SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-02-24 00:33 UTC → 2026-05-02 00:48 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
24 Feb 2026, 00:33
18 May 2026, 22:01 14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
2 May 2026, 00:48
18 May 2026, 22:01 14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Fri 1 18:29 Sat 2 00:48 Sat 2 06:45 Tue 5 23:00 Thu 7 17:08 Thu 7 20:02 Mon 11 18:00 Tue 12 01:59 Wed 13 00:57 Thu 14 07:00 Thu 14 21:00 Mon 18 22:01

config-reference.md +1425 −395

Details

6 6 

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11| Key | Type / Values | Details |

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

15| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

16| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

17| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

18| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

19| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

20| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

21| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

22| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

23| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

24| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

29| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

30| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

31| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

32| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

33| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

34| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

35| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

36| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

37| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

38| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

39| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

40| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

41| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

42| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

43| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

44| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

45| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

46| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

47| `features.elevated_windows_sandbox` | `boolean` | Enable the elevated Windows sandbox pipeline (experimental). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

48| `features.experimental_windows_sandbox` | `boolean` | Run the Windows restricted-token sandbox (experimental). |55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

49| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default). |

50| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

51| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

52| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

53| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

54| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

55| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

56| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

57| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

58| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

59| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

60| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

61| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

62| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

67| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

68| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

69| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

70| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

71| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

72| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

73| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

82| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

83| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

84| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

85| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

86| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

87| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

88| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

89| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

90| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

91| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

92| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

93| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

94| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

95| `model_context_window` | `number` | Context window tokens available to the active model. |112| `model_context_window` | `number` | Context window tokens available to the active model. |

96| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

97| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

98| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

99| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

100| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

107| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

108| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

109| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

110| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

111| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |138| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

112| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |139| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

113| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |140| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

114| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |141| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

115| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |142| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

116| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |143| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

117| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |144| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

119| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |146| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

120| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |147| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

121| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |148| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

149| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

122| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |150| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

123| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |151| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

124| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |152| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

129| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |157| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

130| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |158| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

131| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |159| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

160| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

132| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |161| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

133| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |162| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

134| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |163| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

136| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |165| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

137| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |166| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

138| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |167| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

168| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

169| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

170| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

171| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

172| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

173| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

174| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

175| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

176| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

177| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

178| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

179| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

180| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

181| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

182| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

183| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

139| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |184| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

185| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

140| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |186| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

141| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |187| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

142| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |188| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

143| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |189| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

144| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

145| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |190| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

191| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

146| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |192| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

147| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |193| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

194| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

195| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

196| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

148| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |197| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

198| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

149| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |199| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

150| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |200| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

151| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |201| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

152| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |202| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

153| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |203| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

154| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |204| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

155| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |205| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

156| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |206| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

157| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |207| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

158| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |208| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

209| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

159| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |210| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

160| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |211| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

161| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |212| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

166| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |217| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |

167| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |218| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |

168| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |219| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |

220| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

169| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |221| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

170| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |222| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

171| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

225| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

172| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

173| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |228| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

174| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |229| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

175| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

232| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

233| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

176| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |235| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

177| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |236| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

178| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |237| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

238| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

239| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

179| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |240| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

180| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |241| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

242| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

243| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

181 244 

182Key245Key

183 246 

205 268 

206Key269Key

207 270 

271`agents.<name>.nickname_candidates`

272 

273Type / Values

274 

275`array<string>`

276 

277Details

278 

279Optional pool of display nicknames for spawned agents in that role.

280 

281Key

282 

283`agents.job_max_runtime_seconds`

284 

285Type / Values

286 

287`number`

288 

289Details

290 

291Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.

292 

293Key

294 

208`agents.max_depth`295`agents.max_depth`

209 296 

210Type / Values297Type / Values

225 312 

226Details313Details

227 314 

228Maximum number of agent threads that can be open concurrently.315Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

229 316 

230Key317Key

231 318 

241 328 

242Key329Key

243 330 

331`analytics.enabled`

332 

333Type / Values

334 

335`boolean`

336 

337Details

338 

339Enable or disable analytics for this machine/profile. When unset, the client default applies.

340 

341Key

342 

244`approval_policy`343`approval_policy`

245 344 

246Type / Values345Type / Values

247 346 

248`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`347`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

348 

349Details

350 

351Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

352 

353Key

354 

355`approval_policy.granular.mcp_elicitations`

356 

357Type / Values

358 

359`boolean`

360 

361Details

362 

363When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

364 

365Key

366 

367`approval_policy.granular.request_permissions`

368 

369Type / Values

370 

371`boolean`

249 372 

250Details373Details

251 374 

252Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.375When `true`, prompts from the `request_permissions` tool are allowed to surface.

253 376 

254Key377Key

255 378 

256`approval_policy.reject.mcp_elicitations`379`approval_policy.granular.rules`

257 380 

258Type / Values381Type / Values

259 382 

261 384 

262Details385Details

263 386 

264When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.387When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

265 388 

266Key389Key

267 390 

268`approval_policy.reject.rules`391`approval_policy.granular.sandbox_approval`

269 392 

270Type / Values393Type / Values

271 394 

273 396 

274Details397Details

275 398 

276When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.399When `true`, sandbox escalation approval prompts are allowed to surface.

277 400 

278Key401Key

279 402 

280`approval_policy.reject.sandbox_approval`403`approval_policy.granular.skill_approval`

281 404 

282Type / Values405Type / Values

283 406 

285 408 

286Details409Details

287 410 

288When `true`, sandbox escalation approval prompts are auto-rejected.411When `true`, skill-script approval prompts are allowed to surface.

412 

413Key

414 

415`approvals_reviewer`

416 

417Type / Values

418 

419`user | auto_review`

420 

421Details

422 

423Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

289 424 

290Key425Key

291 426 

409 544 

410Key545Key

411 546 

547`auto_review.policy`

548 

549Type / Values

550 

551`string`

552 

553Details

554 

555Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

556 

557Key

558 

412`background_terminal_max_timeout`559`background_terminal_max_timeout`

413 560 

414Type / Values561Type / Values

457 604 

458Key605Key

459 606 

460`compact_prompt`607`commit_attribution`

461 608 

462Type / Values609Type / Values

463 610 

465 612 

466Details613Details

467 614 

468Inline override for the history compaction prompt.615Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

469 616 

470Key617Key

471 618 

472`developer_instructions`619`compact_prompt`

473 620 

474Type / Values621Type / Values

475 622 

477 624 

478Details625Details

479 626 

480Additional developer instructions injected into the session (optional).627Inline override for the history compaction prompt.

481 628 

482Key629Key

483 630 

484`disable_paste_burst`631`default_permissions`

485 632 

486Type / Values633Type / Values

487 634 

488`boolean`635`string`

489 636 

490Details637Details

491 638 

492Disable burst-paste detection in the TUI.639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

493 640 

494Key641Key

495 642 

496`experimental_compact_prompt_file`643`developer_instructions`

497 644 

498Type / Values645Type / Values

499 646 

500`string (path)`647`string`

501 648 

502Details649Details

503 650 

504Load the compaction prompt override from a file (experimental).651Additional developer instructions injected into the session (optional).

505 652 

506Key653Key

507 654 

508`experimental_use_freeform_apply_patch`655`disable_paste_burst`

509 656 

510Type / Values657Type / Values

511 658 

513 660 

514Details661Details

515 662 

516Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.663Disable burst-paste detection in the TUI.

517 664 

518Key665Key

519 666 

520`experimental_use_unified_exec_tool`667`experimental_compact_prompt_file`

521 668 

522Type / Values669Type / Values

523 670 

524`boolean`671`string (path)`

525 672 

526Details673Details

527 674 

528Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.675Load the compaction prompt override from a file (experimental).

529 676 

530Key677Key

531 678 

532`features.apply_patch_freeform`679`experimental_use_unified_exec_tool`

533 680 

534Type / Values681Type / Values

535 682 

537 684 

538Details685Details

539 686 

540Expose the freeform `apply_patch` tool (experimental).687Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

541 688 

542Key689Key

543 690 

553 700 

554Key701Key

555 702 

556`features.apps_mcp_gateway`703`features.codex_hooks`

557 

558Type / Values

559 

560`boolean`

561 

562Details

563 

564Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).

565 

566Key

567 

568`features.child_agents_md`

569 704 

570Type / Values705Type / Values

571 706 

573 708 

574Details709Details

575 710 

576Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

577 712 

578Key713Key

579 714 

580`features.collaboration_modes`715`features.enable_request_compression`

581 716 

582Type / Values717Type / Values

583 718 

585 720 

586Details721Details

587 722 

588Enable collaboration modes such as plan mode (stable; on by default).723Compress streaming request bodies with zstd when supported (stable; on by default).

589 724 

590Key725Key

591 726 

592`features.elevated_windows_sandbox`727`features.fast_mode`

593 728 

594Type / Values729Type / Values

595 730 

597 732 

598Details733Details

599 734 

600Enable the elevated Windows sandbox pipeline (experimental).735Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

601 736 

602Key737Key

603 738 

604`features.experimental_windows_sandbox`739`features.memories`

605 740 

606Type / Values741Type / Values

607 742 

609 744 

610Details745Details

611 746 

612Run the Windows restricted-token sandbox (experimental).747Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

613 748 

614Key749Key

615 750 

621 756 

622Details757Details

623 758 

624Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default).759Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

625 760 

626Key761Key

627 762 

637 772 

638Key773Key

639 774 

640`features.powershell_utf8`775`features.prevent_idle_sleep`

641 

642Type / Values

643 

644`boolean`

645 

646Details

647 

648Force PowerShell UTF-8 output (defaults to true).

649 

650Key

651 

652`features.remote_models`

653 

654Type / Values

655 

656`boolean`

657 

658Details

659 

660Refresh remote model list before showing readiness (experimental).

661 

662Key

663 

664`features.request_rule`

665 776 

666Type / Values777Type / Values

667 778 

669 780 

670Details781Details

671 782 

672Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).783Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

673 784 

674Key785Key

675 786 

676`features.runtime_metrics`787`features.shell_snapshot`

677 788 

678Type / Values789Type / Values

679 790 

681 792 

682Details793Details

683 794 

684Show runtime metrics summary in TUI turn separators (experimental).795Snapshot shell environment to speed up repeated commands (stable; on by default).

685 796 

686Key797Key

687 798 

688`features.search_tool`799`features.shell_tool`

689 800 

690Type / Values801Type / Values

691 802 

693 804 

694Details805Details

695 806 

696Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).807Enable the default `shell` tool for running commands (stable; on by default).

697 808 

698Key809Key

699 810 

700`features.shell_snapshot`811`features.skill_mcp_dependency_install`

701 812 

702Type / Values813Type / Values

703 814 

705 816 

706Details817Details

707 818 

708Snapshot shell environment to speed up repeated commands (beta).819Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

709 820 

710Key821Key

711 822 

712`features.shell_tool`823`features.undo`

713 824 

714Type / Values825Type / Values

715 826 

717 828 

718Details829Details

719 830 

720Enable the default `shell` tool for running commands (stable; on by default).831Enable undo support (stable; off by default).

721 832 

722Key833Key

723 834 

729 840 

730Details841Details

731 842 

732Use the unified PTY-backed exec tool (beta).843Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

733 

734Key

735 

736`features.use_linux_sandbox_bwrap`

737 

738Type / Values

739 

740`boolean`

741 

742Details

743 

744Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

745 844 

746Key845Key

747 846 

865 964 

866Key965Key

867 966 

868`include_apply_patch_tool`967`hooks`

869 968 

870Type / Values969Type / Values

871 970 

872`boolean`971`table`

873 972 

874Details973Details

875 974 

876Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.975Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

877 976 

878Key977Key

879 978 

1049 1148 

1050Type / Values1149Type / Values

1051 1150 

1052`array<string>`1151`array<string | { name = string, source = "local" | "remote" }>`

1053 1152 

1054Details1153Details

1055 1154 

1056Additional environment variables to whitelist for an MCP stdio server.1155Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1156 

1157Key

1158 

1159`mcp_servers.<id>.experimental_environment`

1160 

1161Type / Values

1162 

1163`local | remote`

1164 

1165Details

1166 

1167Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1057 1168 

1058Key1169Key

1059 1170 

1069 1180 

1070Key1181Key

1071 1182 

1183`mcp_servers.<id>.oauth_resource`

1184 

1185Type / Values

1186 

1187`string`

1188 

1189Details

1190 

1191Optional RFC 8707 OAuth resource parameter to include during MCP login.

1192 

1193Key

1194 

1072`mcp_servers.<id>.required`1195`mcp_servers.<id>.required`

1073 1196 

1074Type / Values1197Type / Values

1081 1204 

1082Key1205Key

1083 1206 

1207`mcp_servers.<id>.scopes`

1208 

1209Type / Values

1210 

1211`array<string>`

1212 

1213Details

1214 

1215OAuth scopes to request when authenticating to that MCP server.

1216 

1217Key

1218 

1084`mcp_servers.<id>.startup_timeout_ms`1219`mcp_servers.<id>.startup_timeout_ms`

1085 1220 

1086Type / Values1221Type / Values

1129 1264 

1130Key1265Key

1131 1266 

1132`model`1267`memories.consolidation_model`

1133 1268 

1134Type / Values1269Type / Values

1135 1270 

1137 1272 

1138Details1273Details

1139 1274 

1140Model to use (e.g., `gpt-5-codex`).1275Optional model override for global memory consolidation.

1141 1276 

1142Key1277Key

1143 1278 

1144`model_auto_compact_token_limit`1279`memories.disable_on_external_context`

1145 1280 

1146Type / Values1281Type / Values

1147 1282 

1148`number`1283`boolean`

1149 1284 

1150Details1285Details

1151 1286 

1152Token threshold that triggers automatic history compaction (unset uses model defaults).1287When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1153 1288 

1154Key1289Key

1155 1290 

1156`model_catalog_json`1291`memories.extract_model`

1157 1292 

1158Type / Values1293Type / Values

1159 1294 

1160`string (path)`1295`string`

1161 1296 

1162Details1297Details

1163 1298 

1164Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1299Optional model override for per-thread memory extraction.

1165 1300 

1166Key1301Key

1167 1302 

1168`model_context_window`1303`memories.generate_memories`

1169 1304 

1170Type / Values1305Type / Values

1171 1306 

1172`number`1307`boolean`

1173 1308 

1174Details1309Details

1175 1310 

1176Context window tokens available to the active model.1311When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1177 1312 

1178Key1313Key

1179 1314 

1180`model_instructions_file`1315`memories.max_raw_memories_for_consolidation`

1181 1316 

1182Type / Values1317Type / Values

1183 1318 

1184`string (path)`1319`number`

1185 1320 

1186Details1321Details

1187 1322 

1188Replacement for built-in instructions instead of `AGENTS.md`.1323Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1189 1324 

1190Key1325Key

1191 1326 

1192`model_provider`1327`memories.max_rollout_age_days`

1193 1328 

1194Type / Values1329Type / Values

1195 1330 

1196`string`1331`number`

1197 1332 

1198Details1333Details

1199 1334 

1200Provider id from `model_providers` (default: `openai`).1335Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1201 1336 

1202Key1337Key

1203 1338 

1204`model_providers.<id>.base_url`1339`memories.max_rollouts_per_startup`

1205 1340 

1206Type / Values1341Type / Values

1207 1342 

1208`string`1343`number`

1209 1344 

1210Details1345Details

1211 1346 

1212API base URL for the model provider.1347Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1213 1348 

1214Key1349Key

1215 1350 

1216`model_providers.<id>.env_http_headers`1351`memories.max_unused_days`

1217 1352 

1218Type / Values1353Type / Values

1219 1354 

1220`map<string,string>`1355`number`

1221 1356 

1222Details1357Details

1223 1358 

1224HTTP headers populated from environment variables when present.1359Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1225 1360 

1226Key1361Key

1227 1362 

1228`model_providers.<id>.env_key`1363`memories.min_rate_limit_remaining_percent`

1229 1364 

1230Type / Values1365Type / Values

1231 1366 

1232`string`1367`number`

1233 1368 

1234Details1369Details

1235 1370 

1236Environment variable supplying the provider API key.1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1237 1372 

1238Key1373Key

1239 1374 

1240`model_providers.<id>.env_key_instructions`1375`memories.min_rollout_idle_hours`

1241 1376 

1242Type / Values1377Type / Values

1243 1378 

1244`string`1379`number`

1245 1380 

1246Details1381Details

1247 1382 

1248Optional setup guidance for the provider API key.1383Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1249 1384 

1250Key1385Key

1251 1386 

1252`model_providers.<id>.experimental_bearer_token`1387`memories.use_memories`

1253 1388 

1254Type / Values1389Type / Values

1255 1390 

1256`string`1391`boolean`

1257 1392 

1258Details1393Details

1259 1394 

1260Direct bearer token for the provider (discouraged; use `env_key`).1395When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1261 1396 

1262Key1397Key

1263 1398 

1264`model_providers.<id>.http_headers`1399`model`

1265 1400 

1266Type / Values1401Type / Values

1267 1402 

1268`map<string,string>`1403`string`

1269 1404 

1270Details1405Details

1271 1406 

1272Static HTTP headers added to provider requests.1407Model to use (e.g., `gpt-5.5`).

1273 1408 

1274Key1409Key

1275 1410 

1276`model_providers.<id>.name`1411`model_auto_compact_token_limit`

1277 1412 

1278Type / Values1413Type / Values

1279 1414 

1280`string`1415`number`

1281 1416 

1282Details1417Details

1283 1418 

1284Display name for a custom model provider.1419Token threshold that triggers automatic history compaction (unset uses model defaults).

1285 1420 

1286Key1421Key

1287 1422 

1288`model_providers.<id>.query_params`1423`model_catalog_json`

1289 1424 

1290Type / Values1425Type / Values

1291 1426 

1292`map<string,string>`1427`string (path)`

1293 1428 

1294Details1429Details

1295 1430 

1296Extra query parameters appended to provider requests.1431Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1297 1432 

1298Key1433Key

1299 1434 

1300`model_providers.<id>.request_max_retries`1435`model_context_window`

1301 1436 

1302Type / Values1437Type / Values

1303 1438 

1305 1440 

1306Details1441Details

1307 1442 

1308Retry count for HTTP requests to the provider (default: 4).1443Context window tokens available to the active model.

1309 1444 

1310Key1445Key

1311 1446 

1312`model_providers.<id>.requires_openai_auth`1447`model_instructions_file`

1313 1448 

1314Type / Values1449Type / Values

1315 1450 

1316`boolean`1451`string (path)`

1317 1452 

1318Details1453Details

1319 1454 

1320The provider uses OpenAI authentication (defaults to false).1455Replacement for built-in instructions instead of `AGENTS.md`.

1321 1456 

1322Key1457Key

1323 1458 

1324`model_providers.<id>.stream_idle_timeout_ms`1459`model_provider`

1325 1460 

1326Type / Values1461Type / Values

1327 1462 

1328`number`1463`string`

1329 1464 

1330Details1465Details

1331 1466 

1332Idle timeout for SSE streams in milliseconds (default: 300000).1467Provider id from `model_providers` (default: `openai`).

1333 1468 

1334Key1469Key

1335 1470 

1336`model_providers.<id>.stream_max_retries`1471`model_providers.<id>`

1337 1472 

1338Type / Values1473Type / Values

1339 1474 

1340`number`1475`table`

1341 1476 

1342Details1477Details

1343 1478 

1344Retry count for SSE streaming interruptions (default: 5).1479Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1345 1480 

1346Key1481Key

1347 1482 

1348`model_providers.<id>.wire_api`1483`model_providers.<id>.auth`

1349 1484 

1350Type / Values1485Type / Values

1351 1486 

1352`chat | responses`1487`table`

1353 1488 

1354Details1489Details

1355 1490 

1356Protocol used by the provider (defaults to `chat` if omitted).1491Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1357 1492 

1358Key1493Key

1359 1494 

1360`model_reasoning_effort`1495`model_providers.<id>.auth.args`

1361 1496 

1362Type / Values1497Type / Values

1363 1498 

1364`minimal | low | medium | high | xhigh`1499`array<string>`

1365 1500 

1366Details1501Details

1367 1502 

1368Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1503Arguments passed to the token command.

1369 1504 

1370Key1505Key

1371 1506 

1372`model_reasoning_summary`1507`model_providers.<id>.auth.command`

1373 1508 

1374Type / Values1509Type / Values

1375 1510 

1376`auto | concise | detailed | none`1511`string`

1377 1512 

1378Details1513Details

1379 1514 

1380Select reasoning summary detail or disable summaries entirely.1515Command to run when Codex needs a bearer token. The command must print the token to stdout.

1381 1516 

1382Key1517Key

1383 1518 

1384`model_supports_reasoning_summaries`1519`model_providers.<id>.auth.cwd`

1385 1520 

1386Type / Values1521Type / Values

1387 1522 

1388`boolean`1523`string (path)`

1389 1524 

1390Details1525Details

1391 1526 

1392Force Codex to send or not send reasoning metadata.1527Working directory for the token command.

1393 1528 

1394Key1529Key

1395 1530 

1396`model_verbosity`1531`model_providers.<id>.auth.refresh_interval_ms`

1397 1532 

1398Type / Values1533Type / Values

1399 1534 

1400`low | medium | high`1535`number`

1401 1536 

1402Details1537Details

1403 1538 

1404Control GPT-5 Responses API verbosity (defaults to `medium`).1539How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1405 1540 

1406Key1541Key

1407 1542 

1408`notice.hide_full_access_warning`1543`model_providers.<id>.auth.timeout_ms`

1409 1544 

1410Type / Values1545Type / Values

1411 1546 

1412`boolean`1547`number`

1413 1548 

1414Details1549Details

1415 1550 

1416Track acknowledgement of the full access warning prompt.1551Maximum token command runtime in milliseconds (default: 5000).

1417 1552 

1418Key1553Key

1419 1554 

1420`notice.hide_gpt-5.1-codex-max_migration_prompt`1555`model_providers.<id>.base_url`

1421 1556 

1422Type / Values1557Type / Values

1423 1558 

1424`boolean`1559`string`

1425 1560 

1426Details1561Details

1427 1562 

1428Track acknowledgement of the gpt-5.1-codex-max migration prompt.1563API base URL for the model provider.

1429 1564 

1430Key1565Key

1431 1566 

1432`notice.hide_gpt5_1_migration_prompt`1567`model_providers.<id>.env_http_headers`

1433 1568 

1434Type / Values1569Type / Values

1435 1570 

1436`boolean`1571`map<string,string>`

1437 1572 

1438Details1573Details

1439 1574 

1440Track acknowledgement of the GPT-5.1 migration prompt.1575HTTP headers populated from environment variables when present.

1441 1576 

1442Key1577Key

1443 1578 

1444`notice.hide_rate_limit_model_nudge`1579`model_providers.<id>.env_key`

1445 1580 

1446Type / Values1581Type / Values

1447 1582 

1448`boolean`1583`string`

1449 1584 

1450Details1585Details

1451 1586 

1452Track opt-out of the rate limit model switch reminder.1587Environment variable supplying the provider API key.

1453 1588 

1454Key1589Key

1455 1590 

1456`notice.hide_world_writable_warning`1591`model_providers.<id>.env_key_instructions`

1457 1592 

1458Type / Values1593Type / Values

1459 1594 

1460`boolean`1595`string`

1461 1596 

1462Details1597Details

1463 1598 

1464Track acknowledgement of the Windows world-writable directories warning.1599Optional setup guidance for the provider API key.

1465 1600 

1466Key1601Key

1467 1602 

1468`notice.model_migrations`1603`model_providers.<id>.experimental_bearer_token`

1469 1604 

1470Type / Values1605Type / Values

1471 1606 

1472`map<string,string>`1607`string`

1473 1608 

1474Details1609Details

1475 1610 

1476Track acknowledged model migrations as old->new mappings.1611Direct bearer token for the provider (discouraged; use `env_key`).

1477 1612 

1478Key1613Key

1479 1614 

1480`notify`1615`model_providers.<id>.http_headers`

1481 1616 

1482Type / Values1617Type / Values

1483 1618 

1484`array<string>`1619`map<string,string>`

1485 1620 

1486Details1621Details

1487 1622 

1488Command invoked for notifications; receives a JSON payload from Codex.1623Static HTTP headers added to provider requests.

1489 1624 

1490Key1625Key

1491 1626 

1492`oss_provider`1627`model_providers.<id>.name`

1493 1628 

1494Type / Values1629Type / Values

1495 1630 

1496`lmstudio | ollama`1631`string`

1497 1632 

1498Details1633Details

1499 1634 

1500Default local provider used when running with `--oss` (defaults to prompting if unset).1635Display name for a custom model provider.

1501 1636 

1502Key1637Key

1503 1638 

1504`otel.environment`1639`model_providers.<id>.query_params`

1505 1640 

1506Type / Values1641Type / Values

1507 1642 

1508`string`1643`map<string,string>`

1509 1644 

1510Details1645Details

1511 1646 

1512Environment tag applied to emitted OpenTelemetry events (default: `dev`).1647Extra query parameters appended to provider requests.

1513 1648 

1514Key1649Key

1515 1650 

1516`otel.exporter`1651`model_providers.<id>.request_max_retries`

1517 1652 

1518Type / Values1653Type / Values

1519 1654 

1520`none | otlp-http | otlp-grpc`1655`number`

1521 1656 

1522Details1657Details

1523 1658 

1524Select the OpenTelemetry exporter and provide any endpoint metadata.1659Retry count for HTTP requests to the provider (default: 4).

1525 1660 

1526Key1661Key

1527 1662 

1528`otel.exporter.<id>.endpoint`1663`model_providers.<id>.requires_openai_auth`

1529 1664 

1530Type / Values1665Type / Values

1531 1666 

1532`string`1667`boolean`

1533 1668 

1534Details1669Details

1535 1670 

1536Exporter endpoint for OTEL logs.1671The provider uses OpenAI authentication (defaults to false).

1537 1672 

1538Key1673Key

1539 1674 

1540`otel.exporter.<id>.headers`1675`model_providers.<id>.stream_idle_timeout_ms`

1541 1676 

1542Type / Values1677Type / Values

1543 1678 

1544`map<string,string>`1679`number`

1545 1680 

1546Details1681Details

1547 1682 

1548Static headers included with OTEL exporter requests.1683Idle timeout for SSE streams in milliseconds (default: 300000).

1549 1684 

1550Key1685Key

1551 1686 

1552`otel.exporter.<id>.protocol`1687`model_providers.<id>.stream_max_retries`

1553 1688 

1554Type / Values1689Type / Values

1555 1690 

1556`binary | json`1691`number`

1557 1692 

1558Details1693Details

1559 1694 

1560Protocol used by the OTLP/HTTP exporter.1695Retry count for SSE streaming interruptions (default: 5).

1561 1696 

1562Key1697Key

1563 1698 

1564`otel.exporter.<id>.tls.ca-certificate`1699`model_providers.<id>.supports_websockets`

1565 1700 

1566Type / Values1701Type / Values

1567 1702 

1568`string`1703`boolean`

1569 1704 

1570Details1705Details

1571 1706 

1572CA certificate path for OTEL exporter TLS.1707Whether that provider supports the Responses API WebSocket transport.

1573 1708 

1574Key1709Key

1575 1710 

1576`otel.exporter.<id>.tls.client-certificate`1711`model_providers.<id>.wire_api`

1577 1712 

1578Type / Values1713Type / Values

1579 1714 

1580`string`1715`responses`

1581 1716 

1582Details1717Details

1583 1718 

1584Client certificate path for OTEL exporter TLS.1719Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1585 1720 

1586Key1721Key

1587 1722 

1588`otel.exporter.<id>.tls.client-private-key`1723`model_providers.amazon-bedrock.aws.profile`

1589 1724 

1590Type / Values1725Type / Values

1591 1726 

1593 1728 

1594Details1729Details

1595 1730 

1596Client private key path for OTEL exporter TLS.1731AWS profile name used by the built-in `amazon-bedrock` provider.

1597 1732 

1598Key1733Key

1599 1734 

1600`otel.log_user_prompt`1735`model_providers.amazon-bedrock.aws.region`

1601 1736 

1602Type / Values1737Type / Values

1603 1738 

1604`boolean`1739`string`

1605 1740 

1606Details1741Details

1607 1742 

1608Opt in to exporting raw user prompts with OpenTelemetry logs.1743AWS region used by the built-in `amazon-bedrock` provider.

1609 1744 

1610Key1745Key

1611 1746 

1612`otel.trace_exporter`1747`model_reasoning_effort`

1613 1748 

1614Type / Values1749Type / Values

1615 1750 

1616`none | otlp-http | otlp-grpc`1751`minimal | low | medium | high | xhigh`

1617 1752 

1618Details1753Details

1619 1754 

1620Select the OpenTelemetry trace exporter and provide any endpoint metadata.1755Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1621 1756 

1622Key1757Key

1623 1758 

1624`otel.trace_exporter.<id>.endpoint`1759`model_reasoning_summary`

1625 1760 

1626Type / Values1761Type / Values

1627 1762 

1628`string`1763`auto | concise | detailed | none`

1629 1764 

1630Details1765Details

1631 1766 

1632Trace exporter endpoint for OTEL logs.1767Select reasoning summary detail or disable summaries entirely.

1633 1768 

1634Key1769Key

1635 1770 

1636`otel.trace_exporter.<id>.headers`1771`model_supports_reasoning_summaries`

1637 1772 

1638Type / Values1773Type / Values

1639 1774 

1640`map<string,string>`1775`boolean`

1641 1776 

1642Details1777Details

1643 1778 

1644Static headers included with OTEL trace exporter requests.1779Force Codex to send or not send reasoning metadata.

1645 1780 

1646Key1781Key

1647 1782 

1648`otel.trace_exporter.<id>.protocol`1783`model_verbosity`

1649 1784 

1650Type / Values1785Type / Values

1651 1786 

1652`binary | json`1787`low | medium | high`

1653 1788 

1654Details1789Details

1655 1790 

1656Protocol used by the OTLP/HTTP trace exporter.1791Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1657 1792 

1658Key1793Key

1659 1794 

1660`otel.trace_exporter.<id>.tls.ca-certificate`1795`notice.hide_full_access_warning`

1661 1796 

1662Type / Values1797Type / Values

1663 1798 

1664`string`1799`boolean`

1665 1800 

1666Details1801Details

1667 1802 

1668CA certificate path for OTEL trace exporter TLS.1803Track acknowledgement of the full access warning prompt.

1669 1804 

1670Key1805Key

1671 1806 

1672`otel.trace_exporter.<id>.tls.client-certificate`1807`notice.hide_gpt-5.1-codex-max_migration_prompt`

1673 1808 

1674Type / Values1809Type / Values

1675 1810 

1676`string`1811`boolean`

1677 1812 

1678Details1813Details

1679 1814 

1680Client certificate path for OTEL trace exporter TLS.1815Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1681 1816 

1682Key1817Key

1683 1818 

1684`otel.trace_exporter.<id>.tls.client-private-key`1819`notice.hide_gpt5_1_migration_prompt`

1685 1820 

1686Type / Values1821Type / Values

1687 1822 

1688`string`1823`boolean`

1689 1824 

1690Details1825Details

1691 1826 

1692Client private key path for OTEL trace exporter TLS.1827Track acknowledgement of the GPT-5.1 migration prompt.

1693 1828 

1694Key1829Key

1695 1830 

1696`personality`1831`notice.hide_rate_limit_model_nudge`

1697 1832 

1698Type / Values1833Type / Values

1699 1834 

1700`none | friendly | pragmatic`1835`boolean`

1701 1836 

1702Details1837Details

1703 1838 

1704Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.1839Track opt-out of the rate limit model switch reminder.

1705 1840 

1706Key1841Key

1707 1842 

1708`profile`1843`notice.hide_world_writable_warning`

1709 1844 

1710Type / Values1845Type / Values

1711 1846 

1712`string`1847`boolean`

1713 1848 

1714Details1849Details

1715 1850 

1716Default profile applied at startup (equivalent to `--profile`).1851Track acknowledgement of the Windows world-writable directories warning.

1717 1852 

1718Key1853Key

1719 1854 

1720`profiles.<name>.*`1855`notice.model_migrations`

1721 1856 

1722Type / Values1857Type / Values

1723 1858 

1724`various`1859`map<string,string>`

1725 1860 

1726Details1861Details

1727 1862 

1728Profile-scoped overrides for any of the supported configuration keys.1863Track acknowledged model migrations as old->new mappings.

1729 1864 

1730Key1865Key

1731 1866 

1732`profiles.<name>.experimental_use_freeform_apply_patch`1867`notify`

1733 1868 

1734Type / Values1869Type / Values

1735 1870 

1736`boolean`1871`array<string>`

1737 1872 

1738Details1873Details

1739 1874 

1740Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1875Command invoked for notifications; receives a JSON payload from Codex.

1741 1876 

1742Key1877Key

1743 1878 

1744`profiles.<name>.experimental_use_unified_exec_tool`1879`openai_base_url`

1745 1880 

1746Type / Values1881Type / Values

1747 1882 

1748`boolean`1883`string`

1749 1884 

1750Details1885Details

1751 1886 

1752Legacy name for enabling unified exec; prefer `[features].unified_exec`.1887Base URL override for the built-in `openai` model provider.

1753 1888 

1754Key1889Key

1755 1890 

1756`profiles.<name>.include_apply_patch_tool`1891`oss_provider`

1757 1892 

1758Type / Values1893Type / Values

1759 1894 

1760`boolean`1895`lmstudio | ollama`

1761 1896 

1762Details1897Details

1763 1898 

1764Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1899Default local provider used when running with `--oss` (defaults to prompting if unset).

1765 1900 

1766Key1901Key

1767 1902 

1768`profiles.<name>.model_catalog_json`1903`otel.environment`

1769 1904 

1770Type / Values1905Type / Values

1771 1906 

1772`string (path)`1907`string`

1773 1908 

1774Details1909Details

1775 1910 

1776Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).1911Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1777 1912 

1778Key1913Key

1779 1914 

1780`profiles.<name>.oss_provider`1915`otel.exporter`

1781 1916 

1782Type / Values1917Type / Values

1783 1918 

1784`lmstudio | ollama`1919`none | otlp-http | otlp-grpc`

1785 1920 

1786Details1921Details

1787 1922 

1788Profile-scoped OSS provider for `--oss` sessions.1923Select the OpenTelemetry exporter and provide any endpoint metadata.

1789 1924 

1790Key1925Key

1791 1926 

1792`profiles.<name>.personality`1927`otel.exporter.<id>.endpoint`

1793 1928 

1794Type / Values1929Type / Values

1795 1930 

1796`none | friendly | pragmatic`1931`string`

1797 1932 

1798Details1933Details

1799 1934 

1800Profile-scoped communication style override for supported models.1935Exporter endpoint for OTEL logs.

1801 1936 

1802Key1937Key

1803 1938 

1804`profiles.<name>.web_search`1939`otel.exporter.<id>.headers`

1805 1940 

1806Type / Values1941Type / Values

1807 1942 

1808`disabled | cached | live`1943`map<string,string>`

1809 1944 

1810Details1945Details

1811 1946 

1812Profile-scoped web search mode override (default: `"cached"`).1947Static headers included with OTEL exporter requests.

1813 1948 

1814Key1949Key

1815 1950 

1816`project_doc_fallback_filenames`1951`otel.exporter.<id>.protocol`

1817 1952 

1818Type / Values1953Type / Values

1819 1954 

1820`array<string>`1955`binary | json`

1821 1956 

1822Details1957Details

1823 1958 

1824Additional filenames to try when `AGENTS.md` is missing.1959Protocol used by the OTLP/HTTP exporter.

1825 1960 

1826Key1961Key

1827 1962 

1828`project_doc_max_bytes`1963`otel.exporter.<id>.tls.ca-certificate`

1829 1964 

1830Type / Values1965Type / Values

1831 1966 

1832`number`1967`string`

1833 1968 

1834Details1969Details

1835 1970 

1836Maximum bytes read from `AGENTS.md` when building project instructions.1971CA certificate path for OTEL exporter TLS.

1837 1972 

1838Key1973Key

1839 1974 

1840`project_root_markers`1975`otel.exporter.<id>.tls.client-certificate`

1841 1976 

1842Type / Values1977Type / Values

1843 1978 

1844`array<string>`1979`string`

1845 1980 

1846Details1981Details

1847 1982 

1848List of project root marker filenames; used when searching parent directories for the project root.1983Client certificate path for OTEL exporter TLS.

1849 1984 

1850Key1985Key

1851 1986 

1852`projects.<path>.trust_level`1987`otel.exporter.<id>.tls.client-private-key`

1853 1988 

1854Type / Values1989Type / Values

1855 1990 

1857 1992 

1858Details1993Details

1859 1994 

1860Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.1995Client private key path for OTEL exporter TLS.

1861 1996 

1862Key1997Key

1863 1998 

1864`review_model`1999`otel.log_user_prompt`

1865 2000 

1866Type / Values2001Type / Values

1867 2002 

1868`string`2003`boolean`

1869 2004 

1870Details2005Details

1871 2006 

1872Optional model override used by `/review` (defaults to the current session model).2007Opt in to exporting raw user prompts with OpenTelemetry logs.

1873 2008 

1874Key2009Key

1875 2010 

1876`sandbox_mode`2011`otel.metrics_exporter`

1877 2012 

1878Type / Values2013Type / Values

1879 2014 

1880`read-only | workspace-write | danger-full-access`2015`none | statsig | otlp-http | otlp-grpc`

1881 2016 

1882Details2017Details

1883 2018 

1884Sandbox policy for filesystem and network access during command execution.2019Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1885 2020 

1886Key2021Key

1887 2022 

1888`sandbox_workspace_write.exclude_slash_tmp`2023`otel.trace_exporter`

1889 2024 

1890Type / Values2025Type / Values

1891 2026 

1892`boolean`2027`none | otlp-http | otlp-grpc`

1893 2028 

1894Details2029Details

1895 2030 

1896Exclude `/tmp` from writable roots in workspace-write mode.2031Select the OpenTelemetry trace exporter and provide any endpoint metadata.

1897 2032 

1898Key2033Key

1899 2034 

1900`sandbox_workspace_write.exclude_tmpdir_env_var`2035`otel.trace_exporter.<id>.endpoint`

1901 2036 

1902Type / Values2037Type / Values

1903 2038 

1904`boolean`2039`string`

1905 2040 

1906Details2041Details

1907 2042 

1908Exclude `$TMPDIR` from writable roots in workspace-write mode.2043Trace exporter endpoint for OTEL logs.

1909 2044 

1910Key2045Key

1911 2046 

1912`sandbox_workspace_write.network_access`2047`otel.trace_exporter.<id>.headers`

1913 2048 

1914Type / Values2049Type / Values

1915 2050 

1916`boolean`2051`map<string,string>`

1917 2052 

1918Details2053Details

1919 2054 

1920Allow outbound network access inside the workspace-write sandbox.2055Static headers included with OTEL trace exporter requests.

1921 2056 

1922Key2057Key

1923 2058 

1924`sandbox_workspace_write.writable_roots`2059`otel.trace_exporter.<id>.protocol`

1925 2060 

1926Type / Values2061Type / Values

1927 2062 

1928`array<string>`2063`binary | json`

1929 2064 

1930Details2065Details

1931 2066 

1932Additional writable roots when `sandbox_mode = "workspace-write"`.2067Protocol used by the OTLP/HTTP trace exporter.

1933 2068 

1934Key2069Key

1935 2070 

1936`shell_environment_policy.exclude`2071`otel.trace_exporter.<id>.tls.ca-certificate`

1937 2072 

1938Type / Values2073Type / Values

1939 2074 

1940`array<string>`2075`string`

1941 2076 

1942Details2077Details

1943 2078 

1944Glob patterns for removing environment variables after the defaults.2079CA certificate path for OTEL trace exporter TLS.

2080 

2081Key

2082 

2083`otel.trace_exporter.<id>.tls.client-certificate`

2084 

2085Type / Values

2086 

2087`string`

2088 

2089Details

2090 

2091Client certificate path for OTEL trace exporter TLS.

2092 

2093Key

2094 

2095`otel.trace_exporter.<id>.tls.client-private-key`

2096 

2097Type / Values

2098 

2099`string`

2100 

2101Details

2102 

2103Client private key path for OTEL trace exporter TLS.

2104 

2105Key

2106 

2107`permissions.<name>.filesystem`

2108 

2109Type / Values

2110 

2111`table`

2112 

2113Details

2114 

2115Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

2116 

2117Key

2118 

2119`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

2120 

2121Type / Values

2122 

2123`"read" | "write" | "none"`

2124 

2125Details

2126 

2127Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

2128 

2129Key

2130 

2131`permissions.<name>.filesystem.<path-or-glob>`

2132 

2133Type / Values

2134 

2135`"read" | "write" | "none" | table`

2136 

2137Details

2138 

2139Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

2140 

2141Key

2142 

2143`permissions.<name>.filesystem.glob_scan_max_depth`

2144 

2145Type / Values

2146 

2147`number`

2148 

2149Details

2150 

2151Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2152 

2153Key

2154 

2155`permissions.<name>.network.allow_local_binding`

2156 

2157Type / Values

2158 

2159`boolean`

2160 

2161Details

2162 

2163Permit local bind/listen operations through the managed proxy.

2164 

2165Key

2166 

2167`permissions.<name>.network.allow_upstream_proxy`

2168 

2169Type / Values

2170 

2171`boolean`

2172 

2173Details

2174 

2175Allow the managed proxy to chain to another upstream proxy.

2176 

2177Key

2178 

2179`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2180 

2181Type / Values

2182 

2183`boolean`

2184 

2185Details

2186 

2187Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2188 

2189Key

2190 

2191`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2192 

2193Type / Values

2194 

2195`boolean`

2196 

2197Details

2198 

2199Permit non-loopback bind addresses for the managed proxy listener.

2200 

2201Key

2202 

2203`permissions.<name>.network.domains`

2204 

2205Type / Values

2206 

2207`map<string, allow | deny>`

2208 

2209Details

2210 

2211Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2212 

2213Key

2214 

2215`permissions.<name>.network.enable_socks5`

2216 

2217Type / Values

2218 

2219`boolean`

2220 

2221Details

2222 

2223Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2224 

2225Key

2226 

2227`permissions.<name>.network.enable_socks5_udp`

2228 

2229Type / Values

2230 

2231`boolean`

2232 

2233Details

2234 

2235Allow UDP over the SOCKS5 listener when enabled.

2236 

2237Key

2238 

2239`permissions.<name>.network.enabled`

2240 

2241Type / Values

2242 

2243`boolean`

2244 

2245Details

2246 

2247Enable network access for this named permissions profile.

2248 

2249Key

2250 

2251`permissions.<name>.network.mode`

2252 

2253Type / Values

2254 

2255`limited | full`

2256 

2257Details

2258 

2259Network proxy mode used for subprocess traffic.

2260 

2261Key

2262 

2263`permissions.<name>.network.proxy_url`

2264 

2265Type / Values

2266 

2267`string`

2268 

2269Details

2270 

2271HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2272 

2273Key

2274 

2275`permissions.<name>.network.socks_url`

2276 

2277Type / Values

2278 

2279`string`

2280 

2281Details

2282 

2283SOCKS5 proxy endpoint used by this permissions profile.

2284 

2285Key

2286 

2287`permissions.<name>.network.unix_sockets`

2288 

2289Type / Values

2290 

2291`map<string, allow | none>`

2292 

2293Details

2294 

2295Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2296 

2297Key

2298 

2299`personality`

2300 

2301Type / Values

2302 

2303`none | friendly | pragmatic`

2304 

2305Details

2306 

2307Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

2308 

2309Key

2310 

2311`plan_mode_reasoning_effort`

2312 

2313Type / Values

2314 

2315`none | minimal | low | medium | high | xhigh`

2316 

2317Details

2318 

2319Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

2320 

2321Key

2322 

2323`profile`

2324 

2325Type / Values

2326 

2327`string`

2328 

2329Details

2330 

2331Default profile applied at startup (equivalent to `--profile`).

2332 

2333Key

2334 

2335`profiles.<name>.*`

2336 

2337Type / Values

2338 

2339`various`

2340 

2341Details

2342 

2343Profile-scoped overrides for any of the supported configuration keys.

2344 

2345Key

2346 

2347`profiles.<name>.analytics.enabled`

2348 

2349Type / Values

2350 

2351`boolean`

2352 

2353Details

2354 

2355Profile-scoped analytics enablement override.

2356 

2357Key

2358 

2359`profiles.<name>.experimental_use_unified_exec_tool`

2360 

2361Type / Values

2362 

2363`boolean`

2364 

2365Details

2366 

2367Legacy name for enabling unified exec; prefer `[features].unified_exec`.

2368 

2369Key

2370 

2371`profiles.<name>.model_catalog_json`

2372 

2373Type / Values

2374 

2375`string (path)`

2376 

2377Details

2378 

2379Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

2380 

2381Key

2382 

2383`profiles.<name>.model_instructions_file`

2384 

2385Type / Values

2386 

2387`string (path)`

2388 

2389Details

2390 

2391Profile-scoped replacement for the built-in instruction file.

2392 

2393Key

2394 

2395`profiles.<name>.oss_provider`

2396 

2397Type / Values

2398 

2399`lmstudio | ollama`

2400 

2401Details

2402 

2403Profile-scoped OSS provider for `--oss` sessions.

2404 

2405Key

2406 

2407`profiles.<name>.personality`

2408 

2409Type / Values

2410 

2411`none | friendly | pragmatic`

2412 

2413Details

2414 

2415Profile-scoped communication style override for supported models.

2416 

2417Key

2418 

2419`profiles.<name>.plan_mode_reasoning_effort`

2420 

2421Type / Values

2422 

2423`none | minimal | low | medium | high | xhigh`

2424 

2425Details

2426 

2427Profile-scoped Plan-mode reasoning override.

2428 

2429Key

2430 

2431`profiles.<name>.service_tier`

2432 

2433Type / Values

2434 

2435`flex | fast`

2436 

2437Details

2438 

2439Profile-scoped service tier preference for new turns.

2440 

2441Key

2442 

2443`profiles.<name>.tools_view_image`

2444 

2445Type / Values

2446 

2447`boolean`

2448 

2449Details

2450 

2451Enable or disable the `view_image` tool in that profile.

2452 

2453Key

2454 

2455`profiles.<name>.web_search`

2456 

2457Type / Values

2458 

2459`disabled | cached | live`

2460 

2461Details

2462 

2463Profile-scoped web search mode override (default: `"cached"`).

2464 

2465Key

2466 

2467`profiles.<name>.windows.sandbox`

2468 

2469Type / Values

2470 

2471`unelevated | elevated`

2472 

2473Details

2474 

2475Profile-scoped Windows sandbox mode override.

2476 

2477Key

2478 

2479`project_doc_fallback_filenames`

2480 

2481Type / Values

2482 

2483`array<string>`

2484 

2485Details

2486 

2487Additional filenames to try when `AGENTS.md` is missing.

2488 

2489Key

2490 

2491`project_doc_max_bytes`

2492 

2493Type / Values

2494 

2495`number`

2496 

2497Details

2498 

2499Maximum bytes read from `AGENTS.md` when building project instructions.

2500 

2501Key

2502 

2503`project_root_markers`

2504 

2505Type / Values

2506 

2507`array<string>`

2508 

2509Details

2510 

2511List of project root marker filenames; used when searching parent directories for the project root.

2512 

2513Key

2514 

2515`projects.<path>.trust_level`

2516 

2517Type / Values

2518 

2519`string`

2520 

2521Details

2522 

2523Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

2524 

2525Key

2526 

2527`review_model`

2528 

2529Type / Values

2530 

2531`string`

2532 

2533Details

2534 

2535Optional model override used by `/review` (defaults to the current session model).

2536 

2537Key

2538 

2539`sandbox_mode`

2540 

2541Type / Values

2542 

2543`read-only | workspace-write | danger-full-access`

2544 

2545Details

2546 

2547Sandbox policy for filesystem and network access during command execution.

2548 

2549Key

2550 

2551`sandbox_workspace_write.exclude_slash_tmp`

2552 

2553Type / Values

2554 

2555`boolean`

2556 

2557Details

2558 

2559Exclude `/tmp` from writable roots in workspace-write mode.

2560 

2561Key

2562 

2563`sandbox_workspace_write.exclude_tmpdir_env_var`

2564 

2565Type / Values

2566 

2567`boolean`

2568 

2569Details

2570 

2571Exclude `$TMPDIR` from writable roots in workspace-write mode.

2572 

2573Key

2574 

2575`sandbox_workspace_write.network_access`

2576 

2577Type / Values

2578 

2579`boolean`

2580 

2581Details

2582 

2583Allow outbound network access inside the workspace-write sandbox.

2584 

2585Key

2586 

2587`sandbox_workspace_write.writable_roots`

2588 

2589Type / Values

2590 

2591`array<string>`

2592 

2593Details

2594 

2595Additional writable roots when `sandbox_mode = "workspace-write"`.

2596 

2597Key

2598 

2599`service_tier`

2600 

2601Type / Values

2602 

2603`flex | fast`

2604 

2605Details

2606 

2607Preferred service tier for new turns.

2608 

2609Key

2610 

2611`shell_environment_policy.exclude`

2612 

2613Type / Values

2614 

2615`array<string>`

2616 

2617Details

2618 

2619Glob patterns for removing environment variables after the defaults.

2620 

2621Key

2622 

2623`shell_environment_policy.experimental_use_profile`

2624 

2625Type / Values

2626 

2627`boolean`

2628 

2629Details

2630 

2631Use the user shell profile when spawning subprocesses.

2632 

2633Key

2634 

2635`shell_environment_policy.ignore_default_excludes`

2636 

2637Type / Values

2638 

2639`boolean`

2640 

2641Details

2642 

2643Keep variables containing KEY/SECRET/TOKEN before other filters run.

2644 

2645Key

2646 

2647`shell_environment_policy.include_only`

2648 

2649Type / Values

2650 

2651`array<string>`

2652 

2653Details

2654 

2655Whitelist of patterns; when set only matching variables are kept.

2656 

2657Key

2658 

2659`shell_environment_policy.inherit`

2660 

2661Type / Values

2662 

2663`all | core | none`

2664 

2665Details

2666 

2667Baseline environment inheritance when spawning subprocesses.

2668 

2669Key

2670 

2671`shell_environment_policy.set`

2672 

2673Type / Values

2674 

2675`map<string,string>`

2676 

2677Details

2678 

2679Explicit environment overrides injected into every subprocess.

2680 

2681Key

2682 

2683`show_raw_agent_reasoning`

2684 

2685Type / Values

2686 

2687`boolean`

2688 

2689Details

2690 

2691Surface raw reasoning content when the active model emits it.

2692 

2693Key

2694 

2695`skills.config`

2696 

2697Type / Values

2698 

2699`array<object>`

2700 

2701Details

2702 

2703Per-skill enablement overrides stored in config.toml.

2704 

2705Key

2706 

2707`skills.config.<index>.enabled`

2708 

2709Type / Values

2710 

2711`boolean`

2712 

2713Details

2714 

2715Enable or disable the referenced skill.

2716 

2717Key

2718 

2719`skills.config.<index>.path`

2720 

2721Type / Values

2722 

2723`string (path)`

2724 

2725Details

2726 

2727Path to a skill folder containing `SKILL.md`.

2728 

2729Key

2730 

2731`sqlite_home`

2732 

2733Type / Values

2734 

2735`string (path)`

2736 

2737Details

2738 

2739Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

2740 

2741Key

2742 

2743`suppress_unstable_features_warning`

2744 

2745Type / Values

2746 

2747`boolean`

2748 

2749Details

2750 

2751Suppress the warning that appears when under-development feature flags are enabled.

2752 

2753Key

2754 

2755`tool_output_token_limit`

2756 

2757Type / Values

2758 

2759`number`

2760 

2761Details

2762 

2763Token budget for storing individual tool/function outputs in history.

1945 2764 

1946Key2765Key

1947 2766 

1948`shell_environment_policy.experimental_use_profile`2767`tool_suggest.disabled_tools`

1949 2768 

1950Type / Values2769Type / Values

1951 2770 

1952`boolean`2771`array<table>`

1953 2772 

1954Details2773Details

1955 2774 

1956Use the user shell profile when spawning subprocesses.2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

1957 2776 

1958Key2777Key

1959 2778 

1960`shell_environment_policy.ignore_default_excludes`2779`tool_suggest.discoverables`

1961 2780 

1962Type / Values2781Type / Values

1963 2782 

1964`boolean`2783`array<table>`

1965 2784 

1966Details2785Details

1967 2786 

1968Keep variables containing KEY/SECRET/TOKEN before other filters run.2787Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

1969 2788 

1970Key2789Key

1971 2790 

1972`shell_environment_policy.include_only`2791`tools.view_image`

1973 2792 

1974Type / Values2793Type / Values

1975 2794 

1976`array<string>`2795`boolean`

1977 2796 

1978Details2797Details

1979 2798 

1980Whitelist of patterns; when set only matching variables are kept.2799Enable the local-image attachment tool `view_image`.

1981 2800 

1982Key2801Key

1983 2802 

1984`shell_environment_policy.inherit`2803`tools.web_search`

1985 2804 

1986Type / Values2805Type / Values

1987 2806 

1988`all | core | none`2807`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

1989 2808 

1990Details2809Details

1991 2810 

1992Baseline environment inheritance when spawning subprocesses.2811Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

1993 2812 

1994Key2813Key

1995 2814 

1996`shell_environment_policy.set`2815`tui`

1997 2816 

1998Type / Values2817Type / Values

1999 2818 

2000`map<string,string>`2819`table`

2001 2820 

2002Details2821Details

2003 2822 

2004Explicit environment overrides injected into every subprocess.2823TUI-specific options such as enabling inline desktop notifications.

2005 2824 

2006Key2825Key

2007 2826 

2008`show_raw_agent_reasoning`2827`tui.alternate_screen`

2009 2828 

2010Type / Values2829Type / Values

2011 2830 

2012`boolean`2831`auto | always | never`

2013 2832 

2014Details2833Details

2015 2834 

2016Surface raw reasoning content when the active model emits it.2835Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).

2017 2836 

2018Key2837Key

2019 2838 

2020`skills.config`2839`tui.animations`

2021 2840 

2022Type / Values2841Type / Values

2023 2842 

2024`array<object>`2843`boolean`

2025 2844 

2026Details2845Details

2027 2846 

2028Per-skill enablement overrides stored in config.toml.2847Enable terminal animations (welcome screen, shimmer, spinner) (default: true).

2029 2848 

2030Key2849Key

2031 2850 

2032`skills.config.<index>.enabled`2851`tui.keymap.<context>.<action>`

2033 2852 

2034Type / Values2853Type / Values

2035 2854 

2036`boolean`2855`string | array<string>`

2037 2856 

2038Details2857Details

2039 2858 

2040Enable or disable the referenced skill.2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

2041 2860 

2042Key2861Key

2043 2862 

2044`skills.config.<index>.path`2863`tui.keymap.<context>.<action> = []`

2045 2864 

2046Type / Values2865Type / Values

2047 2866 

2048`string (path)`2867`empty array`

2049 2868 

2050Details2869Details

2051 2870 

2052Path to a skill folder containing `SKILL.md`.2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

2053 2872 

2054Key2873Key

2055 2874 

2056`suppress_unstable_features_warning`2875`tui.model_availability_nux.<model>`

2057 2876 

2058Type / Values2877Type / Values

2059 2878 

2060`boolean`2879`integer`

2061 2880 

2062Details2881Details

2063 2882 

2064Suppress the warning that appears when under-development feature flags are enabled.2883Internal startup-tooltip state keyed by model slug.

2065 2884 

2066Key2885Key

2067 2886 

2068`tool_output_token_limit`2887`tui.notification_condition`

2069 2888 

2070Type / Values2889Type / Values

2071 2890 

2072`number`2891`unfocused | always`

2073 2892 

2074Details2893Details

2075 2894 

2076Token budget for storing individual tool/function outputs in history.2895Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2077 2896 

2078Key2897Key

2079 2898 

2080`tools.web_search`2899`tui.notification_method`

2081 2900 

2082Type / Values2901Type / Values

2083 2902 

2084`boolean`2903`auto | osc9 | bel`

2085 2904 

2086Details2905Details

2087 2906 

2088Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2907Notification method for terminal notifications (default: auto).

2089 2908 

2090Key2909Key

2091 2910 

2092`tui`2911`tui.notifications`

2093 2912 

2094Type / Values2913Type / Values

2095 2914 

2096`table`2915`boolean | array<string>`

2097 2916 

2098Details2917Details

2099 2918 

2100TUI-specific options such as enabling inline desktop notifications.2919Enable TUI notifications; optionally restrict to specific event types.

2101 2920 

2102Key2921Key

2103 2922 

2104`tui.alternate_screen`2923`tui.show_tooltips`

2105 2924 

2106Type / Values2925Type / Values

2107 2926 

2108`auto | always | never`2927`boolean`

2109 2928 

2110Details2929Details

2111 2930 

2112Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback).2931Show onboarding tooltips in the TUI welcome screen (default: true).

2113 2932 

2114Key2933Key

2115 2934 

2116`tui.animations`2935`tui.status_line`

2117 2936 

2118Type / Values2937Type / Values

2119 2938 

2120`boolean`2939`array<string> | null`

2121 2940 

2122Details2941Details

2123 2942 

2124Enable terminal animations (welcome screen, shimmer, spinner) (default: true).2943Ordered list of TUI footer status-line item identifiers. `null` disables the status line.

2125 2944 

2126Key2945Key

2127 2946 

2128`tui.notification_method`2947`tui.terminal_title`

2129 2948 

2130Type / Values2949Type / Values

2131 2950 

2132`auto | osc9 | bel`2951`array<string> | null`

2133 2952 

2134Details2953Details

2135 2954 

2136Notification method for unfocused terminal notifications (default: auto).2955Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2137 2956 

2138Key2957Key

2139 2958 

2140`tui.notifications`2959`tui.theme`

2141 2960 

2142Type / Values2961Type / Values

2143 2962 

2144`boolean | array<string>`2963`string`

2145 2964 

2146Details2965Details

2147 2966 

2148Enable TUI notifications; optionally restrict to specific event types.2967Syntax-highlighting theme override (kebab-case theme name).

2149 2968 

2150Key2969Key

2151 2970 

2152`tui.show_tooltips`2971`web_search`

2153 2972 

2154Type / Values2973Type / Values

2155 2974 

2156`boolean`2975`disabled | cached | live`

2157 2976 

2158Details2977Details

2159 2978 

2160Show onboarding tooltips in the TUI welcome screen (default: true).2979Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.

2161 2980 

2162Key2981Key

2163 2982 

2164`tui.status_line`2983`windows_wsl_setup_acknowledged`

2165 2984 

2166Type / Values2985Type / Values

2167 2986 

2168`array<string> | null`2987`boolean`

2169 2988 

2170Details2989Details

2171 2990 

2172Ordered list of TUI footer status-line item identifiers. `null` disables the status line.2991Track Windows onboarding acknowledgement (Windows only).

2173 2992 

2174Key2993Key

2175 2994 

2176`web_search`2995`windows.sandbox`

2177 2996 

2178Type / Values2997Type / Values

2179 2998 

2180`disabled | cached | live`2999`unelevated | elevated`

2181 3000 

2182Details3001Details

2183 3002 

2184Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool.3003Windows-only native sandbox mode when running Codex natively on Windows.

2185 3004 

2186Key3005Key

2187 3006 

2188`windows_wsl_setup_acknowledged`3007`windows.sandbox_private_desktop`

2189 3008 

2190Type / Values3009Type / Values

2191 3010 

2193 3012 

2194Details3013Details

2195 3014 

2196Track Windows onboarding acknowledgement (Windows only).3015Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2197 3016 

2198Expand to view all3017Expand to view all

2199 3018 

2214For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched3033For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

2215requirements. See the security page for precedence details.3034requirements. See the security page for precedence details.

2216 3035 

3036Use `[features]` in `requirements.toml` to pin feature flags by the same

3037canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

3038 

2217| Key | Type / Values | Details |3039| Key | Type / Values | Details |

2218| --- | --- | --- |3040| --- | --- | --- |

2219| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |3041| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

3042| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2220| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |3043| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2221| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

3045| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

3046| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3053| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

3054| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

3055| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2222| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |3056| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2223| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |3057| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2224| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |3058| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2225| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |3059| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

3060| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

3061| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

3062| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

3063| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2226| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |3064| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2227| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |3065| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2228| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |3066| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2241 3079 

2242Details3080Details

2243 3081 

2244Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).3082Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

3083 

3084Key

3085 

3086`allowed_approvals_reviewers`

3087 

3088Type / Values

3089 

3090`array<string>`

3091 

3092Details

3093 

3094Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2245 3095 

2246Key3096Key

2247 3097 

2269 3119 

2270Key3120Key

2271 3121 

3122`features`

3123 

3124Type / Values

3125 

3126`table`

3127 

3128Details

3129 

3130Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

3131 

3132Key

3133 

3134`features.<name>`

3135 

3136Type / Values

3137 

3138`boolean`

3139 

3140Details

3141 

3142Require a specific canonical feature key to stay enabled or disabled.

3143 

3144Key

3145 

3146`features.browser_use`

3147 

3148Type / Values

3149 

3150`boolean`

3151 

3152Details

3153 

3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3155 

3156Key

3157 

3158`features.computer_use`

3159 

3160Type / Values

3161 

3162`boolean`

3163 

3164Details

3165 

3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3167 

3168Key

3169 

3170`features.in_app_browser`

3171 

3172Type / Values

3173 

3174`boolean`

3175 

3176Details

3177 

3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

3179 

3180Key

3181 

3182`guardian_policy_config`

3183 

3184Type / Values

3185 

3186`string`

3187 

3188Details

3189 

3190Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3191 

3192Key

3193 

3194`hooks`

3195 

3196Type / Values

3197 

3198`table`

3199 

3200Details

3201 

3202Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3203 

3204Key

3205 

3206`hooks.<Event>`

3207 

3208Type / Values

3209 

3210`array<table>`

3211 

3212Details

3213 

3214Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3215 

3216Key

3217 

3218`hooks.<Event>[].hooks`

3219 

3220Type / Values

3221 

3222`array<table>`

3223 

3224Details

3225 

3226Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3227 

3228Key

3229 

3230`hooks.managed_dir`

3231 

3232Type / Values

3233 

3234`string (absolute path)`

3235 

3236Details

3237 

3238Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3239 

3240Key

3241 

3242`hooks.windows_managed_dir`

3243 

3244Type / Values

3245 

3246`string (absolute path)`

3247 

3248Details

3249 

3250Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3251 

3252Key

3253 

2272`mcp_servers`3254`mcp_servers`

2273 3255 

2274Type / Values3256Type / Values

2317 3299 

2318Key3300Key

2319 3301 

3302`permissions.filesystem.deny_read`

3303 

3304Type / Values

3305 

3306`array<string>`

3307 

3308Details

3309 

3310Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3311 

3312Key

3313 

3314`remote_sandbox_config`

3315 

3316Type / Values

3317 

3318`array<table>`

3319 

3320Details

3321 

3322Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3323 

3324Key

3325 

3326`remote_sandbox_config[].allowed_sandbox_modes`

3327 

3328Type / Values

3329 

3330`array<string>`

3331 

3332Details

3333 

3334Allowed sandbox modes to apply when this host-specific entry matches.

3335 

3336Key

3337 

3338`remote_sandbox_config[].hostname_patterns`

3339 

3340Type / Values

3341 

3342`array<string>`

3343 

3344Details

3345 

3346Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3347 

3348Key

3349 

2320`rules`3350`rules`

2321 3351 

2322Type / Values3352Type / Values