SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-03-03 00:35 UTC → 2026-04-25 06:37 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
3 Mar 2026, 00:35
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
25 Apr 2026, 06:37
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +1300 −322

Details

6 6 

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11| Key | Type / Values | Details |

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

15| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

16| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

17| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

18| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

19| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

20| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

21| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

22| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

23| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

24| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

29| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

30| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

31| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

32| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

33| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

34| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

35| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

36| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

37| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

38| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

39| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

40| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

41| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

42| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

43| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

44| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

45| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

46| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

47| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

48| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

49| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

50| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

51| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

52| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

53| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

54| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

55| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

56| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

57| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

58| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

59| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

60| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

65| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

66| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

67| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

68| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

69| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

70| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

71| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

80| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

81| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

82| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

83| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

84| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

85| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

86| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

87| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

88| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

89| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

90| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

107| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

108| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

91| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |109| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

92| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |110| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

93| `model_context_window` | `number` | Context window tokens available to the active model. |111| `model_context_window` | `number` | Context window tokens available to the active model. |

94| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |112| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

95| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |113| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

114| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

115| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

116| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

117| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

118| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

119| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

120| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

96| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |121| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

97| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |122| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

98| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |123| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

105| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |130| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

106| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |131| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

107| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |132| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

108| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |133| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

134| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

109| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |135| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

110| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |136| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

111| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |137| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

112| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |138| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

113| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |139| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

114| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |140| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

115| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |141| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

117| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |143| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

118| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |144| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

119| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |145| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

146| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

120| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |147| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

121| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |148| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

122| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |149| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

127| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |154| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

128| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |155| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

129| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |156| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

157| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

130| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |158| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

131| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |159| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

132| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |160| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

134| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |162| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

135| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |163| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

136| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |164| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

165| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

166| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

167| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

168| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

169| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

170| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

171| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

172| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

173| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

174| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

175| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

176| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

177| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

178| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

179| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

180| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

137| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |181| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

182| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

138| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |183| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

139| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |184| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

140| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |185| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

141| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |186| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

142| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

143| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |187| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

188| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

144| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |189| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

145| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |190| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

191| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

192| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

193| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

146| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |194| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

195| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

147| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |196| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

148| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |197| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

149| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |198| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

150| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |199| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

151| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |200| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

152| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |201| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

153| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |202| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

154| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |203| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

155| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |204| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

156| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |205| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

206| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

157| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |207| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

158| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |208| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

159| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |209| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

164| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |214| `skills.config` | `array<object>` | Per-skill enablement overrides stored in config.toml. |

165| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |215| `skills.config.<index>.enabled` | `boolean` | Enable or disable the referenced skill. |

166| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |216| `skills.config.<index>.path` | `string (path)` | Path to a skill folder containing `SKILL.md`. |

217| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

167| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |218| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

168| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |219| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

169| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |220| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

221| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

222| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

170| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |223| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

171| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |224| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

172| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |225| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

173| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |226| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

227| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

228| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

174| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |229| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

175| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |230| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

176| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |231| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

232| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

233| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

177| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |234| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

178| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |235| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

179| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |236| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

237| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

180 238 

181Key239Key

182 240 

204 262 

205Key263Key

206 264 

265`agents.<name>.nickname_candidates`

266 

267Type / Values

268 

269`array<string>`

270 

271Details

272 

273Optional pool of display nicknames for spawned agents in that role.

274 

275Key

276 

277`agents.job_max_runtime_seconds`

278 

279Type / Values

280 

281`number`

282 

283Details

284 

285Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker.

286 

287Key

288 

207`agents.max_depth`289`agents.max_depth`

208 290 

209Type / Values291Type / Values

224 306 

225Details307Details

226 308 

227Maximum number of agent threads that can be open concurrently.309Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

228 310 

229Key311Key

230 312 

240 322 

241Key323Key

242 324 

325`analytics.enabled`

326 

327Type / Values

328 

329`boolean`

330 

331Details

332 

333Enable or disable analytics for this machine/profile. When unset, the client default applies.

334 

335Key

336 

243`approval_policy`337`approval_policy`

244 338 

245Type / Values339Type / Values

246 340 

247`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`341`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

342 

343Details

344 

345Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

346 

347Key

348 

349`approval_policy.granular.mcp_elicitations`

350 

351Type / Values

352 

353`boolean`

354 

355Details

356 

357When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

358 

359Key

360 

361`approval_policy.granular.request_permissions`

362 

363Type / Values

364 

365`boolean`

248 366 

249Details367Details

250 368 

251Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.369When `true`, prompts from the `request_permissions` tool are allowed to surface.

252 370 

253Key371Key

254 372 

255`approval_policy.reject.mcp_elicitations`373`approval_policy.granular.rules`

256 374 

257Type / Values375Type / Values

258 376 

260 378 

261Details379Details

262 380 

263When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.381When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

264 382 

265Key383Key

266 384 

267`approval_policy.reject.rules`385`approval_policy.granular.sandbox_approval`

268 386 

269Type / Values387Type / Values

270 388 

272 390 

273Details391Details

274 392 

275When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.393When `true`, sandbox escalation approval prompts are allowed to surface.

276 394 

277Key395Key

278 396 

279`approval_policy.reject.sandbox_approval`397`approval_policy.granular.skill_approval`

280 398 

281Type / Values399Type / Values

282 400 

284 402 

285Details403Details

286 404 

287When `true`, sandbox escalation approval prompts are auto-rejected.405When `true`, skill-script approval prompts are allowed to surface.

406 

407Key

408 

409`approvals_reviewer`

410 

411Type / Values

412 

413`user | auto_review`

414 

415Details

416 

417Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

288 418 

289Key419Key

290 420 

408 538 

409Key539Key

410 540 

541`auto_review.policy`

542 

543Type / Values

544 

545`string`

546 

547Details

548 

549Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

550 

551Key

552 

411`background_terminal_max_timeout`553`background_terminal_max_timeout`

412 554 

413Type / Values555Type / Values

456 598 

457Key599Key

458 600 

459`compact_prompt`601`commit_attribution`

460 602 

461Type / Values603Type / Values

462 604 

464 606 

465Details607Details

466 608 

467Inline override for the history compaction prompt.609Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

468 610 

469Key611Key

470 612 

471`developer_instructions`613`compact_prompt`

472 614 

473Type / Values615Type / Values

474 616 

476 618 

477Details619Details

478 620 

479Additional developer instructions injected into the session (optional).621Inline override for the history compaction prompt.

480 622 

481Key623Key

482 624 

483`disable_paste_burst`625`default_permissions`

484 626 

485Type / Values627Type / Values

486 628 

487`boolean`629`string`

488 630 

489Details631Details

490 632 

491Disable burst-paste detection in the TUI.633Name of the default permissions profile to apply to sandboxed tool calls.

492 634 

493Key635Key

494 636 

495`experimental_compact_prompt_file`637`developer_instructions`

496 638 

497Type / Values639Type / Values

498 640 

499`string (path)`641`string`

500 642 

501Details643Details

502 644 

503Load the compaction prompt override from a file (experimental).645Additional developer instructions injected into the session (optional).

504 646 

505Key647Key

506 648 

507`experimental_use_freeform_apply_patch`649`disable_paste_burst`

508 650 

509Type / Values651Type / Values

510 652 

512 654 

513Details655Details

514 656 

515Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.657Disable burst-paste detection in the TUI.

516 658 

517Key659Key

518 660 

519`experimental_use_unified_exec_tool`661`experimental_compact_prompt_file`

520 662 

521Type / Values663Type / Values

522 664 

523`boolean`665`string (path)`

524 666 

525Details667Details

526 668 

527Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.669Load the compaction prompt override from a file (experimental).

528 670 

529Key671Key

530 672 

531`features.apply_patch_freeform`673`experimental_use_unified_exec_tool`

532 674 

533Type / Values675Type / Values

534 676 

536 678 

537Details679Details

538 680 

539Expose the freeform `apply_patch` tool (experimental).681Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

540 682 

541Key683Key

542 684 

552 694 

553Key695Key

554 696 

555`features.apps_mcp_gateway`697`features.codex_hooks`

556 

557Type / Values

558 

559`boolean`

560 

561Details

562 

563Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).

564 

565Key

566 

567`features.child_agents_md`

568 698 

569Type / Values699Type / Values

570 700 

572 702 

573Details703Details

574 704 

575Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).705Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

576 706 

577Key707Key

578 708 

579`features.collaboration_modes`709`features.enable_request_compression`

580 710 

581Type / Values711Type / Values

582 712 

584 714 

585Details715Details

586 716 

587Enable collaboration modes such as plan mode (stable; on by default).717Compress streaming request bodies with zstd when supported (stable; on by default).

588 718 

589Key719Key

590 720 

591`features.multi_agent`721`features.fast_mode`

592 722 

593Type / Values723Type / Values

594 724 

596 726 

597Details727Details

598 728 

599Enable multi-agent collaboration tools (`spawn\_agent`, `send\_input`, `resume\_agent`, `wait`, and `close\_agent`) (experimental; off by default).729Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

600 730 

601Key731Key

602 732 

603`features.personality`733`features.memories`

604 734 

605Type / Values735Type / Values

606 736 

608 738 

609Details739Details

610 740 

611Enable personality selection controls (stable; on by default).741Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

612 742 

613Key743Key

614 744 

615`features.powershell_utf8`745`features.multi_agent`

616 746 

617Type / Values747Type / Values

618 748 

620 750 

621Details751Details

622 752 

623Force PowerShell UTF-8 output (defaults to true).753Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

624 754 

625Key755Key

626 756 

627`features.remote_models`757`features.personality`

628 758 

629Type / Values759Type / Values

630 760 

632 762 

633Details763Details

634 764 

635Refresh remote model list before showing readiness (experimental).765Enable personality selection controls (stable; on by default).

636 766 

637Key767Key

638 768 

639`features.request_rule`769`features.prevent_idle_sleep`

640 770 

641Type / Values771Type / Values

642 772 

644 774 

645Details775Details

646 776 

647Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).777Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

648 778 

649Key779Key

650 780 

651`features.runtime_metrics`781`features.shell_snapshot`

652 782 

653Type / Values783Type / Values

654 784 

656 786 

657Details787Details

658 788 

659Show runtime metrics summary in TUI turn separators (experimental).789Snapshot shell environment to speed up repeated commands (stable; on by default).

660 790 

661Key791Key

662 792 

663`features.search_tool`793`features.shell_tool`

664 794 

665Type / Values795Type / Values

666 796 

668 798 

669Details799Details

670 800 

671Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).801Enable the default `shell` tool for running commands (stable; on by default).

672 802 

673Key803Key

674 804 

675`features.shell_snapshot`805`features.skill_mcp_dependency_install`

676 806 

677Type / Values807Type / Values

678 808 

680 810 

681Details811Details

682 812 

683Snapshot shell environment to speed up repeated commands (beta).813Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

684 814 

685Key815Key

686 816 

687`features.shell_tool`817`features.undo`

688 818 

689Type / Values819Type / Values

690 820 

692 822 

693Details823Details

694 824 

695Enable the default `shell` tool for running commands (stable; on by default).825Enable undo support (stable; off by default).

696 826 

697Key827Key

698 828 

704 834 

705Details835Details

706 836 

707Use the unified PTY-backed exec tool (beta).837Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

708 

709Key

710 

711`features.use_linux_sandbox_bwrap`

712 

713Type / Values

714 

715`boolean`

716 

717Details

718 

719Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

720 838 

721Key839Key

722 840 

840 958 

841Key959Key

842 960 

843`include_apply_patch_tool`961`hooks`

844 962 

845Type / Values963Type / Values

846 964 

847`boolean`965`table`

848 966 

849Details967Details

850 968 

851Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.969Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

852 970 

853Key971Key

854 972 

1024 1142 

1025Type / Values1143Type / Values

1026 1144 

1027`array<string>`1145`array<string | { name = string, source = "local" | "remote" }>`

1146 

1147Details

1148 

1149Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1150 

1151Key

1152 

1153`mcp_servers.<id>.experimental_environment`

1154 

1155Type / Values

1156 

1157`local | remote`

1028 1158 

1029Details1159Details

1030 1160 

1031Additional environment variables to whitelist for an MCP stdio server.1161Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1032 1162 

1033Key1163Key

1034 1164 

1044 1174 

1045Key1175Key

1046 1176 

1177`mcp_servers.<id>.oauth_resource`

1178 

1179Type / Values

1180 

1181`string`

1182 

1183Details

1184 

1185Optional RFC 8707 OAuth resource parameter to include during MCP login.

1186 

1187Key

1188 

1047`mcp_servers.<id>.required`1189`mcp_servers.<id>.required`

1048 1190 

1049Type / Values1191Type / Values

1056 1198 

1057Key1199Key

1058 1200 

1201`mcp_servers.<id>.scopes`

1202 

1203Type / Values

1204 

1205`array<string>`

1206 

1207Details

1208 

1209OAuth scopes to request when authenticating to that MCP server.

1210 

1211Key

1212 

1059`mcp_servers.<id>.startup_timeout_ms`1213`mcp_servers.<id>.startup_timeout_ms`

1060 1214 

1061Type / Values1215Type / Values

1104 1258 

1105Key1259Key

1106 1260 

1107`model`1261`memories.consolidation_model`

1108 1262 

1109Type / Values1263Type / Values

1110 1264 

1112 1266 

1113Details1267Details

1114 1268 

1115Model to use (e.g., `gpt-5-codex`).1269Optional model override for global memory consolidation.

1116 1270 

1117Key1271Key

1118 1272 

1119`model_auto_compact_token_limit`1273`memories.disable_on_external_context`

1120 1274 

1121Type / Values1275Type / Values

1122 1276 

1123`number`1277`boolean`

1124 1278 

1125Details1279Details

1126 1280 

1127Token threshold that triggers automatic history compaction (unset uses model defaults).1281When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1128 1282 

1129Key1283Key

1130 1284 

1131`model_catalog_json`1285`memories.extract_model`

1132 1286 

1133Type / Values1287Type / Values

1134 1288 

1135`string (path)`1289`string`

1136 1290 

1137Details1291Details

1138 1292 

1139Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1293Optional model override for per-thread memory extraction.

1140 1294 

1141Key1295Key

1142 1296 

1143`model_context_window`1297`memories.generate_memories`

1144 1298 

1145Type / Values1299Type / Values

1146 1300 

1147`number`1301`boolean`

1148 1302 

1149Details1303Details

1150 1304 

1151Context window tokens available to the active model.1305When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1152 1306 

1153Key1307Key

1154 1308 

1155`model_instructions_file`1309`memories.max_raw_memories_for_consolidation`

1156 1310 

1157Type / Values1311Type / Values

1158 1312 

1159`string (path)`1313`number`

1160 1314 

1161Details1315Details

1162 1316 

1163Replacement for built-in instructions instead of `AGENTS.md`.1317Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1164 1318 

1165Key1319Key

1166 1320 

1167`model_provider`1321`memories.max_rollout_age_days`

1168 1322 

1169Type / Values1323Type / Values

1170 1324 

1171`string`1325`number`

1172 1326 

1173Details1327Details

1174 1328 

1175Provider id from `model_providers` (default: `openai`).1329Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1176 1330 

1177Key1331Key

1178 1332 

1179`model_providers.<id>.base_url`1333`memories.max_rollouts_per_startup`

1180 1334 

1181Type / Values1335Type / Values

1182 1336 

1183`string`1337`number`

1184 1338 

1185Details1339Details

1186 1340 

1187API base URL for the model provider.1341Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1188 1342 

1189Key1343Key

1190 1344 

1191`model_providers.<id>.env_http_headers`1345`memories.max_unused_days`

1192 1346 

1193Type / Values1347Type / Values

1194 1348 

1195`map<string,string>`1349`number`

1196 1350 

1197Details1351Details

1198 1352 

1199HTTP headers populated from environment variables when present.1353Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1200 1354 

1201Key1355Key

1202 1356 

1203`model_providers.<id>.env_key`1357`memories.min_rollout_idle_hours`

1204 1358 

1205Type / Values1359Type / Values

1206 1360 

1207`string`1361`number`

1208 1362 

1209Details1363Details

1210 1364 

1211Environment variable supplying the provider API key.1365Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1212 1366 

1213Key1367Key

1214 1368 

1215`model_providers.<id>.env_key_instructions`1369`memories.use_memories`

1216 1370 

1217Type / Values1371Type / Values

1218 1372 

1219`string`1373`boolean`

1220 1374 

1221Details1375Details

1222 1376 

1223Optional setup guidance for the provider API key.1377When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1224 1378 

1225Key1379Key

1226 1380 

1227`model_providers.<id>.experimental_bearer_token`1381`model`

1228 1382 

1229Type / Values1383Type / Values

1230 1384 

1232 1386 

1233Details1387Details

1234 1388 

1235Direct bearer token for the provider (discouraged; use `env_key`).1389Model to use (e.g., `gpt-5.5`).

1236 1390 

1237Key1391Key

1238 1392 

1239`model_providers.<id>.http_headers`1393`model_auto_compact_token_limit`

1240 1394 

1241Type / Values1395Type / Values

1242 1396 

1243`map<string,string>`1397`number`

1244 1398 

1245Details1399Details

1246 1400 

1247Static HTTP headers added to provider requests.1401Token threshold that triggers automatic history compaction (unset uses model defaults).

1248 1402 

1249Key1403Key

1250 1404 

1251`model_providers.<id>.name`1405`model_catalog_json`

1252 1406 

1253Type / Values1407Type / Values

1254 1408 

1255`string`1409`string (path)`

1256 1410 

1257Details1411Details

1258 1412 

1259Display name for a custom model provider.1413Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1260 1414 

1261Key1415Key

1262 1416 

1263`model_providers.<id>.query_params`1417`model_context_window`

1264 1418 

1265Type / Values1419Type / Values

1266 1420 

1267`map<string,string>`1421`number`

1268 1422 

1269Details1423Details

1270 1424 

1271Extra query parameters appended to provider requests.1425Context window tokens available to the active model.

1272 1426 

1273Key1427Key

1274 1428 

1275`model_providers.<id>.request_max_retries`1429`model_instructions_file`

1276 1430 

1277Type / Values1431Type / Values

1278 1432 

1279`number`1433`string (path)`

1280 1434 

1281Details1435Details

1282 1436 

1283Retry count for HTTP requests to the provider (default: 4).1437Replacement for built-in instructions instead of `AGENTS.md`.

1284 1438 

1285Key1439Key

1286 1440 

1287`model_providers.<id>.requires_openai_auth`1441`model_provider`

1288 1442 

1289Type / Values1443Type / Values

1290 1444 

1291`boolean`1445`string`

1292 1446 

1293Details1447Details

1294 1448 

1295The provider uses OpenAI authentication (defaults to false).1449Provider id from `model_providers` (default: `openai`).

1296 1450 

1297Key1451Key

1298 1452 

1299`model_providers.<id>.stream_idle_timeout_ms`1453`model_providers.<id>`

1300 1454 

1301Type / Values1455Type / Values

1302 1456 

1303`number`1457`table`

1304 1458 

1305Details1459Details

1306 1460 

1307Idle timeout for SSE streams in milliseconds (default: 300000).1461Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1308 1462 

1309Key1463Key

1310 1464 

1311`model_providers.<id>.stream_max_retries`1465`model_providers.<id>.auth`

1312 1466 

1313Type / Values1467Type / Values

1314 1468 

1315`number`1469`table`

1316 1470 

1317Details1471Details

1318 1472 

1319Retry count for SSE streaming interruptions (default: 5).1473Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1320 1474 

1321Key1475Key

1322 1476 

1323`model_providers.<id>.wire_api`1477`model_providers.<id>.auth.args`

1324 1478 

1325Type / Values1479Type / Values

1326 1480 

1327`chat | responses`1481`array<string>`

1328 1482 

1329Details1483Details

1330 1484 

1331Protocol used by the provider (defaults to `chat` if omitted).1485Arguments passed to the token command.

1332 1486 

1333Key1487Key

1334 1488 

1335`model_reasoning_effort`1489`model_providers.<id>.auth.command`

1336 1490 

1337Type / Values1491Type / Values

1338 1492 

1339`minimal | low | medium | high | xhigh`1493`string`

1340 1494 

1341Details1495Details

1342 1496 

1343Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1497Command to run when Codex needs a bearer token. The command must print the token to stdout.

1344 1498 

1345Key1499Key

1346 1500 

1347`model_reasoning_summary`1501`model_providers.<id>.auth.cwd`

1348 1502 

1349Type / Values1503Type / Values

1350 1504 

1351`auto | concise | detailed | none`1505`string (path)`

1352 1506 

1353Details1507Details

1354 1508 

1355Select reasoning summary detail or disable summaries entirely.1509Working directory for the token command.

1356 1510 

1357Key1511Key

1358 1512 

1359`model_supports_reasoning_summaries`1513`model_providers.<id>.auth.refresh_interval_ms`

1360 1514 

1361Type / Values1515Type / Values

1362 1516 

1363`boolean`1517`number`

1364 1518 

1365Details1519Details

1366 1520 

1367Force Codex to send or not send reasoning metadata.1521How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1368 1522 

1369Key1523Key

1370 1524 

1371`model_verbosity`1525`model_providers.<id>.auth.timeout_ms`

1372 1526 

1373Type / Values1527Type / Values

1374 1528 

1375`low | medium | high`1529`number`

1376 1530 

1377Details1531Details

1378 1532 

1379Control GPT-5 Responses API verbosity (defaults to `medium`).1533Maximum token command runtime in milliseconds (default: 5000).

1380 1534 

1381Key1535Key

1382 1536 

1383`notice.hide_full_access_warning`1537`model_providers.<id>.base_url`

1384 1538 

1385Type / Values1539Type / Values

1386 1540 

1387`boolean`1541`string`

1388 1542 

1389Details1543Details

1390 1544 

1391Track acknowledgement of the full access warning prompt.1545API base URL for the model provider.

1392 1546 

1393Key1547Key

1394 1548 

1395`notice.hide_gpt-5.1-codex-max_migration_prompt`1549`model_providers.<id>.env_http_headers`

1396 1550 

1397Type / Values1551Type / Values

1398 1552 

1399`boolean`1553`map<string,string>`

1400 1554 

1401Details1555Details

1402 1556 

1403Track acknowledgement of the gpt-5.1-codex-max migration prompt.1557HTTP headers populated from environment variables when present.

1404 1558 

1405Key1559Key

1406 1560 

1407`notice.hide_gpt5_1_migration_prompt`1561`model_providers.<id>.env_key`

1408 1562 

1409Type / Values1563Type / Values

1410 1564 

1411`boolean`1565`string`

1412 1566 

1413Details1567Details

1414 1568 

1415Track acknowledgement of the GPT-5.1 migration prompt.1569Environment variable supplying the provider API key.

1416 1570 

1417Key1571Key

1418 1572 

1419`notice.hide_rate_limit_model_nudge`1573`model_providers.<id>.env_key_instructions`

1420 1574 

1421Type / Values1575Type / Values

1422 1576 

1423`boolean`1577`string`

1424 1578 

1425Details1579Details

1426 1580 

1427Track opt-out of the rate limit model switch reminder.1581Optional setup guidance for the provider API key.

1428 1582 

1429Key1583Key

1430 1584 

1431`notice.hide_world_writable_warning`1585`model_providers.<id>.experimental_bearer_token`

1432 1586 

1433Type / Values1587Type / Values

1434 1588 

1435`boolean`1589`string`

1436 1590 

1437Details1591Details

1438 1592 

1439Track acknowledgement of the Windows world-writable directories warning.1593Direct bearer token for the provider (discouraged; use `env_key`).

1440 1594 

1441Key1595Key

1442 1596 

1443`notice.model_migrations`1597`model_providers.<id>.http_headers`

1444 1598 

1445Type / Values1599Type / Values

1446 1600 

1448 1602 

1449Details1603Details

1450 1604 

1451Track acknowledged model migrations as old->new mappings.1605Static HTTP headers added to provider requests.

1452 1606 

1453Key1607Key

1454 1608 

1455`notify`1609`model_providers.<id>.name`

1456 1610 

1457Type / Values1611Type / Values

1458 1612 

1459`array<string>`1613`string`

1460 1614 

1461Details1615Details

1462 1616 

1463Command invoked for notifications; receives a JSON payload from Codex.1617Display name for a custom model provider.

1464 1618 

1465Key1619Key

1466 1620 

1467`oss_provider`1621`model_providers.<id>.query_params`

1468 1622 

1469Type / Values1623Type / Values

1470 1624 

1471`lmstudio | ollama`1625`map<string,string>`

1472 1626 

1473Details1627Details

1474 1628 

1475Default local provider used when running with `--oss` (defaults to prompting if unset).1629Extra query parameters appended to provider requests.

1476 1630 

1477Key1631Key

1478 1632 

1479`otel.environment`1633`model_providers.<id>.request_max_retries`

1480 1634 

1481Type / Values1635Type / Values

1482 1636 

1483`string`1637`number`

1484 1638 

1485Details1639Details

1486 1640 

1487Environment tag applied to emitted OpenTelemetry events (default: `dev`).1641Retry count for HTTP requests to the provider (default: 4).

1488 1642 

1489Key1643Key

1490 1644 

1491`otel.exporter`1645`model_providers.<id>.requires_openai_auth`

1492 1646 

1493Type / Values1647Type / Values

1494 1648 

1495`none | otlp-http | otlp-grpc`1649`boolean`

1496 1650 

1497Details1651Details

1498 1652 

1499Select the OpenTelemetry exporter and provide any endpoint metadata.1653The provider uses OpenAI authentication (defaults to false).

1500 1654 

1501Key1655Key

1502 1656 

1503`otel.exporter.<id>.endpoint`1657`model_providers.<id>.stream_idle_timeout_ms`

1504 1658 

1505Type / Values1659Type / Values

1506 1660 

1507`string`1661`number`

1508 1662 

1509Details1663Details

1510 1664 

1511Exporter endpoint for OTEL logs.1665Idle timeout for SSE streams in milliseconds (default: 300000).

1512 1666 

1513Key1667Key

1514 1668 

1515`otel.exporter.<id>.headers`1669`model_providers.<id>.stream_max_retries`

1516 1670 

1517Type / Values1671Type / Values

1518 1672 

1519`map<string,string>`1673`number`

1520 1674 

1521Details1675Details

1522 1676 

1523Static headers included with OTEL exporter requests.1677Retry count for SSE streaming interruptions (default: 5).

1524 1678 

1525Key1679Key

1526 1680 

1527`otel.exporter.<id>.protocol`1681`model_providers.<id>.supports_websockets`

1528 1682 

1529Type / Values1683Type / Values

1530 1684 

1531`binary | json`1685`boolean`

1532 1686 

1533Details1687Details

1534 1688 

1535Protocol used by the OTLP/HTTP exporter.1689Whether that provider supports the Responses API WebSocket transport.

1536 1690 

1537Key1691Key

1538 1692 

1539`otel.exporter.<id>.tls.ca-certificate`1693`model_providers.<id>.wire_api`

1540 1694 

1541Type / Values1695Type / Values

1542 1696 

1543`string`1697`responses`

1544 1698 

1545Details1699Details

1546 1700 

1547CA certificate path for OTEL exporter TLS.1701Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1548 1702 

1549Key1703Key

1550 1704 

1551`otel.exporter.<id>.tls.client-certificate`1705`model_reasoning_effort`

1552 1706 

1553Type / Values1707Type / Values

1554 1708 

1555`string`1709`minimal | low | medium | high | xhigh`

1556 1710 

1557Details1711Details

1558 1712 

1559Client certificate path for OTEL exporter TLS.1713Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1560 1714 

1561Key1715Key

1562 1716 

1563`otel.exporter.<id>.tls.client-private-key`1717`model_reasoning_summary`

1564 1718 

1565Type / Values1719Type / Values

1566 1720 

1567`string`1721`auto | concise | detailed | none`

1568 1722 

1569Details1723Details

1570 1724 

1571Client private key path for OTEL exporter TLS.1725Select reasoning summary detail or disable summaries entirely.

1572 1726 

1573Key1727Key

1574 1728 

1575`otel.log_user_prompt`1729`model_supports_reasoning_summaries`

1576 1730 

1577Type / Values1731Type / Values

1578 1732 

1580 1734 

1581Details1735Details

1582 1736 

1583Opt in to exporting raw user prompts with OpenTelemetry logs.1737Force Codex to send or not send reasoning metadata.

1584 1738 

1585Key1739Key

1586 1740 

1587`otel.trace_exporter`1741`model_verbosity`

1588 1742 

1589Type / Values1743Type / Values

1590 1744 

1591`none | otlp-http | otlp-grpc`1745`low | medium | high`

1592 1746 

1593Details1747Details

1594 1748 

1595Select the OpenTelemetry trace exporter and provide any endpoint metadata.1749Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1596 1750 

1597Key1751Key

1598 1752 

1599`otel.trace_exporter.<id>.endpoint`1753`notice.hide_full_access_warning`

1600 1754 

1601Type / Values1755Type / Values

1602 1756 

1603`string`1757`boolean`

1604 1758 

1605Details1759Details

1606 1760 

1607Trace exporter endpoint for OTEL logs.1761Track acknowledgement of the full access warning prompt.

1608 1762 

1609Key1763Key

1610 1764 

1611`otel.trace_exporter.<id>.headers`1765`notice.hide_gpt-5.1-codex-max_migration_prompt`

1612 1766 

1613Type / Values1767Type / Values

1614 1768 

1615`map<string,string>`1769`boolean`

1616 1770 

1617Details1771Details

1618 1772 

1619Static headers included with OTEL trace exporter requests.1773Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1620 1774 

1621Key1775Key

1622 1776 

1623`otel.trace_exporter.<id>.protocol`1777`notice.hide_gpt5_1_migration_prompt`

1624 1778 

1625Type / Values1779Type / Values

1626 1780 

1627`binary | json`1781`boolean`

1628 1782 

1629Details1783Details

1630 1784 

1631Protocol used by the OTLP/HTTP trace exporter.1785Track acknowledgement of the GPT-5.1 migration prompt.

1632 1786 

1633Key1787Key

1634 1788 

1635`otel.trace_exporter.<id>.tls.ca-certificate`1789`notice.hide_rate_limit_model_nudge`

1636 1790 

1637Type / Values1791Type / Values

1638 1792 

1639`string`1793`boolean`

1640 1794 

1641Details1795Details

1642 1796 

1643CA certificate path for OTEL trace exporter TLS.1797Track opt-out of the rate limit model switch reminder.

1644 1798 

1645Key1799Key

1646 1800 

1647`otel.trace_exporter.<id>.tls.client-certificate`1801`notice.hide_world_writable_warning`

1648 1802 

1649Type / Values1803Type / Values

1650 1804 

1651`string`1805`boolean`

1652 1806 

1653Details1807Details

1654 1808 

1655Client certificate path for OTEL trace exporter TLS.1809Track acknowledgement of the Windows world-writable directories warning.

1656 1810 

1657Key1811Key

1658 1812 

1659`otel.trace_exporter.<id>.tls.client-private-key`1813`notice.model_migrations`

1660 1814 

1661Type / Values1815Type / Values

1662 1816 

1663`string`1817`map<string,string>`

1664 1818 

1665Details1819Details

1666 1820 

1667Client private key path for OTEL trace exporter TLS.1821Track acknowledged model migrations as old->new mappings.

1668 1822 

1669Key1823Key

1670 1824 

1671`personality`1825`notify`

1672 1826 

1673Type / Values1827Type / Values

1674 1828 

1675`none | friendly | pragmatic`1829`array<string>`

1676 1830 

1677Details1831Details

1678 1832 

1679Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.1833Command invoked for notifications; receives a JSON payload from Codex.

1680 1834 

1681Key1835Key

1682 1836 

1683`profile`1837`openai_base_url`

1684 1838 

1685Type / Values1839Type / Values

1686 1840 

1688 1842 

1689Details1843Details

1690 1844 

1691Default profile applied at startup (equivalent to `--profile`).1845Base URL override for the built-in `openai` model provider.

1692 1846 

1693Key1847Key

1694 1848 

1695`profiles.<name>.*`1849`oss_provider`

1696 1850 

1697Type / Values1851Type / Values

1698 1852 

1699`various`1853`lmstudio | ollama`

1700 1854 

1701Details1855Details

1702 1856 

1703Profile-scoped overrides for any of the supported configuration keys.1857Default local provider used when running with `--oss` (defaults to prompting if unset).

1704 1858 

1705Key1859Key

1706 1860 

1707`profiles.<name>.experimental_use_freeform_apply_patch`1861`otel.environment`

1708 1862 

1709Type / Values1863Type / Values

1710 1864 

1711`boolean`1865`string`

1712 1866 

1713Details1867Details

1714 1868 

1715Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1869Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1716 1870 

1717Key1871Key

1718 1872 

1719`profiles.<name>.experimental_use_unified_exec_tool`1873`otel.exporter`

1720 1874 

1721Type / Values1875Type / Values

1722 1876 

1723`boolean`1877`none | otlp-http | otlp-grpc`

1724 1878 

1725Details1879Details

1726 1880 

1727Legacy name for enabling unified exec; prefer `[features].unified_exec`.1881Select the OpenTelemetry exporter and provide any endpoint metadata.

1728 1882 

1729Key1883Key

1730 1884 

1731`profiles.<name>.include_apply_patch_tool`1885`otel.exporter.<id>.endpoint`

1732 1886 

1733Type / Values1887Type / Values

1734 1888 

1735`boolean`1889`string`

1736 1890 

1737Details1891Details

1738 1892 

1739Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1893Exporter endpoint for OTEL logs.

1740 1894 

1741Key1895Key

1742 1896 

1743`profiles.<name>.model_catalog_json`1897`otel.exporter.<id>.headers`

1744 1898 

1745Type / Values1899Type / Values

1746 1900 

1747`string (path)`1901`map<string,string>`

1748 1902 

1749Details1903Details

1750 1904 

1751Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).1905Static headers included with OTEL exporter requests.

1752 1906 

1753Key1907Key

1754 1908 

1755`profiles.<name>.oss_provider`1909`otel.exporter.<id>.protocol`

1756 1910 

1757Type / Values1911Type / Values

1758 1912 

1759`lmstudio | ollama`1913`binary | json`

1760 1914 

1761Details1915Details

1762 1916 

1763Profile-scoped OSS provider for `--oss` sessions.1917Protocol used by the OTLP/HTTP exporter.

1764 1918 

1765Key1919Key

1766 1920 

1767`profiles.<name>.personality`1921`otel.exporter.<id>.tls.ca-certificate`

1768 1922 

1769Type / Values1923Type / Values

1770 1924 

1771`none | friendly | pragmatic`1925`string`

1772 1926 

1773Details1927Details

1774 1928 

1775Profile-scoped communication style override for supported models.1929CA certificate path for OTEL exporter TLS.

1776 1930 

1777Key1931Key

1778 1932 

1779`profiles.<name>.web_search`1933`otel.exporter.<id>.tls.client-certificate`

1780 1934 

1781Type / Values1935Type / Values

1782 1936 

1783`disabled | cached | live`1937`string`

1784 1938 

1785Details1939Details

1786 1940 

1787Profile-scoped web search mode override (default: `"cached"`).1941Client certificate path for OTEL exporter TLS.

1788 1942 

1789Key1943Key

1790 1944 

1791`project_doc_fallback_filenames`1945`otel.exporter.<id>.tls.client-private-key`

1792 1946 

1793Type / Values1947Type / Values

1794 1948 

1795`array<string>`1949`string`

1796 1950 

1797Details1951Details

1798 1952 

1799Additional filenames to try when `AGENTS.md` is missing.1953Client private key path for OTEL exporter TLS.

1800 1954 

1801Key1955Key

1802 1956 

1803`project_doc_max_bytes`1957`otel.log_user_prompt`

1804 1958 

1805Type / Values1959Type / Values

1806 1960 

1807`number`1961`boolean`

1808 1962 

1809Details1963Details

1810 1964 

1811Maximum bytes read from `AGENTS.md` when building project instructions.1965Opt in to exporting raw user prompts with OpenTelemetry logs.

1812 1966 

1813Key1967Key

1814 1968 

1815`project_root_markers`1969`otel.metrics_exporter`

1816 1970 

1817Type / Values1971Type / Values

1818 1972 

1819`array<string>`1973`none | statsig | otlp-http | otlp-grpc`

1820 1974 

1821Details1975Details

1822 1976 

1823List of project root marker filenames; used when searching parent directories for the project root.1977Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1824 1978 

1825Key1979Key

1826 1980 

1827`projects.<path>.trust_level`1981`otel.trace_exporter`

1828 1982 

1829Type / Values1983Type / Values

1830 1984 

1831`string`1985`none | otlp-http | otlp-grpc`

1832 1986 

1833Details1987Details

1834 1988 

1835Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.1989Select the OpenTelemetry trace exporter and provide any endpoint metadata.

1836 1990 

1837Key1991Key

1838 1992 

1839`review_model`1993`otel.trace_exporter.<id>.endpoint`

1840 1994 

1841Type / Values1995Type / Values

1842 1996 

1844 1998 

1845Details1999Details

1846 2000 

1847Optional model override used by `/review` (defaults to the current session model).2001Trace exporter endpoint for OTEL logs.

1848 2002 

1849Key2003Key

1850 2004 

1851`sandbox_mode`2005`otel.trace_exporter.<id>.headers`

1852 2006 

1853Type / Values2007Type / Values

1854 2008 

1855`read-only | workspace-write | danger-full-access`2009`map<string,string>`

1856 2010 

1857Details2011Details

1858 2012 

1859Sandbox policy for filesystem and network access during command execution.2013Static headers included with OTEL trace exporter requests.

1860 2014 

1861Key2015Key

1862 2016 

1863`sandbox_workspace_write.exclude_slash_tmp`2017`otel.trace_exporter.<id>.protocol`

1864 2018 

1865Type / Values2019Type / Values

1866 2020 

1867`boolean`2021`binary | json`

1868 2022 

1869Details2023Details

1870 2024 

1871Exclude `/tmp` from writable roots in workspace-write mode.2025Protocol used by the OTLP/HTTP trace exporter.

1872 2026 

1873Key2027Key

1874 2028 

1875`sandbox_workspace_write.exclude_tmpdir_env_var`2029`otel.trace_exporter.<id>.tls.ca-certificate`

1876 2030 

1877Type / Values2031Type / Values

1878 2032 

1879`boolean`2033`string`

1880 2034 

1881Details2035Details

1882 2036 

1883Exclude `$TMPDIR` from writable roots in workspace-write mode.2037CA certificate path for OTEL trace exporter TLS.

1884 2038 

1885Key2039Key

1886 2040 

1887`sandbox_workspace_write.network_access`2041`otel.trace_exporter.<id>.tls.client-certificate`

1888 2042 

1889Type / Values2043Type / Values

1890 2044 

1891`boolean`2045`string`

1892 2046 

1893Details2047Details

1894 2048 

1895Allow outbound network access inside the workspace-write sandbox.2049Client certificate path for OTEL trace exporter TLS.

1896 2050 

1897Key2051Key

1898 2052 

1899`sandbox_workspace_write.writable_roots`2053`otel.trace_exporter.<id>.tls.client-private-key`

1900 2054 

1901Type / Values2055Type / Values

1902 2056 

1903`array<string>`2057`string`

1904 2058 

1905Details2059Details

1906 2060 

1907Additional writable roots when `sandbox_mode = "workspace-write"`.2061Client private key path for OTEL trace exporter TLS.

1908 2062 

1909Key2063Key

1910 2064 

1911`shell_environment_policy.exclude`2065`permissions.<name>.filesystem`

1912 2066 

1913Type / Values2067Type / Values

1914 2068 

1915`array<string>`2069`table`

1916 2070 

1917Details2071Details

1918 2072 

1919Glob patterns for removing environment variables after the defaults.2073Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

1920 2074 

1921Key2075Key

1922 2076 

1923`shell_environment_policy.experimental_use_profile`2077`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

1924 2078 

1925Type / Values2079Type / Values

1926 2080 

1927`boolean`2081`"read" | "write" | "none"`

1928 2082 

1929Details2083Details

1930 2084 

1931Use the user shell profile when spawning subprocesses.2085Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

1932 2086 

1933Key2087Key

1934 2088 

1935`shell_environment_policy.ignore_default_excludes`2089`permissions.<name>.filesystem.<path-or-glob>`

1936 2090 

1937Type / Values2091Type / Values

1938 2092 

1939`boolean`2093`"read" | "write" | "none" | table`

1940 2094 

1941Details2095Details

1942 2096 

1943Keep variables containing KEY/SECRET/TOKEN before other filters run.2097Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

1944 2098 

1945Key2099Key

1946 2100 

1947`shell_environment_policy.include_only`2101`permissions.<name>.filesystem.glob_scan_max_depth`

1948 2102 

1949Type / Values2103Type / Values

1950 2104 

1951`array<string>`2105`number`

1952 2106 

1953Details2107Details

1954 2108 

1955Whitelist of patterns; when set only matching variables are kept.2109Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

1956 2110 

1957Key2111Key

1958 2112 

1959`shell_environment_policy.inherit`2113`permissions.<name>.network.allow_local_binding`

1960 2114 

1961Type / Values2115Type / Values

1962 2116 

1963`all | core | none`2117`boolean`

2118 

2119Details

2120 

2121Permit local bind/listen operations through the managed proxy.

2122 

2123Key

2124 

2125`permissions.<name>.network.allow_upstream_proxy`

2126 

2127Type / Values

2128 

2129`boolean`

2130 

2131Details

2132 

2133Allow the managed proxy to chain to another upstream proxy.

2134 

2135Key

2136 

2137`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2138 

2139Type / Values

2140 

2141`boolean`

2142 

2143Details

2144 

2145Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2146 

2147Key

2148 

2149`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2150 

2151Type / Values

2152 

2153`boolean`

2154 

2155Details

2156 

2157Permit non-loopback bind addresses for the managed proxy listener.

2158 

2159Key

2160 

2161`permissions.<name>.network.domains`

2162 

2163Type / Values

2164 

2165`map<string, allow | deny>`

2166 

2167Details

2168 

2169Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2170 

2171Key

2172 

2173`permissions.<name>.network.enable_socks5`

2174 

2175Type / Values

2176 

2177`boolean`

2178 

2179Details

2180 

2181Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2182 

2183Key

2184 

2185`permissions.<name>.network.enable_socks5_udp`

2186 

2187Type / Values

2188 

2189`boolean`

2190 

2191Details

2192 

2193Allow UDP over the SOCKS5 listener when enabled.

2194 

2195Key

2196 

2197`permissions.<name>.network.enabled`

2198 

2199Type / Values

2200 

2201`boolean`

2202 

2203Details

2204 

2205Enable network access for this named permissions profile.

2206 

2207Key

2208 

2209`permissions.<name>.network.mode`

2210 

2211Type / Values

2212 

2213`limited | full`

2214 

2215Details

2216 

2217Network proxy mode used for subprocess traffic.

2218 

2219Key

2220 

2221`permissions.<name>.network.proxy_url`

2222 

2223Type / Values

2224 

2225`string`

2226 

2227Details

2228 

2229HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2230 

2231Key

2232 

2233`permissions.<name>.network.socks_url`

2234 

2235Type / Values

2236 

2237`string`

2238 

2239Details

2240 

2241SOCKS5 proxy endpoint used by this permissions profile.

2242 

2243Key

2244 

2245`permissions.<name>.network.unix_sockets`

2246 

2247Type / Values

2248 

2249`map<string, allow | none>`

2250 

2251Details

2252 

2253Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2254 

2255Key

2256 

2257`personality`

2258 

2259Type / Values

2260 

2261`none | friendly | pragmatic`

2262 

2263Details

2264 

2265Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

2266 

2267Key

2268 

2269`plan_mode_reasoning_effort`

2270 

2271Type / Values

2272 

2273`none | minimal | low | medium | high | xhigh`

2274 

2275Details

2276 

2277Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

2278 

2279Key

2280 

2281`profile`

2282 

2283Type / Values

2284 

2285`string`

2286 

2287Details

2288 

2289Default profile applied at startup (equivalent to `--profile`).

2290 

2291Key

2292 

2293`profiles.<name>.*`

2294 

2295Type / Values

2296 

2297`various`

2298 

2299Details

2300 

2301Profile-scoped overrides for any of the supported configuration keys.

2302 

2303Key

2304 

2305`profiles.<name>.analytics.enabled`

2306 

2307Type / Values

2308 

2309`boolean`

2310 

2311Details

2312 

2313Profile-scoped analytics enablement override.

2314 

2315Key

2316 

2317`profiles.<name>.experimental_use_unified_exec_tool`

2318 

2319Type / Values

2320 

2321`boolean`

2322 

2323Details

2324 

2325Legacy name for enabling unified exec; prefer `[features].unified_exec`.

2326 

2327Key

2328 

2329`profiles.<name>.model_catalog_json`

2330 

2331Type / Values

2332 

2333`string (path)`

2334 

2335Details

2336 

2337Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

2338 

2339Key

2340 

2341`profiles.<name>.model_instructions_file`

2342 

2343Type / Values

2344 

2345`string (path)`

2346 

2347Details

2348 

2349Profile-scoped replacement for the built-in instruction file.

2350 

2351Key

2352 

2353`profiles.<name>.oss_provider`

2354 

2355Type / Values

2356 

2357`lmstudio | ollama`

2358 

2359Details

2360 

2361Profile-scoped OSS provider for `--oss` sessions.

2362 

2363Key

2364 

2365`profiles.<name>.personality`

2366 

2367Type / Values

2368 

2369`none | friendly | pragmatic`

2370 

2371Details

2372 

2373Profile-scoped communication style override for supported models.

2374 

2375Key

2376 

2377`profiles.<name>.plan_mode_reasoning_effort`

2378 

2379Type / Values

2380 

2381`none | minimal | low | medium | high | xhigh`

2382 

2383Details

2384 

2385Profile-scoped Plan-mode reasoning override.

2386 

2387Key

2388 

2389`profiles.<name>.service_tier`

2390 

2391Type / Values

2392 

2393`flex | fast`

2394 

2395Details

2396 

2397Profile-scoped service tier preference for new turns.

2398 

2399Key

2400 

2401`profiles.<name>.tools_view_image`

2402 

2403Type / Values

2404 

2405`boolean`

2406 

2407Details

2408 

2409Enable or disable the `view_image` tool in that profile.

2410 

2411Key

2412 

2413`profiles.<name>.web_search`

2414 

2415Type / Values

2416 

2417`disabled | cached | live`

2418 

2419Details

2420 

2421Profile-scoped web search mode override (default: `"cached"`).

2422 

2423Key

2424 

2425`profiles.<name>.windows.sandbox`

2426 

2427Type / Values

2428 

2429`unelevated | elevated`

2430 

2431Details

2432 

2433Profile-scoped Windows sandbox mode override.

2434 

2435Key

2436 

2437`project_doc_fallback_filenames`

2438 

2439Type / Values

2440 

2441`array<string>`

2442 

2443Details

2444 

2445Additional filenames to try when `AGENTS.md` is missing.

2446 

2447Key

2448 

2449`project_doc_max_bytes`

2450 

2451Type / Values

2452 

2453`number`

2454 

2455Details

2456 

2457Maximum bytes read from `AGENTS.md` when building project instructions.

2458 

2459Key

2460 

2461`project_root_markers`

2462 

2463Type / Values

2464 

2465`array<string>`

2466 

2467Details

2468 

2469List of project root marker filenames; used when searching parent directories for the project root.

2470 

2471Key

2472 

2473`projects.<path>.trust_level`

2474 

2475Type / Values

2476 

2477`string`

2478 

2479Details

2480 

2481Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

2482 

2483Key

2484 

2485`review_model`

2486 

2487Type / Values

2488 

2489`string`

2490 

2491Details

2492 

2493Optional model override used by `/review` (defaults to the current session model).

2494 

2495Key

2496 

2497`sandbox_mode`

2498 

2499Type / Values

2500 

2501`read-only | workspace-write | danger-full-access`

2502 

2503Details

2504 

2505Sandbox policy for filesystem and network access during command execution.

2506 

2507Key

2508 

2509`sandbox_workspace_write.exclude_slash_tmp`

2510 

2511Type / Values

2512 

2513`boolean`

2514 

2515Details

2516 

2517Exclude `/tmp` from writable roots in workspace-write mode.

2518 

2519Key

2520 

2521`sandbox_workspace_write.exclude_tmpdir_env_var`

2522 

2523Type / Values

2524 

2525`boolean`

2526 

2527Details

2528 

2529Exclude `$TMPDIR` from writable roots in workspace-write mode.

2530 

2531Key

2532 

2533`sandbox_workspace_write.network_access`

2534 

2535Type / Values

2536 

2537`boolean`

2538 

2539Details

2540 

2541Allow outbound network access inside the workspace-write sandbox.

2542 

2543Key

2544 

2545`sandbox_workspace_write.writable_roots`

2546 

2547Type / Values

2548 

2549`array<string>`

2550 

2551Details

2552 

2553Additional writable roots when `sandbox_mode = "workspace-write"`.

2554 

2555Key

2556 

2557`service_tier`

2558 

2559Type / Values

2560 

2561`flex | fast`

2562 

2563Details

2564 

2565Preferred service tier for new turns.

2566 

2567Key

2568 

2569`shell_environment_policy.exclude`

2570 

2571Type / Values

2572 

2573`array<string>`

2574 

2575Details

2576 

2577Glob patterns for removing environment variables after the defaults.

2578 

2579Key

2580 

2581`shell_environment_policy.experimental_use_profile`

2582 

2583Type / Values

2584 

2585`boolean`

2586 

2587Details

2588 

2589Use the user shell profile when spawning subprocesses.

2590 

2591Key

2592 

2593`shell_environment_policy.ignore_default_excludes`

2594 

2595Type / Values

2596 

2597`boolean`

2598 

2599Details

2600 

2601Keep variables containing KEY/SECRET/TOKEN before other filters run.

2602 

2603Key

2604 

2605`shell_environment_policy.include_only`

2606 

2607Type / Values

2608 

2609`array<string>`

2610 

2611Details

2612 

2613Whitelist of patterns; when set only matching variables are kept.

2614 

2615Key

2616 

2617`shell_environment_policy.inherit`

2618 

2619Type / Values

2620 

2621`all | core | none`

1964 2622 

1965Details2623Details

1966 2624 

2028 2686 

2029Key2687Key

2030 2688 

2689`sqlite_home`

2690 

2691Type / Values

2692 

2693`string (path)`

2694 

2695Details

2696 

2697Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

2698 

2699Key

2700 

2031`suppress_unstable_features_warning`2701`suppress_unstable_features_warning`

2032 2702 

2033Type / Values2703Type / Values

2052 2722 

2053Key2723Key

2054 2724 

2055`tools.web_search`2725`tool_suggest.discoverables`

2726 

2727Type / Values

2728 

2729`array<table>`

2730 

2731Details

2732 

2733Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2734 

2735Key

2736 

2737`tools.view_image`

2056 2738 

2057Type / Values2739Type / Values

2058 2740 

2060 2742 

2061Details2743Details

2062 2744 

2063Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2745Enable the local-image attachment tool `view_image`.

2746 

2747Key

2748 

2749`tools.web_search`

2750 

2751Type / Values

2752 

2753`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2754 

2755Details

2756 

2757Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2064 2758 

2065Key2759Key

2066 2760 

2100 2794 

2101Key2795Key

2102 2796 

2797`tui.model_availability_nux.<model>`

2798 

2799Type / Values

2800 

2801`integer`

2802 

2803Details

2804 

2805Internal startup-tooltip state keyed by model slug.

2806 

2807Key

2808 

2809`tui.notification_condition`

2810 

2811Type / Values

2812 

2813`unfocused | always`

2814 

2815Details

2816 

2817Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2818 

2819Key

2820 

2103`tui.notification_method`2821`tui.notification_method`

2104 2822 

2105Type / Values2823Type / Values

2108 2826 

2109Details2827Details

2110 2828 

2111Notification method for unfocused terminal notifications (default: auto).2829Notification method for terminal notifications (default: auto).

2112 2830 

2113Key2831Key

2114 2832 

2148 2866 

2149Key2867Key

2150 2868 

2869`tui.terminal_title`

2870 

2871Type / Values

2872 

2873`array<string> | null`

2874 

2875Details

2876 

2877Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2878 

2879Key

2880 

2881`tui.theme`

2882 

2883Type / Values

2884 

2885`string`

2886 

2887Details

2888 

2889Syntax-highlighting theme override (kebab-case theme name).

2890 

2891Key

2892 

2151`web_search`2893`web_search`

2152 2894 

2153Type / Values2895Type / Values

2182 2924 

2183Windows-only native sandbox mode when running Codex natively on Windows.2925Windows-only native sandbox mode when running Codex natively on Windows.

2184 2926 

2927Key

2928 

2929`windows.sandbox_private_desktop`

2930 

2931Type / Values

2932 

2933`boolean`

2934 

2935Details

2936 

2937Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2938 

2185Expand to view all2939Expand to view all

2186 2940 

2187You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2941You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2201For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched2955For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

2202requirements. See the security page for precedence details.2956requirements. See the security page for precedence details.

2203 2957 

2958Use `[features]` in `requirements.toml` to pin feature flags by the same

2959canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

2960 

2204| Key | Type / Values | Details |2961| Key | Type / Values | Details |

2205| --- | --- | --- |2962| --- | --- | --- |

2206| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |2963| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

2964| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2207| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |2965| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2208| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2966| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2967| `feature_requirements` | `table` | Alias for `features` in `requirements.toml`. Use it to pin feature values by canonical feature key. |

2968| `feature_requirements.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. You can also set `features.browser_use`. |

2969| `feature_requirements.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. You can also set `features.computer_use`. |

2970| `feature_requirements.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. You can also set `features.in_app_browser`. |

2971| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2972| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

2973| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

2974| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

2975| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

2976| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

2977| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

2978| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2209| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |2979| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2210| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2980| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2211| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2981| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2212| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |2982| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2983| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

2984| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

2985| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

2986| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2213| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |2987| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2214| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |2988| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2215| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |2989| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2228 3002 

2229Details3003Details

2230 3004 

2231Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).3005Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

3006 

3007Key

3008 

3009`allowed_approvals_reviewers`

3010 

3011Type / Values

3012 

3013`array<string>`

3014 

3015Details

3016 

3017Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2232 3018 

2233Key3019Key

2234 3020 

2256 3042 

2257Key3043Key

2258 3044 

3045`feature_requirements`

3046 

3047Type / Values

3048 

3049`table`

3050 

3051Details

3052 

3053Alias for `features` in `requirements.toml`. Use it to pin feature values by canonical feature key.

3054 

3055Key

3056 

3057`feature_requirements.browser_use`

3058 

3059Type / Values

3060 

3061`boolean`

3062 

3063Details

3064 

3065Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. You can also set `features.browser_use`.

3066 

3067Key

3068 

3069`feature_requirements.computer_use`

3070 

3071Type / Values

3072 

3073`boolean`

3074 

3075Details

3076 

3077Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. You can also set `features.computer_use`.

3078 

3079Key

3080 

3081`feature_requirements.in_app_browser`

3082 

3083Type / Values

3084 

3085`boolean`

3086 

3087Details

3088 

3089Set to `false` in `requirements.toml` to disable the in-app browser pane. You can also set `features.in_app_browser`.

3090 

3091Key

3092 

3093`features`

3094 

3095Type / Values

3096 

3097`table`

3098 

3099Details

3100 

3101Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

3102 

3103Key

3104 

3105`features.<name>`

3106 

3107Type / Values

3108 

3109`boolean`

3110 

3111Details

3112 

3113Require a specific canonical feature key to stay enabled or disabled.

3114 

3115Key

3116 

3117`guardian_policy_config`

3118 

3119Type / Values

3120 

3121`string`

3122 

3123Details

3124 

3125Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3126 

3127Key

3128 

3129`hooks`

3130 

3131Type / Values

3132 

3133`table`

3134 

3135Details

3136 

3137Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3138 

3139Key

3140 

3141`hooks.<Event>`

3142 

3143Type / Values

3144 

3145`array<table>`

3146 

3147Details

3148 

3149Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3150 

3151Key

3152 

3153`hooks.<Event>[].hooks`

3154 

3155Type / Values

3156 

3157`array<table>`

3158 

3159Details

3160 

3161Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3162 

3163Key

3164 

3165`hooks.managed_dir`

3166 

3167Type / Values

3168 

3169`string (absolute path)`

3170 

3171Details

3172 

3173Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3174 

3175Key

3176 

3177`hooks.windows_managed_dir`

3178 

3179Type / Values

3180 

3181`string (absolute path)`

3182 

3183Details

3184 

3185Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3186 

3187Key

3188 

2259`mcp_servers`3189`mcp_servers`

2260 3190 

2261Type / Values3191Type / Values

2304 3234 

2305Key3235Key

2306 3236 

3237`permissions.filesystem.deny_read`

3238 

3239Type / Values

3240 

3241`array<string>`

3242 

3243Details

3244 

3245Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3246 

3247Key

3248 

3249`remote_sandbox_config`

3250 

3251Type / Values

3252 

3253`array<table>`

3254 

3255Details

3256 

3257Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3258 

3259Key

3260 

3261`remote_sandbox_config[].allowed_sandbox_modes`

3262 

3263Type / Values

3264 

3265`array<string>`

3266 

3267Details

3268 

3269Allowed sandbox modes to apply when this host-specific entry matches.

3270 

3271Key

3272 

3273`remote_sandbox_config[].hostname_patterns`

3274 

3275Type / Values

3276 

3277`array<string>`

3278 

3279Details

3280 

3281Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3282 

3283Key

3284 

2307`rules`3285`rules`

2308 3286 

2309Type / Values3287Type / Values