SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-03-05 00:34 UTC → 2026-04-29 12:40 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
5 Mar 2026, 00:34
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
29 Apr 2026, 12:40
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +1157 −205

Details

6 6 

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11| Key | Type / Values | Details |

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

15| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

16| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

17| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

18| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

19| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

20| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

21| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

22| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

23| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

24| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

25| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

30| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

31| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

32| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

33| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

34| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

35| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

36| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

37| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. |

38| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

39| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

40| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

41| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

42| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

43| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

44| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

45| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

46| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

47| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

48| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

49| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

50| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

51| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

52| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

53| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

54| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

55| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

56| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

57| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

58| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

59| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

60| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

61| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

66| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

67| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

68| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

69| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

70| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

71| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

72| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

81| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

82| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

83| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

84| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

85| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

86| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

87| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

88| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

89| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

90| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

91| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

92| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

93| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

94| `model_context_window` | `number` | Context window tokens available to the active model. |112| `model_context_window` | `number` | Context window tokens available to the active model. |

95| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

96| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

97| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

98| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

99| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

106| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

107| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

108| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

109| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

110| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |136| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

111| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |137| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

112| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |138| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

113| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |139| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

114| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |140| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

115| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |141| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

116| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |142| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

118| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |144| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

119| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |145| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

120| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |146| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

147| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

121| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |148| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

122| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |149| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

123| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |150| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

128| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |155| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

129| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |156| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

130| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |157| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

158| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

131| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |159| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

132| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |160| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

133| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |161| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

135| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |163| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

136| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |164| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

137| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |165| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

166| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

167| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

168| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

169| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

170| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

171| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

172| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

173| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

174| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

175| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

176| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

177| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

178| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

179| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

180| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

181| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

138| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |182| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

183| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

139| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |184| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

140| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |185| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

141| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |186| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

142| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |187| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

143| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

144| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |188| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

189| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

145| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |190| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

146| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |191| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

192| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

193| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

194| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

147| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |195| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

196| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

148| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |197| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

149| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |198| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

150| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |199| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

151| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |200| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

152| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |201| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

153| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |202| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

154| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |203| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

155| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |204| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

156| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |205| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

157| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |206| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

207| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

158| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |208| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

159| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |209| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

160| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |210| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

168| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |218| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

169| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |219| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

170| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |220| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

171| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |221| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

222| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

223| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

172| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |224| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

173| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |225| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

174| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |226| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

175| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |227| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

228| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

229| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

176| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |230| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

177| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |231| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

178| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |232| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

233| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

234| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

179| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |235| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

180| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |236| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

181| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |237| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

238| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

182 239 

183Key240Key

184 241 

206 263 

207Key264Key

208 265 

266`agents.<name>.nickname_candidates`

267 

268Type / Values

269 

270`array<string>`

271 

272Details

273 

274Optional pool of display nicknames for spawned agents in that role.

275 

276Key

277 

209`agents.job_max_runtime_seconds`278`agents.job_max_runtime_seconds`

210 279 

211Type / Values280Type / Values

238 307 

239Details308Details

240 309 

241Maximum number of agent threads that can be open concurrently.310Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

242 311 

243Key312Key

244 313 

254 323 

255Key324Key

256 325 

326`analytics.enabled`

327 

328Type / Values

329 

330`boolean`

331 

332Details

333 

334Enable or disable analytics for this machine/profile. When unset, the client default applies.

335 

336Key

337 

257`approval_policy`338`approval_policy`

258 339 

259Type / Values340Type / Values

260 341 

261`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`342`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

343 

344Details

345 

346Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

347 

348Key

349 

350`approval_policy.granular.mcp_elicitations`

351 

352Type / Values

353 

354`boolean`

355 

356Details

357 

358When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

359 

360Key

361 

362`approval_policy.granular.request_permissions`

363 

364Type / Values

365 

366`boolean`

262 367 

263Details368Details

264 369 

265Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.370When `true`, prompts from the `request_permissions` tool are allowed to surface.

266 371 

267Key372Key

268 373 

269`approval_policy.reject.mcp_elicitations`374`approval_policy.granular.rules`

270 375 

271Type / Values376Type / Values

272 377 

274 379 

275Details380Details

276 381 

277When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.382When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

278 383 

279Key384Key

280 385 

281`approval_policy.reject.rules`386`approval_policy.granular.sandbox_approval`

282 387 

283Type / Values388Type / Values

284 389 

286 391 

287Details392Details

288 393 

289When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.394When `true`, sandbox escalation approval prompts are allowed to surface.

290 395 

291Key396Key

292 397 

293`approval_policy.reject.sandbox_approval`398`approval_policy.granular.skill_approval`

294 399 

295Type / Values400Type / Values

296 401 

298 403 

299Details404Details

300 405 

301When `true`, sandbox escalation approval prompts are auto-rejected.406When `true`, skill-script approval prompts are allowed to surface.

407 

408Key

409 

410`approvals_reviewer`

411 

412Type / Values

413 

414`user | auto_review`

415 

416Details

417 

418Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

302 419 

303Key420Key

304 421 

422 539 

423Key540Key

424 541 

542`auto_review.policy`

543 

544Type / Values

545 

546`string`

547 

548Details

549 

550Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

551 

552Key

553 

425`background_terminal_max_timeout`554`background_terminal_max_timeout`

426 555 

427Type / Values556Type / Values

470 599 

471Key600Key

472 601 

473`compact_prompt`602`commit_attribution`

474 603 

475Type / Values604Type / Values

476 605 

478 607 

479Details608Details

480 609 

481Inline override for the history compaction prompt.610Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

482 611 

483Key612Key

484 613 

485`developer_instructions`614`compact_prompt`

486 615 

487Type / Values616Type / Values

488 617 

490 619 

491Details620Details

492 621 

493Additional developer instructions injected into the session (optional).622Inline override for the history compaction prompt.

494 623 

495Key624Key

496 625 

497`disable_paste_burst`626`default_permissions`

498 627 

499Type / Values628Type / Values

500 629 

501`boolean`630`string`

502 631 

503Details632Details

504 633 

505Disable burst-paste detection in the TUI.634Name of the default permissions profile to apply to sandboxed tool calls.

506 635 

507Key636Key

508 637 

509`experimental_compact_prompt_file`638`developer_instructions`

510 639 

511Type / Values640Type / Values

512 641 

513`string (path)`642`string`

514 643 

515Details644Details

516 645 

517Load the compaction prompt override from a file (experimental).646Additional developer instructions injected into the session (optional).

518 647 

519Key648Key

520 649 

521`experimental_use_freeform_apply_patch`650`disable_paste_burst`

522 651 

523Type / Values652Type / Values

524 653 

526 655 

527Details656Details

528 657 

529Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.658Disable burst-paste detection in the TUI.

530 659 

531Key660Key

532 661 

533`experimental_use_unified_exec_tool`662`experimental_compact_prompt_file`

534 663 

535Type / Values664Type / Values

536 665 

537`boolean`666`string (path)`

538 667 

539Details668Details

540 669 

541Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.670Load the compaction prompt override from a file (experimental).

542 671 

543Key672Key

544 673 

545`features.apply_patch_freeform`674`experimental_use_unified_exec_tool`

546 675 

547Type / Values676Type / Values

548 677 

550 679 

551Details680Details

552 681 

553Expose the freeform `apply_patch` tool (experimental).682Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

554 683 

555Key684Key

556 685 

566 695 

567Key696Key

568 697 

569`features.apps_mcp_gateway`698`features.codex_hooks`

570 

571Type / Values

572 

573`boolean`

574 

575Details

576 

577Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).

578 

579Key

580 

581`features.child_agents_md`

582 699 

583Type / Values700Type / Values

584 701 

586 703 

587Details704Details

588 705 

589Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).706Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

590 707 

591Key708Key

592 709 

593`features.collaboration_modes`710`features.enable_request_compression`

594 711 

595Type / Values712Type / Values

596 713 

598 715 

599Details716Details

600 717 

601Enable collaboration modes such as plan mode (stable; on by default).718Compress streaming request bodies with zstd when supported (stable; on by default).

602 719 

603Key720Key

604 721 

605`features.multi_agent`722`features.fast_mode`

606 723 

607Type / Values724Type / Values

608 725 

610 727 

611Details728Details

612 729 

613Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).730Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

614 731 

615Key732Key

616 733 

617`features.personality`734`features.memories`

618 735 

619Type / Values736Type / Values

620 737 

622 739 

623Details740Details

624 741 

625Enable personality selection controls (stable; on by default).742Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

626 743 

627Key744Key

628 745 

629`features.powershell_utf8`746`features.multi_agent`

630 747 

631Type / Values748Type / Values

632 749 

634 751 

635Details752Details

636 753 

637Force PowerShell UTF-8 output (defaults to true).754Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

638 755 

639Key756Key

640 757 

641`features.remote_models`758`features.personality`

642 759 

643Type / Values760Type / Values

644 761 

646 763 

647Details764Details

648 765 

649Refresh remote model list before showing readiness (experimental).766Enable personality selection controls (stable; on by default).

650 767 

651Key768Key

652 769 

653`features.request_rule`770`features.prevent_idle_sleep`

654 771 

655Type / Values772Type / Values

656 773 

658 775 

659Details776Details

660 777 

661Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).778Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

662 779 

663Key780Key

664 781 

665`features.runtime_metrics`782`features.shell_snapshot`

666 783 

667Type / Values784Type / Values

668 785 

670 787 

671Details788Details

672 789 

673Show runtime metrics summary in TUI turn separators (experimental).790Snapshot shell environment to speed up repeated commands (stable; on by default).

674 791 

675Key792Key

676 793 

677`features.search_tool`794`features.shell_tool`

678 795 

679Type / Values796Type / Values

680 797 

682 799 

683Details800Details

684 801 

685Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).802Enable the default `shell` tool for running commands (stable; on by default).

686 803 

687Key804Key

688 805 

689`features.shell_snapshot`806`features.skill_mcp_dependency_install`

690 807 

691Type / Values808Type / Values

692 809 

694 811 

695Details812Details

696 813 

697Snapshot shell environment to speed up repeated commands (beta).814Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

698 815 

699Key816Key

700 817 

701`features.shell_tool`818`features.undo`

702 819 

703Type / Values820Type / Values

704 821 

706 823 

707Details824Details

708 825 

709Enable the default `shell` tool for running commands (stable; on by default).826Enable undo support (stable; off by default).

710 827 

711Key828Key

712 829 

718 835 

719Details836Details

720 837 

721Use the unified PTY-backed exec tool (beta).838Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

722 

723Key

724 

725`features.use_linux_sandbox_bwrap`

726 

727Type / Values

728 

729`boolean`

730 

731Details

732 

733Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

734 839 

735Key840Key

736 841 

854 959 

855Key960Key

856 961 

857`include_apply_patch_tool`962`hooks`

858 963 

859Type / Values964Type / Values

860 965 

861`boolean`966`table`

862 967 

863Details968Details

864 969 

865Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.970Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

866 971 

867Key972Key

868 973 

1038 1143 

1039Type / Values1144Type / Values

1040 1145 

1041`array<string>`1146`array<string | { name = string, source = "local" | "remote" }>`

1147 

1148Details

1149 

1150Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1151 

1152Key

1153 

1154`mcp_servers.<id>.experimental_environment`

1155 

1156Type / Values

1157 

1158`local | remote`

1042 1159 

1043Details1160Details

1044 1161 

1045Additional environment variables to whitelist for an MCP stdio server.1162Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1046 1163 

1047Key1164Key

1048 1165 

1058 1175 

1059Key1176Key

1060 1177 

1178`mcp_servers.<id>.oauth_resource`

1179 

1180Type / Values

1181 

1182`string`

1183 

1184Details

1185 

1186Optional RFC 8707 OAuth resource parameter to include during MCP login.

1187 

1188Key

1189 

1061`mcp_servers.<id>.required`1190`mcp_servers.<id>.required`

1062 1191 

1063Type / Values1192Type / Values

1070 1199 

1071Key1200Key

1072 1201 

1202`mcp_servers.<id>.scopes`

1203 

1204Type / Values

1205 

1206`array<string>`

1207 

1208Details

1209 

1210OAuth scopes to request when authenticating to that MCP server.

1211 

1212Key

1213 

1073`mcp_servers.<id>.startup_timeout_ms`1214`mcp_servers.<id>.startup_timeout_ms`

1074 1215 

1075Type / Values1216Type / Values

1118 1259 

1119Key1260Key

1120 1261 

1121`model`1262`memories.consolidation_model`

1122 1263 

1123Type / Values1264Type / Values

1124 1265 

1126 1267 

1127Details1268Details

1128 1269 

1129Model to use (e.g., `gpt-5-codex`).1270Optional model override for global memory consolidation.

1130 1271 

1131Key1272Key

1132 1273 

1133`model_auto_compact_token_limit`1274`memories.disable_on_external_context`

1134 1275 

1135Type / Values1276Type / Values

1136 1277 

1137`number`1278`boolean`

1138 1279 

1139Details1280Details

1140 1281 

1141Token threshold that triggers automatic history compaction (unset uses model defaults).1282When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1142 1283 

1143Key1284Key

1144 1285 

1145`model_catalog_json`1286`memories.extract_model`

1146 1287 

1147Type / Values1288Type / Values

1148 1289 

1149`string (path)`1290`string`

1150 1291 

1151Details1292Details

1152 1293 

1153Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1294Optional model override for per-thread memory extraction.

1154 1295 

1155Key1296Key

1156 1297 

1157`model_context_window`1298`memories.generate_memories`

1158 1299 

1159Type / Values1300Type / Values

1160 1301 

1161`number`1302`boolean`

1162 1303 

1163Details1304Details

1164 1305 

1165Context window tokens available to the active model.1306When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1166 1307 

1167Key1308Key

1168 1309 

1169`model_instructions_file`1310`memories.max_raw_memories_for_consolidation`

1170 1311 

1171Type / Values1312Type / Values

1172 1313 

1173`string (path)`1314`number`

1174 1315 

1175Details1316Details

1176 1317 

1177Replacement for built-in instructions instead of `AGENTS.md`.1318Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1178 1319 

1179Key1320Key

1180 1321 

1181`model_provider`1322`memories.max_rollout_age_days`

1182 1323 

1183Type / Values1324Type / Values

1184 1325 

1185`string`1326`number`

1186 1327 

1187Details1328Details

1188 1329 

1189Provider id from `model_providers` (default: `openai`).1330Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1190 1331 

1191Key1332Key

1192 1333 

1193`model_providers.<id>.base_url`1334`memories.max_rollouts_per_startup`

1194 1335 

1195Type / Values1336Type / Values

1196 1337 

1197`string`1338`number`

1198 1339 

1199Details1340Details

1200 1341 

1201API base URL for the model provider.1342Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1202 1343 

1203Key1344Key

1204 1345 

1205`model_providers.<id>.env_http_headers`1346`memories.max_unused_days`

1206 1347 

1207Type / Values1348Type / Values

1208 1349 

1209`map<string,string>`1350`number`

1210 1351 

1211Details1352Details

1212 1353 

1213HTTP headers populated from environment variables when present.1354Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1214 1355 

1215Key1356Key

1216 1357 

1217`model_providers.<id>.env_key`1358`memories.min_rate_limit_remaining_percent`

1218 1359 

1219Type / Values1360Type / Values

1220 1361 

1221`string`1362`number`

1222 1363 

1223Details1364Details

1224 1365 

1225Environment variable supplying the provider API key.1366Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1226 1367 

1227Key1368Key

1228 1369 

1229`model_providers.<id>.env_key_instructions`1370`memories.min_rollout_idle_hours`

1230 1371 

1231Type / Values1372Type / Values

1232 1373 

1233`string`1374`number`

1234 1375 

1235Details1376Details

1236 1377 

1237Optional setup guidance for the provider API key.1378Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1238 1379 

1239Key1380Key

1240 1381 

1241`model_providers.<id>.experimental_bearer_token`1382`memories.use_memories`

1242 1383 

1243Type / Values1384Type / Values

1244 1385 

1245`string`1386`boolean`

1246 1387 

1247Details1388Details

1248 1389 

1249Direct bearer token for the provider (discouraged; use `env_key`).1390When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1250 1391 

1251Key1392Key

1252 1393 

1253`model_providers.<id>.http_headers`1394`model`

1254 1395 

1255Type / Values1396Type / Values

1256 1397 

1257`map<string,string>`1398`string`

1258 1399 

1259Details1400Details

1260 1401 

1261Static HTTP headers added to provider requests.1402Model to use (e.g., `gpt-5.5`).

1262 1403 

1263Key1404Key

1264 1405 

1265`model_providers.<id>.name`1406`model_auto_compact_token_limit`

1266 1407 

1267Type / Values1408Type / Values

1268 1409 

1269`string`1410`number`

1270 1411 

1271Details1412Details

1272 1413 

1273Display name for a custom model provider.1414Token threshold that triggers automatic history compaction (unset uses model defaults).

1274 1415 

1275Key1416Key

1276 1417 

1277`model_providers.<id>.query_params`1418`model_catalog_json`

1278 1419 

1279Type / Values1420Type / Values

1280 1421 

1281`map<string,string>`1422`string (path)`

1282 1423 

1283Details1424Details

1284 1425 

1285Extra query parameters appended to provider requests.1426Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1286 1427 

1287Key1428Key

1288 1429 

1289`model_providers.<id>.request_max_retries`1430`model_context_window`

1290 1431 

1291Type / Values1432Type / Values

1292 1433 

1294 1435 

1295Details1436Details

1296 1437 

1297Retry count for HTTP requests to the provider (default: 4).1438Context window tokens available to the active model.

1298 1439 

1299Key1440Key

1300 1441 

1301`model_providers.<id>.requires_openai_auth`1442`model_instructions_file`

1302 1443 

1303Type / Values1444Type / Values

1304 1445 

1305`boolean`1446`string (path)`

1306 1447 

1307Details1448Details

1308 1449 

1309The provider uses OpenAI authentication (defaults to false).1450Replacement for built-in instructions instead of `AGENTS.md`.

1310 1451 

1311Key1452Key

1312 1453 

1313`model_providers.<id>.stream_idle_timeout_ms`1454`model_provider`

1314 1455 

1315Type / Values1456Type / Values

1316 1457 

1317`number`1458`string`

1318 1459 

1319Details1460Details

1320 1461 

1321Idle timeout for SSE streams in milliseconds (default: 300000).1462Provider id from `model_providers` (default: `openai`).

1322 1463 

1323Key1464Key

1324 1465 

1325`model_providers.<id>.stream_max_retries`1466`model_providers.<id>`

1326 1467 

1327Type / Values1468Type / Values

1328 1469 

1329`number`1470`table`

1330 1471 

1331Details1472Details

1332 1473 

1333Retry count for SSE streaming interruptions (default: 5).1474Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1334 1475 

1335Key1476Key

1336 1477 

1337`model_providers.<id>.wire_api`1478`model_providers.<id>.auth`

1338 1479 

1339Type / Values1480Type / Values

1340 1481 

1341`chat | responses`1482`table`

1342 1483 

1343Details1484Details

1344 1485 

1345Protocol used by the provider (defaults to `chat` if omitted).1486Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1346 1487 

1347Key1488Key

1348 1489 

1349`model_reasoning_effort`1490`model_providers.<id>.auth.args`

1350 1491 

1351Type / Values1492Type / Values

1352 1493 

1353`minimal | low | medium | high | xhigh`1494`array<string>`

1354 1495 

1355Details1496Details

1356 1497 

1357Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1498Arguments passed to the token command.

1358 1499 

1359Key1500Key

1360 1501 

1361`model_reasoning_summary`1502`model_providers.<id>.auth.command`

1362 1503 

1363Type / Values1504Type / Values

1364 1505 

1365`auto | concise | detailed | none`1506`string`

1366 1507 

1367Details1508Details

1368 1509 

1369Select reasoning summary detail or disable summaries entirely.1510Command to run when Codex needs a bearer token. The command must print the token to stdout.

1370 1511 

1371Key1512Key

1372 1513 

1373`model_supports_reasoning_summaries`1514`model_providers.<id>.auth.cwd`

1374 1515 

1375Type / Values1516Type / Values

1376 1517 

1377`boolean`1518`string (path)`

1378 1519 

1379Details1520Details

1380 1521 

1381Force Codex to send or not send reasoning metadata.1522Working directory for the token command.

1382 1523 

1383Key1524Key

1384 1525 

1385`model_verbosity`1526`model_providers.<id>.auth.refresh_interval_ms`

1386 1527 

1387Type / Values1528Type / Values

1388 1529 

1389`low | medium | high`1530`number`

1390 1531 

1391Details1532Details

1392 1533 

1393Control GPT-5 Responses API verbosity (defaults to `medium`).1534How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1394 1535 

1395Key1536Key

1396 1537 

1397`notice.hide_full_access_warning`1538`model_providers.<id>.auth.timeout_ms`

1398 1539 

1399Type / Values1540Type / Values

1400 1541 

1401`boolean`1542`number`

1402 1543 

1403Details1544Details

1404 1545 

1405Track acknowledgement of the full access warning prompt.1546Maximum token command runtime in milliseconds (default: 5000).

1406 1547 

1407Key1548Key

1408 1549 

1409`notice.hide_gpt-5.1-codex-max_migration_prompt`1550`model_providers.<id>.base_url`

1410 1551 

1411Type / Values1552Type / Values

1412 1553 

1413`boolean`1554`string`

1414 1555 

1415Details1556Details

1416 1557 

1417Track acknowledgement of the gpt-5.1-codex-max migration prompt.1558API base URL for the model provider.

1418 1559 

1419Key1560Key

1420 1561 

1421`notice.hide_gpt5_1_migration_prompt`1562`model_providers.<id>.env_http_headers`

1563 

1564Type / Values

1565 

1566`map<string,string>`

1567 

1568Details

1569 

1570HTTP headers populated from environment variables when present.

1571 

1572Key

1573 

1574`model_providers.<id>.env_key`

1575 

1576Type / Values

1577 

1578`string`

1579 

1580Details

1581 

1582Environment variable supplying the provider API key.

1583 

1584Key

1585 

1586`model_providers.<id>.env_key_instructions`

1587 

1588Type / Values

1589 

1590`string`

1591 

1592Details

1593 

1594Optional setup guidance for the provider API key.

1595 

1596Key

1597 

1598`model_providers.<id>.experimental_bearer_token`

1599 

1600Type / Values

1601 

1602`string`

1603 

1604Details

1605 

1606Direct bearer token for the provider (discouraged; use `env_key`).

1607 

1608Key

1609 

1610`model_providers.<id>.http_headers`

1611 

1612Type / Values

1613 

1614`map<string,string>`

1615 

1616Details

1617 

1618Static HTTP headers added to provider requests.

1619 

1620Key

1621 

1622`model_providers.<id>.name`

1623 

1624Type / Values

1625 

1626`string`

1627 

1628Details

1629 

1630Display name for a custom model provider.

1631 

1632Key

1633 

1634`model_providers.<id>.query_params`

1635 

1636Type / Values

1637 

1638`map<string,string>`

1639 

1640Details

1641 

1642Extra query parameters appended to provider requests.

1643 

1644Key

1645 

1646`model_providers.<id>.request_max_retries`

1647 

1648Type / Values

1649 

1650`number`

1651 

1652Details

1653 

1654Retry count for HTTP requests to the provider (default: 4).

1655 

1656Key

1657 

1658`model_providers.<id>.requires_openai_auth`

1659 

1660Type / Values

1661 

1662`boolean`

1663 

1664Details

1665 

1666The provider uses OpenAI authentication (defaults to false).

1667 

1668Key

1669 

1670`model_providers.<id>.stream_idle_timeout_ms`

1671 

1672Type / Values

1673 

1674`number`

1675 

1676Details

1677 

1678Idle timeout for SSE streams in milliseconds (default: 300000).

1679 

1680Key

1681 

1682`model_providers.<id>.stream_max_retries`

1683 

1684Type / Values

1685 

1686`number`

1687 

1688Details

1689 

1690Retry count for SSE streaming interruptions (default: 5).

1691 

1692Key

1693 

1694`model_providers.<id>.supports_websockets`

1695 

1696Type / Values

1697 

1698`boolean`

1699 

1700Details

1701 

1702Whether that provider supports the Responses API WebSocket transport.

1703 

1704Key

1705 

1706`model_providers.<id>.wire_api`

1707 

1708Type / Values

1709 

1710`responses`

1711 

1712Details

1713 

1714Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1715 

1716Key

1717 

1718`model_reasoning_effort`

1719 

1720Type / Values

1721 

1722`minimal | low | medium | high | xhigh`

1723 

1724Details

1725 

1726Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1727 

1728Key

1729 

1730`model_reasoning_summary`

1731 

1732Type / Values

1733 

1734`auto | concise | detailed | none`

1735 

1736Details

1737 

1738Select reasoning summary detail or disable summaries entirely.

1739 

1740Key

1741 

1742`model_supports_reasoning_summaries`

1743 

1744Type / Values

1745 

1746`boolean`

1747 

1748Details

1749 

1750Force Codex to send or not send reasoning metadata.

1751 

1752Key

1753 

1754`model_verbosity`

1755 

1756Type / Values

1757 

1758`low | medium | high`

1759 

1760Details

1761 

1762Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1763 

1764Key

1765 

1766`notice.hide_full_access_warning`

1767 

1768Type / Values

1769 

1770`boolean`

1771 

1772Details

1773 

1774Track acknowledgement of the full access warning prompt.

1775 

1776Key

1777 

1778`notice.hide_gpt-5.1-codex-max_migration_prompt`

1779 

1780Type / Values

1781 

1782`boolean`

1783 

1784Details

1785 

1786Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1787 

1788Key

1789 

1790`notice.hide_gpt5_1_migration_prompt`

1422 1791 

1423Type / Values1792Type / Values

1424 1793 

1478 1847 

1479Key1848Key

1480 1849 

1850`openai_base_url`

1851 

1852Type / Values

1853 

1854`string`

1855 

1856Details

1857 

1858Base URL override for the built-in `openai` model provider.

1859 

1860Key

1861 

1481`oss_provider`1862`oss_provider`

1482 1863 

1483Type / Values1864Type / Values

1598 1979 

1599Key1980Key

1600 1981 

1982`otel.metrics_exporter`

1983 

1984Type / Values

1985 

1986`none | statsig | otlp-http | otlp-grpc`

1987 

1988Details

1989 

1990Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1991 

1992Key

1993 

1601`otel.trace_exporter`1994`otel.trace_exporter`

1602 1995 

1603Type / Values1996Type / Values

1682 2075 

1683Key2076Key

1684 2077 

2078`permissions.<name>.filesystem`

2079 

2080Type / Values

2081 

2082`table`

2083 

2084Details

2085 

2086Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

2087 

2088Key

2089 

2090`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

2091 

2092Type / Values

2093 

2094`"read" | "write" | "none"`

2095 

2096Details

2097 

2098Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

2099 

2100Key

2101 

2102`permissions.<name>.filesystem.<path-or-glob>`

2103 

2104Type / Values

2105 

2106`"read" | "write" | "none" | table`

2107 

2108Details

2109 

2110Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

2111 

2112Key

2113 

2114`permissions.<name>.filesystem.glob_scan_max_depth`

2115 

2116Type / Values

2117 

2118`number`

2119 

2120Details

2121 

2122Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2123 

2124Key

2125 

2126`permissions.<name>.network.allow_local_binding`

2127 

2128Type / Values

2129 

2130`boolean`

2131 

2132Details

2133 

2134Permit local bind/listen operations through the managed proxy.

2135 

2136Key

2137 

2138`permissions.<name>.network.allow_upstream_proxy`

2139 

2140Type / Values

2141 

2142`boolean`

2143 

2144Details

2145 

2146Allow the managed proxy to chain to another upstream proxy.

2147 

2148Key

2149 

2150`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2151 

2152Type / Values

2153 

2154`boolean`

2155 

2156Details

2157 

2158Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2159 

2160Key

2161 

2162`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2163 

2164Type / Values

2165 

2166`boolean`

2167 

2168Details

2169 

2170Permit non-loopback bind addresses for the managed proxy listener.

2171 

2172Key

2173 

2174`permissions.<name>.network.domains`

2175 

2176Type / Values

2177 

2178`map<string, allow | deny>`

2179 

2180Details

2181 

2182Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2183 

2184Key

2185 

2186`permissions.<name>.network.enable_socks5`

2187 

2188Type / Values

2189 

2190`boolean`

2191 

2192Details

2193 

2194Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2195 

2196Key

2197 

2198`permissions.<name>.network.enable_socks5_udp`

2199 

2200Type / Values

2201 

2202`boolean`

2203 

2204Details

2205 

2206Allow UDP over the SOCKS5 listener when enabled.

2207 

2208Key

2209 

2210`permissions.<name>.network.enabled`

2211 

2212Type / Values

2213 

2214`boolean`

2215 

2216Details

2217 

2218Enable network access for this named permissions profile.

2219 

2220Key

2221 

2222`permissions.<name>.network.mode`

2223 

2224Type / Values

2225 

2226`limited | full`

2227 

2228Details

2229 

2230Network proxy mode used for subprocess traffic.

2231 

2232Key

2233 

2234`permissions.<name>.network.proxy_url`

2235 

2236Type / Values

2237 

2238`string`

2239 

2240Details

2241 

2242HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2243 

2244Key

2245 

2246`permissions.<name>.network.socks_url`

2247 

2248Type / Values

2249 

2250`string`

2251 

2252Details

2253 

2254SOCKS5 proxy endpoint used by this permissions profile.

2255 

2256Key

2257 

2258`permissions.<name>.network.unix_sockets`

2259 

2260Type / Values

2261 

2262`map<string, allow | none>`

2263 

2264Details

2265 

2266Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2267 

2268Key

2269 

1685`personality`2270`personality`

1686 2271 

1687Type / Values2272Type / Values

1694 2279 

1695Key2280Key

1696 2281 

2282`plan_mode_reasoning_effort`

2283 

2284Type / Values

2285 

2286`none | minimal | low | medium | high | xhigh`

2287 

2288Details

2289 

2290Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

2291 

2292Key

2293 

1697`profile`2294`profile`

1698 2295 

1699Type / Values2296Type / Values

1718 2315 

1719Key2316Key

1720 2317 

1721`profiles.<name>.experimental_use_freeform_apply_patch`2318`profiles.<name>.analytics.enabled`

1722 2319 

1723Type / Values2320Type / Values

1724 2321 

1726 2323 

1727Details2324Details

1728 2325 

1729Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2326Profile-scoped analytics enablement override.

1730 2327 

1731Key2328Key

1732 2329 

1742 2339 

1743Key2340Key

1744 2341 

1745`profiles.<name>.include_apply_patch_tool`2342`profiles.<name>.model_catalog_json`

2343 

2344Type / Values

2345 

2346`string (path)`

2347 

2348Details

2349 

2350Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

2351 

2352Key

2353 

2354`profiles.<name>.model_instructions_file`

2355 

2356Type / Values

2357 

2358`string (path)`

2359 

2360Details

2361 

2362Profile-scoped replacement for the built-in instruction file.

2363 

2364Key

2365 

2366`profiles.<name>.oss_provider`

2367 

2368Type / Values

2369 

2370`lmstudio | ollama`

2371 

2372Details

2373 

2374Profile-scoped OSS provider for `--oss` sessions.

2375 

2376Key

2377 

2378`profiles.<name>.personality`

2379 

2380Type / Values

2381 

2382`none | friendly | pragmatic`

2383 

2384Details

2385 

2386Profile-scoped communication style override for supported models.

2387 

2388Key

2389 

2390`profiles.<name>.plan_mode_reasoning_effort`

1746 2391 

1747Type / Values2392Type / Values

1748 2393 

1749`boolean`2394`none | minimal | low | medium | high | xhigh`

1750 2395 

1751Details2396Details

1752 2397 

1753Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.2398Profile-scoped Plan-mode reasoning override.

1754 2399 

1755Key2400Key

1756 2401 

1757`profiles.<name>.model_catalog_json`2402`profiles.<name>.service_tier`

1758 2403 

1759Type / Values2404Type / Values

1760 2405 

1761`string (path)`2406`flex | fast`

1762 2407 

1763Details2408Details

1764 2409 

1765Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).2410Profile-scoped service tier preference for new turns.

1766 2411 

1767Key2412Key

1768 2413 

1769`profiles.<name>.oss_provider`2414`profiles.<name>.tools_view_image`

1770 2415 

1771Type / Values2416Type / Values

1772 2417 

1773`lmstudio | ollama`2418`boolean`

1774 2419 

1775Details2420Details

1776 2421 

1777Profile-scoped OSS provider for `--oss` sessions.2422Enable or disable the `view_image` tool in that profile.

1778 2423 

1779Key2424Key

1780 2425 

1781`profiles.<name>.personality`2426`profiles.<name>.web_search`

1782 2427 

1783Type / Values2428Type / Values

1784 2429 

1785`none | friendly | pragmatic`2430`disabled | cached | live`

1786 2431 

1787Details2432Details

1788 2433 

1789Profile-scoped communication style override for supported models.2434Profile-scoped web search mode override (default: `"cached"`).

1790 2435 

1791Key2436Key

1792 2437 

1793`profiles.<name>.web_search`2438`profiles.<name>.windows.sandbox`

1794 2439 

1795Type / Values2440Type / Values

1796 2441 

1797`disabled | cached | live`2442`unelevated | elevated`

1798 2443 

1799Details2444Details

1800 2445 

1801Profile-scoped web search mode override (default: `"cached"`).2446Profile-scoped Windows sandbox mode override.

1802 2447 

1803Key2448Key

1804 2449 

1846 2491 

1847Details2492Details

1848 2493 

1849Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.2494Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

1850 2495 

1851Key2496Key

1852 2497 

1922 2567 

1923Key2568Key

1924 2569 

2570`service_tier`

2571 

2572Type / Values

2573 

2574`flex | fast`

2575 

2576Details

2577 

2578Preferred service tier for new turns.

2579 

2580Key

2581 

1925`shell_environment_policy.exclude`2582`shell_environment_policy.exclude`

1926 2583 

1927Type / Values2584Type / Values

2078 2735 

2079Key2736Key

2080 2737 

2081`tools.web_search`2738`tool_suggest.discoverables`

2739 

2740Type / Values

2741 

2742`array<table>`

2743 

2744Details

2745 

2746Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2747 

2748Key

2749 

2750`tools.view_image`

2082 2751 

2083Type / Values2752Type / Values

2084 2753 

2086 2755 

2087Details2756Details

2088 2757 

2089Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2758Enable the local-image attachment tool `view_image`.

2759 

2760Key

2761 

2762`tools.web_search`

2763 

2764Type / Values

2765 

2766`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2767 

2768Details

2769 

2770Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2090 2771 

2091Key2772Key

2092 2773 

2126 2807 

2127Key2808Key

2128 2809 

2810`tui.model_availability_nux.<model>`

2811 

2812Type / Values

2813 

2814`integer`

2815 

2816Details

2817 

2818Internal startup-tooltip state keyed by model slug.

2819 

2820Key

2821 

2822`tui.notification_condition`

2823 

2824Type / Values

2825 

2826`unfocused | always`

2827 

2828Details

2829 

2830Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2831 

2832Key

2833 

2129`tui.notification_method`2834`tui.notification_method`

2130 2835 

2131Type / Values2836Type / Values

2134 2839 

2135Details2840Details

2136 2841 

2137Notification method for unfocused terminal notifications (default: auto).2842Notification method for terminal notifications (default: auto).

2138 2843 

2139Key2844Key

2140 2845 

2174 2879 

2175Key2880Key

2176 2881 

2882`tui.terminal_title`

2883 

2884Type / Values

2885 

2886`array<string> | null`

2887 

2888Details

2889 

2890Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2891 

2892Key

2893 

2894`tui.theme`

2895 

2896Type / Values

2897 

2898`string`

2899 

2900Details

2901 

2902Syntax-highlighting theme override (kebab-case theme name).

2903 

2904Key

2905 

2177`web_search`2906`web_search`

2178 2907 

2179Type / Values2908Type / Values

2208 2937 

2209Windows-only native sandbox mode when running Codex natively on Windows.2938Windows-only native sandbox mode when running Codex natively on Windows.

2210 2939 

2940Key

2941 

2942`windows.sandbox_private_desktop`

2943 

2944Type / Values

2945 

2946`boolean`

2947 

2948Details

2949 

2950Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

2951 

2211Expand to view all2952Expand to view all

2212 2953 

2213You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).2954You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2227For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched2968For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

2228requirements. See the security page for precedence details.2969requirements. See the security page for precedence details.

2229 2970 

2971Use `[features]` in `requirements.toml` to pin feature flags by the same

2972canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

2973 

2230| Key | Type / Values | Details |2974| Key | Type / Values | Details |

2231| --- | --- | --- |2975| --- | --- | --- |

2232| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |2976| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

2977| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2233| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |2978| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2234| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |2979| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

2980| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

2981| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

2982| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

2983| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

2984| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

2985| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

2986| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

2987| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

2988| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

2989| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

2990| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2235| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |2991| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2236| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |2992| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2237| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |2993| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2238| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |2994| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

2995| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

2996| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

2997| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

2998| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2239| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |2999| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2240| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |3000| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2241| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |3001| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2254 3014 

2255Details3015Details

2256 3016 

2257Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).3017Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

3018 

3019Key

3020 

3021`allowed_approvals_reviewers`

3022 

3023Type / Values

3024 

3025`array<string>`

3026 

3027Details

3028 

3029Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2258 3030 

2259Key3031Key

2260 3032 

2282 3054 

2283Key3055Key

2284 3056 

3057`features`

3058 

3059Type / Values

3060 

3061`table`

3062 

3063Details

3064 

3065Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

3066 

3067Key

3068 

3069`features.<name>`

3070 

3071Type / Values

3072 

3073`boolean`

3074 

3075Details

3076 

3077Require a specific canonical feature key to stay enabled or disabled.

3078 

3079Key

3080 

3081`features.browser_use`

3082 

3083Type / Values

3084 

3085`boolean`

3086 

3087Details

3088 

3089Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3090 

3091Key

3092 

3093`features.computer_use`

3094 

3095Type / Values

3096 

3097`boolean`

3098 

3099Details

3100 

3101Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3102 

3103Key

3104 

3105`features.in_app_browser`

3106 

3107Type / Values

3108 

3109`boolean`

3110 

3111Details

3112 

3113Set to `false` in `requirements.toml` to disable the in-app browser pane.

3114 

3115Key

3116 

3117`guardian_policy_config`

3118 

3119Type / Values

3120 

3121`string`

3122 

3123Details

3124 

3125Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3126 

3127Key

3128 

3129`hooks`

3130 

3131Type / Values

3132 

3133`table`

3134 

3135Details

3136 

3137Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3138 

3139Key

3140 

3141`hooks.<Event>`

3142 

3143Type / Values

3144 

3145`array<table>`

3146 

3147Details

3148 

3149Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3150 

3151Key

3152 

3153`hooks.<Event>[].hooks`

3154 

3155Type / Values

3156 

3157`array<table>`

3158 

3159Details

3160 

3161Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3162 

3163Key

3164 

3165`hooks.managed_dir`

3166 

3167Type / Values

3168 

3169`string (absolute path)`

3170 

3171Details

3172 

3173Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3174 

3175Key

3176 

3177`hooks.windows_managed_dir`

3178 

3179Type / Values

3180 

3181`string (absolute path)`

3182 

3183Details

3184 

3185Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3186 

3187Key

3188 

2285`mcp_servers`3189`mcp_servers`

2286 3190 

2287Type / Values3191Type / Values

2330 3234 

2331Key3235Key

2332 3236 

3237`permissions.filesystem.deny_read`

3238 

3239Type / Values

3240 

3241`array<string>`

3242 

3243Details

3244 

3245Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3246 

3247Key

3248 

3249`remote_sandbox_config`

3250 

3251Type / Values

3252 

3253`array<table>`

3254 

3255Details

3256 

3257Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3258 

3259Key

3260 

3261`remote_sandbox_config[].allowed_sandbox_modes`

3262 

3263Type / Values

3264 

3265`array<string>`

3266 

3267Details

3268 

3269Allowed sandbox modes to apply when this host-specific entry matches.

3270 

3271Key

3272 

3273`remote_sandbox_config[].hostname_patterns`

3274 

3275Type / Values

3276 

3277`array<string>`

3278 

3279Details

3280 

3281Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3282 

3283Key

3284 

2333`rules`3285`rules`

2334 3286 

2335Type / Values3287Type / Values