config-reference diff

config-reference.md +1515 −2156

Details

6 6

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10

~~11| Key | Type / Values | Details |~~11<ConfigTable

~~12| --- | --- | --- |~~12 options={[

~~13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |~~13 {

~~14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |~~14 key: "model",

~~15| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |~~15 type: "string",

~~17| `apps.<id>.disabled_reason` | `unknown | user` | Optional reason attached when an app/connector is disabled. |~~17 },

~~18| `apps.<id>.enabled` | `boolean` | Enable or disable a specific app/connector by id (default: true). |~~18 {

~~19| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |~~19 key: "review_model",

~~20| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |~~20 type: "string",

~~22| `compact_prompt` | `string` | Inline override for the history compaction prompt. |~~22 "Optional model override used by `/review` (defaults to the current session model).",

~~23| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |~~23 },

~~24| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |~~24 {

~~25| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |~~25 key: "model_provider",

~~26| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |~~26 type: "string",

~~27| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |~~27 description: "Provider id from `model_providers` (default: `openai`).",

~~28| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |~~28 },

~~29| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |~~29 {

~~30| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |~~30 key: "openai_base_url",

~~31| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |~~31 type: "string",

~~32| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |~~32 description:

~~33| `features.elevated_windows_sandbox` | `boolean` | Enable the elevated Windows sandbox pipeline (experimental). |~~33 "Base URL override for the built-in `openai` model provider.",

~~34| `features.experimental_windows_sandbox` | `boolean` | Run the Windows restricted-token sandbox (experimental). |~~34 },

~~35| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default). |~~35 {

~~36| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |~~36 key: "model_context_window",

~~37| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |~~37 type: "number",

~~38| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |~~38 description: "Context window tokens available to the active model.",

~~39| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |~~39 },

~~40| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |~~40 {

~~41| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |~~41 key: "model_auto_compact_token_limit",

~~42| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |~~42 type: "number",

~~43| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |~~43 description:

~~44| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |~~44 "Token threshold that triggers automatic history compaction (unset uses model defaults).",

~~45| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |~~45 },

~~46| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |~~46 {

~~47| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |~~47 key: "model_catalog_json",

~~48| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |~~48 type: "string (path)",

~~49| `feedback.enabled` | `boolean` | Enable feedback submission via `/feedback` across Codex surfaces (default: true). |~~49 description:

~~51| `forced_chatgpt_workspace_id` | `string (uuid)` | Limit ChatGPT logins to a specific workspace identifier. |~~51 },

~~52| `forced_login_method` | `chatgpt | api` | Restrict Codex to a specific authentication method. |~~52 {

~~53| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |~~53 key: "oss_provider",

~~56| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |~~56 "Default local provider used when running with `--oss` (defaults to prompting if unset).",

~~57| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |~~57 },

~~58| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |~~58 {

~~59| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |~~59 key: "approval_policy",

~~60| `mcp_oauth_credentials_store` | `auto | file | keyring` | Preferred store for MCP OAuth credentials. |~~60 type: "untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }",

~~61| `mcp_servers.<id>.args` | `array<string>` | Arguments passed to the MCP stdio server command. |~~61 description:

~~62| `mcp_servers.<id>.bearer_token_env_var` | `string` | Environment variable sourcing the bearer token for an MCP HTTP server. |~~62 "Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.",

~~63| `mcp_servers.<id>.command` | `string` | Launcher command for an MCP stdio server. |~~63 },

~~64| `mcp_servers.<id>.cwd` | `string` | Working directory for the MCP stdio server process. |~~64 {

~~65| `mcp_servers.<id>.disabled_tools` | `array<string>` | Deny list applied after `enabled_tools` for the MCP server. |~~65 key: "approval_policy.granular.sandbox_approval",

~~66| `mcp_servers.<id>.enabled` | `boolean` | Disable an MCP server without removing its configuration. |~~66 type: "boolean",

~~67| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |~~67 description:

~~68| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |~~68 "When `true`, sandbox escalation approval prompts are allowed to surface.",

~~69| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |~~69 },

~~70| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |~~70 {

~~71| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |~~71 key: "approval_policy.granular.rules",

~~72| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |~~72 type: "boolean",

~~73| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |~~73 description:

~~74| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |~~74 "When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.",

~~75| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |~~75 },

~~76| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |~~76 {

~~77| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |~~77 key: "approval_policy.granular.mcp_elicitations",

~~78| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |~~78 type: "boolean",

~~79| `model_context_window` | `number` | Context window tokens available to the active model. |~~79 description:

~~80| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |~~80 "When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.",

~~81| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |~~81 },

~~82| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |~~82 {

~~83| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |~~83 key: "approval_policy.granular.request_permissions",

~~84| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |~~84 type: "boolean",

~~85| `model_providers.<id>.env_key_instructions` | `string` | Optional setup guidance for the provider API key. |~~85 description:

~~86| `model_providers.<id>.experimental_bearer_token` | `string` | Direct bearer token for the provider (discouraged; use `env_key`). |~~86 "When `true`, prompts from the `request_permissions` tool are allowed to surface.",

~~87| `model_providers.<id>.http_headers` | `map<string,string>` | Static HTTP headers added to provider requests. |~~87 },

~~88| `model_providers.<id>.name` | `string` | Display name for a custom model provider. |~~88 {

~~89| `model_providers.<id>.query_params` | `map<string,string>` | Extra query parameters appended to provider requests. |~~89 key: "approval_policy.granular.skill_approval",

~~90| `model_providers.<id>.request_max_retries` | `number` | Retry count for HTTP requests to the provider (default: 4). |~~90 type: "boolean",

~~91| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |~~91 description:

~~92| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |~~92 "When `true`, skill-script approval prompts are allowed to surface.",

~~93| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |~~93 },

~~94| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |~~94 {

~~97| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |~~97 description:

~~98| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |~~98 "Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.",

~~99| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |~~99 },

100| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |100 {

101| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |101 key: "auto_review.policy",

102| `notice.hide_rate_limit_model_nudge` | `boolean` | Track opt-out of the rate limit model switch reminder. |102 type: "string",

103| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |103 description:

104| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |104 "Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.",

105| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |105 },

106| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |106 {

107| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |107 key: "allow_login_shell",

109| `otel.exporter.<id>.endpoint` | `string` | Exporter endpoint for OTEL logs. |109 description:

110| `otel.exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL exporter requests. |110 "Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells.",

111| `otel.exporter.<id>.protocol` | `binary | json` | Protocol used by the OTLP/HTTP exporter. |111 },

112| `otel.exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL exporter TLS. |112 {

113| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |113 key: "sandbox_mode",

115| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |115 description:

117| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |117 },

118| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |118 {

120| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |120 type: "array<string>",

121| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |121 description:

122| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |122 'Additional writable roots when `sandbox_mode = "workspace-write"`.',

123| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |123 },

124| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |124 {

125| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |125 key: "sandbox_workspace_write.network_access",

126| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |126 type: "boolean",

127| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |127 description:

128| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |128 "Allow outbound network access inside the workspace-write sandbox.",

129| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |129 },

130| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |130 {

132| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |132 type: "boolean",

133| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |133 description:

134| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |134 "Exclude `$TMPDIR` from writable roots in workspace-write mode.",

135| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |135 },

136| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |136 {

138| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |138 type: "boolean",

139| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |139 description:

140| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |140 "Exclude `/tmp` from writable roots in workspace-write mode.",

141| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |141 },

142| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |142 {

143| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |143 key: "windows.sandbox",

145| `shell_environment_policy.include_only` | `array<string>` | Whitelist of patterns; when set only matching variables are kept. |145 description:

147| `shell_environment_policy.set` | `map<string,string>` | Explicit environment overrides injected into every subprocess. |147 },

148| `show_raw_agent_reasoning` | `boolean` | Surface raw reasoning content when the active model emits it. |148 {

149| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |149 key: "windows.sandbox_private_desktop",

150| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |150 type: "boolean",

151| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |151 description:

152| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |152 "Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\\\Default` behavior.",

153| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |153 },

154| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |154 {

155| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |155 key: "notify",

157| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |157 description:

158| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |158 "Command invoked for notifications; receives a JSON payload from Codex.",

159| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |159 },

160| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |160 {

162| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |162 type: "boolean",

163| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |163 description:

~~164~~ 164 "Check for Codex updates on startup (set to false only when updates are centrally managed).",

165Key165 },

~~166~~ 166 {

167`agents.<name>.config_file`167 key: "feedback.enabled",

~~168~~ 168 type: "boolean",

169Type / Values169 description:

~~170~~ 170 "Enable feedback submission via `/feedback` across Codex surfaces (default: true).",

171`string (path)`171 },

~~172~~ 172 {

173Details173 key: "analytics.enabled",

~~174~~ 174 type: "boolean",

175Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.175 description:

~~176~~ 176 "Enable or disable analytics for this machine/profile. When unset, the client default applies.",

177Key177 },

~~178~~ 178 {

179`agents.<name>.description`179 key: "instructions",

~~180~~ 180 type: "string",

181Type / Values181 description:

~~182~~ 182 "Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.",

183`string`183 },

~~184~~ 184 {

185Details185 key: "developer_instructions",

~~186~~ 186 type: "string",

187Role guidance shown to Codex when choosing and spawning that agent type.187 description:

~~188~~ 188 "Additional developer instructions injected into the session (optional).",

189Key189 },

~~190~~ 190 {

191`agents.max_threads`191 key: "log_dir",

~~192~~ 192 type: "string (path)",

193Type / Values193 description:

~~194~~ 194 "Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.",

195`number`195 },

~~196~~ 196 {

197Details197 key: "sqlite_home",

~~198~~ 198 type: "string (path)",

199Maximum number of agent threads that can be open concurrently.199 description:

~~200~~ 200 "Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.",

201Key201 },

~~202~~ 202 {

203`approval_policy`203 key: "compact_prompt",

~~204~~ 204 type: "string",

205Type / Values205 description: "Inline override for the history compaction prompt.",

~~206~~ 206 },

207`untrusted | on-request | never`207 {

~~208~~ 208 key: "commit_attribution",

209Details209 type: "string",

~~210~~ 210 description:

211Controls when Codex pauses for approval before executing commands. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.211 'Commit co-author trailer used when `[features].codex_git_commit` is enabled. Defaults to `Codex <noreply@openai.com>`; set `""` to disable.',

~~212~~ 212 },

213Key213 {

~~214~~ 214 key: "model_instructions_file",

215`apps.<id>.disabled_reason`215 type: "string (path)",

~~216~~ 216 description:

217Type / Values217 "Replacement for built-in instructions instead of `AGENTS.md`.",

~~218~~ 218 },

219`unknown | user`219 {

~~220~~ 220 key: "personality",

221Details221 type: "none | friendly | pragmatic",

~~222~~ 222 description:

223Optional reason attached when an app/connector is disabled.223 "Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.",

~~224~~ 224 },

225Key225 {

~~226~~ 226 key: "service_tier",

227`apps.<id>.enabled`227 type: "flex | fast",

~~228~~ 228 description: "Preferred service tier for new turns.",

229Type / Values229 },

~~230~~ 230 {

231`boolean`231 key: "experimental_compact_prompt_file",

~~232~~ 232 type: "string (path)",

233Details233 description:

~~234~~ 234 "Load the compaction prompt override from a file (experimental).",

235Enable or disable a specific app/connector by id (default: true).235 },

~~236~~ 236 {

237Key237 key: "skills.config",

~~238~~ 238 type: "array<object>",

239`chatgpt_base_url`239 description: "Per-skill enablement overrides stored in config.toml.",

~~240~~ 240 },

241Type / Values241 {

~~242~~ 242 key: "skills.config.<index>.path",

243`string`243 type: "string (path)",

~~244~~ 244 description: "Path to a skill folder containing `SKILL.md`.",

245Details245 },

~~246~~ 246 {

247Override the base URL used during the ChatGPT login flow.247 key: "skills.config.<index>.enabled",

~~248~~ 248 type: "boolean",

249Key249 description: "Enable or disable the referenced skill.",

~~250~~ 250 },

251`check_for_update_on_startup`251 {

~~252~~ 252 key: "apps.<id>.enabled",

253Type / Values253 type: "boolean",

~~254~~ 254 description:

255`boolean`255 "Enable or disable a specific app/connector by id (default: true).",

~~256~~ 256 },

257Details257 {

~~258~~ 258 key: "apps._default.enabled",

259Check for Codex updates on startup (set to false only when updates are centrally managed).259 type: "boolean",

~~260~~ 260 description:

261Key261 "Default app enabled state for all apps unless overridden per app.",

~~262~~ 262 },

263`cli_auth_credentials_store`263 {

~~264~~ 264 key: "apps._default.destructive_enabled",

265Type / Values265 type: "boolean",

~~266~~ 266 description:

267`file | keyring | auto`267 "Default allow/deny for app tools with `destructive_hint = true`.",

~~268~~ 268 },

269Details269 {

~~270~~ 270 key: "apps._default.open_world_enabled",

271Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).271 type: "boolean",

~~272~~ 272 description:

273Key273 "Default allow/deny for app tools with `open_world_hint = true`.",

~~274~~ 274 },

275`compact_prompt`275 {

~~276~~ 276 key: "apps.<id>.destructive_enabled",

277Type / Values277 type: "boolean",

~~278~~ 278 description:

279`string`279 "Allow or block tools in this app that advertise `destructive_hint = true`.",

~~280~~ 280 },

281Details281 {

~~282~~ 282 key: "apps.<id>.open_world_enabled",

283Inline override for the history compaction prompt.283 type: "boolean",

~~284~~ 284 description:

285Key285 "Allow or block tools in this app that advertise `open_world_hint = true`.",

~~286~~ 286 },

287`developer_instructions`287 {

~~288~~ 288 key: "apps.<id>.default_tools_enabled",

289Type / Values289 type: "boolean",

~~290~~ 290 description:

291`string`291 "Default enabled state for tools in this app unless a per-tool override exists.",

~~292~~ 292 },

293Details293 {

~~294~~ 294 key: "apps.<id>.default_tools_approval_mode",

295Additional developer instructions injected into the session (optional).295 type: "auto | prompt | approve",

~~296~~ 296 description:

297Key297 "Default approval behavior for tools in this app unless a per-tool override exists.",

~~298~~ 298 },

299`disable_paste_burst`299 {

~~300~~ 300 key: "apps.<id>.tools.<tool>.enabled",

301Type / Values301 type: "boolean",

~~302~~ 302 description:

303`boolean`303 "Per-tool enabled override for an app tool (for example `repos/list`).",

~~304~~ 304 },

305Details305 {

~~306~~ 306 key: "apps.<id>.tools.<tool>.approval_mode",

307Disable burst-paste detection in the TUI.307 type: "auto | prompt | approve",

~~308~~ 308 description: "Per-tool approval behavior override for a single app tool.",

309Key309 },

~~310~~ 310 {

311`experimental_compact_prompt_file`311 key: "tool_suggest.discoverables",

~~312~~ 312 type: "array<table>",

313Type / Values313 description:

~~314~~ 314 'Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

315`string (path)`315 },

~~316~~ 316 {

317Details317 key: "tool_suggest.disabled_tools",

~~318~~ 318 type: "array<table>",

319Load the compaction prompt override from a file (experimental).319 description:

~~320~~ 320 'Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.',

321Key321 },

~~322~~ 322 {

323`experimental_use_freeform_apply_patch`323 key: "features.apps",

~~324~~ 324 type: "boolean",

325Type / Values325 description: "Enable ChatGPT Apps/connectors support (experimental).",

~~326~~ 326 },

327`boolean`327 {

~~328~~ 328 key: "features.codex_hooks",

329Details329 type: "boolean",

~~330~~ 330 description:

331Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.331 "Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.",

~~332~~ 332 },

333Key333 {

~~334~~ 334 key: "features.codex_git_commit",

335`experimental_use_unified_exec_tool`335 type: "boolean",

~~336~~ 336 description:

337Type / Values337 "Enable Codex-generated git commits. When enabled, Codex uses `commit_attribution` to append a `Co-authored-by:` trailer to generated commit messages.",

~~338~~ 338 },

339`boolean`339 {

~~340~~ 340 key: "hooks",

341Details341 type: "table",

~~342~~ 342 description:

343Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.343 "Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.",

~~344~~ 344 },

345Key345 {

~~346~~ 346 key: "features.memories",

347`features.apply_patch_freeform`347 type: "boolean",

~~348~~ 348 description: "Enable [Memories](https://developers.openai.com/codex/memories) (off by default).",

349Type / Values349 },

~~350~~ 350 {

351`boolean`351 key: "mcp_servers.<id>.command",

~~352~~ 352 type: "string",

353Details353 description: "Launcher command for an MCP stdio server.",

~~354~~ 354 },

355Expose the freeform `apply_patch` tool (experimental).355 {

~~356~~ 356 key: "mcp_servers.<id>.args",

357Key357 type: "array<string>",

~~358~~ 358 description: "Arguments passed to the MCP stdio server command.",

359`features.apps`359 },

~~360~~ 360 {

361Type / Values361 key: "mcp_servers.<id>.env",

~~362~~ 362 type: "map<string,string>",

363`boolean`363 description: "Environment variables forwarded to the MCP stdio server.",

~~364~~ 364 },

365Details365 {

~~366~~ 366 key: "mcp_servers.<id>.env_vars",

367Enable ChatGPT Apps/connectors support (experimental).367 type: 'array<string | { name = string, source = "local" | "remote" }>',

~~368~~ 368 description:

369Key369 'Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.',

~~370~~ 370 },

371`features.apps_mcp_gateway`371 {

~~372~~ 372 key: "mcp_servers.<id>.cwd",

373Type / Values373 type: "string",

~~374~~ 374 description: "Working directory for the MCP stdio server process.",

375`boolean`375 },

~~376~~ 376 {

377Details377 key: "mcp_servers.<id>.url",

~~378~~ 378 type: "string",

379Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).379 description: "Endpoint for an MCP streamable HTTP server.",

~~380~~ 380 },

381Key381 {

~~382~~ 382 key: "mcp_servers.<id>.bearer_token_env_var",

383`features.child_agents_md`383 type: "string",

~~384~~ 384 description:

385Type / Values385 "Environment variable sourcing the bearer token for an MCP HTTP server.",

~~386~~ 386 },

387`boolean`387 {

~~388~~ 388 key: "mcp_servers.<id>.http_headers",

389Details389 type: "map<string,string>",

~~390~~ 390 description: "Static HTTP headers included with each MCP HTTP request.",

391Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).391 },

~~392~~ 392 {

393Key393 key: "mcp_servers.<id>.env_http_headers",

~~394~~ 394 type: "map<string,string>",

395`features.collaboration_modes`395 description:

~~396~~ 396 "HTTP headers populated from environment variables for an MCP HTTP server.",

397Type / Values397 },

~~398~~ 398 {

399`boolean`399 key: "mcp_servers.<id>.enabled",

~~400~~ 400 type: "boolean",

401Details401 description: "Disable an MCP server without removing its configuration.",

~~402~~ 402 },

403Enable collaboration modes such as plan mode (stable; on by default).403 {

~~404~~ 404 key: "mcp_servers.<id>.required",

405Key405 type: "boolean",

~~406~~ 406 description:

407`features.elevated_windows_sandbox`407 "When true, fail startup/resume if this enabled MCP server cannot initialize.",

~~408~~ 408 },

409Type / Values409 {

~~410~~ 410 key: "mcp_servers.<id>.startup_timeout_sec",

411`boolean`411 type: "number",

~~412~~ 412 description:

413Details413 "Override the default 10s startup timeout for an MCP server.",

~~414~~ 414 },

415Enable the elevated Windows sandbox pipeline (experimental).415 {

~~416~~ 416 key: "mcp_servers.<id>.startup_timeout_ms",

417Key417 type: "number",

~~418~~ 418 description: "Alias for `startup_timeout_sec` in milliseconds.",

419`features.experimental_windows_sandbox`419 },

~~420~~ 420 {

421Type / Values421 key: "mcp_servers.<id>.tool_timeout_sec",

~~422~~ 422 type: "number",

423`boolean`423 description:

~~424~~ 424 "Override the default 60s per-tool timeout for an MCP server.",

425Details425 },

~~426~~ 426 {

427Run the Windows restricted-token sandbox (experimental).427 key: "mcp_servers.<id>.enabled_tools",

~~428~~ 428 type: "array<string>",

429Key429 description: "Allow list of tool names exposed by the MCP server.",

~~430~~ 430 },

431`features.multi_agent`431 {

~~432~~ 432 key: "mcp_servers.<id>.disabled_tools",

433Type / Values433 type: "array<string>",

~~434~~ 434 description:

435`boolean`435 "Deny list applied after `enabled_tools` for the MCP server.",

~~436~~ 436 },

437Details437 {

~~438~~ 438 key: "mcp_servers.<id>.scopes",

439Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default).439 type: "array<string>",

~~440~~ 440 description:

441Key441 "OAuth scopes to request when authenticating to that MCP server.",

~~442~~ 442 },

443`features.personality`443 {

~~444~~ 444 key: "mcp_servers.<id>.oauth_resource",

445Type / Values445 type: "string",

~~446~~ 446 description:

447`boolean`447 "Optional RFC 8707 OAuth resource parameter to include during MCP login.",

~~448~~ 448 },

449Details449 {

~~450~~ 450 key: "mcp_servers.<id>.experimental_environment",

451Enable personality selection controls (stable; on by default).451 type: "local | remote",

~~452~~ 452 description:

453Key453 "Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.",

~~454~~ 454 },

455`features.powershell_utf8`455 {

~~456~~ 456 key: "agents.max_threads",

457Type / Values457 type: "number",

~~458~~ 458 description:

459`boolean`459 "Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.",

~~460~~ 460 },

461Details461 {

~~462~~ 462 key: "agents.max_depth",

463Force PowerShell UTF-8 output (defaults to true).463 type: "number",

~~464~~ 464 description:

465Key465 "Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1).",

~~466~~ 466 },

467`features.remote_models`467 {

~~468~~ 468 key: "agents.job_max_runtime_seconds",

469Type / Values469 type: "number",

~~470~~ 470 description:

471`boolean`471 "Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.",

~~472~~ 472 },

473Details473 {

~~474~~ 474 key: "agents.<name>.description",

475Refresh remote model list before showing readiness (experimental).475 type: "string",

~~476~~ 476 description:

477Key477 "Role guidance shown to Codex when choosing and spawning that agent type.",

~~478~~ 478 },

479`features.request_rule`479 {

~~480~~ 480 key: "agents.<name>.config_file",

481Type / Values481 type: "string (path)",

~~482~~ 482 description:

483`boolean`483 "Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role.",

~~484~~ 484 },

485Details485 {

~~486~~ 486 key: "agents.<name>.nickname_candidates",

487Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).487 type: "array<string>",

~~488~~ 488 description:

489Key489 "Optional pool of display nicknames for spawned agents in that role.",

~~490~~ 490 },

491`features.runtime_metrics`491 {

~~492~~ 492 key: "memories.generate_memories",

493Type / Values493 type: "boolean",

~~494~~ 494 description:

495`boolean`495 "When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.",

~~496~~ 496 },

497Details497 {

~~498~~ 498 key: "memories.use_memories",

499Show runtime metrics summary in TUI turn separators (experimental).499 type: "boolean",

~~500~~ 500 description:

501Key501 "When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.",

~~502~~ 502 },

503`features.search_tool`503 {

~~504~~ 504 key: "memories.disable_on_external_context",

505Type / Values505 type: "boolean",

~~506~~ 506 description:

507`boolean`507 "When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.",

~~508~~ 508 },

509Details509 {

~~510~~ 510 key: "memories.max_raw_memories_for_consolidation",

511Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).511 type: "number",

~~512~~ 512 description:

513Key513 "Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.",

~~514~~ 514 },

515`features.shell_snapshot`515 {

~~516~~ 516 key: "memories.max_unused_days",

517Type / Values517 type: "number",

~~518~~ 518 description:

519`boolean`519 "Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.",

~~520~~ 520 },

521Details521 {

~~522~~ 522 key: "memories.max_rollout_age_days",

523Snapshot shell environment to speed up repeated commands (beta).523 type: "number",

~~524~~ 524 description:

525Key525 "Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.",

~~526~~ 526 },

527`features.shell_tool`527 {

~~528~~ 528 key: "memories.max_rollouts_per_startup",

529Type / Values529 type: "number",

~~530~~ 530 description:

531`boolean`531 "Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.",

~~532~~ 532 },

533Details533 {

~~534~~ 534 key: "memories.min_rollout_idle_hours",

535Enable the default `shell` tool for running commands (stable; on by default).535 type: "number",

~~536~~ 536 description:

537Key537 "Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.",

~~538~~ 538 },

539`features.unified_exec`539 {

~~540~~ 540 key: "memories.min_rate_limit_remaining_percent",

541Type / Values541 type: "number",

~~542~~ 542 description:

543`boolean`543 "Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.",

~~544~~ 544 },

545Details545 {

~~546~~ 546 key: "memories.extract_model",

547Use the unified PTY-backed exec tool (beta).547 type: "string",

~~548~~ 548 description: "Optional model override for per-thread memory extraction.",

549Key549 },

~~550~~ 550 {

551`features.use_linux_sandbox_bwrap`551 key: "memories.consolidation_model",

~~552~~ 552 type: "string",

553Type / Values553 description: "Optional model override for global memory consolidation.",

~~554~~ 554 },

555`boolean`555 {

~~556~~ 556 key: "features.unified_exec",

557Details557 type: "boolean",

~~558~~ 558 description:

559Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).559 "Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).",

~~560~~ 560 },

561Key561 {

~~562~~ 562 key: "features.shell_snapshot",

563`features.web_search`563 type: "boolean",

~~564~~ 564 description:

565Type / Values565 "Snapshot shell environment to speed up repeated commands (stable; on by default).",

~~566~~ 566 },

567`boolean`567 {

~~568~~ 568 key: "features.undo",

569Details569 type: "boolean",

~~570~~ 570 description: "Enable undo support (stable; off by default).",

571Deprecated legacy toggle; prefer the top-level `web_search` setting.571 },

~~572~~ 572 {

573Key573 key: "features.multi_agent",

~~574~~ 574 type: "boolean",

575`features.web_search_cached`575 description:

~~576~~ 576 "Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).",

577Type / Values577 },

~~578~~ 578 {

579`boolean`579 key: "features.personality",

~~580~~ 580 type: "boolean",

581Details581 description:

~~582~~ 582 "Enable personality selection controls (stable; on by default).",

583Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.583 },

~~584~~ 584 {

585Key585 key: "features.web_search",

~~586~~ 586 type: "boolean",

587`features.web_search_request`587 description:

~~588~~ 588 "Deprecated legacy toggle; prefer the top-level `web_search` setting.",

589Type / Values589 },

~~590~~ 590 {

591`boolean`591 key: "features.web_search_cached",

~~592~~ 592 type: "boolean",

593Details593 description:

~~594~~ 594 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`.',

595Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.595 },

~~596~~ 596 {

597Key597 key: "features.web_search_request",

~~598~~ 598 type: "boolean",

599`feedback.enabled`599 description:

~~600~~ 600 'Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`.',

601Type / Values601 },

~~602~~ 602 {

603`boolean`603 key: "features.shell_tool",

~~604~~ 604 type: "boolean",

605Details605 description:

~~606~~ 606 "Enable the default `shell` tool for running commands (stable; on by default).",

607Enable feedback submission via `/feedback` across Codex surfaces (default: true).607 },

~~608~~ 608 {

609Key609 key: "features.enable_request_compression",

~~610~~ 610 type: "boolean",

611`file_opener`611 description:

~~612~~ 612 "Compress streaming request bodies with zstd when supported (stable; on by default).",

613Type / Values613 },

~~614~~ 614 {

615`vscode | vscode-insiders | windsurf | cursor | none`615 key: "features.skill_mcp_dependency_install",

~~616~~ 616 type: "boolean",

617Details617 description:

~~618~~ 618 "Allow prompting and installing missing MCP dependencies for skills (stable; on by default).",

619URI scheme used to open citations from Codex output (default: `vscode`).619 },

~~620~~ 620 {

621Key621 key: "features.fast_mode",

~~622~~ 622 type: "boolean",

623`forced_chatgpt_workspace_id`623 description:

~~624~~ 624 'Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).',

625Type / Values625 },

~~626~~ 626 {

627`string (uuid)`627 key: "features.prevent_idle_sleep",

~~628~~ 628 type: "boolean",

629Details629 description:

~~630~~ 630 "Prevent the machine from sleeping while a turn is actively running (experimental; off by default).",

631Limit ChatGPT logins to a specific workspace identifier.631 },

~~632~~ 632 {

633Key633 key: "suppress_unstable_features_warning",

~~634~~ 634 type: "boolean",

635`forced_login_method`635 description:

~~636~~ 636 "Suppress the warning that appears when under-development feature flags are enabled.",

637Type / Values637 },

~~638~~ 638 {

639`chatgpt | api`639 key: "model_providers.<id>",

~~640~~ 640 type: "table",

641Details641 description:

~~642~~ 642 "Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.",

643Restrict Codex to a specific authentication method.643 },

~~644~~ 644 {

645Key645 key: "model_providers.<id>.name",

~~646~~ 646 type: "string",

647`hide_agent_reasoning`647 description: "Display name for a custom model provider.",

~~648~~ 648 },

649Type / Values649 {

~~650~~ 650 key: "model_providers.<id>.base_url",

651`boolean`651 type: "string",

~~652~~ 652 description: "API base URL for the model provider.",

653Details653 },

~~654~~ 654 {

655Suppress reasoning events in both the TUI and `codex exec` output.655 key: "model_providers.<id>.env_key",

~~656~~ 656 type: "string",

657Key657 description: "Environment variable supplying the provider API key.",

~~658~~ 658 },

659`history.max_bytes`659 {

~~660~~ 660 key: "model_providers.<id>.env_key_instructions",

661Type / Values661 type: "string",

~~662~~ 662 description: "Optional setup guidance for the provider API key.",

663`number`663 },

~~664~~ 664 {

665Details665 key: "model_providers.<id>.experimental_bearer_token",

~~666~~ 666 type: "string",

667If set, caps the history file size in bytes by dropping oldest entries.667 description:

~~668~~ 668 "Direct bearer token for the provider (discouraged; use `env_key`).",

669Key669 },

~~670~~ 670 {

671`history.persistence`671 key: "model_providers.<id>.requires_openai_auth",

~~672~~ 672 type: "boolean",

673Type / Values673 description:

~~674~~ 674 "The provider uses OpenAI authentication (defaults to false).",

675`save-all | none`675 },

~~676~~ 676 {

677Details677 key: "model_providers.<id>.wire_api",

~~678~~ 678 type: "responses",

679Control whether Codex saves session transcripts to history.jsonl.679 description:

~~680~~ 680 "Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.",

681Key681 },

~~682~~ 682 {

683`include_apply_patch_tool`683 key: "model_providers.<id>.query_params",

~~684~~ 684 type: "map<string,string>",

685Type / Values685 description: "Extra query parameters appended to provider requests.",

~~686~~ 686 },

687`boolean`687 {

~~688~~ 688 key: "model_providers.<id>.http_headers",

689Details689 type: "map<string,string>",

~~690~~ 690 description: "Static HTTP headers added to provider requests.",

691Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.691 },

~~692~~ 692 {

693Key693 key: "model_providers.<id>.env_http_headers",

~~694~~ 694 type: "map<string,string>",

695`instructions`695 description:

~~696~~ 696 "HTTP headers populated from environment variables when present.",

697Type / Values697 },

~~698~~ 698 {

699`string`699 key: "model_providers.<id>.request_max_retries",

~~700~~ 700 type: "number",

701Details701 description:

~~702~~ 702 "Retry count for HTTP requests to the provider (default: 4).",

703Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`.703 },

~~704~~ 704 {

705Key705 key: "model_providers.<id>.stream_max_retries",

~~706~~ 706 type: "number",

707`log_dir`707 description: "Retry count for SSE streaming interruptions (default: 5).",

~~708~~ 708 },

709Type / Values709 {

~~710~~ 710 key: "model_providers.<id>.stream_idle_timeout_ms",

711`string (path)`711 type: "number",

~~712~~ 712 description:

713Details713 "Idle timeout for SSE streams in milliseconds (default: 300000).",

~~714~~ 714 },

715Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`.715 {

~~716~~ 716 key: "model_providers.<id>.supports_websockets",

717Key717 type: "boolean",

~~718~~ 718 description:

719`mcp_oauth_callback_port`719 "Whether that provider supports the Responses API WebSocket transport.",

~~720~~ 720 },

721Type / Values721 {

~~722~~ 722 key: "model_providers.<id>.auth",

723`integer`723 type: "table",

~~724~~ 724 description:

725Details725 "Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.",

~~726~~ 726 },

727Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.727 {

~~728~~ 728 key: "model_providers.<id>.auth.command",

729Key729 type: "string",

~~730~~ 730 description:

731`mcp_oauth_credentials_store`731 "Command to run when Codex needs a bearer token. The command must print the token to stdout.",

~~732~~ 732 },

733Type / Values733 {

~~734~~ 734 key: "model_providers.<id>.auth.args",

735`auto | file | keyring`735 type: "array<string>",

~~736~~ 736 description: "Arguments passed to the token command.",

737Details737 },

~~738~~ 738 {

739Preferred store for MCP OAuth credentials.739 key: "model_providers.<id>.auth.timeout_ms",

~~740~~ 740 type: "number",

741Key741 description:

~~742~~ 742 "Maximum token command runtime in milliseconds (default: 5000).",

743`mcp_servers.<id>.args`743 },

~~744~~ 744 {

745Type / Values745 key: "model_providers.<id>.auth.refresh_interval_ms",

~~746~~ 746 type: "number",

747`array<string>`747 description:

~~748~~ 748 "How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.",

749Details749 },

~~750~~ 750 {

751Arguments passed to the MCP stdio server command.751 key: "model_providers.<id>.auth.cwd",

~~752~~ 752 type: "string (path)",

753Key753 description: "Working directory for the token command.",

~~754~~ 754 },

755`mcp_servers.<id>.bearer_token_env_var`755 {

~~756~~ 756 key: "model_providers.amazon-bedrock.aws.profile",

757Type / Values757 type: "string",

~~758~~ 758 description:

759`string`759 "AWS profile name used by the built-in `amazon-bedrock` provider.",

~~760~~ 760 },

761Details761 {

~~762~~ 762 key: "model_providers.amazon-bedrock.aws.region",

763Environment variable sourcing the bearer token for an MCP HTTP server.763 type: "string",

~~764~~ 764 description: "AWS region used by the built-in `amazon-bedrock` provider.",

765Key765 },

~~766~~ 766 {

767`mcp_servers.<id>.command`767 key: "model_reasoning_effort",

~~768~~ 768 type: "minimal | low | medium | high | xhigh",

769Type / Values769 description:

~~770~~ 770 "Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).",

771`string`771 },

~~772~~ 772 {

773Details773 key: "plan_mode_reasoning_effort",

775Launcher command for an MCP stdio server.775 description:

~~776~~ 776 "Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.",

777Key777 },

~~778~~ 778 {

779`mcp_servers.<id>.cwd`779 key: "model_reasoning_summary",

~~780~~ 780 type: "auto | concise | detailed | none",

781Type / Values781 description:

~~782~~ 782 "Select reasoning summary detail or disable summaries entirely.",

783`string`783 },

~~784~~ 784 {

785Details785 key: "model_verbosity",

~~786~~ 786 type: "low | medium | high",

787Working directory for the MCP stdio server process.787 description:

~~788~~ 788 "Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.",

789Key789 },

~~790~~ 790 {

791`mcp_servers.<id>.disabled_tools`791 key: "model_supports_reasoning_summaries",

~~792~~ 792 type: "boolean",

793Type / Values793 description: "Force Codex to send or not send reasoning metadata.",

~~794~~ 794 },

795`array<string>`795 {

~~796~~ 796 key: "shell_environment_policy.inherit",

797Details797 type: "all | core | none",

~~798~~ 798 description:

799Deny list applied after `enabled_tools` for the MCP server.799 "Baseline environment inheritance when spawning subprocesses.",

~~800~~ 800 },

801Key801 {

~~802~~ 802 key: "shell_environment_policy.ignore_default_excludes",

803`mcp_servers.<id>.enabled`803 type: "boolean",

~~804~~ 804 description:

805Type / Values805 "Keep variables containing KEY/SECRET/TOKEN before other filters run.",

~~806~~ 806 },

807`boolean`807 {

~~808~~ 808 key: "shell_environment_policy.exclude",

809Details809 type: "array<string>",

~~810~~ 810 description:

811Disable an MCP server without removing its configuration.811 "Glob patterns for removing environment variables after the defaults.",

~~812~~ 812 },

813Key813 {

~~814~~ 814 key: "shell_environment_policy.include_only",

815`mcp_servers.<id>.enabled_tools`815 type: "array<string>",

~~816~~ 816 description:

817Type / Values817 "Whitelist of patterns; when set only matching variables are kept.",

~~818~~ 818 },

819`array<string>`819 {

~~820~~ 820 key: "shell_environment_policy.set",

821Details821 type: "map<string,string>",

~~822~~ 822 description:

823Allow list of tool names exposed by the MCP server.823 "Explicit environment overrides injected into every subprocess.",

~~824~~ 824 },

825Key825 {

~~826~~ 826 key: "shell_environment_policy.experimental_use_profile",

827`mcp_servers.<id>.env`827 type: "boolean",

~~828~~ 828 description: "Use the user shell profile when spawning subprocesses.",

829Type / Values829 },

~~830~~ 830 {

831`map<string,string>`831 key: "project_root_markers",

~~832~~ 832 type: "array<string>",

833Details833 description:

~~834~~ 834 "List of project root marker filenames; used when searching parent directories for the project root.",

835Environment variables forwarded to the MCP stdio server.835 },

~~836~~ 836 {

837Key837 key: "project_doc_max_bytes",

~~838~~ 838 type: "number",

839`mcp_servers.<id>.env_http_headers`839 description:

~~840~~ 840 "Maximum bytes read from `AGENTS.md` when building project instructions.",

841Type / Values841 },

~~842~~ 842 {

843`map<string,string>`843 key: "project_doc_fallback_filenames",

~~844~~ 844 type: "array<string>",

845Details845 description: "Additional filenames to try when `AGENTS.md` is missing.",

~~846~~ 846 },

847HTTP headers populated from environment variables for an MCP HTTP server.847 {

~~848~~ 848 key: "profile",

849Key849 type: "string",

~~850~~ 850 description:

851`mcp_servers.<id>.env_vars`851 "Default profile applied at startup (equivalent to `--profile`).",

~~852~~ 852 },

853Type / Values853 {

~~854~~ 854 key: "profiles.<name>.*",

855`array<string>`855 type: "various",

~~856~~ 856 description:

857Details857 "Profile-scoped overrides for any of the supported configuration keys.",

~~858~~ 858 },

859Additional environment variables to whitelist for an MCP stdio server.859 {

~~860~~ 860 key: "profiles.<name>.service_tier",

861Key861 type: "flex | fast",

~~862~~ 862 description: "Profile-scoped service tier preference for new turns.",

863`mcp_servers.<id>.http_headers`863 },

~~864~~ 864 {

865Type / Values865 key: "profiles.<name>.plan_mode_reasoning_effort",

867`map<string,string>`867 description: "Profile-scoped Plan-mode reasoning override.",

~~868~~ 868 },

869Details869 {

~~870~~ 870 key: "profiles.<name>.web_search",

871Static HTTP headers included with each MCP HTTP request.871 type: "disabled | cached | live",

~~872~~ 872 description:

873Key873 'Profile-scoped web search mode override (default: `"cached"`).',

~~874~~ 874 },

875`mcp_servers.<id>.required`875 {

~~876~~ 876 key: "profiles.<name>.personality",

877Type / Values877 type: "none | friendly | pragmatic",

~~878~~ 878 description:

879`boolean`879 "Profile-scoped communication style override for supported models.",

~~880~~ 880 },

881Details881 {

~~882~~ 882 key: "profiles.<name>.model_catalog_json",

883When true, fail startup/resume if this enabled MCP server cannot initialize.883 type: "string (path)",

~~884~~ 884 description:

885Key885 "Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).",

~~886~~ 886 },

887`mcp_servers.<id>.startup_timeout_ms`887 {

~~888~~ 888 key: "profiles.<name>.model_instructions_file",

889Type / Values889 type: "string (path)",

~~890~~ 890 description:

891`number`891 "Profile-scoped replacement for the built-in instruction file.",

~~892~~ 892 },

893Details893 {

~~894~~ 894 key: "profiles.<name>.experimental_use_unified_exec_tool",

895Alias for `startup_timeout_sec` in milliseconds.895 type: "boolean",

~~896~~ 896 description:

897Key897 "Legacy name for enabling unified exec; prefer `[features].unified_exec`.",

~~898~~ 898 },

899`mcp_servers.<id>.startup_timeout_sec`899 {

~~900~~ 900 key: "profiles.<name>.oss_provider",

901Type / Values901 type: "lmstudio | ollama",

~~902~~ 902 description: "Profile-scoped OSS provider for `--oss` sessions.",

903`number`903 },

~~904~~ 904 {

905Details905 key: "profiles.<name>.tools_view_image",

~~906~~ 906 type: "boolean",

907Override the default 10s startup timeout for an MCP server.907 description: "Enable or disable the `view_image` tool in that profile.",

~~908~~ 908 },

909Key909 {

~~910~~ 910 key: "profiles.<name>.analytics.enabled",

911`mcp_servers.<id>.tool_timeout_sec`911 type: "boolean",

~~912~~ 912 description: "Profile-scoped analytics enablement override.",

913Type / Values913 },

~~914~~ 914 {

915`number`915 key: "profiles.<name>.windows.sandbox",

~~916~~ 916 type: "unelevated | elevated",

917Details917 description: "Profile-scoped Windows sandbox mode override.",

~~918~~ 918 },

919Override the default 60s per-tool timeout for an MCP server.919 {

~~920~~ 920 key: "history.persistence",

921Key921 type: "save-all | none",

~~922~~ 922 description:

923`mcp_servers.<id>.url`923 "Control whether Codex saves session transcripts to history.jsonl.",

~~924~~ 924 },

925Type / Values925 {

~~926~~ 926 key: "tool_output_token_limit",

927`string`927 type: "number",

~~928~~ 928 description:

929Details929 "Token budget for storing individual tool/function outputs in history.",

~~930~~ 930 },

931Endpoint for an MCP streamable HTTP server.931 {

~~932~~ 932 key: "background_terminal_max_timeout",

933Key933 type: "number",

~~934~~ 934 description:

935`model`935 "Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key.",

~~936~~ 936 },

937Type / Values937 {

~~938~~ 938 key: "history.max_bytes",

939`string`939 type: "number",

~~940~~ 940 description:

941Details941 "If set, caps the history file size in bytes by dropping oldest entries.",

~~942~~ 942 },

943Model to use (e.g., `gpt-5-codex`).943 {

~~944~~ 944 key: "file_opener",

945Key945 type: "vscode | vscode-insiders | windsurf | cursor | none",

~~946~~ 946 description:

947`model_auto_compact_token_limit`947 "URI scheme used to open citations from Codex output (default: `vscode`).",

~~948~~ 948 },

949Type / Values949 {

~~950~~ 950 key: "otel.environment",

951`number`951 type: "string",

~~952~~ 952 description:

953Details953 "Environment tag applied to emitted OpenTelemetry events (default: `dev`).",

~~954~~ 954 },

955Token threshold that triggers automatic history compaction (unset uses model defaults).955 {

~~956~~ 956 key: "otel.exporter",

957Key957 type: "none | otlp-http | otlp-grpc",

~~958~~ 958 description:

959`model_context_window`959 "Select the OpenTelemetry exporter and provide any endpoint metadata.",

~~960~~ 960 },

961Type / Values961 {

~~962~~ 962 key: "otel.trace_exporter",

963`number`963 type: "none | otlp-http | otlp-grpc",

~~964~~ 964 description:

965Details965 "Select the OpenTelemetry trace exporter and provide any endpoint metadata.",

~~966~~ 966 },

967Context window tokens available to the active model.967 {

~~968~~ 968 key: "otel.metrics_exporter",

969Key969 type: "none | statsig | otlp-http | otlp-grpc",

~~970~~ 970 description:

971`model_instructions_file`971 "Select the OpenTelemetry metrics exporter (defaults to `statsig`).",

~~972~~ 972 },

973Type / Values973 {

~~974~~ 974 key: "otel.log_user_prompt",

975`string (path)`975 type: "boolean",

~~976~~ 976 description:

977Details977 "Opt in to exporting raw user prompts with OpenTelemetry logs.",

~~978~~ 978 },

979Replacement for built-in instructions instead of `AGENTS.md`.979 {

~~980~~ 980 key: "otel.exporter.<id>.endpoint",

981Key981 type: "string",

~~982~~ 982 description: "Exporter endpoint for OTEL logs.",

983`model_provider`983 },

~~984~~ 984 {

985Type / Values985 key: "otel.exporter.<id>.protocol",

~~986~~ 986 type: "binary | json",

987`string`987 description: "Protocol used by the OTLP/HTTP exporter.",

~~988~~ 988 },

989Details989 {

~~990~~ 990 key: "otel.exporter.<id>.headers",

991Provider id from `model_providers` (default: `openai`).991 type: "map<string,string>",

~~992~~ 992 description: "Static headers included with OTEL exporter requests.",

993Key993 },

~~994~~ 994 {

995`model_providers.<id>.base_url`995 key: "otel.trace_exporter.<id>.endpoint",

~~996~~ 996 type: "string",

997Type / Values997 description: "Trace exporter endpoint for OTEL logs.",

~~998~~ 998 },

999`string`999 {

~~1000~~ 1000 key: "otel.trace_exporter.<id>.protocol",

1001Details1001 type: "binary | json",

~~1002~~ 1002 description: "Protocol used by the OTLP/HTTP trace exporter.",

1003API base URL for the model provider.1003 },

~~1004~~ 1004 {

1005Key1005 key: "otel.trace_exporter.<id>.headers",

~~1006~~ 1006 type: "map<string,string>",

1007`model_providers.<id>.env_http_headers`1007 description: "Static headers included with OTEL trace exporter requests.",

~~1008~~ 1008 },

1009Type / Values1009 {

~~1010~~ 1010 key: "otel.exporter.<id>.tls.ca-certificate",

1011`map<string,string>`1011 type: "string",

~~1012~~ 1012 description: "CA certificate path for OTEL exporter TLS.",

1013Details1013 },

~~1014~~ 1014 {

1015HTTP headers populated from environment variables when present.1015 key: "otel.exporter.<id>.tls.client-certificate",

~~1016~~ 1016 type: "string",

1017Key1017 description: "Client certificate path for OTEL exporter TLS.",

~~1018~~ 1018 },

1019`model_providers.<id>.env_key`1019 {

~~1020~~ 1020 key: "otel.exporter.<id>.tls.client-private-key",

1021Type / Values1021 type: "string",

~~1022~~ 1022 description: "Client private key path for OTEL exporter TLS.",

1023`string`1023 },

~~1024~~ 1024 {

1025Details1025 key: "otel.trace_exporter.<id>.tls.ca-certificate",

~~1026~~ 1026 type: "string",

1027Environment variable supplying the provider API key.1027 description: "CA certificate path for OTEL trace exporter TLS.",

~~1028~~ 1028 },

1029Key1029 {

~~1030~~ 1030 key: "otel.trace_exporter.<id>.tls.client-certificate",

1031`model_providers.<id>.env_key_instructions`1031 type: "string",

~~1032~~ 1032 description: "Client certificate path for OTEL trace exporter TLS.",

1033Type / Values1033 },

~~1034~~ 1034 {

1035`string`1035 key: "otel.trace_exporter.<id>.tls.client-private-key",

~~1036~~ 1036 type: "string",

1037Details1037 description: "Client private key path for OTEL trace exporter TLS.",

~~1038~~ 1038 },

1039Optional setup guidance for the provider API key.1039 {

~~1040~~ 1040 key: "tui",

1041Key1041 type: "table",

~~1042~~ 1042 description:

1043`model_providers.<id>.experimental_bearer_token`1043 "TUI-specific options such as enabling inline desktop notifications.",

~~1044~~ 1044 },

1045Type / Values1045 {

~~1046~~ 1046 key: "tui.notifications",

1047`string`1047 type: "boolean | array<string>",

~~1048~~ 1048 description:

1049Details1049 "Enable TUI notifications; optionally restrict to specific event types.",

~~1050~~ 1050 },

1051Direct bearer token for the provider (discouraged; use `env_key`).1051 {

~~1052~~ 1052 key: "tui.notification_method",

1053Key1053 type: "auto | osc9 | bel",

~~1054~~ 1054 description:

1055`model_providers.<id>.http_headers`1055 "Notification method for terminal notifications (default: auto).",

~~1056~~ 1056 },

1057Type / Values1057 {

~~1058~~ 1058 key: "tui.notification_condition",

1059`map<string,string>`1059 type: "unfocused | always",

~~1060~~ 1060 description:

1061Details1061 "Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.",

~~1062~~ 1062 },

1063Static HTTP headers added to provider requests.1063 {

~~1064~~ 1064 key: "tui.animations",

1065Key1065 type: "boolean",

~~1066~~ 1066 description:

1067`model_providers.<id>.name`1067 "Enable terminal animations (welcome screen, shimmer, spinner) (default: true).",

~~1068~~ 1068 },

1069Type / Values1069 {

~~1070~~ 1070 key: "tui.alternate_screen",

1071`string`1071 type: "auto | always | never",

~~1072~~ 1072 description:

1073Details1073 "Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).",

~~1074~~ 1074 },

1075Display name for a custom model provider.1075 {

~~1076~~ 1076 key: "tui.show_tooltips",

1077Key1077 type: "boolean",

~~1078~~ 1078 description:

1079`model_providers.<id>.query_params`1079 "Show onboarding tooltips in the TUI welcome screen (default: true).",

~~1080~~ 1080 },

1081Type / Values1081 {

~~1082~~ 1082 key: "tui.status_line",

1083`map<string,string>`1083 type: "array<string> | null",

~~1084~~ 1084 description:

1085Details1085 "Ordered list of TUI footer status-line item identifiers. `null` disables the status line.",

~~1086~~ 1086 },

1087Extra query parameters appended to provider requests.1087 {

~~1088~~ 1088 key: "tui.terminal_title",

1089Key1089 type: "array<string> | null",

~~1090~~ 1090 description:

1091`model_providers.<id>.request_max_retries`1091 'Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.',

~~1092~~ 1092 },

1093Type / Values1093 {

~~1094~~ 1094 key: "tui.theme",

1095`number`1095 type: "string",

~~1096~~ 1096 description:

1097Details1097 "Syntax-highlighting theme override (kebab-case theme name).",

~~1098~~ 1098 },

1099Retry count for HTTP requests to the provider (default: 4).1099 {

~~1100~~ 1100 key: "tui.keymap.<context>.<action>",

1101Key1101 type: "string | array<string>",

~~1102~~ 1102 description:

1103`model_providers.<id>.requires_openai_auth`1103 "Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.",

~~1104~~ 1104 },

1105Type / Values1105 {

~~1106~~ 1106 key: "tui.keymap.<context>.<action> = []",

1107`boolean`1107 type: "empty array",

~~1108~~ 1108 description:

1109Details1109 "Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.",

~~1110~~ 1110 },

1111The provider uses OpenAI authentication (defaults to false).1111 {

~~1112~~ 1112 key: "tui.model_availability_nux.<model>",

1113Key1113 type: "integer",

~~1114~~ 1114 description: "Internal startup-tooltip state keyed by model slug.",

1115`model_providers.<id>.stream_idle_timeout_ms`1115 },

~~1116~~ 1116 {

1117Type / Values1117 key: "hide_agent_reasoning",

~~1118~~ 1118 type: "boolean",

1119`number`1119 description:

~~1120~~ 1120 "Suppress reasoning events in both the TUI and `codex exec` output.",

1121Details1121 },

~~1122~~ 1122 {

1123Idle timeout for SSE streams in milliseconds (default: 300000).1123 key: "show_raw_agent_reasoning",

~~1124~~ 1124 type: "boolean",

1125Key1125 description:

~~1126~~ 1126 "Surface raw reasoning content when the active model emits it.",

1127`model_providers.<id>.stream_max_retries`1127 },

~~1128~~ 1128 {

1129Type / Values1129 key: "disable_paste_burst",

~~1130~~ 1130 type: "boolean",

1131`number`1131 description: "Disable burst-paste detection in the TUI.",

~~1132~~ 1132 },

1133Details1133 {

~~1134~~ 1134 key: "windows_wsl_setup_acknowledged",

1135Retry count for SSE streaming interruptions (default: 5).1135 type: "boolean",

~~1136~~ 1136 description: "Track Windows onboarding acknowledgement (Windows only).",

1137Key1137 },

~~1138~~ 1138 {

1139`model_providers.<id>.wire_api`1139 key: "chatgpt_base_url",

~~1140~~ 1140 type: "string",

1141Type / Values1141 description: "Override the base URL used during the ChatGPT login flow.",

~~1142~~ 1142 },

1143`chat | responses`1143 {

~~1144~~ 1144 key: "cli_auth_credentials_store",

1145Details1145 type: "file | keyring | auto",

~~1146~~ 1146 description:

1147Protocol used by the provider (defaults to `chat` if omitted).1147 "Control where the CLI stores cached credentials (file-based auth.json vs OS keychain).",

~~1148~~ 1148 },

1149Key1149 {

~~1150~~ 1150 key: "mcp_oauth_credentials_store",

1151`model_reasoning_effort`1151 type: "auto | file | keyring",

~~1152~~ 1152 description: "Preferred store for MCP OAuth credentials.",

1153Type / Values1153 },

~~1154~~ 1154 {

1155`minimal | low | medium | high | xhigh`1155 key: "mcp_oauth_callback_port",

~~1156~~ 1156 type: "integer",

1157Details1157 description:

~~1158~~ 1158 "Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS.",

1159Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1159 },

~~1160~~ 1160 {

1161Key1161 key: "mcp_oauth_callback_url",

~~1162~~ 1162 type: "string",

1163`model_reasoning_summary`1163 description:

~~1164~~ 1164 "Optional redirect URI override for MCP OAuth login (for example, a devbox ingress URL). `mcp_oauth_callback_port` still controls the callback listener port.",

1165Type / Values1165 },

~~1166~~ 1166 {

1167`auto | concise | detailed | none`1167 key: "experimental_use_unified_exec_tool",

~~1168~~ 1168 type: "boolean",

1169Details1169 description:

~~1170~~ 1170 "Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.",

1171Select reasoning summary detail or disable summaries entirely.1171 },

~~1172~~ 1172 {

1173Key1173 key: "tools.web_search",

~~1174~~ 1174 type: 'boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }',

1175`model_supports_reasoning_summaries`1175 description:

~~1176~~ 1176 "Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.",

1177Type / Values1177 },

~~1178~~ 1178 {

1179`boolean`1179 key: "tools.view_image",

~~1180~~ 1180 type: "boolean",

1181Details1181 description: "Enable the local-image attachment tool `view_image`.",

~~1182~~ 1182 },

1183Force Codex to send or not send reasoning metadata.1183 {

~~1184~~ 1184 key: "web_search",

1185Key1185 type: "disabled | cached | live",

~~1186~~ 1186 description:

1187`model_verbosity`1187 'Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.',

~~1188~~ 1188 },

1189Type / Values1189 {

~~1190~~ 1190 key: "default_permissions",

1191`low | medium | high`1191 type: "string",

~~1192~~ 1192 description:

1193Details1193 "Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.",

~~1194~~ 1194 },

1195Control GPT-5 Responses API verbosity (defaults to `medium`).1195 {

~~1196~~ 1196 key: "permissions.<name>.filesystem",

1197Key1197 type: "table",

~~1198~~ 1198 description:

1199`notice.hide_full_access_warning`1199 "Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.",

~~1200~~ 1200 },

1201Type / Values1201 {

~~1202~~ 1202 key: "permissions.<name>.filesystem.glob_scan_max_depth",

1203`boolean`1203 type: "number",

~~1204~~ 1204 description:

1205Details1205 "Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.",

~~1206~~ 1206 },

1207Track acknowledgement of the full access warning prompt.1207 {

~~1208~~ 1208 key: "permissions.<name>.filesystem.<path-or-glob>",

1209Key1209 type: '"read" | "write" | "none" | table',

~~1210~~ 1210 description:

1211`notice.hide_gpt-5.1-codex-max_migration_prompt`1211 'Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.',

~~1212~~ 1212 },

1213Type / Values1213 {

~~1214~~ 1214 key: 'permissions.<name>.filesystem.":project_roots".<subpath-or-glob>',

1215`boolean`1215 type: '"read" | "write" | "none"',

~~1216~~ 1216 description:

1217Details1217 'Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.',

~~1218~~ 1218 },

1219Track acknowledgement of the gpt-5.1-codex-max migration prompt.1219 {

~~1220~~ 1220 key: "permissions.<name>.network.enabled",

1221Key1221 type: "boolean",

~~1222~~ 1222 description: "Enable network access for this named permissions profile.",

1223`notice.hide_gpt5_1_migration_prompt`1223 },

~~1224~~ 1224 {

1225Type / Values1225 key: "permissions.<name>.network.proxy_url",

~~1226~~ 1226 type: "string",

1227`boolean`1227 description:

~~1228~~ 1228 "HTTP proxy endpoint used when this permissions profile enables the managed network proxy.",

1229Details1229 },

~~1230~~ 1230 {

1231Track acknowledgement of the GPT-5.1 migration prompt.1231 key: "permissions.<name>.network.enable_socks5",

~~1232~~ 1232 type: "boolean",

1233Key1233 description:

~~1234~~ 1234 "Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.",

1235`notice.hide_rate_limit_model_nudge`1235 },

~~1236~~ 1236 {

1237Type / Values1237 key: "permissions.<name>.network.socks_url",

~~1238~~ 1238 type: "string",

1239`boolean`1239 description: "SOCKS5 proxy endpoint used by this permissions profile.",

~~1240~~ 1240 },

1241Details1241 {

~~1242~~ 1242 key: "permissions.<name>.network.enable_socks5_udp",

1243Track opt-out of the rate limit model switch reminder.1243 type: "boolean",

~~1244~~ 1244 description: "Allow UDP over the SOCKS5 listener when enabled.",

1245Key1245 },

~~1246~~ 1246 {

1247`notice.hide_world_writable_warning`1247 key: "permissions.<name>.network.allow_upstream_proxy",

~~1248~~ 1248 type: "boolean",

1249Type / Values1249 description:

~~1250~~ 1250 "Allow the managed proxy to chain to another upstream proxy.",

1251`boolean`1251 },

~~1252~~ 1252 {

1253Details1253 key: "permissions.<name>.network.dangerously_allow_non_loopback_proxy",

~~1254~~ 1254 type: "boolean",

1255Track acknowledgement of the Windows world-writable directories warning.1255 description:

~~1256~~ 1256 "Permit non-loopback bind addresses for the managed proxy listener.",

1257Key1257 },

~~1258~~ 1258 {

1259`notice.model_migrations`1259 key: "permissions.<name>.network.dangerously_allow_all_unix_sockets",

~~1260~~ 1260 type: "boolean",

1261Type / Values1261 description:

~~1262~~ 1262 "Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.",

1263`map<string,string>`1263 },

~~1264~~ 1264 {

1265Details1265 key: "permissions.<name>.network.mode",

~~1266~~ 1266 type: "limited | full",

1267Track acknowledged model migrations as old->new mappings.1267 description: "Network proxy mode used for subprocess traffic.",

~~1268~~ 1268 },

1269Key1269 {

~~1270~~ 1270 key: "permissions.<name>.network.domains",

1271`notify`1271 type: "map<string, allow | deny>",

~~1272~~ 1272 description:

1273Type / Values1273 "Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.",

~~1274~~ 1274 },

1275`array<string>`1275 {

~~1276~~ 1276 key: "permissions.<name>.network.unix_sockets",

1277Details1277 type: "map<string, allow | none>",

~~1278~~ 1278 description:

1279Command invoked for notifications; receives a JSON payload from Codex.1279 "Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.",

~~1280~~ 1280 },

1281Key1281 {

~~1282~~ 1282 key: "permissions.<name>.network.allow_local_binding",

1283`oss_provider`1283 type: "boolean",

~~1284~~ 1284 description:

1285Type / Values1285 "Permit local bind/listen operations through the managed proxy.",

~~1286~~ 1286 },

1287`lmstudio | ollama`1287 {

~~1288~~ 1288 key: "projects.<path>.trust_level",

1289Details1289 type: "string",

~~1290~~ 1290 description:

1291Default local provider used when running with `--oss` (defaults to prompting if unset).1291 'Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.',

~~1292~~ 1292 },

1293Key1293 {

~~1294~~ 1294 key: "notice.hide_full_access_warning",

1295`otel.environment`1295 type: "boolean",

~~1296~~ 1296 description: "Track acknowledgement of the full access warning prompt.",

1297Type / Values1297 },

~~1298~~ 1298 {

1299`string`1299 key: "notice.hide_world_writable_warning",

~~1300~~ 1300 type: "boolean",

1301Details1301 description:

~~1302~~ 1302 "Track acknowledgement of the Windows world-writable directories warning.",

1303Environment tag applied to emitted OpenTelemetry events (default: `dev`).1303 },

~~1304~~ 1304 {

1305Key1305 key: "notice.hide_rate_limit_model_nudge",

~~1306~~ 1306 type: "boolean",

1307`otel.exporter`1307 description: "Track opt-out of the rate limit model switch reminder.",

~~1308~~ 1308 },

1309Type / Values1309 {

~~1310~~ 1310 key: "notice.hide_gpt5_1_migration_prompt",

1311`none | otlp-http | otlp-grpc`1311 type: "boolean",

~~1312~~ 1312 description: "Track acknowledgement of the GPT-5.1 migration prompt.",

1313Details1313 },

~~1314~~ 1314 {

1315Select the OpenTelemetry exporter and provide any endpoint metadata.1315 key: "notice.hide_gpt-5.1-codex-max_migration_prompt",

~~1316~~ 1316 type: "boolean",

1317Key1317 description:

~~1318~~ 1318 "Track acknowledgement of the gpt-5.1-codex-max migration prompt.",

1319`otel.exporter.<id>.endpoint`1319 },

~~1320~~ 1320 {

1321Type / Values1321 key: "notice.model_migrations",

~~1322~~ 1322 type: "map<string,string>",

1323`string`1323 description: "Track acknowledged model migrations as old->new mappings.",

~~1324~~ 1324 },

1325Details1325 {

~~1326~~ 1326 key: "forced_login_method",

1327Exporter endpoint for OTEL logs.1327 type: "chatgpt | api",

~~1328~~ 1328 description: "Restrict Codex to a specific authentication method.",

1329Key1329 },

~~1330~~ 1330 {

1331`otel.exporter.<id>.headers`1331 key: "forced_chatgpt_workspace_id",

~~1332~~ 1332 type: "string (uuid)",

1333Type / Values1333 description: "Limit ChatGPT logins to a specific workspace identifier.",

~~1334~~ 1334 },

1335`map<string,string>`1335 ]}

~~1336~~ 1336 client:load

1337Details1337/>

~~1338~~

1339Static headers included with OTEL exporter requests.

~~1340~~

1341Key

~~1342~~

1343`otel.exporter.<id>.protocol`

~~1344~~

1345Type / Values

~~1346~~

1347`binary | json`

~~1348~~

1349Details

~~1350~~

1351Protocol used by the OTLP/HTTP exporter.

~~1352~~

1353Key

~~1354~~

1355`otel.exporter.<id>.tls.ca-certificate`

~~1356~~

1357Type / Values

~~1358~~

1359`string`

~~1360~~

1361Details

~~1362~~

1363CA certificate path for OTEL exporter TLS.

~~1364~~

1365Key

~~1366~~

1367`otel.exporter.<id>.tls.client-certificate`

~~1368~~

1369Type / Values

~~1370~~

1371`string`

~~1372~~

1373Details

~~1374~~

1375Client certificate path for OTEL exporter TLS.

~~1376~~

1377Key

~~1378~~

1379`otel.exporter.<id>.tls.client-private-key`

~~1380~~

1381Type / Values

~~1382~~

1383`string`

~~1384~~

1385Details

~~1386~~

1387Client private key path for OTEL exporter TLS.

~~1388~~

1389Key

~~1390~~

1391`otel.log_user_prompt`

~~1392~~

1393Type / Values

~~1394~~

1395`boolean`

~~1396~~

1397Details

~~1398~~

1399Opt in to exporting raw user prompts with OpenTelemetry logs.

~~1400~~

1401Key

~~1402~~

1403`otel.trace_exporter`

~~1404~~

1405Type / Values

~~1406~~

1407`none | otlp-http | otlp-grpc`

~~1408~~

1409Details

~~1410~~

1411Select the OpenTelemetry trace exporter and provide any endpoint metadata.

~~1412~~

1413Key

~~1414~~

1415`otel.trace_exporter.<id>.endpoint`

~~1416~~

1417Type / Values

~~1418~~

1419`string`

~~1420~~

1421Details

~~1422~~

1423Trace exporter endpoint for OTEL logs.

~~1424~~

1425Key

~~1426~~

1427`otel.trace_exporter.<id>.headers`

~~1428~~

1429Type / Values

~~1430~~

1431`map<string,string>`

~~1432~~

1433Details

~~1434~~

1435Static headers included with OTEL trace exporter requests.

~~1436~~

1437Key

~~1438~~

1439`otel.trace_exporter.<id>.protocol`

~~1440~~

1441Type / Values

~~1442~~

1443`binary | json`

~~1444~~

1445Details

~~1446~~

1447Protocol used by the OTLP/HTTP trace exporter.

~~1448~~

1449Key

~~1450~~

1451`otel.trace_exporter.<id>.tls.ca-certificate`

~~1452~~

1453Type / Values

~~1454~~

1455`string`

~~1456~~

1457Details

~~1458~~

1459CA certificate path for OTEL trace exporter TLS.

~~1460~~

1461Key

~~1462~~

1463`otel.trace_exporter.<id>.tls.client-certificate`

~~1464~~

1465Type / Values

~~1466~~

1467`string`

~~1468~~

1469Details

~~1470~~

1471Client certificate path for OTEL trace exporter TLS.

~~1472~~

1473Key

~~1474~~

1475`otel.trace_exporter.<id>.tls.client-private-key`

~~1476~~

1477Type / Values

~~1478~~

1479`string`

~~1480~~

1481Details

~~1482~~

1483Client private key path for OTEL trace exporter TLS.

~~1484~~

1485Key

~~1486~~

1487`personality`

~~1488~~

1489Type / Values

~~1490~~

1491`none | friendly | pragmatic`

~~1492~~

1493Details

~~1494~~

1495Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

~~1496~~

1497Key

~~1498~~

1499`profile`

~~1500~~

1501Type / Values

~~1502~~

1503`string`

~~1504~~

1505Details

~~1506~~

1507Default profile applied at startup (equivalent to `--profile`).

~~1508~~

1509Key

~~1510~~

1511`profiles.<name>.*`

~~1512~~

1513Type / Values

~~1514~~

1515`various`

~~1516~~

1517Details

~~1518~~

1519Profile-scoped overrides for any of the supported configuration keys.

~~1520~~

1521Key

~~1522~~

1523`profiles.<name>.experimental_use_freeform_apply_patch`

~~1524~~

1525Type / Values

~~1526~~

1527`boolean`

~~1528~~

1529Details

~~1530~~

1531Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.

~~1532~~

1533Key

~~1534~~

1535`profiles.<name>.experimental_use_unified_exec_tool`

~~1536~~

1537Type / Values

~~1538~~

1539`boolean`

~~1540~~

1541Details

~~1542~~

1543Legacy name for enabling unified exec; prefer `[features].unified_exec`.

~~1544~~

1545Key

~~1546~~

1547`profiles.<name>.include_apply_patch_tool`

~~1548~~

1549Type / Values

~~1550~~

1551`boolean`

~~1552~~

1553Details

~~1554~~

1555Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.

~~1556~~

1557Key

~~1558~~

1559`profiles.<name>.oss_provider`

~~1560~~

1561Type / Values

~~1562~~

1563`lmstudio | ollama`

~~1564~~

1565Details

~~1566~~

1567Profile-scoped OSS provider for `--oss` sessions.

~~1568~~

1569Key

~~1570~~

1571`profiles.<name>.personality`

~~1572~~

1573Type / Values

~~1574~~

1575`none | friendly | pragmatic`

~~1576~~

1577Details

~~1578~~

1579Profile-scoped communication style override for supported models.

~~1580~~

1581Key

~~1582~~

1583`profiles.<name>.web_search`

~~1584~~

1585Type / Values

~~1586~~

1587`disabled | cached | live`

~~1588~~

1589Details

~~1590~~

1591Profile-scoped web search mode override (default: `"cached"`).

~~1592~~

1593Key

~~1594~~

1595`project_doc_fallback_filenames`

~~1596~~

1597Type / Values

~~1598~~

1599`array<string>`

~~1600~~

1601Details

~~1602~~

1603Additional filenames to try when `AGENTS.md` is missing.

~~1604~~

1605Key

~~1606~~

1607`project_doc_max_bytes`

~~1608~~

1609Type / Values

~~1610~~

1611`number`

~~1612~~

1613Details

~~1614~~

1615Maximum bytes read from `AGENTS.md` when building project instructions.

~~1616~~

1617Key

~~1618~~

1619`project_root_markers`

~~1620~~

1621Type / Values

~~1622~~

1623`array<string>`

~~1624~~

1625Details

~~1626~~

1627List of project root marker filenames; used when searching parent directories for the project root.

~~1628~~

1629Key

~~1630~~

1631`projects.<path>.trust_level`

~~1632~~

1633Type / Values

~~1634~~

1635`string`

~~1636~~

1637Details

~~1638~~

1639Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.

~~1640~~

1641Key

~~1642~~

1643`review_model`

~~1644~~

1645Type / Values

~~1646~~

1647`string`

~~1648~~

1649Details

~~1650~~

1651Optional model override used by `/review` (defaults to the current session model).

~~1652~~

1653Key

~~1654~~

1655`sandbox_mode`

~~1656~~

1657Type / Values

~~1658~~

1659`read-only | workspace-write | danger-full-access`

~~1660~~

1661Details

~~1662~~

1663Sandbox policy for filesystem and network access during command execution.

~~1664~~

1665Key

~~1666~~

1667`sandbox_workspace_write.exclude_slash_tmp`

~~1668~~

1669Type / Values

~~1670~~

1671`boolean`

~~1672~~

1673Details

~~1674~~

1675Exclude `/tmp` from writable roots in workspace-write mode.

~~1676~~

1677Key

~~1678~~

1679`sandbox_workspace_write.exclude_tmpdir_env_var`

~~1680~~

1681Type / Values

~~1682~~

1683`boolean`

~~1684~~

1685Details

~~1686~~

1687Exclude `$TMPDIR` from writable roots in workspace-write mode.

~~1688~~

1689Key

~~1690~~

1691`sandbox_workspace_write.network_access`

~~1692~~

1693Type / Values

~~1694~~

1695`boolean`

~~1696~~

1697Details

~~1698~~

1699Allow outbound network access inside the workspace-write sandbox.

~~1700~~

1701Key

~~1702~~

1703`sandbox_workspace_write.writable_roots`

~~1704~~

1705Type / Values

~~1706~~

1707`array<string>`

~~1708~~

1709Details

~~1710~~

1711Additional writable roots when `sandbox_mode = "workspace-write"`.

~~1712~~

1713Key

~~1714~~

1715`shell_environment_policy.exclude`

~~1716~~

1717Type / Values

~~1718~~

1719`array<string>`

~~1720~~

1721Details

~~1722~~

1723Glob patterns for removing environment variables after the defaults.

~~1724~~

1725Key

~~1726~~

1727`shell_environment_policy.experimental_use_profile`

~~1728~~

1729Type / Values

~~1730~~

1731`boolean`

~~1732~~

1733Details

~~1734~~

1735Use the user shell profile when spawning subprocesses.

~~1736~~

1737Key

~~1738~~

1739`shell_environment_policy.ignore_default_excludes`

~~1740~~

1741Type / Values

~~1742~~

1743`boolean`

~~1744~~

1745Details

~~1746~~

1747Keep variables containing KEY/SECRET/TOKEN before other filters run.

~~1748~~

1749Key

~~1750~~

1751`shell_environment_policy.include_only`

~~1752~~

1753Type / Values

~~1754~~

1755`array<string>`

~~1756~~

1757Details

~~1758~~

1759Whitelist of patterns; when set only matching variables are kept.

~~1760~~

1761Key

~~1762~~

1763`shell_environment_policy.inherit`

~~1764~~

1765Type / Values

~~1766~~

1767`all | core | none`

~~1768~~

1769Details

~~1770~~

1771Baseline environment inheritance when spawning subprocesses.

~~1772~~

1773Key

~~1774~~

1775`shell_environment_policy.set`

~~1776~~

1777Type / Values

~~1778~~

1779`map<string,string>`

~~1780~~

1781Details

~~1782~~

1783Explicit environment overrides injected into every subprocess.

~~1784~~

1785Key

~~1786~~

1787`show_raw_agent_reasoning`

~~1788~~

1789Type / Values

~~1790~~

1791`boolean`

~~1792~~

1793Details

~~1794~~

1795Surface raw reasoning content when the active model emits it.

~~1796~~

1797Key

~~1798~~

1799`skills.config`

~~1800~~

1801Type / Values

~~1802~~

1803`array<object>`

~~1804~~

1805Details

~~1806~~

1807Per-skill enablement overrides stored in config.toml.

~~1808~~

1809Key

~~1810~~

1811`skills.config.<index>.enabled`

~~1812~~

1813Type / Values

~~1814~~

1815`boolean`

~~1816~~

1817Details

~~1818~~

1819Enable or disable the referenced skill.

~~1820~~

1821Key

~~1822~~

1823`skills.config.<index>.path`

~~1824~~

1825Type / Values

~~1826~~

1827`string (path)`

~~1828~~

1829Details

~~1830~~

1831Path to a skill folder containing `SKILL.md`.

~~1832~~

1833Key

~~1834~~

1835`suppress_unstable_features_warning`

~~1836~~

1837Type / Values

~~1838~~

1839`boolean`

~~1840~~

1841Details

~~1842~~

1843Suppress the warning that appears when under-development feature flags are enabled.

~~1844~~

1845Key

~~1846~~

1847`tool_output_token_limit`

~~1848~~

1849Type / Values

~~1850~~

1851`number`

~~1852~~

1853Details

~~1854~~

1855Token budget for storing individual tool/function outputs in history.

~~1856~~

1857Key

~~1858~~

1859`tools.web_search`

~~1860~~

1861Type / Values

~~1862~~

1863`boolean`

~~1864~~

1865Details

~~1866~~

1867Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.

~~1868~~

1869Key

~~1870~~

1871`tui`

~~1872~~

1873Type / Values

~~1874~~

1875`table`

~~1876~~

1877Details

~~1878~~

1879TUI-specific options such as enabling inline desktop notifications.

~~1880~~

1881Key

~~1882~~

1883`tui.alternate_screen`

~~1884~~

1885Type / Values

~~1886~~

1887`auto | always | never`

~~1888~~

1889Details

~~1890~~

1891Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).

~~1892~~

1893Key

~~1894~~

1895`tui.animations`

~~1896~~

1897Type / Values

~~1898~~

1899`boolean`

~~1900~~

1901Details

~~1902~~

1903Enable terminal animations (welcome screen, shimmer, spinner) (default: true).

~~1904~~

1905Key

~~1906~~

1907`tui.notification_method`

~~1908~~

1909Type / Values

~~1910~~

1911`auto | osc9 | bel`

~~1912~~

1913Details

~~1914~~

1915Notification method for unfocused terminal notifications (default: auto).

~~1916~~

1917Key

~~1918~~

1919`tui.notifications`

~~1920~~

1921Type / Values

~~1922~~

1923`boolean | array<string>`

~~1924~~

1925Details

~~1926~~

1927Enable TUI notifications; optionally restrict to specific event types.

~~1928~~

1929Key

~~1930~~

1931`tui.show_tooltips`

~~1932~~

1933Type / Values

~~1934~~

1935`boolean`

~~1936~~

1937Details

~~1938~~

1939Show onboarding tooltips in the TUI welcome screen (default: true).

~~1940~~

1941Key

~~1942~~

1943`tui.status_line`

~~1944~~

1945Type / Values

~~1946~~

1947`array<string> | null`

~~1948~~

1949Details

~~1950~~

1951Ordered list of TUI footer status-line item identifiers. `null` disables the status line.

~~1952~~

1953Key

~~1954~~

1955`web_search`

~~1956~~

1957Type / Values

~~1958~~

1959`disabled | cached | live`

~~1960~~

1961Details

~~1962~~

1963Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.

~~1964~~

1965Key

~~1966~~

1967`windows_wsl_setup_acknowledged`

~~1968~~

1969Type / Values

~~1970~~

1971`boolean`

~~1972~~

1973Details

~~1974~~

1975Track Windows onboarding acknowledgement (Windows only).

~~1976~~

1977Expand to view all

1978 1338

1979You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).1339You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

1980 1340

1988 1348

1989## `requirements.toml`1349## `requirements.toml`

1990 1350

1991`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users can’t override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/security#admin-enforced-requirements-requirementstoml).1351`requirements.toml` is an admin-enforced configuration file that constrains security-sensitive settings users can't override. For details, locations, and examples, see [Admin-enforced requirements](https://developers.openai.com/codex/enterprise/managed-configuration#admin-enforced-requirements-requirementstoml).

1992 1352

1993For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched1353For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

1994requirements. See the security page for precedence details.1354requirements. See the security page for precedence details.

1995 1355

1996| Key | Type / Values | Details |1356Use `[features]` in `requirements.toml` to pin feature flags by the same

1997| --- | --- | --- |1357canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

1998| `allowed_approval_policies` | `array<string>` | Allowed values for `approval\_policy`. |1358

1999| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |1359<ConfigTable

2000| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |1360 options={[

2001| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |1361 {

2002| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |1362 key: "allowed_approval_policies",

2003| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |1363 type: "array<string>",

2004| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |1364 description:

2005| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |1365 "Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).",

2006| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |1366 },

2007| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |1367 {

2008| `rules.prefix_rules[].justification` | `string` | Optional non-empty rationale surfaced in approval prompts or rejection messages. |1368 key: "allowed_approvals_reviewers",

2009| `rules.prefix_rules[].pattern` | `array<table>` | Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`. |1369 type: "array<string>",

2010| `rules.prefix_rules[].pattern[].any_of` | `array<string>` | A list of allowed alternative tokens at this position. |1370 description:

2011| `rules.prefix_rules[].pattern[].token` | `string` | A single literal token at this position. |1371 "Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.",

~~2012~~ 1372 },

2013Key1373 {

~~2014~~ 1374 key: "guardian_policy_config",

2015`allowed_approval_policies`1375 type: "string",

~~2016~~ 1376 description:

2017Type / Values1377 "Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.",

~~2018~~ 1378 },

2019`array<string>`1379 {

~~2020~~ 1380 key: "allowed_sandbox_modes",

2021Details1381 type: "array<string>",

~~2022~~ 1382 description: "Allowed values for `sandbox_mode`.",

2023Allowed values for `approval\_policy`.1383 },

~~2024~~ 1384 {

2025Key1385 key: "remote_sandbox_config",

~~2026~~ 1386 type: "array<table>",

2027`allowed_sandbox_modes`1387 description:

~~2028~~ 1388 "Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.",

2029Type / Values1389 },

~~2030~~ 1390 {

2031`array<string>`1391 key: "remote_sandbox_config[].hostname_patterns",

~~2032~~ 1392 type: "array<string>",

2033Details1393 description:

~~2034~~ 1394 "Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.",

2035Allowed values for `sandbox_mode`.1395 },

~~2036~~ 1396 {

2037Key1397 key: "remote_sandbox_config[].allowed_sandbox_modes",

~~2038~~ 1398 type: "array<string>",

2039`allowed_web_search_modes`1399 description:

~~2040~~ 1400 "Allowed sandbox modes to apply when this host-specific entry matches.",

2041Type / Values1401 },

~~2042~~ 1402 {

2043`array<string>`1403 key: "allowed_web_search_modes",

~~2044~~ 1404 type: "array<string>",

2045Details1405 description:

~~2046~~ 1406 "Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.",

2047Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`.1407 },

~~2048~~ 1408 {

2049Key1409 key: "features",

~~2050~~ 1410 type: "table",

2051`mcp_servers`1411 description:

~~2052~~ 1412 "Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.",

2053Type / Values1413 },

~~2054~~ 1414 {

2055`table`1415 key: "features.<name>",

~~2056~~ 1416 type: "boolean",

2057Details1417 description:

~~2058~~ 1418 "Require a specific canonical feature key to stay enabled or disabled.",

2059Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.1419 },

~~2060~~ 1420 {

2061Key1421 key: "features.in_app_browser",

~~2062~~ 1422 type: "boolean",

2063`mcp_servers.<id>.identity`1423 description:

~~2064~~ 1424 "Set to `false` in `requirements.toml` to disable the in-app browser pane.",

2065Type / Values1425 },

~~2066~~ 1426 {

2067`table`1427 key: "features.browser_use",

~~2068~~ 1428 type: "boolean",

2069Details1429 description:

~~2070~~ 1430 "Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.",

2071Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).1431 },

~~2072~~ 1432 {

2073Key1433 key: "features.computer_use",

~~2074~~ 1434 type: "boolean",

2075`mcp_servers.<id>.identity.command`1435 description:

~~2076~~ 1436 "Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.",

2077Type / Values1437 },

~~2078~~ 1438 {

2079`string`1439 key: "hooks",

~~2080~~ 1440 type: "table",

2081Details1441 description:

~~2082~~ 1442 "Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.",

2083Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.1443 },

~~2084~~ 1444 {

2085Key1445 key: "hooks.managed_dir",

~~2086~~ 1446 type: "string (absolute path)",

2087`mcp_servers.<id>.identity.url`1447 description:

~~2088~~ 1448 "Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.",

2089Type / Values1449 },

~~2090~~ 1450 {

2091`string`1451 key: "hooks.windows_managed_dir",

~~2092~~ 1452 type: "string (absolute path)",

2093Details1453 description:

~~2094~~ 1454 "Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.",

2095Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.1455 },

~~2096~~ 1456 {

2097Key1457 key: "hooks.<Event>",

~~2098~~ 1458 type: "array<table>",

2099`rules`1459 description:

~~2100~~ 1460 "Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.",

2101Type / Values1461 },

~~2102~~ 1462 {

2103`table`1463 key: "hooks.<Event>[].hooks",

~~2104~~ 1464 type: "array<table>",

2105Details1465 description:

~~2106~~ 1466 "Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.",

2107Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.1467 },

~~2108~~ 1468 {

2109Key1469 key: "permissions.filesystem.deny_read",

~~2110~~ 1470 type: "array<string>",

2111`rules.prefix_rules`1471 description:

~~2112~~ 1472 "Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.",

2113Type / Values1473 },

~~2114~~ 1474 {

2115`array<table>`1475 key: "mcp_servers",

~~2116~~ 1476 type: "table",

2117Details1477 description:

~~2118~~ 1478 "Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled.",

2119List of enforced prefix rules. Each rule must include `pattern` and `decision`.1479 },

~~2120~~ 1480 {

2121Key1481 key: "mcp_servers.<id>.identity",

~~2122~~ 1482 type: "table",

2123`rules.prefix_rules[].decision`1483 description:

~~2124~~ 1484 "Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP).",

2125Type / Values1485 },

~~2126~~ 1486 {

2127`prompt | forbidden`1487 key: "mcp_servers.<id>.identity.command",

~~2128~~ 1488 type: "string",

2129Details1489 description:

~~2130~~ 1490 "Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command.",

2131Required. Requirements rules can only prompt or forbid (not allow).1491 },

~~2132~~ 1492 {

2133Key1493 key: "mcp_servers.<id>.identity.url",

~~2134~~ 1494 type: "string",

2135`rules.prefix_rules[].justification`1495 description:

~~2136~~ 1496 "Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL.",

2137Type / Values1497 },

~~2138~~ 1498 {

2139`string`1499 key: "rules",

~~2140~~ 1500 type: "table",

2141Details1501 description:

~~2142~~ 1502 "Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive.",

2143Optional non-empty rationale surfaced in approval prompts or rejection messages.1503 },

~~2144~~ 1504 {

2145Key1505 key: "rules.prefix_rules",

~~2146~~ 1506 type: "array<table>",

2147`rules.prefix_rules[].pattern`1507 description:

~~2148~~ 1508 "List of enforced prefix rules. Each rule must include `pattern` and `decision`.",

2149Type / Values1509 },

~~2150~~ 1510 {

2151`array<table>`1511 key: "rules.prefix_rules[].pattern",

~~2152~~ 1512 type: "array<table>",

2153Details1513 description:

~~2154~~ 1514 "Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.",

2155Command prefix expressed as pattern tokens. Each token sets either `token` or `any_of`.1515 },

~~2156~~ 1516 {

2157Key1517 key: "rules.prefix_rules[].pattern[].token",

~~2158~~ 1518 type: "string",

2159`rules.prefix_rules[].pattern[].any_of`1519 description: "A single literal token at this position.",

~~2160~~ 1520 },

2161Type / Values1521 {

~~2162~~ 1522 key: "rules.prefix_rules[].pattern[].any_of",

2163`array<string>`1523 type: "array<string>",

~~2164~~ 1524 description: "A list of allowed alternative tokens at this position.",

2165Details1525 },

~~2166~~ 1526 {

2167A list of allowed alternative tokens at this position.1527 key: "rules.prefix_rules[].decision",

~~2168~~ 1528 type: "prompt | forbidden",

2169Key1529 description:

~~2170~~ 1530 "Required. Requirements rules can only prompt or forbid (not allow).",

2171`rules.prefix_rules[].pattern[].token`1531 },

~~2172~~ 1532 {

2173Type / Values1533 key: "rules.prefix_rules[].justification",

~~2174~~ 1534 type: "string",

2175`string`1535 description:

~~2176~~ 1536 "Optional non-empty rationale surfaced in approval prompts or rejection messages.",

2177Details1537 },

~~2178~~ 1538 ]}

2179A single literal token at this position.1539 client:load

~~2180~~ 1540/>

2181Expand to view all

config-reference.md Codex Docs, 2026-02-21 00:33 UTC → 2026-05-14 07:00 UTC