SpyBara
Go Premium Account

config-reference.md Codex Docs, 2026-03-05 18:41 UTC → 2026-04-30 18:36 UTC

Inspect the documentation page or source diff for this selected snapshot comparison.

2026
5 Mar 2026, 18:41
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
30 Apr 2026, 18:36
14 May 2026, 21:00 14 May 2026, 07:00 13 May 2026, 00:57 12 May 2026, 01:59 11 May 2026, 18:00 7 May 2026, 20:02 7 May 2026, 17:08 5 May 2026, 23:00 2 May 2026, 06:45 2 May 2026, 00:48 1 May 2026, 18:29 30 Apr 2026, 18:36 29 Apr 2026, 12:40 29 Apr 2026, 00:50 25 Apr 2026, 06:37 25 Apr 2026, 00:42 24 Apr 2026, 18:20 24 Apr 2026, 12:28 23 Apr 2026, 18:31 23 Apr 2026, 12:28 23 Apr 2026, 00:46 22 Apr 2026, 18:29 22 Apr 2026, 00:42 21 Apr 2026, 18:29 21 Apr 2026, 12:30 21 Apr 2026, 06:45 20 Apr 2026, 18:26 20 Apr 2026, 06:53 18 Apr 2026, 18:18 17 Apr 2026, 00:44 16 Apr 2026, 18:31 16 Apr 2026, 00:46 15 Apr 2026, 18:31 15 Apr 2026, 06:44 14 Apr 2026, 18:31 14 Apr 2026, 12:29 13 Apr 2026, 18:37 13 Apr 2026, 00:44 12 Apr 2026, 06:38 10 Apr 2026, 18:23 9 Apr 2026, 00:33 8 Apr 2026, 18:32 8 Apr 2026, 00:40 7 Apr 2026, 00:40 2 Apr 2026, 18:23 31 Mar 2026, 06:35 31 Mar 2026, 00:39 28 Mar 2026, 06:26 28 Mar 2026, 00:36 27 Mar 2026, 18:23 27 Mar 2026, 00:39 26 Mar 2026, 18:27 25 Mar 2026, 18:24 23 Mar 2026, 18:22 20 Mar 2026, 00:35 18 Mar 2026, 12:23 18 Mar 2026, 00:36 17 Mar 2026, 18:24 17 Mar 2026, 00:33 16 Mar 2026, 18:25 16 Mar 2026, 12:23 14 Mar 2026, 00:32 13 Mar 2026, 18:15 13 Mar 2026, 00:34 11 Mar 2026, 00:31 9 Mar 2026, 00:34 8 Mar 2026, 18:10 8 Mar 2026, 00:35 7 Mar 2026, 18:10 7 Mar 2026, 06:14 7 Mar 2026, 00:33 6 Mar 2026, 00:38 5 Mar 2026, 18:41 5 Mar 2026, 06:22 5 Mar 2026, 00:34 4 Mar 2026, 18:18 4 Mar 2026, 06:20 3 Mar 2026, 18:20 3 Mar 2026, 00:35 27 Feb 2026, 18:15 24 Feb 2026, 06:27 24 Feb 2026, 00:33 23 Feb 2026, 18:27 21 Feb 2026, 00:33 20 Feb 2026, 12:16 19 Feb 2026, 20:53 19 Feb 2026, 20:37
Thu 2 18:23 Tue 7 00:40 Wed 8 00:40 Wed 8 18:32 Thu 9 00:33 Fri 10 18:23 Sun 12 06:38 Mon 13 00:44 Mon 13 18:37 Tue 14 12:29 Tue 14 18:31 Wed 15 06:44 Wed 15 18:31 Thu 16 00:46 Thu 16 18:31 Fri 17 00:44 Sat 18 18:18 Mon 20 06:53 Mon 20 18:26 Tue 21 06:45 Tue 21 12:30 Tue 21 18:29 Wed 22 00:42 Wed 22 18:29 Thu 23 00:46 Thu 23 12:28 Thu 23 18:31 Fri 24 12:28 Fri 24 18:20 Sat 25 00:42 Sat 25 06:37 Wed 29 00:50 Wed 29 12:40 Thu 30 18:36

config-reference.md +1363 −346

Details

6 6 

7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.7User-level configuration lives in `~/.codex/config.toml`. You can also add project-scoped overrides in `.codex/config.toml` files. Codex loads project-scoped config files only when you trust the project.

8 8 

9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/security#network-access).9For sandbox and approval keys (`approval_policy`, `sandbox_mode`, and `sandbox_workspace_write.*`), pair this reference with [Sandbox and approvals](https://developers.openai.com/codex/agent-approvals-security#sandbox-and-approvals), [Protected paths in writable roots](https://developers.openai.com/codex/agent-approvals-security#protected-paths-in-writable-roots), and [Network access](https://developers.openai.com/codex/agent-approvals-security#network-access).

10 10 

11| Key | Type / Values | Details |11| Key | Type / Values | Details |

12| --- | --- | --- |12| --- | --- | --- |

13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |13| `agents.<name>.config_file` | `string (path)` | Path to a TOML config layer for that role; relative paths resolve from the config file that declares the role. |

14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |14| `agents.<name>.description` | `string` | Role guidance shown to Codex when choosing and spawning that agent type. |

15| `agents.<name>.nickname_candidates` | `array<string>` | Optional pool of display nicknames for spawned agents in that role. |

15| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |16| `agents.job_max_runtime_seconds` | `number` | Default per-worker timeout for `spawn_agents_on_csv` jobs. When unset, the tool falls back to 1800 seconds per worker. |

16| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |17| `agents.max_depth` | `number` | Maximum nesting depth allowed for spawned agent threads (root sessions start at depth 0; default: 1). |

17| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. |18| `agents.max_threads` | `number` | Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset. |

18| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |19| `allow_login_shell` | `boolean` | Allow shell-based tools to use login-shell semantics. Defaults to `true`; when `false`, `login = true` requests are rejected and omitted `login` defaults to non-login shells. |

19| `approval_policy` | `untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |20| `analytics.enabled` | `boolean` | Enable or disable analytics for this machine/profile. When unset, the client default applies. |

20| `approval_policy.reject.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user. |21| `approval_policy` | `untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }` | Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs. |

21| `approval_policy.reject.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected. |22| `approval_policy.granular.mcp_elicitations` | `boolean` | When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected. |

22| `approval_policy.reject.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are auto-rejected. |23| `approval_policy.granular.request_permissions` | `boolean` | When `true`, prompts from the `request_permissions` tool are allowed to surface. |

24| `approval_policy.granular.rules` | `boolean` | When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface. |

25| `approval_policy.granular.sandbox_approval` | `boolean` | When `true`, sandbox escalation approval prompts are allowed to surface. |

26| `approval_policy.granular.skill_approval` | `boolean` | When `true`, skill-script approval prompts are allowed to surface. |

27| `approvals_reviewer` | `user | auto_review` | Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox. |

23| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |28| `apps._default.destructive_enabled` | `boolean` | Default allow/deny for app tools with `destructive_hint = true`. |

24| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |29| `apps._default.enabled` | `boolean` | Default app enabled state for all apps unless overridden per app. |

25| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |30| `apps._default.open_world_enabled` | `boolean` | Default allow/deny for app tools with `open_world_hint = true`. |

30| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |35| `apps.<id>.open_world_enabled` | `boolean` | Allow or block tools in this app that advertise `open_world_hint = true`. |

31| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |36| `apps.<id>.tools.<tool>.approval_mode` | `auto | prompt | approve` | Per-tool approval behavior override for a single app tool. |

32| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |37| `apps.<id>.tools.<tool>.enabled` | `boolean` | Per-tool enabled override for an app tool (for example `repos/list`). |

38| `auto_review.policy` | `string` | Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored. |

33| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |39| `background_terminal_max_timeout` | `number` | Maximum poll window in milliseconds for empty `write_stdin` polls (background terminal polling). Default: `300000` (5 minutes). Replaces the older `background_terminal_timeout` key. |

34| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |40| `chatgpt_base_url` | `string` | Override the base URL used during the ChatGPT login flow. |

35| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |41| `check_for_update_on_startup` | `boolean` | Check for Codex updates on startup (set to false only when updates are centrally managed). |

36| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |42| `cli_auth_credentials_store` | `file | keyring | auto` | Control where the CLI stores cached credentials (file-based auth.json vs OS keychain). |

43| `commit_attribution` | `string` | Override the commit co-author trailer text. Set an empty string to disable automatic attribution. |

37| `compact_prompt` | `string` | Inline override for the history compaction prompt. |44| `compact_prompt` | `string` | Inline override for the history compaction prompt. |

45| `default_permissions` | `string` | Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables. |

38| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |46| `developer_instructions` | `string` | Additional developer instructions injected into the session (optional). |

39| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |47| `disable_paste_burst` | `boolean` | Disable burst-paste detection in the TUI. |

40| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |48| `experimental_compact_prompt_file` | `string (path)` | Load the compaction prompt override from a file (experimental). |

41| `experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`. |

42| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |49| `experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`. |

43| `features.apply_patch_freeform` | `boolean` | Expose the freeform `apply_patch` tool (experimental). |

44| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |50| `features.apps` | `boolean` | Enable ChatGPT Apps/connectors support (experimental). |

45| `features.apps_mcp_gateway` | `boolean` | Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental). |51| `features.codex_hooks` | `boolean` | Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config. |

46| `features.child_agents_md` | `boolean` | Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental). |52| `features.enable_request_compression` | `boolean` | Compress streaming request bodies with zstd when supported (stable; on by default). |

47| `features.collaboration_modes` | `boolean` | Enable collaboration modes such as plan mode (stable; on by default). |53| `features.fast_mode` | `boolean` | Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default). |

48| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default). |54| `features.memories` | `boolean` | Enable [Memories](https://developers.openai.com/codex/memories) (off by default). |

55| `features.multi_agent` | `boolean` | Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default). |

49| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |56| `features.personality` | `boolean` | Enable personality selection controls (stable; on by default). |

50| `features.powershell_utf8` | `boolean` | Force PowerShell UTF-8 output (defaults to true). |57| `features.prevent_idle_sleep` | `boolean` | Prevent the machine from sleeping while a turn is actively running (experimental; off by default). |

51| `features.remote_models` | `boolean` | Refresh remote model list before showing readiness (experimental). |58| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (stable; on by default). |

52| `features.request_rule` | `boolean` | Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default). |

53| `features.runtime_metrics` | `boolean` | Show runtime metrics summary in TUI turn separators (experimental). |

54| `features.search_tool` | `boolean` | Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental). |

55| `features.shell_snapshot` | `boolean` | Snapshot shell environment to speed up repeated commands (beta). |

56| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |59| `features.shell_tool` | `boolean` | Enable the default `shell` tool for running commands (stable; on by default). |

57| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (beta). |60| `features.skill_mcp_dependency_install` | `boolean` | Allow prompting and installing missing MCP dependencies for skills (stable; on by default). |

58| `features.use_linux_sandbox_bwrap` | `boolean` | Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default). |61| `features.undo` | `boolean` | Enable undo support (stable; off by default). |

62| `features.unified_exec` | `boolean` | Use the unified PTY-backed exec tool (stable; enabled by default except on Windows). |

59| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |63| `features.web_search` | `boolean` | Deprecated legacy toggle; prefer the top-level `web_search` setting. |

60| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |64| `features.web_search_cached` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "cached"`. |

61| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |65| `features.web_search_request` | `boolean` | Deprecated legacy toggle. When `web_search` is unset, true maps to `web_search = "live"`. |

66| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |70| `hide_agent_reasoning` | `boolean` | Suppress reasoning events in both the TUI and `codex exec` output. |

67| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |71| `history.max_bytes` | `number` | If set, caps the history file size in bytes by dropping oldest entries. |

68| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |72| `history.persistence` | `save-all | none` | Control whether Codex saves session transcripts to history.jsonl. |

69| `include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |73| `hooks` | `table` | Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events. |

70| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |74| `instructions` | `string` | Reserved for future use; prefer `model_instructions_file` or `AGENTS.md`. |

71| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |75| `log_dir` | `string (path)` | Directory where Codex writes log files (for example `codex-tui.log`); defaults to `$CODEX_HOME/log`. |

72| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |76| `mcp_oauth_callback_port` | `integer` | Optional fixed port for the local HTTP callback server used during MCP OAuth login. When unset, Codex binds to an ephemeral port chosen by the OS. |

81| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |85| `mcp_servers.<id>.enabled_tools` | `array<string>` | Allow list of tool names exposed by the MCP server. |

82| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |86| `mcp_servers.<id>.env` | `map<string,string>` | Environment variables forwarded to the MCP stdio server. |

83| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |87| `mcp_servers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables for an MCP HTTP server. |

84| `mcp_servers.<id>.env_vars` | `array<string>` | Additional environment variables to whitelist for an MCP stdio server. |88| `mcp_servers.<id>.env_vars` | `array<string | { name = string, source = "local" | "remote" }>` | Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio. |

89| `mcp_servers.<id>.experimental_environment` | `local | remote` | Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented. |

85| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |90| `mcp_servers.<id>.http_headers` | `map<string,string>` | Static HTTP headers included with each MCP HTTP request. |

91| `mcp_servers.<id>.oauth_resource` | `string` | Optional RFC 8707 OAuth resource parameter to include during MCP login. |

86| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |92| `mcp_servers.<id>.required` | `boolean` | When true, fail startup/resume if this enabled MCP server cannot initialize. |

93| `mcp_servers.<id>.scopes` | `array<string>` | OAuth scopes to request when authenticating to that MCP server. |

87| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |94| `mcp_servers.<id>.startup_timeout_ms` | `number` | Alias for `startup_timeout_sec` in milliseconds. |

88| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |95| `mcp_servers.<id>.startup_timeout_sec` | `number` | Override the default 10s startup timeout for an MCP server. |

89| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |96| `mcp_servers.<id>.tool_timeout_sec` | `number` | Override the default 60s per-tool timeout for an MCP server. |

90| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |97| `mcp_servers.<id>.url` | `string` | Endpoint for an MCP streamable HTTP server. |

91| `model` | `string` | Model to use (e.g., `gpt-5-codex`). |98| `memories.consolidation_model` | `string` | Optional model override for global memory consolidation. |

99| `memories.disable_on_external_context` | `boolean` | When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`. |

100| `memories.extract_model` | `string` | Optional model override for per-thread memory extraction. |

101| `memories.generate_memories` | `boolean` | When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`. |

102| `memories.max_raw_memories_for_consolidation` | `number` | Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`. |

103| `memories.max_rollout_age_days` | `number` | Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`. |

104| `memories.max_rollouts_per_startup` | `number` | Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`. |

105| `memories.max_unused_days` | `number` | Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`. |

106| `memories.min_rate_limit_remaining_percent` | `number` | Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`. |

107| `memories.min_rollout_idle_hours` | `number` | Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`. |

108| `memories.use_memories` | `boolean` | When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`. |

109| `model` | `string` | Model to use (e.g., `gpt-5.5`). |

92| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |110| `model_auto_compact_token_limit` | `number` | Token threshold that triggers automatic history compaction (unset uses model defaults). |

93| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |111| `model_catalog_json` | `string (path)` | Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile. |

94| `model_context_window` | `number` | Context window tokens available to the active model. |112| `model_context_window` | `number` | Context window tokens available to the active model. |

95| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |113| `model_instructions_file` | `string (path)` | Replacement for built-in instructions instead of `AGENTS.md`. |

96| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |114| `model_provider` | `string` | Provider id from `model_providers` (default: `openai`). |

115| `model_providers.<id>` | `table` | Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden. |

116| `model_providers.<id>.auth` | `table` | Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`. |

117| `model_providers.<id>.auth.args` | `array<string>` | Arguments passed to the token command. |

118| `model_providers.<id>.auth.command` | `string` | Command to run when Codex needs a bearer token. The command must print the token to stdout. |

119| `model_providers.<id>.auth.cwd` | `string (path)` | Working directory for the token command. |

120| `model_providers.<id>.auth.refresh_interval_ms` | `number` | How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry. |

121| `model_providers.<id>.auth.timeout_ms` | `number` | Maximum token command runtime in milliseconds (default: 5000). |

97| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |122| `model_providers.<id>.base_url` | `string` | API base URL for the model provider. |

98| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |123| `model_providers.<id>.env_http_headers` | `map<string,string>` | HTTP headers populated from environment variables when present. |

99| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |124| `model_providers.<id>.env_key` | `string` | Environment variable supplying the provider API key. |

106| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |131| `model_providers.<id>.requires_openai_auth` | `boolean` | The provider uses OpenAI authentication (defaults to false). |

107| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |132| `model_providers.<id>.stream_idle_timeout_ms` | `number` | Idle timeout for SSE streams in milliseconds (default: 300000). |

108| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |133| `model_providers.<id>.stream_max_retries` | `number` | Retry count for SSE streaming interruptions (default: 5). |

109| `model_providers.<id>.wire_api` | `chat | responses` | Protocol used by the provider (defaults to `chat` if omitted). |134| `model_providers.<id>.supports_websockets` | `boolean` | Whether that provider supports the Responses API WebSocket transport. |

135| `model_providers.<id>.wire_api` | `responses` | Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted. |

136| `model_providers.amazon-bedrock.aws.profile` | `string` | AWS profile name used by the built-in `amazon-bedrock` provider. |

137| `model_providers.amazon-bedrock.aws.region` | `string` | AWS region used by the built-in `amazon-bedrock` provider. |

110| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |138| `model_reasoning_effort` | `minimal | low | medium | high | xhigh` | Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent). |

111| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |139| `model_reasoning_summary` | `auto | concise | detailed | none` | Select reasoning summary detail or disable summaries entirely. |

112| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |140| `model_supports_reasoning_summaries` | `boolean` | Force Codex to send or not send reasoning metadata. |

113| `model_verbosity` | `low | medium | high` | Control GPT-5 Responses API verbosity (defaults to `medium`). |141| `model_verbosity` | `low | medium | high` | Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used. |

114| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |142| `notice.hide_full_access_warning` | `boolean` | Track acknowledgement of the full access warning prompt. |

115| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |143| `notice.hide_gpt-5.1-codex-max_migration_prompt` | `boolean` | Track acknowledgement of the gpt-5.1-codex-max migration prompt. |

116| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |144| `notice.hide_gpt5_1_migration_prompt` | `boolean` | Track acknowledgement of the GPT-5.1 migration prompt. |

118| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |146| `notice.hide_world_writable_warning` | `boolean` | Track acknowledgement of the Windows world-writable directories warning. |

119| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |147| `notice.model_migrations` | `map<string,string>` | Track acknowledged model migrations as old->new mappings. |

120| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |148| `notify` | `array<string>` | Command invoked for notifications; receives a JSON payload from Codex. |

149| `openai_base_url` | `string` | Base URL override for the built-in `openai` model provider. |

121| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |150| `oss_provider` | `lmstudio | ollama` | Default local provider used when running with `--oss` (defaults to prompting if unset). |

122| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |151| `otel.environment` | `string` | Environment tag applied to emitted OpenTelemetry events (default: `dev`). |

123| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |152| `otel.exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry exporter and provide any endpoint metadata. |

128| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |157| `otel.exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL exporter TLS. |

129| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |158| `otel.exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL exporter TLS. |

130| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |159| `otel.log_user_prompt` | `boolean` | Opt in to exporting raw user prompts with OpenTelemetry logs. |

160| `otel.metrics_exporter` | `none | statsig | otlp-http | otlp-grpc` | Select the OpenTelemetry metrics exporter (defaults to `statsig`). |

131| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |161| `otel.trace_exporter` | `none | otlp-http | otlp-grpc` | Select the OpenTelemetry trace exporter and provide any endpoint metadata. |

132| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |162| `otel.trace_exporter.<id>.endpoint` | `string` | Trace exporter endpoint for OTEL logs. |

133| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |163| `otel.trace_exporter.<id>.headers` | `map<string,string>` | Static headers included with OTEL trace exporter requests. |

135| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |165| `otel.trace_exporter.<id>.tls.ca-certificate` | `string` | CA certificate path for OTEL trace exporter TLS. |

136| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |166| `otel.trace_exporter.<id>.tls.client-certificate` | `string` | Client certificate path for OTEL trace exporter TLS. |

137| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |167| `otel.trace_exporter.<id>.tls.client-private-key` | `string` | Client private key path for OTEL trace exporter TLS. |

168| `permissions.<name>.filesystem` | `table` | Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`. |

169| `permissions.<name>.filesystem.":project_roots".<subpath-or-glob>` | `"read" | "write" | "none"` | Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`. |

170| `permissions.<name>.filesystem.<path-or-glob>` | `"read" | "write" | "none" | table` | Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths. |

171| `permissions.<name>.filesystem.glob_scan_max_depth` | `number` | Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set. |

172| `permissions.<name>.network.allow_local_binding` | `boolean` | Permit local bind/listen operations through the managed proxy. |

173| `permissions.<name>.network.allow_upstream_proxy` | `boolean` | Allow the managed proxy to chain to another upstream proxy. |

174| `permissions.<name>.network.dangerously_allow_all_unix_sockets` | `boolean` | Allow the proxy to use arbitrary Unix sockets instead of the default restricted set. |

175| `permissions.<name>.network.dangerously_allow_non_loopback_proxy` | `boolean` | Permit non-loopback bind addresses for the managed proxy listener. |

176| `permissions.<name>.network.domains` | `map<string, allow | deny>` | Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values. |

177| `permissions.<name>.network.enable_socks5` | `boolean` | Expose a SOCKS5 listener when this permissions profile enables the managed network proxy. |

178| `permissions.<name>.network.enable_socks5_udp` | `boolean` | Allow UDP over the SOCKS5 listener when enabled. |

179| `permissions.<name>.network.enabled` | `boolean` | Enable network access for this named permissions profile. |

180| `permissions.<name>.network.mode` | `limited | full` | Network proxy mode used for subprocess traffic. |

181| `permissions.<name>.network.proxy_url` | `string` | HTTP proxy endpoint used when this permissions profile enables the managed network proxy. |

182| `permissions.<name>.network.socks_url` | `string` | SOCKS5 proxy endpoint used by this permissions profile. |

183| `permissions.<name>.network.unix_sockets` | `map<string, allow | none>` | Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values. |

138| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |184| `personality` | `none | friendly | pragmatic` | Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`. |

185| `plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default. |

139| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |186| `profile` | `string` | Default profile applied at startup (equivalent to `--profile`). |

140| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |187| `profiles.<name>.*` | `various` | Profile-scoped overrides for any of the supported configuration keys. |

141| `profiles.<name>.experimental_use_freeform_apply_patch` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |188| `profiles.<name>.analytics.enabled` | `boolean` | Profile-scoped analytics enablement override. |

142| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |189| `profiles.<name>.experimental_use_unified_exec_tool` | `boolean` | Legacy name for enabling unified exec; prefer `[features].unified_exec`. |

143| `profiles.<name>.include_apply_patch_tool` | `boolean` | Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`. |

144| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |190| `profiles.<name>.model_catalog_json` | `string (path)` | Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile). |

191| `profiles.<name>.model_instructions_file` | `string (path)` | Profile-scoped replacement for the built-in instruction file. |

145| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |192| `profiles.<name>.oss_provider` | `lmstudio | ollama` | Profile-scoped OSS provider for `--oss` sessions. |

146| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |193| `profiles.<name>.personality` | `none | friendly | pragmatic` | Profile-scoped communication style override for supported models. |

194| `profiles.<name>.plan_mode_reasoning_effort` | `none | minimal | low | medium | high | xhigh` | Profile-scoped Plan-mode reasoning override. |

195| `profiles.<name>.service_tier` | `flex | fast` | Profile-scoped service tier preference for new turns. |

196| `profiles.<name>.tools_view_image` | `boolean` | Enable or disable the `view_image` tool in that profile. |

147| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |197| `profiles.<name>.web_search` | `disabled | cached | live` | Profile-scoped web search mode override (default: `"cached"`). |

198| `profiles.<name>.windows.sandbox` | `unelevated | elevated` | Profile-scoped Windows sandbox mode override. |

148| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |199| `project_doc_fallback_filenames` | `array<string>` | Additional filenames to try when `AGENTS.md` is missing. |

149| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |200| `project_doc_max_bytes` | `number` | Maximum bytes read from `AGENTS.md` when building project instructions. |

150| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |201| `project_root_markers` | `array<string>` | List of project root marker filenames; used when searching parent directories for the project root. |

151| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers. |202| `projects.<path>.trust_level` | `string` | Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules. |

152| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |203| `review_model` | `string` | Optional model override used by `/review` (defaults to the current session model). |

153| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |204| `sandbox_mode` | `read-only | workspace-write | danger-full-access` | Sandbox policy for filesystem and network access during command execution. |

154| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |205| `sandbox_workspace_write.exclude_slash_tmp` | `boolean` | Exclude `/tmp` from writable roots in workspace-write mode. |

155| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |206| `sandbox_workspace_write.exclude_tmpdir_env_var` | `boolean` | Exclude `$TMPDIR` from writable roots in workspace-write mode. |

156| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |207| `sandbox_workspace_write.network_access` | `boolean` | Allow outbound network access inside the workspace-write sandbox. |

157| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |208| `sandbox_workspace_write.writable_roots` | `array<string>` | Additional writable roots when `sandbox_mode = "workspace-write"`. |

209| `service_tier` | `flex | fast` | Preferred service tier for new turns. |

158| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |210| `shell_environment_policy.exclude` | `array<string>` | Glob patterns for removing environment variables after the defaults. |

159| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |211| `shell_environment_policy.experimental_use_profile` | `boolean` | Use the user shell profile when spawning subprocesses. |

160| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |212| `shell_environment_policy.ignore_default_excludes` | `boolean` | Keep variables containing KEY/SECRET/TOKEN before other filters run. |

168| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |220| `sqlite_home` | `string (path)` | Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state. |

169| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |221| `suppress_unstable_features_warning` | `boolean` | Suppress the warning that appears when under-development feature flags are enabled. |

170| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |222| `tool_output_token_limit` | `number` | Token budget for storing individual tool/function outputs in history. |

171| `tools.web_search` | `boolean` | Deprecated legacy toggle for web search; prefer the top-level `web_search` setting. |223| `tool_suggest.disabled_tools` | `array<table>` | Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

224| `tool_suggest.discoverables` | `array<table>` | Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`. |

225| `tools.view_image` | `boolean` | Enable the local-image attachment tool `view_image`. |

226| `tools.web_search` | `boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }` | Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location. |

172| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |227| `tui` | `table` | TUI-specific options such as enabling inline desktop notifications. |

173| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |228| `tui.alternate_screen` | `auto | always | never` | Control alternate screen usage for the TUI (default: auto; auto skips it in Zellij to preserve scrollback). |

174| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |229| `tui.animations` | `boolean` | Enable terminal animations (welcome screen, shimmer, spinner) (default: true). |

175| `tui.notification_method` | `auto | osc9 | bel` | Notification method for unfocused terminal notifications (default: auto). |230| `tui.keymap.<context>.<action>` | `string | array<string>` | Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`. |

231| `tui.keymap.<context>.<action> = []` | `empty array` | Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`. |

232| `tui.model_availability_nux.<model>` | `integer` | Internal startup-tooltip state keyed by model slug. |

233| `tui.notification_condition` | `unfocused | always` | Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`. |

234| `tui.notification_method` | `auto | osc9 | bel` | Notification method for terminal notifications (default: auto). |

176| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |235| `tui.notifications` | `boolean | array<string>` | Enable TUI notifications; optionally restrict to specific event types. |

177| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |236| `tui.show_tooltips` | `boolean` | Show onboarding tooltips in the TUI welcome screen (default: true). |

178| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |237| `tui.status_line` | `array<string> | null` | Ordered list of TUI footer status-line item identifiers. `null` disables the status line. |

238| `tui.terminal_title` | `array<string> | null` | Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates. |

239| `tui.theme` | `string` | Syntax-highlighting theme override (kebab-case theme name). |

179| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |240| `web_search` | `disabled | cached | live` | Web search mode (default: `"cached"`; cached uses an OpenAI-maintained index and does not fetch live pages; if you use `--yolo` or another full access sandbox setting, it defaults to `"live"`). Use `"live"` to fetch the most recent data from the web, or `"disabled"` to remove the tool. |

180| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |241| `windows_wsl_setup_acknowledged` | `boolean` | Track Windows onboarding acknowledgement (Windows only). |

181| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |242| `windows.sandbox` | `unelevated | elevated` | Windows-only native sandbox mode when running Codex natively on Windows. |

243| `windows.sandbox_private_desktop` | `boolean` | Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior. |

182 244 

183Key245Key

184 246 

206 268 

207Key269Key

208 270 

271`agents.<name>.nickname_candidates`

272 

273Type / Values

274 

275`array<string>`

276 

277Details

278 

279Optional pool of display nicknames for spawned agents in that role.

280 

281Key

282 

209`agents.job_max_runtime_seconds`283`agents.job_max_runtime_seconds`

210 284 

211Type / Values285Type / Values

238 312 

239Details313Details

240 314 

241Maximum number of agent threads that can be open concurrently.315Maximum number of agent threads that can be open concurrently. Defaults to `6` when unset.

242 316 

243Key317Key

244 318 

254 328 

255Key329Key

256 330 

331`analytics.enabled`

332 

333Type / Values

334 

335`boolean`

336 

337Details

338 

339Enable or disable analytics for this machine/profile. When unset, the client default applies.

340 

341Key

342 

257`approval_policy`343`approval_policy`

258 344 

259Type / Values345Type / Values

260 346 

261`untrusted | on-request | never | { reject = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool } }`347`untrusted | on-request | never | { granular = { sandbox_approval = bool, rules = bool, mcp_elicitations = bool, request_permissions = bool, skill_approval = bool } }`

348 

349Details

350 

351Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { granular = { ... } }` to allow or auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.

352 

353Key

354 

355`approval_policy.granular.mcp_elicitations`

356 

357Type / Values

358 

359`boolean`

360 

361Details

362 

363When `true`, MCP elicitation prompts are allowed to surface instead of being auto-rejected.

364 

365Key

366 

367`approval_policy.granular.request_permissions`

368 

369Type / Values

370 

371`boolean`

262 372 

263Details373Details

264 374 

265Controls when Codex pauses for approval before executing commands. You can also use `approval_policy = { reject = { ... } }` to auto-reject specific prompt categories while keeping other prompts interactive. `on-failure` is deprecated; use `on-request` for interactive runs or `never` for non-interactive runs.375When `true`, prompts from the `request_permissions` tool are allowed to surface.

266 376 

267Key377Key

268 378 

269`approval_policy.reject.mcp_elicitations`379`approval_policy.granular.rules`

270 380 

271Type / Values381Type / Values

272 382 

274 384 

275Details385Details

276 386 

277When `true`, MCP elicitation prompts are auto-rejected instead of shown to the user.387When `true`, approvals triggered by execpolicy `prompt` rules are allowed to surface.

278 388 

279Key389Key

280 390 

281`approval_policy.reject.rules`391`approval_policy.granular.sandbox_approval`

282 392 

283Type / Values393Type / Values

284 394 

286 396 

287Details397Details

288 398 

289When `true`, approvals triggered by execpolicy `prompt` rules are auto-rejected.399When `true`, sandbox escalation approval prompts are allowed to surface.

290 400 

291Key401Key

292 402 

293`approval_policy.reject.sandbox_approval`403`approval_policy.granular.skill_approval`

294 404 

295Type / Values405Type / Values

296 406 

298 408 

299Details409Details

300 410 

301When `true`, sandbox escalation approval prompts are auto-rejected.411When `true`, skill-script approval prompts are allowed to surface.

412 

413Key

414 

415`approvals_reviewer`

416 

417Type / Values

418 

419`user | auto_review`

420 

421Details

422 

423Who reviews eligible approval prompts under `on-request` or granular approval policies. Defaults to `user`; `auto_review` uses the reviewer subagent. This setting doesn't change sandboxing or review actions already allowed inside the sandbox.

302 424 

303Key425Key

304 426 

422 544 

423Key545Key

424 546 

547`auto_review.policy`

548 

549Type / Values

550 

551`string`

552 

553Details

554 

555Local Markdown policy instructions for automatic review. Managed `guardian_policy_config` takes precedence. Blank values are ignored.

556 

557Key

558 

425`background_terminal_max_timeout`559`background_terminal_max_timeout`

426 560 

427Type / Values561Type / Values

470 604 

471Key605Key

472 606 

473`compact_prompt`607`commit_attribution`

474 608 

475Type / Values609Type / Values

476 610 

478 612 

479Details613Details

480 614 

481Inline override for the history compaction prompt.615Override the commit co-author trailer text. Set an empty string to disable automatic attribution.

482 616 

483Key617Key

484 618 

485`developer_instructions`619`compact_prompt`

486 620 

487Type / Values621Type / Values

488 622 

490 624 

491Details625Details

492 626 

493Additional developer instructions injected into the session (optional).627Inline override for the history compaction prompt.

494 628 

495Key629Key

496 630 

497`disable_paste_burst`631`default_permissions`

498 632 

499Type / Values633Type / Values

500 634 

501`boolean`635`string`

502 636 

503Details637Details

504 638 

505Disable burst-paste detection in the TUI.639Name of the default permissions profile to apply to sandboxed tool calls. Built-ins are `:read-only`, `:workspace`, and `:danger-no-sandbox`; custom profile names require matching `[permissions.<name>]` tables.

506 640 

507Key641Key

508 642 

509`experimental_compact_prompt_file`643`developer_instructions`

510 644 

511Type / Values645Type / Values

512 646 

513`string (path)`647`string`

514 648 

515Details649Details

516 650 

517Load the compaction prompt override from a file (experimental).651Additional developer instructions injected into the session (optional).

518 652 

519Key653Key

520 654 

521`experimental_use_freeform_apply_patch`655`disable_paste_burst`

522 656 

523Type / Values657Type / Values

524 658 

526 660 

527Details661Details

528 662 

529Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform` or `codex --enable apply_patch_freeform`.663Disable burst-paste detection in the TUI.

530 664 

531Key665Key

532 666 

533`experimental_use_unified_exec_tool`667`experimental_compact_prompt_file`

534 668 

535Type / Values669Type / Values

536 670 

537`boolean`671`string (path)`

538 672 

539Details673Details

540 674 

541Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.675Load the compaction prompt override from a file (experimental).

542 676 

543Key677Key

544 678 

545`features.apply_patch_freeform`679`experimental_use_unified_exec_tool`

546 680 

547Type / Values681Type / Values

548 682 

550 684 

551Details685Details

552 686 

553Expose the freeform `apply_patch` tool (experimental).687Legacy name for enabling unified exec; prefer `[features].unified_exec` or `codex --enable unified_exec`.

554 688 

555Key689Key

556 690 

566 700 

567Key701Key

568 702 

569`features.apps_mcp_gateway`703`features.codex_hooks`

570 

571Type / Values

572 

573`boolean`

574 

575Details

576 

577Route Apps MCP calls through the OpenAI connectors MCP gateway (`https://api.openai.com/v1/connectors/mcp/`) instead of legacy routing (experimental).

578 

579Key

580 

581`features.child_agents_md`

582 704 

583Type / Values705Type / Values

584 706 

586 708 

587Details709Details

588 710 

589Append AGENTS.md scope/precedence guidance even when no AGENTS.md is present (experimental).711Enable lifecycle hooks loaded from `hooks.json` or inline `[hooks]` config.

590 712 

591Key713Key

592 714 

593`features.collaboration_modes`715`features.enable_request_compression`

594 716 

595Type / Values717Type / Values

596 718 

598 720 

599Details721Details

600 722 

601Enable collaboration modes such as plan mode (stable; on by default).723Compress streaming request bodies with zstd when supported (stable; on by default).

602 724 

603Key725Key

604 726 

605`features.multi_agent`727`features.fast_mode`

606 728 

607Type / Values729Type / Values

608 730 

610 732 

611Details733Details

612 734 

613Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait`, `close_agent`, and `spawn_agents_on_csv`) (experimental; off by default).735Enable Fast mode selection and the `service_tier = "fast"` path (stable; on by default).

614 736 

615Key737Key

616 738 

617`features.personality`739`features.memories`

618 740 

619Type / Values741Type / Values

620 742 

622 744 

623Details745Details

624 746 

625Enable personality selection controls (stable; on by default).747Enable [Memories](https://developers.openai.com/codex/memories) (off by default).

626 748 

627Key749Key

628 750 

629`features.powershell_utf8`751`features.multi_agent`

630 752 

631Type / Values753Type / Values

632 754 

634 756 

635Details757Details

636 758 

637Force PowerShell UTF-8 output (defaults to true).759Enable multi-agent collaboration tools (`spawn_agent`, `send_input`, `resume_agent`, `wait_agent`, and `close_agent`) (stable; on by default).

638 760 

639Key761Key

640 762 

641`features.remote_models`763`features.personality`

642 764 

643Type / Values765Type / Values

644 766 

646 768 

647Details769Details

648 770 

649Refresh remote model list before showing readiness (experimental).771Enable personality selection controls (stable; on by default).

650 772 

651Key773Key

652 774 

653`features.request_rule`775`features.prevent_idle_sleep`

654 776 

655Type / Values777Type / Values

656 778 

658 780 

659Details781Details

660 782 

661Enable Smart approvals (`prefix_rule` suggestions on escalation requests; stable; on by default).783Prevent the machine from sleeping while a turn is actively running (experimental; off by default).

662 784 

663Key785Key

664 786 

665`features.runtime_metrics`787`features.shell_snapshot`

666 788 

667Type / Values789Type / Values

668 790 

670 792 

671Details793Details

672 794 

673Show runtime metrics summary in TUI turn separators (experimental).795Snapshot shell environment to speed up repeated commands (stable; on by default).

674 796 

675Key797Key

676 798 

677`features.search_tool`799`features.shell_tool`

678 800 

679Type / Values801Type / Values

680 802 

682 804 

683Details805Details

684 806 

685Enable `search_tool_bm25` for Apps tool discovery before invoking app MCP tools (experimental).807Enable the default `shell` tool for running commands (stable; on by default).

686 808 

687Key809Key

688 810 

689`features.shell_snapshot`811`features.skill_mcp_dependency_install`

690 812 

691Type / Values813Type / Values

692 814 

694 816 

695Details817Details

696 818 

697Snapshot shell environment to speed up repeated commands (beta).819Allow prompting and installing missing MCP dependencies for skills (stable; on by default).

698 820 

699Key821Key

700 822 

701`features.shell_tool`823`features.undo`

702 824 

703Type / Values825Type / Values

704 826 

706 828 

707Details829Details

708 830 

709Enable the default `shell` tool for running commands (stable; on by default).831Enable undo support (stable; off by default).

710 832 

711Key833Key

712 834 

718 840 

719Details841Details

720 842 

721Use the unified PTY-backed exec tool (beta).843Use the unified PTY-backed exec tool (stable; enabled by default except on Windows).

722 

723Key

724 

725`features.use_linux_sandbox_bwrap`

726 

727Type / Values

728 

729`boolean`

730 

731Details

732 

733Use the bubblewrap-based Linux sandbox pipeline (experimental; off by default).

734 844 

735Key845Key

736 846 

854 964 

855Key965Key

856 966 

857`include_apply_patch_tool`967`hooks`

858 968 

859Type / Values969Type / Values

860 970 

861`boolean`971`table`

862 972 

863Details973Details

864 974 

865Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.975Lifecycle hooks configured inline in `config.toml`. Uses the same event schema as `hooks.json`; see the Hooks guide for examples and supported events.

866 976 

867Key977Key

868 978 

1038 1148 

1039Type / Values1149Type / Values

1040 1150 

1041`array<string>`1151`array<string | { name = string, source = "local" | "remote" }>`

1152 

1153Details

1154 

1155Additional environment variables to whitelist for an MCP stdio server. String entries default to `source = "local"`; use `source = "remote"` only with executor-backed remote stdio.

1156 

1157Key

1158 

1159`mcp_servers.<id>.experimental_environment`

1160 

1161Type / Values

1162 

1163`local | remote`

1042 1164 

1043Details1165Details

1044 1166 

1045Additional environment variables to whitelist for an MCP stdio server.1167Experimental placement for an MCP server. `remote` starts stdio servers through a remote executor environment; streamable HTTP remote placement is not implemented.

1046 1168 

1047Key1169Key

1048 1170 

1058 1180 

1059Key1181Key

1060 1182 

1183`mcp_servers.<id>.oauth_resource`

1184 

1185Type / Values

1186 

1187`string`

1188 

1189Details

1190 

1191Optional RFC 8707 OAuth resource parameter to include during MCP login.

1192 

1193Key

1194 

1061`mcp_servers.<id>.required`1195`mcp_servers.<id>.required`

1062 1196 

1063Type / Values1197Type / Values

1070 1204 

1071Key1205Key

1072 1206 

1207`mcp_servers.<id>.scopes`

1208 

1209Type / Values

1210 

1211`array<string>`

1212 

1213Details

1214 

1215OAuth scopes to request when authenticating to that MCP server.

1216 

1217Key

1218 

1073`mcp_servers.<id>.startup_timeout_ms`1219`mcp_servers.<id>.startup_timeout_ms`

1074 1220 

1075Type / Values1221Type / Values

1118 1264 

1119Key1265Key

1120 1266 

1121`model`1267`memories.consolidation_model`

1122 1268 

1123Type / Values1269Type / Values

1124 1270 

1126 1272 

1127Details1273Details

1128 1274 

1129Model to use (e.g., `gpt-5-codex`).1275Optional model override for global memory consolidation.

1130 1276 

1131Key1277Key

1132 1278 

1133`model_auto_compact_token_limit`1279`memories.disable_on_external_context`

1134 1280 

1135Type / Values1281Type / Values

1136 1282 

1137`number`1283`boolean`

1138 1284 

1139Details1285Details

1140 1286 

1141Token threshold that triggers automatic history compaction (unset uses model defaults).1287When `true`, threads that use external context such as MCP tool calls, web search, or tool search are kept out of memory generation. Defaults to `false`. Legacy alias: `memories.no_memories_if_mcp_or_web_search`.

1142 1288 

1143Key1289Key

1144 1290 

1145`model_catalog_json`1291`memories.extract_model`

1146 1292 

1147Type / Values1293Type / Values

1148 1294 

1149`string (path)`1295`string`

1150 1296 

1151Details1297Details

1152 1298 

1153Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.1299Optional model override for per-thread memory extraction.

1154 1300 

1155Key1301Key

1156 1302 

1157`model_context_window`1303`memories.generate_memories`

1158 1304 

1159Type / Values1305Type / Values

1160 1306 

1161`number`1307`boolean`

1162 1308 

1163Details1309Details

1164 1310 

1165Context window tokens available to the active model.1311When `false`, newly created threads are not stored as memory-generation inputs. Defaults to `true`.

1166 1312 

1167Key1313Key

1168 1314 

1169`model_instructions_file`1315`memories.max_raw_memories_for_consolidation`

1170 1316 

1171Type / Values1317Type / Values

1172 1318 

1173`string (path)`1319`number`

1174 1320 

1175Details1321Details

1176 1322 

1177Replacement for built-in instructions instead of `AGENTS.md`.1323Maximum recent raw memories retained for global consolidation. Defaults to `256` and is capped at `4096`.

1178 1324 

1179Key1325Key

1180 1326 

1181`model_provider`1327`memories.max_rollout_age_days`

1182 1328 

1183Type / Values1329Type / Values

1184 1330 

1185`string`1331`number`

1186 1332 

1187Details1333Details

1188 1334 

1189Provider id from `model_providers` (default: `openai`).1335Maximum age of threads considered for memory generation. Defaults to `30` and is clamped to `0`-`90`.

1190 1336 

1191Key1337Key

1192 1338 

1193`model_providers.<id>.base_url`1339`memories.max_rollouts_per_startup`

1194 1340 

1195Type / Values1341Type / Values

1196 1342 

1197`string`1343`number`

1198 1344 

1199Details1345Details

1200 1346 

1201API base URL for the model provider.1347Maximum rollout candidates processed per startup pass. Defaults to `16` and is capped at `128`.

1202 1348 

1203Key1349Key

1204 1350 

1205`model_providers.<id>.env_http_headers`1351`memories.max_unused_days`

1206 1352 

1207Type / Values1353Type / Values

1208 1354 

1209`map<string,string>`1355`number`

1210 1356 

1211Details1357Details

1212 1358 

1213HTTP headers populated from environment variables when present.1359Maximum days since a memory was last used before it becomes ineligible for consolidation. Defaults to `30` and is clamped to `0`-`365`.

1214 1360 

1215Key1361Key

1216 1362 

1217`model_providers.<id>.env_key`1363`memories.min_rate_limit_remaining_percent`

1218 1364 

1219Type / Values1365Type / Values

1220 1366 

1221`string`1367`number`

1222 1368 

1223Details1369Details

1224 1370 

1225Environment variable supplying the provider API key.1371Minimum remaining percentage required in Codex rate-limit windows before memory generation starts. Defaults to `25` and is clamped to `0`-`100`.

1226 1372 

1227Key1373Key

1228 1374 

1229`model_providers.<id>.env_key_instructions`1375`memories.min_rollout_idle_hours`

1230 1376 

1231Type / Values1377Type / Values

1232 1378 

1233`string`1379`number`

1234 1380 

1235Details1381Details

1236 1382 

1237Optional setup guidance for the provider API key.1383Minimum idle time before a thread is considered for memory generation. Defaults to `6` and is clamped to `1`-`48`.

1238 1384 

1239Key1385Key

1240 1386 

1241`model_providers.<id>.experimental_bearer_token`1387`memories.use_memories`

1242 1388 

1243Type / Values1389Type / Values

1244 1390 

1245`string`1391`boolean`

1246 1392 

1247Details1393Details

1248 1394 

1249Direct bearer token for the provider (discouraged; use `env_key`).1395When `false`, Codex skips injecting existing memories into future sessions. Defaults to `true`.

1250 1396 

1251Key1397Key

1252 1398 

1253`model_providers.<id>.http_headers`1399`model`

1254 1400 

1255Type / Values1401Type / Values

1256 1402 

1257`map<string,string>`1403`string`

1258 1404 

1259Details1405Details

1260 1406 

1261Static HTTP headers added to provider requests.1407Model to use (e.g., `gpt-5.5`).

1262 1408 

1263Key1409Key

1264 1410 

1265`model_providers.<id>.name`1411`model_auto_compact_token_limit`

1266 1412 

1267Type / Values1413Type / Values

1268 1414 

1269`string`1415`number`

1270 1416 

1271Details1417Details

1272 1418 

1273Display name for a custom model provider.1419Token threshold that triggers automatic history compaction (unset uses model defaults).

1274 1420 

1275Key1421Key

1276 1422 

1277`model_providers.<id>.query_params`1423`model_catalog_json`

1278 1424 

1279Type / Values1425Type / Values

1280 1426 

1281`map<string,string>`1427`string (path)`

1282 1428 

1283Details1429Details

1284 1430 

1285Extra query parameters appended to provider requests.1431Optional path to a JSON model catalog loaded on startup. Profile-level `profiles.<name>.model_catalog_json` can override this per profile.

1286 1432 

1287Key1433Key

1288 1434 

1289`model_providers.<id>.request_max_retries`1435`model_context_window`

1290 1436 

1291Type / Values1437Type / Values

1292 1438 

1294 1440 

1295Details1441Details

1296 1442 

1297Retry count for HTTP requests to the provider (default: 4).1443Context window tokens available to the active model.

1298 1444 

1299Key1445Key

1300 1446 

1301`model_providers.<id>.requires_openai_auth`1447`model_instructions_file`

1302 1448 

1303Type / Values1449Type / Values

1304 1450 

1305`boolean`1451`string (path)`

1306 1452 

1307Details1453Details

1308 1454 

1309The provider uses OpenAI authentication (defaults to false).1455Replacement for built-in instructions instead of `AGENTS.md`.

1310 1456 

1311Key1457Key

1312 1458 

1313`model_providers.<id>.stream_idle_timeout_ms`1459`model_provider`

1314 1460 

1315Type / Values1461Type / Values

1316 1462 

1317`number`1463`string`

1318 1464 

1319Details1465Details

1320 1466 

1321Idle timeout for SSE streams in milliseconds (default: 300000).1467Provider id from `model_providers` (default: `openai`).

1322 1468 

1323Key1469Key

1324 1470 

1325`model_providers.<id>.stream_max_retries`1471`model_providers.<id>`

1326 1472 

1327Type / Values1473Type / Values

1328 1474 

1329`number`1475`table`

1330 1476 

1331Details1477Details

1332 1478 

1333Retry count for SSE streaming interruptions (default: 5).1479Custom provider definition. Built-in provider IDs (`openai`, `ollama`, and `lmstudio`) are reserved and cannot be overridden.

1334 1480 

1335Key1481Key

1336 1482 

1337`model_providers.<id>.wire_api`1483`model_providers.<id>.auth`

1338 1484 

1339Type / Values1485Type / Values

1340 1486 

1341`chat | responses`1487`table`

1342 1488 

1343Details1489Details

1344 1490 

1345Protocol used by the provider (defaults to `chat` if omitted).1491Command-backed bearer token configuration for a custom provider. Do not combine with `env_key`, `experimental_bearer_token`, or `requires_openai_auth`.

1346 1492 

1347Key1493Key

1348 1494 

1349`model_reasoning_effort`1495`model_providers.<id>.auth.args`

1350 1496 

1351Type / Values1497Type / Values

1352 1498 

1353`minimal | low | medium | high | xhigh`1499`array<string>`

1354 1500 

1355Details1501Details

1356 1502 

1357Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).1503Arguments passed to the token command.

1358 1504 

1359Key1505Key

1360 1506 

1361`model_reasoning_summary`1507`model_providers.<id>.auth.command`

1362 1508 

1363Type / Values1509Type / Values

1364 1510 

1365`auto | concise | detailed | none`1511`string`

1366 1512 

1367Details1513Details

1368 1514 

1369Select reasoning summary detail or disable summaries entirely.1515Command to run when Codex needs a bearer token. The command must print the token to stdout.

1370 1516 

1371Key1517Key

1372 1518 

1373`model_supports_reasoning_summaries`1519`model_providers.<id>.auth.cwd`

1374 1520 

1375Type / Values1521Type / Values

1376 1522 

1377`boolean`1523`string (path)`

1378 1524 

1379Details1525Details

1380 1526 

1381Force Codex to send or not send reasoning metadata.1527Working directory for the token command.

1382 1528 

1383Key1529Key

1384 1530 

1385`model_verbosity`1531`model_providers.<id>.auth.refresh_interval_ms`

1386 1532 

1387Type / Values1533Type / Values

1388 1534 

1389`low | medium | high`1535`number`

1390 1536 

1391Details1537Details

1392 1538 

1393Control GPT-5 Responses API verbosity (defaults to `medium`).1539How often Codex proactively refreshes the token in milliseconds (default: 300000). Set to `0` to refresh only after an authentication retry.

1394 1540 

1395Key1541Key

1396 1542 

1397`notice.hide_full_access_warning`1543`model_providers.<id>.auth.timeout_ms`

1398 1544 

1399Type / Values1545Type / Values

1400 1546 

1401`boolean`1547`number`

1402 1548 

1403Details1549Details

1404 1550 

1405Track acknowledgement of the full access warning prompt.1551Maximum token command runtime in milliseconds (default: 5000).

1406 1552 

1407Key1553Key

1408 1554 

1409`notice.hide_gpt-5.1-codex-max_migration_prompt`1555`model_providers.<id>.base_url`

1410 1556 

1411Type / Values1557Type / Values

1412 1558 

1413`boolean`1559`string`

1414 1560 

1415Details1561Details

1416 1562 

1417Track acknowledgement of the gpt-5.1-codex-max migration prompt.1563API base URL for the model provider.

1418 1564 

1419Key1565Key

1420 1566 

1421`notice.hide_gpt5_1_migration_prompt`1567`model_providers.<id>.env_http_headers`

1422 1568 

1423Type / Values1569Type / Values

1424 1570 

1425`boolean`1571`map<string,string>`

1426 1572 

1427Details1573Details

1428 1574 

1429Track acknowledgement of the GPT-5.1 migration prompt.1575HTTP headers populated from environment variables when present.

1430 1576 

1431Key1577Key

1432 1578 

1433`notice.hide_rate_limit_model_nudge`1579`model_providers.<id>.env_key`

1434 1580 

1435Type / Values1581Type / Values

1436 1582 

1437`boolean`1583`string`

1438 1584 

1439Details1585Details

1440 1586 

1441Track opt-out of the rate limit model switch reminder.1587Environment variable supplying the provider API key.

1442 1588 

1443Key1589Key

1444 1590 

1445`notice.hide_world_writable_warning`1591`model_providers.<id>.env_key_instructions`

1446 1592 

1447Type / Values1593Type / Values

1448 1594 

1449`boolean`1595`string`

1450 1596 

1451Details1597Details

1452 1598 

1453Track acknowledgement of the Windows world-writable directories warning.1599Optional setup guidance for the provider API key.

1454 1600 

1455Key1601Key

1456 1602 

1457`notice.model_migrations`1603`model_providers.<id>.experimental_bearer_token`

1458 1604 

1459Type / Values1605Type / Values

1460 1606 

1461`map<string,string>`1607`string`

1462 1608 

1463Details1609Details

1464 1610 

1465Track acknowledged model migrations as old->new mappings.1611Direct bearer token for the provider (discouraged; use `env_key`).

1466 1612 

1467Key1613Key

1468 1614 

1469`notify`1615`model_providers.<id>.http_headers`

1470 1616 

1471Type / Values1617Type / Values

1472 1618 

1473`array<string>`1619`map<string,string>`

1474 1620 

1475Details1621Details

1476 1622 

1477Command invoked for notifications; receives a JSON payload from Codex.1623Static HTTP headers added to provider requests.

1478 1624 

1479Key1625Key

1480 1626 

1481`oss_provider`1627`model_providers.<id>.name`

1482 1628 

1483Type / Values1629Type / Values

1484 1630 

1485`lmstudio | ollama`1631`string`

1486 1632 

1487Details1633Details

1488 1634 

1489Default local provider used when running with `--oss` (defaults to prompting if unset).1635Display name for a custom model provider.

1490 1636 

1491Key1637Key

1492 1638 

1493`otel.environment`1639`model_providers.<id>.query_params`

1494 1640 

1495Type / Values1641Type / Values

1496 1642 

1497`string`1643`map<string,string>`

1498 1644 

1499Details1645Details

1500 1646 

1501Environment tag applied to emitted OpenTelemetry events (default: `dev`).1647Extra query parameters appended to provider requests.

1502 1648 

1503Key1649Key

1504 1650 

1505`otel.exporter`1651`model_providers.<id>.request_max_retries`

1506 1652 

1507Type / Values1653Type / Values

1508 1654 

1509`none | otlp-http | otlp-grpc`1655`number`

1510 1656 

1511Details1657Details

1512 1658 

1513Select the OpenTelemetry exporter and provide any endpoint metadata.1659Retry count for HTTP requests to the provider (default: 4).

1514 1660 

1515Key1661Key

1516 1662 

1517`otel.exporter.<id>.endpoint`1663`model_providers.<id>.requires_openai_auth`

1518 1664 

1519Type / Values1665Type / Values

1520 1666 

1521`string`1667`boolean`

1522 1668 

1523Details1669Details

1524 1670 

1525Exporter endpoint for OTEL logs.1671The provider uses OpenAI authentication (defaults to false).

1526 1672 

1527Key1673Key

1528 1674 

1529`otel.exporter.<id>.headers`1675`model_providers.<id>.stream_idle_timeout_ms`

1530 1676 

1531Type / Values1677Type / Values

1532 1678 

1533`map<string,string>`1679`number`

1534 1680 

1535Details1681Details

1536 1682 

1537Static headers included with OTEL exporter requests.1683Idle timeout for SSE streams in milliseconds (default: 300000).

1538 1684 

1539Key1685Key

1540 1686 

1541`otel.exporter.<id>.protocol`1687`model_providers.<id>.stream_max_retries`

1542 1688 

1543Type / Values1689Type / Values

1544 1690 

1545`binary | json`1691`number`

1546 1692 

1547Details1693Details

1548 1694 

1549Protocol used by the OTLP/HTTP exporter.1695Retry count for SSE streaming interruptions (default: 5).

1550 1696 

1551Key1697Key

1552 1698 

1553`otel.exporter.<id>.tls.ca-certificate`1699`model_providers.<id>.supports_websockets`

1554 1700 

1555Type / Values1701Type / Values

1556 1702 

1557`string`1703`boolean`

1558 1704 

1559Details1705Details

1560 1706 

1561CA certificate path for OTEL exporter TLS.1707Whether that provider supports the Responses API WebSocket transport.

1562 1708 

1563Key1709Key

1564 1710 

1565`otel.exporter.<id>.tls.client-certificate`1711`model_providers.<id>.wire_api`

1566 1712 

1567Type / Values1713Type / Values

1568 1714 

1569`string`1715`responses`

1570 1716 

1571Details1717Details

1572 1718 

1573Client certificate path for OTEL exporter TLS.1719Protocol used by the provider. `responses` is the only supported value, and it is the default when omitted.

1574 1720 

1575Key1721Key

1576 1722 

1577`otel.exporter.<id>.tls.client-private-key`1723`model_providers.amazon-bedrock.aws.profile`

1578 1724 

1579Type / Values1725Type / Values

1580 1726 

1582 1728 

1583Details1729Details

1584 1730 

1585Client private key path for OTEL exporter TLS.1731AWS profile name used by the built-in `amazon-bedrock` provider.

1586 1732 

1587Key1733Key

1588 1734 

1589`otel.log_user_prompt`1735`model_providers.amazon-bedrock.aws.region`

1590 1736 

1591Type / Values1737Type / Values

1592 1738 

1593`boolean`1739`string`

1594 1740 

1595Details1741Details

1596 1742 

1597Opt in to exporting raw user prompts with OpenTelemetry logs.1743AWS region used by the built-in `amazon-bedrock` provider.

1598 1744 

1599Key1745Key

1600 1746 

1601`otel.trace_exporter`1747`model_reasoning_effort`

1602 1748 

1603Type / Values1749Type / Values

1604 1750 

1605`none | otlp-http | otlp-grpc`1751`minimal | low | medium | high | xhigh`

1606 1752 

1607Details1753Details

1608 1754 

1609Select the OpenTelemetry trace exporter and provide any endpoint metadata.1755Adjust reasoning effort for supported models (Responses API only; `xhigh` is model-dependent).

1610 1756 

1611Key1757Key

1612 1758 

1613`otel.trace_exporter.<id>.endpoint`1759`model_reasoning_summary`

1614 1760 

1615Type / Values1761Type / Values

1616 1762 

1617`string`1763`auto | concise | detailed | none`

1618 1764 

1619Details1765Details

1620 1766 

1621Trace exporter endpoint for OTEL logs.1767Select reasoning summary detail or disable summaries entirely.

1622 1768 

1623Key1769Key

1624 1770 

1625`otel.trace_exporter.<id>.headers`1771`model_supports_reasoning_summaries`

1626 1772 

1627Type / Values1773Type / Values

1628 1774 

1629`map<string,string>`1775`boolean`

1630 1776 

1631Details1777Details

1632 1778 

1633Static headers included with OTEL trace exporter requests.1779Force Codex to send or not send reasoning metadata.

1634 1780 

1635Key1781Key

1636 1782 

1637`otel.trace_exporter.<id>.protocol`1783`model_verbosity`

1638 1784 

1639Type / Values1785Type / Values

1640 1786 

1641`binary | json`1787`low | medium | high`

1642 1788 

1643Details1789Details

1644 1790 

1645Protocol used by the OTLP/HTTP trace exporter.1791Optional GPT-5 Responses API verbosity override; when unset, the selected model/preset default is used.

1646 1792 

1647Key1793Key

1648 1794 

1649`otel.trace_exporter.<id>.tls.ca-certificate`1795`notice.hide_full_access_warning`

1650 1796 

1651Type / Values1797Type / Values

1652 1798 

1653`string`1799`boolean`

1654 1800 

1655Details1801Details

1656 1802 

1657CA certificate path for OTEL trace exporter TLS.1803Track acknowledgement of the full access warning prompt.

1658 1804 

1659Key1805Key

1660 1806 

1661`otel.trace_exporter.<id>.tls.client-certificate`1807`notice.hide_gpt-5.1-codex-max_migration_prompt`

1662 1808 

1663Type / Values1809Type / Values

1664 1810 

1665`string`1811`boolean`

1666 1812 

1667Details1813Details

1668 1814 

1669Client certificate path for OTEL trace exporter TLS.1815Track acknowledgement of the gpt-5.1-codex-max migration prompt.

1670 1816 

1671Key1817Key

1672 1818 

1673`otel.trace_exporter.<id>.tls.client-private-key`1819`notice.hide_gpt5_1_migration_prompt`

1674 1820 

1675Type / Values1821Type / Values

1676 1822 

1677`string`1823`boolean`

1678 1824 

1679Details1825Details

1680 1826 

1681Client private key path for OTEL trace exporter TLS.1827Track acknowledgement of the GPT-5.1 migration prompt.

1682 1828 

1683Key1829Key

1684 1830 

1685`personality`1831`notice.hide_rate_limit_model_nudge`

1686 1832 

1687Type / Values1833Type / Values

1688 1834 

1689`none | friendly | pragmatic`1835`boolean`

1690 1836 

1691Details1837Details

1692 1838 

1693Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.1839Track opt-out of the rate limit model switch reminder.

1694 1840 

1695Key1841Key

1696 1842 

1697`profile`1843`notice.hide_world_writable_warning`

1698 1844 

1699Type / Values1845Type / Values

1700 1846 

1701`string`1847`boolean`

1702 1848 

1703Details1849Details

1704 1850 

1705Default profile applied at startup (equivalent to `--profile`).1851Track acknowledgement of the Windows world-writable directories warning.

1706 1852 

1707Key1853Key

1708 1854 

1709`profiles.<name>.*`1855`notice.model_migrations`

1710 1856 

1711Type / Values1857Type / Values

1712 1858 

1713`various`1859`map<string,string>`

1714 1860 

1715Details1861Details

1716 1862 

1717Profile-scoped overrides for any of the supported configuration keys.1863Track acknowledged model migrations as old->new mappings.

1718 1864 

1719Key1865Key

1720 1866 

1721`profiles.<name>.experimental_use_freeform_apply_patch`1867`notify`

1722 1868 

1723Type / Values1869Type / Values

1724 1870 

1725`boolean`1871`array<string>`

1726 1872 

1727Details1873Details

1728 1874 

1729Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1875Command invoked for notifications; receives a JSON payload from Codex.

1730 1876 

1731Key1877Key

1732 1878 

1733`profiles.<name>.experimental_use_unified_exec_tool`1879`openai_base_url`

1734 1880 

1735Type / Values1881Type / Values

1736 1882 

1737`boolean`1883`string`

1738 1884 

1739Details1885Details

1740 1886 

1741Legacy name for enabling unified exec; prefer `[features].unified_exec`.1887Base URL override for the built-in `openai` model provider.

1742 1888 

1743Key1889Key

1744 1890 

1745`profiles.<name>.include_apply_patch_tool`1891`oss_provider`

1746 1892 

1747Type / Values1893Type / Values

1748 1894 

1749`boolean`1895`lmstudio | ollama`

1750 1896 

1751Details1897Details

1752 1898 

1753Legacy name for enabling freeform apply\_patch; prefer `[features].apply_patch_freeform`.1899Default local provider used when running with `--oss` (defaults to prompting if unset).

1754 1900 

1755Key1901Key

1756 1902 

1757`profiles.<name>.model_catalog_json`1903`otel.environment`

1758 1904 

1759Type / Values1905Type / Values

1760 1906 

1761`string (path)`1907`string`

1762 1908 

1763Details1909Details

1764 1910 

1765Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).1911Environment tag applied to emitted OpenTelemetry events (default: `dev`).

1766 1912 

1767Key1913Key

1768 1914 

1769`profiles.<name>.oss_provider`1915`otel.exporter`

1770 1916 

1771Type / Values1917Type / Values

1772 1918 

1773`lmstudio | ollama`1919`none | otlp-http | otlp-grpc`

1774 1920 

1775Details1921Details

1776 1922 

1777Profile-scoped OSS provider for `--oss` sessions.1923Select the OpenTelemetry exporter and provide any endpoint metadata.

1778 1924 

1779Key1925Key

1780 1926 

1781`profiles.<name>.personality`1927`otel.exporter.<id>.endpoint`

1782 1928 

1783Type / Values1929Type / Values

1784 1930 

1785`none | friendly | pragmatic`1931`string`

1786 1932 

1787Details1933Details

1788 1934 

1789Profile-scoped communication style override for supported models.1935Exporter endpoint for OTEL logs.

1790 1936 

1791Key1937Key

1792 1938 

1793`profiles.<name>.web_search`1939`otel.exporter.<id>.headers`

1794 1940 

1795Type / Values1941Type / Values

1796 1942 

1797`disabled | cached | live`1943`map<string,string>`

1798 1944 

1799Details1945Details

1800 1946 

1801Profile-scoped web search mode override (default: `"cached"`).1947Static headers included with OTEL exporter requests.

1802 1948 

1803Key1949Key

1804 1950 

1805`project_doc_fallback_filenames`1951`otel.exporter.<id>.protocol`

1806 1952 

1807Type / Values1953Type / Values

1808 1954 

1809`array<string>`1955`binary | json`

1810 1956 

1811Details1957Details

1812 1958 

1813Additional filenames to try when `AGENTS.md` is missing.1959Protocol used by the OTLP/HTTP exporter.

1814 1960 

1815Key1961Key

1816 1962 

1817`project_doc_max_bytes`1963`otel.exporter.<id>.tls.ca-certificate`

1818 1964 

1819Type / Values1965Type / Values

1820 1966 

1821`number`1967`string`

1822 1968 

1823Details1969Details

1824 1970 

1825Maximum bytes read from `AGENTS.md` when building project instructions.1971CA certificate path for OTEL exporter TLS.

1826 1972 

1827Key1973Key

1828 1974 

1829`project_root_markers`1975`otel.exporter.<id>.tls.client-certificate`

1830 1976 

1831Type / Values1977Type / Values

1832 1978 

1833`array<string>`1979`string`

1834 1980 

1835Details1981Details

1836 1982 

1837List of project root marker filenames; used when searching parent directories for the project root.1983Client certificate path for OTEL exporter TLS.

1838 1984 

1839Key1985Key

1840 1986 

1841`projects.<path>.trust_level`1987`otel.exporter.<id>.tls.client-private-key`

1842 1988 

1843Type / Values1989Type / Values

1844 1990 

1846 1992 

1847Details1993Details

1848 1994 

1849Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers.1995Client private key path for OTEL exporter TLS.

1850 1996 

1851Key1997Key

1852 1998 

1853`review_model`1999`otel.log_user_prompt`

1854 2000 

1855Type / Values2001Type / Values

1856 2002 

1857`string`2003`boolean`

1858 2004 

1859Details2005Details

1860 2006 

1861Optional model override used by `/review` (defaults to the current session model).2007Opt in to exporting raw user prompts with OpenTelemetry logs.

1862 2008 

1863Key2009Key

1864 2010 

1865`sandbox_mode`2011`otel.metrics_exporter`

1866 2012 

1867Type / Values2013Type / Values

1868 2014 

1869`read-only | workspace-write | danger-full-access`2015`none | statsig | otlp-http | otlp-grpc`

1870 2016 

1871Details2017Details

1872 2018 

1873Sandbox policy for filesystem and network access during command execution.2019Select the OpenTelemetry metrics exporter (defaults to `statsig`).

1874 2020 

1875Key2021Key

1876 2022 

1877`sandbox_workspace_write.exclude_slash_tmp`2023`otel.trace_exporter`

1878 2024 

1879Type / Values2025Type / Values

1880 2026 

1881`boolean`2027`none | otlp-http | otlp-grpc`

1882 2028 

1883Details2029Details

1884 2030 

1885Exclude `/tmp` from writable roots in workspace-write mode.2031Select the OpenTelemetry trace exporter and provide any endpoint metadata.

1886 2032 

1887Key2033Key

1888 2034 

1889`sandbox_workspace_write.exclude_tmpdir_env_var`2035`otel.trace_exporter.<id>.endpoint`

1890 2036 

1891Type / Values2037Type / Values

1892 2038 

1893`boolean`2039`string`

1894 2040 

1895Details2041Details

1896 2042 

1897Exclude `$TMPDIR` from writable roots in workspace-write mode.2043Trace exporter endpoint for OTEL logs.

1898 2044 

1899Key2045Key

1900 2046 

1901`sandbox_workspace_write.network_access`2047`otel.trace_exporter.<id>.headers`

1902 2048 

1903Type / Values2049Type / Values

1904 2050 

1905`boolean`2051`map<string,string>`

1906 2052 

1907Details2053Details

1908 2054 

1909Allow outbound network access inside the workspace-write sandbox.2055Static headers included with OTEL trace exporter requests.

1910 2056 

1911Key2057Key

1912 2058 

1913`sandbox_workspace_write.writable_roots`2059`otel.trace_exporter.<id>.protocol`

1914 2060 

1915Type / Values2061Type / Values

1916 2062 

1917`array<string>`2063`binary | json`

1918 2064 

1919Details2065Details

1920 2066 

1921Additional writable roots when `sandbox_mode = "workspace-write"`.2067Protocol used by the OTLP/HTTP trace exporter.

1922 2068 

1923Key2069Key

1924 2070 

1925`shell_environment_policy.exclude`2071`otel.trace_exporter.<id>.tls.ca-certificate`

1926 2072 

1927Type / Values2073Type / Values

1928 2074 

1929`array<string>`2075`string`

1930 2076 

1931Details2077Details

1932 2078 

1933Glob patterns for removing environment variables after the defaults.2079CA certificate path for OTEL trace exporter TLS.

1934 2080 

1935Key2081Key

1936 2082 

1937`shell_environment_policy.experimental_use_profile`2083`otel.trace_exporter.<id>.tls.client-certificate`

1938 2084 

1939Type / Values2085Type / Values

1940 2086 

1941`boolean`2087`string`

1942 2088 

1943Details2089Details

1944 2090 

1945Use the user shell profile when spawning subprocesses.2091Client certificate path for OTEL trace exporter TLS.

1946 2092 

1947Key2093Key

1948 2094 

1949`shell_environment_policy.ignore_default_excludes`2095`otel.trace_exporter.<id>.tls.client-private-key`

1950 2096 

1951Type / Values2097Type / Values

1952 2098 

1953`boolean`2099`string`

1954 2100 

1955Details2101Details

1956 2102 

1957Keep variables containing KEY/SECRET/TOKEN before other filters run.2103Client private key path for OTEL trace exporter TLS.

1958 2104 

1959Key2105Key

1960 2106 

1961`shell_environment_policy.include_only`2107`permissions.<name>.filesystem`

1962 2108 

1963Type / Values2109Type / Values

1964 2110 

1965`array<string>`2111`table`

1966 2112 

1967Details2113Details

1968 2114 

1969Whitelist of patterns; when set only matching variables are kept.2115Named filesystem permission profile. Each key is an absolute path or special token such as `:minimal` or `:project_roots`.

1970 2116 

1971Key2117Key

1972 2118 

1973`shell_environment_policy.inherit`2119`permissions.<name>.filesystem.":project_roots".<subpath-or-glob>`

1974 2120 

1975Type / Values2121Type / Values

1976 2122 

1977`all | core | none`2123`"read" | "write" | "none"`

1978 2124 

1979Details2125Details

1980 2126 

1981Baseline environment inheritance when spawning subprocesses.2127Scoped filesystem access relative to the detected project roots. Use `"."` for the root itself; glob subpaths such as `"**/*.env"` can deny reads with `"none"`.

1982 2128 

1983Key2129Key

1984 2130 

1985`shell_environment_policy.set`2131`permissions.<name>.filesystem.<path-or-glob>`

1986 2132 

1987Type / Values2133Type / Values

1988 2134 

1989`map<string,string>`2135`"read" | "write" | "none" | table`

1990 2136 

1991Details2137Details

1992 2138 

1993Explicit environment overrides injected into every subprocess.2139Grant direct access for a path, glob pattern, or special token, or scope nested entries under that root. Use `"none"` to deny reads for matching paths.

1994 2140 

1995Key2141Key

1996 2142 

1997`show_raw_agent_reasoning`2143`permissions.<name>.filesystem.glob_scan_max_depth`

2144 

2145Type / Values

2146 

2147`number`

2148 

2149Details

2150 

2151Maximum depth for expanding deny-read glob patterns on platforms that snapshot matches before sandbox startup. Must be at least `1` when set.

2152 

2153Key

2154 

2155`permissions.<name>.network.allow_local_binding`

2156 

2157Type / Values

2158 

2159`boolean`

2160 

2161Details

2162 

2163Permit local bind/listen operations through the managed proxy.

2164 

2165Key

2166 

2167`permissions.<name>.network.allow_upstream_proxy`

2168 

2169Type / Values

2170 

2171`boolean`

2172 

2173Details

2174 

2175Allow the managed proxy to chain to another upstream proxy.

2176 

2177Key

2178 

2179`permissions.<name>.network.dangerously_allow_all_unix_sockets`

2180 

2181Type / Values

2182 

2183`boolean`

2184 

2185Details

2186 

2187Allow the proxy to use arbitrary Unix sockets instead of the default restricted set.

2188 

2189Key

2190 

2191`permissions.<name>.network.dangerously_allow_non_loopback_proxy`

2192 

2193Type / Values

2194 

2195`boolean`

2196 

2197Details

2198 

2199Permit non-loopback bind addresses for the managed proxy listener.

2200 

2201Key

2202 

2203`permissions.<name>.network.domains`

2204 

2205Type / Values

2206 

2207`map<string, allow | deny>`

2208 

2209Details

2210 

2211Domain rules for the managed proxy. Use domain names or wildcard patterns as keys, with `allow` or `deny` values.

2212 

2213Key

2214 

2215`permissions.<name>.network.enable_socks5`

2216 

2217Type / Values

2218 

2219`boolean`

2220 

2221Details

2222 

2223Expose a SOCKS5 listener when this permissions profile enables the managed network proxy.

2224 

2225Key

2226 

2227`permissions.<name>.network.enable_socks5_udp`

2228 

2229Type / Values

2230 

2231`boolean`

2232 

2233Details

2234 

2235Allow UDP over the SOCKS5 listener when enabled.

2236 

2237Key

2238 

2239`permissions.<name>.network.enabled`

2240 

2241Type / Values

2242 

2243`boolean`

2244 

2245Details

2246 

2247Enable network access for this named permissions profile.

2248 

2249Key

2250 

2251`permissions.<name>.network.mode`

2252 

2253Type / Values

2254 

2255`limited | full`

2256 

2257Details

2258 

2259Network proxy mode used for subprocess traffic.

2260 

2261Key

2262 

2263`permissions.<name>.network.proxy_url`

2264 

2265Type / Values

2266 

2267`string`

2268 

2269Details

2270 

2271HTTP proxy endpoint used when this permissions profile enables the managed network proxy.

2272 

2273Key

2274 

2275`permissions.<name>.network.socks_url`

2276 

2277Type / Values

2278 

2279`string`

2280 

2281Details

2282 

2283SOCKS5 proxy endpoint used by this permissions profile.

2284 

2285Key

2286 

2287`permissions.<name>.network.unix_sockets`

2288 

2289Type / Values

2290 

2291`map<string, allow | none>`

2292 

2293Details

2294 

2295Unix socket rules for the managed proxy. Use socket paths as keys, with `allow` or `none` values.

2296 

2297Key

2298 

2299`personality`

2300 

2301Type / Values

2302 

2303`none | friendly | pragmatic`

2304 

2305Details

2306 

2307Default communication style for models that advertise `supportsPersonality`; can be overridden per thread/turn or via `/personality`.

2308 

2309Key

2310 

2311`plan_mode_reasoning_effort`

2312 

2313Type / Values

2314 

2315`none | minimal | low | medium | high | xhigh`

2316 

2317Details

2318 

2319Plan-mode-specific reasoning override. When unset, Plan mode uses its built-in preset default.

2320 

2321Key

2322 

2323`profile`

2324 

2325Type / Values

2326 

2327`string`

2328 

2329Details

2330 

2331Default profile applied at startup (equivalent to `--profile`).

2332 

2333Key

2334 

2335`profiles.<name>.*`

2336 

2337Type / Values

2338 

2339`various`

2340 

2341Details

2342 

2343Profile-scoped overrides for any of the supported configuration keys.

2344 

2345Key

2346 

2347`profiles.<name>.analytics.enabled`

2348 

2349Type / Values

2350 

2351`boolean`

2352 

2353Details

2354 

2355Profile-scoped analytics enablement override.

2356 

2357Key

2358 

2359`profiles.<name>.experimental_use_unified_exec_tool`

2360 

2361Type / Values

2362 

2363`boolean`

2364 

2365Details

2366 

2367Legacy name for enabling unified exec; prefer `[features].unified_exec`.

2368 

2369Key

2370 

2371`profiles.<name>.model_catalog_json`

2372 

2373Type / Values

2374 

2375`string (path)`

2376 

2377Details

2378 

2379Profile-scoped model catalog JSON path override (applied on startup only; overrides the top-level `model_catalog_json` for that profile).

2380 

2381Key

2382 

2383`profiles.<name>.model_instructions_file`

2384 

2385Type / Values

2386 

2387`string (path)`

2388 

2389Details

2390 

2391Profile-scoped replacement for the built-in instruction file.

2392 

2393Key

2394 

2395`profiles.<name>.oss_provider`

2396 

2397Type / Values

2398 

2399`lmstudio | ollama`

2400 

2401Details

2402 

2403Profile-scoped OSS provider for `--oss` sessions.

2404 

2405Key

2406 

2407`profiles.<name>.personality`

2408 

2409Type / Values

2410 

2411`none | friendly | pragmatic`

2412 

2413Details

2414 

2415Profile-scoped communication style override for supported models.

2416 

2417Key

2418 

2419`profiles.<name>.plan_mode_reasoning_effort`

2420 

2421Type / Values

2422 

2423`none | minimal | low | medium | high | xhigh`

2424 

2425Details

2426 

2427Profile-scoped Plan-mode reasoning override.

2428 

2429Key

2430 

2431`profiles.<name>.service_tier`

2432 

2433Type / Values

2434 

2435`flex | fast`

2436 

2437Details

2438 

2439Profile-scoped service tier preference for new turns.

2440 

2441Key

2442 

2443`profiles.<name>.tools_view_image`

2444 

2445Type / Values

2446 

2447`boolean`

2448 

2449Details

2450 

2451Enable or disable the `view_image` tool in that profile.

2452 

2453Key

2454 

2455`profiles.<name>.web_search`

2456 

2457Type / Values

2458 

2459`disabled | cached | live`

2460 

2461Details

2462 

2463Profile-scoped web search mode override (default: `"cached"`).

2464 

2465Key

2466 

2467`profiles.<name>.windows.sandbox`

2468 

2469Type / Values

2470 

2471`unelevated | elevated`

2472 

2473Details

2474 

2475Profile-scoped Windows sandbox mode override.

2476 

2477Key

2478 

2479`project_doc_fallback_filenames`

2480 

2481Type / Values

2482 

2483`array<string>`

2484 

2485Details

2486 

2487Additional filenames to try when `AGENTS.md` is missing.

2488 

2489Key

2490 

2491`project_doc_max_bytes`

2492 

2493Type / Values

2494 

2495`number`

2496 

2497Details

2498 

2499Maximum bytes read from `AGENTS.md` when building project instructions.

2500 

2501Key

2502 

2503`project_root_markers`

2504 

2505Type / Values

2506 

2507`array<string>`

2508 

2509Details

2510 

2511List of project root marker filenames; used when searching parent directories for the project root.

2512 

2513Key

2514 

2515`projects.<path>.trust_level`

2516 

2517Type / Values

2518 

2519`string`

2520 

2521Details

2522 

2523Mark a project or worktree as trusted or untrusted (`"trusted"` | `"untrusted"`). Untrusted projects skip project-scoped `.codex/` layers, including project-local config, hooks, and rules.

2524 

2525Key

2526 

2527`review_model`

2528 

2529Type / Values

2530 

2531`string`

2532 

2533Details

2534 

2535Optional model override used by `/review` (defaults to the current session model).

2536 

2537Key

2538 

2539`sandbox_mode`

2540 

2541Type / Values

2542 

2543`read-only | workspace-write | danger-full-access`

2544 

2545Details

2546 

2547Sandbox policy for filesystem and network access during command execution.

2548 

2549Key

2550 

2551`sandbox_workspace_write.exclude_slash_tmp`

2552 

2553Type / Values

2554 

2555`boolean`

2556 

2557Details

2558 

2559Exclude `/tmp` from writable roots in workspace-write mode.

2560 

2561Key

2562 

2563`sandbox_workspace_write.exclude_tmpdir_env_var`

2564 

2565Type / Values

2566 

2567`boolean`

2568 

2569Details

2570 

2571Exclude `$TMPDIR` from writable roots in workspace-write mode.

2572 

2573Key

2574 

2575`sandbox_workspace_write.network_access`

2576 

2577Type / Values

2578 

2579`boolean`

2580 

2581Details

2582 

2583Allow outbound network access inside the workspace-write sandbox.

2584 

2585Key

2586 

2587`sandbox_workspace_write.writable_roots`

2588 

2589Type / Values

2590 

2591`array<string>`

2592 

2593Details

2594 

2595Additional writable roots when `sandbox_mode = "workspace-write"`.

2596 

2597Key

2598 

2599`service_tier`

2600 

2601Type / Values

2602 

2603`flex | fast`

2604 

2605Details

2606 

2607Preferred service tier for new turns.

2608 

2609Key

2610 

2611`shell_environment_policy.exclude`

2612 

2613Type / Values

2614 

2615`array<string>`

2616 

2617Details

2618 

2619Glob patterns for removing environment variables after the defaults.

2620 

2621Key

2622 

2623`shell_environment_policy.experimental_use_profile`

2624 

2625Type / Values

2626 

2627`boolean`

2628 

2629Details

2630 

2631Use the user shell profile when spawning subprocesses.

2632 

2633Key

2634 

2635`shell_environment_policy.ignore_default_excludes`

2636 

2637Type / Values

2638 

2639`boolean`

2640 

2641Details

2642 

2643Keep variables containing KEY/SECRET/TOKEN before other filters run.

2644 

2645Key

2646 

2647`shell_environment_policy.include_only`

2648 

2649Type / Values

2650 

2651`array<string>`

2652 

2653Details

2654 

2655Whitelist of patterns; when set only matching variables are kept.

2656 

2657Key

2658 

2659`shell_environment_policy.inherit`

2660 

2661Type / Values

2662 

2663`all | core | none`

2664 

2665Details

2666 

2667Baseline environment inheritance when spawning subprocesses.

2668 

2669Key

2670 

2671`shell_environment_policy.set`

2672 

2673Type / Values

2674 

2675`map<string,string>`

2676 

2677Details

2678 

2679Explicit environment overrides injected into every subprocess.

2680 

2681Key

2682 

2683`show_raw_agent_reasoning`

1998 2684 

1999Type / Values2685Type / Values

2000 2686 

2006 2692 

2007Key2693Key

2008 2694 

2009`skills.config`2695`skills.config`

2696 

2697Type / Values

2698 

2699`array<object>`

2700 

2701Details

2702 

2703Per-skill enablement overrides stored in config.toml.

2704 

2705Key

2706 

2707`skills.config.<index>.enabled`

2708 

2709Type / Values

2710 

2711`boolean`

2712 

2713Details

2714 

2715Enable or disable the referenced skill.

2716 

2717Key

2718 

2719`skills.config.<index>.path`

2720 

2721Type / Values

2722 

2723`string (path)`

2724 

2725Details

2726 

2727Path to a skill folder containing `SKILL.md`.

2728 

2729Key

2730 

2731`sqlite_home`

2010 2732 

2011Type / Values2733Type / Values

2012 2734 

2013`array<object>`2735`string (path)`

2014 2736 

2015Details2737Details

2016 2738 

2017Per-skill enablement overrides stored in config.toml.2739Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.

2018 2740 

2019Key2741Key

2020 2742 

2021`skills.config.<index>.enabled`2743`suppress_unstable_features_warning`

2022 2744 

2023Type / Values2745Type / Values

2024 2746 

2026 2748 

2027Details2749Details

2028 2750 

2029Enable or disable the referenced skill.2751Suppress the warning that appears when under-development feature flags are enabled.

2030 2752 

2031Key2753Key

2032 2754 

2033`skills.config.<index>.path`2755`tool_output_token_limit`

2034 2756 

2035Type / Values2757Type / Values

2036 2758 

2037`string (path)`2759`number`

2038 2760 

2039Details2761Details

2040 2762 

2041Path to a skill folder containing `SKILL.md`.2763Token budget for storing individual tool/function outputs in history.

2042 2764 

2043Key2765Key

2044 2766 

2045`sqlite_home`2767`tool_suggest.disabled_tools`

2046 2768 

2047Type / Values2769Type / Values

2048 2770 

2049`string (path)`2771`array<table>`

2050 2772 

2051Details2773Details

2052 2774 

2053Directory where Codex stores the SQLite-backed state DB used by agent jobs and other resumable runtime state.2775Disable suggestions for specific discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2054 2776 

2055Key2777Key

2056 2778 

2057`suppress_unstable_features_warning`2779`tool_suggest.discoverables`

2058 2780 

2059Type / Values2781Type / Values

2060 2782 

2061`boolean`2783`array<table>`

2062 2784 

2063Details2785Details

2064 2786 

2065Suppress the warning that appears when under-development feature flags are enabled.2787Allow tool suggestions for additional discoverable connectors or plugins. Each entry uses `type = "connector"` or `"plugin"` and an `id`.

2066 2788 

2067Key2789Key

2068 2790 

2069`tool_output_token_limit`2791`tools.view_image`

2070 2792 

2071Type / Values2793Type / Values

2072 2794 

2073`number`2795`boolean`

2074 2796 

2075Details2797Details

2076 2798 

2077Token budget for storing individual tool/function outputs in history.2799Enable the local-image attachment tool `view_image`.

2078 2800 

2079Key2801Key

2080 2802 

2082 2804 

2083Type / Values2805Type / Values

2084 2806 

2085`boolean`2807`boolean | { context_size = "low|medium|high", allowed_domains = [string], location = { country, region, city, timezone } }`

2086 2808 

2087Details2809Details

2088 2810 

2089Deprecated legacy toggle for web search; prefer the top-level `web_search` setting.2811Optional web search tool configuration. The legacy boolean form is still accepted, but the object form lets you set search context size, allowed domains, and approximate user location.

2090 2812 

2091Key2813Key

2092 2814 

2126 2848 

2127Key2849Key

2128 2850 

2851`tui.keymap.<context>.<action>`

2852 

2853Type / Values

2854 

2855`string | array<string>`

2856 

2857Details

2858 

2859Keyboard shortcut binding for a TUI action. Supported contexts include `global`, `chat`, `composer`, `editor`, `pager`, `list`, and `approval`; context-specific bindings override `tui.keymap.global`.

2860 

2861Key

2862 

2863`tui.keymap.<context>.<action> = []`

2864 

2865Type / Values

2866 

2867`empty array`

2868 

2869Details

2870 

2871Unbind the action in that keymap context. Key names use normalized strings such as `ctrl-a`, `shift-enter`, or `page-down`.

2872 

2873Key

2874 

2875`tui.model_availability_nux.<model>`

2876 

2877Type / Values

2878 

2879`integer`

2880 

2881Details

2882 

2883Internal startup-tooltip state keyed by model slug.

2884 

2885Key

2886 

2887`tui.notification_condition`

2888 

2889Type / Values

2890 

2891`unfocused | always`

2892 

2893Details

2894 

2895Control whether TUI notifications fire only when the terminal is unfocused or regardless of focus. Defaults to `unfocused`.

2896 

2897Key

2898 

2129`tui.notification_method`2899`tui.notification_method`

2130 2900 

2131Type / Values2901Type / Values

2134 2904 

2135Details2905Details

2136 2906 

2137Notification method for unfocused terminal notifications (default: auto).2907Notification method for terminal notifications (default: auto).

2138 2908 

2139Key2909Key

2140 2910 

2174 2944 

2175Key2945Key

2176 2946 

2947`tui.terminal_title`

2948 

2949Type / Values

2950 

2951`array<string> | null`

2952 

2953Details

2954 

2955Ordered list of terminal window/tab title item identifiers. Defaults to `["spinner", "project"]`; `null` disables title updates.

2956 

2957Key

2958 

2959`tui.theme`

2960 

2961Type / Values

2962 

2963`string`

2964 

2965Details

2966 

2967Syntax-highlighting theme override (kebab-case theme name).

2968 

2969Key

2970 

2177`web_search`2971`web_search`

2178 2972 

2179Type / Values2973Type / Values

2208 3002 

2209Windows-only native sandbox mode when running Codex natively on Windows.3003Windows-only native sandbox mode when running Codex natively on Windows.

2210 3004 

3005Key

3006 

3007`windows.sandbox_private_desktop`

3008 

3009Type / Values

3010 

3011`boolean`

3012 

3013Details

3014 

3015Run the final sandboxed child process on a private desktop by default on native Windows. Set `false` only for compatibility with the older `Winsta0\\Default` behavior.

3016 

2211Expand to view all3017Expand to view all

2212 3018 

2213You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).3019You can find the latest JSON schema for `config.toml` [here](https://developers.openai.com/codex/config-schema.json).

2227For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched3033For ChatGPT Business and Enterprise users, Codex can also apply cloud-fetched

2228requirements. See the security page for precedence details.3034requirements. See the security page for precedence details.

2229 3035 

3036Use `[features]` in `requirements.toml` to pin feature flags by the same

3037canonical keys that `config.toml` uses. Omitted keys remain unconstrained.

3038 

2230| Key | Type / Values | Details |3039| Key | Type / Values | Details |

2231| --- | --- | --- |3040| --- | --- | --- |

2232| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`). |3041| `allowed_approval_policies` | `array<string>` | Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`). |

3042| `allowed_approvals_reviewers` | `array<string>` | Allowed values for `approvals_reviewer`, such as `user` and `auto_review`. |

2233| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |3043| `allowed_sandbox_modes` | `array<string>` | Allowed values for `sandbox_mode`. |

2234| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |3044| `allowed_web_search_modes` | `array<string>` | Allowed values for `web_search` (`disabled`, `cached`, `live`). `disabled` is always allowed; an empty list effectively allows only `disabled`. |

3045| `features` | `table` | Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table. |

3046| `features.<name>` | `boolean` | Require a specific canonical feature key to stay enabled or disabled. |

3047| `features.browser_use` | `boolean` | Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability. |

3048| `features.computer_use` | `boolean` | Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows. |

3049| `features.in_app_browser` | `boolean` | Set to `false` in `requirements.toml` to disable the in-app browser pane. |

3050| `guardian_policy_config` | `string` | Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored. |

3051| `hooks` | `table` | Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`. |

3052| `hooks.<Event>` | `array<table>` | Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`. |

3053| `hooks.<Event>[].hooks` | `array<table>` | Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped. |

3054| `hooks.managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks. |

3055| `hooks.windows_managed_dir` | `string (absolute path)` | Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks. |

2235| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |3056| `mcp_servers` | `table` | Allowlist of MCP servers that may be enabled. Both the server name (`<id>`) and its identity must match for the MCP server to be enabled. Any configured MCP server not in the allowlist (or with a mismatched identity) is disabled. |

2236| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |3057| `mcp_servers.<id>.identity` | `table` | Identity rule for a single MCP server. Set either `command` (stdio) or `url` (streamable HTTP). |

2237| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |3058| `mcp_servers.<id>.identity.command` | `string` | Allow an MCP stdio server when its `mcp_servers.<id>.command` matches this command. |

2238| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |3059| `mcp_servers.<id>.identity.url` | `string` | Allow an MCP streamable HTTP server when its `mcp_servers.<id>.url` matches this URL. |

3060| `permissions.filesystem.deny_read` | `array<string>` | Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config. |

3061| `remote_sandbox_config` | `array<table>` | Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only. |

3062| `remote_sandbox_config[].allowed_sandbox_modes` | `array<string>` | Allowed sandbox modes to apply when this host-specific entry matches. |

3063| `remote_sandbox_config[].hostname_patterns` | `array<string>` | Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character. |

2239| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |3064| `rules` | `table` | Admin-enforced command rules merged with `.rules` files. Requirements rules must be restrictive. |

2240| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |3065| `rules.prefix_rules` | `array<table>` | List of enforced prefix rules. Each rule must include `pattern` and `decision`. |

2241| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |3066| `rules.prefix_rules[].decision` | `prompt | forbidden` | Required. Requirements rules can only prompt or forbid (not allow). |

2254 3079 

2255Details3080Details

2256 3081 

2257Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `reject`).3082Allowed values for `approval_policy` (for example `untrusted`, `on-request`, `never`, and `granular`).

3083 

3084Key

3085 

3086`allowed_approvals_reviewers`

3087 

3088Type / Values

3089 

3090`array<string>`

3091 

3092Details

3093 

3094Allowed values for `approvals_reviewer`, such as `user` and `auto_review`.

2258 3095 

2259Key3096Key

2260 3097 

2282 3119 

2283Key3120Key

2284 3121 

3122`features`

3123 

3124Type / Values

3125 

3126`table`

3127 

3128Details

3129 

3130Pinned feature values keyed by the canonical names from `config.toml`'s `[features]` table.

3131 

3132Key

3133 

3134`features.<name>`

3135 

3136Type / Values

3137 

3138`boolean`

3139 

3140Details

3141 

3142Require a specific canonical feature key to stay enabled or disabled.

3143 

3144Key

3145 

3146`features.browser_use`

3147 

3148Type / Values

3149 

3150`boolean`

3151 

3152Details

3153 

3154Set to `false` in `requirements.toml` to disable Browser Use and Browser Agent availability.

3155 

3156Key

3157 

3158`features.computer_use`

3159 

3160Type / Values

3161 

3162`boolean`

3163 

3164Details

3165 

3166Set to `false` in `requirements.toml` to disable Computer Use availability and related install or enablement flows.

3167 

3168Key

3169 

3170`features.in_app_browser`

3171 

3172Type / Values

3173 

3174`boolean`

3175 

3176Details

3177 

3178Set to `false` in `requirements.toml` to disable the in-app browser pane.

3179 

3180Key

3181 

3182`guardian_policy_config`

3183 

3184Type / Values

3185 

3186`string`

3187 

3188Details

3189 

3190Managed Markdown policy instructions for automatic review. This takes precedence over local `[auto_review].policy`. Blank values are ignored.

3191 

3192Key

3193 

3194`hooks`

3195 

3196Type / Values

3197 

3198`table`

3199 

3200Details

3201 

3202Admin-enforced managed lifecycle hooks. Requires a managed hook directory and uses the same event schema as inline `[hooks]` in `config.toml`.

3203 

3204Key

3205 

3206`hooks.<Event>`

3207 

3208Type / Values

3209 

3210`array<table>`

3211 

3212Details

3213 

3214Matcher groups for a hook event such as `PreToolUse`, `PostToolUse`, `PermissionRequest`, `SessionStart`, `UserPromptSubmit`, or `Stop`.

3215 

3216Key

3217 

3218`hooks.<Event>[].hooks`

3219 

3220Type / Values

3221 

3222`array<table>`

3223 

3224Details

3225 

3226Hook handlers for a matcher group. Command hooks are currently supported; prompt and agent hook handlers are parsed but skipped.

3227 

3228Key

3229 

3230`hooks.managed_dir`

3231 

3232Type / Values

3233 

3234`string (absolute path)`

3235 

3236Details

3237 

3238Directory containing managed hook scripts on macOS and Linux. Codex validates that it is absolute and exists before loading managed hooks.

3239 

3240Key

3241 

3242`hooks.windows_managed_dir`

3243 

3244Type / Values

3245 

3246`string (absolute path)`

3247 

3248Details

3249 

3250Directory containing managed hook scripts on Windows. Codex validates that it is absolute and exists before loading managed hooks.

3251 

3252Key

3253 

2285`mcp_servers`3254`mcp_servers`

2286 3255 

2287Type / Values3256Type / Values

2330 3299 

2331Key3300Key

2332 3301 

3302`permissions.filesystem.deny_read`

3303 

3304Type / Values

3305 

3306`array<string>`

3307 

3308Details

3309 

3310Admin-enforced filesystem read denials. Entries can be paths or glob patterns, and users cannot weaken them with local config.

3311 

3312Key

3313 

3314`remote_sandbox_config`

3315 

3316Type / Values

3317 

3318`array<table>`

3319 

3320Details

3321 

3322Host-specific sandbox requirements. The first entry whose `hostname_patterns` match the resolved host name overrides top-level `allowed_sandbox_modes` for that requirements source. Host-specific entries currently override sandbox modes only.

3323 

3324Key

3325 

3326`remote_sandbox_config[].allowed_sandbox_modes`

3327 

3328Type / Values

3329 

3330`array<string>`

3331 

3332Details

3333 

3334Allowed sandbox modes to apply when this host-specific entry matches.

3335 

3336Key

3337 

3338`remote_sandbox_config[].hostname_patterns`

3339 

3340Type / Values

3341 

3342`array<string>`

3343 

3344Details

3345 

3346Case-insensitive host name patterns. Supports `*` for any sequence of characters and `?` for one character.

3347 

3348Key

3349 

2333`rules`3350`rules`

2334 3351 

2335Type / Values3352Type / Values