

2041Type / Values3244Type / Values

2042 3245 

2043`array<string>`3246`string (absolute path)`

2044 3247 

2045Details3248Details

2046 3249 

2047Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.3250Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

2048 3251 

2049Key3252Key

2050 3253 

2096 3299 

2097Key3300Key

2098 3301 

3302`permissions.filesystem.deny_read`

3303 

3304Type / Values

3305 

3306`array<string>`

3307 

3308Details

3309 

3310Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3311 

3312Key

3313 

3314`remote_sandbox_config`

3315 

3316Type / Values

3317 

3318`array<table>`

3319 

3320Details

3321 

3322Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3323 

3324Key

3325 

3326`remote_sandbox_config[].allowed_sandbox_modes`

3327 

3328Type / Values

3329 

3330`array<string>`

3331 

3332Details

3333 

3334Allowed sandbox modes to apply when this host-specific entry matches.

3335 

3336Key

3337 

3338`remote_sandbox_config[].hostname_patterns`

3339 

3340Type / Values

3341 

3342`array<string>`

3343 

3344Details

3345 

3346Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3347 

3348Key

3349 

2099`rules`3350`rules`

2100 3351 

2101Type / Values3352Type / Values